Cisco Says, “No PBR for You, We’re Going with Miller Lite…”

I just found out through working with a TAC Engineer on an issue where our brand spanking new Catalyst 4900M won’t accept the command to place a Policy Based Route map on a vlan interface that PBR will not be supported until an upcoming IOS release, most likely in June.   Ugh.  This is not the first weirdness we’ve had with our 4900M’s.  The first was with one of the 4900M’s we have deployed in our new datacenter core.  This switch displayed some weird behavior when we were troubleshooting what appeared to be an issue with a fiber uplink in a twingig module we had plugged into one of the ten-gigabit ports.  We shuffled around some known-good GBICs in these twingigs and next thing we knew, the ports had error-disabled due a Cisco “feature” that keeps you from using illegal hardware, giving us an error of “Unapproved GBIC” in the output of a show interface status.  A reboot got us our ports back, but to this day one of the ports still shows that error even though it works and TAC hasn’t been able to help us be rid of it.  Apparently, on most of the higher-end switches, the database that keeps track of GBIC serial numbers times out entries after a certain period so that you can reuse a GBIC from one module in the switch to another without much trouble…in the 4900M’s they have yet to perfect this.

Don’t get me wrong, the 4900M’s are definitely good hardware and allow you to double your port density in modules you don’t want to use TenGigabit in by using the twingig modules that give you 2 1Gig ports instead, while still giving you the option down the road of using half as many tengigabit ports.  That can be a very handy feature when combined with the port density they already have and is the reason we have 4 of them in the core of our datacenter.  I just wish Cisco had worked out a few more kinks before releasing them.

But enough complaining…it’s good to have job security in these uncertain times!  My BCMSN studies are coming along well and I’m up to chapter 8 in the self-study guide.  That doesn’t sound like much, but the self-study guide’s chapters are all pretty meaty.  I also managed to watch 4 hours straight of CBT Nuggets this weekend before needing a nap.  My lab setup is almost finished and I hope to get it accessible from my desk as soon as there is a lull in the datacenter cabling.  Until then, I hope to keep pushing on my reading.  I’ve already really enjoyed some of the information on MST, which allows you to combine multiple instances of spanning tree into one instance, saving resources and allowing you to more easily use redundant links for load-balancing instead of just leaving them in blocking.  I’ve also really enjoyed the section on etherchannel, particularly doing more sophisticated load-balancing over multiple etherchannel links.

ONT Down, New Job, Studying ISCW!!!

I’ve neglected my humble little blog lately and I’m sorry I have.   Since I have been gone, I have successfully passed my ONT exam, making me 1/4 of the way to my CCNP.     I really have to say that this exam is much more focused on theory than practice than many of the Cisco exams I’ve taken and a lot of the material just isn’t possible to recreate in a home lab.  Here’s what I used to study and pass:

CBT Nuggets – These are entertaining and great for getting a basic grasp of exam concepts.  I felt that they really helped with making information “stick.”

Trainsignal Videos – These are a little drier than the CBT Nuggets, but have much more detail to them along with some information that may not be covered by the exam, but is good to know for real life.  I credit these with being the most helpful towards passing my exam of all my study resources, but I’d recommend you use them after you have used the other resources you plan on studying as they can be overwhelming to just dive into.

Cisco Press Exam Guide – This book alone wouldn’t have given me a passing score and didn’t on my first exam attempt, but I think they are still necessary to read and should definitely be a part of anyone’s library studying for a CCNP exam.

The Cisco website, on the job hands-on with QoS, and some work wih the NetworkSims simulator and a 1710 router.  Like I said, it’s not really feasible to recreate some of the objectives in a home lab, but I found that the simulator I used was pretty good for the price and helped me practice.   My 1710 gave me some good hands-on time with both the MQC and the SDM interfaces.

Now I’m studying for the ISCW and plan to have a study guide posted for that as well as soon as I’ve gotten deeper into my reading.   My strategy for this one is as follows…

1.  Watch the CBT nuggets for an exam objective, for example, watch all the nuggets for MPLS.
2.  Read the Cisco Exam Guide chapters relating to that objective, so here that would be all the chapters relating to MPLS.
3.  Once I’ve made it through the Exam Guide and Nuggets, watch each objective in the Train Signal series one at a time.
4.  After watching each Train Signal video, get some hands-on lab practice as well.
5.  Take a practice exam and repeat until scoring in the 90%’s for every objective!

In somewhat related news, I start a new job in 2 weeks as a full-blown Network Engineer!!!!   Woo-HOO!  I’m very excited to be officially doing what I was unofficially doing and have a permanent home rather than remaining a contractor. 

It Is DONE! My ONT Study Guide is Complete…

I probably need to flesh out some more of the Cisco Unified Wireless marketing stuff, but other than that, I’m pretty happy with this guide. I’m thinking a couple of weeks of practice exams and labs ought to get me ready to finally take this exam and be 1/4 closer to the coveted CCNP. I have it in Word doc format, but if anyone requests it, I can post it in a html, txt, or other open format.

Enjoy!

Welcome to Cisco Patch Tuesday…

For some time, us network people have been quietly (ok, sometimes not so quietly!) snickering at our system administrator counterparts. Why? Patches. Every “patch tuesday,” that nefarious day when Microsoft pushes its Windows Updates, across the globe we would walk past the Windows Admin’s cube with just a little bit (ok, sometimes a lot) of smugness and maybe, in some cases, a well-timed remark about the stability and security of our beloved IOS. Then we got to walk past the Linux Admin’s cube as well (ok, it’s the same Admin in the same cube for some of us) and try to console them as their own OS began the endless parade of patches. It seemed like life was pretty good for a network person. Even when Cisco began releasing regular IOS patches for certain vulnerabilities, we (ok me) were able to shrug it off and tell ourselves that these must be pretty isolated, low-risk vulnerabilities. No reason at all for us to fix what wasn’t broken and risk bringing our quietly humming routers and switches to a screeching halt…or reboot anyhow.

Then the unthinkable happened.

Some Security Guy who obviously hates Cisco Admins (well, ok, maybe he just wants to stop the bad guys from doing it first), came up with the first ever rootkit for IOS and plans on spilling the beans soon. Then, as if that weren’t enough, Cisco announces a patch for a DoS vulnerability in SSH, which I’m planning on moving all our network devices to soon since it’s more secure than telnet. Gulp…ok, you have my attention.

Trust me, I want to believe the older network people who say you really shouldn’t touch your IOS unless it’s causing you problems or you need additional features an update can provide. It certainly makes life easier since the process for upgrading an IOS image is tedious at best and nerve-wracking at worst. Still, there are more and more vulnerabilities being found for IOS versions every day and any company has to be concerned about something like an SSH Denial of Service vulnerability. The way I see it, if it’s a vulnerability that would force me to push a patch or an update to a server, why wouldn’t I update my IOS for it?

Oh the conundrum…fall into the dark pit of dispair of continuous patching or endlessly worry that we’re leaving a gaping security hole open…

Great New Link Alert!

A friend just found a great link for those studying up on Cisco, the Internetworking Technology Handbook.  This page contains links to explanations of everything from Banyan Vines to MPLS and should be on anyone studying for CCNA or CCNP’s bookmark list, if only for a good place to get a quick overview of various technologies.

My Tax Refund = 1 Pug Puppy + 4 New Tires + 1 Cisco Book

My tax refund came at the end of last week, bringing me a wonderful influx of income. For the most part, we did well at keeping things practical, like maintenance for our 1 vehicle, paying off some of the loan for my certs and such. My 2 frivolous purchases? An adorable pug puppy named Clyde and the (in)famous Cisco book, Routing TCP/IP, Volume 1. I know it may sound a little geeky, but I can’t wait to crack this one open and dig in. From all accounts, this plus it’s parasitic twin, Volume 2, are the most definitive guide on TCP/IP routing out there and a must-read for anyone studying Cisco.

I’m still waiting to hear back on the proposal I made to the company I am contracting for. With the encouragement of my supervisor and coworkers, I wrote up a proposal for them to pay for my CCNP exams should I pass them and purchase books for my studies with the stipulation that following attaining my NP I would stay here and work for at least a year. I am really hoping they accept as it would be a great help to me taking the next step in my studies, but only time will tell. In this economic climate, I can’t help but feel fortunate that my contract has been extended and I’m not job hunting! I chose the CCNP over the CCSP for my proposal because it seemed to fit the company’s needs better. It would mean taking a break from some of my other studies, but I had hoped to go for m CCNP at some point anyway and I know it would add value here.

No Cisco Live For Me…This Year At Least…(Sigh)

It’s time to register for Cisco Live, the Cisco flavor of all the other great conferences out there, chock full of training, demos, certifications, and fun! Unfortunately, not only can I not afford to let go of a few thousand dollars to go this year, but one of my husband’s friends is getting married that weekend, meaning that we need to travel out of state that week. For those not quite as unlucky as I am, please take advantage of this opportunity and go ahead and register at www.cisco-live.com/2008/itip I’m certain you won’t regret it.

Organization, Schmorganization!

I am trying to gather up my blogs and posts and condense them into something usable here. I tend to be a bit frenetic about what I write about. Right now, it’s all about firewalls and I’m working on a study guide for SNPA. I find firewalls interesting and confounding all at once and I just have to understand them better. I’m especially interested in learning more about IDS/IPS. In the meantime, I will go ahead and post a collection of links I’ve stumbled upon lately that have been helpful.

http://www.cisco.com/warp/public/474/index.shtml – Links to Password Recovery Procedures for All Cisco Devices
http://www.cisco.com/warp/public/707/ssh.shtml – Tutorial on How to Configure SSH in Cisco IOS – Add greater security to your network by accessing your devices using SSH, not telnet!

http://forums.cisco.com/eforum/servlet/EEM?page=main – Cisco Embedded Event Manager Scripting Community – Can you script in Ciscoland? Of course, and it can help with troubleshooting as well.

http://www.blindhog.net/ – My latest favorite site for Cisco tutorials. I have especially been enjoying their series using the gns3 network device emulator. It’s free and as long as you have access to IOS images, it’s easy to create a virtual test lab.

http://www.garethevans.info/products/acleditor – Gareth Evan’s ACL Editor – I stumbled upon this while trying to learn ACL’s for my CCNA exam. This gentleman wrote an ACL editor that simplifies creating ACL’s as a college project. At the time I downloaded it, it was free, but I see that he is charging a small fee for it now, although it does have a free 30-day trial.