Archive for the ‘CCIE SP’ Category

operating on your routers

January 16th, 2012   by Daniel

The solution to this complication is dependent upon the sort of site visitors distinctions you need to make, too the version of IOS you will be managing inside of your routers.

There need to be a thing that defines the various sorts of site visitors that you need to prioritize. Typically, the more simple the distinctions are for making, the higher. It's because each of the checks consider router assets and introduce processing delays. The most typical policies for distinguishing amongst site traffic variations use the packet's input interface and hassle-free IP header content like as TCP port figures. The subsequent examples exhibit tips to set an IP Precedence value of fast (2) for all FTP control website traffic that arrives thru the serial0/0 interface, and an IP Precedence of priority (one) for all FTP info customers. This distinction is possible mainly because FTP manage page views takes advantage of TCP port 21, and FTP data usages port twenty.

The newest approach for configuring this uses class maps. Cisco primary introduced this characteristic in IOS Model twelve.0(5)T. This process to start with defines a class-map that specifies how the router will discover this sort of site traffic. It then defines a policy-map that actually helps make the alterations for the packet's TOS industry:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For before IOS versions, where class-maps have been not for sale, you could have to work with policy-based routing to change the TOS industry in a packet. Making use of this coverage with the interface tells the router make use of this policy to test all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Before you could tag a packet for specific remedy, you will have to obtain an incredibly apparent plan of what kinds of targeted visitors absolutely need exclusive cure, coupled with precisely what sort of wonderful remedy they're going to need. During the illustration, we've got chose to give a distinctive priority to FTP targeted visitors received on a specific serial interface. We clearly show easy methods to try this employing the two the old and new configuration procedures.
This will likely look to get a somewhat synthetic illustration. Just after all, why would you care about tagging inbound customers which you have by now obtained from a low-speed interface? In actual fact, one of the most vital ideas for implementing QoS inside a network is usually that it is best to often tag the packet as early as you possibly can, ideally with the edges belonging to the network. Then, since it passes from the network, each and every router only must study the tag, and isn't going to want to do any more classification. In this instance, we'd be certain which the FTP potential customers returning inside other intendance is tagged with the first of all router that gets it. And so the outbound customers has currently been tagged, and it is a waste of router sources to reclassify the outbound packets.

Numerous organizations realistically consider this idea of marking in the edges an individual step additionally, and remark each and every obtained packet. This allows to guarantee that end users are not requesting amazing QoS privileges that they aren't permitted to acquire. Yet, you ought to be mindful of this considering it may possibly generally disrupt legitimate markings. Such as, a real-time application can use RSVP to order bandwidth with the network. It truly is important the packets for this software possess the acceptable Expedited Forwarding (EF) DSCP marking or the network may not deal with them adequately. In spite of this, additionally you never like to permit other non-real-time apps from this same resource have the same exact EF concern degree. So, when you are heading to configure your routers to remark all incoming packets at the edges, make sure that you know what incoming markings are authentic.

In that situation, the routers are jogging DLSw to bridge SNA traffic through an IP network. So the routers themselves realistically design the IP packets. This produces an extra challenge because there exists no incoming interface. Making sure that recipe works by using neighborhood policy-based routing. The fact that the router creates the packets also gives it a significant benefit considering that it doesn't have to consider any DLSw packets that might just occur to go through.

The advantages from the newer class-map methodology are not apparent during this instance, but on the list of to start with large merits seems if you want to employ the greater fashionable DSCP tagging scheme. Because the mature policy-based routing process isn't going to instantly assist DSCP, you might have to pretend it by setting both equally the IP Precedence and the TOS independently as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps will even be valuable afterwards on this chapter after we talk about class-based weighted fair queuing and class-based site visitors shaping.
It can be crucial to notice that throughout this complete instance, now we have only put a particular worth to the packet's TOS or DSCP discipline. This, by alone, would not affect how the packet is forwarded via the network. To carry out that, you have to make certain that as every single router inside the network forwards these marked packets, the interface queues will react appropriately to this info.

Ultimately, we should always note that even when this recipe exhibits two valuable tips of marking packets, applying Committed Accessibility Amount (Auto) capabilities. Automotive tends to get a lot of reliable on greater velocity interfaces.

Post in CCIE SP | Comments Closed

Tags: ,,

Know about the Benefits of CCIE Certification

December 21st, 2011   by Daniel

IT professionals and other people, who are working within the networking products of CISCO, can validate their expertise by acquiring CCIE certification. IT professionals can earn good-looking salaries in multinational companies on acquiring prestigious CCIE credentials.

IT subject is progressing day by day. There's a scarcity of CCIE certified networking professionals. It's for mainly individuals, who are currently working within the networking field, to gain lucrative jobs within the top notch multinational companies across the world. Acquiring CCIE certification is quite expensive. Nonetheless, professionals, who obtained CCIE certification, are given desire in extremely paid networking jobs worldwide.

With CCIE certification, IT professionals will gain in depth knowledge in the newest Cisco networking products. The Networking professionals will be imparted coaching in configuration, implementation and trouble shooting of CISCO network products. CCIE RS Training is one of the costly ones within the IT field. It requires no less than 18 months examine to clear this exam. You should pay US$250 for the written exam. You need to pay US$250 per every of the attempt. The written exam is of two hours duration. It is designed to check your theoretical data about CISCO networking safety products. It's good to put in lot of efforts to clear this written test. You must get 300 marks out of a thousand to clear the written examination.

Professionals, who have cleared the written test, need to register for the lab examination inside three years of passing the written examination. It is of eight hours duration. You should pay US$1400 per every try of CCIE. You can be supplied with theoretical knowledge of CISCO networking security merchandise initially and then the sensible information throughout lab practice on actual machines. The lab examination is sort of difficult. Only a few individuals will pass this robust exam.

Other IT professionals can seek the CCIE certification. It validates your expertise on CISCO networking products. Professionals, who cleared the CCIE exam, will get higher salaries in good multinational companies. Many people are trying to go this examination due to excessive recognition to face ahead of the gang and to get good salaries.

There are not any stipulations for the CCIE certification. It would not ask you any skilled certification. All you want to do is to cross the written examination and the lab to get CCIE certificate.

Professionals, who've additionally cleared the lab examination, will probably be awarded CCIE certification from CISCO within four weeks. Professionals, who have obtained CCIE Voice, can include it of their resume to get an excellent job in high notch multinational companies. Many companies are in search of the help of gifted network security professionals to take care of their networks. Subsequently, likelihood is vivid for getting highly paid job with CCIE from CISCO.

IT professionals, who failed to register for the lab exam after passing the written exam within three years, need to write the written examination once more by paying US$250. Subsequently, folks, who need t get by means of the examination, must be severe and put in lot of efforts to clear this CCIE Training.
You need to use search engines equivalent to Google and Yahoo to get the checklist of establishments that supply courses and supplies to review for the examination with ease. Though passing the examination may be very robust, you can understand the questions easily if someone teaches you. The main aim of the exam is to show you the basics of networking safety products and safety protocols of the chief in networking security - CISCO. I advise you to attend the lessons in an accredited middle and prepare effectively to write down the examination.

Post in CCIE SP | No Comments »

Tags: ,,,,

Content-Filtering Examples of CCIE Exams

June 1st, 2011   by Michel

A corporation has two Websense CCIE SP located on the firewall's DMZ interface at 192.168.199.10 and 192.168.199.11. The firewall intercepts every HTTP request and relays them to the Websense servers. If neither server responds within the default 5-second period (for each server), the firewall allows the request.

The only exceptions to this policy are with all hosts on the 192.168.4.0/24 subnet, which are allowed to request any URL with no Websense intervention. Inside host 192.168.7.33 is allowed to request any URL as well. Inside host 192.168.7.40 is allowed to request URLs from outside server 172.24.1.10 without Websense intervention. If the inside host requests URLs from any other address, Websense is consulted.

All HTTPS and FTP requests are subject to the local Websense ccie voice policies.

To improve filtering server response, 128 blocks of memory are dedicated to buffering web content that arrives before the filtering server can respond. A cache is also configured so that repeated URL requests can be serviced immediately without waiting for further filtering server replies. This cache uses 128 KB of memory and is based on the source and destination address combinations.

The configuration for this example of CCIE exams are as follows:

url-server (dmz) vendor websense host 192.168.199.10 protocol TCP version 4
url-server (dmz) vendor websense host 192.168.199.11 protocol TCP version 4
filter url http 0 0 0 0 allow proxy-block
filter url except 192.168.4.0 255.255.255.0 0 0
filter url except 192.168.7.33 255.255.255.255 0 0
filter url except 192.168.7.40 255.255.255.255 172.24.1.10 255.255.255.255
filter https 443 0 0 0 0 allow
filter ftp 21 0 0 0 0 allow
url-block block 128
url-cache src_dst 128

Post in CCIE SP | No Comments »

Tags: ,,,

Filtering Content

May 30th, 2011   by Michel

A firewall normally allows outbound HTTP or HTTPS connections to any URL, provided that the outbound access list permits the connection. An audit trail of URL activity is available only through the firewall Syslog records, using Syslog message 304001 at the default severity level, 5 (notifications).

Cisco firewalls can use third-party web content-filtering applications to enforce URL policies. These content filters run on a local server but download periodic updates of web content databases. Web content is categorized, and content rules can be applied to corporate users or groups of users.

When a user sends a URL request, the Cisco CCIE firewall relays the request to the content-filtering server. If the server determines that the user is allowed to view the URL and its content, the firewall permits the connection to proceed.

If the content-filtering server denies the URL request, the firewall redirects the user's browser to a "block" page, indicating that the server blocked or denied the request.

The content-filtering CCIE service provider can apply its policies on a per-user basis if necessary. It obtains the user's credentials (username, IP address, destination URL, and address) directly from the user's host PC. This also provides an accounting log of user activity.

Post in CCIE SP | No Comments »

Tags: ,,

CCIE Service Provider 1-on-1 Online Training Program

April 18th, 2011   by Michel

If you are searching for a training program that blends personalized expert instruction with the convenience of studying from home, then the CCIE Service Provider 1-on-1 Online Training Program will accommodate your needs perfectly. This course of study is designed for candidates who plan to take the CCIE Service Provider Lab Exam within six months and are unable to attend our on-site training due to travel or budget limitations. Our online training program provides expertly-designed mock labs that are always up-to-date and highly comparable to the real exam, ongoing support from a personal instructor, and convenient access to remote racks allowing you ample time to practice and perfect your skills. We offer three different online training programs to meet your specific needs – all come with our Sure-Pass Guarantee! What are you waiting for? Join in Cathayschool and begin learning journey!

Post in CCIE SP | No Comments »

Tags: ,

Congestion Management

April 8th, 2011   by Michel

QoS involves many components and features, but the component that is most typically associated with the term QoS is congestion management. Congestion management is the key component for QoS on Catalyst switches. The congestion management component of QoS itself is made up of many different features in Cisco IOS and CatOS. All Catalyst switches that support QoS features support congestion management or congestion avoidance. The next section looks
at these features in detail, but the purpose of this section  in general.
As the name implies, congestion management enables you to manage the congestion that is experienced by packets at a given point in the network. Congestion management involves three main steps:
1、Queues are created at the interface where congestion is expected. Depending on the specific feature or mechanism being used to provide QoS and the platform on which the QoS is being configured, there could be only two queues or there could be several hundred (although there is currently no practical application for this many queues on any Catalyst
platform).

Take CCIE training at cathayschool,it will give you the chance to pass the exam at your first attemp.Do not miss any chance and visit our website now!

reprint from blogcathayschool.com

Post in CCIE, CCIE R&S, CCIE SP, CCIE Voice | No Comments »

Tags: ,

Differentiated Services: A Standards Approach

March 21st, 2011   by Michel

As you have just seen, many components comprise the DiffServ architecture, and those components can be used in many different ways. Of course, there are also different implementations of these mechanisms, which have been given different names by different vendors. The key to the DiffServ architecture's successful implementation in a multivendor
environment, however, is that the entire architecture is standards-based. Regardless of what name each vendor uses to market a given feature, all the features that comprise the DiffServ architecture are standardized and should, therefore, interoperate between vendors with very predictable results. The idea of being able to provide predictable service to packets through the network is fundamental to being able to provide good QoS. This is especially critical when dealing with real-time interactive traffic, such as VoIP, but is also important for consistent data handling across multiple network nodes.

Take CCIE training at cathayschool,it will give you the chance to pass the exam at your first attemp.Do not miss any chance and visit our website now!

reprint from blogcathayschool.com

Post in CCIE, CCIE SP, CCIE Security | No Comments »

Tags: ,

Introduction

May 19th, 2010   by Michel

The Cisco Certified Internetwork Expert (CCIE) certification may be the most challenging and
prestigious of all networking certifications. It has received numerous awards and certainly has built
a reputation as one of the most difficult certifications to earn in all of the technology world. Having
a CCIE certification opens doors professionally typically results in higher pay and looks great on a
resume.
Cisco currently offers several CCIE certification. This book covers the version 3.0 exam blueprint
topics of the written exam for the CCIE Routing and Switching certification. The following list
details the currently available CCIE certifications at the time of this book’s publication; check http:/
/www.cisco.com/go/ccie for the latest information. The certifications are listed in the order in which
they were made available to the public.
CCIE Routing and Switching
CCIE Security
CCIE Service Provider
CCIE Voice
CCIE Storage Networking
Each of the CCIE certifications requires the candidate to pass both a written exam and a one-day,
hands-on lab exam. The written exam is intended to test your knowledge of theory, protocols, and
configuration concepts that follow good design practices. The lab exam proves that you can
configure and troubleshoot actual gear.
Why Should I Take the CCIE Routing and Switching
Written Exam?
The first and most obvious reason to take the CCIE Routing and Switching written exam is that it is
the first step toward obtaining the CCIE Routing and Switching certification. Also, you cannot
schedule a CCIE lab exam until you pass the corresponding written exam. In short, if you want all
the professional benefits of a CCIE Routing and Switching certification, you start by passing the
written exam.

Post in CCIE, CCIE R&S, CCIE SP, CCIE Security, CCIE Voice | No Comments »

Tags: ,,,,,,

Tips for Taking the CCIE SP Lab Exam

May 17th, 2010   by Michel

Virtual private network (VPN) is an important section in the Cisco CCIE Service Provider lab exam
and is generally worth about 27 points. Most of the VPN questions are Multiprotocol Label Switching
(MPLS) VPN questions. Comprehensive configurations pertaining to Cisco Express Forwarding, interior
gateway protocol (IGP), Label Distribution Protocol (LDP), Multiprotocol Border Gateway Protocol (MPBGP),
provider edge-customer edge (PE-CE) routing, virtual routing and forwarding (VRF), and route target
are involved in creating MPLS VPN questions. Assume that candidates understand the MPLS VPN
mechanism regarding control plane and forward plane and that they know how to configure MPLS VPN.
This tip sheet lists some of the common mistakes that candidates should try to avoid when completing the
MPLS VPN section of the CCIE SP lab exam.

Post in CCIE, CCIE SP | No Comments »

Tags: ,

Case Study Deliverables

April 21st, 2010   by Michel

The key lesson of this case study is the importance of thorough and clear
documentation. You should complete two types of documentation.
General documentation:
■ A complete narrative of the project should be typed using word processing
software. Because the scenarios break the entire task into pieces, take care to
address each scenario task so that a layperson could understand that
particular task.
■ Microsoft Excel or another spreadsheet program could be used to simply list
the equipment and serial numbers.
■ Cisco Network Designer, Visio, or any paint program could be used to draw
the network for this documentation.
■ This general documentation should also include information about how the
security has been tested. A plan for monitoring this network should also be
included.
Technical documentation:
■ This documentation should include details of the network topology (using
CND, Visio, or Paint).
■ Referring to the tables in the working copy of the case study, all table
information should be entered into a spreadsheet program such as Microsoft
Excel. This would include IP addressing of all interfaces, DCE/DTE
information, router passwords, and interface descriptions. Be sure to include
IP addressing and gateway assignments for all computers on the network.
■ The access control lists (router commands sequence) should be typed in this
documentation using a word processing program, including application on
the router interface.
■ Document the use of routing protocol.
■ Router output should be captured and placed in this documentation from the
following commands:
– show cdp neighbors
– show ip route
– show ip protocol
– show ip interface
– show version
– show hosts
– show startup-config
– show ip access lists

Post in CCIE, CCIE SP | No Comments »