5 Days to go

9:30am Woke up this morning with half the answer to the multicast issue yesterday. I obviously was not thinking straight at the time. I’ll work some more on it this morning, I think it will be useful. Today I want to review some sections of the technology focused labs. Some of the features are only covered there and its been a few months since I did them. Ip Services will be one of them. After that I want to read through the vol2 ip services sections. Depending how much time is left, I might read through the multicast sections as well.

Brazil is 5 hours behind my local time, everyday my schedule starts and ends 30 minutes later. Trying to compensate a bit for any jet lag there might be.

11:40pm Today felt like I put a lot of effort while not making much ground. I’ve been at the reviewing for 12 hours but it feels like I made an hours progress. A bit frustrating at this point. I came across Ethan’s Doit Notes while searching for the nssa fa-suppress feature. Im glad I got there because I started to go through his other doit lab notes as well. Also used Arden’s blog to review 6to4 tunnels and the bgp inject map. There are very valuable information on these two blogs, will definitely revisit some of the links. Tomorrow morning I have the last assessor, last time they had some technical issues so this is a retake. Will give it my best, this is the last of the assessor/mock labs.

Ok is that 100hours left untill the lab? oh no… On the bright side I can still put in 50hours of reviewing.

6 Days to go

* Mock Lab2 spoiler ahead

7pm Mock lab2 complete, made one mistake from what I can spot with the eye. Again on the same multicast question I lost marks on the first time. Requirement is for auto-rp mapping agent not to allow any other rp to group mappings. The solution is to create two mappings for the known two rp’s and then to make a third rp to group mapping denying ANY group:

ip pim rp-announce-filter rp-list NOT_R2_OR_R4 group-list NO_GROUPS
!
ip access-list standard NO_GROUPS
deny any
!
ip access-list standard NOT_R2_OR_R4
deny 150.1.2.2
deny 150.1.4.4
permit any

Starting mock lab6 now, trying to complete it by 12am which gives me 5 hours.

1:30am Mock lab6 completed. Havent gone through the answer sheet yet, will do that tomorrow. Completed in 5hours 15minutes with. Had to take a 1hour break since 7pm.

I came across the same problem I had while did the lab for real. One of the routers would respond to two multicast pings and after that timeout. I found a way to fix it but Im not sure whether I should spend time trying to find out why this fixed to problem or why to problem occured in the first place. I now know it has something to do with the topology and not the equipment. Not much time to explain this, but here is the output on the mapping agent during the first two pings (R5 is the mapping agent and also the first hop from the RP R3 where the packets are coming from, going to the destination R2 239.2.2.2 ):

Rack2R5(config-if)#
*Mar  1 04:52:55.018: MRT(0): Reset the z-flag for (176.2.35.3, 239.3.2.2)
*Mar  1 04:52:55.018: MRT(0): Set the F-flag for (176.2.35.3, 239.3.2.2)
*Mar  1 04:52:55.018: MRT(0): Create (176.2.35.3,239.3.2.2), RPF Ethernet0/1/0.0.0.0
*Mar  1 04:52:55.018: MRT(0): WAVL Insert interface: Serial0/0 in (176.2.35.3,239.3.2.2) Successful
*Mar  1 04:52:55.022: MRT(0): set min mtu for (176.2.35.3, 239.3.2.2) 0->1500
*Mar  1 04:52:55.022: MRT(0): Add Serial0/0/224.0.0.2 to the olist of (176.2.35.3, 239.3.2.2), Forward state – MAC not built
*Mar  1 04:52:55.026: IP(0): s=176.2.35.3 (Ethernet0/1) d=239.3.2.2 (Serial0/0) id=248, prot=1, len=100(100), mforward
Rack2R5(config-if)#
*Mar  1 04:52:57.166: MRT(0): Update Serial0/0/224.0.0.2 in the olist of (*, 239.3.2.2), Forward state – MAC built
*Mar  1 04:52:57.166: MRT(0): Update Serial0/0/224.0.0.2 in the olist of (176.2.35.3, 239.3.2.2), Forward state – MAC built

Ok so at this point the timeouts start. I fixed it with a “no ip mroute-cache” on the interface between the RP and Mapping agent. If I run into something similar this is one option to try, but I would like to know why this solved the problem and why it occured in the first place and why the IE solution guide does not 1) detect the problem and 2) not have a solution to it. I cant see that Im doing anything different from the rest of the solution guide, but then again it is 1:30am.

7 Days to go

23:03 Today I redid mock lab 3 (5h15) and mock lab 5 (5h30). It is interesting that I made or almost made the same mistakes as when I wrote them “for real”. I missed the same words or phrases. I got the mock lab 1 score as well, I scored a highly disappointing 80 because the ipv6 ip that I wrote about on 11 Days to go and the error in the initial configs that I fixed but changed to the original due to the lab restrictions cost 14 points. The inconsistency with tracking frame-relay interfaces that I wrote about also cost 3 points. How and why this could be wrong is beyond me. I made one genuine mistake, I removed a route-map without removing it from the bgp neighbor which caused all routes from that neighbor to be dropped. I should’ve got 97 for this one, i went as far as to write IE a mail about the result. Maybe Im just getting a bit edgy with 7 days to go. Well today is gone, 4 full days of labbing left. Tomorrow Im redoing mock lab 2 and 6. Im hoping these two would go under 5 hours. What does amaze me though is that it feels that I am working slower than when I did them for real but Im finishing way earlier. Thursday I will do what I cant get done tomorrow, but Im hoping to complete both tomorrow. I dont have any material at the moment to review, I will have to come up with something.

8 Days to go

7am Long day planned, have to get as far as possible into vol3 lab7,8 and 9 today. The more done today, the less to do tomorrow which means more time to review the mock labs.

9:25pm Vol3 Labs 1 – 10 complete. Im glad I finished one day early as two days is about as much as these labs are worth. If you are paying for lab preparation yourself, I would suggest you give these labs a skip. The labs are very light on switching and bgp, medium on WAN and heavy on IGP. The switching, wan and bgp take roughly 1hour while the IGP take 2hours+. Redistribution is especially “involve” and takes at least a 1/4 of the total lab time. Almost every lab is designed around discontinued ospf areas that either has to be bridged with many virtual-links, tunnels or redistributing between two ospf processes. That was my experience. Glad that is over, now I can focus on redoing the mock labs. Im eager to get back into multicast and ipv6. Been missing the security and ip services sections as well. This reminds me I need to make a note to review all ip services sections of the vol2 labs. What I did enjoy about the labs is that quite a few had bridging in the wan section which Im glad I got right without the SG. This used to be a weak area, which I think Im okay on now.

+-70hours of preperation left. I can still patch a few holes in this time.

9:50pm Just read an article in the press that our company is up for sale. More reason to get back to labbing, make that 80hours to come.

00:35am Had a bumper 14 hour day today, but paying for it now, as usual it takes a while to shutdown. Will probably loose a few hours tomorrow. The initial configs for lab3 are loaded. I think Im addicted to labs. They have become a part of life. I might keep the rack, we have developed a strong bond. I just had a look at the calendar and its the 3rd June, labbing has kept my mind occupied so I havent been thinking about the lab. In a way this is good on the other side I need to make sure Im mentally prepared as well. Just need to take it easy, still have 70-80hours to patch the holes. Will use the doccd a bit more than needed when redoing the mock labs. Thats probably the next area that needs a bit of meat. I read these 20 tips for the ccie lab before but read it again on the groupstudy mailing list. The one that stands out the most to me:

12) Don’t forget that a router’s greatest emotional need is to feel
appreciated

9 Days to go

Took some reset today, but felt the urge to try another vol3 lab. I will start lab6 now. The more I look at what still has to be done before the 9th the more I realise that today was probably the last day of relaxing before the lab.

Recap of what has been done and what still has to be done:

Completed:
Technology Focussed labs x 2
Vol2 Labs 1 – 20 x 2
Vol3 Labs 1 – 5 x 1
Assessor v1.6 x 1
IE Mock labs x 5

Still to be done
Vol3 Labs 6 – 10 x 1 : 2 – 3 June
Redo Mock Labs 3 and 5 : 4th June
Redo Mock Labs 2 and 6 : 5th June
CCIE Assessor Lab v2.0b : 6th June
Review notes and configs : 7th June
Quality time with the doccd : 8th June
Reread Assessor lab configs : 9th June while traveling

Schedule for the past week:

22:20 Lab6 complete. It took roughly 4hours but the redistribution alone took 1 hour. My solution was totally different from the SG. What is the possibility of completing 7,8,9 and 10 tomorrow?

10 Days to go

9:38am Wow, I cant believe I only have 10 days left to prepare. I’ll have to make the most of it. Just completed the first vol3 lab. Pretty easy stuff, definitely missing the multicast section. The last will probably progressively get harder. One new thing I tried in this lab when redistributing between rip and ospf to save time is to use:

ospf distance external 121

I normally use tags just to be sure, but these are time consuming, i changed the external distance and it worked fine, but this wont work if another part of the lab is redistributing into ospf, because then the routes redistributed into rip will be prefered with a admin distance of 120.

1am Just completed vol3lab5. First half done, but as I thought they are getting harder and longer to complete. If I keep a steady pace, I could possibly complete them by tuesday.

Some interesting scenarios in the first few labs:

The question is to setup the a hub and spoke frame links so that if the DLCI becomes inactive or deleted the interface goes into down state. I initially set it up with a multipoint subinterface but when I verified this, the link stayed up

sh frame-re pvc in s1/0 | in 301
DLCI = 301, DLCI USAGE = LOCAL, PVC STATUS = DELETED, INTERFACE = Serial1/0.301

sh ip int brief | in 301
Serial1/0.301 190.1.135.3 YES unset up up

I changed the multipoint to ppp over frame on point-to-point sub interfaces. The goal was to keep the ip the same for both circuits the same on the hub. PPPoFr work for this because even though I used two different sub interfaces they link to same virtual-template. One ip is linked to different dlci’s. So after the change and removing the dlci’s from the frame switch, the interface went down when the dlci’s were deleted or inactive. The solution guide used the first method but does not show any verification.

sh ip int brief | in 301
Serial1/0.301 unassigned YES unset down down

The first few times I used PPPoFr it was a bit unfamiliar and tried to avoid it if possible, but its really quite simple. Consider the following few lines to change from a multipoint to PPPoFr config. The PPPoFr has exactly the same amount of statements. 2 frame-relay commands and one ip address.

interface Serial1/0.301 point-to-point
frame-relay interface-dlci 301 ppp Virtual-Template1
interface Serial1/0.305 point-to-point
frame-relay interface-dlci 305 ppp Virtual-Template1

interface Virtual-Template1
ip address 190.1.135.3 255.255.255.0

Another interesting discovery was that it seems that is only possible to run one ospf virtual-link over a point-to-point interface and the secondary virtual links will only come up when the interface is changed with ip ospf network point-to-multipoint. Any other type besides ptp would probably work. When I see an opportunity in another lab I will double check this.

11 Days to go

16:48 Just completed mock lab1. While most do this one first, I did it last, for one reason, speed and accuracy. I completed in 5hours 15 minutes but was working at a snail pace, so it felt. Doing lots of labs helps with speed without trying. I did this lab slowly but still managed to finish early. I thought over 3hours will be way to much time to check everything but I was still busy doing the last tclsh script to check full reachability with 30minutes to go. I havent downloaded the solution guide yet, but Im ready for surprises. I have a feeling that the solution guide and my solution guide is not going to match Will see how the grading script goes. Might have to send IE a mail for some “errors” I have picked up. Will check the forum later, maybe someone thought the same. This lab was definitely not a walk in the park, I actually think with one or two more questions and adding one or two lines/restrictions/requirements to the questions this could easily be a level7.

Overall not a bad thought out lab, there are some ambiguities that I will have to wait and see what IE thought. According to my own grading I should make the 90’s but there are always surprises. If there are no surprises and I didnt make silly mistakes e.g. missing a value in an acl, then I should be quite close to 100. From experience with IE I know the script hates me so Im ready for it. In the last 3 hours I found 6 points in the first hour. In the last 2 hours I made small changes but not of any value that I can see in the solution guide. Most was due changes that had to be made because of ambiguities. Will have to wait 110 hours for the score.

— Rant starts here —

Initial configs and diagram dont match. Lab says explicitly not to change ip addresses in initial config. Vlan7 on diagram is displayed as 10.X while my rack number is 11 the initial config had 10.1. This no sweater except that an ACL had to match this address.

The ipv6 questions was extremely annoying because the ip address in question displays 2001:163:X:4::4 where 163 is the major network and on vlan4. The rack number is 11. Well this seems easy, just add 11 to make it 2001:163:11:4::4 which looks similar to the ipv4 address 163.11.4.4 for reading purposes. The annoying part is that there is no message to say whether to use hex or not. I went with the cisco way and used hex which makes the address 2001:163:B:4::4. What is further annoying is that the IE labs are so inconsistent that one never knows what they are looking for when there is an ambiguity. This is understandable because they have more than one person setting up labs, but this should be more clearer. I checked the solution guide, as they use “1″ I wouldnt know untill I get the score which they wanted. Same with the Vlan7 address, solution also uses 1, so I wouldnt know whether the error in the initial config had to be changed.

Another example of inconsistency. In vol2lab20 it wasnt good enough to set a hsrp priority decrement while tracking a “frame-relay connection to the frame-relay cloud“. In mock lab1 it is good enough. The restriction was not to use ip sla so I tracked a rip route.

Solution guide gets -6 for the NTP section. Question has a requirement: “Use the most reliable interfaces on R2 and R4 to accomplish this.” The routers are not using loopback0 interface to speak to the BB routers, only for the internal routers. -6 for these two  and -3 additional points for making me risk points to advertise R4 and R2 loopbacks to BB routers, especially R2 loopback who only peers with BB3 via bgp so I had to advertise the route via bgp, which in effect caused R1 not to advertise R2’s loopback to Sw2 because it had this route via bgp while sw2 does not run bgp so eigrp didnt advertise this route to sw2 via eigrp. Ok in short, I had to make the admin distance on R1 for bgp higher than eigrp so R1 could be more generous and share the damn route with sw2. Why? so that sw2 could sync ntp on R2’s loopback. Maybe I should make that -6 points for the extra effort

There are some more, e.g to use summary-only or not in the bgp aggregate, but I’ll call it quits

— Rant stop here —

12 Days to go

11am Lab19 completed. It is a bit over rated at level10, should be between 8 or 9. Initial configs loaded for lab20.

Posts might get a bit shorter from now untill the lab…

20:42 lab20 done. A short sigh of relief and on to loading initial configs for vol3lab1. I will spend 3 days on these, what I get done, great, whats not done in these three days, too bad. Tommorow is the last IE mock lab, level6. I would prefer to do another level7 or 8 in stead of the level 6, but that means I must aim to get above 90%. A 90 will be a pass, but again my worst problem at the moment is myself. Tomorrow I should be able to finish early and get time to verify. Technowledge confirmed my retake of assessor 2b on the 6th of june. Thats good and bad, one there is not much time to do anything if I discover a weakness on the other side if I do well, i’ll feel a bit better going into the lab on the 11th. I have already read the 2b lab so I have a bit of an advantage, but already confused due to the labs I have done since, which is good.

13 Days to go

2am Today (Technically yesterday) was a productive day, this normally means that I have trouble to sleep afterwards. On the one side Im spent, no cpu cycles left to do more labs. A reload in 5 command would have been useful now. Will browse some blogs, maybe someone discovered something new. I leave cape town on 6am 9th june and arrive 4:30pm brazil time in sao paulo. Another 1 to 2 hours boarding and to get to the hotel so if all goes well in total its going to be 15-16hours of traveling. I wonder whether cisco realises the lab seat crises. Anyhow, getting some sleep after traveling shouldnt be a problem. The 10th will be a timeout period and the lab is on the 11th June.

14:18 Lab18 completed but Im starting to fade. Will crawl along as far as possible in lab19 level 10.

23:33 Got to multicast in lab19, didnt spent a lot of time this evening but should still be able to complete 19 and 20 tomorrow. Then on friday its the last mock lab. One thing I havent noticed with my mock lab scores is that, even though I check a few times whether the mock lab has been graded or not I never see the scores increase. Not that I expect them to increase although some questions were suspectecly marked wrong, but what I read on the net is that the score increase… hmmm.

14 Days to go

8am 2 Weeks to go, after today there are 10 prep days left. If Im not ready now, Im probably not going to be ready in two weeks time. I will use the next three days to complete lab16,17,18,19 and 20. Friday I have the last IE mock lab. It will be mock lab 1, level 6. If I fail that, I have serious issues, but my goal is not to make any unforced errors and work on the second verification.

1:35pm Lab16 completed. Did a bit of “research” on the topics I didnt get right the first time which cost a bit of time, but was well worth it. Will need to speed things up a bit if I want to complete lab17 today as well, but this will depend on what is in the lab. If its a weaker area I will do the necessary reading even if I only complete it tomorrow.

2:12pm Lab17 Initial configs loaded.

7:53pm lab17 completed. This one went quick. Spent a bit of time on the doccd searching for Admission control, glad I did, found a new way to use the doccd. Instead of just using the configuration guide/command reference, I now also use the new “default” page to look for features of the other IOS’s. For example Network Admission Control is under 12.3T feature list. Will read lab17 again then load initial configs for lab18.

Useful 5 minute page on bridging vlans

11pm Will start Lab18 IGP tomorrow morning. Have only done 1hour after lab17, took a break and went to visit one of the camps where 500-600 of the refugees fleeing the xenophobia are located. Was a good a refresher and an eye opener to again appreciate the quality of life I sometimes take for granted. For those interested:
http://edition.cnn.com/2008/WORLD/africa/05/23/southafrica.violence/index.html?iref=newssearch
http://edition.cnn.com/2008/WORLD/africa/05/25/southafrica.violence/index.html?iref=newssearch