Holy, this was a hard exam. I actually got half way through the exam thinking so many picky details and very specific questions except the labs. The labs were straight forward and didn't seem to run into any issues, I would like to think I got all the labs 100%.
After half way, I got a bit more confident but felt like I was going to fail because of the first half of the exam.
L2: 62% :(
Inf. Security: 92%
Inf. Services: 67%
I took route around October last year and it was so much easier than this exam. Had a little break and started studying for switch around 4 months ago but actually started taking it more seriously 2 months ago when I was about to book the exam. Booked the exam thinking it would be nice to pass a day before my birthday, while taking a week of work so I'm glad that turned out ok!
I used mainly Udemy, Boson, the 3750 configuration guide and skimmed through the OCG. I didn't actually get through the whole of the OCG but did read a lot of blogs online.
I'm sure this doesn't break NDA but you really need to know some objectives on the exam blueprint inside out like STP, FHRP's, VLANs, AAA etc...
I'm planning on booking tshoot on the 1st week of August and need to review loads of route topics but I'm looking forward to it!
I was just wondering about some pros/cons in regards to a future project, we are tasked to implement a radius based wireless (for dynamic vlan assignment) in multiple buildings that lease out office space to customers (it's a shared building with a shared network, nothing fancy, just vlans and an ASA)
There are 5 sites in total and we are heading towards an azure based machine running server 2016+NPS (which is already setup due to a number of other services that we have on azure like the ubiquiti controller). I've been looking into running a vpn between our sites but since we took this over from a previous MSP, IP addresses/scheme is practically the same across all sites. Since we've implemented a new wireless setup, I made the subnets unique at each site incase when we deployed it to not run into any issues with site to site vpns between the sites if we were to ever implement that solution.
I've labbed this up and managed to get it working all fine although was asked to test it without a VPN to azure. I've been looking into the same solution and the cons with doing this over the public internet with no vpn vs a vpn and even explained the issues we would solve (and run into) but feel like I might not be catching all the cons/pros
2nd try, failed last week... main weakness was vpn technologies at 33%. Got 83% this time. Got 818/790...
I felt like it was a bloody hard exam, easiest parts were the sims. I had an issue with the routing table in one sim but just went along with it and hoped I got full marks lol
Was looking forward to begin studies with switch but I'm having a few days off! ;)
741 with 790 pass score.. I failed miserably in VPN chapter at 33%
Network principles 100% L2 technologies 67% L3 technologies 70% Inf security 57% Inf services 77%
Studied since Feb.. . Labs were wicked, felt like I done good... The detail for questions was more than expected...
Debating whether to geek out for 2 weeks on the VPN chapter and retake.. Only thing that hurts me inside is the cost;)
Got thrown tons of IPv6... Got thrown off with wording for about 2-3 questions.. another variable that increased chances of my low score is I came out 28 minutes after LOL... I have a tendency to rush in exams and I suck with using extra time
On and upwards! Partner promised to have a day out at Indian today no matter the result so at least I have something to look forward to haha
L3 chapter score I felt was low since I thought that was my strongest:)
I used: official cert guide, CBT nuggets, INE (INE was quite boring...), Chris (Udemy) good for overview on each topic.. Flash cards etc.. My studying went down hill in June because of a new job.
Load more comments
Just a simple question, topology is: http://imgur.com/TT5Fzmf
I'm mainly using simple static routes for loopback addresses for eBGP/iBGP neighbors to form neighbor, you can see that most entry points per AS just connect a single link. What scenarios would people use IGP's instead of a static route? I guess most cases you could use IGP's internally to set up these iBGP neighbors but would we in any case use an IGP for an eBGP to work? (without sounding stupid and knowing IGP's should really be used within an AS)
I bet its a simple 'no, just use static routes' xD
I've never touched QoS properly and wanted to get my head around this configuration:
mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos srr-queue output cos-map queue 1 threshold 3 4 5 mls qos srr-queue output cos-map queue 2 threshold 1 2 mls qos srr-queue output cos-map queue 2 threshold 2 3 mls qos srr-queue output cos-map queue 2 threshold 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 0 mls qos srr-queue output cos-map queue 4 threshold 3 1 mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45 mls qos srr-queue output dscp-map queue 1 threshold 3 46 47 mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23 mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35 mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39 mls qos srr-queue output dscp-map queue 2 threshold 2 24 mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15 mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14 mls qos queue-set output 1 threshold 1 100 100 50 200 mls qos queue-set output 1 threshold 2 125 125 100 400 mls qos queue-set output 1 threshold 3 100 100 100 400 mls qos queue-set output 1 threshold 4 60 150 50 200 mls qos queue-set output 1 buffers 15 25 40 20 mls qos
^ Why does multiple entries exist? Is this bad practice from the previous IT or am I missing something, Avaya mentions to use:
mls qos map cos-dscp 0 8 16 24 32 40 46 56
To my knowledge, Avaya's bests practices mentions that you can use lldp and instead of configuring the interface as a trunk, you can still use the switchport voice vlan command. I've tried this and the phone I'm practising at a school works but want to get my head around the multiple dscp-map configuration etc..
Interface level would have this applied:
interface GigabitEthernet2/0/14 description *** Curriculum Port *** switchport access vlan 99 switchport mode access switchport voice vlan 113 srr-queue bandwidth share 1 30 35 5* queue-set 2* priority-queue out* mls qos trust cos auto qos trust no cdp enable spanning-tree portfast spanning-tree bpduguard enable
I've marked the commands that I need to lookup/need an explanation with *.
I look forward to someone sharing their qos knowledge :D
Not too sure if I'm tired and mistakenly configured something wrong... topology is: http://i.imgur.com/EmjGoL5.png
I have 2 x prefix lists on R2:
ip prefix-list match-10 seq 5 permit 192.168.10.0/24 ip prefix-list match-20 seq 5 permit 192.168.20.0/24 route-map redirect-ping permit 10 match ip address prefix-list match-10 set ip next-hop 10.0.23.2 route-map redirect-ping permit 20 match ip address prefix-list match-20 set ip next-hop 10.0.24.2 route-map redirect-ping permit 100
Then of course ip policy is applied on interface... I've debugged the pbr but ping 18.104.22.168 source lo0 and lo1 go to router 3 (22.214.171.124 via 10.0.23.2) when the ping from lo1 on R1 should go to R4 then R3?
Load more comments
Just would like some insight on how to approach this, I have a topology in GNS3 as shown: https://pasteboard.co/e4NzqVzll.png
I have redistribution on R2 and R4 and have an ACL but need to confirm something, ACL is on both routers:
ip access-list standard filter-acl-o2e deny 192.168.20.0 0.0.0.255 deny 192.168.200.0 0.0.0.255 deny 172.16.145.0 0.0.0.255 deny 172.16.135.0 0.0.0.255 deny 172.16.101.0 0.0.0.255 deny 172.16.100.0 0.0.0.255 permit any
What approach should I take when using the ACL as a distribution-list on both routers? Should 1 be in, and the other out?
R4 router ospf 1 distribution-list filter-acl-o2e in R2 router ospf 1 distribution-list filter-acl-o2e out
Maybe I'm just applying it on the wrong routing protocol... I don't like the CBT videos explaining redistribution filtering, maybe I just need to scratch my head a bit more then I'll understand after something just clicks... I just don't seem to understand lol? Cheers
Load more comments