Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
Coming soon

CCNP Switch [840/790]

Holy, this was a hard exam. I actually got half way through the exam thinking so many picky details and very specific questions except the labs. The labs were straight forward and didn't seem to run into any issues, I would like to think I got all the labs 100%.

After half way, I got a bit more confident but felt like I was going to fail because of the first half of the exam.

L2: 62% :(

Inf. Security: 92%

Inf. Services: 67%

I took route around October last year and it was so much easier than this exam. Had a little break and started studying for switch around 4 months ago but actually started taking it more seriously 2 months ago when I was about to book the exam. Booked the exam thinking it would be nice to pass a day before my birthday, while taking a week of work so I'm glad that turned out ok!

I used mainly Udemy, Boson, the 3750 configuration guide and skimmed through the OCG. I didn't actually get through the whole of the OCG but did read a lot of blogs online.

I'm sure this doesn't break NDA but you really need to know some objectives on the exam blueprint inside out like STP, FHRP's, VLANs, AAA etc...

I'm planning on booking tshoot on the 1st week of August and need to review loads of route topics but I'm looking forward to it!


Do you work more with L3 as you chose to do ROUTE first and found it easier, or was there some other reason for the order and your perceived difficulty?

Everyone I've asked so far have said SWITCH is supposed to be easier than ROUTE so I find this intriguing.

see more
Original Poster2 points · 2 days ago

Thanks man,

funny enough I actually work with L2 mainly, I don't touch any layer 3 at all it just came more naturally when I was studying. I found that what caught me out was the amount of specific details compared to route. Maybe I just enjoy route more since I'm actually looking around to do more layer 3 in a new job.

Concepts in route seem to clicked straight away and I was labbing away, got used to all the theory details. I didn't feel like Switch as as many concepts as route but you really have to dive deep into the concepts

Congrats mate!

see more
Original Poster2 points · 3 days ago

Thanks man

Had a console cable plugged into an EX switch I was planning on powering down and moving to a different facility a couple blocks away. Also had a ssh session to a very similar switch at the other facility that was in production with client traffic running through it.

I typed 'request system power-off' in a window and about 10 seconds later realized that I had not typed that in the dark blue background console session but the black background ssh session.

Snatched my console cable and my laptop; yelled at my co-worker to call the help desk and let them know I screwed up as I was sprinting out the door to the car. Stopped at a red light; looked both ways and ran it, then drove expediently through the downtown area to the other facility.

Sprinted into the other building which freaked the security guard out; breathlessly explained that I was going to the DC on the 4th floor and he could follow me there if he wanted more info. He chose not to as my card opened the elevator and authorized me to select 4 on the panel so whatever I was up to was GTG for him. Got up to 4, got in the DC door, the cage, then the rack; snatched the power cord and plugged it back in after a few seconds. Called another co-worker and had him verify that he was able to ping and get back into the switch while I got my stuff plugged in.

Total downtime: 8 minutes.

After we double checked things again I took a break for about 30 minutes to calm down then proceeded with the rest of the maintenance I was supposed to do. Typed up my fuck up report and sent that to my manager who laughed and thanked me for unscrewing my screw up quickly and efficiently.

see more

Damn, I also done a similar thing.

We installed a new firewall and was migrating customers from a shared infrastructure over a few days, once I finished my manager asked me to restart the firewall while an engineer was on site because he refused to unplug the firewall which isn't in use (it was a different model so I told him the differences in colour and interfaces etc..)

I got told to restart the firewall so he can see which one for sure he should unplug... Don't ever go by names in a ssh session (We kept the same hostname for the new firewall)... I was so embarrassed.....but everytime I go onsite my boss jokes around with me and tells me not to reboot the wrong firewall...

Hmm quite a pretty low score, thought you could get 1100/1000... Better luck next time


Radius based VLAN assignment with Ubiquiti


I was just wondering about some pros/cons in regards to a future project, we are tasked to implement a radius based wireless (for dynamic vlan assignment) in multiple buildings that lease out office space to customers (it's a shared building with a shared network, nothing fancy, just vlans and an ASA)

There are 5 sites in total and we are heading towards an azure based machine running server 2016+NPS (which is already setup due to a number of other services that we have on azure like the ubiquiti controller). I've been looking into running a vpn between our sites but since we took this over from a previous MSP, IP addresses/scheme is practically the same across all sites. Since we've implemented a new wireless setup, I made the subnets unique at each site incase when we deployed it to not run into any issues with site to site vpns between the sites if we were to ever implement that solution.

I've labbed this up and managed to get it working all fine although was asked to test it without a VPN to azure. I've been looking into the same solution and the cons with doing this over the public internet with no vpn vs a vpn and even explained the issues we would solve (and run into) but feel like I might not be catching all the cons/pros

2 points · 1 month ago

This is most uncanny, I also am 19 and have completed my 2 year apprenticeship after dropping out of college after a year, I currently work at an ISP in the UK as an IT support engineer and wondering whether or not to peruse the CCNP as I passed my ICND2 nearly a month ago now, it’s really nice to know there’s more people on the boat!

Like you I’m trying to decide where I want to go in my career, I know for sure I want it to be network related and I’m torn between security aspects or ISP networking, but for sure I would recommend getting the CCNP as it would help greatly in pursuing other specialist CCNAs such if that tickles your interest.

see more

I'm 21 but I done a 1 year apprenticeship at 19 and dropped out (didn't do 2nd year) because I couldn't stand the rest of the curriculum like health and safety, employee rights, equality & diversity etc.. did you guys have to do all that?

I work at an MSP (came from a school that was heavy in cisco, but barely done any project work), mainly touch switches/ASAs but do simple things like, ACL changes, vlans, cabling/patching, the tinest bit of voip etc..

I'm working on my CCNP now (need switch and tshoot) and I don't really use things what most of the route exam cover but when it comes to other people having issues and blaming our equipment, the fundamentals I've learned really allow me to dive deep into any type of router/vendor device and try to pinpoint the issue someone is experiencing. Although I do some level 2/3 troubleshooting with non-network related issues, I'm getting exposed to many projects with some networking (mainly firewall deployments or network refreshes)

Good to see a few people coming from the apprenticeship background :P

P.s I was the same as you, I went and paid to get my CCNA outside of the apprenticeship scheme while still at it, and all I really worked with was drayteks, netgear, watchguard etc.. xD

2 points · 6 months ago · edited 6 months ago

how many /24 fit into /22?

Wouldn't that be how many /22s fit into a /24? What would the answer be? I got 4.

EDIT: Was reading and saying /22 but was thinking /26. I'll see myself out.

see more

/22 is bigger than a /24 so good luck getting 4 /22s in a single /24 haha xD

Make a topology while your drunk and fix it when your soberer

see more

Wow, you're a genius.. would love to do that and stream it

Comment deleted9 months ago
-1 points · 9 months ago · edited 9 months ago

I'm seeing a few people in a couple of searches point to:

That article references W stands for IPSEC 40bit encryption and S = switchboard but I can't tell if that is true (like W = ipsec..doesn't sound right??)...? :( Just seen a few other people reference it as 'wirespeed'... mehh

A few other people are just referencing it as 'ws = switch'.... Maybe they didn't spell it as 'sw' because 'ws' sounded cooler? haha

Oops, few people cried and down voted me because I also wanted to know what it meant and I didnt believe the article lool

Well done mate, I'm also using the ocg and cbt nuggets, but also using the 3750 guide + udemy (I think udemy is a wicked introduction to everything..) My current approach to this exam is:

Scan of the topic in the OCG, watch Udemy videos take a few notes, watch CBT nuggets and try to bang out a ton of notes.. Lab it up a bit, network captures etc.. trying to see the theory in the config etc.. Maybe go full on back to theory on the OCG then I personally create a video of me explaining the notes for personal use... How are you going to approach your studies? Same to the ROUTE studies?

Original Poster1 point · 9 months ago

Well my tactics for route meant it took me the best part of 7 months so I will definitely be doing it a bit different this time :)

Next week I'll spend just listening to cbt nugget videos on my commute to and from work so I can get a basic overview of the topics. Then ill read through the OCG once briefly maybe taking a fortnight. Then I plan to go through it again thoroughly say for 5 weeks and then see where I stand before decided next steps.

I work for an MSP so deal with switching all day every day so hopefully it won't take as long as route. I literally won't touch a router for a fortnight in my current role

see more

Ahh damn same time I spent! I literally just came out of a position dealing with switch all the time... but fingers crossed into a new role next week (which will deal more with routing... such a coincidence since it seems I should of taken the exams the other way haha!)... Yeah that sounds wicked stuff, guess we just got to pick up all the triva based theory, the amount of people that have said the amount of triva on the switch exam makes me wonder if its as bad as getting a question on like the specific values in the LLC/snap header for a cdp message...

Great luck for 4hrs from now!

see more

You can doooo it!

Original Poster7 points · 9 months ago

Passed with a 902. Now onto switch!

see more

Wicked stuff! Well done mate

Load more comments

Make a list of what topics you think you are weak in compared to others... Then spend the remaining time on such. I got hit hard with IPv6, DMVPN, VRF, TCP/UDP Operations and a a few AAA related questions.

It isn't a race so take your time and breathe if you have second thoughts on a question. Good luck, hope to see a post with the word 'passed' soon! ;)

The Wiki has recomendations on lab equipment.

However, that will be more than enough if you use it alongside Packet Tracer or GNS3. At the CCNA level, physical equipment really only gives you experience connecting devices--all the configuration you can easily do in any simulator.

see more

I disagree, a lot of my time when I started was upgrading ios images, researching different modules, password recoveries, having to actually make a crossover cable because I didn't have many etc.. unless you do that stuff at work then ignore my thought haha


Passed Route

2nd try, failed last week... main weakness was vpn technologies at 33%. Got 83% this time. Got 818/790...

I felt like it was a bloody hard exam, easiest parts were the sims. I had an issue with the routing table in one sim but just went along with it and hoped I got full marks lol

Was looking forward to begin studies with switch but I'm having a few days off! ;)


Nice! I'm sitting in 2 weeks. Any tips?

see more
Original Poster3 points · 10 months ago

Know your theory with everything, dive deep into areas like IPv6, Dmvpn, redistribution, ip slas and EVN. Really know tcp/udp operations and read each question in the sims more than once haha

Congrats! What sources did you use for your study?

see more
Original Poster4 points · 10 months ago

Thanks mate, used:

OCG Tcp/ip vol 1 Chris Bryant udemy videos CBT nuggets INE

Main ones were really OCG and udemy videos

Original Poster1 point · 10 months ago

but ping fails going to the default gateway of my physical machine. ping is only successful up to physical machine

see more

maybe change the network settings of the VM to allow premicoucos mode (something like that) on the card itself?... That's what made it work for me when I ran it on virtualbox. I think you might also be able to change the mode of the network type (something along those lines) to either NAT or brigged mode (sorry I use esxi instead of vbox)

Break everything on purpose and fix it... In all seriousness, if your on a ticket based system etc I used to ask people to throw stuff my way or find time during my lunch to sit by someone if they were working on something I wanted to know...

another option: no sleep = more time to learn... Who needs sleep (ps don't do that)



741 with 790 pass score.. I failed miserably in VPN chapter at 33%

Network principles 100% L2 technologies 67% L3 technologies 70% Inf security 57% Inf services 77%

Studied since Feb.. . Labs were wicked, felt like I done good... The detail for questions was more than expected...

Debating whether to geek out for 2 weeks on the VPN chapter and retake.. Only thing that hurts me inside is the cost;)

Got thrown tons of IPv6... Got thrown off with wording for about 2-3 questions.. another variable that increased chances of my low score is I came out 28 minutes after LOL... I have a tendency to rush in exams and I suck with using extra time

On and upwards! Partner promised to have a day out at Indian today no matter the result so at least I have something to look forward to haha

L3 chapter score I felt was low since I thought that was my strongest:)

I used: official cert guide, CBT nuggets, INE (INE was quite boring...), Chris (Udemy) good for overview on each topic.. Flash cards etc.. My studying went down hill in June because of a new job.

Do you have a good idea of which specific questions you got wrong? I've found that the breakdown they give you at the end of the exam isn't always exactly accurate.

see more
Original Poster1 point · 10 months ago

Yeah I have a feeling most majority was: EVN, Frame Relay & IPSec stuff since I was ignorant and didn't spend as much study on them

You mentioned that you watched CBT nuggets and Chris Bryant's Udemy series. Do you have a preference? I have watched CBT Nuggets in the past, but the price has been keeping me from using them recently. Chris Bryant's CCNP series is only $10 today on Udemy. That's a smoking deal if they are decent quality. If you could share your thoughts on both series that would be appreciated.

see more
Original Poster3 points · 10 months ago

CBT nuggets:

More indepth, while I love Jeremys passion and enthusiasm... some of the jokes/remarks can just put me off without being personal and he can just get a bit too enthusiastic for what I like watching... Most topics are covered but I think pretty much the network principles chapter isn't (you could say its more theory based but I just like videos rather than text when it comes to pure theory... I like seeing pictures etc..) I pretty much watched it all through and only watched for a second time: redistribution and most bgp videos.

Chris Bryants: Damn his material is solid looking from a price-to-'performance' view. Great overview of every topic but a few topics lack the depth compared to CBT/INE. I got the CCNA security course for free which made it appeal to me otherwise I wouldn't of tried it out since I never heard of him..

I more or less used Chris as an overview before approaching the topics in depth...

Load more comments

I remember reading somewhere here that someone didn't feel comfortable listing their CCNP on the resume because they felt like the employer would expect a bit much from them since he only had few months to 1 year experience in cisco environments...

Sure, experience is more valuable but it shows you're dedicated (unless you brain dump and stall on a simple question that a CCNP is expected to know...)

Do you want to go for a CCNP because of the knowledge or the title/job roles? Heck, I've even listed my CCNP exams (eg 1/3) on my CV because it shows that I am working towards that level and I'm not just sitting back not learning...

Personally, I've been focusing on the experience more so I can chat away if an employer asks me what I've been involved in. There is only so much you can learn through the certs (theory/labs/troubleshooting) compared to scenarios where you have people breathing down your neck because you messed up, or you need to clean over some slack engineer.


BGP Loopback neighbor relationships

Just a simple question, topology is:

I'm mainly using simple static routes for loopback addresses for eBGP/iBGP neighbors to form neighbor, you can see that most entry points per AS just connect a single link. What scenarios would people use IGP's instead of a static route? I guess most cases you could use IGP's internally to set up these iBGP neighbors but would we in any case use an IGP for an eBGP to work? (without sounding stupid and knowing IGP's should really be used within an AS)

I bet its a simple 'no, just use static routes' xD

Yeah L2 switches supports 1 svi interface that is 'up' (not 100% true since I remember one of the 2960's can have more 2 svi's that are both in up state), mainly used for management purposes, you can configure more than 1 but only 1 can be in an up state


QoS for avaya ip phones

I've never touched QoS properly and wanted to get my head around this configuration:

mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos

^ Why does multiple entries exist? Is this bad practice from the previous IT or am I missing something, Avaya mentions to use:

mls qos map cos-dscp 0 8 16 24 32 40 46 56

To my knowledge, Avaya's bests practices mentions that you can use lldp and instead of configuring the interface as a trunk, you can still use the switchport voice vlan command. I've tried this and the phone I'm practising at a school works but want to get my head around the multiple dscp-map configuration etc..

Interface level would have this applied:

  interface GigabitEthernet2/0/14
   description *** Curriculum Port ***
   switchport access vlan 99
   switchport mode access
   switchport voice vlan 113
   srr-queue bandwidth share 1 30 35 5*
   queue-set 2*
   priority-queue out*
   mls qos trust cos
   auto qos trust
   no cdp enable
   spanning-tree portfast
   spanning-tree bpduguard enable

I've marked the commands that I need to lookup/need an explanation with *.

I look forward to someone sharing their qos knowledge :D


PBR simple mistake?

Not too sure if I'm tired and mistakenly configured something wrong... topology is:

I have 2 x prefix lists on R2:

ip prefix-list match-10 seq 5 permit

ip prefix-list match-20 seq 5 permit

route-map redirect-ping permit 10
match ip address prefix-list match-10
set ip next-hop

route-map redirect-ping permit 20
match ip address prefix-list match-20
set ip next-hop

route-map redirect-ping permit 100

Then of course ip policy is applied on interface... I've debugged the pbr but ping source lo0 and lo1 go to router 3 ( via when the ping from lo1 on R1 should go to R4 then R3?

PBR doesn't support prefix lists since they are more meant for route filtering instead of packet matching.

Also your setting your next hop to be R2's own addresses, you should set it to be the neighbor's next hop or use set interface

see more
Original Poster1 point · 1 year ago

I see, many thanks just a stupid question then

Ehh is router 4 s0/0, is router3 s0/0, you confused me and made me scratch my head haha :D

Oh oops, I'm used to the last number being the router number for labs

see more
Original Poster1 point · 1 year ago

Ahh I see :P I'm used to assigning the last number either the left router of the topology or the above router

Load more comments

I just added my cert to linkedin and just take my certificate in the event of an interview and if they want more proof then I will email them...

Every interview I've attended (only about 8 since I got my CCNA) they've never asked for verification or even the certificate because they'll know by asking you something like 3 simple questions haha

1 point · 1 year ago · edited 1 year ago

Those questions were harvested from a brain dump. Get your interview before they change the curriculum.

1: Arthur, King of the Brittans.

2: To find seek the Holy Grail.

3: African or European swallow?

see more

You alright mate??..... wrong post?? Haha


Redistribution filtering OSPF and EIGRP

Just would like some insight on how to approach this, I have a topology in GNS3 as shown:

I have redistribution on R2 and R4 and have an ACL but need to confirm something, ACL is on both routers:

ip access-list standard filter-acl-o2e
 permit any

What approach should I take when using the ACL as a distribution-list on both routers? Should 1 be in, and the other out?


router ospf 1
 distribution-list filter-acl-o2e in

router ospf 1
 distribution-list filter-acl-o2e out

Maybe I'm just applying it on the wrong routing protocol... I don't like the CBT videos explaining redistribution filtering, maybe I just need to scratch my head a bit more then I'll understand after something just clicks... I just don't seem to understand lol? Cheers

3 points · 1 year ago · edited 1 year ago

Don't use distribute lists to try to control redistribution, especially in OSPF. The right way would really be a route-map. I'll try to do this in the text window, but if it doesn't work, msg me and I'll lab it further

ip access-list standard EIGRP_SUBS

route-map e2o permit 10
match ip addr EIGRP_SUBS

route-map e2o deny 20
!this isn't really needed, it is implicit, but shown to help make sense

route-map o2e deny 10
match ip addr EIGRP_SUBS

route-map 02e permit 20
!this is needed

router ospf 1
redist eigrp 1 route-map o2e

router eigrp 1
redist ospf 1 metric <blah> route-map o2e
!you need a metric here or a default metric, or eigrp won't redist the routes

I think I have all the directions right on that. In this case, you'd have to make sure the EIGRP_SUBS list matches on both devices, and you change it on each of you change the topology. The advantage is that a single list automatically updates redistribution in both directions. If you wanted to be slightly more challenging but probably cleaner and more industry standard, you could swap the ACLs for prefix lists. Even more challenging, change your route-maps to add and check route tags as needed to make this process automatic, no ACL or prefix list needed.

Also, note that distribution lists in ospf don't work as they do in eigrp. In OSPF you have to have a consistent LSA database across an area. EIGRP has no similar requirement. Thus you can tell EIGRP to not distribute something w/o much worry, but if you do that in OSPF, you are effectively saying "don't distribute it into the RIB" which can lead to blackholing of traffic. There's no (effective) way in OSPF, inside a single area, to say, "don't learn these types of routes from this neighbor". As a matter of fact, if you try to do a "dist <ACL> out <int>" in OSPF, you'll get an error.

see more
Original Poster1 point · 1 year ago

Thanks mate, I got onto route maps a few hours after and they looked pretty sweet. I'm going to do that with prefix lists before doing route tagging because I'll watch the videos I have on route tagging before trying :P

2 points · 1 year ago · edited 1 year ago

See below for an example

ip prefix-list EIGRP_SUBS  permit
ip prefix-list EIGRP_SUBS  permit
ip prefix-list EIGRP_SUBS  permit ge 24 le 24

route-map o2e deny 10
match ip addr prefix EIGRP_SUBS
see more
Original Poster2 points · 1 year ago

many thanks for going out of your way for the example. I do like how its better to just manage 1 list per router (instead of 2 lists per router)...

Load more comments

I used to just configure everything via adsm and then look at the config after each command lol

2 points · 1 year ago · edited 1 year ago

I run an r410 /w esxi 5.5 that connects to my lab for more routers (and even linux web/sql servers) but also sometimes run labs from my pc (i7-6700k, 16GB) alongside everything else..

I haven't fully tested the r410 in a lab environment though, which is dual xeon, 24gb etc.. but it works perfectly for my CCNP setup. The r710 you linked looks sufficient enough although it doesn't look like that comes with any hdd caddies. If you can find one with hdds then save yourself some effort so you don't have to find some...

Original Poster1 point · 1 year ago

Good point about the HDDs. Have you had any trouble with ESXI? I was originally planning on using that but now I'm leaning more towards Hyper-V.

see more

Not really, only a few things like connecting to real lab but just needed to change a few settings on the vm's. If I ever need to upgrade gns3 I just start from fresh and it works everytime

Cake day
August 26, 2015
Trophy Case (2)
Two-Year Club

Verified Email

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.