Passed the CCNP ROUTE exam today; Exam takeaways

Day 1238 on my Cisco study chain resulted in a pass on the CCNP ROUTE exam.  Scored a 941 out of 1000.  I was given 50 questions and needed a 790 to pass.  I was given 120 minutes and I finished with about 30 minutes to spare.  Looking back, I should have slowed down a bit in the labs, but from my first CCNA exam attempt (when I ran out of time with 3 questions to go and missed passing the test by 7 points), I push myself to work quickly.  Too bad Cisco doesn't allow us to go back through the test to see if we would like to change an answer.

On the major topics, I did pretty well:

Implement an EIGRP based solution: 93%
Implement a multi area OSPF network: 100%
Implement an eBGP based solution: 100%
Implement an IPv6 based solution: 100%
Implement an IPv4 or IPv6 based redistribution solution: 89%
Implement Layer 3 Path Control solution: 100%

But...

Implement basic teleworker and branch services:  0%

So, that 0% is super embarrassing.  Obviously, it wasn't a major part of the exam, but I gave away points on my overall score by missing those questions.  The only questions that come to mind had to do with GRE tunnels.  To be honest, I did not spend much time on GRE tunnels (obviously!) and most of the materials (including Cisco Press ebooks) did not make this a focal point at all.  So, I felt blindsided by those questions.  I gave them my best shot, but I completely tanked on those questions.

Some of the lab/simlets are goofy.  For example, not all the routes will show up on a remote router, but the pings will work both directions.  There was also a line in another scenario that said "it needs to respond to a ping and telnet", but when I ran the telnet command to test, the telnet command failed and wasn't an option.  So, either I misunderstood how to test the telnet or I misconfigured the redistribution.  The traceroute followed the correct path, but maybe I missed something.  Either way, I think that's why I scored an 89% on the redistribution section.

The main takeaways from my CCNP ROUTE experience:

• Focus on EIGRP and OSPF.  Theory and implementation.  There are a couple of simlets for both protocols.
• BGP was not covered as much as I expected.  All theory; no simlets.
• There is a Policy Based Routing (PBR) simlet, so have a solid understanding of ACLs and route maps because there are questions where you read through a section of a router config and need to explain what the route map does to the traffic.
• Not a lot of IPv6, but 
• Lastly, know your stuff when it comes to GRE!

Overall, I feel like it is a fair exam and (other than the GRE section) I felt prepared for everything I was tested on.  And while I would have loved to score a 1000, a pass is a pass!

I'm gong to spend the next few weeks learning about GRE while starting my CCNP TSHOOT prep.  Gotta keep that chain going...

In Pursuit of Mastery

Lately, I've noticed a trend on motivational and educational books and websites:  mastery.

One of the most sited concepts is the idea of becoming an expert or a master after 10,000 hours or practice or work:

A Better Way to Practice

What Mozart and Kobe Bryant Can Teach Us About Deliberate Practice

Don't Just Learn - Overlearn!

This idea of the "10,000 hour rule" is also mentioned in Robert Greene's book, Mastery.

I learned about Robert Greene's book via 'The First Key to Mastery: Finding Your Life's Task"

---

After reading the above articles and book, my thoughts drifted towards two occupations:  musicians and IT workers.  Why?  Because I strived to make a career in both fields.

Obviously, musicians must practice consistently and constantly, but I believe this also applies to IT workers.  With the constant change in the computing and networking fields, practice and further education are absolutely necessary in order to stay relevant and capable.

Much like a musician who learns multiple techniques to make music, a network technician or engineer must also learn about the multiple technologies available to design, maintain and troubleshoot a computer or a network.  For example, it is important to learn the advantages and disadvantages of the different Internal Gateway Protocols (RIP, EIGRP, OSPF) for the different topologies (hub-and-spoke, star, etc.) and transport methods (Ethernet, Frame Relay, MPLS, Serial).

Practice methods are pretty straight forward for musicians (for example, taking lessons, listening to different genres of music, watching educational DVDs from their favorite musicians, reading sheet music, instructional books, and most importantly, actually playing their instrument).  What practice methods are available for IT workers and network technicians?  Strangely, some of the exact same methods:

• Educational books and classes
• Training videos (youtube, CBTNuggets, INE, TrainSignal, etc.)
• Various websites (www.freeccnaworkbook.com, etc.)
• Simulators/Emulators (gns3)
• Home lab equipment

Which method(s) would be best to move towards mastery?  In my opinion, all of them are useful but more emphasis should be pointed towards the simulators and home lab equipment.

Practicing the actual implementations and configurations on real equipment would be similar to a musician playing their instrument instead of just watching or reading about it.

---

"To know but not to do is really not to know."  -- Steven R. Covey, The 7 Habits of Highly Effective People

We can read all the books and websites we want, but until we actually get on the equipment and implement the configurations and see what works (and more importantly, what doesn't work), we don't really "know".

---

Another great book that talks about mastery is Jim Collins' "Good to Great".  In this book he talks about the "Hedgehog Concept" which involves three circles:  what you can be best in the world at, makes money and what you have a passion for.  Where the three circles intersect is your "Hedgehog Concept".  In the context of mastery, I believe that the three circles also pertain to mastery.  Where the three circles intersect is also lies the possibility of mastery.

The first circle is the toughest:  What can you be best in the world at?  That's a tall, tall order.

Jim Collins uses the following analogy (which I will paraphrase):  Imagine you take the SAT and score highly on the math portion.  Does this mean you should pursue a career in mathematics?  Not necessarily.  There are people who are "genetically encoded" for math.  Their brains are just wired for math.  The same would apply to musicians and network technicians.

If we spend the "10,000 hours" to move toward mastery but are not "genetically encoded", can we realistically become a master?  I don't know, but after 10,000 hours of deliberate practice, I think one would at least be considered an expert or (at least) highly competent.

---

Another concept Jim Collins brings up is the idea of "Pushing on the Flywheel".  Once we find our "Hedgehog Concept", the next task is to consistently push on the flywheel and build momentum over time.  Any tasks outside of "Hedgehog Concept" take momentum away from the flywheel.

Mastery is not just about the amount of time spent, but also the quality of time spent.  If we spend those hours just mindlessly reading the same books over and over (and I'm guilty of this), we may not be moving towards mastery as quickly as we would like.

---

Another Jim Collins' book "Great by Choice" discusses the idea of a "20 Mile March" where no matter what one pushes to march 20 miles a day regardless of the weather instead of marching 40 miles in good weather and 2 miles in bad weather.  A synopsis can be found at the artofmanliness.com:  What's Your 20 Mile March?

The idea of a "20 Mile March" or "Pushing on the Flywheel" also ties back into one of my favorite motivational tactics:  Don't Break the Chain as taught by Jerry Seinfeld.  I think it is important to be consistently pushing towards a goal (such as a certification or to start learning about new technologies).

---

In conclusion, I'd like to paraphrase a quote from Bill Walsh (the former San Francisco 49ers head coach) from his book "The Score Takes Care of Itself":

"Mastery is a process, not a destination."

Sports, music and even networking are all similar in this regard.  True mastery is never achieved.  There is always some aspect of our skills that needs to be improved and worked on.

Moving towards mastery in the IT fields is about learning more about current technologies (depth), learning about new and emerging technologies (width) and consistently moving towards our goals (20 Mile March/Pushing on the Flywheel).

My hope is that those of us who are pursuing Cisco certifications are pursuing them for the right reason:  to learn the material in pursuit of mastery (even if mastery can never be fully achieved).

Resources for the CCENT and CCNA Exams

After participating in this Google+ post, I thought it would be nice to list the resources I used when studying for the CCENT and CCNA exams.  Please keep in mind that I earned the 'v1.1' certifications that were recently updated by Cisco.

I imagine that most of the information in these resources will still be relevant to the new exam, but make sure that most of your material is geared toward the new v2.0 exams.

---

The first concept I recommend is the "Don't Break the Chain" concept I learned on lifehacker.com.  You can accomplish damn-near any goal through consistent effort over time.

---

Next, be sure to grab the syllabus from Cisco's website for the exam.  If you are going to break the CCNA into two parts (which is what I did), the first exam to take is the 100-101 (CCENT).  After you click on the link, click on 'Exam Topics'.

Also, head over to the Cisco Learning Network and create your Cisco.com account.  Once you create an account, you'll have access to download white papers and PDFs for the exams.

https://learningnetwork.cisco.com/index.jspa

---

The Cisco Press website is also a mandatory stop.  These materials are geared specifically for the exams and are published with Cisco's blessing, so they better be good enough to help you pass the exam!

CCENT:  http://www.ciscopress.com/markets/detail.asp?st=44701

CCNA:  http://www.ciscopress.com/markets/detail.asp?st=44711

Personally, I would start with the Foundation Learning Guides.  I didn't know these guides were available when I took the CCENT/CCNA, but I started using them when studying for the CCNP SWITCH and CCNP ROUTE exams.  Highly recommended!

CCENT:  http://www.ciscopress.com/store/interconnecting-cisco-network-devices-part-1-icnd1-9781587143762

CCNA:  http://www.ciscopress.com/store/interconnecting-cisco-network-devices-part-2-icnd2-9781587143779

The Official Certifcation Guide would be my next stop.  These are aimed directly at passing the exam.  A lot fo the same material will be presented between the Foundation Learning Guide and the Official Certification Guide, but my method of study isn't just to learn, but to overlearn.

Last in this section, grab the Portable Command Guide.  The Portable Command Guide on it's own won't help you much but once you have the Foundation Learning Guide and Official Certification Guide under your belt, the Portable Command Guide is where the rubber meets the road.

Think of these three books this way:  The Foundation Learning Guide is the 'high level' book to show you the overall picture with some detail.  The Offical Certification Guide is a more focused view of the same terrain (middle level).  But the Portable Command Guide is the ground level, 'roll up your sleeves and get dirty' book.  If you haven't seen the overall picture of the exam and the technology, it makes it more difficult (in my opinion) to really know what each command is going to do, what commands are needed to implement the technology and what the consequences of those commands might create.

The whole purpose of these exams is to prove we have the knowledge and skills to configure and troubleshoot Cisco equipment and networks.  If we lack the fundamental knowledge and skills and just study to pass the exam, we're cheating ourselves and cheapening what the exam is worth.  The Foundation Learning Guides are to learn about the theory and implementation behind the technology, not just to pass the exam.  Start at the high level; work down to the ground level.

---

Next, you need to ask yourself how far you want to take this.  If you are just going after the CCENT and CCNA, you can probably get by with a simulator.  But I recommend using both simulators/emulators and real equipment.

Hit ebay and look for great deals.  There are other suppliers that can be found, but I've purchased all my Cisco gear via ebay.

For crossover and serial cables, monoprice is a great site.

When I took on the CCNA, I used two routers and three 2950 switches, but mostly, I used GNS3 especially for the Frame Relay topics.

GNS3 is a Cisco router simulator/emulator program available for Windows, Mac and Linux.

Another great resource that ties into GNS3 is http://www.freeccnaworkbook.com/workbooks/ccna.  This site provides a great framework to build labs in GNS3 and to help prepare you for the exams.  I recommend actually typing in the configurations (since that what you're trying to learn anyway!) instead of 'copy and paste'.

---

Next:  YouTube

There are so many great videos to learn Cisco and networking technology on YouTube that it would be difficult to list them all here.  Search for the topic you are wanting to study next (RIP, Frame Relay, VLANs, etc.) and you'll find plenty.

Here are some channels that I subscribe to:

CBT Nuggets
Cisco
INE Training
Keith Barker
Kevin Wallace

---

There are also plenty of video courses out there.  Check out their samples and if you think you might like their teaching style, go for it.

CBT Nuggets
Chris Bryant
INE

---

After reading a number of articles about what study methods work and which don't, flash cards were consistently at the top of the list.  Cisco has flash cards available, but if you want a free program check out AnkiDroid.  I have AnkiDroid installed on my phone and tablet.  It's a great study tool when you have a few minutes of downtime.  I've been doing more book reading than using flash cards lately, but memorizing terms is crucial for these exams.

Practice exams are also listed as great educational tools.  I see that Cisco does offer some practice tests, but I've never used them so I can't say if they are any good or not.

---

Also, it might be worth your time to head down to your local library and see if they happen to have any Cisco books.  The books will likely be outdated, but take advantage of as many free resources as possible.

If (and this is a big if) you can grab a copy of 'Routing TCP/IP Volume I' by Jeff Doyle, the first chapters will be very educational.  It's an intense and immense book, but there's good reason why it's been called the 'Networking Bible'.

---

I've acquired most of my books in ebook format and uploaded them to my Google Play Books account.  It has been so nice to be able to read these books on my tablet and my phone.  The syncing works OK, but the portability is the biggest benefit.  Highly recommended.

---

In conclusion, there are so many resources to study for the Cisco exams that you will probably have more trouble deciding which ones to use instead of having trouble finding anything at all.

If I find any more resources, I'll add them here.

Good luck!

Hey, wait. There's a tree missing here!

Yesterday, while planning a network switch replacement, I noticed a little problem that could have been a big problem if that switch was moved up one spot in the network.

I'm recreating the problem on my home lab and walking through how it was found and how to fix it:

First, here is the lab topology using dia (http://dia-installer.de/):

Straight forward physical topology.

So, I started my planning session with a quick 'show vlan brief' to verify which VLANs were running on each switch.  For this lab, we'll have VLANs 1, 11, 22, 33 and 44.

AS2

AS3

All five VLANs are configured on both switches.

The next command I issued was 'show spanning-tree summary' to verify the path back to the root switch.

AS2

Using this command we see that AS2 is the root switch for all the spanning-tree instances.

AS3

Do you see the problem?

VLAN0022 is missing from spanning-tree!

As you can see from the 'show vlan brief' command, VLAN 22 is configured on the switch, but it doesn't have a spanning-tree instance.

To verify this, you can run a 'show spanning-tree vlan 22' command:

This was the first time I've ever ran into a VLAN not running spanning-tree.

So, what is causing the problem?

I first starting by looking at the trunks.  If a VLAN does not have at least one port using the VLAN on the switch, then the VLAN is shutdown to prevent a black hole.  So, I ran a 'show interfaces trunk' command on each switch to verify each VLAN was allowed on the trunk:

AS2

No problem on AS2.  All five VLANs are allowed on the trunk.

AS3

Same deal here.  All five VLANs are allowed on the trunk.

Again, what is causing the problem?

Next, I ran a simple 'show running-config' on the problem switch (AS3 in this lab).  I'm not gonna lie, I had to run through the running-config a few times before I noticed it:

Why this command was running on a production switch, I'll never know.  But we were relieved that this configuration was on a 'spoke' switch and not on a 'hub' switch and that there was only one uplink.  If this switch was a 'hub' switch or had a redundant trunk, a broadcast storm surely would have happened.

So, the simple solution:

Ran a 'show spanning-tree summary' to confirm there is now a spanning-tree instance for VLAN 22:

If you have any questions, please leave a comment.

Thank you for reading!

Troubleshooting Trunk Links and Spanning Tree using Dia - Part 5 of 5

Welcome back to the conclusion of this series!

We are now on to VLAN 44 which will show just how useful making a spanning tree map in dia can be.

Just like on the previous posts, here is the original physical layer map:

And once again, let's start with the 'show spanning-tree vlan 44' command on DS1:

Only two of the six trunks are forwarding VLAN 44.  Gi0/1 is the root port back to the root switch and Gi0/2 is in the blocking state to prevent a loop.  First update to the map is as follows:

Next, the 'show spanning-tree vlan 44' command on DS2:

On DS2, we can see that all six trunks are forwarding VLAN 44 and that DS2 is the root switch.  The updated dia map is:

Forwarding on to AS1 and the 'show spanning-tree vlan 44' command:

Here, we can see that only two of the four links are being used for VLAN 44.  Fa0/13 is the root port back to DS2 and Fa0/14 is blocking to prevent a loop.  Of course, we document this on the map adding the circled-x on the end of the blocking port:

Last, we head over to AS2 and run the 'show spanning-tree vlan 44' command:

Now, we have some interesting information shown here.  Notice, AS2 believes it is the root switch for VLAN 44.  But we documented that DS2 is the root switch.  How is possible?

It is possible because AS2 doesn't have a connected neighbor using VLAN 44, but AS2 does have an active port on VLAN 44 (Fa0/21 and Fa0/22).  Since AS2 does not have a neighbor using VLAN 44 on their trunks (and AS2 is not using Fa0/23 or Fa0/24 on its trunk links up to DS2), AS2 believes it is the root switch for the VLAN.

Once we document this misconfiguration on the dia map, it becomes very clear.  Remember, I use the blue links to indicate that the VLAN is not on one end of the trunk link and the circled-x is used to indicate with end of the link the VLAN is not available on.

Because there are zero green links coming from AS2, it is clear that AS2 is cut off from the rest of the network on VLAN 44.

Now that Layer 2 is documented, let's verify where the HSRP Active router for the VLAN is located.  First, the 'show standby vlan 44' on DS1:

DS1 appears to the Standby router indicated by the 'State is Standby' and the 'Standby router is local' lines.  Let's verify that DS2 is indeed the Active HSRP router.

And DS2 is the Active router.  So, the finished map shows as:

---
Let's take a look at the finalized maps for each VLAN:

VLAN 1

VLAN 11

VLAN 22

VLAN 33

VLAN 44

So, now that we have our finalized maps, what would be some options to repair and optimize the current configurations?

At the beginning, I wrote that the odd numbered VLANs (1, 11 and 33) were going to use DS1 as the root switch for spanning tree and use DS1 as the HSRP Active Router and that the even numbered VLANs (22 and 44) were going to use DS2 as the root switch for spanning tree and use DS2 as the HSRP Active Router.  Additionally, when there are dual uplinks, I think it makes much more sense to utilize EtherChannels (logically combining two or more connections into a single connection).  EtherChannels optimize bandwidth (more connections toward the root switch) and simplifies the spanning tree instance (no blocking ports towards the root switch).

First off, this might be an opportune time to change the spanning tree protocol to rapid-pvst (rapid per VLAN spanning tree).

So, let's start there.  On each switch, we run the command 'spanning-tree mode rapid-pvst' in configuration mode:

When we change the spanning tree mode type, the spanning tree instance will need to reconverge and since the other switches are still in Per VLAN Spanning Tree (pvst), we will have to wait through the Listening and Learning stages before moving along to each switch.

We can see that the HSRP sessions break down as well.  Once spanning tree has reconverged, the HSRP sessions reconnect and routing is back online.  Once all four switches are running rapid-pvst, the following configuration changes will update the spanning tree much quicker.

Secondly, we will need to configure the trunk links to be identical (all the VLANs will need to be allowed on all the trunks).

The easiest way to do this is to use a range command on each switch that adds the line 'switchport trunk allowed vlan 1,11,22,33,44'

We can use the dia map to find out which ports can be added to the 'interface range' command instead of having to go through each port individually.  Remember, when a trunking command is added or changed, spanning tree will reconverge.  Obviously, this type of work needs to be done off-hours since the convergence will temporarily take down each VLAN.

Once each switch has identical allowed VLANs, it's time to plan our EtherChannels.  Again, dia can be used to help with this planning as well.

Under the SDL group of icons in dia, there is a circle that can be used to indicate an EtherChannel.

We can add the circles and change the shape into an oval and add a label to plan out the EtherChannel port numbers so the numbers don't overlap on the same switch.

There are a few different ways to configure EtherChannels (which will be a topic for another series).  So, for this article, let's just choose a quick configuration and move along.  Also, remember that when you change the configuration on one end of the links, the ports will go down until the other end is configured.  So, it is best to start with the remote end first so that you don't "cut your own arm off".

Once the EtherChannels are in place, it's time to make sure that the odd numbered VLANs are using DS1 as the root switch and that the even numbered VLANs are using DS2 as the root switch.

One of the many goofy things about spanning tree is that the 'priority' setting is backwards (at least in my way of thinking).  The switch with the LOWEST priority is the root switch (which is the opposite in the HSRP configuration).

Spanning Tree = lowest priority is the root switch
HSRP = highest priority is the root switch

So, when I set up a spanning-tree priority, I like to set the root switch with a priority of 4096, the secondary switch with a priority of 8192 and the other switches with a priority of 40960.

For DS1:

For the even numbered VLANs 22 and 44, we'll set the priority as 4096 on DS2, 8192 on DS1 and 40960 on the other two switches.

We can verify that spanning tree and HSRP are working as planned with the 'show spanning-tree summary' and 'show standby brief' commands:

We can see that DS1 is the Root bridge (root switch) for VLANs 1, 11 and 33 and is also the Active router for VLANs 1, 11 and 33.

DS2 confirms that it is the Root bridge (root switch) for VLANs 22 and 44 and is also the Active router for VLANs 22 and 44.

Now that we have the rapid-pvst running, the trunks configured, EtherChannels set up and the spanning tree priorities configured, our final maps look like this:

Odd numbered VLANs (1, 11, 33):

Even numbered VLANs (22, 44):

---

I sincerely hope that you download and become comfortable with using dia and that this series has been helpful to you in learning, configuring and troubleshooting trunks and spanning-tree instances.

Thank you for reading!

Troubleshooting Trunk Links and Spanning Tree using Dia - Part 4 of 5

Welcome back!

Continuing this series on using dia to troubleshoot trunk links and spanning tree instances, let's move on to VLAN 33.

Once again, here is the physical layer topology:

By now, we have our routine.  Start with the 'show spanning-tree vlan 33' command:

Here, we can see that DS1 is the root switch and that four of the six trunks have VLAN 33 allowed.  The first update to the map follows:

Over to DS2 next and the 'show spanning-tree vlan 33' command:

A very similar configuration here.  DS2 is utilizing the Gigabit connections back to DS1 (the root switch), and the connections to AS2 are forwarding traffic for VLAN 33 as well.  Gi0/1 i1 is the root port and Gi0/2 is blocking to prevent a loop.  The updated map is now:

Next, AS1 and the 'show spanning-tree vlan 33' command:

Here we see that only two of the four trunk links are utilized.  Fa0/11 is the root port back to DS1 and Fa0/12 is in the blocking state to prevent a loop.  Again, the updated map:

Last, let's head over to AS2 to finish the map:

And here we can see a similar configuration as AS1.  Two of the four uplinks are utilized, but this time up to DS2.  Fa0/23 is the root port and Fa0/24 is blocking to prevent a loop.

Now that we have the Layer 2 topology sorted, let's verify the HSRP Active router.

On DS1, we run the 'show standby vlan 33' command:

Right away we can see that DS1 is the Active HSRP router with the 'State is Active' and 'Active router is local' lines.

While this configuration is not the most efficient (unused trunk links directly connected to the two distribution switches), this VLAN is not in too bad of shape.  Again, AS2 has to use an extra switch in the path (DS2) in order to reach the Active router, but overall not too bad.

The obvious fixes would be to allow VLAN 33 on all the links and change all of these dual uplinks into Etherchannels.

Next post will cover VLAN 44 and then the final configuration to implement all the fixes.

Thank you for reading!