Saturday, January 10, 2009

IPexpert Volume 3 Mock Lab 4 Review

Just took a dump on this lab. Lots of little mistakes. My problem was that many of the tasks were configuration heavy, mixing and matching totally unrelated options.

-4 2.2 PPP MD5 Authentication
I had this working right but the script said I needed "ppp eap identity " commands on each side. My link came up without them and I debugged PPP auth to verify it was authenticating.

-4 3.2 OSPF
A load of OSPF configuration and I was not supposed to use a network statement on areas 256, 96 and 97. I used a network statement for R9's loopback costing me the 4 points. There were probably over 50 commands for this task and 1 command cost me.

-3 3.3 OSPF Authentication
Grading script was wrong. You didn't need a VL between Cat1 and Cat3 and the script was checking for one.

-3 7.3 IPv6 Security
Grading script was wrong. I had filters on all IPv6 interfaces but the script was looking for it on the wrong interface.

-3 4.4 BGP Path Selection
I had to engineer a next hop solution and I used the "set ip next-hop" in a neighbor route-map. The Script didn't use a ping or trace to verify the solution so it did not know that my solution worked. Instead it came up with a bogus explanation.

-3 5.1 Multicast
What I do not like about the grading script is once it finds an error - it doesn't continue so you never get to see how the rest of the task would have been checked. In this case I did not put PIM in the loopbacks of the multicast routers. The task said all interfaces so I messed up on this.

-3 5.2 Multicast - Sink RP
I guess your supposed to deny the RP groups in an ACL on your mapping statement when configuring a sink RP. Makes sense otherwise you get the chicken/egg problem.

-2 6.2 System Management
This kind of crap pisses me off. I had to enable load-interval 60 on all interfaces and I forgot it on the port channels and loopback. Good grief.

-3 6.4 ECN
ip tcp ecn. I had no clue on this one.

-3 6.5 Local DNS
This is where the lab is screwed up. In this task R5 needs to telnet to R2 by name. But in a later task we have to block IPv4 telnet to R2 and only allow IPv6 via LOOPBACK IPV6 ADDRESS. The script does not use /source-interface and so it fails. I am going to bring this up with IPexpert.

-3 8.1 MQC
We were supposed to prevent R1 from sending unreachables without an interface command or rate-limit. The SG uses CPP to block them, pretty nifty. I used local policy routing to NULL 0 - probably not allowed but I could not think of another way.

-3 9.2 CBAC
The ACL the SG wants is supposed to be "strict". I allowed RIP and BGP and the SG only allows RIP. I guess BGP is included in the tcp router-traffic command but I will have to verify this. I actually thought about this but not enough to have me change it. I figured if I got it wrong I will be forced to learn a little more.

-3 9.4 TCP intercept
I did not configure any one-minute low/high options. I don't think the question asked for this, so I am not sure why they are there.

Well that's about it for today. The total score was 60 but I am pretty satisfied. I was able to browse the DocCD for some tasks I never heard of. This includes disabling the RFC 2217 option for telnet, MRM (which I got right), PPP EAP authentication, round robin DNS and some others.

This lab was heavy on the configuration and 4 point-tasks. This sucks because one little thing ruins the whole task. Plus, there was a bunch of little interesting topics on this lab I will probably blog about this week.

1 comment:

  1. For become an ipexpert, you have to clear your lab or written exam. There are many CCIE bootcamps, those providing the best training with proper knowledge.


Note: Only a member of this blog may post a comment.