Tag: cisco

Two CCIE R&S Certification Webinars

Source: https://cisco.hosted.jivesoftware.com/docs/DOC-4862

Cisco will conduct two webinar events on Wednesday, May 20, 2009 to describe recent enhancements to CCIE R&S certification and Cisco 360 Learning Program for CCIE R&S.
Attendees can choose from calls at 8:00 am and 7:00 pm PST.
Participants need only attend one event as content will be identical.

Registration information is as follows:

MEETING DETAILS

Meeting Name: CCIE R&S Refresh
Date/Time: 5/20/2009 @ 8:00 AM and 7:00PM US/Pacific Time
Length: 90 minutes
Frequency: Once
Meeting ID: 222333

Register for each event:

Please visit https://cisco.hosted.jivesoftware.com/docs/DOC-4862 to register for this event.

Join the Voice Conference

1. Call MeetingPlace:

Toll-free (US only): 1-800-370-2618

Toll-free (Canada only): 1-800-370-2618

International Direct Dial: 1-650-599-0315

2. Press 1 to attend a meeting.

3. Enter Meeting ID (222333) followed by the # key.

4. Follow the prompts to record your name and enter the meeting.

Join the Web Conference

1.    Disable any pop-up blocker software.

2.    Go to http://gc46gw1.meetingplace.net.

3.    Enter meeting ID (222333) and click Attend Meeting.

4.    Enter your first and last name in the My name is box and click Attend Meeting.

5.    Answer Yes to any security warnings you receive and wait for the Meeting Room to initialize.

Please read more on: https://cisco.hosted.jivesoftware.com/docs/DOC-4862

Posted on by Calin 0

Cisco Revising CCIE R&S Certification

Source: https://cisco.hosted.jivesoftware.com/docs/DOC-4605

Cisco Revising CCIE R&S Certification
The upcoming Version 4.0 of Cisco CCIE® Routing and Switching certification will test hands-on troubleshooting, Multiprotocol Label Switching (MPLS), and VPN networking

To reflect the growth of the network as a service platform, Cisco is revising the certification requirements for CCIE Routing & Switching (CCIE R&S)–the expert level certification for network engineers. The new requirements were developed with assistance from Cisco enterprise customers and reflect the expectations of employers across industries.

The competencies required for CCIE R&S v4.0 certification were released on May 5, 2009, and are available on the Cisco Learning Network under the CCIE R&S v4.0 Written Exam topics and CCIE R&S v4.0 Lab Exam topics. Exams based on the new requirements are scheduled for release on October 18, 2009, and will immediately replace the currently available v3.0 exams. Candidates who plan to take their exams on October 18, 2009, or later should prepare using the new v4.0 exam topics.

Both the written and lab exams will be refreshed with new questions and will cover MPLS and VPN networking. The written exam will add scenario-based questions to the multiple choice questions, and the lab will now require hands-on troubleshooting of preconfigured networks, in addition to configuration. Exam duration and pricing will remain the same, with the two-hour written exam at USD$350 and the eight-hour lab at USD$1400.

A beta version of the new CCIE R&S v4.0 written exam (351-001) will be available to all customers in the July–August 2009 timeframe at a discounted price of USD$50. An announcement will be made when scheduling begins.

Cisco 360 Learning Program Updates Available

Cisco 360 Learning Program components aligned to the new CCIE R&S certification standards will be available on May 11, 2009. All current students will have access to the new materials throughout their subscription period. New materials include additional lessons on MPLS and troubleshooting, enhanced coverage of these topics in the instructor-led workshops, an updated Practice Lab Workbook for self-paced practice, and new Performance Assessments that gauge skill level and offer mentoring feedback.

CCIE Assessor, the first CCIE R&S practice lab, will be retired on June 5, 2009, and will be replaced by the 10 eight-hour assessment labs available through the Cisco 360 Learning Program.

Lab Equipment and IOS

The lab exam tests any feature that can be configured on the equipment and the IOS versions indicated below. You may see more recent IOS versions installed in the lab, but you will not be tested on the new features of a release unless indicated below.

Version 3.0 (effective through October 17, 2009)
  • 3725 series routers – IOS 12.4 mainline – Advanced Enterprise Services
  • 3825 series routers – IOS 12.4 mainline – Advanced Enterprise Services
  • Catalyst 3550 series switches running IOS version 12.2 – IP Services
  • Catalyst 3560 Series switches running IOS version 12.2 – Advanced IP Service

Version 4.0 (effective beginning October 18, 2009)
  • 1841 series routers – IOS 12.4(T) – Advanced Enterprise Services
  • 3825 series routers – IOS 12.4(T) – Advanced Enterprise Services
  • Catalyst 3560 Series switches running IOS version 12.2 – Advanced IP Services

Check here the Blueprints:
Cisco CCIE R&S Written Blueprint v4.0
Cisco CCIE R&S Lab Blueprint v4.0

Posted on by Calin 2

Cisco Catalyst 6500 Series Supervisor Engine 720

[flashvideo filename=https://ipnet.xyz/vid/archive/2009/04/CiscoCatalyst6500SeriesSupervisorEngine720.flv image=https://ipnet.xyz/vid/archive/2009/04/CiscoCatalyst6500SeriesSupervisorEngine720.jpg /]

Posted on by Calin 0

Cisco Hosts Webcast: Cisco Security Strategy

CiscoToday, Cisco delivers a webcast and corresponding slide presentation highlighting its security vision, market opportunity and expansion of its security and collaboration portfolio.

Who: co-hosted by Cisco executives, Doug Dennerline, senior vice president and general manager of Collaboration Software Group and Tom Gillis, vice president and general manager, Security Business Group – to discuss Cisco’s security and collaboration strategy. Following a brief presentation, a question & answer session will be held.

Listen and watch via the Internet:

Please listen to the webcast online at http://www.cisco.com/go/investors. An audio broadcast of the webcast, with synchronized slides is available on this site.

Source: cisco.com

Posted on by Calin 2

Cisco: How to use reflexive access-list and why they are useful

Reflexive access-list are one of the method that help us achive firewall functionality with a router hardware. The other methods that serve to the same purpose are Context-Based Access Control (CBAC) and TCP Intercept. For an introduction to CBAC with example please check my older post Cisco: Use CBAC to achieve firewall functionality on router device . For TCP Intercept check my blog in the next weeks.

Today, I will present Reflexive access-list and how can take advantage of their specific behavior. Reflexive access list commands are used to configure IP session filtering. IP session filtering provides the ability to filter IP packets based on upper-layer protocol “session” information. They are generally used to allow outbound traffic and to limit inbound traffic in response to sessions that originate inside the router. E.g. you want to allow a TCP connection from outside only is the initall packet was send from the inside. Take FTP active mode session on data port TCP 20. If you are doing FTP from inside the LAN port 20 will be allowed outbound and also inbound. But if somebody from outside try to reach one device on your LAN on port 20, the session will be dropped due to Access-list implemenation.

Reflexive ACLs can be defined only with extended named IP ACLs. They cannot be defined with numbered or standard named IP ACLs, or with other protocol ACLs. Reflexive ACLs can be used in conjunction with other standard and static extended ACLs. As a syntax Reflexive access-list are presented exactly like any normal ACL, with the implementation of two parameters “reflect” and “evaluate”.

Let have a look to this example topology. R2 will be the router where the Reflexive ACL has to be implemented.  The implementation is quite simple. You configure an outbound access-list which permit tcp sessions from any subnet to any subnet. The difference from this outbound ACL and a normal one, will be the “reflect” parameter at the end on the permit line. The “reflect” parameter will have the name OUT (it can be any name you want).

After the outbound list is completed configured, then we will configure an inbound access-list with a “permit tcp any any” statement followed by the parameter “evaluate OUT”. Below it’s a simple example how to configure this Reflexive ACL on the topology presented above, to permit UDP and TCP inside only if the session was initiated from inside:

ip access-list extended OUTBOUND
permit tcp any any reflect TO_REFLECT
permit udp any any reflect TO_REFLECT

ip access-list extended INBOUND
evaluate TO_REFLECT

interface Serial1/0
ip access-group OUTBOUND out
ip access-group INBOUND in

So, the INBOUND ACL will evaluate OUTBOUND ACL to permit or deny TCP packet from outside. Remember that by default, packets generated by the router itself will not be
reflected. This is why if you have a routing protocol running towards outside,  on your router you have to permit static those packets.  Let’t take the example of the BGP routing protocol. Assume that you have a BGP peering between R2 and R3. On R2 you will have to permit static the BGP packets from outside, like in the example below:

ip access-list extended OUTBOUND
permit tcp any any reflect TO_REFLECT
permit udp any any reflect TO_REFLECT

ip access-list extended INBOUND
permit tcp any any eq bgp
permit tcp any eq bgp any
evaluate TO_REFLECT

interface Serial1/0
ip access-group OUTBOUND out
ip access-group INBOUND in

In this way the BGP packets local generated on the router, will be allowed IN and OUT on the WAN interface. You will proceed in the same way for other packets that are generated on  the router and you want to allow them to pass through WAN interface.

For a live example please see the video presentation below. If you did not had a look to the example topology, now it would be a good time to do it. Already I have preconfigured BGP AS 300 on router R3 and BGP AS100 on R2 and R1, so the conectivity from R1 to R3 is not a problem. Also R1 and R3 have a  Loopback interface which is advertised into BGP. After implementing the Reflexive ACL on R2 I will be allow to telnet from R1 to R3, but not viceversa. Also the BGP packets between R2 and R3 will be static permited in ACL.

cisco-reflexive-acl

I hope that I could helped you to understand the importance on the Reflexive ACL. Sometime simple ACL would do the job and then I would suggest not to complicate things. But if you have something tricky to solve regarding access in your LAN, or you prepare for some exam like CCIE, then Reflexive ACL are quite useful and important.

Posted on by Calin 4