I passed CCNP Route 642-813 in January before the exam changed thus completing all three exams. Route was the most challenging of the three exams for me because I am now taking the lead on projects that involve routing, which is part of why I wanted to peruse the certification. Exciting times and I’ve started to take a peek at the CCIE 5.0 exam.
I passed the CCNP TSHOOT exam yesterday and I have to say that this exam was my favorite out of all the Cisco ones that I have taken so far. The exam format of solving trouble tickets was a welcome change that I felt was really applicable to an Engineer’s daily tasks.
The official Cisco Press TSHOOT book, Bull’s Eye exam preparation strategies, and building the official lab topology out in GNS3 helped me prepare for the exam. I did update my GNS3 version to 1.0+ and needed to convert my project files to the new 1.0+ JSON format with gns3-converter.
I had a hard time finding details on how to setup port forwarding with Private Internet Access so I wanted to share the details on how to set it up on a Debian system. The following directions will help you find your local IP access, request a port from Private Internet Access for Port Forwarding, configure your local firewall to allow inbound connections, and confirm that your application is listening on the specified port.
Here is a overview of the network topology with a remote user requesting to talk to your machine at home over the VPN connection to Private Internet Access with Port Forwarding setup on port 12345.
I was at the Advanced Light Source User Meeting as a representative of LBLnet today talking about the architecture of the Science DMZ to enable big data transfers across the WAN. We had an elegant poster that showed how the DMZ architecture fits into the enterprise design. There are still groups that are saving large data sets to hard drives and shipping them to the destination location rather than attempting to utilize the network and we want to help change that paradigm.
Credit for the majority of the design goes to my co-worker Michael at smitasin.com.
Good news as the following layer 2 security features were added in 13.2 release of Junos:
We’re still running the recommended 12.3R6.6 in production at this time so we’re going to have to test the 13.2 features in the lab before putting them on production systems.
For the longest time I would never advocate Poweline Ethernet as a viable solution for getting connectivity into a troublesome area. I felt that the technology was prone to interference and therefore an unreliable solution that could never deliver a consistent connection.
After a few failed attempts to trace Cat5 cable into the garage in my San Francisco apartment in order to connect two pairs to get 100MBPS connectivity between the front and back of the apartment, I decided to try out a Powerline Ethernet solution. I picked up a pair of TP-LINK 200Mbps units and was surprised at the setup procedure. It was fairly easy and I had the units connected in under five minutes.
Of course I wanted to test performance so I started to graph latency to the wireless router on the other side of the apartment.
An iperf test also showed a solid 28.9 Mbits/second transfer rate.
C:\tools>iperf -c 10.10.1.27 -p 200 -t 120
------------------------------------------------------------
Client connecting to 10.10.1.27, TCP port 200
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[156] local 10.10.1.60 port 58742 connected with 10.10.1.27 port 200
[ ID] Interval Transfer Bandwidth
[156] 0.0-120.0 sec 413 MBytes 28.9 Mbits/sec
C:\tools>
Overall I’ve been impressed by the performance and now have Ethernet extended to the other half of the apartment. Not bad for a $30 connectivity solution.
EX-2200 and EX-3300 series switches running 12.3R3.4 have a bug where Receiver signal average optical power values don’t display correctly. The recommended version that contains a fix for this bug is12.3R4-S1. We’ve tested this update on a few switches and it had resolved the bug.
12.3R3.4:
user@j33s> show interfaces diagnostics optics ge-0/1/0
Physical interface: ge-0/1/0
Laser bias current : 5.566 mA
Laser output power : 0.2820 mW / -5.50 dBm
Module temperature : 31 degrees C / 88 degrees F
Module voltage : 3.3680 V
Receiver signal average optical power : 0.0000 mW / - Inf dBm
12.3R4-S1:
user@j33> show interfaces diagnostics optics ge-0/1/0
Physical interface: ge-0/1/0
Laser bias current : 5.508 mA
Laser output power : 0.2810 mW / -5.51 dBm
Module temperature : 31 degrees C / 88 degrees F
Module voltage : 3.3680 V
Receiver signal average optical power : 0.2811 mW / -5.51 dBm
Cisco Discovery Protocol (CDP) is an invaluable protocol that was created to ease troubleshooting by providing remote device identification. On multi-vendor networks, the use of this propitiatory protocol can cause headaches as it may pass though non-Cisco equipment and falsely identify remote devices. We’ve instituted a standard it to use the Link Layer Discovery Protocol (LLDP) in favor of CDP.
To help clean up excess multicast traffic, we’ve applied the following filter on our Juniper devices that face Cisco equipment.
Lab Topology
Cisco Catalyst connected to an EX switch over a LACP connection. The filter gets applied to the native vlan, which in my lab testing is was vlan 1. 
Firewall Filter
Use the load merge terminal command to easily import the following filter. The count cdp-count term is optional and you may find that you have no use for it.
firewall {
family ethernet-switching {
filter block-cdp {
term block-cdp {
from {
destination-mac-address {
01:00:0c:cc:cc:cc/48;
}
}
then {
discard;
count cdp-count;
}
}
term traffic-allow {
then accept;
}
}
}
}
Use filter counters to confirm that the filter is being hit or confirm by issuing a show cdp neighbors command on your Cisco devices.
root> show firewall filter block-cdp Filter: block-cdp Counters: Name Bytes Packets cdp-count 4760 24
This was my first year at a Cisco Live and I was truly amazed. The caliber of the speakers, the venue, and atmosphere makes the event well worth attending.
Schedule
TECCRS-2932 — Campus LAN Switching Architecture
BRKSPG-2206 — Towards Massively Scalable Ethernet: Technologies and Standards
BRKRST-2044 — Enterprise Multi-Homed Internet Edge Architectures
PSODCT-1407 — Building Highly scalable 40/100G Fabrics with Nexus 7700
BRKARC-2350 — IOS Routing Internals
BRKRST-3321 — Advanced – Scaling BGP
BRKOPT-2116 — High Speed Optics 40G, 100G & Beyond – Data Center Fabrics & Optical Transport
BRKSEC-2003 — IPv6 Security Threats and Mitigations
Exams
CCNP Switch (642-813) *passed*
Pictures
I had the opportunity to take this exam at Cisco Live 2014 and I passed. TSHOOT and ROUTE and next on the list to complete for the CCNP certification. Packet Tracer, GNS3, The Bryant Advantage CCNP SWITCH Study Guide, and a pair of old 2940’s were invaluable when studying for this exam.
Data Engineering 