Archive for the ‘642-845’ tag
Two down, two to go. After much groaning and moaning, I’ve finally passed my ONT test. The path to this point has been full of road blocks and covered in potholes, but I finally managed to power through it. Thank $deity.
If you remember, I’ve had quite a time with finding a testing center that’s convenient (or open for that matter), so I took the test at yet another center to see what they offer. The facility was great; it was very quiet and clean, and the people were wonderfully friendly, which is a new concept to me. Usually, the people don’t care about testers, but, being a center for inmates at state prisons (yes, prisoners), they do nothing but vocational and professional testing there. That’s a lot better than the facilities who give their own students priority or who make money on training instead of testing. The center is just over 2 hours away, but I think this place may be the best so far. I’ll have to see what the future holds, though.
The test itself was nothing strange; I only had two or three question I hadn’t seen, and even those were basic and easy to answer. Each time I failed this test, I jotted down what I missed and studied up on those topics. The first time was mainly FRTS. The second was VOIP. The brute force method, as mentioned by @ciscovoiceguru seemed to be the key this time – eventually, I’d get a passing score by studying what I didn’t know the last time. Of the 55 questions, I would guess that 35 of them were on both previous attempts. Of the remaining 20, about 17 or 18 of them were on either of the previous tests, so it turned out quite well this time.
The materials I first studied were pretty disappointing. The Cisco Press books didn’t really help. The content in them is so outdated that they’re pretty worthless for getting the details needed for a passing score, but what can one really expect for a test that’s expiring in a few months. A few people made suggestions of other resources to study, but I found them to be too expensive for passing a single test. Some unnamed solutions were $800, which means I could just take the test 5 times for the same cost; instead of paying that much for a $150 test, I decided to use the test itself as a study guide and to use Cisco’s docs to fill in the details. This seems to have worked out eventually.
The next step is a switching test of some kind. I can’t really decide if I want to do BCMSN or SWITCH. I’ve got to look over the material to decide, but, in the meantime, I’m starting to read through the SWITCH book on Safari. I hope it’s not outdated already. I’m scheduled to be in the ROUTE class with Global Knowledge mid-May, so I’d like to finish up the switching test by then. I think I can do it since this material is a lot more familiar to me than Cisco VOIP and Wireless; neither of which we run at the office. In theory, it’s going to be filling in the details than building a new skill set as with the ONT.
Thanks to everyone for their support. At the risk of sounding cheesy, it’s hard to keep going, and the words of encouragement kept me from getting down on myself.
Any suggestion on which switching test to take would be greatly appreciated. Has anyone actually taken the SWITCH test yet?
Send any Safari credits questions my way.
It’s not what you think.
I was talking with a buddy online last night, and he made a good point. If you keep putting off taking a test, you’ll never make any progress. I took that to heart, went online, and scheduled another sitting of ONT for today at 3pm at the closest center. I took the day off, too, so I could get some tax stuff done and get over to the center and back before dinner. I got some really good rest last night for sure, too, and had some very productive study time before heading off for my day’s adventures.
I ran my errands and headed over to Statesboro, GA, for the test. There’s a technical college over there that’s the closest testing center to the house, thought still an hour and a half drive for me. On the way over there, I was going over 802.11e stuff in my head and generally enjoying the sunny and warm day. I pulled into the school and noticed that they were repaving the parking lot up front where I usually park. No biggie. I pulled around back and noticed there were 5 cars in the whole lot. Last week when I was there, there were at least 200 people there signing up for classes, but there was no one around today. I didn’t think much of it, though; it was late in the afternoon on a Friday, and I figured everyone just bolted for home early.
It’s an open campus with buildings all around a few courtyards. I walked around the building in the back (I have no idea what building that was) and walked towards the Assessment Center where the tests are given. The long drive was taking a toll, so I stopped by the main building to heed nature’s call. The door was locked. So was the door to the next building. So was the door to the Assessment Center. It was dark. Nobody was there. I finally found a sign that said everyone was on furlough until next Tuesday. Nice.
I called Pearson and told them the story. They verified I was in the right place and there at the right time. They even called the testing center to see if they could find anyone, but, of course, no one answered. The support person with whom I spoke told me that their team would have to get in touch with the testing center to see what had happened and that they would contact me when it was all straightened out. They were very apologetic for the mixup and promised to straighten everything out.
I guess we’ll see what happens on Tuesday. Of course all of this means another half day off of work and another 150 miles on the car. Will I ever get to pass this test?
The Director’s Commentary is here again. Let me know if you like the audio, or if I should burn my terrible voice with fire.
I took the ONT again today. The stench of failure is upon me for a second time, and I’m beginning to think I’m not the god-like person that everyone thinks I am. I went into the test very confidently. I did extra time on my weak points from the last attempt and knew it inside and out. I put hours and hours of lab time in and got other books and online materials involved. I was absolutely convinced that I would blow this thing away, but, alas, it was not to be.
If you ignore the wireless questions, the test was pretty fair. There were questions in the usual poor wording that made you doubt things that you know are absolutely true. Unlike last time, though, I didn’t find any questions where I was totally lost. There were some questions that were very ambiguous, but only one was out of realm of possibility (it actually required a calculator to answer correctly). All in all, it was a good test sans the wireless stuff.
Ah, the wireless questions. I complained last time that there was one needlessly-obscure questions about WLC CLI, and that exact question was on the test today. The additional CLI questions were downright sadistic, though, and the question about how to do initial configuration was really uncalled for. Oh, I almost forgot about the question asking what model of WLCs support feature X. Really? Has there always been a requirement to know the features of each model in a product line? I think I got two (maybe three) questions about the technologies like WPA and DCF.
Yes, I know it sounds like I’m making excuses, but I’m not the kind of person who shifts the blame. If I’m the cause of the problem, I’ll fess up to it. If I thought I could have done better, I’ll admit it. If I chose to ignore a topic and get bitten for it, I’ll happily say it was my fault. In this case, I did more than what I thought was appropriate and still failed.
I believe this puts me far enough behind my schedule to have to take another path to CCNP. My first reaction would be go the ROUTE/SWITCH/TSHOOT path. Since I’m already scheduled to take a ROUTE class, it seems the obvious choice.
Hear the Director’s Commentary on this post:
I failed the ONT test today. It was an utter lack of subject matter knowledge that did me in from the beginning. When the first three questions mention things that I’ve never even heard, it’s going to be a long test. I’ll take blame on it for sure, but the test was a lot darker than I imagined it would be.
I heard from a couple people that the ONT test was the easiest of the 4 CCNP test. I must say today’s test was a LOT harder than the ISCW test I took back in December. Most of the questions were fair, but there were a few that were down-right evil or unanswerable. Without giving too much away, there were some matching questions that had multiple items with multiple answers, rendering the answer to a guess. I even ran into a CLI question about the WLC, which surely wasn’t mentioned anywhere I studied, and I don’t have a spare sitting around on which to test. The icing, though, was the number of questions about FRTS; I know I need to understand it, but the magical question dice landed on that topic way too many times in my opinion.
At the heart of it, I think my demise stemmed from using only the Cisco Press book. I really needed to get a wider exposure to the topics. Though the CP books might have mentioned some topics that I missed, a lot of it is mentioned in passing but appeared in detail on the test. I would think getting different training would fix that problem and I’ll be using some of our CLCs this week to do just that
The facility was great, though. I was comfortable and couldn’t hear traffic or the lecture across the hall this time. At least I know a good place to take tests now. I hope somebody gets some value from my absolute failure.
Send any test vouchers questions my way.
Elements of Cisco Unified Wireless Network
- Client devices – Cisco compatible extensions on WLAN clients
- Mobility platform – allows configuration of LWAPs through WLCs
- Network unification – integration into the rest of the network with WLCs doing RF management, IPS, etc.
- World-class network management – centralized management through WCS
- Unified advanced services – supports advanced technologies and threat detection
Autonomous and LWAP
|Access Point||Autonomous APs||LWAPs|
|Control||Individual configurations||Configuration through WLCs|
|Dependency||Independent operations||Dependent on WLC|
|Management||CiscoWorks WLSE and WDS||WCS|
|Redundancy||Through APs||Through WLCs|
Wireless LAN Services Engine (WLSE)
- Part of CiscoWorks
- Manages autonomous APs
- Centralized configuration, firmware, and radio management
- Autoconfig of new APs
- Misconfiguration and rogue AP alerts
- Proactive monitoring of APs, bridges, and 802.1x servers
- Supports SSH, HTTP, CDP, SNMP for up to 2500 APs
- WLSE Express supports 100 devices in either automatic or manual setups
Wireless Control System (WCS)
- Supports 50 WLCs and 1500 APs
- Three versions
- Base – can determine with which APs a devices in associated
- Location – Base plus RF fingerprinting
- Location + 2700 Series Wireless Location Appliance – Tracks devices in real time and stores historical location data
- Traditional WLAN weaknesses
- SSID for security
- Vulnerable to rogue APs
- MAC filtering for security
- WEP weaknesses
- Disribution of static keys is not scalable
- WEP keys can be cracked easily
- Vulnerable to dictionary attacks
- No protection against rogue APs
- Benefits of 802.1x
- Centralized authentication through Radius via AAA
- Mutual authentication between client and auth server
- Can use multiple encryption algorithms (AES, WPA, TKIP, WEP)
- Automatic dynamic WEP keys
- Requirements of 802.1x
- EAP-capable client (supplicant)
- 802.1x-capable AP (authenticator)
- EAP-capable auth server
|User authentication DB||AD||AD, LDAP||OTP, LDAP, NDS, AD||OTP, LDAP, NDS, AD||AD|
|Requires server certs||No||No||Yes||Yes||Yes|
|Requires client certs||No||No||Yes||No||No|
|Works with WPA/WPA2||Yes||Yes||Yes||Yes||Yes|
- Authenticated key management – auths prior to key management
- Unicast and broadcast key management – keys are distributed and stored on the client and the AP
- TKIP and MIC
- Temporal Key Integrity Protocol (TKIP) – per-packet keying
- Message Integrity Checking (MIC) – integrity checking
- Initialization vector (IV) expansion – from 24 bits to 48 bits
- Relies on RC4
- Firmware support required in NICs, APs
- Susceptible to DoS attacks
- Dictionary attacks can discover PSKs
- 802.1x authentication or PSK
- Key distribution and renewal
- Proactive Key Caching (PKC) – allows roaming
- IDS for rogue APs and attacks
- Supplicant must have WPA2-compliance firmware
- AAA server must support EAP
- WPA2 uses more CPU, so a hardware upgrade may be required
- Older devices may not be upgradeable and must be replaced
- Wireless LANs (WLANs)
- Extensions to wired LANs
- Carrier sense multiple access collision avoidance (CSMA/CA) as media access method
- Uses distributed coordinated function (DCF) for collision avoidance
- DCF is based on RF carrier sense, inter-frame spacing (IFS), and random wait timers
- Wifi QoS standards
- IEEE standard
- 0-7 priority levels
- Wifi Multimedia (WMM)
- Four access categories
- Platinum (voice) – 6 or 7 802.11e
- Gold (video) – 4 or 5 802.11e
- Silver (BE) – 0 or 3 802.11e
- Bronze (Background) – 1 or 2 802.11e
- Four access categories
- WMM and 802.11e replace DCF with EDCF
- Cisco Split-MAC
- Splits functions between Lightweight access points (LWAPs) and WLAN controllers (WLCs)
- LWAPs handle real-time functions
- Beacon generation
- Probe transmission and response
- Power management
- 802.11e/WMM scheduling and queuing
- Packet buffering
- Control frame/message processing
- WLCs handle non-real-time functions
- 802.11e/WMM resource reservation
- 802.1x EAP
- Key management
- Ethernet-WLAN bridging
- End-to-end QoS
- Step 1: WLC copies DSCP from switch to outer DSCP and outer 802.1p and sends to LWAP over LWAPP tunnel
- Step 2: LWAP copies outer DSCP from WLC to 802.11e/WMM field and sent to client
- Step 3: LWAP copies 802.11e/WMM value from the client to outer DSCP and sends it to WLC
- Step 4: WLC copies outer DSCP from WLAP to 802.1p (CoS) fields and sends it to the switch
- Web interface (do you even need to know this?)
- Controller>QoS Profiles
- Per-User Bandwidth Contracts – set avg data rate, burst data rate, avg real-time rate, and burst real-time rate
- Over the Air QoS
- Maximum RF usage per AP (%)
- Queue Depth – queue size before dropping packets
- Wired QoS Protocol – 802.1p or None
- For each WLAN ID, set the QoS value: plat, gold, silver, bronze
- WMM Policy
- Disabled – 802.11e/WMM QoS requests are ignored
- Allowed – 802.11e/WMM QoS requests are sent
- Required – 802.11e/WMM QoS requests are required
- Controller>QoS Profiles
- AutoQoS benefits
- Automates QoS for most deployments
- Protects business-critical apps to maximize availability
- Simplifies QoS deployments
- Reduces configuration errors
- Cheaper, faster, and simpler deployments
- Follows DiffServ
- Allows complete control over QoS configs
- Allows modification of auto-generated configs
- AutoQoS phases of evolution
- AutoQoS VOIP – Early version that configures the basics without discovery
- AutoQoS for Enterprise – Second version that only runs on routers and uses two-step process
- Autodiscovery using NBAR
- Generation of class maps
- AutoQoS key elements
- Application classification
- Policy generation
- Monitoring and reporting
- Interfaces that you can configure AutoQoS on
- Serial ifs with PPP and HDLC
- FR point-to-point subifs (NOT multipoint)
- ATM point-to-point subifs
- FR-to-ATM links
- No Qos policy already configured on if
- CEF enabled on if
- Correct bandwidth configured on if
- IP address on low-speed if
- Configuring AutoQoS Enterprise on a router (NOT a switch)
- auto qos discovery – begins discovery process
- auto qos – generates and applies MQC-based policies
- Configuring AutoQoS VOIP
- auto qos voip [ trust | cisco-phone ]
- Verifying AutoQoS on router
- show auto discovery qos – get autodiscovery results
- show auto qos – examine configuration generated
- Number of classes
- Classification options
- Marking options
- Queuing mechanisms
- Other QoS mechanisms
- If, subif, PVC where policy is applied
- show policy-map interface – look at if stats
- Verify AutoQoS VOIP
- show auto qos
- show policy-map interface
- show mls qos maps – shows CoS to DSCP mappings
- Possible issues with AutoQoS
- Too many traffic classes – manually consolidate some
- Configuration doesn’t change – rerun AutoQoS
- Configuration may not fit your situation – fine-tune it by hand
- Fine-tuning AutoQoS
- Use QPM
- copy policy into editor, change, reapply
- AutoQoS can match on characteristics besides ACLs and NBAR
- match input interface
- match cos
- match ip precedence
- match ip dscp
- match ip rtp
- VPNs (Didn’t ISCW cover this?)
- L3 Tunneling protocols
- Pre-classify allows traffic to be classified before being sent across a tunnel or crypto-ed.
- qos pre-classify
- Provides a view into the original IP headers
- To classify on pre-tunnel header, apply the policy to the tunnel interface WITHOUT pre-classify.
- To classify on post-tunnel header, apply the policy to the physical interface WITHOUT pre-classify.
- To classify on pre-tunnel header, apply the policy to the physical interface WITH pre-classify.
- SLA – agreement with provider to guarantee QoS mechanisms across their network based on your markings.
- Assures availability, loss, throughput, delay, and jitter.
- End-to-end QoS
- To be effective, each hop in the path must have QoS configured similarly.
- Necessary in three locations
- Campus – within the customer network
- The edges – customer facing the provider, provider facing customer
- On the provider network
- QoS tasks
- Campus access switches
- Speed/duplex settings
- Phone/access switch configs
- Multiple queues on switch ports, including priority for VOIP
- Campus distribution
- L3 policing and marking
- Multiple queues on switch ports, including priority for VOIP
- WAN edge
- SLA definitions
- Provider cloud
- Capacity planning
- Campus access switches
- Enterprise campus QoS implementation
- Implement multiple queues to avoid congestion
- Assign VOIP and video to highest priority queue
- Esablish trust boundaries
- Use policing to rate-limit excess traffic
- Use hardware QoS when possible
- Control Plane Policing (CoPP)
- Applies QoS policy to traffic destined for the router
- Routing protocols
- Management protocols
- Can be used to avoid DOS attacks
- Applied to control-plane in global config
- Applies QoS policy to traffic destined for the router
- Tail drop drawbacks
- TCP synchronization – Dropping TCP packets from different flows can cause them all to window down and back up again at the same time in cycles.
- TCP starvation – Non-TCP or aggressive flows can starve everyone else out when TCP throttles back.
- No differentiated drop – Tail drop doesn’t care who you are, so you get dropped if the queue is full.
- RED – Random Early Detection
- Avoids tail drop by randomly dropping packets from the queue before it gets full
- Only dropped TCP flows slow down instead of everyone who has sent a packet since the queue filled
- Queues are smaller.
- Link utilization is more efficient
- Configured with
- Minimum threshold – start dropping when the queue is this size
- Maximum threshold – if the queue is this big, start tail dropping
- Mark probability denominator (MPD) – 1/MPD is the ratio of packets to drop when between the thresholds
- WRED – Weighted RED
- Based on IP precedence or DSCP values
- Less-important packets are dropped more aggressively than important packets
- Applied to an interface, VC or a class within a policy map
- CBWRED – Class based WRED
- Configured with CBWFQ
- Limits subrate bandwidth (give you 100kbps on a T1)
- Limits traffic of certain applications
- Any traffic that exceeds police is dropped or re-classified; it’s a hard limit
- Inbound or outbound
- Sets a limit but buffers any in excess
- Requires memory to store the buffer
- Buffers = delay and/or jitter
- Outbound only
- Can respond to network signals like BECNs and FECNs
- Token and bucket
- The queue is a bucket; if a byte of data needs to be sent, it needs a token.
- If there are enough tokens, the traffic is considered conforming.
- If there aren’t enough tokens, the traffic is considered exceeding, which triggers the drop (policing), re-classify (policing), or buffer (shaping).
- Frame relay traffic shaping (FRTS)
- Only controls frame relay traffic
- Applied on subif or DLCI
- Support fragmentation and interleaving
- Reacts to FECNs and BECNs
- Removed redundancy and patterns in data
- Less data = less latency
- Hardware compression or hardware-assisted compression does not involve the main CPU
- Software compression does
- Payload compression
- Header compression
- Link fragmentation and interleaving
- Small data might be waiting for larger data pieces to finish sending
- Chunks data into smaller fragments so they don’t have to wait
- Interleaving shuffles flows in the Tx queue