Wanna have some tips ? CCO is your friend!
A lot of people are asking me about some hints and tips for the wireless lab exam.
I can summarize some tips/hints, but those are personal and tt’s possible those tips won’t work for you.
All the tips below are general ones and hopefully you’d read them already somewhere on the Internet.
Preparation tips :
– Read the recommended reading list serveral times.
– Configure every wireless technote you can find. (See links)
– Know every command of the AP and WLC without using the “?” at the CLI.
– Try to know everything what’s described at the Blueprint.
– Yes, VLAN and QOS are at the blueprint, so you’ll have to know this.
– Start with “clean” configuration each day, so you will have to configure everything over and over and over again.
– Write a blog. It’s easy to find something when you can’t remember something.
– Don’t think you know something…. Just configure it, configure it and configure it again. If you can reproduse it three times without any fault, there is a possibility you know the stuff.
– CCO is your friend.
– Don’t trust any configuration ! Verify it and then when it’s working, trust it….
Some general tips :
– Make sure you get enough rest before the lab.
– Timemanagement is also very important. Try to have a strategy in advance and stick to it.
– Don’t worry about the Open Ended Question. Know the books of the reading list and make sure you got enough experience with the devices.
– Redraw the topology at layer 2 and layer 3 in a way it’s easy for you.
– Read the whole exam before you start. Try to find some connections between some questions.
– Ask the proctor about clarification if you don’t understand a question.
– Save your configuration frequently. (In my case, very very often…..)
– Try to enjoy your lunch… It can be a very expensive one.. 😉
It doesn’t matter if you fail a lot of times for the lab… The only thing that counts is when you pass the lab…
If I can pass the lab, so can you !
Be very very motivated…. That’s the most important thing to succeed.
Is it possible to pass for the lab ?
Well… It’s possible ! Why I know this ? Because I just passed for the lab..
Finally CCIE Wireless…
Some good tips :
– Don’t rely on this blog. There are some mistakes at the articles, but hey.. This blog was for my own purpose…
– Make sure you know the CLI.. For automous and WLC…
– Technotes are your friend.
– Read every recommended book…. Several times….
– Practise, practise and… errr… practise….
What is TSN / RSN
I found a nice page about introduction of 802.1x.
http://tldp.org/HOWTO/8021X-HOWTO/intro.html
Quotes of that page :
WPA is not the long term solution. To get a Robust Secure Network (RSN), the hardware must support and use CCMP. RSN is basically CCMP + 802.1X.
RSN, which uses TKIP instead of CCMP, is also called Transition Security Network (TSN). RSN may also be called WPA2, so that the market don’t get confused.
Basically:
TSN = TKIP + 802.1X = WPA(1)
RSN = CCMP + 802.1X = WPA2
Classification and Marking on Catalyst 6500
Here is a link : http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008014a29f.shtml with a lot of information regarding Classification and Marking on Catalyst 6500.
Downgrading LWAPP to Autonomous with WLC
In a previous article I was telling about restoring the LWAPP to autonomous, but it’s also possible if you got access to the WLC.
(Cisco Controller) >config ap tftp-downgrade 10.10.10.15 c1250-k9w7-tar.124-21a.JA1.tar L1252-1
And you won’t see anything at the WLC, but you can see at the AP :
examining image…
Loading c1250-k9w7-tar.124-21a.JA1.tar from 10.10.10.15 (via GigabitEthernet0): !
extracting info (287 bytes)
Image info:
Version Suffix: k9w7-.124-21a.JA1
Image Name: c1250-k9w7-mx.124-21a.JA1
Version Directory: c1250-k9w7-mx.124-21a.JA1
Ios Image Size: 5693952
Total Image Size: 6431232
Image Feature: WIRELESS LAN
Image Family: C1250
Wireless Switch Management Version: 4.2.37.156
Extracting files…
Wireless Guest Access
There are some good documentation about configuring Guest Access for two controllers, so I won’t explain it.
If you know the first (Forneign) is pointing to the second WLC (Anchor) and you’ll know that the anchor controls everything, it’s easy.
Here are some screenshots :
Spanning-tree port-priority
When you’re using spanning-tree the device is following :
-lower Root Bridge ID.
-lower path cost to the Root.
-lower Sending Bridge ID.
-lower Sending Port ID.
If a switch has two connection to another switch, option 4 takes place.
Here you’ll see an example of SwitchA connected with 2 cables to SwitchB and just a default configuration :
W2960_Standalone#sh spanning-tree vlan 145
VLAN0145
Spanning tree enabled protocol ieee
Root ID Priority 4241
Address 001e.499b.5080
Cost 38
Port 7 (FastEthernet0/7)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32913 (priority 32768 sys-id-ext 145)
Address 0023.05e5.2180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/7 Root FWD 19 128.7 P2p
Fa0/8 Altn BLK 19 128.8 P2p
As you can see fa0/8 is blocking, because the port priority is higher.
If you want the traffic of a certain vlan is crossing over f0/8 instead of f0/7, you can configure port-priority AT THE UPSTREAM Switch.. (So SwitchA instead of SwitchB…)
SW2960_1(config-if)#spanning-tree vlan 145 port-priority 16
SW2960_1#
int f0/2
Vlan Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
VLAN0001 Desg FWD 19 128.2 P2p
VLAN0020 Desg FWD 19 128.2 P2p
VLAN0145 Desg FWD 19 16.2 P2p
VLAN0146 Desg FWD 19 128.2 P2p
VLAN0147 Desg FWD 19 128.2 P2p
VLAN0148 Desg FWD 19 128.2 P2p
SW2960_1#
And at SwitchB we’ll see :
SW2960_Standalone#sh spanning-tree vlan 145
VLAN0145
Spanning tree enabled protocol ieee
Root ID Priority 4241
Address 001e.499b.5080
Cost 38
Port 8 (FastEthernet0/8)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32913 (priority 32768 sys-id-ext 145)
Address 0023.05e5.2180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/7 Altn BLK 19 128.7 P2p
Fa0/8 Root FWD 19 128.8 P2p
NAP / LEAP
At the ACS Server you can create Network Access Profiles (NAP) and choose which authentication you’re allowing.
You won’t see LEAP at NAP. This is a global setting at the System Configuration…
If you enable it with NAP, the client can do LEAP instead of the required authentication. (Like EAP-FAST for instance)
If you create a NAP and disable under protocols EAP-FAST, the client can’t do EAP-FAST.
Make sure the priority of the NAP is also correct.. If it’s matching the first NAP, it will sticks to that configuration.
IOS : Configure Replace
Where have I been ????
I didn’t know the command : configure replace, but that’s working fine.
First, save your config to flash:
copy run flash:running_dec.txt
the do your thing on the switch/router
conf t
int g 2/1
Desc ROLLBACK
and if you want to revert back to the old config, without rebooting :
Wifi_6503#configure replace disk0:running_dec.txt
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: yes
00:25:30: Rollback:Acquired Configuration lock.
Total number of passes: 1
Rollback Done
WGB settings
Jerome got a nice blog about WGB :
http://wirelessccie.blogspot.com/2010/09/workgroup-bridge-wgb-cli-commands.html
To summarize :
Root ap :
dot11 ssid hereIam
infrastructure-ssid
int do1
station-role root
infrastructure-client (Reliable multicast)
WGB :
dot11 ssid hereIam
infrastructure-ssid (Works without)
int do 1
statioin-role workgroup
infrastructure-client (Reliable multicast)
CCIE Wireless Study Blog 