From: Tim (ccie2be@nyc.rr.com)
Date: Sat Jan 20 2007 - 15:03:34 ART
Michael,
I feel your pain.
Given that you seem to know your security stuff fairly well, my guess is
that your # 1 problem is that you are not fulfilling the requirements of the
task.
This means you probably aren't reading the task requirements carefully
enough. This is very to do.
Here are some easy mistakes to make.
Deny traffic from a web server to XYZ
The issue is where you place the "eq 80".
eg. access-list 100 deny tcp any eq 80 any
versus
access-list 100 deny tcp any any eq 80.
Although similar, it's easy to place the "eq 80" after the wrong parameter.
It might also help if you know of a way to test your acl.
One thing you can do is use telnet but specify the port.
For example, telnet w.x.y.z will do a regular telnet ie to port 23.
But, if you do this instead you can test your acl for other types of
traffic.
telnet w.x.y.z 80 will test for web traffic.
Another very easy mistake to make is when configuring switch port security.
The task may specify 3, 4 or 5 items you need to configure. So, you do.
Mac addresses, aging, violation action, etc. All looks good...
Except you forgot to enable port security first and you didn't remember the
show command to use to validate your config. So, you just do a show run.
And, again, everything looks 100% correct.
Oops, there goes another 3 points.
Here's another potential mistake: Using the wrong time-range on your acl's.
Again, assuming you know how to config this, the issue here is CAREFULLY
reading the requirements. It's very easy to screw up.
And, don't forget (or be reluctant) to ask the proctor if the directions
aren't clear to you. That's what they're there for.
Sometimes, the directions are 100% ambiguous. It's happened to me.
In my case, the situation was analogous to this:
a x b - c
without parentheses, it was completely ambiguous what was required.
I know it's of little consolation, but many ccie candidates, myself
included, have had your experience. It's frustrating. It's humiliating.
And, possibly very expensive. (I had to pay the lab fee out of my own pocket
- multiple times.) So, I know what you're going through.
Just the same, stick in there, don't give up. Practice, and then practice
some more. And, keep taking the lab until you pass it.
The rewards are worth any sacrifice you make.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Zuo
Sent: Friday, January 19, 2007 1:41 PM
To: ccielab@groupstudy.com
Subject: security portion of the ccie lab
Hi Group,
I need some advice on how to approach the security portion of the lab
(tricks, lessons and words of wisdom are also appreciated). I think I
have a fairly good understanding of various security features and how
they work and ACLs are never a problem when I do practice exams from
different vendors. But my exam score is 33% even though I did not
encounter any difficulties in that section (I didn't even have to look
at the Docs). Also, security section of the exam is not like the core
topics where one mistakes can ripple throughout the setup, so my problem
most likely is not something I missed in one section and affected
everything else. I am scratching my head trying to figure out what the
problem could be? Because I know covering the same topics in my studies
will not give me more points if I don't approach it differently.
Any thoughts?
Thanks a lot
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART