I am getting ready for my Nugget on the above subject and I wanted to provide some thoughts and notes here on the blog on this important subject.
I am currently training for a half-marathon. Yes, and thanks for putting up with all of my RunKeeper Tweets on the subject. 🙂 With the training, there are certain metrics you need to hit in order to really determine if you can finish on race day. It is the same way the CCIE. One metric is ACLs. If you do not have them mastered, you are in big trouble on race day. Think about it, you use them for traffic filtering, and then traffic identification for a whole host of features on the devices. QoS, network management, the list goes on and on.
The traffic filtering part gets really scary. Drop one in that is not doctored up for the other traffic required in your lab scenario and you can easily break things well enough to fail. And when you are building the lists, you must really take your time to ensure that you are meeting their specific directions. Are you getting the EXACT traffic they want, in the correct direction?
Here is a list of tips and things to think about for this important topic. These are in no particular order:
- Read so carefully if you need to build an ACL traffic filter. Often, you will be asked to block something extremely specific, for example, echo-replies. Should you block too generally, like requests and replies, you fail the task.
- Drawing out the scenario on your scratch paper will often help you with what specifically to match and in what direction.
- You certainly would want to avoid this in production, but in the lab it is fine to end your ACLs with deny ip any any log-input. This will allow you to see just what you broke in your lab with your ACL!
- Remember that an outbound ACL will not impact traffic generated by that local router.
- access-group is used for traffic filtering on your interfaces, while access-class is used for your VTY lines. Remember with the access-class out command, it is controlling where someone can Telnet out of your router AFTER they have already Telnetted into it.
Dear Anthony ,
Hope you are fine 😉
– i want to ask you about ccnp sp nuggets are they exist or not as i spent alot of time searching for them with no use and if there is no … who you recommend for me as a videos beside the study guides an these to be free and contain all the contents of the course .
– Another question about layer 3 switch image for GNS3 although am trying to reach it but i didn’t reach .
I will be glad if you helped me in these 2 points .
Hello Mostafa,
CBT Nuggets has yet to produce the latest CCNP Service Provider. Not sure who has that in their online catalog – sorry.
Regarding the Layer 3 switch image for GNS3 – this is for Cisco internal employees only. I recommend you use Cisco VIRL since you will be licensed legally to use the images.
Awesome Anthony Thanks,
i know it’s very important and i thought i am good at it but readying your post proved to me that i need to spend more time on it to get more details and complex access-lists.
i thought you are just doing exercises not preparing for half-marathon best of luck.
Thank you so much for the kind words!
Hi Anthony
Can you please confirm if the answer to following question is correct:
Which three statements about the differences between Cisco IOS and IOS-XE functionality are
true? (Choose three.)
A. Only IOS-XE Software can host applications outside of the IOS context.
B. Only the IOS-XE Services Plane has multiple cores.
C. Only the IOS-XE Data Plane has multiple cores.
D. Only the IOS-XE Control Plane has multiple cores.
E. Only IOS-XE module management integrates with packet processing.
F. Only IOS-XE configuration and control is integrated with the kernel.
Answer: ABC
Hello,
Hope you are well, where can I find multicast routing videos. Detailed videos apart from the ones on youtube please.
I would like the same quantity of material I can find from reading the book “Cisco Press CCIE developing IP Multicast Networks”
Great question – I think the only options right now are the CCIE sections from the major CCIE vendors.
Good day,i’m preparing to write my CCIE RS lab by mid July,2016. What is the advantage of using CBT nugget resources.More so, do i have to pay $999 since i’m only interested in your CCIE lab resource packages.
Regards,
CBT Nuggets is $99 monthly. Not $999. The main advantage of our Nuggets on CCIE R&S is that they are accurate, concise, and enjoyable. We do not provide Hands On lab practice, however. So most students combine our videos with other materials from other CCIE training vendors.
Hi Anthony
I’m looking for lab to practice more and more for CCIE .
where can i find that ?
thanks
You can use VIRL, GNS3, rental racks (real and virtual), or you can buy used equipment – there are many options today.