Crossroads: Cisco Wireless Certs Refresh v2.0

A couple weeks ago, Cisco Learning Network released the following announcement:

Cisco has updated its written exams and training courses for the CCNA Wireless and CCNP Wireless certification programs. The changes reflect the addition of more relevant materials that include an update to the current version of software including Autonomous, WLC, and Clients.

CLN Announcement

As with any time Cisco brings down a new exam version and topic refresh, candidates (such as myself for the Wireless track) are faced with a dilemma; do I go for the old version exam, or do I move towards studying for the updated and refreshed exam?

For those who have already been studying the previous version exams, such as the previous CCNA Wireless 640-721, you’re probably better off continuing with the current v1.0 versions. At the time of this writing, we’re still relying on the older Cisco Press study guides (for those doing self-study) so there will be some time spent in “Limbo” where there’s no official material for the newer exams.

It’s always useful as well to compare the exam topics to see how it fares with your knowledge.
Since I’m set to go for CCNA Wireless this year, let’s review the changes for the v1.0 and v2.0 exams (640-721 and 640-722, respectively):

IUWNE v1.0 Topics removed

  • Describe the Cisco Mobility Express Wireless architecture (Smart Business Communication System — SBCS, Cisco Config Agent — CCA, 526WLC, 521AP – stand-alone and controller-based)
  • Configure the basics of a stand-alone access point (no lab) (Express setup, basic security)
  • Describe RRM
  • Install Cisco ADU
  • Describe and configure encryption methods (WPA/WPA2 with TKIP, AES)
  • Install/upgrade WCS and configure basic administration parameters (ports, O/S version, strong passwords, service vs. application)
  • Configure and use maps in the WCS (add campus, building, floor, maps, position AP)
IUWNE v2.0 Topics added

  • Install and configure autonomous access points in the small business environment
  • Describe Radio Resource Management (RRM) fundamentals including ED-RRM.
  • Verify basic wireless network operation
  • Identify basic configuration of common wireless supplicants (Macintosh, Intel Wireless Pro, Windows, iOS, and Android)
  • Implement wireless Guest networking
  • Navigate WCS interface
  • Use preconfigured maps in the WCS (adding/relocating/removing access points, turn on/off heat maps, view client location, and view CleanAir zones of influence)
  • Generate standard WCS reports (inventory, CleanAir, client-related, AP-related, and utilization)
  • Configure authentication and encryption methods on a WLAN (WPA/WPA2 with PSK and 802.1x)

Looking at the v2.0 blueprint, most of the changes are slight reordering of the exam topics and clarification on others. I’m willing to bet that the majority of the changes is the result of the changes in Cisco’s wireless product portfolio (namely, the removal of ADU and MSE specific topics, and Cisco CleanAir features in WCS).

Some of the most important additions/revisions on the v2.0 blueprint is the addition of Implementing wireless Guest networking, 802.1X authentication and configuring common wireless supplicants in Mac, Windows, iOS and Android devices. I’m glad to see some of the more serious topics being added to the new exam since anyone implementing a Cisco WLAN network will need to know the basics of Guest wireless, 802.1X authentication and configuring all the different devices that will be using the WLAN.

So now, the newer candidates such as myself, are at a crossroad. Do we start studying the v1.0 blueprint? Or do we study the updated curriculum that contains all of the recent updates in Cisco’s product portfolio?

Personally, I think I will want to go with the v2.0 exam. While the official course-ware might not be available yet, the fundamentals are the same (with a few additions and updates). The new exam is available as of last week (Jan. 24th, 2012) and for current candidates, the old v1.0 exam will be available until May 11, 2012. What path you choose will depend entirely on you and your studies; either way, keep studying and best of luck!

CCNA Wireless IUWNE v1.0 Exam Blueprints 640-721
CCNA Wireless IUWNE v2.0 Exam Blueprints 640-722

Configuration differences in multi-vendor networks

One of the challenges working in a multi-vendor environment is trying to keep track of all the configuration differences. Having all the guides handy helps when you have to look-up a command or two, but actually having a whole end-to-end configuration for a vendor you don’t normally work with can be challenging.

I spent this week training a new employee on both Brocade FastIron/NetIron and BNT isCLI, so I got a chance to refresh my non-Cisco vendor configuration. It can get pretty insane having to jump between the different OS’s so I’ll be making periodic posts (such as this one) for both my own reference and to give some exposure to the various CLI’s that aren’t as widespread as Cisco IOS.

Brocade (formerly Foundry Networks) kit looks pretty innocent at first and is very IOS-like:

No password has been assigned yet...
FastIron#conf t
FastIron(config)#enable super-user-password br0cade
FastIron(config)#int ethernet 1/1/1

…However, Brocade FastIron has a different way of configuring your basic Layer 2 settings:

Unrecognized command
FastIron(config)#vlan 100
tagged                     802.1Q tagged port
FastIron(config-vlan-100)#tagged eth 1/1/1
Added tagged port(s) ethe 1/1/1 to port-vlan 100.

This is the equivalent to Cisco’s switchport mode trunk switchport trunk allowed vlan 1,100.
In my opinion, Brocade has a much more sane way of configuring your L2. You can also use a range of ports (tagged eth 1/1/1 to 1/1/48 eth...) and doesn’t suffer the drawback of having to go into each interface to assign a VLAN. To configure “access switchport”, you add ports to the VLAN as “untagged”.

Some other Layer 2 features in Brocade:

Rapid Spanning Tree
FastIron(config-vlan)#spanning-tree 802-1w
FastIron(config-vlan)#spanning-tree 802-1w priority 4096
FastIron(config-vlan)#spanning-tree 802-1w admin-pt2pt-mac

Voice VLANs
FastIron(config)#vlan 110 name voice
FastIron(config-vlan-110)#tagged eth 1/1/20
Added tagged port(s) ethe 1/1/20 to port-vlan 110.
FastIron(config-vlan-110)#vlan 120 name data
FastIron(config-vlan-120)#tagged eth 1/1/20
Added tagged port(s) ethe 1/1/20 to port-vlan 120.
FastIron(config-vlan-120)#int eth 1/1/20
FastIron(config-if-e1000-1/1/20)#dual-mode 120

Virtual Router Interface (SVI)
FastIron(config)#vlan 100
FastIron(config-vlan-100)#router-interface ve 1
FastIron(config-vlan-100)#int ve 1
FastIron(config-vif-1)#ip address

As you can see, the FastIron CLI (also applies to NetIron) is very much IOS-like, so the learning curve between IOS and Brocade is pretty minimal. Some others include being able to use any “show” command in any of the CLI hierarchy and use of “enable”/”disable” commands to bring interfaces down or up (instead of your “shut”/”no shut”).

Since this post is looking a bit long in the tooth, I’ll leave the BNT configs for next time. 🙂

Docs used: Brocade FastIron 07.3.00 Configuration Guide

WCCP Restrictions on Catalyst 4500

Ran into an issue today with a customer trying to configure WCCP on a couple Cisco Catalyst 4500’s.

As per other switches in their environment, they had Catalyst 3750’s running WCCP as well. The 3750’s were filtering incoming client traffic using the Redirect-List ACL feature, to filter what traffic was being sent off to the caching servers.
However, when trying to do the same thing on a few 4500’s, they ran into this:

C4506(config)#ip wccp 0 ?
accelerated Enable hardware acceleration
group-address Set the multicast group
group-list Set the access-list used to permit group membership
password Authentication password (key)

This was across two seperate 4500 chassis, one running 12.2(58) and the other running 15.0(2). It stumped me for a second, as you would think the 4500 switches would be a little more feature-rich than the 3750’s.

Cisco documentation came through though, and in both release notes I found this under “Limitations and Restrictions” (duh):

For Supervisor Engines II+Plus through V-10GE

• For WCCP version 2, the following are not supported:

–GRE encapsulation forwarding method
–Hash bucket based assignment method
–Redirection on an egress interface (redirection out)
Redirect-list ACL

Catalyst 4500 Series Switch 15.0(2)SG Release Notes

These were on Supervisor IV’s so that explains the limitations. Unfortunately, you can’t be granular with your WCCP filtering, which requires the newer Supervisor 6-E’s at minimum.

On an unrelated note, I’ve been racking my brain trying to visualize and materialize (à la Dynamips) what an ISP backbone looks like from a logical perspective. By that, I mean how does an ISP look like in regards to its addressing scheme and the protocols it uses end-to-end. BGP? Yes, obviously. MPLS? Yes, but I don’t know enough to implement it yet. An IGP in the core? EBGP or IBGP to CPE routers? What about connecting to upstream providers like AT&T and L3? Where do Internet Exchanges come into play?

I realize there’s still gaps that need to be filled, most likely with experience. I’m still feeling like an empty cup when it comes to the network world so I hope that is filled (fuller? I doubt there’s such as thing as “full” of all that you need to know) in the coming years.

I’ll be posting my current mock ISP lab shortly with some Brocade-to-Cisco interoperability with BGP. Those who know SP, please let me know what you think.

Not another networking blog! An introduction

Hello all,

Welcome to my little corner of the Internet and the network blogosphere. As if it weren’t crowded enough, I figure I would throw in my perspective as one of the few newcomers to the IT industry.

First, a little about myself. My name is Thomas Cooper;  I’m a network support engineer from Toronto, Canada, currently working for IBM Canada supporting Cisco, Juniper, Brocade and Blade Network Technologies Ethernet routers and switches. I’m an active CCNP and recently acquired JNCIA-JUNOS and BCNE certification. Our company supports a large and diverse clientele in North America, from major financial institutions to higher education, medical and commercial organizations. My professional focus is within the enterprise campus network space, with specific focus on routing & switching almost exclusively. Other interests of mine within the IT industry include virtualization, systems administration and security – between all the switch ports and routing protocols, I create/lab VMware ESXi hosts, Linux & BSD servers (web, DNS, etc.) and other various servers/systems to compliment my studies. One can never have enough Linux boxes (or switch ports for that matter).

When I’m not buried in CLI and fiber cable, I play guitar, listen to an wide variety of music, spend time with my family – my wife Felicia and our 3 year old son, Gavin (who helps keep me young and fit amongst all the office work).

Now that you know a bit about me, I’d like to set the stage for this blog.
Being a relative newcomer to the IT industry (just over a year of professional work experience), I thought I’d start this blog detailing my various trials and tribulations as I stumble my way to Network Rockstardom™. I’ll be detailing my various labs as I dive into the topics that interest me. Amongst those topics are enterprise R&S (BGP design, MPLS, etc.), WLAN deployment and configuration (we have a lot of Cisco WLAN customers), data center networking and vendor interoperability.

I would also like to say thanks to the numerous Network Rockstars™ that inspired me to start blogging. Amongst them, in particular I’d like to thank Mr. Ethan Banks, Tom Hollingsworth, Greg Ferro (pretty much the entire Packet Pushers crew), Jeremy Gaddis, Aaron Conaway, Jeremy Stretch, Tony Bourke…There’s really too many to name. I’ll keep a blogroll handy somewhere on the front page where you can find all these fantastic people. Thank you all!


To wrap things up, you can follow me on Twitter and find me on LinkedIn.