I started this blog back on February 12th, 2012 and in my first post I outlined my goals. I’ve read material in a lot of different places that indicate that goal setting is important. They say if you want to achieve something then you need to set goals with milestone points. I’m happy to say that at this point I have reached all my original goals. I have crossed the finish line to some degree. Here is the original list again with completion dates.

My Original Goals

1. CompTIA Network+ (Certified 3-6-2012)
2. CompTIA A+ (Certified 6-6-2012)
3. CompTIA Security+ (Certified 4-19-2012)
4. Cisco CCENT (Certified 6-1-2012)
5. Cisco CCNA (Certified 8-20-2012)
6. Decide which Cisco certification to work on next

As I look back and think about those original goals I remember thinking that it was a lot do accomplish. It seemed intimidating at that time. I mean, I needed to take 5 exams (technically 6 since A+ requires 2 tests) to get those certifications. Each certification was going to take reading at least one 500-700 page book as well as additional study. The whole thing seemed like a hug undertaking at the beginning. However, I started chipping away a little bit at a time each milestone made things a bit easier. I passed all exams on the 1st attempt until the ICND2 exam so I did not have any major setbacks until then. The thing that sort of amazes me know is looking at the time frame and realizing that I got this done in a total of 6 months.

So now I am down to number 6 on the list which really is not a goal but a call for action after completing the original 5 goals. Just like at the beginning of the original goals, I am once again feeling intimidated. In fact, I am debating whether or not to set new goals at this point. I know the things that I would like to accomplish but they seem so huge at this point. This feeling is telling me that I *do* need to go ahead and make the list now. I have quite a few certifications in mind so I am going to make two lists.

New Long Term Goals (The Big Picture)

1. CCNP Routing & Switching
2. CCNA Security
4. CCNA Voice
5. MCITP: Enterprise Desktop Support Technician on Windows 7
6. CompTIA Healthcare IT Technician
8. CompTIA Linux+

Short Term Goals (the road directly in front of me)

1. CCNP Route Exam
2. CCNP Switch Exam
3. CCNP Troubleshooting Exam
4. Microsoft 70-680 Exam
5. Microsoft 70-685 Exam

The Microsoft exams are kind of an interesting addition as I do not really have a great deal of interest there. However, I am taking two classes in the upcoming semester that are aligned with those tests so it makes sense to take the exams at the end.


I was elated as I left the exam center yesterday having just passed the ICND2 exam. I did not exactly light up the scoreboard as I got an 860. However, that was a 42 point improvement over the last time I took the exam and was enough to pass. I am now officially a CCNA!

Happy Days!

ICND2 – Take 2 – Exam Later Today

Last Wednesday I scheduled my INCD2 exam (again). The original goal date was 08-17-2012 but I just didn’t feel I would be ready in 2 days so I scheduled it for today. I was up late last night playing the Cisco Aspire game and once again I had trouble sleeping. I do not know what it is about the ICND2 exam that makes it so intimidating but it really works the nerves over. So I woke up this morning without getting a good night of sleep. I normally relax on exam day and do not cover any material. Today I am studying. So I start into my 2nd attempt by making two mistakes again: not getting enough rest and cramming. Part of me feels that I am going to totally redeem myself since I only missed passing my 7 points last time. Another part of me feels like I am going to do worse than last time. On my last attempt there were 4 or 5 questions (2 on one topic) that would have made the difference. I am also feeling that maybe I spent too much time focusing on those areas and not enough on everything else. What happens if I do not even get questions on those topics again? Honestly, I did not get as much studying done in the last two weeks as I wanted. The exam is in about 5 hours so whether I like it or not, I’m up to bat again. I’m really not sure if I can handle another crushing defeat on this exam. One thing is certain though: I will keep taking this exam until I pass. I am committed to that! Hopefully, my stress and worries about the ICND2 exam and CCNA will be in the rearview mirror very soon. Now, it is time to go review more.

Cisco Aspire CCNA Edition

I started playing Cisco Aspire CCNA Edition last Thursday and found it not only to be a lot of fun but quite useful for studying as well. You can read all about the game on the Cisco web site so I’ll forgo the general description of the game and only talk about the specifics.

The Good:

Pertinent Material
Similar to Labbing

The Bad:

Bugs – the kind that require you to load a saved game and re-do an entire contract in order to progress
Format/Cost – The game requires you to purchase tokens to unlock contracts in the game. I purchased 1000 tokens for $50 which allowed me to unlock everything. However, the tokens work only on that single install. In my case it on a Windows XP virtual machine using Parallels. If I want to install and play the game on my laptop I would have to buy a whole new batch of tokens.

Overall, I had fun playing and am on the next to last contract of the game. Unfortunately, I have no more time to play before the exam. I definitely recommend the game if you have the means.

My number one tip though: Save early and save often! 🙂

ICND2 – Chapter 19 – IPv6


1. Address Assignment Features – Allows easier renumbering, dynamic allocation, and recovery of addresses
2. Aggregation – Blocks are easier to aggregate vs. IPv4
3. No Need for NAT/PAT
4. IPSec required – more secure
5. Header improvements – no need to recalculate Checksums – Flow label to easily identify packets belonging to same connection
6. Transition Tools –

Public IPv6 addresses are grouped by major geographical region.

Inside each region, the address space is further divided to ISPs in that region.

Each ISP in a region further divides their range to customers.

ICANN assigns one or more IPv6 address ranges to each RIR (Regional Internet Registry)

IPv6 uses 32 HEXADECIMAL numbers organized into 8 quartets that are separated by a : (colon).

Each hex digit represents 4 digits.

Leading 0s can be eliminated in a quartet.

One and only 1 string of consecutive 0s (even crossing quartets) can be represented with a :: (double colon).

IPv6 addresses use / (slash) notation for subnet masks.

Address Types:

Global Unicast – Same as IPv4 public addresses
Prefix 2000::/3 (Can be easily identified as it starts with a 2 or 3)

Unique Local – Private IP addresses
Prefix FD00::/8 (Can easily be identified as it starts with FD)

Link Local – For packets sent on a local subnet
Prefix: FE80::/10 (Easily identified as starting with FE8, FE9, FEA, and FEB)

Multicast – Multicasts that stay on local subnet
Prefix: FE2::/16 (Easily identified as it starts with FF02)

Special Addresses:

FF02::1 – All nodes on the link
FF02::2 – All routers on the link
FF02::12 – Used by hosts to send to a DHCPv6 inquiry

DHCPv6 servers can either be stateful or stateless.

The use of the zero-subnet or broadcast subnet is a non-issue with IPv6.

ICND2 – Chapter 18 – NAT (Network Address Translation)

NAT is defined by RFC 3022. It allows a host that does not have a valid, public routable IP address to communicate with other hosts on the internet.

Cisco IOS supports several variations of NAT.

Static NAT configures a 1 to 1 mapping between private and public addresses.

Dynamic NAT creates a 1 to 1 mapping between private and public addresses as well but does it dynamically.

You can manually clear Dynamic NAT translations using:

Router#clear ip nat translations *

Dynamic NAT sets up a pool of possible INSIDE GLOBAL addresses and uses an ACL to determine source addresses that should use NAT.

NAT Overload uses one single address and NATs the hosts uses port numbers. (Also known as PAT)

Cisco uses the term INSIDE refers to the network using private addresses.

The term OUTSIDE refers to the Internet side of the network (using globally routable public IP addresses)

More on Inside/Outside and Local/Global:

INSIDE – Inside the LAN
OUTSIDE – Outside the LAN
LOCAL – private addresses
GLOBAL – public addresses

INSIDE LOCAL – inside private
INSIDE GLOBAL – inside public
OUTSIDE LOCAL – outside private (in many cases this is the same as the OUTSIDE GLOBAL)
OUTSIDE GLOBAL – outside public

Normally NAT translates an inside SOURCE address to an outside address but you can also translate both the SOURCE and DESTINATION addresses. This is useful when two networks are IPed with the same private address blocks (overlap) and need to communicate with each other. This is accomplished via static mapping.

Static NAT Configuration:

1. Configure interfaces to be inside or outside

Router(config-if)#ip nat inside


Router(config-if)#ip nat outside

2. Configure static mappings

Router(config)#ip nat inside source static

Dynamic NAT Configuration:

1. Configure interfaces to be inside or outside (as above)

2. Create an ACL that matches the source addresses of the hosts that will use NAT

Router(config)#access-list 10

3, Create a NAT pool (public addresses)

Router(config)#ip nat pool MyPool netmask

4. Enable NAT

Router(config)#ip nat inside source list 10 pool MyPool

Configuring PAT (NAT Overload):

NAT Overload can use a single public address or a pool of public addresses. When using a pool the setup is the same as the Dynamic NAT setup above except you add an overload statement to the command in step 4.

Router(config)#ip nat inside source list 10 pool MyPool overload

PAT with a single address:

1. Configure interfaces to be inside or outside

2. Create an ACL that matches the source addresses of the hosts that will use NAT

3. Enable NAT and specify the interface to use as the public address

Router(config)#ip nat inside source list 10 interface s0/0 overload

ICND2 – Chapter 17 – VPN

VPNs (Virtual Private Network) try to provide the same security as leased lines. This includes:

Privacy – prevents anyone on the internet from being able to intercept the packet data
Authentication – Verifies the sender
Integrity – Verifies the data has not changed
Anti-Replay – prevent man-in-the-middle from resending packets to pose as legitimate source

Types of VPNs:

Intranet – Site to Site within an organization
Extranet – Site to Site to another organization
Access – Allows access to corporate network from legitimate users across the internet

IPSec uses dynamic key exchange using IKE (Internet Key Exchange – RFC 4306). IKE uses the Diffie-Hellman process.

IPSec can use AH (Authentication Header) or ESP (Encapsulating Security Payload). ESP Encrpyts. AH does not.

ICND2 – Chapter 16 – Frame Relay Configuration

Cisco IOS uses Inverse ARP by default which discovers the mapping between DLCIs and their next-hop address.

Configuring Frame Relay

1. Configure frame-relay encapsulation on the physical interface

Router(config-if)#encapsulation frame-relay (use frame-relay encapsulation instead of default HDLC)

2. Configure an IP Address on the interface or sub-interface(s)

3. Optional: Manually configure the LMI type on the physical interface

Router(config-if)#frame-relay lmi-type [ansi | cisco | q933a]

4. Optional: Change from Cisco frame-relay encapsulation to IETF on all or specific VCs:

Router(config-if)encapsulation frame-relay ietf (for all VCs on physical interface)


Router(config-sub-if)frame-relay interface-dlci 99 ietf (for point-to-point sub-interfaces)


Router(config-sub-if)frame-relay map ip 99 broadcast ietf (for multi-point interfaces or when not using Inverse ARP)

5. Optional: Define Static Mapping of DLCIs (no Inverse ARP)

Router(config-sub-if)frame-relay map ip broadcast

When using static mapping the broadcast keyword is required to support routing

6. Sub-interfaces Only: Associate DLCIs to sub-interface using:

Router(config-sub-if)frame-relay interface-dlci 99


Router(config-sub-if)frame-relay map ip broadcast

Continue reading

ICND2 Reflection and Plans

It was a bit depressing to fail the ICND2 test especially since I was so close to the passing score. I guess the good news though is that I am not far away in my knowledge/skills. I’ve been thinking about it quite a bit and realize that I left some easy ones on the table that would have made the difference. This is particularly true in the IPv6 scope. A few of the questions were somewhat confusing. I read them and immediately formulated and answer/solution in my head. Then I looked at the list of answers and the one that came to my mind at first was not in the list of answers. This left me scratching my head and wondering what they were trying to get at. I feel as if I missed a few of these and plan to review. Specifically, I am going to re-read the OSPF, IPv6, NAT, and advanced ACL chapters again. Also, I never got the chance to read any of the Todd Lammle book that I bought so I am going to try to get through most or all of the ICND2 pertinent chapters in his book as well. I am definitely, re-taking the exam soon. The tentative date is 8/14/2012. (week from this Friday) Over the next few days, I also want to get my chapter reviews up for the last 4 chapters that I did not get done before the exam last time. I’ll end this post with a few facts that I should have memorized that would have helped made a difference on the exam.


Link Local addresses begin with FE80::/10

FF02::2 multicasts to ALL ROUTERS on a subnet, FF02::1 multicasts to ALL NODES on a subnet.

I need to memorize all the reserved addresses and address types. I will cover that in my review.


The default VTP mode is Server mode.

Needed 825 to Pass – Got 818 – Failed

Unfortunately, I was met with failure today. I came very close to a passing score on the ICND2 exam but fell short. The testing center had some technical issues and was not able to give me an exam report at the end of the exam so I have no clue how I did in regards to specific areas. Still working to try and get that.