Two down, two to go.  After much groaning and moaning, I’ve finally passed my ONT test.  The path to this point has been full of road blocks and covered in potholes, but I finally managed to power through it.  Thank $deity.

If you remember, I’ve had quite a time with finding a testing center that’s convenient (or open for that matter), so I took the test at yet another center to see what they offer.  The facility was great; it was very quiet and clean, and the people were wonderfully friendly, which is a new concept to me.  Usually, the people don’t care about testers, but, being a center for inmates at state prisons (yes, prisoners), they do nothing but vocational and professional testing there.  That’s a lot better than the facilities who give their own students priority or who make money on training instead of testing.  The center is just over 2 hours away, but I think this place may be the best so far.  I’ll have to see what the future holds, though.

It’s not what you think.

I was talking with a buddy online last night, and he made a good point.  If you keep putting off taking a test, you’ll never make any progress.  I took that to heart, went online, and scheduled another sitting of ONT for today at 3pm at the closest center.  I took the day off, too, so I could get some tax stuff done and get over to the center and back before dinner.  I got some really good rest last night for sure, too, and had some very productive study time before heading off for my day’s adventures.

I took the ONT again today.  The stench of failure is upon me for a second time, and I’m beginning to think I’m not the god-like person that everyone thinks I am.  I went into the test very confidently.  I did extra time on my weak points from the last attempt and knew it inside and out.  I put hours and hours of lab time in and got other books and online materials involved.  I was absolutely convinced that I would blow this thing away, but, alas, it was not to be.

I’m still working on the ONT test and doing labs, so I marked up a lab for me to work.  I’m using the same setup as I did last time.  The two routers are 3640s running 12.4(25b).

Part of the lab was to identify HTTP traffic coming into F0/0 and mark it as CS3.  That’s pretty easy, right?  Of course, the lab I made up was a little more complicated, but the point comes clear with a simpler example.

I’m still studying for the ONT test, so I did some labs tonight.  One of them was to demonstrate the qos pre-classify command for tunnel interfaces.  When you have a packet sent over a GRE tunnel, the ToS field gets copied to the GRE packet, but there’s no way to see the original packet’s higher-level headers on the way out the interface.  This can be a problem if your service policy needs to see protocol, port, IPs, etc.  The fix for that is to enable qos pre-classify on the tunnel interface and cyrpto map; doing so will provide a copy of the original packet to the physical interface to classify the packet thoroughly.

I failed the ONT test today.  It was an utter lack of subject matter knowledge that did me in from the beginning.  When the first three questions mention things that I’ve never even heard, it’s going to be a long test.  I’ll take blame on it for sure, but the test was a lot darker than I imagined it would be.

I heard from a couple people that the ONT test was the easiest of the 4 CCNP test.  I must say today’s test was a LOT harder than the ISCW test I took back in December.  Most of the questions were fair, but there were a few that were down-right evil or unanswerable.  Without giving too much away, there were some matching questions that had multiple items with multiple answers, rendering the answer to a guess.  I even ran into a CLI question about the WLC, which surely wasn’t mentioned anywhere I studied, and I don’t have a spare sitting around on which to test.  The icing, though, was the number of questions about FRTS; I know I need to understand it, but the magical question dice landed on that topic way too many times in my opinion.

Elements of Cisco Unified Wireless Network

• Client devices - Cisco compatible extensions on WLAN clients
• Mobility platform - allows configuration of LWAPs through WLCs
• Network unification - integration into the rest of the network with WLCs doing RF management, IPS, etc.
• World-class network management - centralized management through WCS
• Unified advanced services - supports advanced technologies and threat detection

WLAN Implementation

Autonomous and LWAP

Category	Autonomous	LWAP
Access Point	Autonomous APs	LWAPs
Control	Individual configurations	Configuration through WLCs
Dependency	Independent operations	Dependent on WLC
Management	CiscoWorks WLSE and WDS	WCS
Redundancy	Through APs	Through WLCs

Wireless LAN Services Engine (WLSE)

• Traditional WLAN weaknesses
  • SSID for security
  • Vulnerable to rogue APs
  • MAC filtering for security
  • WEP
• WEP weaknesses
  • Disribution of static keys is not scalable
  • WEP keys can be cracked easily
  • Vulnerable to dictionary attacks
  • No protection against rogue APs
• Benefits of 802.1x
  • Centralized authentication through Radius via AAA
  • Mutual authentication between client and auth server
  • Can use multiple encryption algorithms (AES, WPA, TKIP, WEP)
  • Automatic dynamic WEP keys
  • Roaming
• Requirements of 802.1x
  • EAP-capable client (supplicant)
  • 802.1x-capable AP (authenticator)
  • EAP-capable auth server

Table 1. Characteristics of the EAP variants