*  For definitions of “changed” and “Internet”

Today Cisco announced their new CRS-3 that replaces the CRS-1.  The CRS-3 has some damn impressive numbers for sure with 322Tbps, or about 1 LOC/sec (that’s a Library of Congress per second).  In three to five years, it might enable some technologies that we can’t use today, but I think “chang[ing] the Internet” is a bit of a stretch.  I’m sure it’s ultra-cheap, too.

I’m still working on the ONT test and doing labs, so I marked up a lab for me to work.  I’m using the same setup as I did last time.  The two routers are 3640s running 12.4(25b).

Part of the lab was to identify HTTP traffic coming into F0/0 and mark it as CS3.  That’s pretty easy, right?  Of course, the lab I made up was a little more complicated, but the point comes clear with a simpler example.

I’m still studying for the ONT test, so I did some labs tonight.  One of them was to demonstrate the qos pre-classify command for tunnel interfaces.  When you have a packet sent over a GRE tunnel, the ToS field gets copied to the GRE packet, but there’s no way to see the original packet’s higher-level headers on the way out the interface.  This can be a problem if your service policy needs to see protocol, port, IPs, etc.  The fix for that is to enable qos pre-classify on the tunnel interface and cyrpto map; doing so will provide a copy of the original packet to the physical interface to classify the packet thoroughly.

I failed the ONT test today.  It was an utter lack of subject matter knowledge that did me in from the beginning.  When the first three questions mention things that I’ve never even heard, it’s going to be a long test.  I’ll take blame on it for sure, but the test was a lot darker than I imagined it would be.

I heard from a couple people that the ONT test was the easiest of the 4 CCNP test.  I must say today’s test was a LOT harder than the ISCW test I took back in December.  Most of the questions were fair, but there were a few that were down-right evil or unanswerable.  Without giving too much away, there were some matching questions that had multiple items with multiple answers, rendering the answer to a guess.  I even ran into a CLI question about the WLC, which surely wasn’t mentioned anywhere I studied, and I don’t have a spare sitting around on which to test.  The icing, though, was the number of questions about FRTS; I know I need to understand it, but the magical question dice landed on that topic way too many times in my opinion.

Elements of Cisco Unified Wireless Network

• Client devices - Cisco compatible extensions on WLAN clients
• Mobility platform - allows configuration of LWAPs through WLCs
• Network unification - integration into the rest of the network with WLCs doing RF management, IPS, etc.
• World-class network management - centralized management through WCS
• Unified advanced services - supports advanced technologies and threat detection

WLAN Implementation

Autonomous and LWAP

Category	Autonomous	LWAP
Access Point	Autonomous APs	LWAPs
Control	Individual configurations	Configuration through WLCs
Dependency	Independent operations	Dependent on WLC
Management	CiscoWorks WLSE and WDS	WCS
Redundancy	Through APs	Through WLCs

Wireless LAN Services Engine (WLSE)

• Traditional WLAN weaknesses
  • SSID for security
  • Vulnerable to rogue APs
  • MAC filtering for security
  • WEP
• WEP weaknesses
  • Disribution of static keys is not scalable
  • WEP keys can be cracked easily
  • Vulnerable to dictionary attacks
  • No protection against rogue APs
• Benefits of 802.1x
  • Centralized authentication through Radius via AAA
  • Mutual authentication between client and auth server
  • Can use multiple encryption algorithms (AES, WPA, TKIP, WEP)
  • Automatic dynamic WEP keys
  • Roaming
• Requirements of 802.1x
  • EAP-capable client (supplicant)
  • 802.1x-capable AP (authenticator)
  • EAP-capable auth server

Table 1. Characteristics of the EAP variants