Current Offerings:

Class on demand are currently offering:

· Integrating an HP ProCurve and Cisco Network Including ProCurve Management Fundamentals

· Implementing Wireless Networks Using the HP ProCurve Multiservice Mobility Solution

These offerings are Video-on-Demand and I was given the opportunity to review both!

The Platform

The Class on Demand training videos are delivered online. While there is absolutely nothing wrong with this, I would like the option to own these on DVD to facilitate viewing in the go.

Once you log in to the training portal and select the offering you want you are presented with the videos in half size on the left hand side, with the module outline on the right. I found the best view to use was “Normal Size” (pictured right).

The videos were well produced and provided a good balance of PowerPoint, CLI and face-to-face. The resolution of the videos was also very good and was perfectly watchable when placed in to full screen (1920×1200 in my case).

The Instructor

John Lancaster presents the Integrating an HP ProCurve and Cisco Network training. John is a ProCurve Accredited Systems Engineer (ASE) with 16 years of experience teaching HP Networking. He is easy to listen to and is very knowledgeable on the topics he is presenting.

Bill Giannattasio delivers the Implementing Wireless Networks Using the HP ProCurve MSM Solution course. Bill is a ProCurve Master Accredited Systems Engineer and has experience across the entire portfolio. It is evident that Bill has an excellent understanding of the HP ProCurve wireless technologies and this comes through in his presentation.

Course Content

Implementing Wireless Networks Using the HP ProCurve Multiservice Mobility Solution

This course is aimed at Network Engineers who will be deploying HP ProCurve MSM networks and is intent with arming you with the necessary knowledge to do exactly that!

Module 1 covers 802.11 Wireless Fundamentals and the MSM Portfolio including how Wireless has evolved from Autonomous to Controller based solutions, explanation of AP types and influencing factors on AP and controller choice while Module 2 presents a step-by-step guide to WLAN planning and discusses the required tools.

Modules 3 and 4 are focussed on the WLAN Controller configuration of a setup of a basic WLAN with WPA/WPA2 PSK security which is then enhanced by with 802.1x in Module 5. The 802.1x example uses PEAP and does not go in to detail about PKI and configuration of EAP-TLS. An overview of 802.11n and the steps required for implementation are covered in Module 6.

Module 7 demonstrates a real life WLAN deployment for a particularly challenging Warehouse environment. This is excellent and gives a great deal of knowledge on how to overcome these WLAN challenges. Guest Access and associated Guest Management Software is covered in Module 8 and backed up by a configuration example with two guest VSC’s. Module 9 covers the Local Mesh Capability which extends the WLAN coverage to areas where and Ethernet run is not viable.

The last module, Module 10 – Troubleshooting, gives an excellent guide to overcoming WLAN performance and connectivity issues including Spectrum Analysis.

This course covers a lot of good content but is let down by a less fluid delivery than the “Integrating an HP ProCurve and Cisco Network” course as it feels that Bill is reading from a sheet in places which can get quite off-putting. Some of the PowerPoint was lightning fast in some videos, giving you little time to take notes or even read important details. Despite the presentation issues the content covered is excellent and provides you with everything you need to start implementing ProCurve MSM solutions.

Technicast Verdict 7/10

Integrating an HP ProCurve and Cisco Network

This course is aimed at Network Engineers who will be implementing HP ProCurve switches in to a Cisco environment and covers all you need to know about configuration, interoperability scenarios and more.

I felt that this course started rather abruptly by diving straight in to management and connecting to the console port – I would have rather seen some ProCurve history and an overview of the portfolio first. The first module is thorough and covers everything from setting up your Terminal Emulator through to configuration, troubleshooting including comparisons and Cisco command equivalents. It even covers my favourite feature “chassislocate” that sets the locator light on the switch (5400/8200 series only).

Module 2 covers VLANs, Trunks and Link Aggregation including Load Sharing Algorithms but most importantly covers a neat trick that facilitates creating aggregated links during the day without disrupting traffic flows.

Module 3 covers everybody’s favourite topic – Spanning-Tree! The information is presented very well and provides a nice overview of STP and associated terminology – BPDUs, Root Bridge, Hello Timers, Hold Down Timers etc.. It covers theory behind STP calculations (Root Bridge Election, Root Port selection, Designated Ports and tie-breakers) which is useful to understand especially when looking at the interoperability scenarios. Two scenarios are covered for interoperability between MSTP and PVST+: One with a Single Spanning Tree and one with Load Distribution over Multiple Spanning Trees. Both are explained with supporting case studies (real usage scenarios) which helps show how this can be used in real life. The final case study shows MSTP throughout (my favoured approach).

Overall the course is well paced, well presented and technically very good. The only thing missing is an overview of ProCurve and its portfolio which I feel is important to understand when transitioning from a Cisco environment.

Technicast Verdict 8/10

Overall Experience

While my overall experience with Class on Demand has been good there have been a few technical issues, firstly with Chrome/Silverlight and then with videos not playing (issuing me with a message claiming my firewall was blocking connections to their video server). Both of these issues however were quickly addressed by technical support.

At almost $1000 less than a face-to-face offering the Class on Demand training is a fair price and although more personal than E-Learning it obviously does lack hands-on – but then you get what you pay for. Mobile device support is one feature that I would personally have liked but this is not offered due to the high quality video not reproducing well on smaller resolutions. The only real downside to Class on Demand’s HP ProCurve training courses is that the content is available online only and there are currently no offline reference materials.

Conclusion

Pros

• Reasonable Pricing vs Instructor-Led Training
• Course Content on the whole very good
• Ask the Trainer service
• Great Technical Support

Cons

• Browser Issues and connection problems to video server
• No offline access or accompanying PDF for reference
• No Mobile Device Support

Technicast Verdict 8/10

To register for Class on Demand Training, visit their website here

Back in March, Vyatta Core reached v6.0 providing additional features that make their product more attractive to the enterprise.

• Netflow / sFlow logging and analysis
• 802.11 wireless LAN – (access point + base station)
• Binary image installation – (version mgmt)
• IPv6 readiness (core routing and firewall)
• Firewall enhancements
  • IPv6 firewall
  • P2P firewall
  • time-based and zone-based firewall rules
• QoS Enhancements

You may have read my post on using Vyatta as a Router-in-a-box for VMware and Citrix…
Seeing how this is such an attractive use case for this product, Vyatta have published a course detailing  installation, verification and basic configuration of Vyatta OVF and XVA virtual appliances for adding routing & security to VMware ESX and XenServer environments.

To sign up for the free video click here or to view all Vyatta training offerings click here

I very much like Vyatta’s approach, offering the Core Edition to the community with support subscription available as an uplift and it is even more refreshing to see Training following in the footsteps.
A strong community and easy access to resources  satisfies engineers and will yield a greater amount of knowledgeable/certified individuals should Vyatta choose to go down this route.

Perhaps more Networking vendors could learn from this…

This brings me to my first point on Cisco Exam strategy – Do not let any of your certifications get close to expiring! Always recertify in good time.
There are a 3 main reasons for this:

• It takes a while to get accustomed to the Cisco exams – how questions are worded, spotting the trick questions and managing your time efficiently
• Revising under pressure is not advisable, especially with the breadth of knowledge required for these exams.
• There is little margin for error – if you don’t pass an exam before your time is up you are back to square one

On Revision…

Tip 1: Read the exam topics
This may seem obvious but it is often missed by many. Exam topics can be found at the Cisco Learning Network. Click the certification you are studying for, Click the on the Overview of the exam you are studying for and then click exam topics.

These topics form the basis for the questions that you will be asked in the exam.
Make sure that you revise each one thoroughly.

Tip 2: Revision Materials
To be well revised, you must use decent materials. I am personally fond of the Cisco Press materials.

The Foundation Learning guide provides you with all the requisite theory for passing the exam.
The Official Certification guide is focussed towards reviewing your knowledge and exam preparation.
In addition to the books, Cisco Press also publish Flash Cards, Videos and Command Quick References.

These ought to be supplemented by materials published on the Cisco website:

SRND’s or Solutions Reference Network Designs, Configuration Guides and Troubleshooting Guides

In addition to the above you can also find some good videos from Train Signal and CBT nuggets

Don’t resort to Brain Dumps from TestKing or affiliate sites. These are in breach of the terms and conditions you sign before you take and exam. Using them could mean loosing your certification. It is not worth the risk and also devalues certifications.

Tip 3: Don’t fall in to the “I already know that” trap
We’ve all done it. You start revising and see a chapter about VLANs and you start thinking “it’s ok to skip this… after all, I already know everything there is to know about VLANs”.
Don’t do it, you could miss key information that you needed to pass exam.

Tip 4: Greg Ferro’s Study Tips
I really like this article as it has helped me hone my exam preparation techniques.
Ear plugs are very effective– I opted for the Moldex Comets
These are really useful and not just for revision and concentration but for blocking out the background noise when working in the Data Center!

Tip 5: Use Flashcards
I write my own flash cards using a program called Anki. It is available for Windows, Mac, Linux & FreeBSD and works with iPhone, Android and other phones with a data connection.

Tip 6: Configure Everything
Spend time in the lab configuring everything related to the exam you are taking. Break it and troubleshoot it. Use show and debug commands to verify its operation when it is working, and when it is not.
If possible, get a friend to break your configuration for you to give you a better troubleshooting experience.
There is nothing better than time in the lab to prepare you for the simulation style questions.

On Answering Questions…

Tip 1: Read the Questions
Make sure that you read each thoroughly and at least twice – try not to look at the answers until you have finished reading the question.
Look out for trick wording in questions…

Tip 2: Answering Questions
The method of answering questions that I use involves ruling out the wrong answers first. This helps me justify my choices by understanding why the other answers are incorrect.

Tip 3: Manage your time carefully
Make sure that you understand how many questions you are going to be asked and how much time you have in advance to allow you to plan your time effectively.

On Failure…

At some point you are going to fail an exam, but don’t be disheartened – you can always try again.
Read your exam score report and focus your revision on the areas that you didn’t do so well on.

On Success…

When you pass an exam, reward yourself. Give yourself a study break and treat yourself to something.
This will help to motivate you to keep working towards a certain certification.

I have now entered a heavy stage of PRT, while I have not exactly progressed far along the Cisco Certification Track (I am still a humble CCNA) it has been almost 3 years since my last exam.
So rather than playing it safe and taking CVOICE or QOS I have opted for the more risky strategy of taking the new SWITCH exam!
The motivation behind this is that I feel that I ought to get my CCNP and CCDP this year as I need some way of backing up the past 5 years of experience.

This would be less risky if I hadn’t left it too the last minute (I have until 3rd May)

So I am frantically revising with a view to taking an exam in the next few weeks, giving my self a safe re-test window – I do not recommend this strategy but needs must.
One of the most important things is to remove all distractions, which includes – Twitter, LinkedIn and blogging.
That in mind, this will be my last post for a couple of weeks, but expect some content in May about the SWITCH exam, switching in general and the preparations for ROUTE!

Wish me luck…

We covered off the configuration of VRRP and OSPF.

VRRP is pretty much as standard, no quirks of note.

OSPF takes a little getting used to but again it is an open standard.
Area 0 is reffereed to in the configuration as area backbone
There are not multiple OSPF Process Identifiers.
Network statements are configured at the VLAN level rather than at the OSPF configuration.

That covers the content of the course which was overall a good learning experience.
If you would like to attend a course, please contact your HP account manager or HP Education Services.

This has been a good incite into the HP ProCurve product range and I am planning a couple of comparison posts between the HP and Cisco offerings.

Link Aggregation:
ProCurve will support static configuration of EtherChannel using HP Trunking Protocol. In order for this to work the Cisco side must be set to “channel-group 1 mode on”. HP Trunking Protocol allows for up to 8 links to be bundled to one logical channel.

ProCurve also supports LACP but this is disabled by default. Ports can be LACP Active or Passive. One benefit of LACP is that it supports 8 + 2 links. The other 2 links will be standy and only activated on an active link failure.

Spanning-Tree:
STP is disabled by default which according to @procurvehelp is due to http://j.mp/acYin6

This course focused mainly on ProCurve as an edge switch, with Cisco in the core.
99% of Cisco implementations will be running PVST+ or RPVST+ which are both proprietry.
There are multiple scenarios that can be used, and I will cover this seperately, with diagrams…

Quality of Service:
Some of you may have seen my earlier tweet with regard to my frustrations with ProCurve QoS. Cisco QoS come is two flavours, complicated and relatively easy. While I would not recommend the use of “Auto-QoS” without knowing what you are doing, it is a simple and effective tool. ProCurve comes in one flavour, complicated…

Every ProVision switch has 8 hardware queues! Better than Cisco’s variation of xp, xq, xt.
Classification is similar to Cisco, but in some examples you need to enter the DSCP in binary.
L2 CoS is trusted by default, there is no way to untrust except to apply a policy to the interface.

HP uses a GMB or Guaranteed Minimum Bandwidth applied to each queue. The GMB must total 100%. In congestion each queue is serviced according to priority and percentage of GMB applied. If one queue is empty, its bandwidth is given to the highest priority queue which requires more than its allocated GMB.

Rate-Limiting is available on ingress and egress but this is a hard limit and does not allow bursting.

There is no RED or WRED capability although queue depth is configurable, but once the buffer is full you will experience tail-drop – there is no option to remark.

There is no Traffic Shaping and there appears to be no Strict Priority Queue.

ProCurve QoS is functional but less feature-rich than Cisco – you get what you pay for. The one thing that I felt was lacking was some best-practice examples… I am sure these will appear in the near future.

Tomorrow is a step up the OSI model to investigate the Layer 3 functionality of the ProCurve switches and brings the course to a close.

So far I am impressed with what ProCurve has achieved and while there are still some creases to be ironed out, I think that I would be happy with this in a Campus LAN.

NOTE: HP develop their OWN silicon

The key players in the switching portfolio are those based on the ProVision ASIC.
The ProCurve 3500yl, 5400zl, 6200yl, 6600, 8200zl
yl and zl denote the type of modules that are utilised by the switch
The 5400 and the 8200 chassis based switches use the same modules.

HP maintains a single version of the ProCurve code which is common across ProVision switches – putting a finger up to the multiple 12.2 IOS release

The one big drawback around the 8212zl is its inability to run the management modules in active/active which results in approx 30secs fail over time (management module is equivalent to a Cisco supervisor module). This has been promised to be fixed in a firmware update – will keep you posted.

The main difference “out of the box” between ProCurve and Cisco is that ProCurve has almost everything enabled. As soon as an IP address is configured HTTP, Telnet and SNMP access is ready to go. The jury is out as to whether this is a good thing or not.

Password reset and factory reset is handled very differently in the ProCurve world. With the aid of a lowly paper-clip passwords can be reset and the config reset to factory – a far cry from the complicated Cisco password recovery procedures that we all know and love. Front panel operations can be disabled but this does NOT disable to Password Recovery procedure, which involves calling HP and being provided a one-time pass code to access your switch.

VLAN Terminology is different and requires an explanation:
An access port is preffered to as UNTAGGED
The native VLAN on a trunk port is UNTAGGED, while other VLANs on this trunk are TAGGED.
The word “trunk” in HP world refers to an LACP Etherchannel.

So far the Labs (which uses REAL KIT, kudos to HP) have been relatively unchallenging. This is mainly down to the similarities between the HP and Cisco CLI – which apparently is to do with some historic Foundry technology (not entirely sure of the story here).

Day two should hopefully bring STP and QoS.

Please feel free to ping me any questions on twitter @dave_tucker

Common Criteria is an international standard used to evaluate the security claims made by devices. Evaluation Assurance Levels denote how rigorously the claims have been tested where EAL1 is the most basic, and EAL7 the most thorough. While it is not necessarily a designation of “better” security, it is certainly a way of ensuring that any device will live up to your security expectations. EAL4+ is commonly accepted as the minimum assurance level that a device should have in order to handle sensitive data.

In CC the ToE (or Target of Evaluation) does not have to refer to an individual device and can be group of devices/products in a specific deployment scenario. The ST (Security Target) outlines the threats in this environment and how they are to be mitigated. You can find a lot of information here that can be useful when hardening and selecting software images.

To find Common Criteria devices you can search on either http://www.commoncriteriaportal.org/ or http://www.niap-ccevs.org/vpl/

Cisco have a really handy guide to their current devices here – Cisco Common Criteria

I have complied a short list, along with some hardening info below…

Firewalls of note with EAL4+

• Cisco FWSM – Cisco FWSM EAL4+ Config Guide
• Cisco ASA – Cisco ASA EAL4+ Config Guide
• Juniper Networks Security Appliances – Juniper EAL4+ Config Guide
• CheckPoint VPN-1/FIrewall-1 NGX R65 (including running on IPSO) – Checkpoint EAL4 Config Guide

Switches of note with EAL4+

• None

…some switches have EAL3+…

• Cisco Catalyst Switches -  3560/3750 Hardening, 4500/6500 Hardening

Routers of note with EAL4+

• Cisco (depending on features used- see Cisco Common Criteria link above) – IOS Hardening

Devices currently in evaluation..

• Cisco Nexus 7000, 5000, FEX and UCS for EAL4+
• HP ProCurve switches for EAL4+

So although Common Criteria doesn’t tell you that a device is “more secure”, it does mean that a vendor has devoted a lot of time and effort to justifying the security claims of their product .It generates some useful documentation for the IT teams to aid in deployment and provides internationally recognised assurance to customers.