I agree. Definitely ask proctor without assuming anything. Just my experience. Not technical but I think important for anyone who sits their lab. Anyone already know can ignore this. ;) I am sure someone already covered this a while ago if I remember correctly. Please ask me to shut up if this is not good topic to be added in this thread.
I was so scared to ask any question on the first attempt, I didn't really ask any question. Obviously failed badly. They look so scared to me for some reason. My second attempt I try as many as I can. Proctor never give you direct help but if you provide some intelligent information regarding questions you ask, they will provide good comment back as well. Proctor will be frustrated if you ask same question over and over without asking properly but it's their job to help you out in some way. One time I wanted to ask something and I said "can I ask some dumb question? And he replied I will give dumb answer" What I am trying to say is that you ask him in the intelligent way and he will reply back properly. For example, Question ask you to configure strong auth method with highest standard of encryption. It's very vague. Obviously if you assume it's wpa2 + aes(maybe cckm if it's voice) then you are OK in our world. However lab may already provided you some other info that you missed possibly. Here you ask proctor. You never ask " what do I do here?" he will laugh. But what if you ask him to let him know that you know things here. I would ask in this way. "I have a question here. Question stated to configure blah blah." "I know wpa2 + cckm with aes is the strongest combination however this WLAN is for voice and cisco 7921 does not support this and this ends up non working solution when you mark after lab session is finished." "in the best practice, we configure wpa + cckm with TKIP" "what is the question is really asking?" If you list all the option, proctor knows that you are on top of this and will give you some good idea.(not answer) Just little tip from me. Regards, Brendon From: Chris Jolliffe <[email protected]> Date: Mon, 24 Jan 2011 17:52:01 +0000 To: <[email protected]> Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 I would ask the proctor :) Subject: RE: [CCIE Wireless] authentication key-management wpa verseswpa version 2 Date: Mon, 24 Jan 2011 09:43:52 -0800 From: [email protected] To: [email protected]; [email protected] Good to know, so if they ask for wpa2 for the phones, do we assume that they don’t want roaming – or is that an ask your proctor kind of question? Thanks, -Kara From: [email protected] [mailto:[email protected]] On Behalf Of Chris Jolliffe Sent: Monday, January 24, 2011 9:17 AM To: [email protected] Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 Another thing to keep in mind is that if they ask for WPA2 on a Voice ssid be careful because the 7921 doesn't support WPA2 & CCKM (for fast roaming) on the firmware load that they use in the lab. > Date: Mon, 24 Jan 2011 05:38:14 -0800 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 > > Thanks Kristjan, > > Looks like being on a slightly different version of code has bit me twice now. Time to downgrade! > > Thanks, > > -Kara > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Kristján Ólafur Eðvarðsson > Sent: Monday, January 24, 2011 4:38 AM > To: [email protected] > Subject: Re: [CCIE Wireless] authentication key-management wpa verseswpa version 2 > > Hi Kara, > > The thing about WPA and WPA2 is usually simple. WPA is TKIP and WPA2 is AES. > However some suplicants have a funny ways of supporting WPA. For example some > may support WPA2 but only with TKIP and some WPA with AES ! So the options > we have to configure is partly to support those schenarios. > > But bear this in mind. The LAB blueprint states 12.3.8ja for the autonomous > and you cant configure version 2 under the dot11ssid in that code. > So when you are asked for either WPA or WPA2, under the dot11 SSID config , always* use authentication key-management wpa > But under the dotradiox interface you should differ with encryption mode ciphers aes-ccm for AES (WPA2) or encryption mode cipher tkip for TKIP (WPA) > > * authentication key-managment cckm (Cisco centralized key managment) could also be used under the SSID. This is when > you want to support fast-secure roaming for clients enabled for it. Such as IP phones. Usually this would have WDS setup aswell > if you were in Autonomous mode. > > In WLC you have options of WPA and WPA2 look a lot clearer. And you have the option there > to enable WPA with AES encryption just like above. WLC handles the fast-secure roaming > in cases of CCKM the WLC handles the fast-secure roaming caching so no need for extra configuration like WDS in Autonomous. > > regards. Kristjan > > > > ------------------------------ > > Message: 2 > Date: Sun, 23 Jan 2011 18:06:21 -0800 > From: "Kara Muessig (kmuessig)" <[email protected]> > To: <[email protected]> > Subject: [CCIE Wireless] authentication key-management wpa verses wpa > version 2 > Message-ID: > <26b4af8f83778445bc4309d72860457a0d7ca...@xmb-sjc-21d.amer.cisco.com> > Content-Type: text/plain; charset="us-ascii" > > Hi all, > > > > When a question states that you should use WPA2 for authentication is > there any reason why you wouldn't configure WPA version 2 verses just > WPA on the authentication key-management underneath the SSID? I realize > that the encryption aes assumes that you are using wpa2... > > > > Thanks, > > > > > > Kara Muessig > CONSULTING SYSTEMS ENGINEER.SALES > Wireless South Team > [email protected] <mailto:[email protected]> > Phone: 512-791-2870 > > > > > Cisco.com <http://www.cisco.com> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
