Raul My responses are inline below. Very good observations. With the updates made, the latest version number for the CCIEW Workbook Vol 1 DSG will be v2947 (as seen in the footer of the doc.) Give it a bit of time for that to be posted, as the doc needs to be properly reformatted, converted to PDF, etc by the support team.
Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: *[email protected] * On Mon, Mar 28, 2011 at 8:37 AM, Raul Manzano <[email protected]> wrote: > Hi guys. > > Making the tasks about the lab 3 I have some doubts about the solution > done. > > Point 3.2: For the configuration of SSID Test2 on AAP2: "The least version > of WEP encryption, using a key of...."; if you are talking about the "wep > encryption" Why don't also use the command" encryption vlan Test2 mode wep > mandatory"? because if not, you only pass a passphrasse to "authenticate" > but your traffic without this command is not cipher with WEP. > *** Yes, it does require "mode wep mandatory" command. I have updated the DSG to reflect that. *** Also, in looking at that, I noticed that SSID Test3 was also partially incorrect in the DSG. It should have the "optional" keyword after "authentication open" and before "eap eap_methods." Without that keyword, the AP will attempt to use AAA instead of simply using the WEP key. > Point 3.2: For the configuration of SSID Test6 on AAP1: "Use the highest > encryption level allowed for CCKM for the version of software on the AP". In > the SSID configuration, Why not "authentication key-management wpa cckm"?. > If you are using the "highest" (aes in this case) and CCKM I think this is > correct, unless the meaning of this command is allow both WPA and CCKM > key-management allowing non CCKM clients to connect . Is this OK? > > *** There is no requirement for WPA listed. WPA and CCKM are different key-management methods, with CCKM adding the creation of a Base Transient Key (BTK) to WPA (simplified version.) For the encryption piece, CCKM on 12.3(8)JE(X) as listed in the equipment list does support AES as a cipher. Normally, CCKM is listed with TKIP, because older versions of the 7921G required CCKM wth TKIP for fast, secure roaming. > Point 3.6: "On AAP2, only permit the laptop to connect". if you use in int > d0 "l2-filter bridge-group-acl" and apply in all the sub-interfaces the > command "bridge-group xx input-address-list 700" you should apply the same > commands to 5Ghz radio, because is only applied to the sub.interfaces but > not in "d1" interface (I'm assume this is a mistake). > *** Yes, that was previously corrected. Please check with our support team if the latest version available under your account does not have that correction. > > Thanks. > > Best Regards. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
