Passed the CCNP ONT Exam

Wow, this was one of the more difficult Cisco exams I’ve taken so far.

I felt I had a good grasp of VoIP and QoS from going through the CCVP track.

Despite that I barely squeezed out a passing score of 801.  I actually did the best on the wireless section (go figure)

Fifty-two questions and a ninety minute time limit.

Primary study material:
Cisco Press CCNP ONT Exam Certification Guide
Chris Bryant’s Ultimate CCNP ONT Study Guide
QoS cheat sheet from packetlife.net
Cisco Press QoS Exam Certification Guide
Cisco Press Wireless LAN Security

Total preparation time – four weeks.

This exam really tests your knowledge of VoIP, QoS, Cisco wireless solutions and wireless security.  I knew I was pushing the envelope with only four weeks of preparation but I wanted to get this one out of the way because……

Next week I’m attending VMware Vsphere training.

More on that later.

CCNP ONT Notes – Cisco Wireless Control System (WCS)

More notes from the CCNP ONT Exam Certification Guide.  I need help keeping all of the acronyms straight on exam day.

Cisco Wireless Control System  (WCS)
Centralized WLAN solution for LWAP’s.
Provides configuration, firmware, radio management, and IDS.
Supports the same monitoring and configuration management features as individual controllers.
Supports up to 50 WLC’s and 1500 AP’s
Administration via CLI, HTTPS and SNMP(v1-v3).
WCS uses SNMP for controller communications
Runs on Microsoft Windows or Linux platforms

Three versions:

WCS Base
Provides basic location services based on the association of the device with an AP
Autodiscovery of AP’s as they associate with controllers
Autodiscovery and containment or notification of rogue AP’s
Map-based display of AP coverage
Radio Resource Management (RRM)

WCS Location
All features of WCS Base plus:
Can utilize historical location data
On-demand monitoring of any single device via RF fingerprinting, accurate to within 10 meters

WCS Location + 2700 Series Wireless Location Appliance
Scales features to support up to 1500 devices
Records historical data for capacity management and trending

EAP Authentication Protocols

It looks like there could be a hefty dose of wireless on the CCNP ONT exam. In preparation for that I’ve spent the afternoon deep-diving into EAP authentication.

Cisco LEAP
We all know about the issues with WEP.  In response to that, Cisco introduced LEAP.  It overcame some of WEP’s vulnerabilities but was still highly susceptible to dictionary attack.   (the publication of an LEAP exploit at DEFCON in 2003 didn’t help…)

Cisco’s response to that was to recommend the use of strong passwords (10 characters, alpha-numeric, mix of caps and lower-case, etc).  Enforcing a strong password policy among end users is difficult at best so LEAP really wasn’t a good answer to WEP.  (Not to mention the availability of a tool to exploit it’s vulnerability to dictionary attack)  LEAP did have a number of benefits however and was fairly widely deployed.

EAP-FAST
In response to the vulnerabilities in LEAP, Cisco released EAP-FAST in 2004.  Defined in RFC 4851, EAP-FAST offered a secure method to set up communication by using TLS to establish an authenticated tunnel.

While this mitigated most of the risk associated with LEAP, EAP-FAST had a vulnerability involving the interception of the PAC, which in turn could be used as the launching point for a dictionary attack.

EAP-TLS
Originally defined n RFC 2716 and updated in March of 2008 in RFC 5216, EAP-TLS is widely supported and offers excellent security.  The downside of EAP-TLS is the client-side certificate requirement, making for a more labor intensive deployment, especially on a large scale.

PEAP
A joint proposal by Cisco, Microsoft and RSA Security, PEAP provides most of the security of EAP-TLS without the need for a client-side certificate.  If you’ve deployed PEAP, it’s likely been PEAPv0/EAP-MSCHAPv2.

PEAPv1/EAP-GTC is an alternative offering token based authentication and is not supported in Windows.

EAP Authentication Protocols.pdf