I just read through NetMasterClass.com DOiTv2 Scenario 12, which I’m planning to do on Saturday. I like to read through the lab ahead of time, and cogitate on some of the challenges before actually doing the lab. Sometimes, I’ll poke around on cisco.com or in a book, reviewing a technical concept before I tackle the scenario.
Looking through this scenario, I see I’m challenged with a security task where you’ve got 3 routers with ethernet interfaces all on the same VLAN. The task is to force router 1 to talk to router 3 by way of router 2. Routers 1 and 3 should not talk directly to one another. My brain was mulling this one over, trying to think of a layer 3 way to do this task. And I’m coming up dry…can’t do it with ACLs…they aren’t going after some funky routing protocol technique…hard-coding MAC addresses or something equally wild isn’t the right idea…etc. I decided this challenge must be calling for some clever new router trick with which I was not previously acquainted.
I finally break down and peek at the “hints” section in the back of the lab. All the NMC scenarios have this hints area, where they often give you a gentle nudge in the right direction for each section. (Or if the lab author is particularly cruel, it’ll just say “no hint”.) Anyway, I usually don’t refer to the hints because I try to be above all that. ;-) Ahem. But in this case, it was the right thing to do. The hint told me to “Protect those ports!”. Ah ha! Layer 2! DOH!! And I’m smacking myself in the forehead for overlooking an unbelievably simple option. Make the switchports that uplink the 2 routers that aren’t supposed to talk to each other protected ports. But of course! If that had stumped me on Actual Lab Day, how many points would I have given up? <sigh>
Lesson of the day for myself – if there’s no obvious way to get the job done on one layer, can you use technology from a different layer to do it? I’ve had this issue before, where I limit myself to a certain way of thinking about a problem, when so often there is a broader option list to choose from. It is SO natural when faced with a CCIE task to assume that the solution to that task will be complicated, convoluted and counterintuitive. And so very often, that’s NOT been the case. Yes, there have been those “head scratcher” solutions where you read through the answer key and go, “Wow. I NEVER would have figured that out on my own.” But much more frequently, I find that I’m making it harder than it is.
Ignorance of the possibilities is my greatest enemy now. I have a reasonably good approach to the lab – perhaps not perfect, but pretty good. And while still needing some work, my time management skills are much, much, MUCH better than they were 3 months ago. So while I can (and will) still hone my lab approach and time management skills, I think my next great push needs to be studying.