CCIE security written resources
As I wrote in my profile I passed CCIE written in summer 2007 ..So for sure I wont be able schedule lab in 18 months after passing so I need pass it again … I dont study separately for written – my approach is theory – lab – theory at this stage.. For example when did study for TACACS+… First I went through RFC, security books chapters than did simple labs with debugs etc.. than I reviewed theory again
My MAIN resources for theory part are:
1) RFC
You can use this search engine a find proper RFC for Radius, Ldap, IPsec… There is lot of valuable informations
1)CCBOOTCAMP’s 2008 Cisco CCIE Security Written Study Guide
For my studies I bought its with Quick reference sheet only one CCIE written book on the market. I bought ebook with 24 Hour Print Option – I printed all pages immediately after downloading
Authors of that book are Colby LeMair (CCIE 12968 from Cisco), Farrukh Haroon (network engineer from middle east – CCSP studying for CCIE – little bit strange for me but why not) and Brad Elis (CCIE 5796 CEO of Network learning)
I think book is very good written – all topics from the written blue print are covered pretty well. It has 565 pages. The book table of contents is similar as blueprint for written . In the end of every chapter is set of tough questions…
Its quite old book but really well written and there are few great section (like AAA, IPSEC, GRE, IOS firewall)
If I need some configuration examples or some guide I search Cisco web … It doesnt apply for all topics but there is few really good documents for written exam
4) CCIE Security Exam Quick Reference Sheets
Its really quick reference , but I plan use it in final stage when you need quick review of all topics
Using AUTOCOMMANDs
I tested autocommand feature (command run automatically when user is logged in) and it looks authorization is needed in order get this features working
without commad aaa authorization exec default local it didn’t work for me (if you have other experience let us know)
So configuration is following ( I tested it with show ip interface brief command)
aaa new-model
aaa authentication login default local
aaa authorization exec default local
username user1 password 0 cisco
username user1 autocommand show version
When user1 logs in
R2#telnet 192.168.1.1
Trying 192.168.1.1 … Open
User Access Verification
Username: user1
Password:
R1>sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 192.168.1.1 YES NVRAM up up
Loopback0 192.168.10.1 YES NVRAM up up
[Connection to 150.50.78.2 closed by foreign host]
When using NOHANGUP feature with command
username user1 nohangup autocommand show version
it doesn’t mean you will stay logged in (as I though) but you get new user login prompt(instead of [Connection to 150.50.78.2 closed by foreign host] message)
R2#telnet 192.168.1.1
Trying 192.168.1.1 … Open
User Access Verification
Username: user1
Password:
R1>sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 192.168.1.1 YES NVRAM up up
Loopback0 192.168.10.1 YES NVRAM up up
User Access Verification
Username:
So if you have credentials only for user1 – this autocommand is only one thing you can do
Multiple TACACS+ servers with different keys
Have you ever tried to add more than one TACACS+ server??? When I tried I was forced to use same authentication key for them (it could be possible security issue)
tacacs-server host 192.168.1.100
tacacs-server host 192.168.1.101
tacacs-server key secretkey
Its difference from RADIUS command where you can specify key after IP address
radius-server host 192.168.1.100 key secretkey1
radius-server host 192.168.1.101 key secretkey2
Now I found workaround how to do same for TACACS+ it can be done with server-private command under aaa group server
NOTE this command was introduced to IOS 12.3(7)T so it doesn’t apply to current blueprint version
aaa group server tacacs+ my-servers
server-private 192.168.1.100 key secretkey1
server-private 192.168.1.100 key secretkey2
DENY IP - road to CCIE security 
8 comments