Monday, September 29, 2008

SDM - Switch Database Modifier

SDM is used for memory management on your switches. Anytime you hear the "Memory Management"  keyword  that means SDM in your switches.

Switches comes with a finite amount of memory, and, you may need to optimize your switch  to support all L2/L3 memory requirements for a specific type of traffic.

It brings us many possibilities of how we´re going to use the switch memory! But, the real question is... how to do it?!

We got default profiles, just keep in mind, no matter which profile you choose, it won´t break your lab, on the other hand, it can bring serious damages to a real network! So, always, plan before configuring anything!

The SDM Templates are used to optimize the switch for specific features, for IPv4 we have:

  • Access — The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.
  • Default — The default template gives balance to all functions.
  • Routing — The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.
  • VLANs — The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.

So, anytime we change the SDM, which by the way, it´s the only command about Memory Management, we MUST reload the switch in order for to take effect! This is very important! If you do not reload the switch, and the proctor issue a show sdm and it shows it´ll be "routing"  on next reload, you lost your section points!

The configuration is pretty straight-forward, for example, to optimize routing, we use the global configuration command sdm prefer routing and that´s it, check this example:

Switch(config)# sdm prefer vlan
Switch(config)# end
Switch# reload
Proceed with reload? [confirm]

DO NOT forget to reload! Otherwise it won´t take effect! If you issue a show sdm before the reload, your output will look pretty much like this one:

Switch# show sdm prefer
 The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
  number of unicast mac addresses:            3K
  number of igmp groups + multicast routes:   1K
  number of unicast routes:                   11K
    number of directly connected hosts:       3K
    number of indirect routes:                8K
  number of qos aces:                         512
number of security aces:                    1K
 On next reload, template will be "desktop vlan" template.

Not difficult at all right?! More information can be found at:

Wednesday, September 24, 2008

He´s back ladies and gentleman!

Our friend, Mr. Mike Down, is back with his new blog I Don't Wanna Be a CCIE! Most of you had the chance to speak with him before, some of you don´t, but know that: HE´S THE MAN!

As usual he knows what he´s talking about, and how to do it!

I would follow his posts closely, as he knows everything inside out from the "backstages" of the CCIE and the CCIE Training World! And that´s cool!

Brother, welcome back, and count with me for anything you ever need! I´m here, no matter where you are, or to who you work, I´m your fan! ;)

Tuesday, September 23, 2008

Don´t believe "only" in the show run (in my case, in the show conf)

Hmm... buddy! Let me tell you something... don´t believe only in the show run, always check every parameter involved using other show commands...

Why do I say that?! Last weekend, during a new WS-3750 installation for user access, I faced a little problem... Two core´s, and my new access switch, with links to both Core Switches. Trunk was limitted only to the management vlan to avoid any problems during the intervation.

In order to avoid any other problems, I´ve increased to Spanning-Tree cost to 25 in both uplinks (1Gbps) from the access switch to the cores.

So far so good! Installation done with the first core, ok, let´s connect the second! Hmmm... lost access, let me try again, ok, accessing normal, so what happened?! Root Port from Core 1 changed to the Access Switch?! Why?!

That´s when I´ve found that one of the Core Switches had  spanning-tree costs of 3004, 3019... WTH! Quick show conf (yes, it is CatOS), the Core was configured with UpLinkFast...

No biggie, changed spanning-tree cost, path went back to normal, and everything else was good! Customer will check how and when to remove the UpLinkFast configuration.

If at any time, I´ve checked the spanning-tree with show commands (not the show conf), I would see that, but... living and learning, right?!

Now I do know why some guys don´t like to do a show run, they preffer to check with other commands, I think they´re right... ;)

Sunday, September 21, 2008

September edition of the CCIE Flyer just released!

The wonderful CCIE Flyer from Emmanuel Conde (CCIE Agent) was just released!

Man, I must say, they know what they´re talking about! I almost cried reading the article "Build a CCIE Workshop" from Emmanuel, I must agree with him that everything in there is TRUE!

Also, mr. Scott Morris wrote a fantastic article called "CCIE Training - First Day Preparations", a must read!

Plus many others! You must check it out! I just finished reading through everything, and I loved! Well... who will expect less than a AWESOME job from Emmanuel, right?! Emam, YOU´RE THE MAN!

-- Click here to be redirected to the  CCIE Flyer --

Friday, September 19, 2008

Storm-Control everything you need to know

Another part of the IPExpert Security Video-on-Demand, Storm-Control!

Storm-Control can be used to limit, or to set thresholds for different types of traffic (Broadcast, Multicast and Unicast) on a specific interface you choose (or that you´re asked for). ;)

You can set your threshold to whatever the top level that you want, and the traffic will be limit to that. Also, on 3560 Switches you can set falling thresholds too! Basically it is telling the switch how much traffic do I want (or don´t I want) through that interface.

Now... to the tricky part... just suppose you want to limit the broadcast/multicast traffic in a specific interface... how would you set?! Would you allow more Broadcast traffic than Multicast?!

Hmm... good question, let´s step back for a while... What´s a Layer 3 Broadcast?!

A Layer 3 Broadcast can be the "All Hosts" which is the, or it can be a "Subnet Brodcast", for example is the broadcast IP of the /24 subnet;  just keep in mind that if the actual subnet mask change, the Broadcast IP will also change too!

Now... how about Layer 3 Multicasts?! What those guys are? 

Layer 3 Multicasts, known as Class D also, begin with the binary value of 1110 in the first octet. It goes from 224.x.x.x to 239.x.x.x. Also, at Class D we don´t have concept of subnetting of or broadcast reachability! So Broadcasts and Multicasts at "Layer 3" have nothing to do with each other.

Ok! With all that in mind, can you make a decision on how to configure the Storm-Control in one of your switch ports to limit the Broadcast / Multicast traffic?! Not that fast right?! There´s another wonderful world outside "Layer 3" it´s called "Layer 2" ! :)

At Layer 2, Broadcasts are know as "All F´s" FF-FF-FF-FF-FF-FF, this address represents all devices in a Layer 2 network, we all know that since the CCNA days, so, no big deal!

Now... The Layer 2 representation of IP Multicasts all begin with 01-00-5E. And there´s one specific bit in the MAC Address that defines whether or not it´s a Multicast, the I/G bit!

Take a look at the MAC Address format:


So, like our friend Scott Morris likes to say, the least significant bit of the most significant byte is the I/G bit! And looking at our Multicast Address 01-00-5E (in binary 0000 0001-0000 0000-0101 1110)  we can see that this I/G bit is set to 1 in EVERY Multicast!

In that case, the I/G bit defines a Multicast when it´s set to 1, but, how about the Broadcasts?! All bits in a Layer 2 Broadcast are set to 1 (including the I/G bit), so, Layer 2 Broadcasts, in fact, ARE a subset of Layer 2 Multicasts.

All Layer 2 Broadcasts are Multicasts.

All Layer 2 Multicasts are not Broadcasts.

With that in mind, when configuring Storm-Control in a switch port, and, if you´re setting limits to both Multicast and Broadcast, you should set Multicast limit HIGHER than the Broadcast limit (at least set they equal, but never set the Multicast level to be less than the Broadcast level, otherwise, either Broadcasts and Multicasts will be limited by the Multicast level, making pointless the Storm-Control configuration for the Broadcast!).

It´s configured on a per-interface basis, here´s the command list:

(config-if)#storm-control broadcast level (#)[.(#)]
(config-if)#storm-control multicast  level (#)[.(#)]
(config-if)#storm-control unicast level (#)[.(#)]

Level is % of line as maximum threshold
Level 100 would permit everything
Level 0.0 would disable the frame type

The following example will enable Unicast Storm-Control on a switch port with an 89% rising suppression level and a 67% falling suppression (remember, falling suppression can only be configured in 3560). It´ll also enable Broadcast Storm-Control on a port to a level of 20%. When the Broadcast exceeds the configured level of 20% of the total available bandwidth of the port within the traffic-storm-control interval, the switch drops all broadcast traffic until the end of the traffic-storm-control interval:

interface gigabitethernet0/1
storm-control unicast level 89 67
storm-control broadcast level 20

Just remember, Multicast levels (which includes more things) must be higher, or at least equal, to the Broadcast levels when configuring Storm-Control!

You can use the show storm-control command to verify the operation!

Nice! :)

More information available in do following Websites:

Wednesday, September 17, 2008

Virtual Tour - CCIE Lab: A "must" see video!

I was checking one of my favorite CCIE resource on the Web, Sadikhov Forums -> CCIE Other, a very nice section to be checked once and a while! In there I´ve found a post from our friend Stacky about a very nice video in Cisco Website: Virtual Tour - CCIE Lab!

The video is 3 min long, but it´s AWESOME! At least you´ll get to know what you´ll face in the lab day, and how it looks like!

I do recomend to everybody, if you have a chance, check it out!

Here´s the link, it´s the third video in this page:

Certifications Connect - Becoming a CCIE

Thursday, September 11, 2008

IPExpert Blended Learning Solutions - Promotional Price ending soon!

For those who wants to get the awesome IPExpert CCIE R&S Blended Learning Solutions, I advise to act now! The price will increase soon, it´ll still the lowest price on the market, but why pay more, if you can have it now for USD 999.99 ?!

Talk to sales guys, they will clear any doubt you have, and there are many reviews about it over the internet! Just check it out!

I must say, the product is fantastic! Nothing like that! They use a different approach, not slide after slide, but a full motion movie, you, and the instructor! Very informative!


LAST MONTH for Blended Learning Solution Giveaway Pricing -- BUY NOW

The past two months has been an exciting time. Since we began our promotion offering our newly-created, ground-breaking Blended Learning Solution™ products for only $999, we have shipped nearly 1,000 of them to CCIE candidates around the world!

However, there are less than 2 WEEKS LEFT of this rock-bottom pricing for this unmatched level of training materials! On Monday, September 22, the prices for the Blended Learning Solution products will double, rising back to the level representative of the massive amount of quality materials delivered in this offering.

The message is, if you were planning to buy CCIE training materials, DO IT NOW and take advantage of a value unseen before anywhere.,bb3NCpTF


Wednesday, September 10, 2008

802.1x, Guest VLAN and Auth-Fail VLAN

Another security topic from IPExpert videos: 802.1x, nice, not too long, and easy to understand.

Dot1x is a specification for port based authentication, most of the time we hear about 802.1x is when somebody is talking about Wireless (hi Shiraishi). Basically it uses the same concept there, but it was originally created to be a switch based authentication mechanism.

By default, 802.1x uses RADIUS. This is where RADIUS, TACACS and AAA comes on the LAB, and that´s why they´re on the blueprint.

Also, keep in mind that there´s no RADIUS server on the CCIE R&S Lab Exam. So take a look at your diagram, check where the RADIUS server is "pretended" to be connected, and at the details they´re giving to us before stressing too much over it!

So, until the device is authenticated, 802.1x access control allows only Extensible Authentication Protocol (EAP) over LAN (EAPOL) traffic through the port to which the device is connected. After authentication is successful, normal traffic can pass through the port.

If the switch receives EAPOL packets in a port that is not configured for 802.1x authentication or if the switch does not support 802.1x authentication, then the EAPOL packets are dropped and are not forwarded to any upstream devices.

802.1x needs to be turned on globally and configured at each interface you actually want it:

To turn dot1x on:

(config)#dot1x system-auth-control

And at the interface:

(config-if)#dot1x port-control <type>

The type can be:

  • Auto - If this particular interface doesn´t receive a response from the host, the port will be disabled. It´ll send out the EAPOL packets  (Extensible Authentication Protocol), those EAPOL packets are basically saying: "Hey! Who are you?!" And hopefuly the switch gets a response! If it doesn´t get a response, by default, the port is not enabled. The users will not be able to access the network without authentication;
  • Force-authorized - No authentication is performed, it just pretend that the authentication just happened.  It´s normally used for routers;
  • Force-unauthorized - Similar to shutdown. It pretends that this port wasn´t authorized.

802.1x, Radius and AAA works really close to each other! 802.1x will send EAPOL packets and control the access, AAA will tell the Router/Switch "HOW" to authenticate, and Radius will authenticate the requesting host if configured to do so.

Be careful when doing AAA, otherwise you may get locked out of your switch, and that will force you take your lab again, with better lucky (or better prepared) next time!

Fortunately there are some technics to avoid locking yourself out of the switch! I´ve talked about that before (click here if you want to check that post), but, I consider it so important, that I´ll copy the contents here:

-> Turning 802.1x on in your system (also enabling RADIUS):

dot1x system-auth-control
aaa new-model
aaa authentication dot1x default group radius
radius-server host key ipexpert

-> To avoid further complications with any port using "login" you´ll want to create a workaround. The Proctor will NOT do password recovery for grading you! So, we need to create a workaround for this:

aaa authentication login MyVTY line
aaa authentication login MyCon none
line con 0
login authentication MyCon
line vty 0 4
login authentication MyVTY

-> That way, Console will have no password, and the VTY will use the configured line password.

-> The bottom line is that while it is very irritating to lock yourself out of a switch it is MUCH better than locking the Proctor out!

-> Another thing you may do is "reload in 10" on the switch. If you haven´t validated your config and cancelled the reload, then at least you will fix things yourself!

-> (Do NOT save unvalidated configurations!!!)

As we go through we´re only going to do AAA authentication login, that´s the type of authentication we´re going to do.

But now, if someone responds to the EAPOL packets with incorrect credentials, or even worse, if someone doesn´t have a computer that supports 802.1x and don´t know how to respond to it?! What happen to those guys?! By default, the switch will keep sending EAPOL packets until it receives the correct credentials.

And that´s it?! Those guys will not be able to access the network?! Well, if we want yes, they´ll be out, but, we´re not that mean, right?! We can configure a "guest" VLAN, with limited access to the network, so those guys will be placed there!

With guest-vlan information (or with auth-fail vlan information) we have ways to setting up some options. The port needs to be at  mode access (can´t be dynamic in dot1x):

int fa0/10
switchport mode access
dot1x port-control auto
dot1x guest-vlan 100
dot1x auth-fail vlan 100
dot1x host-mode multi-host

That way, if the guy doesn´t support 802.1x authentication (or, if it´s not configured to do so), it´ll be allowed to use the configured guest-vlan (in our case VLAN100).

Also, if the guy use incorrect credentials (like wrong username/password), it´ll be allowed to use the auth-fail vlan (in this particular case, VLAN100 also).

But, how about that dot1x host-mode multi-host command, what´s that?! That will do 802.1x authentication for EVERY MAC Address using this link.

On the other hand, if we use the command dot1x host-mode single-host  as long as one MAC Address is validate, every MAC Address in this single link is allowed to go through!


You can find more information at this link if you want:

Monday, September 8, 2008

Switchport port-security - what we MUST know

Continuing with the IPExpert CCIE R&S BLS Security section, it´s a short video (40min), but, with a lot of good information! Security has always been one of my biggest weakness, so that´s why I´m depicting it topic by topic, that helps me to either learn it  better, and, if I ever need to review my notes, I´ll have everything splited to it´s own topic here! So that´s good! Hope that helps you too!

To begin with... how do we enable the port-security in a switch port?! That´s easy to answer, using the interface command: switchport port-security. But, what will be actually configured in this specific switch port if  we just type this command and nothing else?! It´ll set the switchport to allow only "one" MAC Address and the Violation mode will be set to Shutdown.

Probably the LAB will ask you something more specific, that´s where you have to know a few things... The violation mode for example, we have three violation modes availabe:

  • Protected - When a violation occurs, it´ll simple ignore any exceeding MAC Addresses, according to your configuration (if you allow only one MAC Address, it´ll permit the first MAC Address to transmit, and drop everything else for any new MAC Address trying to transmit to this port).
  • Restrict - Does exactly the same thing as Protected mode, but will also send a SNMP Trap regarding the violation.
  • Shutdown - When a violation occurs in the shutdown mode, it sets the port to ERRDISABLE state. The port will stop transmitting anything in the ERRDISABLE state, also, the port LED will  turn off. It  sends out a SNMP Trap about this.

When a port enters in the ERRDISABLE state you can do a shut and no shut to recover it! That can be a boring task, if you have many "smart users" in your network. Fortunately, there´s another way to do that, you can also set it to "autorecovery" using the feature errdisable recovery (global configuration mode), the commands for this are:

errdisable recovery cause <violation cause>
errdisable recovery interval <#seconds>

For example, if the Port-Security placed a port in ERRDISABLE state, you can set your switch to recovery it like that:

errdisable recovery cause psecure-violation
errdisable recovery interval 1800

That will recover the port 30min (1800sec) after the violation event! Cool! :)

Another thing to keep in mind is: the command switchport port-security mac-address <MAC> by itself will not get the configured MAC Address into the running-configuration of your switch. If you issue a show switchport port-security you´ll see the configured MAC  there, but not in the show run!

In order to have it in your running configuration, you have to use the STICKY keyword: switchport port-security mac-address sticky <MAC> that way, the configured MAC Address  will appear at the running-configuration, and of course, you´ll be able to save it! If you do not specify any MAC Addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration.

So, for example, to allow two MAC Addresses (1111.1111.1111 and 2222.2222.2222) at FastEthernet 0/6 (configured as an access-port), and, if any violation to that rule occurs, the port should be placed in ERRDISABLE state,  recovering itself after 1hour without any intervation. The MAC Address MUST appear in the running-configuration.

How can we solve that!? Not that difficult, right!? Here´s the answer:

conf t
errdisable recovery cause psecure-violation
errdisable recovery interval 3600
interface fastethernet 0/6
switchport mode access
switchport port-security violation shutdown
switchport port-security maximum 2
switchport port-security mac-address sticky 1111.1111.1111
switchport port-security mac-address sticky 2222.2222.2222

That will meet the requirements of our question!

Also, if you issue a switchport port-security ? under the interface configuration mode you´ll have all available options for this command (in fact, there are just a few options).

Is it difficult?! Not at all, but, there are some things to keep in mind to be used either in the exam and in real-life networks!

You can find more information at the following link from Cisco Website:

Saturday, September 6, 2008

Sometimes it´s just too difficult

Man... why it has too be so difficult?! Sometimes I feel like throwing everything away and start a new business: sell coconut water at the beach!

Lol! Just kidding! I just had a "BUSY" week (almost 18hrs a day), but I´ll get back to my routine starting tonight. I´ll arrive home (yep, I´m out  in a business travel), and I have some plans already, watch a couple Videos from IPExpert BLS. In fact, I´m moving slower   than   what I really   wanted, but, at least,  I´m still moving! Better than just leave all my CCIE Materials in top of my desk! :D

The good thing about it is: I´m taking too many notes from all Videos that I watch (like, a 1hour video takes me at least 3 or 4 hours to finish! I keep moving back and forward to get EVERYTHING), and that is helping me a lot! For sure my technical skills are better now than before! I used to have some doubts, but I´m clearing them all during the studies. And you know what?! All of them were really simple! That´s great!

CCIE study is hard, lonely, and time consuming, I must say, BUT I get so happy each time I learn a new trick, technology, or clear that doubt that bothered me for so many years, and that makes all the hard work WORTH IT!

Not that the coconut water is a bad idea, but I´ll stick to my original plan and dedicate myself to achieve my goal: to be better than yesterday (and of course, get my numbers if possible). ;)

Anyone wanna join me?! :) I´ll try to finish my security notes by monday if possible!

If anybody needs a little help, or just talk, let me know! ;)

Wednesday, September 3, 2008

CCIE Command Memorizer - Q&A - Updated Sep/04/2008

Here follows a quick Q&A about CCIE Command Memorizer, hope it helps! Please, feel free to ask any questions about the eBook, I´m using it, and I´m enjoying! Of course, this is just a review, and I may not be able to answer all questions (remember, I´m not the vendor, I´m just a customer of

All comments are welcome, specially if you have a copy of the eBook, so others can enjoy your point of view!

1-) What is the CCIE Command Memorizer?!

It´s a study tool, an eBook, just like any Workbook, with questions and tasks related to the CCIE Topics, where you also get a prompt (after each question/task) to enter the configuration commands.

2-) There´s explanations for each question?!

No. There are for some, but not all! You have the correct answer for each question, but no explanations about it for all tasks.

3-) Is it bad?!

In my opinion?! Not at all. CCIE Command Memorizer is a study tool, that will help you to actually practice with the configuration commands, work on your speed, and check how to configure many tasks. You can use the Cisco Documentation to find the answers, that will improve your navigation skills at the Cisco Documentation.

4-) Can you use abbreviated commands?!

No! Some tasks you can, but not all. Again, in my opinion, that doesn´t matter! If I know the full command I know the abbreviated version also! For me, it doesn´t make any difference. It still the same powerful tool as before!

I know that Mr. David Bombal and his team are adding abbreviated command support to the product, so you should expect news regarding this in a near future!

5-) Is it possible to pass the CCIE Lab using only the CCIE Command Memorizer?!

Well... Hard to say, it´s a good idea to have at least a two vendor approach, and Video-on-Demand classes (so you can watch it, go back, and check again and again, until you understand the topic). It´s a great tool to be combined with other existent CCIE Training Materials, due to its portability, really good questions, and the way you get to use it, just jump in and start configuring! In my opinion?! It´s great!

6-) Do you recommend it?!

Yes I do! I bought it, and I´m very happy,  it´s becoming part of my daily study strategy! Even if I have just a few minutes, I can try to solve some tasks in there, practice with the Cisco Documentation, and everything I would do with a workbook, with the advantage of having the command prompt just after each question.

7-) Any sample questions?!

Well... I´ll add a couple here (if anyone wants to solve, feel free, I´ll add the answers by the end of the week).







----- UPDATED September, 04 2008 -----

As requested, I´ve added some more questions which I consider to be a CCIE Exam Level questions, some I consider easy, some I consider hard, but maybe what is hard to me, is easy for many of you, and vice-versa, we all have our strengths and weakness, and those are different for everyone, well... not that different, right?! :)

Also, I´ve answered some more questions about the product in the end of this post, so don´t forget to check it up!


Switching 1

Switching 4


Security 1

Security 2




Multicast 1


IPv6 1


Frame Relay 4





8-) Is it cost effective?!

Well... that depends on your point of view... I´m at the beginning of my jorney, I´ve much work to do before even think about a CCIE Lab attemp, and all resources are welcome at this stage for me!

The CCIE Command Memorizer is not a Workbook with solutions guide, that will take you by hand telling: hey, do this on the exam and you´re good, no, don´t do that, OSPF works that way, and blablabla... You can find this in many Workbooks out there, which I consider my primary source for the CCIE Studies! And I don´t even think that this is the purpose of the CCIE Command Memorizer! In my opinion, it´s a preparation tool that looks like a combination of a Workbook + Dynamips, where you can just open and start answering configuration tasks, ideal for anyone who lacks time during day, but wish to do something else other than step away for 5min to talk a while, get a smoke, drink coffee, or anything else you could do before one job task and another! But, it must be combined with other CCIE Training Materials out there, and, right now, there´s no other tool that do the same for you! It´s unique.

I´ve learned A LOT from it already, and I do consider the CCIE Command Memorizer very helpful!!!

Right now, my resources are:

- Video on Demand Classes from IPExpert;

- IPExpert Workbooks;

- CCIE Command Memorizer;

- Internetwork Expert Workbooks;

I´m finding the CCIE Command Memorizer very useful, really, at home I usually watch Videos on Demand, and during the day, before work, during breaks, and before leaving I´m using the CCIE Command Memorizer. Also, I´m using it with Cisco Documentation to get used to it! I´m still finding my way through the documents, but I can honestly say, 3 months ago, it was taking me about 20min average to find any answer in the  Cisco Documentation, but now, after using it for EVERY and EACH task that I try to solve, I´m taking between 6 to 8 min, when I get to 2 or 3 min I´ll feel really good about it!

But anyway, to conclude... Everything CCIE Related is expensive, and for USD99.99, you get a very good product in my opinion! Of course, my opinion could be different than yours, if so, I please ask you to express your feelings in a comment, so others can check your point of view (again, I´m just a customer, and not the vendor, so don´t worry if you have anything to say, please, please, please, do it here!). ;)

Monday, September 1, 2008

CCIE Command Memorizer - First Impressions

Yesterday and today I was able to play a while with the CCIE Command Memorizer... It´s really a powerful tool to the studies! I´ve checked the RIP Section (not all tasks) and some Frame-Relay also. Do not consider this a full review of the tool, I´ll use it a little more before that, but, here are my first impressions:

Topics are organized by categories, like BGP, QoS, Frame-Relay, under each you´ll find the associated tasks. First you got the questions, and right before that, the prompt to enter the commands. Really useful on the job, on the road, where you have little time to study, and need to do it fast! Everything is ready just waiting for you! Open the eBook, choose a topic, and start configuring it!

As said before, the each task commands are limited to the task commands itself. And you have to enter it right, following the order of the question. After each command, you get the OK or WRONG, so you can go back and fix it (also, if you want, the eBook can give you the correct answer).

And before you ask, there´s no question mark "?" to get help about the commands, you must know what you´re doing! This is  GREAT! You know in what that will help me?! No?! It´ll help me to improve my way at the Cisco Documentation! Many times doing something, I keep typing "?" over and over, until figure it out, but the best thing in the study stage that I´m right now, is to go to the Cisco Documentation and find my path there! That´s really good! I´ll not be tempted to type "?"! Either I know how to solve the task, or I´ll need to navigate through the Documentation and find the answer! Cool!

At the top and the botton of the page you´ll find the RESET button, so you can reset all your work and start over!

The questions are the best of the CCIE Command Memorizer in my opinion, I really liked the way the questions are presented to us, direct and to the point. Some are tricky, but, if you read it carefully you´ll understand exactly what is being asked. A great tool to learn not only  the commands, but how to do it!

Check this RIP task for example:

Configure RIP version 2 md5 authentication with chain named "pass" and password "cisco" using key 1. Put on serial 0/0. Enable authentication on Serial 0/0. Enable rip version 2. Advertise

This is only one out of 16! And by the way, it´s the first RIP task! Anyone want to try to solve it?! I´ll post the answer latter this week!

It covers pretty much ALL topics in the CCIE Lab Blueprint (if not all, really close to it).

The best thing about CCIE Command Memorizer is that´s so easy to use... You just start the eBook and you´re ready to go! Good for anyone who have little breaks to study, and want to enjoy it at all! Of course, the tool by itself will not make you a CCIE, but when used in conjunction with other CCIE Training Materials seens to be a POWERFUL combination!

I´ll get back with some more in-depth review!