Cisco Learning Blog

As i was looking for something i could do next, after passing my ccie r&s, i took the security path next and last week, i did the written as a first step. It have been 105 question with a 790 points passing score. I managed to pass the test. It was quite close, i didn’t expect to pass. I was feeling i would fail, but tried my best and the last 10 – 15 questions and there must have been some correct answers.

With the new written in security i also recertified my r&s ccie for nearly the next 4 years now. The next time until i had to recertify is the 26.2.2013. Cisco just adds the new Written at the end of the first ending period. So that will take some time.

Since i read that the Security ASET Labs have been a great help for preparation, i have already booked some ASET Labs at the end of may until june. I know that for r&s they have been absolutly helpful and one of the best resources.

I still will look for some PEC courses for security. I found some for r&s with have been at least interesting. But the PEC www.cisco.com/go/pec was reorganized and the website changed a lot. I found it very difficult to get to the courses i have seen before.

I have to look again at the PEC. Might have been changed again.

I have booked the lab at the end of October in Brussels. But I’m unsure if this will be enough time for preparation. I will see. I had to decide until end of July. So until then, i will probably know more about, if it will work.

Currently i reorganize my testing environment also. Still was using a OpenSuse installation on my notebook. But i feel moving to another distribution. Might be Fedora or Ubuntu. Shouldn’t be a problem with dynamips on both. I have ordered a new HD with about 320 GB, so i will have more space available for my vmware installations. Still using my Lenovo T60 though. Have 3 GB of main memory, but i’m already looking for notebooks with more than 4 GB. I’m still waiting for.
But first I will be on holiday with my now 1 year old son for some time.

If you wounder how often i could go on holiday, that nice time will shortly be over. I’m still on parental leave until midst of June and until then it have been 7 months altogether for me. My wife did the other 7 months before. Since 2007 in Germany it’s possible to parents sharing the time. And if one of them is taking at least two months, i will be 14 altogether, instead of only 12. It’s a great time with my son. He develops so quickly, for me it’s absolutely to quick. A few months ago, he was so small and now he is close to being able to walk already. It’s fantastic to see him every day and to experience his presence.

Have a nice time.

Two months after the lab exam, i received the plaque. Well it’s looking nice. Would be better if the font would not look frayed, but it does a bit, if you look at the characters in detail. All in all it’s ok. But a wooden border, like the plaques had before, would add some more value to it.

I gave it already a nice place.

Just came from a vacation. Did some cycling for about two weeks and continued my training for the ironman this year in Switzerland. In about three months in july 12, i will be in zuerich to do the:

3,6 km swim, 180 km ride, 42,195 km run

I have started learning for the written again. Think i will soon make the test. Maybe in about 3-4 weeks.

I hooked up myself to “security@groupstudy.com” and have started to read some books. Still looking for other useful additions. Some of them have already arrived:

CIsco ASAA: All-in-one Firewall, IPS, and VPN Adaptive Security Appliance

IPSec VPN Design

Penetration Testing and Network Defense

Cisco Access Control Security: AAA Administration Services

Intrusion Prevention Fundamentals

Most of them have been published 3 – 5 years ago. Some things might have changed, but most of it probably not. Since there are no newer editions. ACS will stay the same on version 4.1 in the lab, also for version 3 of the . IPS will be version 6.1. Seems like there is currently no virtual installation possible, like for ASA 8.0 also, at least no fully functional version. But pix with 8.0 should do it also. And IPS 5.1.8 might have not that much changes. ACS 4.1 is available as a 90 day trial installation. You can either install on windows 2003 or windows 2000 with the following versions:

•Windows 2000 Server (English version only)

•Windows 2000 Advanced Server (Service Pack 4) without features specific to Windows 2000 Advanced Server enabled or without Microsoft clustering service installed (English version only)

•Windows Server 2003, Enterprise Edition or Standard Edition (Service Pack 1)

Source:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/install.html

Now it’s one week ago and i still sometime login to my cisco certification account and watch at the result of my exam.

But what comes next? Have you thought about this before? Forward-looking i was already thinking about taking another path. Did want to have more knowledge about security. I was think about Service Provider also. But this is not as close to me, as security is, in the sense of building up a network. I take the path from LAN to WAN then after R&S, Security comes first and after that Service Provider. Had also already more experience in security and side effects will be better for me with security, i think. Also in April the security lab, will have some interesting updates as the pix and the concentrator will be removed from the lab.

Well, i have my little family and my son is still small. But now he is already close to his first birthday. Time runs, as i can just notice often.

So i will take the time i can spare to start the security track and start learning in the near future.

I will have to build my rack and have already seen that most of the devices can be build with dynamips/dynagen, pemu and vmware. So i will share my buildup and proceedings and populate my blog with more security topics in the future.

Will have some holiday also, if you think now, i should take that first.

Sitting here and still staring from time to time at the Cisco Certification Status Page. Cause i’m still in the process of realization.

After the lab the proctor told us, that the result would be there at 9 PM in the evening. Was still waiting the same evening until 11 o’clock, but got no mail regarding the grading. Then after i woke up the next morning, i got the mail from Cisco in my inbox, that the score result is available. The mail does not tell you anything about failing or passing the exam. I had to open my certification profile on the cisco website to see the result. Two times before i had failed the exam and this time i was not sure if i had passed. But i did it.

I was through the exam before lunch, except for 4 question, which i had just skipped and one left over question at the end. The key for me to success was time management.

In the previous attempts i was also spending to much time on tasks, while in the middle of the exam. This time i just skipped any question i was not able to solve right away and noted it for later processing.

So i got more and more confident with my overall performance in the lab and after lunch, i double checked everything and could spend the rest of the time to search DocCD and double or triple check all configurations. Also noted tasks, that i found suspicious of hidden elements, that i could not see first time looking at.

And it worked out. The technique was very important for me, cause i got more and more self confident while proceeding the lab tasks.

This all is a long story. I did not believe i would get that far.

I started my first attempt in Jan 2007, were i got the best score. But i wasn’t really ready, but still got quite close. But i was just to nervous. And could also not sleep the night before. I wanted to waste some money and asked for a reread after the lab, but with only very little success. They gave me some more points. I think for 250$ they can do this , but i think i did not really had a chance.

Then the second attempt, i tried to time the lab just some days before the estimated birthday of my sun, but that has not been of any interest to him. He decided to came one week to early, and so he was born in April 2008 one week before my lab date, where i think i didn’t got much sleep again.

And now, after i got myself motivated again, and i know this can be hard, rearranged my own life a lot in this new situation, 10 months on my third attempt i did it. This is such a relief guys, i can tell you.

During this time a learned a lot on Cisco, IOS, employers and learning partners. How to learn and how to manage time while also working. Also for me, it was very important doing sports or other kinds of recovery activities. It’s also very helpful if you have an employer, who supports you and grants you time for learning. Even, if it’s only two weeks.

Had this sentence in my had from the beginning:

“Stick to it.”

Do not let you get discouraged. Look at those things you might not be that good and concentrate on them. I know it’s hard to motivate yourself sometimes. And to get on the learning path again and again. But you know what’s it for.

I used InternetworkExpert and IPExpert for preparation. Cisco ASET Labs have been also a great help.

Graded labs are very valuable for preparation. Since you see directly what you did wrong and can then directly focus on topics which need improvement. So you can start learning what you don’t know and not what you know already. Big topic for me.

Thank you guys. Thanks for reading. Keep up. Stick to it.

Thanks to my wife for her support and letting me do this and my son for motivation.

CCIE 23664

Don’t know where to put the number. Which Font Type? They don’t tell you where to place the number, but you have to place the number somewhere…
The logo would be probably look better on a darker ground.

Source:

http://www.cisco.com/web/learning/le3/ccie/certified_ccies/logo_guidelines.html

DID IT! DID IT! DID IT! Can’t believe it still. I am happy. Long way has ended and new journey beginns. What a relief! Fantastic.

CCIE Number 23664. Yesterday in Brussels.

Just for rememberance, but might be important to know the type of authentication in the lab. OSPF know three different kind of authentications. Well to be honest, there are more, but only the first three are defined:

Type Authentication RFC

0        No Authentication                          [RFC1583]
1        Simple Password Authentication             [RFC1583]
2        Cryptographic authentication               [RFC2328]
3-65535  Unassigned

Important, OSPF know key rollover only for encrypted keys. If you have several neighbors with different key, rollover works on one interface, but only for encrypted keys. Wit EIGRP this is not possible. You will need a new interface for more than one neighbor with a different key.

Example for two neighbors with different encrypted keys each (sync can last up to 20 minutes, you have to be patient!):
int s1/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 CISCO1
ip ospf message-digest-key 2 md5 CISCO2

To configure type “0″ authentication use:

s1/0

ip ospf authentiation null

Source:

http://www.iana.org/assignments/ospf-authentication-codes

Hi,

here is the good news, thanks to my colleague pointing to.

Everyone who wants to try a graded lab, can do this for free, including a free 8 hours rack rental session .

http://www.imakenews.com/ipexpert/e_article001347969.cfm?x=bf96L3k,bcHBn6KQ,w

While IPExpert and proctorlabs has the grading feature for their labs, IE is now also the offering of the Poly Lab Assessment. I tried both and i can suggest both of them. While the Poly Lab is quite new, i tried it twice and the results have been interesting for learning. You can generate your own lab, depending on you skills. If you are novice, beginner, intermediate, advanced or expert in the different R&W topics. The lab questions are then generated on behalf of your skills. The difference to a mock lab is, that after you hit the grade button, your result will be generated in 5 minutes by tcl scripts. The mock lab will be graded by a human and you will get comments on your configurations.

The IPExpert labs have been also very interesting and grading has worked well.

You should try a graded lab. You will probably be astonished about how many errors you can make even with a first looking working configuration. That was for me also the most important thing. Since you will overlook many little errors looking at your own configuration. Many things you wont see that fast and the secure and more easy way to have a script grade you. Since it will not be able to overlook missing or wrong configurations parts. Very good for learning also.

If you are working at a Cisco Gold Partner, then you could also ask your Cisco SE for the ASET Labs. They have a grading machine in the back also from labgear.net. There are several different topics for about 4 hour sessions and also currently 6 different full time labs. All labs can be graded. These are very similar to the real labs, although they are not written by the CCIE Lab team from Cisco. But most important thing is, that you will get them for free and they come from Cisco. You can get about 72 hours per month lab time from Cisco. Even if you just want to lab some things out, this is possible on Cisco’s lab equipment.

If you want to get in touch with the real Labs, you can try the Assessor Lab from Cisco. The will cost you about 200$ each. Still only two four hour labs available, but is also good for a try.

Source:

http://www.internetworkexpert.com/ccie-routing-switching-poly-labs-assessment.htm

http://www.ipexpert.com/index.cfm/product/sku/CCIE_RS_Lab_Graded_Assessment

http://www.cisco.com/warp/public/765/download/pep/aset_qualify.html

http://www.cisco.com/web/learning/le3/ccie/preparation/assessor_details.html