Books and equipment for the sec lab

März 17th, 2009

I hooked up myself to „“ and have started to read some books. Still looking for other useful additions. Some of them have already arrived:

CIsco ASAA: All-in-one Firewall, IPS, and VPN Adaptive Security Appliance

IPSec VPN Design

Penetration Testing and Network Defense

Cisco Access Control Security: AAA Administration Services

Intrusion Prevention Fundamentals

Most of them have been published 3 – 5 years ago. Some things might have changed, but most of it probably not. Since there are no newer editions. ACS will stay the same on version 4.1 in the lab, also for version 3 of the . IPS will be version 6.1. Seems like there is currently no virtual installation possible, like for ASA 8.0 also, at least no fully functional version. But pix with 8.0 should do it also. And IPS 5.1.8 might have not that much changes. ACS 4.1 is available as a 90 day trial installation. You can either install on windows 2003 or windows 2000 with the following versions:

•Windows 2000 Server (English version only)

•Windows 2000 Advanced Server (Service Pack 4) without features specific to Windows 2000 Advanced Server enabled or without Microsoft clustering service installed (English version only)

•Windows Server 2003, Enterprise Edition or Standard Edition (Service Pack 1)


What’s next…

März 6th, 2009

Now it’s one week ago and i still sometime login to my cisco certification account and watch at the result of my exam. 🙂

But what comes next? Have you thought about this before? Forward-looking i was already thinking about taking another path. Did want to have more knowledge about security. I was think about Service Provider also. But this is not as close to me, as security is, in the sense of building up a network. I take the path from LAN to WAN then after R&S, Security comes first and after that Service Provider. Had also already more experience in security and side effects will be better for me with security, i think. Also in April the security lab, will have some interesting updates as the pix and the concentrator will be removed from the lab.

Well, i have my little family and my son is still small. But now he is already close to his first birthday. Time runs, as i can just notice often.

So i will take the time i can spare to start the security track and start learning in the near future.

I will have to build my rack and have already seen that most of the devices can be build with dynamips/dynagen, pemu and vmware. So i will share my buildup and proceedings and populate my blog with more security topics in the future.

Will have some holiday also, if you think now, i should take that first.

This is the story in short :-), CCIE R&S done

Februar 27th, 2009

Sitting here and still staring from time to time at the Cisco Certification Status Page. Cause i’m still in the process of realization.

After the lab the proctor told us, that the result would be there at 9 PM in the evening. Was still waiting the same evening until 11 o’clock, but got no mail regarding the grading. Then after i woke up the next morning, i got the mail from Cisco in my inbox, that the score result is available. The mail does not tell you anything about failing or passing the exam. I had to open my certification profile on the cisco website to see the result. Two times before i had failed the exam and this time i was not sure if i had passed. But i did it.

I was through the exam before lunch, except for 4 question, which i had just skipped and one left over question at the end. The key for me to success was time management.

In the previous attempts i was also spending to much time on tasks, while in the middle of the exam. This time i just skipped any question i was not able to solve right away and noted it for later processing.

So i got more and more confident with my overall performance in the lab and after lunch, i double checked everything and could spend the rest of the time to search DocCD and double or triple check all configurations. Also noted tasks, that i found suspicious of hidden elements, that i could not see first time looking at.

And it worked out. The technique was very important for me, cause i got more and more self confident while proceeding the lab tasks.

This all is a long story. I did not believe i would get that far.

I started my first attempt in Jan 2007, were i got the best score. But i wasn’t really ready, but still got quite close. But i was just to nervous. And could also not sleep the night before. I wanted to waste some money and asked for a reread after the lab, but with only very little success. They gave me some more points. I think for 250$ they can do this ;-), but i think i did not really had a chance.

Then the second attempt, i tried to time the lab just some days before the estimated birthday of my sun, but that has not been of any interest to him. He decided to came one week to early, and so he was born in April 2008 one week before my lab date, where i think i didn’t got much sleep again.

And now, after i got myself motivated again, and i know this can be hard, rearranged my own life a lot in this new situation, 10 months on my third attempt i did it. This is such a relief guys, i can tell you.

During this time a learned a lot on Cisco, IOS, employers and learning partners. How to learn and how to manage time while also working. Also for me, it was very important doing sports or other kinds of recovery activities. It’s also very helpful if you have an employer, who supports you and grants you time for learning. Even, if it’s only two weeks.

Had this sentence in my had from the beginning:

„Stick to it.“

Do not let you get discouraged. Look at those things you might not be that good and concentrate on them. I know it’s hard to motivate yourself sometimes. And to get on the learning path again and again. But you know what’s it for.

I used InternetworkExpert and IPExpert for preparation. Cisco ASET Labs have been also a great help.

Graded labs are very valuable for preparation. Since you see directly what you did wrong and can then directly focus on topics which need improvement. So you can start learning what you don’t know and not what you know already. Big topic for me. 🙂

Thank you guys. Thanks for reading. Keep up. Stick to it.

Thanks to my wife for her support and letting me do this and my son for motivation.

CCIE 23664 🙂

New logo

Februar 27th, 2009

Don’t know where to put the number. Which Font Type? They don’t tell you where to place the number, but you have to place the number somewhere… 🙂
The logo would be probably look better on a darker ground.



Februar 27th, 2009

DID IT! DID IT! DID IT! Can’t believe it still. I am happy. 🙂 Long way has ended and new journey beginns. What a relief! Fantastic.

CCIE Number 23664. Yesterday in Brussels.

OSPF authentication types

Februar 23rd, 2009

Just for rememberance, but might be important to know the type of authentication in the lab. OSPF know three different kind of authentications. Well to be honest, there are more, but only the first three are defined:

Type Authentication RFC

0        No Authentication                          [RFC1583]
1        Simple Password Authentication             [RFC1583]
2        Cryptographic authentication               [RFC2328]
3-65535  Unassigned

Important, OSPF know key rollover only for encrypted keys. If you have several neighbors with different key, rollover works on one interface, but only for encrypted keys. Wit EIGRP this is not possible. You will need a new interface for more than one neighbor with a different key.

Example for two neighbors with different encrypted keys each (sync can last up to 20 minutes, you have to be patient!):
int s1/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 CISCO1
ip ospf message-digest-key 2 md5 CISCO2

To configure type „0“ authentication use:


ip ospf authentiation null


Free graded lab by ipexpert including 8 hours rack access

Februar 20th, 2009


here is the good news, thanks to my colleague pointing to.

Everyone who wants to try a graded lab, can do this for free, including a free 8 hours rack rental session .,bcHBn6KQ,w

Graded Labs IPExpert / IE / Cisco

Februar 17th, 2009

While IPExpert and proctorlabs has the grading feature for their labs, IE is now also the offering of the Poly Lab Assessment. I tried both and i can suggest both of them. While the Poly Lab is quite new, i tried it twice and the results have been interesting for learning. You can generate your own lab, depending on you skills. If you are novice, beginner, intermediate, advanced or expert in the different R&W topics. The lab questions are then generated on behalf of your skills. The difference to a mock lab is, that after you hit the grade button, your result will be generated in 5 minutes by tcl scripts. The mock lab will be graded by a human and you will get comments on your configurations.

The IPExpert labs have been also very interesting and grading has worked well.

You should try a graded lab. You will probably be astonished about how many errors you can make even with a first looking working configuration. That was for me also the most important thing. Since you will overlook many little errors looking at your own configuration. Many things you wont see that fast and the secure and more easy way to have a script grade you. Since it will not be able to overlook missing or wrong configurations parts. Very good for learning also.

If you are working at a Cisco Gold Partner, then you could also ask your Cisco SE for the ASET Labs. They have a grading machine in the back also from There are several different topics for about 4 hour sessions and also currently 6 different full time labs. All labs can be graded. These are very similar to the real labs, although they are not written by the CCIE Lab team from Cisco. But most important thing is, that you will get them for free and they come from Cisco. You can get about 72 hours per month lab time from Cisco. Even if you just want to lab some things out, this is possible on Cisco’s lab equipment.

If you want to get in touch with the real Labs, you can try the Assessor Lab from Cisco. The will cost you about 200$ each. Still only two four hour labs available, but is also good for a try.


Nice learning resource for free: vLectures by ipexpert

Januar 24th, 2009

Just got a hint from a study college about these lectures, which are free and also interesting to have a look at. If you have the flash player installed and maybe sometimes like learning by watching Scott Morris or Marvin Greenlee explaining the following topics, then this is the right thing for you:

  • CCIE Related Topics: All Tracks
  • CCIE R&S Related Topics
  • Source:

    Changes to the CCIE lab exam

    Januar 18th, 2009

    Cisco has announced some changes to the CCIE exam. Especially to the CCIE lab exam for Routing and Switching. Other paths should follow. There will be an oral test within the 8 hours lab exam, about topics from the blueprint. Four to five questions will be asked by the proctor, to be answered by the candidate in about 10 – 15 minutes.

    Answers will be counted into the overall score of the lab exam.

    It seems Cisco want to find out those who just memorize solutions and can not tell anything about those topics, which are being currently configured. Everything is fair game and it’s a challenge and shouldn’t be to difficult if you have learned your lesson.

    Here is the part of the text from the Cisco Announcement:

    Effective February 1, 2009, Cisco will introduce a new type of question format to CCIE Routing and Switching lab exams. In addition to the live configuration scenarios, candidates will be asked a series of four or five open-ended questions, drawn from a pool of questions based on the material covered on the lab blueprint. No new topics are being added.