Apr
24

Introduction

In a continuing effort to protect the integrity of the CCIE program, Cisco has announced a major change regarding the retake policy of the CCIE Written and Practical Lab exams. These changes take effect on August 1, 2014. Assuming a candidate happens not to pass on their first attempt at either a written or a practical “lab” exam within a given track, the frequency with which they will be allowed to retake the exam will change dramatically from past allowances, effectively not allowing the candidate virtually ‘unlimited’ retakes within a single calendar year (more specifically, within 12 calendar months from the date of the first attempt).

Changes to CCIE Practical Lab Exam

Perhaps the most interest for most people will be the frequency with which one will be allowed to re-sit for a CCIE Lab exam. Assuming a candidate does not pass on their first attempt at a given lab exam, they will still be allowed to attempt to retake the exam after 30 days has elapsed. The major change comes with the possibility that the candidate does not pass on their second attempt – after this attempt they must now wait for another 90 days to make their third attempt. Unlikely, but assuming a failure on attempt three, and a need to sit for attempt four, the candidate must wait another 90 days. Same goes for attempt four to attempt five. After a very, very bad year whereby a need to appear a sixth time becomes necessary, the wait period goes up to a full six months between attempts. The changes can be seen in a screenshot from a recent webinar below (after the jump).
Continue Reading

Tags: , , ,

Apr
17

As many of you hopefully already know, the CCIE Routing & Switching certification blueprint is changing from version 4 to version 5 on June 3rd 2014. As this date quickly approaches, and as the last of the v4 lab seats are fully booked, it’s time to start planning your attack on the RSv5 blueprint.

While Cisco’s official blueprint for v5 is now more detailed that it has ever been in the past, it still lacks some details in certain areas, for example “Implement, optimize and troubleshoot filtering with any routing protocol.” Additionally it would be difficult to use Cisco’s blueprint for a study plan as it stands in its current linear format. For example “Layer 3 multicast” is listed before “Fundamental routing concepts”, which from a learning perspective doesn’t make sense, because you must understand unicast routing fully before you learn multicast routing. To help remedy this we’ve re-ordered and expanded Cisco’s blueprint into INE’s RSv5 Expanded Blueprint, which you can find below after the jump.

Our CCIE RSv5 Expanded Blueprint is meant to be used as a checklist that you can use as you go through your preparation. This way when you’re finally ready to attempt the lab exam, you can be assured that you’ve at least heard of all the topics in the scope, regardless of how obscure some of them might be. Additionally note that some topics listed below might appear only on the written exam and not the lab exam, such as MPLS Layer 2 VPNs or RIPng, but are still included in our content and the outline below.

The below outline will continue to be updated, so check back periodically during your preparation to see changes, adds, and removes.  Good luck in your studies!

INE’s CCIE RSv5 Expanded Blueprint

Continue Reading

Tags: , ,

Mar
17

Videos for the CCIE Security v4 Advanced Technologies Class are now available in streaming format for AAP members and as a downloadable course.

CCIE Security Version 4.0 adds new software version updates, as well as introduces new hardware platforms to the exam, such as ISE and WSA.  The hardware used in our new course is available through our CCIE Security Rack Rentals.  The playlist for the new CCIE SCv4 ATC is as follows.  A few minor topics are still in video post-processing and will be posted shortly.

  • Introduction
  • Recommended Study Resources
  • ASA Firewall Overview
  • ASA Basic Initialization
  • ASA IP Routing
  • ASA ACLs
  • ASA High Availability Overview
  • ASA Active/Standby Failover
  • ASA Multiple Context Mode Overview
  • ASA Multiple Context Mode Configuration
  • ASA Active/Active Failover
  • ASA Transparent Firewall
  • ASA Transparent Firewall & ARP Filtering
  • ASA Transparent Failover
  • ASA Modular Policy Framework (MPF) Overview
  • ASA Modular Policy Framework (MPF) Configuration
  • ASA Advanced TCP Inspection with MPF
  • ASA Advanced Application Inspection with MPF
  • ASA Quality of Service (QoS)
  • ASA Network Address Translation (NAT) Part 1
  • ASA Network Address Translation (NAT) Part 2
  • ASA Redundant Interfaces
  • Standard, Extended, Time Based, & Dynamic ACLs
  • Reflexive ACLs
  • TCP Intercept
  • Content Based Access Control (CBAC)
  • CBAC High Availability
  • Zone Based Firewall (ZBPF) Overview
  • ZBPF Configuration
  • Port to Application Mapping (PAM)
  • ZBPF Parameter Tuning
  • ZBPF Application Inspection
  • IOS Transparent Firewall
  • ZBPF Transparent Firewall
  • IPsec VPN Overview
  • IOS LAN-to-LAN IPsec Configuration
  • IPsec Verification & Troubleshooting
  • ASA LAN-to-LAN IPsec Configuration
  • IOS & ASA PKI Overview
  • IPsec & PKI Certificates
  • GRE over IPsec Tunnels
  • IPSec Profiles & Virtual Tunnel Interfaces (VTIs)
  • Easy VPN Overview
  • IOS Easy VPN Server
  • IOS Easy VPN Client
  • IOS Easy VPN with Dynamic VTIs, ISAKMP Profiles
  • ASA Easy VPN Server
  • ASA Easy VPN Server & IOS Easy VPN Client
  • ASA Clientless & AnyConnect SSL VPN
  • DMVPN
  • IPS Overview, Promiscuous Mode & SPAN
  • IPS Promiscuous Mode & RSPAN
  • IPS Blocking Devices & Custom Signatures
  • IPS Inline Mode, VLAN Pairing
  • IPS Virtual Sensors and Signature Engines
  • WSA Overview & Initial Setup
  • WSA Management, Identities, & Access Policies
  • WSA HTTP Session Processing
  • WSA Transparent Mode & WCCP L2 Mode
  • WSA Transparent Mode & WCCP GRE Mode
  • WSA HTTPS Decryption Policies
  • AAA Overview, Local AAA, & Role Based CLI
  • IOS AAA with ACS
  • ASA AAA with ACS
  • ACS IOS Auth-Proxy Authentication
  • ACS IOS Auth-Proxy Authorization
  • ACS ASA Cut-Through Proxy
  • ISE Overview
  • 802.1x, MAB, & EAP Overview
  • ISE MAB Authentication
  • ISE 802.1x & MAB Authorization
  • ISE 802.1x Authentication
  • ISE MACsec
  • ISE Central Web Authentication
  • ISE Profiling

						

Tags: , ,

Mar
12

The Application Control Engine (ACE) 4710 has been removed from our normal CCIE Data Center rack rental topology, and is now available as a standalone rack rental.  From now until Sunday March 23rd 2014 you can book ACE rack rentals for free.  To book ACE rentals, login to your http://members.ine.com account, click the Rack Rentals option on the left, and you should see the ACE scheduler as seen below:

Click the Schedule/Cancel Session button, and the calendar window will appear.  Select your start and end date, and if it is within the beta period it will show a zero token cost for the session.  Note that during the beta period you can only reserve blocks of 4 hours at the most.

ACE rack rentals include the following:

  • ACE 4710 Appliance
  • Catalyst 3750G Switch
  • 3 x Apache Server Virtual Machines
  • 1 x Windows Client Virtual Machine

The topology for ACE rack rentals looks as follows:

Although the ACE 4710 is End-of-Life, there is still a large install base of these boxes in the field. Even if you’re not preparing for the CCIE Data Center Lab Exam it can’t hurt to see how the ACE works, as other load balancers & application switches such as Citrix NetScaler or F5 Local Traffic Manager use the same type of logic for traffic switching.

Tags: , , , ,

Jan
16

Next Tuesday, January 21st 2014, at 10:00 PST (GMT 18:00) I will be continuing our vSeminar series on new topics for the CCIE R&S v5 Blueprint, which will focus on IPv6 First Hop Security.  You can sign-up for this seminar here.  Additionally the link to attend is available at the top of the dashboard when you login to the INE Members Site.

The upcoming session will focus on security exploits and attack mitigation techniques that relate to IPv6 Neighbor Discovery, Stateless Address Autoconfiguration, and DHCPv6, just to name a few. This session will also include both theory and live implementation examples on the Cisco IOS CLI.  This session is expected to run approximately 2 – 3 hours in length.

Please feel free to submit topic requests for additional upcoming vSeminar sessions below.  I hope to see you in class!

Tags: ,

Jan
13

We’ve been putting a lot of time into development for quite a while now on the new CCIE Collaboration blueprint and wanted to share with you a few updates. If you’ve taken a look at the blueprint anytime recently, you know that there is quite a lot of material to be covered, and that a simple 5-day class would never suffice. So we’ve put together a new class that is extremely thorough, spanning a 10-day period, and we wanted to share with you the updated outline for the class structure as well as a sample class topology and list of equipment that we will be using, since many of you have been emailing and asking in our forums about what to buy in order to host your own rack.

CCIE Collaboration 10-Day Bootcamp Dates, Locations and Outline

Sample Classroom Diagram

Sample Equipment List

Keep watching for more updates as we get closer to releasing new material.


UPDATE: Current customers that have the All Access Pass can already view two 4-hour classes that will assist with a few of the subjects. The first related to a (now outdated by GDPR, but still on the exam) technology known as CCD over SAF and also a CAC mechanism known as SIP Preconditions. The second – while not tested on the lab per-se (students have no access to UCS C-Series CIMC), but certainly covered in-depth on the written exam – is UC on UCS.

Tags: ,

Dec
19

The recording of last week’s seminar on Introduction to DMVPN for CCIE R&S v5 Candidates is now available to view here.  This is the first of many new free seminars on new topics that have been added to the CCIE R&S version 5 blueprint.  New upcoming sessions will include IPv6 First Hop Security, IPsec LAN-to-LAN tunnels, GET VPN, IGP Convergence & Scalability, and BGP Convergence & Scalability, just to name a few. Feel free to submit requests for additional topics in the comments below.

 

Good luck in your studies!

Tags: , , , ,

Dec
18

We’ve heard you loud and clear, and we understand that gaining access to Nexus 7000s, Nexus 5000s, UCS and Storage for hands-on practice is probably one of the more difficult parts of studying for the CCNA/CCNP and CCIE Data Center certifications. That’s why we’re happy to announce that we have just added 5 new DC racks available for rental immediately.

Enjoy – and remember to lab responsibly this holiday season.

Tags: ,

Dec
05

Tomorrow, December 6th 2013, at 10:00 PST (GMT 18:00) I will be running a free live online session on Introduction to DMVPN for CCIE R&S v5 Candidates.  You can sign-up for this seminar here.  Additionally the link to attend is available at the top of the dashboard when you login to the INE Members Site.

This session is the first of many to help candidates transition from the current CCIE R&S v4 Blueprint to the recently announced CCIE R&S v5 Blueprint that goes live on June 4th 2014. We will continue to run additional sessions in the future on new topics that have been added to the CCIE R&S v5 Blueprint, such as IPv6 First Hop Security, IPsec LAN-to-LAN tunnels, GET VPN, IGP Convergence & Scalability, and BGP Convergence & Scalability, just to name a few.  These sessions are not only applicable to CCIE R&S v5 candidates, but also to those pursuing the CCNA, CCNP, or CCIE Security tracks, as well as for everyday engineers looking to apply these technologies in their production environments.

Tomorrow’s session will focus on the theory of what Dynamic Multipoint VPN (DMVPN) is, what problems it was designed to solve, and where it fits in the overall network design as compared to other technologies such as MPLS Virtual Private LAN Service (VPLS) or MPLS Layer 3 VPNs.  The session will also include live implementation examples of DMVPN on the Cisco IOS CLI.  Expect this session to run somewhere around 2 – 3 hours in length.

I hope to see you there!

Tags: , , , ,

Dec
03

Today Cisco posted their official announcement on the upcoming changes for CCIE Routing & Switching Version 5.  The majority of the announcement is along the same lines as previously rumored changes, except for the official launch date, which is now scheduled for June 4th 2014.  This should bring a great sigh of relief to you if you’re currently nearing the end of your CCIE R&S v4 preparation, as you now have a 6 month window to pass the v4 lab exam before the change to v5 occurs.

Specifically the announcement details changes to technical topics covered both in the written and lab exams, the equipment used, as well as the exam format, as follows:

Technical Topic Changes

New Lab Topics:

  • Interpreting Packet Captures
  • Bidirectional Forwarding Detection (BFD)
  • Multi Address Family (AF) EIGRP
  • Dynamic Multipoint VPN (DMVPN)
  • IPsec
  • IPv6 First Hop Security

Of the new topics announced, the big ones are DMVPN and IPsec.  These are specifically listed as DMVPN Single Hub and IPsec with Pre-Shared Keys, so the scope is not nearly as large as the CCIE Security.  If you don’t yet know what any of these terms mean, don’t worry, you soon will ;)

Topics moved from the Lab to the Written:

  • IPv6 Multicast
  • RIPng
  • IPv6 Tunneling
  • IOS AAA with TACACS+ and RADIUS
  • 802.1x
  • Layer 2 QoS
  • Performance Routing (PfR)

Topics completely removed:

  • Flexlinks
  • ISL
  • Layer 2 Protocol Tunneling
  • Frame-Relay
  • WCCP
  • IOS Firewall
  • IOS IPS
  • RITE
  • RMON
  • RGMP
  • RSVP QoS
  • WRR/SRR

For topics removed, there are three killer areas here: Frame Relay, PfR, and Layer 2 QoS.  Frame Relay’s removal is no surprise, as Ethernet based last mile access solutions such as Metro Ethernet and Virtual Private LAN Services (VPLS) have exploded in the past few years and have eclipsed legacy methods such as DS3 Frame Relay.  From a technology design point of view though, a lot of the Frame Relay theory transfers directly over to DMVPN, as DMVPN could be thought of as a way to emulate legacy hub-and-spoke network designs over a public transport.

As for PfR’s removal, this one is a bit of a surprise, and I can already hear Brian Dennis’s screams of agony:

While the general idea of PfR is great, I’ve never seen it implemented other than in very small scale environments due to the management complexity.  You have to give Cisco credit though, as PfR is essentially SDN version 1.0, and now a very large portion of the industry is focused on this type of application.

The other large change here is the removal of Layer 2 QoS.  While this is still a very important topic, the problem with L2 QoS is that it is highly platform dependent, and the way that Catalyst 29xx/35xx/45xx/65xx implement L2 QoS is generally unique to each.  Therefore in the interest of platform independence and virtualization, L2 QoS gets the axe.  This brings us to our next topic, which is the hardware changes in the new blueprint.

Equipment Changes

As previously rumored, the new CCIE R&S v5 equipment is going all virtual.  As CCIE R&S v4 had already been using virtual IOS for the troubleshooting section of the exam, this should come as no surprise. The biggest implication of this change is that the size of the topology is now arbitrary.  I wouldn’t be surprised going into the exam and seeing a configuration section with 20+ routers in the topology.

The other implication of this change is that certain features can no longer be tested on, as they’re not supported in the virtual IOS.  Those topics that can’t be tested, such as Layer 2 QoS or Flexlinks, are now explicitly excluded from the topic scope of the exam.

Format Changes

Last but not least, a new testing section has been introduced into the R&S v5 lab exam format.  While the written exam format stays the same, the lab now includes a “diagnostic” section, which focuses on the diagnosis and resolution of network issues from a more high level point of view.

This new section won’t use equipment, but instead will present the candidate with information such as network diagrams, CLI outputs, log outputs, traffic captures, and email exchanges, based on which they will be expected to diagnose a presented network problem.  Based on the description in the announcement, I would assume that this format is going to be similar to the CCDE Practical Exam testing format, which tests analytical skills without the need of access to actual devices CLI.

Another minor change to the exam is how the timing of sections works.  In the v4 format, candidates had a maximum of 2 hours to complete the troubleshooting section, and a minimum of 6 hours for the configuration section.  If the candidate used less than 2 hours in troubleshooting, the extra time rolled over to the configuration section.  In the v5 format this changes along with the addition of the diagnostic section.

In v5, candidates will have a maximum of 2.5 hours to complete troubleshooting, a fixed 30 minutes for the diagnostic section, and the rest to complete configuration.  Any time less than 2.5 hours used in troubleshooting will be credited towards configuration.  For example if a candidate uses only 1.5 hours in troubleshooting then the configuration section would be 6 hours, which along with the .5 hour of diagnostic adds up to a total of 8 hours for the exam.

How Does This Affect Me As An INE Customer?

The good news is that if you’ve purchased and of the R&S v4 products from INE, you’re covered for the v5 products.  You won’t have to pay anything to upgrade to the v5 products, including the Bootcamps.  If you already attended a v4 bootcamp and want to resit a v5 bootcamp, there’s no charge for it.

As it’s no secret that Cisco’s blueprint changes have been in the works for quite some time, as have INE’s plans for the v5 update.  We have a bunch of new exciting product updates and more importantly new product features that we’re going to be launching along with the v5 product updates.  More information will be available about these updates in the coming weeks.

In the short term I’m going to be running a free online class this Friday – December 6th 2013 – at 10:00 PST (GMT –8) on Introduction to DMVPN for CCIE R&S Candidates.  I’ll post another blog update tomorrow with more information on this.

 

 

Tags: , , ,

Categories

CCIE Bloggers