Posts Tagged ‘ask-the-expert’


Tags: , , ,


Thank you to all those who have submitted questions and comments to our blog and our CCIE Instructors. If you have a question, please email them to

Question 1:

Can anyone explain what is VPN intercept?

Bhavik Joshi

VPN Intercept can mean a few different things, depending on the specific context.

One interpretation is from a driver perspective, where a VPN connection breaks the binding between TCP/IP and the physical interface, acting as a shim.  See also:

Another meaning can be in regards to intercepting SSL traffic.

Continue Reading

Tags: , , , ,


Looking over the questions asked to Maurilio Gorito during the latest R&S Ask The Expert Session, I tried to summarize some information and outline the new exam format. Here is how it looks to me so far.

The exam consists of three sections. A candidate must obtain the PASS mark in *every* section in order to pass the exam. All three sections are tested in sequence and grading occurs in the end of the exam. Even if the candidate fails in any of the section, he won’t know about this until the exam ends and grading has been performed. A candidate may finish any section in advance and move forward to the next section, which might be considered a time-management strategy. However, the candidate is not allowed to return to any previous section after it’s finished.

The following is the list of the exam sections:

(1) Open Ended Questions (OEQ) (0.5 hours): Four questions in total; A candidate needs to answer three questions out of four correctly to get the PASS mark in this section. A human grades the results. Most times, an answer could be as short as two or three words. Questions deal with the understanding of the theoretical concepts of the lab exam and don’t require intensive memorizing. The only tool the candidate has access to will be Windows Notepad, and no access to the DocCD is provided during this section.

(2) Troubleshooting Section (2 hours). Initial configurations are loaded in the candidate’s rack, and the candidate is presented with a troubleshooting scenario, formatted as a series of trouble-tickets. Additionally, L2/L3 & IGP diagrams are presented for reference. The section consists of approximately 10-15 tickets. Every ticket has point value associated with it and tickets DO NOT depend on each other (this is important to avoid cascading effects). The results are graded by the verification script and confirmed by a human. A relative score of 80% of the total section score must be obtained to get the PASS mark for this section. It is important to understand that this section is completely independent of Configuration section that follows.

(3) Configuration Section (5,5 hours). This is a new scenario on a new logical topology, different from the one presented during the Troubleshooting section. Of course, this section has its own initial configuration, which most likely includes IP addressing and basic IGP/BGP settings. The formatting is similar to the old exam, with the tasks, point allocation per task, diagrams and so on. 
The approximate number of tasks here is 25-30. The section results are graded by the verification script and confirmed by a human. A relative score of 80% must be obtained to get the PASS mark for this section.

It is rumored, by not confirmed officially that the OEQ section has 21 points and the Troubleshooting + Configuration section has 79 points allocated. This allocating may probably change with time, but apparently the fact that all task points sum to 100 remains true. And again, you have to obtain approximately 80% points in every section (around 80 points total) to pass the exam.

Finally, for the new topics being added to the exam. It appears that major stress will be on new routing features, such as MPLS VPN and EIGRPv6. However, the MPLS VPN tasks will be pretty basic, not covering any advanced scenarios such as CsC, InterAS VPN, mVPN, MPLS TE and so forth. For the other new technologies added to the lab:

1) PfR (Performance Routing). Should be pretty basic, and does not require any deep knowledge of PfR. Will not appear in all labs.
2) Security feautures: IPS and Zone-Based Firewall are NOT covered in-deph as well. Only basic configuration of the IPS feature is required with no deep understanding of the signature engines and signature tuning. Most likely you just need to know the basic configuration scenarios and be able to copy-adapt-paste the configuration samples from the DocCD.
3) 802.1x IBNS. All you need is to know how to set up the 802.1X control. No RADIUS server will be present in the lab, so this part is pretty basic as well.
4) SDM will not be present in the lab ISRs, so all configurations are purely CLI-based.

I’ll be updating this post to reflect any new information posted in the NetPro forum thread.

Tags: , , ,


The “Ask the Expert” sessions are open question and answer sessions with the an actual CCIE lab proctor. The excerpts below were taken from the most recent session.

In regards to security topics on the exam:
The security topics listed below are defined by the R&S lab blueprint and make up about 6-8% of the exam:

1. AAA
2. Security server protocols
3. Traffic filtering and firewalls
4. Access lists
5. Routing protocols security, catalyst security
7. Other security features

In regards to IP Services topics on the exam:
Cisco is not testing Mobile IP. VRRP and GLBP will fall under IP/IOS Features. The total points for this section are around 8 points which includes all other content.

In regards to how the lab tasks need to be completed and how the lab is structured:
There is no mandatory order in which you must complete the exam. You can start in any section, skip sections, and come back to sections at a later time. The exam is structured on a basic flow such as: Switching, IGP, IP/IOS Features, QoS, Multicast, Security and BGP. But again you can do it in any order. Naturally some sections, such as IGP, depend on Switching, so it is suggested that you start with Switching to build the basic foundation, then start with the basic IGP. Later, you can come back and complete the more advanced features on Switching or IGP.

In regards to DVMRP on the lab:
Learn the basics of DVMRP as this topic is not explored in depth on the exam.

In regards to Layer 2 Multicast features (IGMP Snooping, MVR, etc):
You should consider looking at the L2 Multicasting as well when preparing for the exam. Consider looking at Cisco’s Configuring IP Multicast Routing

In regards to adding extra configurations and aliases:
You are not penalized for adding extra configurations as long as this will not break a specific restriction. Aliases don’t need to removed if they do not interfere with accessing the device when the exam is over.

In regards to the cabling of the network and diagrams:
The physical connections are pre-cabled so you don’t need to touch them. In some lab locations the racks are remote so you will not even see them. If you suspect you have a physical problem, ask the proctor to verify it for you. The lab document has L1/L2 diagrams for the physical connectivity as well as an IP or topology diagram and an IP Routing diagram.

In regards to any upcoming lab changes:
There are currently no expected changes regarding the CCIE R&S lab exam. Both the lab blueprint and hardware specifications are expected to stay the same for the next year. Any changes will be announced 5 to 6 months in advance.

In regards to no CCIE labs dates in Sydney, Australia:
Currently the lab location in Sydney, Australia is only staffed by a part-time proctor and therefore only offers limited date availability. Cisco is actively looking for a full time proctor and expects the facility to offer greater lab availability beginning first to second quarter of 2008.

In regards to how points are awarded in the exam:
You are marked down points for incorrect questions, not for entire sections. Suppose you have 4 questions within the QoS section with point totals of 2, 2, 2, and 3 for a total of 9 points. If you get the first 3 correct for this section you would receive 6 points or around a 66% for that section.

What is the acceptable late arrival to the exam center?
If you arrive within the first 2 hours after the exam has begun you can still take the exam but no extra time will be allotted. Arriving after the 2 hour mark you will no longer be eligible to take the exam. If you are traveling to take the exam it is suggested you to plan to arrive the day prior to the day of your exam.

What items are allowed or not allowed in the lab environment?
All personal items must be removed from your person before entering the lab environment, but make sure to bring your identification, as it will be required to register at the reception area prior to the exam. Pen, pencils, scratch papers, etc will be available for you at the lab location. Food and drinks are generally not allowed, unless they are pre-approved by the proctor.

Is food provided by Cisco?
Lunch is provided by Cisco, in either a restaurant style cafeteria or ordered and brought to the facility for you.

What are the bathroom/washroom access policies?
Cisco provides washrooms/bathrooms and break rooms near the lab environment, accessible for the duration of the exam, however only one lab candidate is allowed at a time.

What types of questions may be asked of the proctor?
You can ask any question that you feel you need clarification on. Proctors are there to help you understand the questions and requirements presented by the test material.

Can we report the proctor for a bad performance, or is there someone else to question regarding hardware issues?
Any issue that you feel has negatively affected your exam can be reported to Cisco customer service. All hardware related questions or concerns must be brought to the proctors attention during your lab session. If a problem does in fact exist, any time required to repair the issue will be added to your lab session.

What will happen if tasks within the test conflict with another section of the exam?
If you find that you must configure a device in a way that would affect a previous task restriction, make sure to bring up your concern with the proctor, who will be able to advise you regarding the situation.

Tags: , , ,


CCIE Bloggers