Posts Tagged ‘update’


This morning I’m in Las Vegas for Cisco Live 2016, and am attending TECCCIE-3644 – CCIE DC Techtorial which focuses on the new CCIE Data Center v2 updates.

I’m live blogging the session so please feel free to submit your questions for the CCIE team as a comment here and I’ll try to get an answer for you.

Slides from the session are available here.

Final Update - UCS M4308 is no longer part of the topology (device is End of Sale). The official blueprint has been updated to include the following software packages and versions:

  • UCS Software Release 3.x Fabric Interconnect
  • Cisco Data Center Manager Software v7.x
  • Application Policy Infrastructure Controller 1.x
  • UCS Central 1.x
  • Cisco Integrated Management Controller 2.x
  • UCS Director 5.x
  • ASAv 9.x

Update 8 – 14:08PDT - Access to ESXi, VCenter, and CIMC will be allowed in v2 lab exam for troubleshooting tasks such as Nexus 1000v.

Update 7 – 14:03PDT - UCS Central will be tested on in the lab.

Update 6 – 13:55PDT - UCS will be running 3.x, not 2.x as currently listed on the blueprint.

Update 5 – 11:30PDT - Starting Storage Networking now. Interested to see what the scope is going to be now with the MDSes removed and the N9K’s added.

Update 4 – 09:15PDT - One major format change for the CCIE DCv2 Lab Exam is the introduction of the Diagnostics section, similar to other tracks such as RSv5. Here are some highlights and demo questions illustrating the format of the Diag section.

  • Diag section consists of one or more independent Tasks.
  • Each Task can have one or more Questions.
  • Questions are typically 1 point apiece, but could be 2 or 3 points.
  • Each Question within a task is graded individually. It is possible to get Task 1 Question 1 wrong but still get Task 1 Question 2 correct.
  • The goal is to reach the minimum cut score, but the cut score is not published and changes between specific exam deliveries.
  • Questions have deterministic answers. There is typically only one correct answer, but it’s possible that two answers are correct (e.g. multiple choice multiple answer). You must sort through all the information and find what is relevant and what is irrelevant.
  • You CAN go back and forth between tasks and questions in diagnostics section, and you CAN change your answers.
  • All information is needed is provided at once for each task. This is not the same as the CCDE engine where you get additional information as you go on

The exam starts with a intro screen with basic instructions. Once you click Begin Lab the 60 minute timer starts counting down. If you finish early, you cannot currently add extra time to the Configuration section.

An example Task for vPC, with an example Question. “Identify which command on which device provides the most important information about the root cause of this issue?”

An example answer, “Device SW13 Command line show feature | i vpc”. This demonstrates that the question and answer are deterministic, as only one possible answer is allowed for this task. Similar for Question 2 of this task, which uses a radio button for a multiple choice single answer.

An example “Hot Spot” type question. Task 2 asks “Considering all information provided point and click on the location in the topology that is responsible for causing the reported symptoms”. Answering this question assumes that you have sorted through the relevant problem description and relevant CLI outputs from the various devices.

Update 3 – 08:57PDT - Timing of the Diagnostics and Configuration/Troubleshooting section are different from the R&S exam. Diagnostics is fixed at 60 minutes, and Config/TS is fixed at 7 hours. If you finish Diag early, you cannot add this additional time to Config/TS.

Update 2 – 08:30PDT - Grading is done manually by the proctors. Automated tools are used to gather information, but ultimately the pass/fail decision is up to the proctor. Tasks can have multiple solutions, and grading does check for this. Just because your solution works doesn’t mean it’s right. You have to meet the requirements of the question!

Update 1 – 08:29PDT - Don’t change the device passwords otherwise they can’t grade the exam.  Hopefully this is self explanatory :)

Me with CCIE DC #1 – Robert Burns

I actually came straight from our Data Center in Reno NV installing our new CCIE DCv2 equipment.

Tags: , ,


Finally, Cisco has made the official announcement on the upcoming changes for CCIE Security Version 5. Both the written exam and the lab exam will be changes go live starting 31st of January 2017, which gives you the usual 6 months window to pass the Version 4 exam, before the change to Version 5 occurs.  As opposed to the old blueprint, there are major changes in both the technical content and exam delivery format.

As expected, the new exam topics are inline with Cisco’s current Security product line with pretty much nothing missing. Yes, you got that right! Also, as expected, Cisco is trying to push the same exam delivery model for all CCIE tracks.

Blueprint Technical Topic Changes

We now have a Unified Exam Blueprint,  covering topics for both the written and lab exam, similar to the change that was introduced with CCIE Data Center Version 2. The Blueprint for Version 5 is divided into 6 sections, with the last one being relevant only for the written exam:

  • Perimeter Security and Intrusion Prevention
  • Advanced Threat Protection and Content Security
  • Secure Connectivity and Segmentation
  • Identity Management, Information Exchange and Access Control
  • Infrastructure Security, Virtualization and Automation
  • Evolving Technologies*

*Written exam only

Topics removed from both written and lab exams:

  • EzVPN is out now, as expected, Cisco is moving forward to its AnyConnect (IPsec and SSL) Remote Access VPN Client
  • Legacy IPS, or Cisco’s old IPS technology, is out now as well

There are many topics added to the current blueprint. As we no longer have different blueprints for the written and the lab exams, it means that what’s in the blueprint can show up in both exams. Although based on the lab exam equipment changes, some technologies cannot be configured in the lab exam, you might still get questions about these technologies in the new Diagnostic section of the lab exam. This means that you should be prepared for the technologies as per the blueprint, for both exams.

New Version 5 Topics:

  • FirePOWER
  • ASA Clustering
  • NAT for IPv6
  • Cloud Web Security (CWS)
  • Email Security Appliance (ESA)
  • Content Security Management Appliance (SMA)
  • Advanced Malware Protection (AMP)
  • OpenDNS
  • Lancope
  • Virtual Security Gateway
  • TrustSEC with SGT and SXP
  • ISE Personas with multimode deployment
  • MDM Integration with ISE
  • pxGRID
  • Wireless concepts such as FlexCONNECT and ANCHOR
  • NetFLOW/IPFIX and eStreamer
  • APIC-EM Controller
  • RESTful API in scripting languages such as Python
  • Evolving Technologies (Cloud, SDN and IoT) being only in the written exam

Lab Exam Equipment Changes

As previously rumored, in Version 5 we have more equipment going virtual:

  • FirePOWER Management Center version 6.0.1 and/or 6.1
  • FirePOWER NGIPSv version 6.0.1
  • Cisco FirePOWER Threat Defense version 6.0.1
  • FireAMP Private Cloud
  • Cisco ASAv version 9.1
  • Cisco Application Policy Infrastructure Controller Enterprise Module version 1.2
  • Email Security Appliance (ESA) version 9.7.1
  • IOSv L2 version 15.2 (which is virtual IOS for layer 2)
  • IOSv L3 version 15.5(2)T (which is virtual IOS for layer 3)
  • Cisco CSR 1000v version 3.16.02S
  • Cisco Unified Communications Manager version 8.6(1)

Other virtual devices have been kept from previous blueprint, with a version change:

  • Cisco Identity Services Engine (ISE) version 2.1.0
  • Cisco Secure Access Control System (ACS) version
  • Cisco Web Security Appliance (WSA) version 9.2.0
  • Cisco Wireless Controller (WLC) version 8.0.133
  • Test PC is Microsoft Windows 7
  • Active Directory is running on Microsoft Windows Server 2008
  • AnyConnect version 4.2

As for physical devices we have the following devices in Version 5:

  • Cisco Catalyst Switch C3850-12S 16.2.1 version 16.2.1
  • Cisco Adaptive Security Appliance: 5512-X version 9.6.1
  • Cisco 2504 Wireless Controller: 2504 version
  • Cisco Aironet1602E version 15.3.3-JC
  • Cisco Unified IP Phone 7965 version 9.2(3)

FirePOWER is the major new addition, where we have both the FirePOWER NGIPS and the FirePOWER Threat Defense (unified code for ASA and FirePOWER Services) being added, alongside with FirePOWER Management Center as the management platform. FireAMP will also be present through the private cloud appliance, used for advanced malware protection through big data analytics, policies, detections, and protections stored locally on premises.

ASA Firewall is now present through the physical model of ASA 5512-X, and the virtual model of ASAv. Addition of APIC-EM, which supports both the physical and virtual ASA models, is clearly interesting, being a strong proof about Cisco’s vision moving forward, which is clearly the adoption of SDN technologies in the Enterprise market.

As expected, ESA has been finally added to the game, as even in version 4 it was supposed to be in the lab exam, but Cisco decided in the end to skip it.

Routers and switches are now virtualized through IOSv for Layer 2/Layer 3 and CSR 1000v, exception being the 3850 switch model which most probably is there for some TrustSEC features not supported by virtualization (MACsec, SGT, SXP).

Finally, I would assume that the only scope for the Cisco Unified Communications Manage being in a Security CCIE lab, is for the IP Phone to register, which means you need zero knowledge about this technology.

Lab Exam Format Changes

The new lab exam format follows up with Cisco’s current vision of exam delivery, aimed to properly test you on different set of skills.  The format is the same that was introduced with CCIE R&S Version 5, but of course with the Security technical topics instead of R&S ones.

The eight-hour lab format is now divided into three modules with order of the modules being fixed as follows:

  • Troubleshooting module
  • Diagnostic module
  • Configuration module

Troubleshooting Module

  • It’s 2 hours in length, you can optionally borrow 30 minutes from the configuration module.
  • By the name, it’s a troubleshooting section, where you’ll be given a certain number of tickets/incidents that you need to fix. There is no inter-dependency between tickets and you can fix tickets in whatever order you want. You have access to devices consoles in order to reconfigure the network and fix the problems.
  • This module is aimed to test your troubleshooting technical and methodology skills, and the ability to fix a problem from an unknown network topology within fixed allocated time.

Diagnostic Module

  • It’s 1 hour in length, and you cannot extend it
  • By the name, diagnostic, it’s still a troubleshooting section, but in a different format; you’ll be given a certain number of tickets/incidents that you need to fix, there is no inter-dependency between tickets and you can fix tickets in whatever order you want; challenge is that you have NO access to devices console, instead, for each ticket, you’re being given many inputs (e-mail threads, diagrams, logs, traffic captures), out of which you have to diagnose the problem and select the correct answer(s)
  • This module is aimed to test your ability to analyze and correlate multiple inputs related to a network problem within fixed allocated time, and without being given access to the devices you need to identity the root cause

Configuration Module

  • It’s 5 hours in length, but it can be 4.5 hours if you extended the troubleshooting module
  • By the name, it’s a configuration section, where you’ll be given a certain number of configuration tasks, with access to devices console to implement the given requirements; this is nothing else but what was in version 4 the actual exam itself, as it had only one module; there will be dependencies between tasks, some of them will be explicitly stated, some of them you’ll have to figure it, are implicit
  • This module is aimed to test your understanding of a solution design and architecture, of the traffic flows and dependencies within a network when multiple technologies are combined, ability to understand network requirements and translate it into working configuration within fixed allocated time

Passing the Lab Exam

In order to pass the lab exam, two conditions need to be satisfied:

  • Pass each module, score enough points in each module to meet the minimum cut score for the module
  • Total number of gained points must equal the minimum overall cut-score criteria

As each individual module tests you on different set of skills, though for the same technologies, the first criteria make sense, having to pass each module. This is to ensure that you have proved being an expert not only from the technology point of view, but also through the fact that you can make use that knowledge to fix various types of problems, being challenged in different ways. The minimum cut-score for each module is unknown, most probably because it could vary between different lab exam versions; for example you might get a more complex Diagnostic section with a lower minimum cut-score, or a less complex Diagnostic section with a higher minimum cut-score.

The second criteria also make sense, the minimum overall cut-score. This is probably to ensure that you don’t pass the exam if you passed each individual module with close to exactly the minimum module cut-score. Basically you can have a PASS for each module, but a FAIL for the exam. What this means, is that in order to have a PASS for the exam, you need to score more than the minimum cut-score for all modules, or only for some modules.

Although it might seem that you’re walking in blind, you go to the lab exam without knowing how many points are required to pass and in which of the three modules, this new lab exam format also has some benefits:

  • It gives flexibility, as you can score less points in one module because of being less prepared or less knowledgeable, and more points in other modules
  • It gives you a better focus, as you’re no longer chasing points in the exam, you’re now chasing to do your best in each module and prove your skills; this also implies a strategy change for the lab approach
  • By passing the current lab exam format, you’ve become an expert in the field, with certified skills required to implement Cisco’s technologies into today’s and tomorrow’s networks

In conclusion, it’s now clear that if you want to become CCIE Security Version 5 certified, you will need more FirePOWER.

Tags: ,


Cisco has just announced CCIE Data Center Written and Lab Exam Content Updates.Important dates for the changes are:

  • Last day to test for the v1.0 written – July 22, 2016
  • First day to test for the v2.0 written – July 25, 2016
  • Last day to test for the v1.0 lab – July 22, 2016
  • First day to test for the v2.0 lab – July 25, 2016

Key hardware changes in the v2.0 blueprint are:

  • APIC Cluster
  • Nexus 9300
  • Nexus 7000 w/ F3 Module
  • Nexus 5600
  • Nexus 2300 Fabric Extender
  • UCS 4300 M-Series Servers

Key technical topic changes in the v2.0 blueprint are:

  • EVPN
  • LISP
  • Policy Driven Fabric (ACI)

More details to come!

Tags: , ,


Troubleshooting Lab 3 and Full Scale Lab 3 have now been added to the CCIE RSv5 Workbook!

The new Troubleshooting Lab 3 uses the Full Scale Lab 1 logical topology, but breaks all of the protocols you’ve previously built. I suggest you take your time with each ticket so that you can fully digest why each fault occurs. Practice your time and knowledge skills by taking the Troubleshooting Lab 3 challenge!

Full Scale Lab 3 is built on a brand new logical topology, and has a strong focus in MPLS and BGP technologies. The solution guide features detailed breakdowns of each topic domain to give you a better understanding of the solutions used to solve each task. Keep in mind that there are multiple ways to solve most problems.

For discussion on these new labs visit our online community, IEOC.


Tags: , ,


New videos are now available on the CCIE RSv5 Advanced Technologies Class playlist.  Also, the RSv5 ATC continues this week at 08:00 PDT (15:00 UTC) daily with Advanced OSPF, DMVPN, Redistribution, and BGP.  You can join the class here at

The following videos are now available on the playlist, with more to come shortly:

  • CCIE RSv5 Advanced Technologies Class Introduction
  • CCIE RSv4 to RSv5 Changes
  • CCIE Preparation Resources & Strategy
  • LAN Switching Introduction
  • VLANs & Trunking
  • VLAN Trunking Protocol (VTP)
  • VTP Version 3
  • EtherChannel
  • Layer 2 EtherChannel Configuration
  • Layer 3 EtherChannel Configuration
  • Spanning-Tree Protocol
  • Optional Spanning-Tree Features
  • Rapid Spanning-Tree Protocol
  • Multiple Spanning-Tree Protocol
  • WAN Circuits
  • PPP over Ethernet (PPPoE)
  • IPv4 Routing
  • Policy Based Routing
  • IP SLA & Enhanced Object Tracking
  • GRE & IP in IP Tunneling
  • Classic EIGRP
  • EIGRP Named Mode
  • EIGRP Classic Metric Calculation
  • EIGRP Wide Metrics
  • EIGRP Traffic Engineering & Unequal Cost Load Balancing
  • EIGRP Classic Authentication
  • EIGRP Automatic Key Rotation
  • EIGRP Named Mode Authentication
  • EIGRP Summarization
  • EIGRP Traffic Engineering with Summarization
  • EIGRP over DMVPN

Tags: , ,


Today it’s official, the CCIE RSv5 Lab Exam and Written Exam are now live! Additionally the recordings in INE’s CCIE RSv4 to RSv5 Transition Technologies Class playlist along with the first week of the CCIE RSv5 Advanced Technologies Class playlist are now available on the INE Members Site.

All Access Pass members will have streaming access to both playlists, while if you purchase the new CCIE RSv5 Advanced Technologies Class you will have download access to both playlists.

The next live class session for RSv5 ATC is Monday June 16th, starting at 08:00 PDT (15:00 UTC).  Anyone with streaming or download access to the RSv5 ATC can attend the live class sessions.

As the class progresses the new recordings will be posted to the playlist on a weekly basis. Currently the playlists contain the following topics:

CCIE RSv4 to RSv5 Transition Technologies Class

  • CCIE RSv4 to RSv5 Transition Technologies
  • CCIE RSv4 to RSv5 changes
  • Embedded Packet Capture (EPC)
  • IPsec VPNs Overview
  • Configuring IPsec VPNs
  • IPsec Verification & Troubleshooting
  • IPsec GRE & VTI Tunnels
  • DMVPN Overview
  • DMVPN Configuration
  • DMVPN and IPsec
  • DMVPN Phase 1
  • DMVPN Phase 2
  • DMVPN Phase 3

 CCIE RSv5 Advanced Technologies Class

  • Introduction
  • CCIE RSv4 to RSv5 Changes
  • CCIE Preparation Resources & Strategy
  • LAN Switching Introduction
  • VLANs & Trunking
  • VLAN Trunking Protocol (VTP)
  • VTP Version 3
  • EtherChannel
  • EtherChannel Configuration
  • Spanning-Tree Protocol
  • Optional Spanning-Tree Features
  • Rapid Spanning-Tree Protocol
  • Multiple Spanning-Tree Protocol
  • WAN Circuits
  • PPP over Ethernet Server


Tags: , ,


This Sunday I will be live blogging the CCIE Routing and Switching Techtorial (TECCCIE-3000) at Cisco Live 2014 in San Francisco. If you have any questions that you would like me to ask the CCIE team, such as specifics about the new retake policy, submit a comment below. The session runs from 08:00 – 17:00 PDT (UTC -7) on 2014/05/18, so check back on the blog as I post updates live from the techtorial.

Sunday will also be your last chance to get a VIP invitation package to INE Rewired – our 2014 Cisco Live Customer Appreciation Party. Come find me on a break during the CCIE RSv5 seminar which is scheduled in “Moscone West 2010” in order to claim one. There’s only a few left so make sure to get there early!

Tags: , ,


Edit: Full Scale Lab 4 is also now available.

A new update to INE’s CCIE Service Provider Lab Workbook Version 3.0 has been posted today, and is available to download from the INE Members’ Site. This update includes some minor typographical fixes to labs in the Technology Labs section, as well as a new Full Scale Lab 3. Two additional full scale labs will be posted within the next week or so which will bring the workbook to its completion. Right now the workbook is about 800 pages, so the final release will be somewhere around 1,000 pages.

Also congratulations to Daniel Wang, Jason Rowley, and Sangareddy M who recently passed the CCIE SPv3 Lab Exam! Here’s what they had to say about their experiences:

I passed my SP LAB at Cisco live 2012 last week. Without your outstanding workbook, video and online Rack, I couldn’t pass it at the first attempt within 3 month. It’s my third CCIE certificate, and I used your security workbook exclusively two years ago to clear my security track.
Kudos to all of you for excellent job.

Best Regards,

Long(Daniel) Wang
CCIE #25434(RS/SEC/SP), VCP, ITIL Manager

I passed my lab on May 15. The CCIE-SP Advanced Technology Class videos were well put together and helpful in my preparation. The convenience of being able to watch on my laptop at home, my work pc, or on my ipad was awesome. Good job INE.

Jason Rowley
CCIE #35456

After 2 years of hardwork, I finally cleared my ccie service provider lab #35224 on my third attempt. I used latest v3.0 INE videos and old workbooks for my preparation. The videos presented by Brian are great/fantastic. He clearly explained on all the technologies with great examples. I strongly recommend latest ATCv3.0 videos for CCIE-SP preparation. It covers all the IOS-XR related information that is required to pass the exam. Thank you Brian/INE.

Sangareddy M
CCIE# 35224

Tags: , ,


A new update to INE’s CCIE Routing & Switching Written Exam Bootcamp is now available in streaming format for All Access Pass subscribers, and available for purchase as a download.  This completely new video series, taught by me – Brian McGahan, 3 x CCIE #8593 (Routing & Switching, Security, Service Provider) – is specifically designed for students looking to focus on the topics and technologies covered in the CCIE Routing and Switching Written Exam version 4 blueprint.

As a precursor to our CCIE Routing & Switching Advanced Technologies Class and our CCIE Routing & Switching Lab Workbook Volume 1, the Written Exam Bootcamp helps to create a solid foundation of the concepts covered in the CCIE Routing & Switching version 4 Written Exam, as well to give students the knowledge they need to continue straight into their hands-on CCIE Lab Exam preparation. This bootcamp will also benefit current CCIEs who need to re-affirm their knowledge from a theoretical standpoint in order to recertify on the various technologies covered on the CCIE Routing & Switching Written Exam blueprint.

Samples of the class can be found here.

Tags: , ,


One of our most anticipated products of the year – INE’s CCIE Service Provider v3.0 Advanced Technologies Class – is now complete!  The videos from class are in the final stages of post production and will be available for streaming and download access later this week.  Download access can be purchased here for $299.  Streaming access is available for All Access Pass subscribers for as low as $65/month!  AAP members can additionally upgrade to the download version for $149.

At roughly 40 hours, the CCIE SPv3 ATC covers the newly released CCIE Service Provider version 3 blueprint, which includes the addition of IOS XR hardware. This class includes both technology lectures and hands on configuration, verification, and troubleshooting on both regular IOS and IOS XR. Class topics include Catalyst ME3400 switching, IS-IS, OSPF, BGP, MPLS Layer 3 VPNs (L3VPN), Inter-AS MPLS L3VPNs, IPv6 over MPLS with 6PE and 6VPE, AToM and VPLS based MPLS Layer 2 VPNs (L2VPN), MPLS Traffic Engineering, Service Provider Multicast, and Service Provider QoS.

Below you can see a sample video from the class, which covers IS-IS Route Leaking, and its implementation on IOS XR with the Routing Policy Language (RPL)

Tags: , , , , , , , , , , , , , , , , , ,


CCIE Bloggers