So in order to be fully transparent about this whole study thing: This week has been a bust!
There, i said it! now i need to do something about it.
So what happened? - Well, for one thing, i was out of the country from Thursday until Saturday (yesterday) with my great coworkers on our annual kick-off trip (it was a great time), and i didnt do much studying monday to wednesday either.
[Read More]This is an update on my progress studying for the CCIE Security v6.1 Lab exam. Today is the 17th of January 2026 and im going to do an inventory of where im at and what i will be focusing on for the coming week.
[Read More]Its weekend, which means its time to do a review on my study progress (along with other life items), but lets focus on the study part.
First off, i have about 12 weeks left before my next attempt. It is scheduled for April 13th.
[Read More]So i just finished a lab that included integrating the WSA to my Lab Active Directory. One that thats certain is that you must enable NTP for this to work. I tried manually setting the time and even though it was just off by a few seconds, the WSA would not tolerate it and would cancel the integration.
[Read More]I am currently setting up a home lab for practicing Cisco Web Security Appliance (WSA). I am using EVE-NG with an image for the WSA called: Coeus-10-5-2-072-S100V, which means its version 10.5.
I have it setup in my lab and was able to access it through the GUI after setting up IP + default gateway on it. However, i got an SSL error and was unable to use the GUI.
[Read More]In my continued journey with Cisco TrustSec, I now have a verified switch configuration with all the components of basic TrustSec with ISE doing the policy and the switch doing the enforcement.
It was important to me to reach this point, as i now have to remember everything until this point in my practice. That and i dont have to fumble around a million different blog posts scattered all over the interwebs, in order to figure out what to do.
[Read More]So today i spent some time setting up Cisco TrustSec on my ISE installation as well as my Catalyst 3650 switch. I did all the mandatory configuration on the switch, including:
Everything was looking good so far, but for the life of me i could not get the environment data from ISE. This was even though ISE said it was sending it back to the Switch, which i could verify from the Radius Live Logs.
[Read More]Happy New year… Welcome to 2026.
I actually failed my blog aspirations for 2025.. I didnt post a single time. Work and real life issues took up my time in 2025. I also didnt progress much in the first 9 months study wise.
[Read More]Well, its late March 2024 and I have a little under 2 months left to prepare for my attempt #2 at the CCIE Security Lab exam.
I dont have much confidence yet, but I do hope I have improved in certain areas of the exam.
[Read More]Happy February - 2024 everybody.
I wanted to take a moment to express my thoughts on why I have such a difficulty with the CCIE Security program as compared to the other certifications I have taken.
First and foremost, it deals with a lot of different technologies within the security realm. All the way from IPS to security provided by Cloud services such as Umbrella.
[Read More]I am currently deep diving into the whole TrustSec architecture. It has quickly become apparent to me, that i need to lab alot of this out in detail. That means upgrading my homelab with a 3650 switch as well as a refurbished laptop for acting as the supplicant for Dot1x operations.
[Read More]So a couple of days ago I was going through the CCIE Security training videos on Cisco Learning Network and I noticed a golden nugget.
It was mentioned that Cisco was on track, to release some learning labs for practice use for the CCIE Security lab exam!!
[Read More]Its been almost a year since my last post. Wow, do I feel bad about that! :(
Anyways, ive been studying on and off for the last year and I was scheduled to have my first lab attempt this coming thursday. However, with the rising numbers of Corona, I made the tough decision to postpone it until March 10th 2022.
[Read More]So I have had some time to put everything together in my small CCIE Security V6 lab.
I want to spend a few moments explaining how everything is put together so others can benefit from it.
At the core of the whole thing is my new server, which is running great! (and importantly, fairly silent :) )
[Read More]In legacy site to site (S2S) VPN’s we are used to defining crypto maps and applying them to a physical interface. However, since these does not utilize GRE, you have no way of supporting multicast and routing protocols. This leads to having to define “interesting” traffic using ACL’s. Something which is clearly not scalable.
[Read More]I am catching up on my RSS feeds and fell upon Ivan’s post on “Hard Work”. The article references Seth Godins post Hard Work, which examines 3 types of work being carried out.
In summary we have the following types:
Doing repetitive, back grueling work. One task at a time until completion.
[Read More]In this post I will go through an example of setting up redundancy between a pair of ASA’s using one of the two methods of accomplishing this. The 2 methods are:
This post is exclusively about the failover option.
[Read More]So I have further evidence that I might be crazy:
I have decided to abandon any and all CCIE DC studies. Why you might ask? Simple: I dont have access to the required equipment continually so I can practice and reinforce any knowledge.
[Read More]I decided a while back I would spend a bit of time learning about the Cisco ASA firewall. This is the first post surrounding some technologies I have explored during that time.
For some of you it might be easy stuff, but for others, including myself, might find it interesting for reference.
[Read More]Practical OTV
————-
This post is all about OTV (Overlay Transport Virtualization) on the CSR1000v.
I wanted to create the post because there are alot of acronyms and terminology involved.
A secondary objective was to have a “real” multicast network in the middle, as the examples I have seen around the web, have used a direct P2P network for the DCI.
[Read More]By now, VxLAN is becoming the standard way of tunneling in the Datacenter.
Using VxLAN, i will show how to use the CSR1Kv to extend your Datacenter L2 reach between sites as well.
First off, what is VxLAN?
It stands for Virtual Extensible LAN. Basically you have a way of decoupling your vlan’s into a new scheme.
[Read More]In this post i would like to highlight a couple of “features” of ISIS.
More specifically the authentication mechanism used and how it looks in the data plane.
I will do this by configuring a couple of routers and configure the 2 authentication types available. I will then look at packet captures taken from the link between them and illustrate how its used by the ISIS process.
[Read More]Hello folks,
Im currently going through the INE DC videos and learning a lot about fabrics and how they work along with a fair bit of UCS information on top of that!
Im spending an average of 2.5 hours on weekdays for study and a bit more in the weekends when time permits.
[Read More]In this post I would like to give a demonstration of using the Auto-Tunnel Mesh group feature.
As you may know, manual MPLS-TE tunnels are first and foremost unidirectional, meaning that if you do them between two PE nodes, you have to do a tunnel in each direction with the local PE node being the headend.
[Read More]First off, lets take a look at the topology I will be using for this example:
Everything works, and we the math is right, we should see an NHRP shortcut being created for the Spoke to Spoke tunnel:
[Read More]A couple of weeks ago I had the good fortune of attending Jeremy Filliben’s CCDE Bootcamp.
It was a great experience, which I will elaborate on in another post. But one of the technology areas I had a bit of difficult with, was GETVPN.
[Read More]This blog post outlines what “MPLS VPNs over mGRE” is all about as well as provide an example of such a configuration.
So what is “MPLS VPNs over mGRE”? – Well, basically its taking regular MPLS VPN’s and using it over an IP only core network. Since VPN’s over MPLS is one of the primary drivers for implementing an MPLS network in the first place, using the same functionality over an IP-only core might be very compelling for some not willing/able to run MPLS label switching in the core.
[Read More]In this post I would like to highlight a relative new (to me) application of MPLS called Unified MPLS.
The goal of Unified MPLS is to separate your network into individual segments of IGP’s in order to keep your core network as simple as possible while still maintaining an end-to-end LSP for regular MPLS applications such as L3 VPN’s.
[Read More]In this post id like to provide an example of a fairly new development to EIGRP which is called EIGRP Over The Top (OTP).
In all its simplicity it establish an EIGRP multihop adjacency using LISP as the encapsulation method for transport through the WAN network.
[Read More]In this post i will show how and why to use a feature called IPv6 Prefix Delegation (PD).
IPv6 prefix delegation is a feature that provides the capability to delegate or hand out IPv6 prefixes to other routers without the need to hardcode these prefixes into the routers.
[Read More]In this post I will be showing you how its possible to use different paths between your PE routers on a per VRF basis.
This is very useful if you have customers you want to “steer” away from your normal traffic flow between PE routers.
[Read More]In this fairly short post, id like to address a topic that came up on IRC (#cciestudy @ freenode.net). Its about how you select a route thats being redistributed into an OSPF NSSA area and comes into the OSPF backbone area 0.
[Read More]Its been a long time since my last update. I apologise for this. It wasnt my intention, it just sort of happened.
In the meantime I have tried the CCIE SP lab and didnt pass it, so I am still studying for my next attempt which is comming up shortly.
[Read More]The CSNP (Complete Sequence Number PDU) on multi-access networks is being sent out on behalf of the DIS (Designated Intermediate System), which acts as the pseudonode representing the multi-access network. Its being used as ISIS’s way of making sure everybody on the multi-access network is up to date. If thats not the case, the node which is missing some routing information can use PSNP (Partial Sequence Number PDU)’s to request the missing information from the DIS.
[Read More]In this short post i want to try and shed some light on a couple of ISIS timers that had me confused at first. I think i got them down now, but please let me know if i have misunderstood them.
[Read More]In this post i would like to explain how you can fix a multicast RPF failure using BGP.
If you take a look at the topology in figure 1, we have a network running EIGRP as the IGP
and where R1 advertises its loopback 0 (1.1.1.1/32). R4 also has a loopback 0 with the 4.4.4.4/32 address.
[Read More]This morning I booked my first go with the CCIE Service Provider lab exam. The battle is in mid November, so I have some time to study.
That also means that alot of forthcomming blog posts will be about CCIE SP material.
[Read More]In this post i would like to explain the usage of the “MPLS VPN Per VRF Label” feature.
By default, in each VRF, prefixes are assigned a VPN label, used to identify the route within the VRF itself.
This label is the only label that is being looked at by the receiving PE router.
[Read More]“All that matters, is where you are going” is a favorite quote of mine.
With that an update as well as a plan to move forward.
I have now finished Narbik’s Volume 2 Service Provider workbook. It took a little while longer than I had planned. This is mainly because i took some time off during the holidays (well, studied less at least 🙂 ).
[Read More]
