So in order to be fully transparent about this whole study thing: This week has been a bust!
There, i said it! now i need to do something about it.
So what happened? - Well, for one thing, i was out of the country from Thursday until Saturday (yesterday) with my great coworkers on our annual kick-off trip (it was a great time), and i didnt do much studying monday to wednesday either.
[Read More]This is an update on my progress studying for the CCIE Security v6.1 Lab exam. Today is the 17th of January 2026 and im going to do an inventory of where im at and what i will be focusing on for the coming week.
[Read More]Its weekend, which means its time to do a review on my study progress (along with other life items), but lets focus on the study part.
First off, i have about 12 weeks left before my next attempt. It is scheduled for April 13th.
[Read More]So i just finished a lab that included integrating the WSA to my Lab Active Directory. One that thats certain is that you must enable NTP for this to work. I tried manually setting the time and even though it was just off by a few seconds, the WSA would not tolerate it and would cancel the integration.
[Read More]I am currently setting up a home lab for practicing Cisco Web Security Appliance (WSA). I am using EVE-NG with an image for the WSA called: Coeus-10-5-2-072-S100V, which means its version 10.5.
I have it setup in my lab and was able to access it through the GUI after setting up IP + default gateway on it. However, i got an SSL error and was unable to use the GUI.
[Read More]In my continued journey with Cisco TrustSec, I now have a verified switch configuration with all the components of basic TrustSec with ISE doing the policy and the switch doing the enforcement.
It was important to me to reach this point, as i now have to remember everything until this point in my practice. That and i dont have to fumble around a million different blog posts scattered all over the interwebs, in order to figure out what to do.
[Read More]So today i spent some time setting up Cisco TrustSec on my ISE installation as well as my Catalyst 3650 switch. I did all the mandatory configuration on the switch, including:
Everything was looking good so far, but for the life of me i could not get the environment data from ISE. This was even though ISE said it was sending it back to the Switch, which i could verify from the Radius Live Logs.
[Read More]Happy New year… Welcome to 2026.
I actually failed my blog aspirations for 2025.. I didnt post a single time. Work and real life issues took up my time in 2025. I also didnt progress much in the first 9 months study wise.
[Read More]Well, its late March 2024 and I have a little under 2 months left to prepare for my attempt #2 at the CCIE Security Lab exam.
I dont have much confidence yet, but I do hope I have improved in certain areas of the exam.
[Read More]Happy February - 2024 everybody.
I wanted to take a moment to express my thoughts on why I have such a difficulty with the CCIE Security program as compared to the other certifications I have taken.
First and foremost, it deals with a lot of different technologies within the security realm. All the way from IPS to security provided by Cloud services such as Umbrella.
[Read More]Happy New Year - 2024 everyone!!
Its a new year, which means a new beginning.
For the last couple of years I have been very incognito and focused on some personal areas of my life. This meant that I have not been active in the networking community as much as I would have liked and not attended as many things either.
[Read More]I am currently deep diving into the whole TrustSec architecture. It has quickly become apparent to me, that i need to lab alot of this out in detail. That means upgrading my homelab with a 3650 switch as well as a refurbished laptop for acting as the supplicant for Dot1x operations.
[Read More]Today I made the decision to drop my next lab date for the CCIE Security V6 lab exam.
Why?
Im simply not ready for another attempt yet and im not sure im going to be ready for the V6 before they transition to V7.
[Read More]Hi Folks,
I wanted to take a few moments to share an idea I learned way back. Its very simple, because its the simple of act of “investing in yourself”.
What I mean by that is, that you should set aside some amount of $$$ each year and use that to further educate yourself in a suitable area.
[Read More]So a couple of days ago I was going through the CCIE Security training videos on Cisco Learning Network and I noticed a golden nugget.
It was mentioned that Cisco was on track, to release some learning labs for practice use for the CCIE Security lab exam!!
[Read More]Its been almost a year since my last post. Wow, do I feel bad about that! :(
Anyways, ive been studying on and off for the last year and I was scheduled to have my first lab attempt this coming thursday. However, with the rising numbers of Corona, I made the tough decision to postpone it until March 10th 2022.
[Read More]So I have had some time to put everything together in my small CCIE Security V6 lab.
I want to spend a few moments explaining how everything is put together so others can benefit from it.
At the core of the whole thing is my new server, which is running great! (and importantly, fairly silent :) )
[Read More]
This is the sequel to what was my first introduction to Forward Networks a year ago at Cisco Live Barcelona 2019. No surprise that, since I put their presentation among the highest rated during that time, that I was really looking forward to an update on their technology.
[Read More]I am very happy to announce, that I have been invited to attend “Networking Field Day #22”.
As you might know, the Tech Field Day events are all about getting a bunch of people together to figure out what the presenting companies are all about, with the products they bring to the table. It is also a great opportunity for the presenters to get direct feedback from people in the industry. So its a win-win situation for everyone involved in these events.
[Read More]In legacy site to site (S2S) VPN’s we are used to defining crypto maps and applying them to a physical interface. However, since these does not utilize GRE, you have no way of supporting multicast and routing protocols. This leads to having to define “interesting” traffic using ACL’s. Something which is clearly not scalable.
[Read More]I am catching up on my RSS feeds and fell upon Ivan’s post on “Hard Work”. The article references Seth Godins post Hard Work, which examines 3 types of work being carried out.
In summary we have the following types:
Doing repetitive, back grueling work. One task at a time until completion.
[Read More]In this post I will go through an example of setting up redundancy between a pair of ASA’s using one of the two methods of accomplishing this. The 2 methods are:
This post is exclusively about the failover option.
[Read More]So I have further evidence that I might be crazy:
I have decided to abandon any and all CCIE DC studies. Why you might ask? Simple: I dont have access to the required equipment continually so I can practice and reinforce any knowledge.
[Read More]This week, I am attending Cisco’s EMEAR Enterprise Networking PVT in Amsterdam and I wanted to highlight some key takeaways.
Cisco is really doubling down on getting its software strategy in place. Everything, and I mean everything gets a mention in regards to what sort of software is enabling it (DNA Center/SD-Access/SD-WAN etc.).
[Read More]I decided a while back I would spend a bit of time learning about the Cisco ASA firewall. This is the first post surrounding some technologies I have explored during that time.
For some of you it might be easy stuff, but for others, including myself, might find it interesting for reference.
[Read More]As im sitting here in the hotel, waiting to leave for the airport, the only thing on my mind is: Wow.. what an amazing week this has been.
I have met so many old friends and made a bunch of new ones. All of the Tech Field Day delegates and staff are so bright and friendly that its hard to put into words. We have debated, discussed, thought out loud, shrugged our shoulders and laughed hard.
[Read More]In just 3 days time I will be leaving for Cisco Live 2019 in Barcelona. Im thinking about what sort of event it will be and what to expect in term of announcements.
Especially one thought keeps reappearing and thats the thought of the transformation of Cisco. It is no longer a company with a future in just selling hardware. It itself has been disrupted by the emergence of “everything software” and merchant silicon.
[Read More]I am honoured to have been selected as a delegate for Tech Field Day during Cisco Live Europe 2019 in Barcelona!
Cisco Live Europe will take place from the 27th of January until Friday 1st.
I am really looking forward to this opportunity. There are some really great names among the list of delegates that I hope to be interacting with quite a lot, both during and after the event.
[Read More]Practical OTV
————-
This post is all about OTV (Overlay Transport Virtualization) on the CSR1000v.
I wanted to create the post because there are alot of acronyms and terminology involved.
A secondary objective was to have a “real” multicast network in the middle, as the examples I have seen around the web, have used a direct P2P network for the DCI.
[Read More]I recently decided that i would like to utilize Observium as well as rancid for configuration backups on my home network. To that effect, the following links really helped me out getting it all setup correctly:
https://docs.observium.org/rancid/
http://packetsandpings.blogspot.com/2013/05/installing-and-configuring-rancid.html
https://layer77.net/2016/08/10/upgrading-from-rancid-2-3-8-to-3-4-1/
Let me know if you run into anything i might help out with.
[Read More]I really like this paragraph, because almost everyone wants to imitate google. Why? well, the answer to that questions seems to be what everyone is missing!
Google’s solutions were built for scale that basically doesn’t exist outside of a maybe a handful of companies with a trillion dollar valuation. It’s foolish to assume that their solutions are better. They’re just more scalable. But they are actually very feature-poor. There’s a tradeoff there. We should not be imitating what Google did without thinking about why they did it. Sometimes the “whys” will apply to us, sometimes they won’t
[Read More]
I am currently reading Team of Teams, an excellent book!
In it, it highlights an interesting fact that I think is very relevant for the networking world and that is the difference between something that is complicated versus something that is complex.
[Read More]I recently completed the entry level Juniper certification. I thought it would be a good idea to study for something other than the mighty Cisco, so Juniper’s JNCIA-Junos seemed like a good choice.
It was a very fair exam I can highly recommend.
[Read More]By now, VxLAN is becoming the standard way of tunneling in the Datacenter.
Using VxLAN, i will show how to use the CSR1Kv to extend your Datacenter L2 reach between sites as well.
First off, what is VxLAN?
It stands for Virtual Extensible LAN. Basically you have a way of decoupling your vlan’s into a new scheme.
[Read More]In this post i would like to highlight a couple of “features” of ISIS.
More specifically the authentication mechanism used and how it looks in the data plane.
I will do this by configuring a couple of routers and configure the 2 authentication types available. I will then look at packet captures taken from the link between them and illustrate how its used by the ISIS process.
[Read More]Hello folks,
Im currently going through the INE DC videos and learning a lot about fabrics and how they work along with a fair bit of UCS information on top of that!
Im spending an average of 2.5 hours on weekdays for study and a bit more in the weekends when time permits.
[Read More]New Server:
So I just completed a purchase off eBay for a new server for my lab purposes.
For a while now I’ve been limited to 32Gb of memory on my old ESXi server, which is really more like 20Gb when my regular servers have had their share. Running a combination of different types of devices, each taking at least 4Gb of memory, doesn’t leave much room for larger labs.
[Read More]In this post I would like to give a demonstration of using the Auto-Tunnel Mesh group feature.
As you may know, manual MPLS-TE tunnels are first and foremost unidirectional, meaning that if you do them between two PE nodes, you have to do a tunnel in each direction with the local PE node being the headend.
[Read More]