Status Update:

So in order to be fully transparent about this whole study thing: This week has been a bust!

There, i said it! now i need to do something about it.

So what happened? - Well, for one thing, i was out of the country from Thursday until Saturday (yesterday) with my great coworkers on our annual kick-off trip (it was a great time), and i didnt do much studying monday to wednesday either.

Status Update:

This is an update on my progress studying for the CCIE Security v6.1 Lab exam. Today is the 17th of January 2026 and im going to do an inventory of where im at and what i will be focusing on for the coming week.

Status Update:

Its weekend, which means its time to do a review on my study progress (along with other life items), but lets focus on the study part.

First off, i have about 12 weeks left before my next attempt. It is scheduled for April 13th.

So i just finished a lab that included integrating the WSA to my Lab Active Directory. One that thats certain is that you must enable NTP for this to work. I tried manually setting the time and even though it was just off by a few seconds, the WSA would not tolerate it and would cancel the integration.

I am currently setting up a home lab for practicing Cisco Web Security Appliance (WSA). I am using EVE-NG with an image for the WSA called: Coeus-10-5-2-072-S100V, which means its version 10.5.

I have it setup in my lab and was able to access it through the GUI after setting up IP + default gateway on it. However, i got an SSL error and was unable to use the GUI.

In my continued journey with Cisco TrustSec, I now have a verified switch configuration with all the components of basic TrustSec with ISE doing the policy and the switch doing the enforcement.

It was important to me to reach this point, as i now have to remember everything until this point in my practice. That and i dont have to fumble around a million different blog posts scattered all over the interwebs, in order to figure out what to do.

So today i spent some time setting up Cisco TrustSec on my ISE installation as well as my Catalyst 3650 switch. I did all the mandatory configuration on the switch, including:

• Setting up ISE / Radius with a pac key.
• Setting up a CTS authorization list that references the ISE / Radius server.
• Setting up device credentials on the Switch.
• Setup ISE to allow TLS 1.0 (this is required in order to get a PAC key assigned from ISE).
• Getting the PAC key on the Switch.

Everything was looking good so far, but for the life of me i could not get the environment data from ISE. This was even though ISE said it was sending it back to the Switch, which i could verify from the Radius Live Logs.

I am currently deep diving into the whole TrustSec architecture. It has quickly become apparent to me, that i need to lab alot of this out in detail. That means upgrading my homelab with a 3650 switch as well as a refurbished laptop for acting as the supplicant for Dot1x operations.

So a couple of days ago I was going through the CCIE Security training videos on Cisco Learning Network and I noticed a golden nugget.

It was mentioned that Cisco was on track, to release some learning labs for practice use for the CCIE Security lab exam!!

Its been almost a year since my last post. Wow, do I feel bad about that! :(

Anyways, ive been studying on and off for the last year and I was scheduled to have my first lab attempt this coming thursday. However, with the rising numbers of Corona, I made the tough decision to postpone it until March 10th 2022.

So I have had some time to put everything together in my small CCIE Security V6 lab.

I want to spend a few moments explaining how everything is put together so others can benefit from it.

At the core of the whole thing is my new server, which is running great! (and importantly, fairly silent :) )

So I have further evidence that I might be crazy:

I have decided to abandon any and all CCIE DC studies. Why you might ask? Simple: I dont have access to the required equipment continually so I can practice and reinforce any knowledge.

Well, a short update. I managed to pass the CCIE Service Provider lab exam on March 14th.

I am quite exhausted from the experience, but very happy 🙂

Hi everyone,

I am happy to announce that this week i passed the R&S CCIE lab exam. CCIE #29189.

Its been a long journey for me. Working full time, not taking any dedicated time off work to do so, has been challenging.

I am going through the detailed blueprint, one item at a time and verifying that there are no surprises. Especially IP services and security is something i havent paid enough attention to in the past.

Anyways, there are lots of items on that darn list and going through them all takes alot of time.

Link optimization on frame-relay.

Using frame-relay, bandwidth is especially a concern.

It is possible to optimize this bandwidth in several ways.

I will concentrate this post about compression and fragmentation.

First off, with compression on frame-relay there several methods of accomplishing this.

As promised, here is a couple of photos of the final layout.

<p class="wp-caption-text">
  Total Layout
</p>

<p class="wp-caption-text">
  More detailed view
</p>

So I modified the previous layout a bit.

The concern i voiced about the 3640 was enough to make me figure out a way to have that one as the bottom piece of equipment.

This is what i ended up with:

I need to start cabling all of this gear into place. I have made a layout which i think i will try out.

The only thing that concerns me is the weight of the 3640 router. Its a heavy baby.

I have received the rest of my routers (1841s), I have also received the memory and flash upgrades for them all (256meg memory and 64mb flash). The guy who sold them to me was very helpful and it turned out he had the cables that i needed as well (some Smart-serial to Smart-serial, as well as some DB60 ones).

NTP is one of those things that really keeps messing with my head.

To break it down, what does it do for us?

Simple. It provides the correct time of the day.

How does it accomplish this? Now this is where it gets interesting.

I want to point everyones attention at this blog post made by Marko over at IPX. Its a good read and i think you will all enjoy it!

http://blog.ipexpert.com/2011/01/19/old-ccie-myths-vlan-1/

Welcome to 2011.

I hope that you have had time to enjoy the holidays and all the festivities that come with it.

Personally i have been doing alot of work stuff. Moving data centers is no small task when the customers want constant uptime. Of course for some customers this couldnt be done as they dont have fully redundant systems to switch over to. However a large part could be done very fast, but they all needed to be done at night and preferably during the weekends.

The month of December has been crazy for me.

A ton of work related stuff has been going on. Our HQ move has taken its toll on everybody. Ive been working through every weekend, putting in some 20 odd hours on some days.

My understanding of IRB:

I did another Volume 1 lab yesterday. Again i hit my head against the infamous IRB feature.

IRB stands for Integrated Routing and Bridging. Below is my understanding of the technology. I could be very wrong about this, so please correct me if i state something completely incorrect.

Its been just over two weeks since my lab attempt.

I have basically done no studying at all during that time.

Time has come to get back in the game. I do have alot of work to do in the near future, but i will still try and do all the studying i can squeeze in.

I had a bit of spare time yesterday, and i stumbled across a great video walkthrough of the Cisco documenation by Internetwork Expert (INE), and i thought i would share it with you in case you hadnt already discovered it:

At the bootcamp last week, i was almost out of reach from my lab.

Even though i just got the remote power controller, the network at both the conference place as well as the hotel (especially the hotel!) was pretty bad.

This was all written yesterday 🙂

Airport fun!

So right now (im sitting in London Stansted Airport after having attended the last of Narbiks bootcamp. Its going to be good to get home to the girlfriend and my puppy.

He had a guest with him this time around. Rolf Schärer. The guy is a tripple CCIE (R&S, SP and Storage). Very knowledgeable and nice guy. If you have business in and around the Swiss nation, he is a safe bet when it comes to Cisco technologies.

Awesome. Got alot of EEM ground covered today.

Seems like a very powerful scripting engine that stands out, by having the ability to be triggered under certain

circumstances.

Lets check out an example using the topology below:

As you can see, we have our interfaces defined, they are in an up state, we have EIGRP working, we have an access-list applied,

I have started doing IPexpert Vol 1. technology labs. They are pretty challeging. They make you think out of the box. Almost none of it is vanilla configuration.

I dont know how closely these labs reflect the real one. Ofcourse these are Vol. 1 labs, but what i mean by it, is especially the wording. Maybe its just me.

Woke up early this morning to get a head-start on the Video-on-Demand courses. I do it by looking at the PDF’s thats covered on each configuration section, and try and replicate the topology as well as solving all the tasks.

Update 11-08-2010: I can now create RMON alarms and events. It seems the command set for RMON is pretty limited. Not much around the net as to how deep to go into this. Hope its enough.

I just looked over the detailed blueprint which is authored by cisco. It had checkmarks, which i used to mark down things i knew i could configure, as well as things i really need more training in. These are the topics i have either forgotten about or just havent paid attention to. Anyways, these are the things i will need to study more in the comming month:

Troubleshooting. An artform in itself.

I have been doing trouble-shooting labs for the last week and its not going the way i want it to.

In all fairness, its very good practice! having all the components in one lab, with all sorts of technologies interconnected really makes life interesting.

My apologies for the huge lack of content lately.

I have been insanely busy with work along with doing lots of labs. Especially IPv6 labs was challenging. I have done 50% of a blog post about my trials with this beast.

I wanted to take some time to write up something about the cost of doing the CCIE track.

This is prompted by some recent events in the CCIE training community and some discussion on twitter about studying in an economic downturn.

New technology i just learned about! Its called PIPQ, and stands for PVC Interface Priority Queueing.

As the name implies, its a Queueing method, and its only for frame-relay.

It basically functions in the same way as a PQ scheme, in that it has 4 queues, high, medium, normal and low.

This just in, well not really, as the news is a couple of days old. The dreaded OEQ for the R&S lab exam is now a thing of the past.

The news created alot of buzz on the forums, twitter and facebook. It would seem that alot of people have really been fearing these questions.

[polldaddy poll=3121673]

I have a few minutes this morning that i want to use to clarify a special BGP feature which i had misunderstood until a few days ago.

This has to do with the aggregate-address that you use to create a summary address. One of its many options includes the “advertise-map” parameter.