Category Archives: CCIE Coaching

IPv4 Access Lists in the CCIE Lab Exam

CCIE Coaching, CCIE R&S, , , ,

Security

I am getting ready for my Nugget on the above subject and I wanted to provide some thoughts and notes here on the blog on this important subject.

I am currently training for a half-marathon. Yes, and thanks for putting up with all of my RunKeeper Tweets on the subject. 🙂 With the training, there are certain metrics you need to hit in order to really determine if you can finish on race day. It is the same way the CCIE. One metric is ACLs. If you do not have them mastered, you are in big trouble on race day. Think about it, you use them for traffic filtering, and then traffic identification for a whole host of features on the devices. QoS, network management, the list goes on and on.

The traffic filtering part gets really scary. Drop one in that is not doctored up for the other traffic required in your lab scenario and you can easily break things well enough to fail. And when you are building the lists, you must really take your time to ensure that you are meeting their specific directions. Are you getting the EXACT traffic they want, in the correct direction?

Here is a list of tips and things to think about for this important topic. These are in no particular order:

  • Read so carefully if you need to build an ACL traffic filter. Often, you will be asked to block something extremely specific, for example, echo-replies. Should you block too generally, like requests and replies, you fail the task.
  • Drawing out the scenario on your scratch paper will often help you with what specifically to match and in what direction.
  • You certainly would want to avoid this in production, but in the lab it is fine to end your ACLs with deny ip any any log-input. This will allow you to see just what you broke in your lab with your ACL!
  • Remember that an outbound ACL will not impact traffic generated by that local router.
  • access-group is used for traffic filtering on your interfaces, while access-class is used for your VTY lines. Remember with the access-class out command, it is controlling where someone can Telnet out of your router AFTER they have already Telnetted into it.

Top 5 CCIE Myths Recording and Additional Q&A

CCIE Coaching, CCIE General, , , , ,

email-blog-12

Thank you so much to all that had fun in this Webinar. For those of you that missed it – here is the recording:

http://cc.readytalk.com/play?id=dxfump

There was a bunch of questions that I could not get to at the end live in our time allowed (30 minutes). Here are those along with my answers as promised. If you have additional questions or concerns I can help with – use the comment area below this post! Cannot wait to meet you:

Speaking of the videos, do you have a timeline for when the last 2 series will be complete? Sure – I am finishing my EMC course on Jul 17. Then I am recording a very short course. Then starting both remaining CCIE courses (R&S). I will be focused solely on those so you will get new content each day. I will post a start date for course 5 here on the blog when I have it. I am certainly hoping to finish both CCIE courses by end of August.

Do you plan other Nuggets for CCIE R&S after the 6 courses? Keith Barker and I have actually been talking about that. There is certainly room for more Nuggets that would be focuses purely on the strategies of prep and the the exam parts!

Once you started your study program, did you ever have any setbacks and have to start back again? Oh yes indeed. Each time I failed the lab was a setback of course. Then there were personal things that always happen. I never let it sway me, however. That is the key – how you deal with setbacks and failures. Some let it crush them – others grow stronger.

i have a functioning GNS3 with IOU images. will this be enough to prep for the lab? I am glad you did not share your name – because you might be breaking the law. 🙂 I do not have such a setup, but I have heard from others that it does work for R&S lab prep with a few minor topics you cannot do. For those – I would recommend you rent gear.

How well do you handle recertifying every 2 years, especially when you have multiple CCIEs? Piece of cake for me – I love taking tests. So I am always hungry to go see a written exam. And I think when you have multiple – they all renew when you pass a single written. I hope to have that problem soon.

Should we use GNS3, cisco VIRL, or lab rentals for practice? There are pros and cons to each approach. You will have to examine and decide. For example, I love VIRL, but I have a $3,500 iMac that I run it on.

How do you retain all the knowledge that you have acquired? I forget a ton of R&S stuff, so I retain it by refreshing on it whenever possible. Of course, teaching every day really helps.

would you wait to gain 5+ years of experience before starting CCIE? No way. Start at least reading right now!

Has CBT Nuggets got videos on CCIE Security? No – but with the success of R&S – it is looking like we will consider it. Keith Barker has his CCIE Sec and I am getting it. 🙂

quick question for Anthony… any tips on equipment? Examine ALL the options and then decide what is best for you. Remember, no magic formula here.

is gns3 enough? I have heard yes – but I have not validated that myself. There is no way I want to go through the legal and other pains of trying to use IOU with that product. Not that it matters, but I think what GNS3 did to bring Layer 2 to their product is really pretty gross.

Anthony I have had 1 attempt at the CCIE and I want to try again (money depending) however work covers some many other topics should I try and study multiple subjects and just keep the CCIE in the background study or forgot the other topics and 100% CCIE study moving forward? Thoughts? Please clarify this for me in the comments below. I do not understand how you can trash the “other” topics if they are required for your work. Won’t you get fired? 🙂

Anthony, got a problem creating a balance between prepping for the CCIE and School. Got any recommendations ? Come up with a daily, weekly, and monthly plan. Sign off on it – and STICK TO IT!

What salary we can get after ccie security, if I just passed my graduation? I learned that in the USA – the salary you can expect would be between $60,000 and $173,000 with a CCIE. Since you would be a non-experience CCIE – I think you better plan on $40,000 to $60,000. I do need to make clear here that I am guessing based on my research. There are people out there that you can reach out to that specialize in job placement and they are the ones that can really answer this without guessing.

Anthony, Can you recommend a Simulator for Lab practice? I LOVE VIRL, but again, I have a powerhouse machine to run it.

What is your favorite area within networking? Security.

Hi Anthony, just curious, how long did it take for you to prepare for your first ccie? I wish I had tracked it better. Thinking back, I believe it took about 18 months.