Monday, January 28, 2008

CCIE practice - My "scripts"

I wouldn't call them scripts. They are just simple commands that help you get quickly the information required.

Maybe you have already seen them around. Some parts are surely not mine. I just found them and adapted them to my needs.

Collection Scripts

Collect the active ip addresses from each router/switch


sh ip int br | exc unass


Collect the ip addresses belonging to backbone routers
$INTERFACE is the physical interface where the backbone router is connected
Read your exam for the ip addresses to be tested (used only for IGP routes)


sh ip route | inc $INTERFACE

While running the above collection scripts, keep a notepad window open with the following testing scripts into it and fill in the ip addresses that you collect. Using Alt + Left Mouse Button selects a rectangle in SecureCRT, so you can very easily get the ip addresses from the above outputs.

Testing Scripts

Test ip connectivity on each router


foreach i {
} { ping $i }

Don't forget to exit from tcl ("tclquit") when finished, because you might have some IOS commands ("set" under route-maps) behave "strangely" inside it.

Test ip connectivity on each switch

conf t

macro name PING
do ping x.x.x.x
do ping y.y.y.y
do ping .......


After creating the above macro, you only need to run the following each time you want to test

conf t

macro global apply PING

After you finish all testing (and before the lab exam ends), don't forget to remove the macro from the switches.

Removal Scripts

Remove macro from switches

sh run | inc macro

conf t

no ...



conf t

no macro name PING
no macro global desc PING


I used all the above scripts in every Mock Lab i had, either online or offline (using Dynamips). During the first ones, i was making a lot of mistakes while configuring them, but after a lot of practice i was able to write all of them into a notepad window in less than 1 minute (do not copy-paste them while practicing; try to write them down every time).

Collection of ip addresses shouldn't take you more than 2-3 minutes, especially if you use my 2 desktop environments. The whole scripting thing should take you less than 4 minutes, plus 1 minute for running the 2 testing scripts simultaneously on all routers and then on all switches (you just copy-paste the testing scripts on all the windows and watch the outputs). Of course, if an ip address is unreachable, you'll get an extra delay, so try to remove from the scripts all ip addresses that do not need reachability; "DO NO NEED" is always according to the exam instructions. If the ip address needs reachability, you'd better check your configuration.

Finally, note that the CCIE Lab is not about scripting. You don't want to spend your time configuring (and possibly trying to remember) complex scripts. I have seen a lot of super-duper scripts that could even "make you a coffee" (that's a greek phrase), but if you don't know the stuff you're being tested, they aren't going to help you. They might even slow you down.

One of your tasks when being at the CCIE Lab is to be as simple and as fast as possible. Your main focus should be on the lab tasks and not on any extra scripts that are there to help you. Use the scripts in order to verify quickly some parts of the required tasks, but do not rely on them for passing the lab.

Scripts can make your lab "easier" in regards to time management. That's their only role.

CCIE practice - My desktop environment

These are the two desktop environments i was using during my practice. These are also the ones i used in the CCIE Lab. The only difference is that i used Putty during my practice (it's the lightest telnet client and it's free) vs SecureCRT in the CCIE Lab. But since i knew i was going to use SecureCRT in the lab, i spent 1 hour on practicing with it, just the day before my flight to Brussels.

Desktop 1 : Routers R1 - R6

Desktop 2 : Switches SW1 - SW4

According to each lab task, you either minimize or restore the appropriate windows.

That way you can copy-paste (left=select/copy, middle/right=paste) between windows very easily/quickly and most importantly you can watch half of your equipment all the time (R5,R6 are half covered, so you need to click on them in order to bring them full in front). i.e. when you change something on a router/switch, you can see immediately if there is a log produced on another router/switch. You cannot do this when using the terminal server.

All the windows have the equivalent router/switch name as their title, so it's very easy to select which one to have on your desktop every time. In a screen of 1280x1024, i used 82x28 (columns x rows) as the size of the windows (you can start from 80x25 depending on your desktop resolution and font used) and "courier-new 9" was the font and font-size.

I also used black background and white foreground (default in Putty, had to reverse in SecureCRT), because those seemed the most relaxing colors. If you have to look at these windows for 8+ hours, you need to take care of everything, even your own eyes. You need to have the whole environment cooperate with you, not fight against you.

Saturday, January 26, 2008

CCIE Program Offers Weekend Lab Exams

Although it's old news, i just found out the following:

In an attempt to significantly reduce the wait time for a lab appointment, the CCIE team is offering weekend lab exams in Routing and Switching. The following dates and locations are the first to open.

December 22, 2007 Brussels and Dubai
December 23, 2007 Research Triangle Park
December 29, 2007 Brussels and Dubai
December 30, 2007 Research Triangle Park

In 2008 we will be adding new dates and expanding the locations offering weekend labs.

That is surely good news for everyone. I think my next exam (if other besides R&S become available) will be on Sunday, since the Brussels hotel price is lower (almost half) on the weekends.

Friday, January 25, 2008


You may be thinking i'm moving too fast...You may be right...

After passing the CCIE lab, i found out (no that i didn't know it) that all these years i was keeping myself in a low profile and everyone (especially my employer) was taking advantage of it (something not censurable, since most employers do the same; that's part of their job). But when my salary is below CCNA's average, when i'm hearing many different excuses and all of them are confuted step by step, then there is surely something going wrong.

So i've decided to take the next step and go for another certification. At the same time i'm probably going to search for a new job (i had already made some contacts before), trying to peddle my CCIE. If i find one that fulfills my requirements (bigger salary and/or a higher position are the most important), i'll probably delay (or postpone) the next certification.

Now my dilemma...I'm thinking about CCIE Service Provider or CCDE.

CCIE Service Provider is already quite known to me, because i work for many years in an ISP and i know most of the stuff. I just need another 3-4 months (hopefully) of hard preparation and surely a good understanding of MPLS. Maybe i'll also try the CCIP before it, just like i did with CCNP.

CCDE is the new Design Expert certification from Cisco and it seems quite interesting. I've read the written exam blueprint and i must say i'm excited about it. On the other hand, although it's not a requirement for CCDE, i'd like first to pass CCDA and CCDP before trying CCDE. Just like i did for the CCIE. But the topics for these 2 exams seem a little bit boring...a little bit theoretical... Nevertheless, a 4-digit CCDE is quite tempting! (here is someone who passed the written).

Anyway, i 'm not in a hurry right now. Whatever i decide, it's going to begin after 1-2 months.

I have also created a poll, so i can gather others' opinions. Please take a moment and vote....

Sunday, January 20, 2008

CCIE Lab - The chronicle of success

3 Jan 2008 (15 days before the lab exam)
Isolation begins. I get 2 weeks vacation from my work, in order to boost up my preparation.

4-6 Jan 2008 (14 days before the lab exam)
During these 3 days i have 2 Mock Labs and 1 Rack Rental. I have chosen the most difficult Mock Lab this time (you can see my relevant post here), because i want to test myself in extreme conditions. As it proves out, i did very well in terms of finding the correct answers. I just need to speed things up. I'm using the Rack Rental in order to test my speed in L2 configurations. I don't worry much about the configuration part of it, since it's my favorite.

7-13 Jan 2008 (11 days before the lab exam)
During these days i redo all the Mock Labs on my PC using Dynamips. I already had done most of them once (so i already had created the initial config files), but this time i am testing my speed, not my knowledge.
I'm also keeping notes on my mp3 recorder while doing the Mock Labs; i'm just thinking loudly. After each Mock Lab, i'm grading myself as honestly as possible. If there is any mistake i have done, i simple lose the points. No favors done.

14-15 Jan 2008 (4 days before the lab exam)
I stop practicing 4 days before my lab exam. I am exhausted and i need to calm down. These 2 days i'm transferring my personal notes into the mp3 player, plus many parts from the DocCD which seem difficult to understand and they are considered non-core. Generally, i keep on organizing my mp3 self-teaching. During the last hour i install an old version of SecureCRT and i try to recreate the environment i was using all these days with putty. It doesn't seem difficult; all i have to do is enable "copy on select" & "paste on middle button" under the global options. I also have to change the foreground/background colors. The default (white back, black front) are too tiresome, so i just reverse them. I keep on repeating this until i'm able to do it under 10".

16 Jan 2008 (2 days before the lab exam)
I'm flying to Brussels early in the morning. During my waiting times and on the flight i'm listening to my mp3 recordings. I arrive at the hotel (NH Brussels Airport Hotel) at 12:00 and i start organizing my last 2 days of preparation. During the whole day i'm listening to my notes and at the evening i have an expensive (no time to think for money) dinner at the hotel. I fall asleep around 02:00 a.m.

17 Jan 2008 (1 day before the lab exam)
I wake up at 7:00 a.m. I don't want to sleep too much because i must get tired tonight and go to sleep early. I have a good -expensive- breakfast and i go for a walk at Cisco offices. The Cisco building is very near to the hotel; around 200 meters. The CCIE Lab building is from the other side, opposite to the DHL building. I need to walk for another 100 meters. Ok i found it; i have a check with the security guy, everything seems ok. Time to go back and continue the last steps of my preparation. I continue listening to my notes. Second self-teaching round is complete. Time for another -expensive- lunch. Tonight i don't want a dinner, because i need to fall for sleep early. After the lunch, third round of self-teaching begins. There are times that i think i'll fall asleep, but i need to hold on. I can't sleep right now. If i sleep now, what am i going to do in the evening? I stop self-teaching around 9:30 p.m. and i try to sleep. As i expected; i can't sleep now; i'm thinking of tomorrow. At last; after 2 hours i finally fall asleep.

18 Jan 2008 (day of lab exam)
I get up early (5:30 a.m.) in the morning. I take a shower to wake up my nerves (i don't drink coffee) and i have another -expensive- breakfast (restaurant opens at 6:30; thanks god). There are another 2 candidates having breakfast at the same time. Everyone seems quite anxious about the exam. At 7:10 a.m. i'm leaving for the Cisco building. Outside i meet a fellow from Germany who is having the R&S exam for the first time, just like me. We don't talk much; each one is having his own thoughts right now. After we register at the reception, we're given a sticky card with our name printed on it ("must be escorted" is written under it). In the meanwhile other candidates are arriving too; we are 11 in total.

At 7:45 a.m. the proctor arrives and greets us. He seems a nice guy. He leads us to the CCIE Lab room where he explains what we can bring inside and what we can't. We are allowed to bring only drinks taken from the nearby machine (free of course), our ID cards (english name & photograph must be on them), pens, glasses & ear plugs. Everything else must stay at the proctor's desk. Cell phones must be put there too and anyone's cellphone ringing will disqualify him. We're allowed to go to the WC (just next door) as many times as we want. Of course we're not allowed to go more than 1 person simultaneously. We're given instructions about the lab exam itself. We take our seats while the proctor is announcing our names. We're not allowed to write anything on the exam papers. They are protected in plastic sheet and we can't pull them out of it. We're also given 2 scrap papers, with our names on them, for keeping notes. If we need more, we can ask freely. In our desk we find pens, pencils and markers of various colors.

The exam starts at 8:00 a.m. exactly. We have the option of using a single SecureCRT window for managing all our routers/switches (through a Terminal Server) or a SecureCRT window for each router/switch. In the second option, every window has the router name in its title (something that i was afraid of not happening). I choose the second option; i have practiced a lot using many putty windows concurrently. I change the options of each window the way i have practiced at home (you cannot change the global options, you have to change each session's options individually). On the bottom-left part of my screen i see the Notepad & Calculator icons. You can open as many notepad files as you like, but you can't save them, so you have to be careful when minimizing them. Mouse is a 3-button one, with a scrolling wheel. Nothing special, but good for the job it's targeted.

At 8:05 a.m. i start testing all the consoles. As soon as i arrive at the switches, the inevitable happens. I have some problems with 3 of them. I expected something like that, especially after the CCIE Assessor Labs. I inform the proctor of the problem and i continue fixing my windows, moving them to the 4 corners, so i can have 4 switches or 6 routers, all at the same time on the screen.

After 5 mins (8:10 a.m.) the switches are ok and i'm ready to start reading my exam. I read very carefully the initial instructions (1 whole page), twice. I don't want to miss or misunderstand something. They seem a little complicated. I'll need to read them again. I then proceed to the lab tasks. I start keeping notes while i read them. Most of them are known to me, besides 2 tasks that i cannot understand exactly what is asked for. The EGP part is quite complicated; i'll need to create a peering diagram. The IGP part seems easier; maybe i can get away without a diagram. The L2 part is the most complicated one and has many tasks, but i'm very confident of my L2 knowledge, so i decide to proceed without a L2 diagram too. If i get stuck, i'll have to create one as soon as possible. After a third reading of the initial instructions, i write down on the scrap paper abbreviations of the most important ones using capital letters, so i can see them at anytime during my exam. I also write down (using a color marker) my 2-digit rack number. I don't want to miss a task, because of a wrong ip address.

The time is already 8:45 a.m. and i haven't typed anything. Other candidates seem to have started typing already. I have a pair of ear plugs with me, but the noise from their keyboards (Logitech) is quite low, so i decide not to use them. I have a quick look at the initial configs for any strange pre-configured things. As it seems there are some things pre-configured. Now it got even worse; this is what i was afraid too.

At 9:00 a.m. i start my first task. The first tasks are usually the most time-consuming ones (until you get used to the specific environment, you spend a lot of time looking for anything suspicious); but they are the most important too, since you build the whole lab on them. I proceed very slowly; i want to be double sure of everything. I know that after i complete the core part, i'll speed things up. Everything is working fine. The initial notes on my scrap paper help me remember important facts. As time passes by, i return to an initial task to correct a silly mistake of mine. My brain is working in multitasking mode. While doing later tasks, i'm thinking of the previous ones.

Time is passing by very quickly. 11:30 a.m. and i'm in the middle of my IGP part. I feel a little bit worried. Lab seems a little bit easy until now, but i'm proceeding very slowly. There must be a hidden catch somewhere.

Proctor informs us of the lunch break at 12:00; just 5 mins before it. I 'm now finishing my core part. Time to save all configurations and reload everything. Or, maybe i have time to test the general connectivity. I have my ip address collection scripts ready. Just 3 simple commands on each router/switch and i have all the ip addresses from them (using Alt+LMB selects a rectangle). I create the appropriate tcl/macro scripts and i start running them simultaneously on all the routers and then on all the switches. That's where the multiple windows helps. Everything is fine. I don't get an answer from an ip, but that ip isn't announced anywhere so that's normal. Time to reload and go for lunch.

Lunch is free since they provide you with a coupon. But food sucks. I choose a steak with potatoes. You can choose chicken, but it wasn't my favorite. I sit with all the other candidates on the same table, together with the proctor. Nobody has the guts to start talking, even for irrelevant matters. I'm still thinking about my lab exam tasks. But I start feeling very well now, because i realize that i have almost completed the core part and most importantly i have answered (99% correctly) all tasks until that time. Desert is good; at last, something worthy.

At 12:30 p.m. we leave the restaurant and we head back to the lab room. Proctor informs us of the ending time, 4:30 p.m. I need to recheck my core part after the reload. Time to re-run the scripts. Ok, everything is still fine. The next tasks seem easier, although in some of them i need to verify their config by looking at the documentation. Time to test the DocCD functionality. IE7, multiple tabs opened; 12.4 configuration guides/commands references/master index, 3560 configuration guides/commands references. Everything is way too fast according to my home experience; something must be cached locally. All redirections are working fine! Another thing, i was worrying about, is gone. I have a quick look; yes, i was correct in my config. Nothing to worry about.

Time is 1:15 p.m. and i meet the first tasks i cannot understand. I'm reading and reading all over again, but it doesn't make any sense. I decide to ask the proctor, but i get the answer "sorry, i cannot answer that". I spend around 15 minutes on this task and i have found 2 possible interpretations. I make a note of them and i continue with the next task. Another cryptic one. I don't want to disturb the proctor again, because i have kept a lot of questions for the end, in order to verify 100% my configs. I create 3 possible interpretations for this task and i make a note of them too. These are my first 2 tasks that cannot be answered with 100% certainty. I don't worry; i know i have to miss 6-7 tasks in order to fail.

1:45 p.m. and time for the EGP part. I get 2 extra pieces of scrap paper and i quickly create a peering diagram. Hmmm... I know there is something tricky here. This is the first time i meet such a scenario. But i find it interesting, kind of tempting. After 40 mins i have found the solution in all the relevant tasks and everything works as expected.

YES!!! 6 hours to complete the lab!!!

2:30 p.m. Time for a review. I have kept notes of the tasks that i am 99% sure; around 9 of them. In everything else i'm 100% sure that my solutions are correct. Time to ask the proctor. I know that i must make clever questions in such way that you give the impression you already know the answer. Proctor seems helpful enough, he understands my confusion and answers most of my questions. After that, i have to correct 2 minor issues. Ok, easy stuff. Now another review from the beginning. Test & verify each task as comprehensively as possible. I must create a sla operation in order to verify a specific task. I have enough time, so i'm proceeding with this; nothing new here. Tcl/macro scripts are also working fine after all the minor changes.

At 4:00 p.m. i know i have passed. There must have been an extremely stupid mistake done at the very beginning, if i was to fail. I have another 30 mins to do these 2 tasks i couldn't understand. I choose to follow the most straight way; no extreme solutions, no risky changes to running configurations, just the most simple answer. A final run of my tcl/macro scripts confirms that everything is still working fine. Time to save everything and reload. Another run of the tcl/macro scripts. Time to party! I love seeing these exclamation marks running up & down on my screen. This must be the only time in my life that 2 punctuation marks ("!", ".") play such an important role.

4:30 p.m. The exam is over. The proctor is collecting our papers and we must log off. I guess i'll have to wait until tomorrow for my CCIE number. I must admit that i feel a little bit strange. I'm 99.999% sure that i have passed. But i feel i didn't got a hard challenge, the challenge that i was fantasizing when hearing about the CCIE Lab exam. So generally i would say: L2 was hard, but it was my specialty so i wasn't afraid, IGP was average, EGP a little hard and all other stuff below average; possibly the correct analogies that a Routing & Switching exam should be? But i mostly feel disappointed because i didn't understand 100% these 2 tricky tasks. I'm sure that if i could learn the answers, i would laugh with them.

At 4:50 p.m. i'm back at my hotel. I feel exhausted, happy and disappointed.

19 Jan 2008 (1 day after the lab exam)
10:00 a.m. Time to return to Athens. I learned the results as soon as i got home. The rest is already known.

CCIE Lab - Self-Teaching

One week before my lab exam, i started recording into a mp3 player all my handwritten notes. I know it might seem funny, but later i found out that this was my best idea ever!

I recorded around 7 hours of myself describing strange scenarios and proposing solutions (mostly from the online labs i had done), reading difficult/unknown parts from the DocCD and everything else i though it would come handy.

You'll be amazed of how easily you can understand (and most importantly remember) some things when you hear them over and over. It's a form of self-teaching. Instead of reading your notes from a piece of paper, you're hearing them on your mp3 player.

And you can do it everywhere; on the bed, on the bus, on the plane, in the hotel. You don't worry about carrying your notes with you, you don't worry about finding a quiet place where you can sit comfortable and read them.

Anytime, anywhere....Your own self is teaching you!!! Just remember me and try it!!!

CCIE Lab - Things i didn't do

During my preparation for the lab i had come into a lot of pages that were describing some things that you can do and possibly increase your chances of passing. Below you'll find some that i didn't do.

Before the exam

I didn't use any CCIE workbook
I didn't attend any CCIE bootcamp
I didn't watch any CCIE mailing list
I didn't use any CCIE dump program

During the exam
I didn't use any aliases
I didn't use the Terminal Server access
I didn't draw any L2/L3 diagram
I didn't wear ear plugs

That of course doesn't mean that everyone shouldn't do them. I just didn't do them, because i decided so.

For example, if i didn't have any work experience, i would probably do the 1st and/or the 2nd from the "Before the exam" list. Instead of all these "Before the exam" things, i decided to spend my time on practice.

Also, during the exam, i was prepared to draw my diagrams (i had done a lot of L2/L3 diagrams at home when doing Mock Labs), but as i was reading the tasks and looking at the provided diagrams, i decided that i could do it without drawing anything. On the other hand, i had to draw a very simple BGP peering diagram.

Don't forget that the CCIE Lab is completely a personal fight and the only one to decide what's best for you, is yourself. So, be the judge of your readiness and proceed accordingly.

CCIE Lab - How much money it cost

212€ (5 CCIE books)

540€ (Upgrade of my PC)

17€ (MP3 Player/Recorder)
4€ (AAA Batteries)

2 x $249 = 347€ (2 IE Mock Labs)
4 x $99 = 272€ (4 IE Mock Labs)
3 x $30 = 62€ (3 IE Rack Rentals)
- $80 = - 55€ (IE Discount)

$399 = 273€ (2 CCIE Assessor Labs)

6€ (Train @ ATH, Home-Airport)
256€ (Flight ATH-BRU-ATH)
588€ (NH Brussels Airport Hotel, 3 days + breakfast + lunch/dinner)
20€ (Taxi @ BRU, Airport-Hotel-Airport)

$1,694 = 1,156€ (CCIE Lab)

3,698€ TOTAL

My CCIE in numbers

  • 0 tasks unanswered in the CCIE Lab
  • 1 CCIE Lab attempt
  • 2 CCIE Assessor Labs
  • 3 months of preparation
  • 4 HD partitions used for CCIE primary/backup material
  • 5 CCIE Books
  • 6 IE Mock Labs
  • 7 hours of mp3 personal recorded material
  • 10 questions to the proctor during my CCIE Lab
  • 11 candidates on the same room during my CCIE Lab
  • 13 GB of HD space used for Dynamips/Dynagen practicing
  • 15 days of complete isolation
  • 16 hours max time spent on a single day during my practice
  • 18 hours of Rack Rentals
  • 20 days missing from my work
  • 25 minutes max time spent on a single task during my CCIE Lab
  • 28 hours spent until completing IE's sample lab
  • 30 seconds min time spent on a single task during my CCIE Lab
  • 32 phone calls accepted while missing from my work
  • 45 net files used for Dynamips/Dynagen
  • 53 GB of HD space used for all my CCIE material
  • 68 runs of Windows calculator
  • 80 points average on online evaluation labs
  • 90 minutes spent for reviewing my CCIE Lab
  • 158 pages of handwritten notes
  • 180 hours of reading books before starting practice
  • 342 config files created by Dynamips/Dynagen
  • 360 minutes spent until completing my CCIE Lab
  • 390 minutes max time spent on a single task during my practice
  • 528 hours of practicing with Dynamips/Dynagen
  • 820 clicks on Cisco's online DocCD
  • 1380 pages of printed material
  • 3698 euros totally spent
  • 18883 CCIEs before me (1025 was the first one)

Saturday, January 19, 2008

CCIE #19858

I feel a little bit disappointed! The CCIE Lab was easier than expected!

What i found out is that the CCIE Lab is not only about the technology and the knowledge (you'll probably find "better/harder" exams in the various vendors' Mock Labs).

It's also about being able to decode, to interpret, to decrypt the Cisco's way of asking you to do specific tasks. And that SUCKS!!! It's just too annoying to try to understand what the task is actually asking for (especially when english is not your native language), because someone though that "cryptic" words will make the exam harder. They do make it harder... to understand, but i don't think this should be the goal.

I surely own a lot to the proctor, who answered without any problem my 10 questions! Without him and without the 2 CCIE Assessor Labs, i wouldn't have learned the way Cisco is thinking.

Also i would like to thank Internetwork Expert for their excellent Mock Labs. Their clever scenarios and their above average difficulty made me understand many tricky things. If only their support was active, it would be the best ever knowledge evaluation material.

Lastly, i would like to thank the Dynamips/Dynagen authors. Both products are what actually made me decide to go for the CCIE in such a short time. Although i had full access to real equipment (routers & switches) because i work for an ISP, i decided to use Dynamips for my preparation. I just did 3 extra 6-hour rack rentals in order to test some strange L2 scenarios, something that Dynamips is lacking sufficient support for. The easiness that both programs provide is invaluable. You just need a capable PC of running them. I think i'll write a full review of my Dynamips/Dynagen experience in a new post. As i wrote in their forum, Cisco should build a statue for their authors.

After the "short" intro, i must say i'm happy that i passed on my first attempt, after 3 months of hard work.

And to answer the question in the title....YES it is possible to be done in 3 months. You just have to believe it.

"Impossible is nothing"

"Impossible is just a small word that is thrown around by small men who find it easier to live in a world they've been given to explore and not use the power they have, to change it! Impossible is not a fact. It is an opinion. Impossible is not a declaration. It is a dare. Impossible is potential. Impossible is temporary. Impossible is nothing!" --Muhammad Ali

1 day after the REAL LAB!!!!

CCIE #19858

The journey has come to an end...

Start day: 19 Oct 2007
  • CCIE R&S Lab: 18 Jan 2008
End day: 18 Jan 2008

Tuesday, January 15, 2008

Sunday, January 13, 2008

Online Lab Summarization

During the last 2 months i did 8 online labs, 6 from IE and 2 from Cisco. These were my results:

IE Mock Lab 1 - 74
IE Mock Lab 3 - 82
IE Mock Lab 4 - 72
IE Mock Lab 5 - 97
IE Mock Lab 6 - 90
IE Mock Lab 7 - 94
CCIE Assessor Lab V1.6 (A) - 58
CCIE Assessor Lab V2.0 (B) - 78
Average - 80,6

Let's hope the real exam will follow the same route.

5 days left till the REAL LAB!!!!

How to track an object in the down state

Usually you're tracking an object and making some actions when the object is up:

track 1 interface Ethernet0/0 line-protocol
ip route Null0 track 1

The static route is installed when interface Ethernet0/0 is up.

If you want to achieve the opposite:

track 1 interface Ethernet0/0 line-protocol
track 3 list boolean and
object 1 not
ip route Null0 track 3

The static route is installed when interface Ethernet0/0 is down.

How to pass RIP routes between spokes (connected through a hub subif)

R3 ( is the hub, R1 ( & R2 ( are the spokes.

The easy way

! R3
interface Serial1/0.1 multipoint
no ip split-horizon

The clever way

! R1
router rip

! R2
router rip

The ugly way

! R3
interface Serial1/0.1 multipoint
frame-relay interface-dlci 301 ppp Virtual-Template31
frame-relay interface-dlci 302 ppp Virtual-Template32
interface Virtual-Template31
ip address
interface Virtual-Template32
ip address

! R1
interface Serial1/0
encapsulation frame-relay
frame-relay interface-dlci 103 ppp Virtual-Template31
interface Virtual-Template31
ip address

! R2
interface Serial1/0
encapsulation frame-relay
frame-relay interface-dlci 203 ppp Virtual-Template32
interface Virtual-Template32
ip address

Choose what ever suits your needs.

Friday, January 11, 2008

How to filter OSPF routes that have the same source ip

OSPF running on a full-mesh P2MP topology between R3,R4,R5.

Trying to find the route of a network which is equally announced from both R3 & R4 to R5, produces the following:

R5#sh ip route
Routing entry for
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from on Serial1/0, 00:00:46 ago
Routing Descriptor Blocks:, from, 00:00:46 ago, via Serial1/0
Route metric is 74, traffic share count is 1
*, from, 00:00:46 ago, via Serial1/0
Route metric is 74, traffic share count is 1

As you can see, is the router-id of the router which announces both routes, but each one with its own next-hop. Probably you're expecting ", from" on the 2nd route, but in OSPF P2MP topologies, the hub router announces the OSPF routes to the spokes using its own ip.

If you want to prevent this route, when originated specifically from R3, from entering the routing table, you must use a route-map and match on the next-hop address of R3. You cannot match on the source ip, because both routes have the same (due to OSPF P2MP network type).

R5(config-route-map)#match ip ?
address Match address of route or match packet
next-hop Match next-hop address of route
route-source Match advertising source address of route

router ospf 1
distribute-list route-map ROUTE_FROM_R3 in
access-list 3 permit
access-list 34 permit
route-map ROUTE_FROM_R3 deny 10
match ip address 34
match ip next-hop 3
route-map ROUTE_FROM_R3 permit 20

How to choose between Auto-RP and BSR

BSR uses for BSR announcements (from BSR to all pim routers) and unicast for RP announcements (from RP to BSR router).

Auto-RP uses for RP announcements (from RP to MA) and for MA announcements (from MA to all pim routers).

On hub-n-spoke networks, when auto-rp announcements must pass between the spokes, you cannot use "ip nbma-mode", because this works only in sparse mode (and announcements are in dense). You have to use BSR or create a pim-enabled tunnel between the spokes.

BSR uses only sparse-mode. When using BSR & "sparse-dense-mode", you might need to add "no ip pim dm-fallback" to prevent groups without an RP from operating in dense mode.

Auto-RP uses dense-mode for its own announcements, so you have to use one of the following on each pim enabled router:
1) "sparse-dense-mode"
2) "sparse-mode" & "ip pim auto-rp listener"

In BSR we cannot define neither the interval of BSR announcements, nor the scope of them (we can define the RP announcements). In Auto-RP we can define all of them.

In Auto-RP we cannot define the priority of each RP. The RP with the higher ip address wins. In BSR we can define the priority of each RP.

To filter BSR announcements from entering/leaving your network, you can use "ip pim bsr-border".
To filter Auto-RP announcements entering/leaving your network, you can use "ip multicast boundary ACL in/out filter-autorp".

How to create a tunnel and connect 2 different ip subnets

This is a handy trick if you want to connect 2 different subnets (belonging to 2 routers that are some hops away) and you can't use your own ip addresses.

Router1 - RouterX - RouterY - Router2

Router 1

interface Loopback0
ip address
int Serial0/0
ip address
interface Tunnel0
ip unnumbered Loopback0
tunnel source Serial0/0
tunnel destination
router ospf 111
passive-interface Loopback0
network area 111

Router 2

interface Loopback0
ip address
int Serial0/0
ip address
interface Tunnel0
ip unnumbered Loopback0
tunnel source Serial0/0
tunnel destination
router ospf 111
passive-interface Loopback0
network area 111

OSPF can work fine between different subnets, as long as ip unnumbered is used.

Just keep in mind that if you're already using OSPF in these two routers, then you have to use a different OSPF process for this tunnel link. Also make sure you define the tunnel interfaces as passive under the other (main) process.

You can do the same (probably easier) if you use RIP and configure "no validate-update-source" under its process.

EIGRP doesn't seem to provide a similar feature.

How to send a default route through RIP only 1 hop away

Using an offset-list

router rip
default-information originate
offset-list DEFAULT_ROUTE out 14 Ethernet0
ip access-list standard DEFAULT_ROUTE

Using a route-map

router rip
default-information originate route-map DEFAULT_ROUTE
route-map DEFAULT_ROUTE permit 10
set metric 15

How to permit ARP traffic between only two hosts

There are (at least) 2 methods to permit ARP traffic between only 2 hosts. Vlan Maps & ARP Inspection.

Host 1 (IP: MAC: 0000.0c46.4646)

Host 2 (IP: MAC: 0000.0c64.6464)

Using Vlan Maps

mac access-list extended ARP
permit host 0000.0c46.4646 host 0000.0c64.6464 0x806 0x0
permit host 0000.0c64.6464 host 0000.0c46.4646 0x806 0x0
permit host 0000.0c46.4646 host ffff.ffff.ffff 0x806 0x0
permit host 0000.0c64.6464 host ffff.ffff.ffff 0x806 0x0
deny any any 0x806 0x0
permit any any
vlan access-map VLAN_46_ARP 10
action forward
match mac address ARP
vlan filter VLAN_46_ARP vlan-list 46

0x806 is the ethertype for arp packets, ffff.ffff.ffff is the L2 broadcast address used by arp when a host is sending the initial arp request in order to find the mac address of the other host.

Using ARP Inspection

arp access-list VLAN_46_ARP
permit ip host mac host 0000.0c46.4646
permit ip host mac host 0000.0c64.6464
ip arp inspection vlan 46
ip arp inspection filter VLAN_46_ARP vlan 46

The arp access-list includes the mappings between the ip and the mac of each host that should be allowed to send arp packets.

Tuesday, January 8, 2008

6th Mock Lab - 90%

This was the only lab i finished 1 hour before its actual end (8h), but i spent another 2 hours afterwards reviewing my configurations. Luckily i found and corrected 2 issues, which would probably mean 2 lost tasks.

Besides that, i lost 5 tasks in this Mock Lab (level 8):

1) I lost 1 task (2 points), because i forgot to configure the ip address for a loopback interface!

2) I lost 1 task (3 points), because the proctor though (?) that i did the same mistake as in the previous mock lab (using default class to match in MLS). But, according to the solution provided, i was correct this time!!!

3) I lost 1 task (2 points), because i used a /20 for summarization instead of a /21. I just shouldn't have put into summarization the loopbacks of switches that were not supposed to be part of the routing domain.

4) I lost 1 task (2 points), because i used a little bit different statement:

My solution:

redistribute maximum-prefix 80 warning-only

Proctor's solution:

redistribute maximum-prefix 100 80 warning-only

My solution produces 2 logged messages, one at 60 (75% of 80) prefixes and one at 80 prefixes.
Proctor's solution produces 2 logged messages, one at 80 (80% of 100) prefixes and one at 100 prefixes.

The task was asking to generate a log message whenever more than 80 routes are redistributed. I guess both solutions should be correct.

5) I lost 1 task (3 points), because i used a different technique from the solution! According to the proctor i had more configuration on a router, than it was asked for ("use the minimum amount of statements").

My solution:

! 1st router: moving routes from RIP into OSPF
router ospf 1
redistribute rip subnets route-map RIP->OSPF
route-map RIP->OSPF permit 10
match metric 11 +- 5
set tag 512010
route-map RIP->OSPF permit 20
set tag 512005

! 2nd router : moving routes from OSPF into RIP
router rip
redistribute ospf 1 route-map OSPF->RIP
route-map OSPF->RIP permit 10
match tag 512010
set metric 10
route-map OSPF->RIP permit 20
match tag 512005
set metric 5
route-map OSPF->RIP permit 100
set metric 1

Proctor's solution:

! 1st router: moving routes from RIP into OSPF
router ospf 1
redistribute rip subnets route-map RIP->OSPF
route-map RIP->OSPF permit 10
match metric 1 2 3 4 5
set tag 5
route-map RIP->OSPF permit 20
set tag 10

! 2nd router : moving routes from OSPF into RIP
router rip
redistribute ospf 1 route-map OSPF->RIP
route-map OSPF->RIP permit 10
match tag 5
set metric 5
route-map OSPF->RIP permit 20
match tag 10
set metric 10
route-map OSPF->RIP permit 30

I still don't understand how proctor's solution is supposed to work for the OSPF routes that don't match any tag, when they don't have a metric configured for redistribution under RIP. It's very well known that RIP expects a metric to be defined.

I guess, the best way would be to use "redistribute ospf 1 metric 1 route-map OSPF->RIP", or even better don't use the " match tag 10" under the "route-map OSPF->RIP permit 20" statement, so everything else (including the ospf tagged 10 routes) gets a metric of 10.

If you count the number of points i lost, you'll come up with a sum of 12, which means i should have gotten 88. The strange thing is that the whole lab sums up for 102 points!!!

This was the last Mock Lab. From now on, i'll keep on practicing on my PC using dynamips, trying to recreate all the difficult scenarios that i met in the online labs. I definitely need to speed things up.

10 days left till the REAL LAB!!!!

Sunday, January 6, 2008

5th Mock Lab - 94%


I got my 2nd biggest grade (94%) in the hardest Mock Lab (level 10)!!!

I lost only 2 tasks in this one, but i spent 2 more hours from the normal 8-hour lab:

1) I lost 1 task (3 points), because i couldn't find a way to do ip accounting for traffic destined to a specific ip. I tried ip accounting, netflow, policing/classification, but neither one was correct. The answer was IP Source Tracker.

Router(config)#ip source-track

Router#show ip source-track

2) I lost 1 task (3 points), because i didn't know that the default class is useless with MLS; you have to classify traffic somehow. i.e. if you want to police ALL incoming traffic on a L2/L3 switch for a specific interface, then you can create an aggregate policer and use it under 2 different classes (one IP, one non-IP) under the interface's policy-map.

mls qos
mls qos aggregate-policer POLICER-1MB 1000000 8000
ip access-list ext IP
permit ip any any
mac access-list ext NON-IP
permit any any
class-map IP
match access-group name IP
class-map NO-IP
match access-group name NON-IP
policy-map POLICY
class IP
police aggregate POLICER-1MB
class NON-IP
police aggregate POLICER-1MB
int F0/1
service-policy input POLICY

Generally, this lab didn't have many tasks that were depending on others. So if you made a mistake in a task , you're probably going to lose only that task. Surely there were many tasks that were quite strange or tricky, but with a trial & error method, you could solve most of them.

Thursday, January 3, 2008

4th Mock Lab - 82%

That was a strange one.

Last Saturday i had my 4th Mock Lab; level 7 this time.

This is how i lost my points:

1) I lost 1 task (2 points), because i didn't read it well enough. When the task says "do NOT configure this on that router" it doesn't mean "you should configure it on that router". A task, that costed me 15-20 mins to solve, was actually lost because i configured a single command on the wrong router; the router that i was asked to not configure.

2) I lost 2 tasks (3+2 points), because i didn't understand what exactly was asked for. As it seems, "area 0 adjacencies" means "area 0 interfaces", so regardless of whether an interface has any peer, it's still an adjacency (by itself?). Also, "forbid transit services between 2 AS" means "forbid prefixes learned from a specific AS move to another AS" and not "forbid prefixes originated from a specific AS move to another AS". In other words, "allow only local traffic". I believe an actual proctor would actually clarify such things.

3) I lost 1 task (3 points) , because the IOS on a specific router had a bug where it didn't allow you to enter spaces into a rmon event description, although the description was put inside quotes. Probably the proctor didn't even test it on the same router, neither he read the banner i had enabled after logging in, informing him of this "bug".

4) I lost 1 task (3 points), because of an RPF failure, which while i was testing didn't seem to exist. This time i tried not to use static mroutes, so i could experiment with the unicast routing table. Although i'm sure i configured unicast routing in such a way, that there was no mroute needed in the multicast path (all pings were working), the proctor had another opinion.

5) I lost 1 task (2 points), because the question was written wrong. When someone asks to allow a user to shut/not shut only a specific interface, it doesn't mean that the user should be allowed to shut/no shut all interfaces. In order to do the first, you have to use Role-Based CLI Access (which i used, without success as it seems), while in order to do the second you can just use privilege levels (something that the solution used).

6) I lost 1 task (3 points), because i though that "ip dhcp-server x.x.x.x" works the same as "ip helper-address x.x.x.x" for dhcp requests. As it seems, "ip dhcp-server x.x.x.x" doesn't forward the dhcp requests to the dhcp server, unless it's coming from an IPCP negotiation (i.e. if "peer default ip address dhcp" is configured under a PPP interface).

Finally, i guess that the IE's proctors who grade the mock labs, do not necessarily load the configs into the same equipment, neither they do try to configure the provided solution into it. Otherwise they would have noticed that some of the solution's commands couldn't be applied (possibly due to a bug), while some other wouldn't work as expected.

Of course, the support through their forums is still gone. Nobody is actually looking the mock lab sections in there. I still wonder about their reason of existence...

Next Mock Lab coming tomorrow... Difficulty Level 10!!! One more till the actual lab.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.