Saturday, January 31, 2009

CCIE Recertification - Do it early

Today i got the official verification of my CCIE recertification:


Dear XXX:

Congratulations, you have successfully recertified as a Cisco Certified Internetwork Expert! Periodic recertification ensures that the CCIE designation remains a valid measure of expertise in the networking industry.

Your next CCIE recertification deadline will be January 18 2012. Current recertification policies require you to pass one written CCIE exam within the 24 months preceding your deadline. However, you may not schedule the same exam you just passed for at least six months. You may take the written exam for a track different from the one you are certified in to meet the recertification requirement. Written exams are scheduled through Cisco's authorized testing partner, Pearson Vue.


As you can probably see, it's much preferred to do your recertification (at least the first ones) as early as possible, since you'll probably remember most of the stuff. I had the option of doing it till January 18 2010, but i decided to give it a try now, because it was free (due to networkers) and i wanted to avoid the coming written exam changes. It doesn't really matter when you do it, because the 2 year period counts from the day of your initial certification. So in my case, i have 1 year due to initial certification plus 2 years due to the recertification, till it expires.

According to Cisco:

Subsequent recertification deadlines are always based on your original certification date, not on when you took your last recertification exam.
...
Candidates can only apply one passed written exam towards recertification for every 24 month recertification period.


If i do my next certification after 1 year, i'll have 2 years due to the current recertification plus another 2 years due to the new recertification, till it expires. After that i'll have to do it every 2 years.

So, in my case, it goes like this:

2008 CCIE certification - certified until 2010
2009 CCIE recertification - certified until 2012
2010 CCIE recertification - certified until 2014
2011
2012 CCIE recertification - certified until 2016
2013
2014 CCIE recertification - certified until 2018
2015
2016 CCIE recertification - certified until 2020
2017
2018 CCIE recertification - certified until 2022
...
The recertifications after 2010 need to be done after the corresponding initial certification date (Jan 18), in order to have less than 24 months till the next expiration.

If you decide to recertify every 2 years, then you'll go like this:

2008 CCIE certification - certified until 2010
2009
2010 CCIE recertification - certified until 2012
2011
2012 CCIE recertification - certified until 2014
2013
2014 CCIE recertification - certified until 2016
2015
2016 CCIE recertification - certified until 2018
2017
2018 CCIE recertification - certified until 2020
...
All the recertifications need to be done before the corresponding initial certification date, in order to have less than 24 months till the next expiration.

As you can see, by doing a per-year recertification in the beginning, you'll have a 2 years advantage until the expiration of your certification. Of course, you can choose the per-2-years model, change to the per-1-year model sometime in the future and then move back to the per-2-years model again. But i believe it's easier to do it in the beginning.

You just might want to keep all that in mind.

Friday, January 30, 2009

Networkers 2009 - The Barcelona Experience

7 months after my visit to Networkers in USA/Orlando, i visited Networkers in Europe/Barcelona this time. Different continent, different county, different city, different experience, same ranking model.


Category Grade Comments
----------------------------------------------------------------------------------
Hotels A- I stayed at a non-Cisco hotel, but it was very good
for its price. It was also only 15 mins walk
from the CCIB. The only drawback was that wifi access
wasn't free.

Buses B+ I don't think there were buses from hotels to CCIB,
but the buses from CCIB/hotels to the appreciation event
did help a lot during the transportation. They could be useful
for the CCIE party too.

Conference C+ CCIB was good, but i expected something better (especially after
Center my visit to Orlando).
The session rooms should have been more (so AC Barcelona
wasn't needed; very small rooms there), techtorials & labs should
be made in normal rooms and not under "tents" (you could hear
the other adjacent speakers) and WCs seemed not enough.
Also, in some rooms lighting seemed more than needed.

Training B+ I tried to follow the usual 2 categories :
MPLS/VPLS & Carrier/Broadband.
Besides a French speaker who was hard to understand,
all others were great. Techtorial (Ethernet OAM) was very well
presented, 4h lab (PfR) was very interesting (i met a c-nsp guru
there), 2h lab (Nexus) was entertaining (but short).
Since i made my reservation one week before, most of the
"interesting" sessions were full at that time, so i subscribed
for other less interesting. But, as it proved out, many seats
were available during the actual "interesting" sessions.
Cisco must do something to verify seat availability (some hours
before the session?) and provide realtime information (while in
session?), because it's a shame to be forced to schedule wrong
sessions (since the right ones are booked in advance) and some
minutes before to wander around looking for free seats in the
right sessions.
Also, online scheduler should provide an option to add alternative
sessions too (regardless of their availability), so you can always
have a quick look at your desired schedule.

Meet the - I didn't attend one, since i found the needed cisco engineers right
Engineer after their sessions.
Sessions

Food B+ I didn't try breakfast (i had one at the hotel),
but lunch had good variety and quality. Fruits and vegetables
were great.

Snacks A- Snacks were delicious, dessert was top!

On-Site Help A Helpful staff, there were everywhere, answered most of my
questions.

Cisco Store - I didn't have time for this (but i "got" some books from
session speakers themselves and one by a friend).

Conference D A supermarket bag would have been better!
Bags I still wonder whose idea it was to give this hard-plastic made bags.
Is it the crisis that caught Cisco too? I was lucky enough to have
brought my own bag, otherwise i would have been bored picking up
my notes from the floor (as many others did).

Registration B+ Besides the usual session guides and an ethernet cable (!) by the
Pack event's official cable partner, CCIEs got a nice CCIE label pin
(with the new logo) and a CCIE kind-of-wallet (i'm still trying
to figure out how to put euro banknotes in there; or does everyone
use credit cards nowadays?).
Also presentations should have been given in USB sticks
(not everyone has a CD/DVD player on his netbook).

Internet A- I had my EeePC and wireless was ok on every spot i tried.
Access PowerStations was a very nice idea, but more should be provided.

World of - I didn't have time to check it thoroughly. Many Cisco booths, many
Solutions interesting products.

Food at WoS A Excellent snacks (i found time for this, because i met some
friends there and got stuck :-P )

CCIE Lounge A+ Excellent idea! Much quieter and less crowded than other areas.

Certification B+ Nice room, but a little bit cold (why do they always keep it in
Room such a low temperature?).
The procedure before the exam was quick 'n' easy (although they
couldn't find my previous photo; is this how Cisco will fight
proxy test takers?) and it was a very good chance for me to
recertify my CCIE for free.

Chambers A As usual an excellent speech by John Chambers,
Keynote plus a very interesting EnergyWise demonstration.
This man knows how to capture attention.

CCIE Party - I was tired at that day, so i didn't attend it. Nevertheless,
i believe they should have made it nearer the CCIB,
or have buses for transportation.

Customer B+ The party at HyperLife was quite a strange one. I would say it
Appreciation proved better than expected, although i would have enjoyed
Event more live acts. Snacks and food (from around the world) were
a nice and clever addition. Basketball acrobatics was the best show.

Green Agenda A+ A great idea forming into action! I'm just wondering whether
recycled badges will be used for future events :-P

Overall B- This was a very good networking event, but i think i'll stick to
the one in USA. Besides the longer travel times, if you manage to
book a flight and hotel early, their price difference should be
negligible. But generally, if you want to mess with the best class
of cisco engineers, don't miss the networkers events
!


Btw, Cisco should have more strict policies regarding the usage of its engineers' usb sticks. I got a usb stick from a speaker in order to copy to my laptop an extra presentation and i found some -hidden- passport & id card scans into it! I guess someone should inform them to be more careful about where to store their personal stuff.


CCIE Label Pin 1CCIE Label Pin 2
CCIE Label Pin


PS1 : During the event i met and had great time with Greg (etherealmind) & Jeremy (packetlife). Greg is the type of guy who has done almost everything in his career and he is not afraid to change his way of living in order to do more. Jeremy, on the other hand, is much younger (his photo can confuse you), but with a very bright future that he's looking forward to meet. Both were excellent companions during the event and i wish it would last longer (sorry guys for leaving early the last day, but i had a job to finish). See ya around.

PS2 : I also met Maria (a former colleague), who passed her CCIE SP written the last day, during the last hour (keep on rocking girl!). I hope the 100€ dinner recompensed her for the 1 hour of waiting ;)

Sunday, January 18, 2009

One year CCIE - Was it worth it?

Today i got the following email from Cisco reminding me of my CCIE recertification:

Dear XXX:

Our records show your CCIE recertification deadline, January 18 2010, is approaching. We want to encourage you to prepare for and schedule one of the available CCIE written exams to satisfy the recertification requirement.

CCIEs are required to pass one written exam within the 24 months preceding their current recertification deadline. You may either retake the written exam for your track, or attempt a different written exam. A passing score on any written exam will satisfy the requirement for recertification. If you haven't yet, this can be a good opportunity to attempt a second CCIE certification.

So what happened/changed during the last year (as a CCIE) in my life?
  • I have halved my free time
  • I have changed my way of thinking (broad when designing, tight when implementing)
  • I have taken responsibility for almost 500 devices (routers & switches)
  • I have seen my role as a network engineer being put aside
  • I have seen my role as a network designer/architect being put in front
  • I have read more RFCs than all the previous 10 years
  • I have read all (and implemented many parts of) Solution Reference Network Designs (SRNDs) @ cisco.com
  • I have heard many of my colleagues making fun of my CCIE number. Mr 19xxx (thx God they don't remember it) :-P
  • I have changed ~20% of the standard config (mostly regarding security & management) of my company's routers/switches
  • I have created per-service templates for different parts of my company's routers/switches configurations
  • I have opened ~15 service requests @Cisco; half of them proved bugs, while the other half came out as hw/sw limitations (i'm still not happy with tac's service)
  • I have practiced my mind to find better solutions in shorter times (that of course means more work)
  • I have indicated at least 20 documentation corrections/improvements @ cisco.com (but many more pages still suffer)
  • I have converted all my network -Visio made- designs to much better/cleaner ones based on templates (thx to Michael Morris for the idea)
  • I have found 5 major improvements for my company's internal network (too bad 2 of them were outside my section)
  • I have designed one of the best modules for our internal NMS (but i feel sorry for the guys who implemented it)
  • I have bought 10 new books (but read only 3 of them)
  • I have made a few enemies in my company (the ones who are afraid of loosing their job in a specific section)
  • I have made a lot of fellows in my company (the ones who want to follow my path)
  • I have found out what each IOS command does (regarding the devices i'm responsible and their current configuration)
  • I have seen my 2008 annual salary almost doubling due to bonus and the new monthly salary (thx to the previous Chief Technical Director)
  • I have gotten tenths of emails/posts asking for IOS software (for use in dynamips)
  • I have implemented EEM/ESM/ERM/EOT on many parts of my company's network (thx to Ivan Pepelnjak for many ideas)
  • I have completed 2 grand major projects sooner than expected
  • I have gotten an "offer/proposal" from local Cisco for becoming an instructor
  • I have met a lot of interesting people (bloggers & twitters)
  • I have saved a few bucks on various registrations
  • I have spent a lof of bucks on various seminars
  • I have seen the number of CCIEs increase by 3350 (9 CCIEs per day!)
  • I have met the geek love of my life
  • But i still haven't been married!!!

Did the CCIE make me a better human? Probably No!

Did the -path to the- CCIE make me a better engineer? Definitely Yes!

Was it worth it? Would i do it again? YES! YES (probably in less than 3 months) ;)

EEM action CLI uses a VTY with "null" username by default

While i was experimenting with some new features of EEM (which looks like it's turning into a programming language!), i found out that the action cli command uses one of the vtys that are available for normal access to the router, but with a null (or should i say empty?) username.

I created a sample eem applet (which produces some cli output when "show clock" is executed) in order to test it:


event manager applet LOG-CLI-APPLET
event cli pattern "show clock" sync no skip no
action 1.3 cli command "show users"
action 1.4 syslog msg "$_cli_result"
action 1.5 cli command "show aaa user all | i TTY|EXEC: Username=|Authen|^--------------------------------------------------$"
action 1.6 syslog msg "$_cli_result"


This is the generated output which shows the extra vty used:

Jan 18 03:28:28.142: %HA_EM-6-LOG: LOG-CLI-APPLET:
Line User Host(s) Idle Location
2 vty 0 myusername idle 00:02:31 x.x.x.x
3 vty 1 myusername idle 00:00:00 x.x.x.x
* 4 vty 2 idle 00:00:00

Interface User Mode Idle Peer Address

router>

Jan 18 03:28:28.458: %HA_EM-6-LOG: LOG-CLI-APPLET:
--------------------------------------------------
TTY Num = -1
Authen: no data
--------------------------------------------------
EXEC: Username=myusername
TTY Num = 2
AuthenTime = 03:09:32 EET Jan 18 2009
Authen: service=LOGIN type=ASCII method=TACACSPLUS
--------------------------------------------------
EXEC: Username=myusername
TTY Num = 3
AuthenTime = 03:09:41 EET Jan 18 2009
Authen: service=LOGIN type=ASCII method=TACACSPLUS
--------------------------------------------------
EXEC: Username=(n/a)
TTY Num = 4
AuthenTime = 03:28:27 EET Jan 18 2009
Authen: no data



And these are some aaa (+ modem for the vtys) debugs that shed some light on it:

Jan 18 03:17:44.181: AAA/MEMORY: create_user (0x65BA1774) user='' ruser='NULL' ds0=0 port='tty4' rem_addr='NULL' authen_type=NONE service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Jan 18 03:17:44.181: TTY4: EXEC creation
Jan 18 03:17:44.181: AAA/ACCT/EXEC(00000014): Pick method list 'default'

Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): Port='tty4' list='' service=CMD
Jan 18 03:17:44.281: AAA/AUTHOR/CMD: tty4 (151559760) user=''
Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): send AV service=shell
Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): send AV cmd=show
Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): send AV cmd-arg=users
Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): send AV cmd-arg=
Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): found list "default"
Jan 18 03:17:44.281: tty4 AAA/AUTHOR/CMD (151559760): Method=tacacs+ (tacacs+)
Jan 18 03:17:44.281: %AAA/AUTHOR/TAC+: (151559760): no username in request
Jan 18 03:17:44.281: AAA/AUTHOR/TAC+: (151559760): send AV service=shell
Jan 18 03:17:44.281: AAA/AUTHOR/TAC+: (151559760): send AV cmd=show
Jan 18 03:17:44.281: AAA/AUTHOR/TAC+: (151559760): send AV cmd-arg=users
Jan 18 03:17:44.281: AAA/AUTHOR/TAC+: (151559760): send AV cmd-arg=
Jan 18 03:17:44.485: TAC+: (151559760): received author response status = PASS_ADD
Jan 18 03:17:44.485: AAA/AUTHOR (151559760): Post authorization status = PASS_ADD

Jan 18 03:17:44.713: AAA/MEMORY: free_user (0x65BA1774) user='' ruser='NULL' port='tty4' rem_addr='NULL' authen_type=NONE service=LOGIN priv=1
Jan 18 03:17:44.717: unknown AAA/DISC: 1/"User Request"
Jan 18 03:17:44.717: unknown AAA/DISC/EXT: 1020/"User Request"
Jan 18 03:17:44.717: AAA/ACCT/EXEC(00000014): Pick method list 'default'
Jan 18 03:17:44.717: TTY4: Line reset by "Virtual Exec"
Jan 18 03:17:44.717: TTY4: Modem: (unknown)->READY


For comparison, here is the same output when a normal user (already logged in) executes the above command:

Jan 18 03:56:25.817: AAA/MEMORY: create_user (0x65FA05F4) user='myusername' ruser='router' ds0=0 port='tty3' rem_addr='x.x.x.x' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): Port='tty3' list='' service=CMD
Jan 18 03:56:25.817: AAA/AUTHOR/CMD: tty3 (2383786117) user='myusername'
Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): send AV service=shell
Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): send AV cmd=show
Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): send AV cmd-arg=users
Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): send AV cmd-arg=
Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): found list "default"
Jan 18 03:56:25.817: tty3 AAA/AUTHOR/CMD (2383786117): Method=tacacs+ (tacacs+)
Jan 18 03:56:25.817: AAA/AUTHOR/TAC+: (2383786117): user=myusername
Jan 18 03:56:25.817: AAA/AUTHOR/TAC+: (2383786117): send AV service=shell
Jan 18 03:56:25.817: AAA/AUTHOR/TAC+: (2383786117): send AV cmd=show
Jan 18 03:56:25.817: AAA/AUTHOR/TAC+: (2383786117): send AV cmd-arg=users
Jan 18 03:56:25.817: AAA/AUTHOR/TAC+: (2383786117): send AV cmd-arg=
Jan 18 03:56:26.021: TAC+: (-1911181179): received author response status = PASS_ADD
Jan 18 03:56:26.021: AAA/AUTHOR (2383786117): Post authorization status = PASS_ADD

Jan 18 03:56:26.021: AAA/MEMORY: free_user (0x65FA05F4) user='myusername' ruser='router' port='tty3' rem_addr='x.x.x.x' authen_type=ASCII service=NONE priv=1

As you can see above, there is no exec, as the user is already logged in.

Extra event manager debugs show the whole "login" process for the EEM user:

Jan 18 03:41:44.067: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : CTL : cli_open called.
Jan 18 03:41:44.167: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : CCC
Jan 18 03:41:44.167: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT :
Jan 18 03:41:44.167: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : router line 4
Jan 18 03:41:44.167: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT :
Jan 18 03:41:44.167: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : router>
Jan 18 03:41:44.167: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : IN : router>show users
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT :
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : Line User Host(s) Idle Location
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : 2 vty 0 myusername idle 00:00:02 x.x.x.x
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : 3 vty 1 myusername idle 00:00:00 x.x.x.x
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : * 4 vty 2 idle 00:00:00
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT :
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : Interface User Mode Idle Peer Address
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT :
Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : router>

Jan 18 03:41:44.379: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : IN : router>show aaa user all | i TTY|EXEC: Username=|Authen|^--------------------------------------------------$
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : --------------------------------------------------
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : TTY Num = -1
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : Authen: no data
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : --------------------------------------------------
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : EXEC: Username=myusername
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : TTY Num = 2
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : AuthenTime = 03:09:32 EET Jan 18 2009
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : Authen: service=LOGIN type=ASCII method=TACACSPLUS
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : --------------------------------------------------
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : EXEC: Username=myusername
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : TTY Num = 3
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : AuthenTime = 03:09:41 EET Jan 18 2009
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : Authen: service=LOGIN type=ASCII method=TACACSPLUS

Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : --------------------------------------------------
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : EXEC: Username=(n/a)
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : TTY Num = 4
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : AuthenTime = 03:41:44 EET Jan 18 2009
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : Authen: no data
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : OUT : router>
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : IN : router>exit
Jan 18 03:41:44.599: %HA_EM-6-LOG: LOG-CLI-APPLET : DEBUG(cli_lib) : : CTL : cli_close called.


This is normal if you think that in order to execute a cli command you need exec access, but it also means that you might have problems running such EEM applets, when all your vtys are full, exec under a vty is disabled or a special command authorization method is used ("transport input" and "access-class" do not seem to affect it; i guess it's because it is originating from inside). While experimenting i got 2 vtys stuck and all combinations of "clear line/tcp" didn't help (so a reload was needed). You might want to keep an eye on it.

Btw, i fell into an interesting tool (IDEEM) regarding EEM programming. Too bad there wasn't a trial/evaluation version available online.

Update: Thx to Ivan's comment, i added the following command and now the pre-configured username appears on the vty list.


event manager session cli username "eem-user"


The output now becomes:

Jan 18 19:43:10.002: %HA_EM-6-LOG: LOG-CLI-APPLET:
Line User Host(s) Idle Location
2 vty 0 myusername idle 00:01:44 x.x.x.x
3 vty 1 myusername idle 00:00:00 x.x.x.x
* 4 vty 2 eem-user idle 00:00:00

Interface User Mode Idle Peer Address

router>
Jan 18 19:43:10.222: %HA_EM-6-LOG: LOG-CLI-APPLET:
--------------------------------------------------
TTY Num = -1
Authen: no data
--------------------------------------------------
EXEC: Username=myusername
TTY Num = 2
AuthenTime = 19:40:21 EET Jan 18 2009
Authen: service=LOGIN type=ASCII method=TACACSPLUS
--------------------------------------------------
EXEC: Username=myusername
TTY Num = 3
AuthenTime = 19:40:37 EET Jan 18 2009
Authen: service=LOGIN type=ASCII method=TACACSPLUS
--------------------------------------------------
EXEC: Username=eem-user
TTY Num = 4
AuthenTime = 19:43:09 EET Jan 18 2009
Authen: no data


From my understanding, the general aaa process for the EEM cli user goes like this:

1) login authentication is bypassed
2) exec authorization is bypassed (but exec accounting is happening)
3) command authorization is used

Maybe it's time for an "aaa authorization eem-commands" option ;)

Wednesday, January 14, 2009

Changes to CCIE Lab and Written Exam Question Format and Scoring

Effective February 1, 2009, Cisco will introduce a new type of question format to CCIE Routing and Switching lab exams. In addition to the live configuration scenarios, candidates will be asked a series of four or five open-ended questions, drawn from a pool of questions based on the material covered on the lab blueprint. No new topics are being added. The exams are not been increased in difficulty and the well-prepared candidate should have no trouble answering the questions. The length of the exam will remain eight hours. Candidates will need to achieve a passing score on both the open-ended questions and the lab portion in order to pass the lab and become certified. Other CCIE tracks will change over the next year, with exact dates announced in advance.

Effective February 17th, 2009, candidates will also see two other changes in CCIE written exams. First, candidates will now be required to answer each question before moving on to the next question; candidates will no longer be allowed to skip a question and come back to it at a later time. Second, there will be an update to the score report. The overall exam score and the exam passing score will now be reported as a scaled score, on a scale from 300-1000. This change will not affect the difficulty of the current set of exams and will assure CCIE written exams will be consistent with Cisco’s other career certification exams.


Regarding the short-answer questions, below you'll find some interesting Q/As:

Q: Do the short answer questions affect my overall CCIE lab exam score?
A: Yes. All sections on the exam and their results are taken into account when determining the overall exam score.

Q: If I don't complete the short answer questions, can I opt out of the exam and receive a refund?
A: No, the short answer questions are now an official part of the lab exam. No refunds are given if candidates decide they are not ready to take the exam within 90 days of the exam date.

Q: Will the short answer questions also appear on CCIE mobile labs?
A: Yes, the mobile labs are the same as the traditional lab exams. The short answer questions will be part of all CCIE Routing & Switching lab exams after.

Q: Can I skip the short answer questions and go back and answer them later?
A: No, the short answer questions must be completed before the candidate moves on to the configuration scenarios.

Q: What if I don't agree with the grading on the short answer questions? Can I appeal the results of the short answer section?
A: Because short answer questions are open-ended, responses are manually graded and the grading guidelines will allow for some variation in response. If a candidate requests and pays for a Lab Exam reread, a second proctor will review the entire exam responses and issue a second opinion. There will be no option to purchase a reread of only the short answer results.

Q: Can I skip the short answer questions and still pass the Lab Exam?
A: No, candidates must achieve a passing score on the short answer questions, as well as the configurations, in order to pass the Lab Exam and achieve certification.

Q: Will there be additional time provided for the new short answer questions?
A: The length of the exam will remain eight hours. The short answer questions are intended to be answered easily and quickly by well-prepared candidates.

Q: Will the short answer questions be added to the CCIE blueprints? How can I prepare (study) for the questions?
A: The short answer questions cover material already listed on the CCIE lab exam blueprint. The questions are intended to be answered easily and quickly by well-prepared candidates.

Q: Will short answer questions be added to other CCIE Lab Exams, beside R&S? If so, when?
A: Cisco intends to add short answer questions to all CCIE lab exam tracks. We will announce the addition of the short answer questions to each track well in advance of the questions appearing.

Q: Why are you adding short answer questions to the CCIE R&S Lab Exam?
A: Including several randomly-selected short answer questions on the lab will allow Cisco to increase the validity of CCIE and ensure only qualified candidates achieve certification.

Q: How many short answer questions will be asked, and how long should candidates expect to spend on them?
A: Four or five short answer questions will be asked and candidates can expect to spend about 10-12 total minutes on them.


Regarding the written exam changes, i think to be able to skip questions on the written CCIE and answer them later was a nice advantage. Too bad it's being removed.

The short-answer open-ended questions in the CCIE lab is a welcome addition, as long as the proctor will be able to ask them in an understandable way.

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.