CCIE Security study group

staunchy20 said:
the more the better.
Click to expand...

Mmm.. yes and no.
I think it is important to keep some sort of exclusivity when it comes to specialist certifications, hence I will probably not go all the way with a different vendor in the same space, i.e. two network qualifications, a la CCIE and JNCIE. I don't know... that's just me...
 
srothman said:
Mmm.. yes and no.
I think it is important to keep some sort of exclusivity when it comes to specialist certifications, hence I will probably not go all the way with a different vendor in the same space, i.e. two network qualifications, a la CCIE and JNCIE. I don't know... that's just me...
Click to expand...

I wont do two either. I think if you can get one of them, you probably understand the tech well enough, that it will just be an interface / command structure thats different.

I am hoping to do multiple CCIE's though, because i think the lines between the disciplines are blurring so much, that to be a specialist you need to have a good grasp on almost everything
 
ok some feedback on the lab (the feedback im allowed to give and still stick to the NDA)

All materials, including questions etc are delivered in an electronic format. I found this to be quite difficult, as there is only so much space on the screen, and flipping through all the documents, diagrams and console sessions got quite hectic. Especially when under pressure.

The diagrams i found were horrible. I dont know if its intentional, but i suspect it is. They are confusing and I found drawing my own almost immediately, although time consuming, was beneficial.

Accessing the devices is quite cool, you simply click on a device on the drawing and it logs you in (technically :) )

The questions, on their own are not that difficult. Given those tasks in a normal working day wouldnt be an issue, the problem is the pressure of the lab, the topology and the way in which the questions are asked which made it difficult.

I had some issues on my rack, which the proctor gave me a time extension for. I still suspect that one of the problems i couldnt get working 100% was due to an issue on the rack. However, i finished with a bit of time to spare and managed to verify all the questions.

The greatest enemy is panic. I recall 2 situations where i started to panic, and all normal thought goes out the window.
I strongly suggest if this happens to just get up and go to the bathroom and relax. Start from basics and slowly think things through. I ended up redrawing the same situation a few times, and traced on it how traffic would flow in very simple terms to get myself back on track. If you get caught up in the panic, you will fail without a doubt. It wastes time and promotes easy mistakes.

The proctor was great, very friendly and helpful and I got the feeling he actually wanted us to pass. I think the proctor can make quite a difference, so I felt lucky we got someone who was decent.

I found the lab very passable, however, there is very little room for error. On average, getting more than 3 tasks / questions wrong would mean failing. Add to that, that questions stack on each other and its easy to see why people are failing.

Anyways, to the other guys writing good luck. As I said, its very passable, and the work is not as technically in depth as I thought it would be. But the pressure is quite hectic and the time disappears very quickly.
 
syntax said:
ok some feedback on the lab (the feedback im allowed to give and still stick to the NDA)

All materials, including questions etc are delivered in an electronic format. I found this to be quite difficult, as there is only so much space on the screen, and flipping through all the documents, diagrams and console sessions got quite hectic. Especially when under pressure.

The diagrams i found were horrible. I dont know if its intentional, but i suspect it is. They are confusing and I found drawing my own almost immediately, although time consuming, was beneficial.

Accessing the devices is quite cool, you simply click on a device on the drawing and it logs you in (technically :) )

The questions, on their own are not that difficult. Given those tasks in a normal working day wouldnt be an issue, the problem is the pressure of the lab, the topology and the way in which the questions are asked which made it difficult.

I had some issues on my rack, which the proctor gave me a time extension for. I still suspect that one of the problems i couldnt get working 100% was due to an issue on the rack. However, i finished with a bit of time to spare and managed to verify all the questions.

The greatest enemy is panic. I recall 2 situations where i started to panic, and all normal thought goes out the window.
I strongly suggest if this happens to just get up and go to the bathroom and relax. Start from basics and slowly think things through. I ended up redrawing the same situation a few times, and traced on it how traffic would flow in very simple terms to get myself back on track. If you get caught up in the panic, you will fail without a doubt. It wastes time and promotes easy mistakes.

The proctor was great, very friendly and helpful and I got the feeling he actually wanted us to pass. I think the proctor can make quite a difference, so I felt lucky we got someone who was decent.

I found the lab very passable, however, there is very little room for error. On average, getting more than 3 tasks / questions wrong would mean failing. Add to that, that questions stack on each other and its easy to see why people are failing.

Anyways, to the other guys writing good luck. As I said, its very passable, and the work is not as technically in depth as I thought it would be. But the pressure is quite hectic and the time disappears very quickly.
Click to expand...

Awesome Feedback!!!!!! Thanks man....

So when do you find out if you passed ?

Also the part about panicking makes sense as experience has thought me that it never helps.

Well Done man.... sounds like it was fun!
 
eCliPSe said:
Awesome Feedback!!!!!! Thanks man....

So when do you find out if you passed ?

Also the part about panicking makes sense as experience has thought me that it never helps.

Well Done man.... sounds like it was fun!
Click to expand...

i wrote on the friday, i got my results just after midnight. I have heard that on a friday you can sometimes wait till monday.
I did manage to pass, even if i didnt feel that confident after the lab.

It is really hard to control the panic / nerves. I honestly think the exam is designed to be as awkward as possible, and once that panic hits, everything goes wrong.
 
In that case congratulations are in order! Well done on accomplishing no small feat!
 
Well done man!!! CCIE Security ftw!!

Could you before you run off into the sun set give us a brief summary of your study material used. Like the workbooks and simulations with general study time frames?

Now I want to do my written so i can take this bad boy next year in May or August. :D
 
eCliPSe said:
Well done man!!! CCIE Security ftw!!

Could you before you run off into the sun set give us a brief summary of your study material used. Like the workbooks and simulations with general study time frames?

Now I want to do my written so i can take this bad boy next year in May or August. :D
Click to expand...

Hey, i posted this previously,


syntax said:
Sure

At the moment I have used
INE WB 1 & 2 (they only have version 3 out at the moment). I have done these books multiple times
IPexpert videos on demand (version 4)
Ipexpert workbook 1 (only 50% has been released)
User/admin guides for ISE, WLC and WSA

I also re-read the ccna security cisco press books.

For the actual lab practicing, I found that trying to build a large lab and test multiple things took to long to get up and running.
Especially when using gns3 and my vm environment (which includes acs5.3, ISE, vWLC and vWSA)

Instead, I am building small'ish scenarios practicing each technology in various ways.
IE, For vpn's, I will try do them with certs, with vti's, matching on different criteria (peer id's etc).
I am also removing configs and checking debugs, to see what the outputs are if certain things are removed or incorrect.
I noticed that its not always clear to see whats wrong, and would rather get a feel for what the debugs say.

As for studying time, im doing about 4 hours a day during the week, around 8 - 10 hours a day on weekends.

Since i havent done a lab exam before, I am going to use this one as a kind of learning curve (if i fail).
Hopefully, i can get a feel then of how they ask the questions, the time constraints etc.

My big issue at the moment is working on some of the devices. IPexpert has rack rentals, but they are booked until end of May.
INE hasnt got their racks up yet, so i dont have practice on the new IPS etc.
Click to expand...


So i used IPexpert racks for the last 2 weeks or so, they werent great, i had a few issues and the latency was horrible.

In total, i did just under 540 hours of studying time in preparation for the lab.
 
Thanks again... I have deployed a full network running ASA5585X SSP60 + WLC + ISE+ 6509E + ACS 4.1 ( yes it is Cr@p not 5.3 :D ) . I am doing a 5day Official Training on the ISE at the end of June. I think my weak points are dynamic vpn's and PKI server deployments. Then also the WSA as i have no hands on with it ,but i will get a VM running setting it up. Also working on my shell scripting basics ( helps with my custom signatures on IPS ).

Well Done... i have heard so many horror stories it is nice to hear the other side of the coin.
 
eCliPSe said:
Thanks again... I have deployed a full network running ASA5585X SSP60 + WLC + ISE+ 6509E + ACS 4.1 ( yes it is Cr@p not 5.3 :D ) . I am doing a 5day Official Training on the ISE at the end of June. I think my weak points are dynamic vpn's and PKI server deployments. Then also the WSA as i have no hands on with it ,but i will get a VM running setting it up. Also working on my shell scripting basics ( helps with my custom signatures on IPS ).

Well Done... i have heard so many horror stories it is nice to hear the other side of the coin.
Click to expand...

cool man no stress.
The only thing i would say is change your ACS version. The changes between 4 and 5 are quite large.
Its not an aesthetic thing and the way it works is quite different.

I used VM's for almost everything, you can get demo licenses for everything except the WSA. But, if you have a WSA in production, you can use that serial number and get a VM license key for free :)

VPN's are quite critical. I was fortunate to have come from a service provider environment. So i was quite strong on VPN's which definitely helped in the lab. Troubleshooting vpn's can eat time, which can be a disaster for the exam
 
Starting Officially today studying for CCIE Sec. Will do the Written in November2013 and the Lab in Aug2014. I have been doing some of the recommended reading from Cisco. Now getting into workbooks and bootcamp Vids. Mainly V3 labs for now then i can move onto the V4 stuff.
 
eCliPSe said:
Starting Officially today studying for CCIE Sec. Will do the Written in November2013 and the Lab in Aug2014. I have been doing some of the recommended reading from Cisco. Now getting into workbooks and bootcamp Vids. Mainly V3 labs for now then i can move onto the V4 stuff.
Click to expand...

Why not just start with v4 labs? I started on v3 because there was no material out for v4, but i am struggling to recall things in v3 that arent in v4? But there is obviously a lot in v4 that isnt in v3.

Anyways, you have stacks of time. If i was you, I would try go for the lab in January. My attempt was supposed to be a test attempt, to see how the lab is so that i could gauge the difficulty and see if i was studying properly.
It might also motivate you to put foot now and try that little bit harder!!

What i can say about the lab, there is very little room for error. Because each section is worth a fair amount of marks, and the sections build on each other, you can only afford to get 1 maybe 2 things wrong (if they are not core modules) before you fail. I would advise not leaving out anything that is in the blueprint purely for this reason. Cover everything to a decent degree, then go hardcore on the sections that are most likely to be asked.
 
syntax said:
What i can say about the lab, there is very little room for error.
Click to expand...

And thus the reason i am making sure i do things right. I know that i am not close enough to even look at dont the lab within the next 6 months (I just dont have the extensive hands on experience). The main reason i am going over V3 is that i got the stuff for free and the big changes between v3 and v4 is the ISE/ACS/WSA/WLC. Thus things like setting up ASA's for active acive failover and VPN's are very much similar. As they still cover those basics that needs to be smooth to ensure minimal time loss and errors.

Now I will try and motivate my company to buy the kit needed so i can have the rack time needed. They are doing an official ISE training bootcamp the second last week of this month. They are flying someone in from Dubai for us. Should be fun.

Yeah May next year might be the earliest i can try it :D
 
eCliPSe said:
And thus the reason i am making sure i do things right. I know that i am not close enough to even look at dont the lab within the next 6 months (I just dont have the extensive hands on experience). The main reason i am going over V3 is that i got the stuff for free and the big changes between v3 and v4 is the ISE/ACS/WSA/WLC. Thus things like setting up ASA's for active acive failover and VPN's are very much similar. As they still cover those basics that needs to be smooth to ensure minimal time loss and errors.

Now I will try and motivate my company to buy the kit needed so i can have the rack time needed. They are doing an official ISE training bootcamp the second last week of this month. They are flying someone in from Dubai for us. Should be fun.

Yeah May next year might be the earliest i can try it :D
Click to expand...

I just looked on pearsonvue site, CCIE written exam is R2502 which still excludes the lab exam and if the price of the lab is anything to go by the pricing of the CCDE practical exam @ R10720 :wtf: well then I better start saving for these exams :D
 
Last edited:
Hmmm I would recommend getting employed by a company that funds your studies. I have only paid for two exams thus far. My company is paying for all of it. Of course you would need to stay with them for a selected period of time but hey it is worth it. The CCIE labs are priced at $1400.00. So it costs a bucket load.

Major network players like DD, BCX, Bytes, First Tech, and so on I know pay for your studies.
 
eCliPSe said:
And thus the reason i am making sure i do things right. I know that i am not close enough to even look at dont the lab within the next 6 months (I just dont have the extensive hands on experience). The main reason i am going over V3 is that i got the stuff for free and the big changes between v3 and v4 is the ISE/ACS/WSA/WLC. Thus things like setting up ASA's for active acive failover and VPN's are very much similar. As they still cover those basics that needs to be smooth to ensure minimal time loss and errors.

Now I will try and motivate my company to buy the kit needed so i can have the rack time needed. They are doing an official ISE training bootcamp the second last week of this month. They are flying someone in from Dubai for us. Should be fun.

Yeah May next year might be the earliest i can try it :D
Click to expand...

Hmmm ive also in ISE training at this time o_0
 
Last edited:
Cabling and pin-out diagrams

X21 goes to NTU and pin out is different
Serial DB60 or smart serial different again

Back to back serial DCE - DTE should have both connector pinouts the same ?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X