The goals and study plan for the CCIE lab exam

So it's always best to have a goal, or a plan, for studying. So I will break it down into 12 months with the end goal being taking the lab exam a year from now.

Month 1 will start on 1st August (2013).

So where am I now?

I finished up my CCNP Switch and TShoot exams and have started collecting study resources, books and buying equipment, and generally having a little break. I have just started with the Wendell Odom book CCIE Routing and Switching Certification Guide (4th Edition). Which really should be the first book you start reading - for obvious reasons, the clue is in the title!

I have got some of the practice labs from different vendors and will start to segment them into the varying topics and do those portions of the labs as I progress through the Odom book.

Clearly there are topics that will need a bit of a refresh, and many that will be completely new to me. But then who doesn't like a challenge. If I didn't like a challenge then I wouldn't be doing this exam...

The Odom book above has 20 chapters. 20 divided by 12 is 1.7 (rounded up). So lets call it a minimum of 2 chapters a month. That gives 10 months for reading and learning and two months of solid practice. I could perhaps clear it in a quicker time, but I also want to balance my time between my wife and children and my studies.

I will continue to use this blog to solidify my knowledge as the best way to learn something is through repetition, and hopefully others will benefit as well. At the end of every month will be an update with current progress and it will serve to (hopefully) keep me on track.

So so far - Chapter 1 is done and I have a week left before the clock starts. I will be in sunny Spain next week, so hopefully will be able to finish a large part of the book.

Anyway, enough talking, got to start on chapter 2...

Managing multiple configurations on Cisco IOS routers and switches

In the journey to CCIE there are a great number of labs that we can be doing, such as INE, Narbik, CCIECert, Cisco 360 etc etc. So chances are our switches and routers are going to be reloaded a number of times with varying configurations.

Thankfully we can make the process a little easier and store a number of configurations on the equipment and change between these at our leisure.

The IOS supports a number of commands that can help us with this, so lets have a look at how we can manage the respective configs for a number of different labs.

The first command is mkdir, we can make a directory on the flash storage with the command

mkdir flash:/myConfigs

and confirm that its been created using the command

dir flash:

The output should look like this:

Router#dir flash
Directory of flash:/

1 -rw- 20570916 Jun 6 2000 19:19:48 +00:00 c1841-spservices9-mz.124.16b.bin
2 drw- 0 Jul 23 2013 11:11:42 +00:00 myConfigs

So now we have a nice place holder for our respective configs and we can begin filling this with our configuration files.

So lets make some very basic configurations. I am using an 1841 router, its got a serial interface that will connect to the BB1 router (the frame-relay backbone).

I assign a description to the Serial 0/0/0 interface:

Interface Serial0/0/0 
 description Link to BB1 - INE 

Like I said its a basic configuration! And now lets copy this to the myConfigs folder, and check that its there:

Router#copy run flash:/myConfigs/INE.txt
Destination filename [/myconfigs/INE.txt]?

694 bytes copied in 0.744 secs (933 bytes/sec)
Router#dir flash:/myconfigs
Directory of flash:/myConfigs/

12 -rw- 694 Jul 23 2013 11:20:28 +00:00 INE.txt

On the second line just hit enter to accept the offered destination filename.

So we now have one configuration. Lets make another one:

Router#conf t
Router(config)#int Serial 0/0/0
Router(config-if)#desc Link to BB1 - 360
Router(config-if)#exit
Router(config)#exit
Router#copy run flash:/myConfigs/360.txt
Destination filename [/myconfigs/360.txt]?

694 bytes copied in 1.268 secs (547 bytes/sec)
Router#dir flash:/myconfigs
Directory of flash:/myConfigs/

12 -rw- 694 Jul 23 2013 11:20:28 +00:00 INE.txt
13 -rw- 694 Jul 23 2013 11:24:16 +00:00 360.txt

So now we have two configurations - but how can we easily switch between them?

One option is to copy the file name back to the startup config and reload the router

Router#copy flash:/myConfigs/INE.txt startup-config 

But this means your router is down for a few minutes. Another way is to use the configure replace command.

At the moment our router is running the 360 config, we can see this by doing sh run | beg Serial0/0/0 and we can see the following:

Router#sh run | beg Serial0/0/0 
interface Serial0/0/0           
description Link to BB1 - 360   
no ip address                   
!                               

To make our router run the INE configuration we can use the command configure replace and specify the file we are going to substitute as the current running config:

Router#configure replace flash:/myConfigs/INE.txt    
This will apply all necessary additions and deletions    
to replace the current running configuration with the      
contents of the specified configuration file, which is      
assumed to be a complete configuration, not a partial       
configuration. Enter Y if you are sure you want to proceed. ? [no]: Y   
Total number of passes: 1        
Rollback Done                  

Router#                                                                  
*Jul 23 11:33:32.947: Rollback:Acquired Configuration lock.                
Router#                                                                 
*Jul 23 11:33:34.035: %PARSER-3-CONFIGNOTLOCKED: Unlock requested by process '3'. Configuration not locked.                                                        
Router#sh run | beg Serial0/0/0                                            
interface Serial0/0/0                                                        
description Link to BB1 - INE                                          
no ip address                                                              
!  

So now we can easily and quickly switch between multiple configurations!

We can also push multiple configurations onto the flash file system through tftp, or another method such as SCP. Here I am using SCP, firstly I copy a configuration to the SCP client hosted on a laptop, then I edited the file and saved it under the name CCIECert.txt, and then copied it back to the router. Lastly I did a configure replace to set it as the current running config:

Router#copy flash:/myConfigs/INE.txt scp:
Address or name of remote host []? 10.250.1.10
Destination username [Router]?
Destination filename [INE.txt]?
Writing INE.txt
Password:
!
694 bytes copied in 12.968 secs (54 bytes/sec)

Router#copy scp: flash:/myConfigs/CCIECert.txt
Address or name of remote host []? 10.250.1.10
Source username [Router]?
Source filename []? CCIECert.txt
Destination filename [/myConfigs/CCIECert.txt]?

Password:
!
699 bytes copied in 11.392 secs (61 bytes/sec)

Router#dir flash:/myConfigs
Directory of flash:/myConfigs/

   12  -rw-         694  Jul 23 2013 11:20:28 +00:00  INE.txt
   13  -rw-         694  Jul 23 2013 11:24:16 +00:00  360.txt
   14  -rw-         699  Jul 23 2013 12:25:12 +00:00  CCIECert.txt

Router#configure replace flash:/myConfigs/CCIECert.txt
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: y
Total number of passes: 1
Rollback Done

Router#
*Jul 23 12:26:41.679: Rollback:Acquired Configuration lock.
*Jul 23 12:26:43.331: %PARSER-3-CONFIGNOTLOCKED: Unlock requested by process '3'. Configuration not locked.
Router#
Router#
*Jul 23 12:26:44.791: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Jul 23 12:26:45.791: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Router#sh run | beg Serial0/0/0
interface Serial0/0/0
 description Link to BB1 - CCIECert
 no ip address
!

So there we have it, its easy to host multiple configurations and switch between them quickly. just remember to save your work as you go!

Connecting GNS 3 to real equipment

Connecting GNS3 to real equipment really could not be easier, and opens up a whole world of opportunities for the CCIE lab (or for that matter, any exam).

Your own CCIE Lab - Option 3: Hybrid

As we have seen in part one of this series a fully fledged hardware based lab is going to cost in the region of £1000 and in part two we saw that going for an online rack rental will cost anywhere between $900 and $2700, so when you take into account the exam costs then we are talking about £2500-3500 for this exam.  But is there another option, one to bridge the gap in online and having your own rack full of routers and switches?

Here we are going to see just how far we can go with mixing the various Cisco simulation, or simulator, software offerings that are around, and possibly extending it with real live equipment.


The options we have for software based emulation are Cisco's PacketTracer, GNS3, Cisco IOS on Unix (IOU), and Boson NetSim.

PacketTracer we should all be aware of, as its been with us through CCNA and the CCNP (but if its not familiar then it's Cisco's own router simulator software, which you can download for free from here). Its going to fall short at CCIE level though. Similarly with Boson NetSim, great for all the way up to CCNP, but again not suitable for CCIE level.

So there we have two simulators, that, although serving us well for sometime now can cut the mustard at this level. Certain things like HSRP, BGP and route maps just don't play well on simulated hardware, and they don't unfortunately offer a way to connect to real-live equipment to bridge that shortfall.

So lets move away from simulators and look at emulators, namely GNS3 and IOU.

The GNS3 simulator is great for routers, but due to the ASICs found in Cisco switches this falls short. It will take an IOS image, and can replicate a real router and all of its functions, but as you know from reading the exam topics for the CCIE, routing is only half the story (also the clue is in the title "Routing And Switching". The benefit of the GNS3 simulator is that you can connect the emulated routers to real-live switches, something we'll look at in another post. 

**Update** - Please see here for how to connect GNS3 to a real switch.

GNS3 takes a little time to get used to, but with a suitably beefed up PC (or Mac, or Linux) it will run 1700s, 2600s, 2691s, 3000, 3700 and 7200 series routers and also Pix and ASA firewalls. The switching side lets it down though, and although it offers Ethernet switches, ATM switches, Frame-Relay switches and EtherSwitch routers these really don't perform anywhere near like the real thing. The downside of using GNS3 is that it can be very resource intensive, hence the need for a fairly powerful machine. On a standard machine running 8 different routers will certainly slow things down.

That said, properly breaking out GNS3 into a real-live switch does open a whole world of possibilities. With GNS3 you don't get everything you need out of the box, it's down to you to find the images needed to make it run, useful if you have a CCO login with the appropriate privileges.

The case with the lack of proper switch emulation is the same with Cisco IOU, but, and thankfully, again we can connect a cloud device to real live equipment. Support for routers is superb (as you would expect with this being Cisco's product. We have covered the basics of IOU here, and in a future post we'll cover connecting it to proper hardware switches to extend our routing labs out. IOU is much better at resource management than GNS3 and with the same number of virtual routers running on the same equipment the negative effect it will have on performance is noticably reduced, making it much better for a large scale lab.

So many people have reported excellent success preparing for the CCIE lab with a mixture of emulated and real hardware with either GNS3 (which does seem easier to get into, and certainly easier to find!). But really, at the end of the day, what is possible is not always necessarily what you want to do. Many I know will actually prefer to spend out on getting the proper hardware. But if you can buy £400 worth of switches and do the rest via either GNS3 or IOU then great! Its certainly very possible. You pocket will certainly thank you for it.

So to sum up. 

• Forget PacketTracer or Boson, they really arn't up to the job.
• There really isn't a best cisco simulator software available
• If you want to go for the full hardware solution then it will match closer to the lab environment than emulated.
• Switches suck in an emulated environment.
• If you want to go for emulated/real hardware solution and your google-fu sucks then go for GNS3 (if your computer is powerful enough).
• Cisco IOU is better tuned for "standard" computers.
• Fully emulated will get you some of the way but don't rely on it to get you 100% of the way through the lab.

*Edit 23/10/2013 - Although I still say that switches suck in GNS3 and IOU, HSRP does actually work on them*

Passed CCNP TShoot

Hurrah! I am certified in CCNP Routing and Switching!

I took the CCNP TShoot exam yesterday, I passed, but that's not to say I found it easy. In fact I think this exam took me longer to complete than any of the other exams so far. 

The format is that you are given a couple of multiple choice or drag and drop questions, and then it's onto the trouble tickets. 

RADIUS authentication on Cisco IPS using Microsoft 2008 NPS

Radius allows us to use network credentials to access things like routers, switches and, in this case, the IPS modules. Perfect for limiting down the number of local accounts you have across the network.

This is coming as part of my job, so due to the nature of it the images have been edited (not very well I admit) to remove anything pertinent.  

Here are the steps for getting the IPS modules on a Cisco ASA, or router to use Microsoft 2008 NPS Server for RADIUS authentication.