As soon as Cisco announced the CCIE Security v5, I immediately went and booked my v4 lab, it's on September 30th, so I have (as of today) 106 days to go. I really was not planning to take it this early, as I was looking to take it in December, but that would only give me one shot at the v4. At least this was I can have a resit in December if I need to. But my initial reaction was:
I have been happily strolling through my mental plan, and figured six months would be ideal for me to get everything in place, read it, lab it, rinse, repeat.
Now I actually need to plan this all out, and pretty damn quick.
There are a few things that I am pretty comfortable with, predominantly the ASA. My initial forays into ISE and ACS have been going pretty well, and certainly if I get ISE, well, it's got all the help you need in it anyway. Similarly with the WLC, that seemed very intuitive. But these are only a handful of components within a big machine. There are a few bits I still want to cover with ISE and ACS, such as web proxy, command accounting/authorization,
So, let's list the weak points and work from there.
- IPS
- ZBF
- FlexVPN, GET VPN, EasyVPN
- Dual-hub DMVPN (regular DMVPN is fine)
- Digital certificates/CA
- Service hardening (NTP, SNMP)
OK, so it's not a massive list, really. The topology I have been playing with is not really that tuned for the VPN stuff, so I'll have to break that down into smaller labs. Variation is good though, and it'll help by setting things up from scratch again. Repetition helps memory.
Then we have the things that I am good at, that I need to get quicker on, or modify my approach. Such as the ASA, the things I do in the GUI (ASDM) regularly, I need to be able to do from the
VPNs are a good example of this. I cannot take for granted that the test PC in the lab will have the routing in place to get to the ASA to use ASDM. I will have console access though, and this is what I need to concentrate on.
All-in-all it's probably not that scary. A month or so of learning, then two months of labbing scenarios and final revision.
I remember the countdown for my first CCIE, and I must say, I feel in a much better place this time around. Having already done one, it's not as daunting and scary as it was the first time. I know what to expect in the lab (in terms of how it's laid out, how to navigate through the interface, what it feels like to be sitting there after two years of building up to it), I know where it is and where the hotel is (need to book that though), so I feel more comfortable this time. Though waiting for the results is horrible!
So here is the plan:
| Topic | Days |
|---|---|
| Finish off ISE/ACS | 7 |
| IPS | 7 |
| ZBF | 7 |
| Flex/GET/Easy/Dual -VPN | 14 |
| CA | 3 |
| Service hardening/routing authentication | 10 |
| Total | 48 |
There are other things that will also be happening during this time, such as a two week family holiday, but I still think I should be ready in time.
We will see!