Our Labor Day Promotions Are Kicking off Early!

We’re pleased to be wrapping up another summer, here at iPexpert, and want to send the summer out with a bang. Be sure to check out the following Cisco training promotions before they expire!

Disclaimer:

• Promotions end Sept 2, 2014, at 11:59 PM EST.
• Offers only apply for new purchases.
• All purchases must be made through our website.
• Promotions cannot be ran in conjunction with any additional promotions or coupons.

—————————————————————————————–

Buy ANY of our CCIE Workbooks and Receive LOTS of FREE Racktime

After more than 13 years of success in the CCIE training industry (3,200+ CCIE success stories) , We’ve developed a proven methodology that’s become the industry standard. Our CCIE workbooks continue to lead the market in many ways. With our “Next Generation” model, you’ll be given web-based access to our workbooks, along with downloadable PDF access (no DRM). Unlimited prints, and VIP technical support are also benefits that our students receive.

Purchase any of the following workbooks listed below, and receive FREE racktime and VoD access as outlined.

CCIE Routing and Switching V5 Workbooks:

• Buy our CCIE R&S (v5) Technology Workbook (Vol. 1) and get 50 free 4-hour Rack Sessions
• Pre-Purchase our CCIE R&S (v5) 8-Hour Mock Lab Workbook (Vol. 2) and get 50 free 4-hour Rack Sessions

* Buy them BOTH and get 200 free 4-hour sessions!

CCIE Data Center Workbooks:

• Buy our CCIE Data Center Technology Workbook (Volume 1) and get 10 free 4-hour Rack Sessions
• Buy our CCIE Data Center 8-Hour Mock Lab Workbook (Volume 2) and get 10 free 4-hour Rack Sessions

* Buy them BOTH and get 25 free 4-hour sessions!

CCIE Collaboration Workbooks:

• Buy our Cisco CCIE Collaboration Technology Workbook (Vol. 1) and get 25 free 4-hour Rack Sessions
• Pre-Purchase our CCIE Collaboration 8-Hour Mock Lab Workbook (Vol. 2) and get 25 free 4-hour Rack Sessions

* Buy them BOTH and get 50 free 4-hour sessions AND our CCIE Collaboration Written VoD (Next Gen) Free! (Streaming access)

CCIE Wireless Workbooks:

• Buy our CCIE Wireless Technology Workbook (Volume 1) and get 25 free 4-hour Rack Sessions
• Buy our CCIE Wireless 8-Hour Mock Lab Workbook (Volume 2) and get 25 free 4-hour Rack Sessions

* Buy them BOTH and get 100 free 4-hour sessions

CCIE Security Workbooks:

• Buy our CCIE Security Technology Workbook (Volume 1) and get 50 free 4-hour Rack Sessions
• Buy our CCIE Security 8-Hour Mock Lab Workbook (Volume 2) and get 50 free 4-hour Rack Sessions

* Buy them BOTH and get 150 free 4-hour sessions AND our CCIE Security Written VoD (Next Gen) and our CCIE Security Lab VoD (Next Gen) Free! (Streaming access)

*Note: Your “freebies” will be added to your Member’s Account the following business day.

—————————————————————————————

Purchase a 10-Day CCIE Bootcamp Course Voucher and Save THOUSANDS!!!

This weekend, you’re able to purchase a 10-day Bootcamp voucher at a cost of $3,499. These vouchers can be used for our CCIE R&S, Collaboration, Wireless and Security courses.

• Purchase your 10-day Bootcamp Voucher Now!

We’re also running a 5-day CCIE Data Center Bootcamp promotion that will save you $500 off of our list price of $4,499. Register for your 5-day CCIE Data Center Bootcamp and pay only $3,999

• Reserve your Seat in our 5-day CCIE Data Center Bootcamp Now, and pay ONLY $3,999  Be sure to use coupon code “LaborDayDC “

You’re still entitled to our standard CCIE Bootcamp policies below:

• A free subscription to iPeverything™ (If you purchase a 5-day bootcamp you’ll be given a 1-year iPeverything™ subscription, if you purchase a 10-day bootcamp you’ll be given a 2-year iPeverything™ subscription.)
• The Volume 1 and 2 workbooks for the track you’re studying for.
• All Detailed Solution Guides for the track you’re studying for.
• Access to every CCIE Written, CCIE lab, CCNP and CCNA VoD course.
• Access to every audio on demand lecture for all CCIE, CCNP and CCNA tracks.
• Access to every CCIE written, CCNP and CCNA quizzer.
• Free online vLecture access for ALL certifications / all tracks.
• Free online workbook mentoring for ALL certifications / all tracks.
• VIP support from within iPexpert’s Member’s Only Support Community.
• One free retake (at physical location or via our Online-HD-ILT™ solution. (Unlimited retakes for R&S and Security)
• If you sit in on an Online-HD-ILT™ bootcamp, a recorded copy of our approved class recording for the class you have taken will be added into your Member’s Account.

Retake Policy:

• iPexpert’s bootcamp retake policy is very simple. While our primary competitor charges upwards of $1,000 for a retake, we don’t charge you a dime. For R&S and Security bootcamps, you’re entitled to UNLIMITED retakes until you pass and earn your number. We stand behind our training and guarantee your success!

—————————————————————————————–

CCIE Training Bundles : Heavily Discounted Until Tuesday

We’re excited to announce several new CCIE training bundles, which are made up of our most popular self-study materials that have been purchased, and used by your peers to pass their CCIE lab. One of the perks of our bundles is that you own the product, they’re downloadable and they never expire! We’ve got 2 different bundles per track, one if strictly CCIE-focused, and the other is a CCNA to CCIE bundle.

The CCIE-focused bundle from iPexpert consists of:

• Workbook, Volume 1 (w/ Detailed Solution Guide)
• Workbook, Volume 2 (w/ Detailed Solution Guide)
• All CCIE lab VoD Courses / Modules
• CCIE Racktime (# of vouchers depends on the track)

Our CCNA to CCIE bundle contains a wealth of material for that track you select, including:

• All CCNA VoD Courses / Modules
• All CCNP VoD Courses / Modules
• CCIE Written VoD Course
• Workbook, Volume 1 (w/ Detailed Solution Guide)
• Workbook, Volume 2 (w/ Detailed Solution Guide)
• All CCIE lab VoD Courses / Modules
• CCIE Audio on Demand Lecture Series
• CCIE Racktime (# of vouchers depends on the track)

From today, through Sept 2^nd, 2014 – purchase any of the bundles below and receive another 25% off on these already discounted bundles! Be sure to use coupon code “LaborDayBundle“ to receive your discount at checkout.

CCIE Routing and Switching Bundles:

• R&S V5 “CCIE-focused” Training Bundle  | Buy Now
• CCNA to CCIE R&S Training Bundle  | Buy Now

CCIE Data Center Bundles:

• Data Center “CCIE-focused” Training Bundle  | Buy Now
• CCNA to CCIE Data Center Training Bundle  | Buy Now

CCIE Collaboration Bundles:

• Collaboration “CCIE-focused” Training Bundle  | Buy Now
• CCNA to CCIE Collaboration Training Bundle  | Buy Now

CCIE Wireless Bundles:

• Wireless “CCIE-focused” Training Bundle  | Buy Now
• CCNA to CCIE Wireless Training Bundle  | Buy Now

CCIE Security Bundles:

• Security “CCIE-focused” Training Bundle  | Buy Now
• CCNA to CCIE Security Training Bundle  | Buy Now

—————————————————————————————-

CCIE Collaboration Written VOD :: 50% Off From Now Through Sept 2nd

If you’re working on your CCIE Collaboration studies, you’ll want to look into our new CCIE Collaboration Written VOD :: Next Gen as a starting point!

During this high-definition, studio-recorded video course, you’ll watch Andy Vassar (CCIE x3 :: Collaboration, Voice and R&S) explain the theory, and conduct white boarding on nearly every protocol or technology that you’ll encounter on the CCIE Collaboration written exam.

Throughout the weekend, purchase our CCIE Collaboration Written VOD :: Next Gen and receive 50% off the list price of $699 (Streaming). Be sure to use coupon code “LaborDayCollabWr“.

—————————————————————————————–

CCIE Racktime :: BOGO – CCIE R&S, Data Center, Collaboration, Wireless and Security Rack Vouchers :: Buy One, Get ONE FREE – Offer Ends Sept 3rd

Now’s the time to stock up on your CCIE Rack Vouchers. For just a few days, however many CCIE Rack Vouchers you purchase, we’ll double them for you!

• Buy CCIE R&S Rack Vouchers
• Buy CCIE Data Center Rack Vouchers
• Buy CCIE Collaboration Rack Vouchers
• Buy CCIE Wireless Rack Vouchers
• Buy CCIE Security Rack Vouchers

*Note: Your vouchers will be added to your Member’s Account the following business day.

—————————————————————————————

1-year and 2-year iPeverything™ Subscription Free Racktime if Purchased Before Sept 3rd

Our iPeverything™ subscription is the industry’s most up-to-date and complete learning subscription for any of the 5 CCIEs, CCNPs and CCNAs that we teach. (R&S, Data Center, Collaboration / Voice, Wireless and Security tracks)

2-Year Promotion:

Through September 2nd when you purchase a 2-year iPeverything™ subscription, you’ll have the option to receive ONE the following rack voucher packages free:

• 200 4-hour R&S sessions
• 150 4-hour Security sessions
• 100 4-hour Wireless sessions
• 75 4-hour Collaboration sessions
• 25 4-hour Data Center sessions

1-Year Promotion:

Purchase a 1-year iPeverything™ subscription, and you’ll be provided with one of the CCIE Rack Voucher packages :

• 75 4-hour R&S sessions
• 50 4-hour Security sessions
• 50 4-hour Wireless sessions
• 25 4-hour Collaboration sessions
• 10 4-hour Data Center sessions

*Note: Your vouchers will be added to your Member’s Account the following business day.

—————————————————————————————–

1-year iPvideo Pass™ Subscription :: PRICE SLASHED!!!!

There’s NEVER been a more up-to-date and cost-effective CCNA and CCNP video training library!

This weekend, purchase our 1-year iPvideo™ pass subscription for just $199.00, and save $100. Just use coupon code “LaborDayiPvideo“.

What’s included:

-Streaming access to the following VoD courses:

• CCENT
• CCNA R&S
• CCNP R&S
• CCNA Data Center
• CCNP Data Center (DCUFI)
• CCNA Voice
• CCNP Voice
• CCNA Wireless
• CCNP Wireless
• CCNA Security
• CCNP Security

-50% off of video downloads
-Access to our entire CCNA and CCNP Audio on Demand Lecture Library
-Access to our entire CCNA and CCNP Online Test Prep Quizzer Library

*Note: Must pre-pay and purchase the 1-year subscription for iPvideo, monthly subscriptions will not qualify you for this promotion.

Please Join us in congratulating the following CCIEs on their great achievement;

• Mahmoud Ashoor, CCIE #44553 (Wireless)
• Quisher Khan, CCIE #35509 (Wireless, Routing & Switching)

Quisher Khan CCIE #35509 wrote:

“I have passed the CCIE Wireless lab yesterday using iPexpert’s workbook. It really helped me a lot to pass the exam, thanks once again for providing wonderful materials.”

Have you recently passed your CCIE lab exam using iPexpert’s products (within the last 6 months)? If so, we’d like to hear from you! Please submit your testimonial to success@ipexpert.com including your name, CCIE number, the track, what products or class you used to help you achieve your goal and a few sentences on how our products assisted you. We will be sending out a special gift to all who participate.

After more than 13 years of success in the CCIE training industry (3,200+ CCIE success stories), We’ve developed a proven methodology that’s become the industry standard. Our CCIE workbooks continue to lead the market in many ways. With our “Next Generation” model, you’ll be given web-based access to our workbooks, along with downloadable PDF access (no DRM). Unlimited prints, and VIP technical support are also benefits that our students receive.

Purchase any of the following workbooks listed below, and receive FREE racktime and VoD access as outlined.

CCIE Routing and Switching V5 Workbooks:

• Buy our CCIE R&S (v5) Technology Workbook (Vol. 1) and get 50 free 4-hour Rack Sessions
• Pre-Purchase our CCIE R&S (v5) 8-Hour Mock Lab Workbook (Vol. 2) and get 50 free 4-hour Rack Sessions

* Buy them BOTH and get 200 free 4-hour sessions!

CCIE Data Center Workbooks:

• Buy our CCIE Data Center Technology Workbook (Volume 1) and get 10 free 4-hour Rack Sessions
• Buy our CCIE Data Center 8-Hour Mock Lab Workbook (Volume 2) and get 10 free 4-hour Rack Sessions

* Buy them BOTH and get 25 free 4-hour sessions!

CCIE Collaboration Workbooks:

• Buy our Cisco CCIE Collaboration Technology Workbook (Vol. 1) and get 25 free 4-hour Rack Sessions
• Pre-Purchase our CCIE Collaboration 8-Hour Mock Lab Workbook (Vol. 2) and get 25 free 4-hour Rack Sessions

* Buy them BOTH and get 50 free 4-hour sessions AND our CCIE Collaboration Written VoD (Next Gen) Free! (Streaming access)

CCIE Wireless Workbooks:

• Buy our CCIE Wireless Technology Workbook (Volume 1) and get 25 free 4-hour Rack Sessions
• Buy our CCIE Wireless 8-Hour Mock Lab Workbook (Volume 2) and get 25 free 4-hour Rack Sessions

* Buy them BOTH and get 100 free 4-hour sessions

CCIE Security Workbooks:

• Buy our CCIE Security Technology Workbook (Volume 1) and get 50 free 4-hour Rack Sessions
• Buy our CCIE Security 8-Hour Mock Lab Workbook (Volume 2) and get 50 free 4-hour Rack Sessions

* Buy them BOTH and get 150 free 4-hour sessions AND our CCIE Security Written VoD (Next Gen) and our CCIE Security Lab VoD (Next Gen) Free! (Streaming access)

*Note: Your “freebies” will be added to your Member’s Account the following business day.

Our iPeverything™ subscription is the industry’s most up-to-date and complete learning subscription for any of the 5 CCIEs, CCNPs and CCNAs that we teach. (R&S, Data Center, Collaboration / Voice, Wireless and Security tracks)

2-Year Promotion:

Through September 2nd when you purchase a 2-year iPeverything™ subscription, you’ll have the option to receive ONE the following rack voucher packages free:

• 200 4-hour R&S sessions
• 150 4-hour Security sessions
• 100 4-hour Wireless sessions
• 75 4-hour Collaboration sessions
• 25 4-hour Data Center sessions

1-Year Promotion:

Purchase a 1-year iPeverything™ subscription, and you’ll be provided with one of the CCIE Rack Voucher packages :

• 75 4-hour R&S sessions
• 50 4-hour Security sessions
• 50 4-hour Wireless sessions
• 25 4-hour Collaboration sessions
• 10 4-hour Data Center sessions

*Note: Your vouchers will be added to your Member’s Account the following business day.

When a service provider is providing a customer with a L3 VPN service, the CEs are most of the time owned, controlled and managed by the service provider.

The end customer can be allowed to poll via SNMP its CEs for RO information but the configuration, the backup, the monitoring is all performed from the service provider management systems. All those management systems (TFTP, syslog, image repository, monitoring system, steppingstone, NTP….) are located on the service provider management LAN.

The loopbacks of the CEs used for the management are part of the customer VRF routing table and each customer VRF has its own routing table. We have to bear in mind that isolation from one customer VPN to another customer VPN has to be preserved at any time. How can the service provider access in a simple and secure way CE loopback addresses that are part of different VRFs? Let’s solve it.

I’m using the following MPLS network to illustrate the solution:

The Management LAN 192.168.128.0/25 is connected to a management CE called MCE1. The Management CE is part of the VRF SP_Management.

The VRF configuration on the PE2 is the following:

The CE1-CustA is part of VRF Customer_A. The management IP address of CE1-CustA is the loopback0 10.255.255.1.

The CE3-CustB is part of VRF Customer_B. The management IP address of CE3-CustA is the loopback0 10.255.255.3.

The CE9-CustA is part of VRF Customer_A. The management IP address of CE9-CustA is the loopback0 10.255.255.9.

Those CE management IP addresses have to be unique among all the customers and therefore will be allocated from a range managed by the service provider. This range of CE management IP addresses cannot be re-used in the VPN of the customers. The management network of the service provider is routed in every customer VRF and thus cannot also be re-used in the VPN of the customers. It is therefore the responsibility of the Service Provider to clearly communicate this restriction to the VPN customers.

The configuration on the PE5 is the following:  

The configuration on the PE6 is the following: 

To enable the connectivity between the CE loopbacks and the network management LAN, we are first going to import in the VRF Customer_A and Customer_B all the routes with the route-target 1000 that are present in the management VRF SP_Management.

The configuration on the PE5 is the following:

The configuration on the PE6 is the following:

The network management 192.168.1.128/25 is now present in the BGP database and the routing table of VRF Customer_A and Customer_B.

Now we have to ensure that there is a route back from the management network to the CE loopbacks. We create a new route-target of 1001 which is going to be used for importing only the leaking routes in VRF SP_Management. The loopback0 of the CEs will be in exported and tagged with the BGP attribute of 1:1001 in addition to the BGP attribute of the route-target of the Customer VRF. The CE loopback of a customer VRF will therefore be present in the BGP database of this customer VRF and of the management network VRF.

The following configuration is applied on PE2: 

The following configuration is applied on PE5: 

The following configuration is applied on PE6:

We can now ping from the MCE1 to the loopback0 of the CEs:

Only the loopback of the CEs is routable. This looks safe and finished  but there is still a denial of service possibilities!

First security breach: When an ICMP echo is sent to a network management LAN device from the Customer_A VRF with a spoofed IP address of 10.255.255.3 (loopback0 of a Customer_B CE), the ICMP echo-reply will be sent to the loopback0 of Customer_B CE. As a result, from the customer_A network, you could orchestrate a denial of service attack on Customer_B CE. This is not imaginable and unacceptable for a service which is supposed to hermetically separate the networks of different customers!

In order to mitigate this, we have to configure the RPF check on the PE to CE connections.

The following configuration is applied on PE5: 

The following configuration is applied on PE6:

Second security breach: We cannot access the network management LAN from all other customer networks outside the Loopback0 because there is no route back for any other network in the network management VRF.  However, the packets are still reaching the network management LAN and a denial of service attack could be orchestrated from a customer LAN to the network management system of the service provider. In order to avoid this, we will be hardening our design by placing an access-list on each CEs.

The following configuration is applied on CE1-CustA:

The following configuration is applied on CE3-CustB:

The following configuration is applied on CE9-CustA:

With this configuration in place, a service provider can in a secure way manage the CEs from a centralized management LAN.

Laurent Metzger
CCIE Data Center and R&S Instructor
CCIE #13538 (Data Center, R&S, and Storage) VMware, VCP5

About Laurent:

Laurent, a triple CCIE, has been working in the telecommunications industry for over a decade. He has extensive hands-on experience supporting and troubleshooting some of the largest networks in France, the Netherlands, Spain, and Switzerland, with a primary focus on MPLS/VPN service provider, and Cisco Data Center networks and technologies. Recently, he has been a Sr. Network Architect for highly-visible corporations in Switzerland, where he has designed, installed, supported, and trained on various data center technologies, including LAN-SAN convergence, virtualization, hybrid cloud solutions, and inter-DC communication. He will be responsible for teaching iPexpert’s CCIE R&S and CCIE Data Center classes throughout the US, London, Amsterdam, Brussels, Zurich, and Milan, and is also assisting in self-study workbook development and technical support.

CCIE R&S V5 Lab Bootcamp Update

We’re excited to announce MORE enhancements to our CCIE R&S V5 Bootcamps!

Pricing Update – Our pricing for our 10-day CCIE R&S V5 Bootcamp has been reduced to $3,499. We understand that your CCIE R&S journey is typically paid for by the individual, and we’re committed to offering the absolute BEST CCIE R&S training possible at the most affordable rate! Student Racks :: Major Enhancement! – We’ve just completed the installation of 68 FULL CCIE R&S student racks (Our self-study workbooks and VoD are also designed around this toplogy, which can be rented online!) These racks have been massively expanded to reflect the topology you may expect to see on the real lab. Each student will have access to this new topology, which consists of 36 2900 series ISR routers, running 15.4(1)T, 8 Catalyst switches running 15.1 code, 7 additional ISP routers (used to provide the SP BGP backbone), and 3 additional backbone routers (for miscellaneous route injections). You won’t find a better, more complete and more realistic R&S topology in the CCIE training space! Included in Your Bootcamp Purchase – We’re quite excited to have the most appealing CCIE R&S bootcamps, at a cost-effective price, but it doesn’t stop there. When you purchase a CCIE R&S Bootcamp, you’re also given access to EVERY SINGLE CCIE training resource we have in our portfolio – for every CCIE track (2-year subscription!). Included in your bootcamp purchase is:

• A free subscription to iPeverything™
• The Volume 1 and Volume 2 workbooks and Detailed Solution Guides for the track you’re studying for.
• Access to every CCIE Written, CCIE lab, CCNP and CCNA VoD course.
• Access to every audio on demand lecture for all CCIE, CCNP and CCNA tracks.
• Access to every CCIE written, CCNP and CCNA quizzer.
• Free online vLecture access for ALL certifications / all tracks.
• Free online workbook mentoring for ALL certifications / all tracks.
• VIP support from within iPexpert’s Member’s Only Support Community.
• Retake Policy – Our retake policy is quite simple. While other CCIE training vendors charge upwards of $1,000 for a “rack rental fee”, we don’t. In fact, not only are our retakes FREE, but you can retake a bootcamp (either live or online) until you pass your lab! We’re committed to your success, and feel quite confident that our CCIE R&S bootcamp will be able to get you over the hump, and help you earn your CCIE number!

CCIE R&S Bootcamp Dates and Locations – Seats are filling up fast. If you’re interested in reserving a future course seat you can do so on a payment plan, or you can purchase a bootcamp voucher and select your date later. Our current 10-day CCIE R&S bootcamp schedule is as follows:

• Sept 15-26 – RTP
• Oct 20-31 – RTP (Just Added!)
• Nov 10–21 – RTP
• Dec 8-19 – Online
• January 12–23, 2015 – San Jose
• Feb 16–27, 2015 – Naples, Florida
• March 16-27, 2015 – RTP
• April 13–24, 2015 – Online
• May 4-15, 2015 – San Jose
• June 15–26, 2015 – Chicago

We’re quite confident that we’ve got the best CCIE R&S V5 bootcamp on the market. Not only is our instructor a dual CCIE (R&S and DC), and a published Author (CCIE Routing and Switching v5.0 Official Cert Guide Library), but you won’t find the level of commitment, and supplemental tangibles that we include (self-study included, free / unlimited retakes and the most accurate / “lab like” topology on the market)! If you’re interested in passing your CCIE R&S V5 lab exam – we WILL help get you there! Book Your R&S V5 Seat Now!

CCIE R&S V5 Self-Study Development Update & Timelines

We’d like to give a quick update on the remaining CCIE R&S V5 self-study products. We’ve been diligently working on our content, but have taken some additional time to ensure that these are the absolute best R&S V5 products on the CCIE training market! Of course, all of these products can be purchased individually, or you will gain access to all of our CCIE training resources and updates (as well as CCNA and CCNP) if you are an iPeverything™ subscriber.

• CCIE R&S V5 Volume 1: Technology Workbook): All 45 technology labs are now completed. Over the next 90 days we will be rolling out our Detailed Solution Guide for these labs (on a weekly basis). We’re putting a wealth of effort into ensuring that these DSGs are as detailed as possible. In the meantime, please use our Member’s Only Support Community to ask any technical questions you may have. Our instructors and developers monitor this community and will assist you with any issue you may have.
• CCIE R&S V5 Volume 2: Mock Lab Workbook): Our first 2 8-hour Volume 2 mock labs will be released this month. These will consist of all 3 sections in the R&S lab (Troubleshooting, Diagnostics, Lab) and have been written around our new V5 R&S topology, which will go live September 12th.
• CCIE R&S V5 VoD: We’ve released approximately 60 hours of new V5 content, and will be adding material on a weekly basis. All CCIE R&S video content is being re-recorded around our full-scale V5 topology, and we anticipate the final product being approximately 150 hours of material covering every single bullet on the V5 blueprint.
• CCIE R&S V5 Racks: We’ve just finished the installation and testing of an entirely new R&S V5 topology consisting of 36 2900 series ISR routers, running 15.4(1)T, 8 Catalyst switches running 15.1 code, 7 additional ISP routers (used to provide the SP BGP backbone), and 3 additional backbone routers (for miscellaneous route injections). This topology will be the standard topology used in our self-study products as well as in our CCIE Routing and Switching Bootcamps. These racks will be made available to the public September 12th.

Interested in CCIE R&S V5 Self-Study Material?, Our Training Advisors Are On Standby As always, a dedicated Training Advisor is on standby and can answer any questions you may have or even assist you with a custom training program or group discounts. To reach one of our TAs, please select your option of communication below:

• Live Chat
• Email
• Phone: +1.810.326.1444
• Group / Corporate Discounts

Mobile CCIE Labs are currently only available for the CCIE Routing & Switching, CCIE Security and CCIE Service Provider Lab Exams

Cisco has introduced the mobile lab program to provide candidates greater access to Lab testing while greatly reducing travel time and expenses. Mobile CCIE Labs provide a convenient and cost-effective method for candidates to test for CCIE Routing and Switching, CCIE Security and CCIE Service Provider in areas which do not have permanent lab locations.

The Mobile CCIE Lab reduces the need for costly travel, hotel, passport, and visa fees, missed days of work and the need to leave the country to take the CCIE Lab exam.

Map of Cisco Lab Locations and proposed Mobile Labs

Scheduled Dates and Locations

Note: Dates with an “R” Status are confirmed events with location information. These events are available for open registration.

Status Legend:

N = New date and location, event is not confirmed

R = Confirmed events and are available for open registration, it does not indicate availability. You must Login to the CCIE Database to view availability and register for lab exams.

P = Postponed

C = Canceled, due to low enrollment

+ = For questions related to this cancellation please open a case with www.cisco.com/go/certsupport.

• Mobile labs can be scheduled up to 8 months in advance, which is the same policy for the traditional CCIE permanent lab locations.
• For your reference we have an archive of Past and Cancelled Mobile Lab dates.
• We reserve the right to cancel any event if the registrations do not meet the minimum requirements.

Mobile Lab FAQs 

How Do I Get Started?

• For information on registering for a CCIE Mobile Lab event or for additional information about the CCIE Mobile Lab program, visit the Certification Online Support tool.
• Get Instant Answers to Frequently Asked Questions on the Mobile CCIE Labs
• View the Discussion The specified discussion was not found.

Please Join us in congratulating the following CCIEs on their great achievement;

• Niles Pyelshak, CCIE #44608 (Data Center)
• Fredy Jonathan Tafolla Salgado, CCIE #38067 (Voice, Security, Data Center)

Fredy Jonathan Tafolla Salgado, CCIE #38067 wrote:
I finally got my CCIE DC. I bought the WB Vol.I and Vol.II for CCIE Data Center. I was practicing the technology labs and after that the 8-Hour Mock labs.The labs are very good, because covers all the topics in the blueprint needed to understand the technology. Thanks for All iPEXPERT!!!”

Have you recently passed your CCIE lab exam using iPexpert’s products (within the last 6 months)? If so, we’d like to hear from you! Please submit your testimonial to success@ipexpert.com including your name, CCIE number, the track, what products or class you used to help you achieve your goal and a few sentences on how our products assisted you. We will be sending out a special gift to all who participate.

Probably one of the most frequent and common questions I get is how to approach studying for the CCIE Data Center lab exam. So, I thought to myself, why not write a blog that I can just point people to!

After typing out, or explaining, the same preparation strategy a few hundred times, I decided writing something, somewhat official, might be the best course of action. So here it goes! Be mindful though, there is no “wrong” way to study. Not any one method will fit every candidate, so you have to be flexible and identify what will work for you both professionally and personally.

Now, I urge you to first think about this – How much time can you actually dedicate to studying? Be reasonable here. If you work full time, and have a family, you’re probably not going to be able to study 8 hours a day. A reasonable expectation, at least for someone under those circumstances, is to allocate approximately 2 to 3 hours a day. In my case, it was after I put my kids to bed, from about 8 to 11 PM every weeknight. I also hate putting numerical values around total studying hours with regards to these exams. So I’m not gonna to sit here and tell you that you need at least x-so-many hours of studying to pass this test. One candidate could put in 500 hours, and have a boatload of on-the-job experience that puts them in a good position to pass the exam. Another candidate may come in relatively green in all of the subject areas, and it may take them 1000 hours or more of prep time to finish, so it varies greatly depending on the candidate background and existing knowledge of Cisco technology. My methodology doesn’t necessarily base itself around total study hours, but rather a way to track through the technologies themselves.

The first thing I will say, is to go take and pass your written! That old theory of “oh I will just wait until I am ready for the lab to take my written,” is long gone! The theory behind that was that you could pass your written really late in the game, and then immediately schedule your lab and have plenty of cushion in that 18 month window. Guys, guess what…the available lab dates in both US locations (Exhibit A) are out till next February! So please, get out there, pass the written, and schedule your lab! Trust me, you don’t want to get to that “ready” state, and then have to wait 7 months for your day.

Exhibit A

San Jose

RTP

Now, once you have a lab date set, you can invoke what I call backwards planning. This means that you can plan, from the date of your lab, back to the current date, and schedule your studying accordingly. I personally gave myself a 2-week window from my lab date to do mock labs and run-throughs. From there, I gauged myself. I urge you to do the same. Download the blueprint from Cisco’s website, and use this to plan your preparation strategy accordingly around the technologies and topics seen there.

Take those topics and copy then into something like excel, evernote, onenote…something. A lot of people I know like to create a single tab / notebook in one of those programs for every line item so that they can take notes. Once you have had an honest look at the curriculum figure out where you are the strongest, and where you are the weakest. I personally had been doing so much with NX-OS, that I gauged I was by far the strongest in that category, and the weakest in storage, so I pushed those strong areas to the end of my study regime. From here I tried to dedicate an entire week to a particular topic, so I opened up a new Google account and utilized Google Calendar for this. I marked my lab date, and started planning. Again, my strongest topics were the ones I would cover, if I had time, the closest to my date. In the end it ended up kind of looking like this:

• Week 1 – Fibre Channel Basics (101) and oversubscription – section 2.0/2.1.f
• Week 2 – FC port-channels, Cisco ISL, and trunking – section 2.1a
• Week 3 – VSANs, enhanced and basic zoning – sections 2.1b-c
• Week 4 – FC domain parameters – section 2.1d
• Week 5 – FC security features – Section 2.1.e

Now this was just a part of it… I did that for every line item. This allowed me to create my own “curriculum” around those specific topics. I found it best to go through a regimen of watching iPexpert’s VOD for the individual technologies. I would watch the entire video, and then I would read as much as I could on the topic. This included white papers, configuration guides, blogs, and traditional books. I think you guys know how to parse the internet for information, but book compilations I always found useful, so here were my top 5 for CCIE DC studies:

1. Data Center Virtualization Fundamentals by Gustavo Santana – Gustavo easily became one of my favorite Cisco Press authors with this book (he joined the company of Wendall Odom here J). The book is about as close as an end-to-end guide for the DC track as there is out there, and it’s the only book I read end-to-end for this entire track!
2. Storage Networking Fundamentals (Vol 2.)  by James Long – This book is not for the faint of heart, or the storage newbie. It is packed full of protocol-specific information.  I found it extremely useful for referencing materials.
3. I/O Consolidation in the Data Center by Silvano Gai et all – This book is a definite resource for FCoE studying.
4. NX-OS and Cisco Nexus Switching by Ron Fuller et all – This book was great as well. It really gives you a good look into Nexus devices, and how the NX-OS systems operate, and are configured.
5. IBM Redbooks – Introduction to Storage Area Networks and System Networking – A free read on SAN’s and the protocols that they run on. It’s also a great reference for beginners to storage area networks.

After I had read until my mind was adequately numb, I found it time to lab. When labbing I tried to exclusively use iPexpert’s CCIE Data Center racks, which are accessible via Proctor Labs. At Proctor Labs, within the DC realm, we have one full-scale Mock Lab Rack that has everything needed for CCIE DC studies, and we have many technology racks which are perfect for 90% of your endeavors. (These racks contain 2 x Nexus 7k’s (VDC’s), 2 5548-UP, 2 x 2232 FEX’s, 2 x MDS 9216i’s, 1 C-220 M2 UCS server, as well as 2 Virtual Supervisors Modules for Nexus 1000v studies, and 2 UCS-PE’s for UCS training on emulated systems.) See Exhibit B additional details of both DC rack types.

Exhibit B

General Rack Interface Summary : Remote Control Tools

• All routers and switches can be controlled via the web with our GUI remote control system.
• You will not waste time on our racks… when you begin your session, your routers WILL BE set to the default (blank) setting.
• Web GUI access to all devices allowing you to start / stop / and revert to clean configurations.
• Each device can be power cycled by our RPC (Remote Power Control) system with a click of a button.
• Single Page Login (no need to telnet to rack’s terminal server). Login and begin using our online hardware instantly.
• Session Management (view scheduled time and reschedule without human intervention)

Technology Rack Details

Within our CCIE Data Center Technology racks, you will have access to the following devices / software:

• Nexus 7010
• 2 Non-Default VDCs
• 8 each N7K-F132XP-15 Ports
• 8 each N7K-M132XP-12L
• 2 Nexus 5548 with Layer 3 module
• Enhanced Layer 2 License
• FCoE NPV License
• Storage (Native FC) License
• 2 Nexus 2248TP
• 2 MDS9216i
• SAN Extension over IP License
• Enterprise Package License
• 1 Fibre Channel JBODs
• 2 UCSPE (Platform Emulators)
• 1 UCS C200 M2 rack servers
• Xeon X5670 2,93Ghz 6-cores
• 48GB RAM
• 2 450GB SAS 15k harddisks
• UCS P81E VIC card
• The 2 Nexus 7000 VDC’s can be configured to simulate extended distribution topologies and the ‘core switch’ layer within the network.
• Nexus 5548 will be used as a ‘Aggregation’ layer within the datacenter network. The Nexus 2k’s can be configured as FEX for the Nexus 5000 and simulated Fabric Interconnects for the UCS series server. The VDC’s are a major component in the network as the number of devices is limited and the connectivity is very much based on a best practice design.

Mock Lab Rack Details

Within our CCIE Data Center Mock Lab racks, you will have access to the following devices / software:

• Nexus 7010
• Sup1
• LAN Enterprise License
• Advanced LAN Enterprise License
• Enhanced Layer 2 License
• SAN Enterprise License
• Scalable Feature License
• MPLS License
• DCNM LAN License
• DCNM SAN License
• 32 Port 10Gb (F1 Module)
• with FCoE license
• 32 Port 10Gb (M1 Module)
• 2 Nexus 5548 with Layer 3 module
• Layer 3 License
• Enhanced Layer 2 License
• FCoE NPV License
• Storage (Native FC) License
• VM-FEX License
• 2 Nexus 2248TP
• 2 MDS9222i
• SAN Extension over IP License
• Enterprise Package License
• 2 Fibre Channel JBODs
• 2 UCS 6120XP Fabric Interconnects
• 8-port FC Expansion Module
• UCS 5108 blade chassis
• UCS 2104XP Fabric Extenders
• 4 UCS B200 M2 blade servers
• Xeon X5670 2,94Ghz 6-cores
• 48GB RAM
• 2 300GB SAS 10k harddisks
• UCS M81KR VIC mezzanine card
• 2 UCS C200 M2 rack servers
• Xeon X5670 2,93Ghz 6-cores
• 48GB RAM
• 2 450GB SAS 15k harddisks
• UCS P81E VIC card
• One of the servers will be used for hosting supporting VMs. You will not have direct access to this server
• ACE 4710
• The Nexus 7000 will be configured with VDC’s to simulate various different topologies and create multiple ‘core switch’ layers within the network
• Nexus 5548 will be used as a ‘distribution’ layer within the datacenter network. The Nexus 2k’s can be configured as FEX for the Nexus 7000, Nexus 5000 and the Fabric Interconnects of the UCS system to connect the UCS C-series rack mount servers. The VDC’s are a major component in the network as the number of devices is limited and the connectivity is very much based on a best practice design.

I would hop on these racks, and I would lab my technology for the week. I used iPexperts CCIE Data Center Volume 1 (Technology-Focused Lab Workbook) for this. (This workbook was amazing. It, in my opinion, over-prepared me for the exam, however I’m also in the process of making some updates for existing customers – which I will continue to do on a regular basis as frequently as I feel fit.) But I digress…I would lab the technology and try to gain an understanding as to what the “base-config” was for the technology. From there I would build upon that, and add the proverbial “nerd-knobs” that are so infamous in our industry. Between the videos, reading, and labbing, that was normally sufficient for me to feel really good about a technology. If, after my initial labs, I still felt a bit weary (like I did with the iSCSI gateway feature), I would go back and watch the VODs again, read, and re-lab. (I think that I labbed iSCSI about 30 times before it clicked!)

So in short, my preparation was such:

1. Choose a technology
2. Watch iPexpert CCIE DC VOD around that technology
3. Read everything I could on that technology (whitepapers, config guides, blogs, books)
4. LAB with iPexpert’s Volume 1 Workbook
5. If necessary start the cycle over again

I never moved on until I was feeling good with the technology. I found it best to break each technology down into crucial, little “manageable chunks of work”. Take iSCSI gateway for instance, there’s a lot of configuring needed there, so I had to break it down into something like this:

1. Enable feature/enable module
2. No shut iscsi interface
3. Configure initiator
4. Configure virtual-target
5. ZONE!

Each one of those sections had their little individual configs. But when I looked at it from this regard, rather than everything as a whole – it was a lot less intimidating and a whole lot easier to remember and configure.

I went into my last 2 weeks feeling pretty prepared, so I decided to go through iPexpert’s stellar Volume 2 Mock Lab Workbook, which, when I was preparing for my lab, contained 3 full-scale mock labs (now it contains 4, with the 5^th and final coming this month).  I did not have racks for these, so I did everything in notepad, and the UCS-PE (download this if you don’t have it!). It actually worked out, as doing my NX-OS and MDS configs in notepad really let me see how my mind was digesting a technology and how my brain worked through the necessary steps to get it working. Even if my syntax was not 100% accurate, I knew that I was at least going down the right path and that if I were on a real device that the context-sensitive help would have pulled me through. Now I don’t recommend this for everyone! Some may find this extremely difficult, and it may not fit your learning style. So, if you can get a full rack, definitely use that instead of notepad! Ok, back to the preparation strategy I used during before my lab attempt…To be honest, I don’t think I passed a single one of my mock labs. They were generally harder than what I felt the actual lab was. But I did get a good end-to-end assessment of what I thought the lab was going to feel like. So it put me in a good position for when I went into my lab day – which, I did pass on my first attempt!.

Had I the opportunity, I would have chosen to attend a CCIE Data Center Bootcamp in my final weeks, but my work schedule didn’t permit. Now that I’m teaching for iPexpert, and have analyzed every product in our CCIE Data Center portfolio, I can say that the best time for someone to attend a bootcamp is about 3 to 6 weeks before your lab date. As a colleague of mine mentioned, take it late enough that you can ensure that you’re not confused in the bootcamp and use it to fill any gaps in your knowledge, but not so late that you can’t correct any misconceptions that you might have had coming into it. iPexpert’s 5-Day CCIE Data Center Bootcamp is an awesome resource at the end of your studies to really get some last minute training, mentoring, tips and probably the most important of them all – dedicated racktime! Like I said, it will really help to solidify your expert-level knowledge of the technologies that you have so diligently been studying!

I hope, if nothing else, that this give you an idea of how to study for this lab exam. It’s nothing to take lightly, and the things that you will learn throughout your studies will benefit you throughout your career. The icing on the cake however, is the day you open that portal page, and see those shiny digits waiting for you!

Jason Lunde
CCIE #29431 (Data Center and R&S)
CCIE Data Center and R&S Instructor – iPexpert, Inc.

About Jason:

Jason Lunde is a dual CCIE who passed the R&S v4 lab in 2011, and the CCIE Data Center lab in December of 2013, both on his first attempt. Throughout his lab preparation, he utilized iPexpert’s CCIE lab training materials exclusively. He also holds a BS in CIS from Colorado State Univ.- Pueblo, and a MS in Infosec. Mgmt. from Colorado Technical Institute.

Jason has been in and around the networking industry since 2006, and his real-world expertise spans many corporate verticals such as oil & gas, education, banking, entertainment, and retail. His past several years have been spent doing post-sales design work, configurations, and troubleshooting for a Cisco partner in the mid-west; providing services for both SMB and enterprise-level clients. His primary focus over the past two years has been around datacenter technologies such as OTV, FabricPath, VPC, and converged networking.

Jason joined iPexpert in May 2014, and is primarily focused on CCIE Data Center product and bootcamp development and instruction.

Just a quick message to let you all know that we’ve updated our CCIE Data Center VOD, and have uploaded some new lectures (done by our CCIE DC instructor – Jason Lunde, who teaches our CCIE Data Center 5-Day Lab Preparation Bootcamp)……

As we’ve committed to our iPeverything subscribers, the new content totals approximately 16 hours. We now have a full playlist of training from 3 instructors including Rick Mur, Terry Vinson and Jason Lunde.

Be sure to connect with us socially for product news, discount codes and freebies!

iPexpert’s Social Groups and Pages:

• Facebook
• Twitter
• LinkedIn
• YouTube
• Google+
• iPexpert’s CCIE Blog

CCIE-Focused Study Groups on Facebook:

• CCIE R&S V5 
• CCIE Data Center
• CCIE Collaboration
• CCIE Wireless
• CCIE Security
• CCNA and CCNP Certifications

Here are 4 samples, enjoy!

Storage 101:

FabricPath:

VPC:

Active FEX:

Please Join us in congratulating the following iPexpert clients who have all recently passed their CCIE lab!

This Week’s CCIE Successful Stories

• Matthew Pinizzotto, CCIE #44694 (Data Center)
• Robert Lopez, CCIE #44688 (Wireless)
• Andre Aubet, CCIE #44686 (Wireless)
• Jeffrey Lingle, CCIE #44699 (Data Center)
• John Cook, CCIE #7586 (Data Center, Routing & Switching, Wireless)
• Abdul Abdullateef, CCIE #44676 (Wireless)
• Jeff Whitmore, CCIE #44727 (Wireless)

This Week’s CCIE Testimonials

“I just passed my CCIE Data Center lab, thanks in large part to the instructors at iPexpert. The biggest differentiator was the availability and eagerness to help after class ended. On multiple occasions both Terry and Jason exceeded my expectations. Thanks! – Jeffrey Lingle, CCIE #44699 (Data Center)”

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs’ CCIE, CCNP or CCNA self-study product, CCIE Bootcamps or any other services we provide? If so, we’d like to add you to our CCIE Hall of Fame!

Please email us at success@ipexpert.com. Be sure to include your full name, your CCIE number (or the other certifications you have passed using our training), the track, when you passed, and what products, bootcamp or services you used.

If you submit a detailed testimonial, please also include your shirt size and your mailing address!

In this blog I’d like to examine the behavior of a transparent firewall in greater detail. Before we get to this, however, it may be a good idea to recall what happens when the ASA is running in the default firewall mode – routed. In routed mode, the ASA is considered to be a router hop in the network. We have many interfaces and each of them requires an IP address from a different subnet. Routing configuration can be simplified since the firewall supports multiple dynamic routing protocols. Also most of the other features are supported on the routed ASA.

In transparent mode, things change a bit. Transparent firewall is more of a Layer 2 device that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices (ASA is “invisible” at Layers 2 and 3). ASA’s interfaces belong to a single Bridge Group (different VLANs on the switch side) but all devices (including the firewall) are part of a single L3 subnet. Certain features (like routing protocols, multicast routing) are not supported in this mode, few features were added (e.g. ARP Inspection, CAM Table protection) and almost any traffic can pass through the device (IP & EtherType access-lists).

Alright so now when have gone through a short comparison of the two firewall modes, let’s think about specifics – and what I want to focus on here are the operational differences from the routed mode. This mode is probably well-understood by most of you since it is very similar to the way routers operate – before a packet is forwarded routing table is looked up to find the longest match (for the destination IP address from the packet), then an egress interface is found (or next-hop and egress interface), packet is switched, re-enacpsulated with new L2 information (L2 source and destination) and finally serialized onto the wire.

What’s different in the Transparent mode? First of all – the outgoing interface of a packet is determined by performing a MAC address lookup instead of a route lookup. This is because the firewall simply switches the frame based on L2 information instead of trying to route it (it looks up the frame’s destination MAC in the CAM). There are only three exceptions to this rule :

1. Traffic originated by the ASA to a non-local (remote) destination
2. Traffic that is at least one hop away from the ASA with NAT enabled
3. Voice over IP (VoIP) and DNS traffic with inspection enabled when the endpoint is at least one hop away from the ASA

In the above-mentioned cases routing table lookup is necessary for successful traffic forwarding.

OK, but let’s start with the beginning. How does the ASA populate its CAM table?  It learns and builds a MAC address table in a similar way as a normal bridge or switch – when a device sends a packet through the ASA (e.g. a data packet), the ASA adds the source MAC address to its CAM. It also associates the MAC address with the source interface.

Next is traffic forwarding. It is when the populated CAM table is used to find the outgoing interface for the frames (after firewall-enabled features were applied, like for example inspection).

Let’s quickly take a look at this using the topology below :

After all devices were powered on, the ASA learnt four MACs – two on the inside and two on the outside:

Two of these addresses belong to the directly connected switch (ports connected to the ASA), one belongs to R2 and one to R5. These addresses were learnt by the ASA from the Control Plane packets such as BPDUs and ARP. So when I ping from R2 to R5, we should see a frame destined to 001b.d50f.f2f8 and when a reply comes back we should see it with destination 001b.d4a9.e400. This way ASA knows that packet #1 should be sent via outside, packet #2 via inside (both packets are shown as seen by the ASA on the inside and outside) :

Pay attention to L2 and L3 addresses – none was changed by the ASA. Also TTL was not decremented meaning the ASA was completely invisible to the routers.

Now what would change if I were to reach a remote destination from R2? Like if I send a packet to 5.5.5.5 ? Nothing even that ASA does not have any route in the RIB :

Also notice that in both cases ARP cache on the ASA is blank – it would be only used if ASA itself wanted to send a packet :

OK so does it mean that transparent ASA operates exactly like a regular bridge/switch all the time? No, there is one difference. When there is no matching entry for the frame in the CAM (i.e. destination MAC was not found) the ASA will do the following :

1. If a packet is L3-destined to the local (ASA’s) subnet, firewall generates an ARP request (out of every enabled interface) for the destination IP address, so that it can learn the MAC and outgoing interface
2. If a packet is for a remote device (L3), the ASA generates a TTL 1 ping to the destination IP address (keeping the original, unknown L2 destination). The Echo packet is sent out every interface except the one where the original packet was received on hoping to get a TTL-Exceed message to figure out the correct port. Note that you don’t need a L3 route so that ASA can generate those Echos

To test this behavior we will have to make some changes on R2 – I am going to add a static ARP entry for a non-existing device 172.3.245.6 :

Take a look at the MAC addresses of the ASA and observe a debug (l2-indication) :

Two ARP Requests were sent, one via inside and one via outside, received by R2 and R5, respectively. In our case there is no 172.3.245.6 device so nothing replies – the original packets are dropped.

To finish, let’s look at the second case, when a L3 destination is non-local :

Note that only one Echo was generated, through the outside port. If we had more interfaces, like e.g. 3, we would see 2 Echos (it does not generate a packet for the interface where it got the original frame).

Happy Labbing! – Piotr Kaluzny CCIE #25665 (Security) / CCIE Security Instructor – iPexpert, Inc.

About Piotr: Piotr, a MSc in Computer Science, has been in the networking industry for over seven years working in several different capacities within enterprise Cisco environments. His responsibilities included, but were not limited to, implementation, design, and level three technical support. Piotr already has an extensive background as a Technical Instructor – he has been designing and developing Cisco training solutions and teaching CCIE classes for the past four years.

Currently, he’s the author / instructor for iPexpert’s CCNA VOD, CCNP VOD, CCIE Written VOD, CCIE Security Lab Prep VOD, CCIE Security Workbook Volume 1, CCIE Security Workbook Volume 2, and he teaches iPexpert’s CCIE Security 5-Day Bootcamp and  CCIE Security 10-Day Lab Preparation Bootcamps.

We’ve now completed the recording and editing process for our CCIE Collaboration Lab VoD. For iPeverything subscribers, or anyone who purchased the Voice 3.0 VOD, you now have access to the new CCIE Collaboration Lab VOD. The Table of Contents is as follows:

iPexpert’s Cisco CCIE Collaboration Lab VoD :: Next Generation Playlist (Runtime 44 hours, 10 minutes)

• Configure and Troubleshoot Cisco Collaboration Infrastructure
  • Introduction
  • CDP LLDP
  • VLANs
  • Campus Infrastructure
  • DHCP
  • DHCP
  • DHCP Part 2
  • DHCP Part 3
  • DHCP Static Mapping Part 1
  • DHCP Static Mapping Part 2
  • NTP
  • NTP
  • DNS

• Configure and Troubleshoot Cisco Unified Communications Manager (CUCM)
  • CUCM Phone Registration
  • Device Pools
  • Phone Configuration
  • Phone Customization
  • Ringlists & Directories
  • H323 Gateways
  • MGCP Gateways
  • SIP CUBE
  • Gateways
  • Fast Start
  • MGCP
  • SIP Trunk
  • CUCM Dial Plan
  • Local Route Group
  • Call Routing
  • Call Routing Part 2
  • Globalization Localization
  • CUCM Call Hunting
  • Device Mobility
  • Unified Mobility
  • Extension Mobility
  • Mobility
  • URI Dialing
  • Service Advertisement Framework and Call Control Discovery
  • CUCM Call Admission Control
  • Resource Reservation Protocol
  • RSVP
  • Media Resources
  • cBarge

• Configure and Troubleshoot Cisco IOS UC Applications and Features
  • CUCME Endpoint Registration
  • Telephony Service
  • IOS Dial Plan
  • Dial Peers
  • Busy Triggers
  • IOS Call Hunting
  • Cisco Unity Express
  • CUE
  • Survivable Remote Site Telephony
  • CUE SRST
  • cBarge SRST

• Configure and Troubleshoot QoS and Security in Cisco Collaboration Solutions
  • QoS Classification
  • QoS Marking
  • QoS Queuing
  • QoS Policing and Shaping
  • QoS Link Efficiency Mechanisms
  • QoS
  • Out Bound QoS
  • QoS Scenario
  • WAN QoS

• Configure and Troubleshoot Cisco Unity Connection
  • Voicemail Integrations
  • Unity Connection
  • Unity Connection Dial Plan
  • System Call Handler

• Configure and Troubleshoot Cisco Unified Contact Center Express (UCCX)
  • UCCX Integration and Custom Scripting

• Configure and Troubleshoot Cisco Unified IM Presence
  • IM and Presence CUCM Integration
  • Cisco Jabber
  • Presence Federation

Please Join us in congratulating the following iPexpert clients who have all recently passed their CCIE lab!

This Week’s CCIE Successful Stories

• Nitin Jain, CCIE #44757 (Wireless)
• Sinhara Prasad Silva, CCIE #44741 (Data Center)
• Justin Carney, CCIE #41664 (Voice)
• Mitchell Dennis, CCIE #38112 (Voice)
• Meraj Khalid, CCIE #41576 (Security)
• Faraz Siddique, CCIE #35265 (Service Provider)
• Javier Cuadros, CCIE # 30053 (Voice)
• Attila Rumy, CCIE #44176 (Collaboration)
• Travis K, CCIE #43674 (Security)
• Sergio Jachtchenco, CCIE #35636 (Voice)
• Hemant Sharma, CCIE #28809 (Routing & Switching)
• Tom Stampe Raavig, CCIE #42370 (Security)

This Week’s CCIE Testimonials

Justin Carney, CCIE #41664
“Thank you iPexpert for helping me achieve my CCIE Voice success! I have used nearly all of your products including the Blended Learning Solution consisting of workbooks, VoD, and rental rack time. The VoDs and workbook 1 were great at setting the foundational knowledge and the workbook 2 mock labs and rack time brought it all together to prepare for pressure of the real 8-hour lab. I also attended the full 10-day bootcamp towards the end of my journey which helped me get to the finish line by getting out of my day-to-day work/life and focusing purely on my lab with a great instructor and a room full of other motivated candidates.”

Mitchell Dennis, CCIE #41576
The bootcamp and lab workbook were excellent! It would not have been possible for me to pass the CCIE lab without attending the bootcamp and using the 5-lab workbook for practice.

Hemant Sharma, CCIE #28809
“I first used iPexpert study material, when I was preparing for CCNP, it enabled me to take my effort to next few levels and raised the bar so high that only CCIE was the limit.”

Travis K, CCIE #43674
” I passed my CCIE Security recently. Thanks to iPexpert
I used iPexpert videos for my CCIE lab exam, the videos helped me a lot in understanding the concepts like ISE profiling and dot1x.
And I liked the way Piotr Kaluzny explains the concept..its easy to understand..thanks to him..
I would like to thank iPexpert for providing excellent training material and to the trainer Piotr Kaluzny and all the support team.”

Attila Rumy, CCIE #44176
“I’ve used iPexpert‘s Blended Learning Solution to prepare for the CCIE Collaboration exam which I’ve passed on the 24th of June and earned CCIE #44176 number.
The most useful were the mock lab workbooks and the solutions for them along with the Video on Demand.”

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs’ CCIE, CCNP or CCNA self-study product, CCIE Bootcamps or any other services we provide? If so, we’d like to add you to our CCIE Hall of Fame!

When it comes to the Cisco Unified Border Element (CUBE), things can get complicated quickly.  We all know that CUBE is just an IOS routing device, with simple dial-peers configured in order to route calls from one destination to another.

However, there’s more to it than that, especially when it comes to video calls.  That’s where I would like to set our focus for this blog.  What are some of the ways to make a video call across CUBE?  Or as some students might put it, how are we supposed to make a video call with CUBE in the way :-)?

First off, let’s examine a sample topology.  In the below, we have three sites; HQ, SC, and BB, each with 9971 video phones.  Both the HQ and BB sites are using CUCM as the call agent (CA) while SC is using the CUCME as the CA.  Of course, we are going to try and examine what happens when we try to make a video call across the CUBE in this topology.

In order to connect to CUBE in the first place (from CUCM), we’ll need to configure SIP trunks, since after all, it is SIP that we’re using to make the connection.  Given that the BB CUCM cluster already has its configuration in place, we should do this on the HQ CUCM cluster.  The below screenshots detail the configuration.

We should remember to add our newly created SIP trunk to a Route Group and a Route List so any eventual Route Patterns that we create in the system can use the SIP Trunk. After this is complete, we can create route patterns pointing toward the DNs at both SC (43002) and BB (689220420).

At this point, we are able to start our CUBE (R1) configuration. First of all, you may have noticed that in the above, the destination is pointing towards the IP address 10.10.1.1. This corresponds to the Loopback 0 address of R1, which we must configure to terminate SIP signaling. This can be configured globally under voice service voip, or at a dial-peer level. In this case, we will add it to the global SIP configuration on the CUBE.

The above configuration first addresses the Toll Fraud Prevention feature, which blocks communication with unknown devices that attempt to communicate with the router.  Our best course of action here is to turn it off by issuing the command no ip address trusted authenticate.  This opens up the router for any device to successfully connect, which is what we want for the CCIE Collaboration Lab (unless explicitly stated otherwise), even though this isn’t the greatest idea in the real world.  You should do this for every IOS device that routes calls.  For more on that feature, check out THIS LINK.

Next, we need to enable the router to act as a CUBE by issuing the command mode border-element.  This will allow the use of the different “media” commands available when configuring CUBE.  Of course, once this command is entered, we will need to reload the router for it to take effect.  The allow-connections commands configure the router to accept connections using the different protocols outlined above.  This is another set of commands that we can basically copy and paste to every IOS device in the network that is performing call routing.  Next, we are at the point where we can bind the Loopback 0 address to the global SIP process on the router.  As you can see, this is done for both control and media traffic.

Next, we can start to configure the dial-peers to support calling between systems.  Of course we need both inbound and outbound dial-peers for each connection.  In the below configuration, we have two dial peers for HQ (for PUB/SUB redundancy) that will be selected as both inbound and outbound dial peers for calls destined toward HQ.  We also have dial-peers for the SC CUCME and the BB CUCM cluster.  On each dial-peer, we have configured the codec to “transparent”, so the audio codec can be negotiated between each endpoint.  This means that whatever codec is offered from one end of the call is forwarded exactly as received to the other endpoint.

With this configuration in place, we are now ready to try a video call.  Before we do that however, let’s run a quick refresher on SIP signaling.  In a typical SIP call, you might see something like the following diagram.  In this example, User A calls User B via SIP.

The above is an example of a “delayed offer” SIP call, where the SDP is negotiated after the initial signaling has taken place.  In an “early offer” SIP call, we would see the SDP parameters in the original INVITE message.

Now, let’s place a call from HQ Phone 1 (21001) to the BB PSTN Phone (689220420).  We can see that the audio goes through successfully, but video is only being received on the HQ Phone 1 screen.  The BB Phone shows a blank screen instead of video.  This means that the BB phone is not receiving any video from HQ, but the HQ Phone is receiving the video stream from BB.  To troubleshoot, let’s run a debug ccsip messages on the CUBE router.

We can see from the initial SIP INVITE sent from CUBE to BB that this is a “delayed offer” type of call, since the SIP message does not contain an SDP.

Since this is the case, we should expect to receive an SDP in the “200 OK” message from the BB CUCM server when the phone answers the call.  We can see that this is indeed the case.

There are a couple of things that we can glean from this output right off the bat.  First of all, we know that the BB Phone would like to start a video session, as seen in the “m=video” line in the debug output.  This defines the UDP port that should be used for the connection along with the codec and payload types that are supported.  The next thing we should notice is the definition of those payload types.  Remember, H.264 uses a dynamic payload type, which could be anything between 96 and 127.  See THIS LINK for more detail.  In this case, we see that the BB CUCM cluster has offered to use either payload type 126 or 97.  Next, we should expect to see the CUBE pass this “all-important” SDP message to the HQ CUCM cluster.

In this case, we see the SDP message being sent to the HQ CUCM, but we notice that the RTP payload type has changed.  CUBE is now actually trying to negotiate an RTP payload type of 119 with the HQ CUCM cluster, even though it received possible payload types of 126 and 97 from the BB CUCM cluster.  What CUBE has offered to the HQ CUCM cluster is still within the realm of possibility, since 119 is a possible dynamic payload type.  However, why didn’t CUBE just pass along the video codecs that were offered by the BB CUCM cluster?  We will look at that in a bit.

The next message that we see on CUBE is the ACK from the HQ CUCM in response to the “200 OK” message sent from CUBE.  In the message, we see that HQ actually offers to communicate using RTP payload type 97.  This is because 97 and 126 are the values used by 9971 phones when communicating using the H.264 codec.  The phone won’t use the offered RTP payload type of 119 for video reception because it is not programmed to do so.

At this point, CUBE is simply going to forward the ACK message along to the BB CUCM cluster.  The BB CUCM cluster will, of course, accept this information and begin to communicate using the information it received from CUBE.

Let’s review what just happened.  The call leg between HQ and CUBE has negotiated two different payload types.  Since HQ received an offer from CUBE to use RTP payload type 119, HQ will use that type send video.  However, since HQ sent RTP payload type 97 to CUBE in the ACK message, it will be using that payload type to receive video.  From the perspective of the BB phone, this negotiation resulted in using RTP payload type 97 for both sending and receiving video.  Based on these facts, we can see that the BB phone does not receive video because HQ is sending using RTP payload type 119, while BB is expecting to receive video using RTP payload type 97.  The HQ phone is receiving video using RTP payload type 97, which is what the BB phone is using to send video.

So how do we fix this problem?  Well, there are actually a few ways that we can pull it off.  First, we have to realize that we were originally trying to negotiate the video call directly with the CUBE.  This is just one of our architectural options when configuring this call flow.  We can either negotiate the codec between call legs (HQ to CUBE and CUBE to BB), or we can allow the CUBE to act as a “middle man” and pass the SDP information through to each endpoint.  Essentially, the latter option means that we are negotiating directly between endpoints (similar to the codec transparent command under the dial-peer for audio codecs).  Let’s take a look at the first option—attempting to negotiate the video call with the CUBE from each endpoint.

We will need to somehow change the way that the CUBE offers the RTP payload type.  We saw in the previous example that it offered RTP payload type 119 without success.  If we are somehow able to change that, we might be in business.  So how can we make the change?  If you think about how IOS routes calls, you might think that the first place you should look is the dial-peer—and you would be right!  If you run the command show dial-peer voice 689, you see a gigantic output with a lot of information about that specific dial-peer.  Scroll to about the middle of that output and you will see a section labeled “RTP dynamic payload type values”.  This is going to contain our answer.  From the below output, you see that the H.264 codec is programmed to use the RTP payload type of 119 as defined in the dial-peer.

With this information, we now know that we should be able to change the payload type from 119 to 97 and everything should work.  Not so fast—notice from the above command that RTP payload type 97 is already in use by something called “fax-ack”.  So before we change the H.264 payload type to 97, we must modify the “fax-ack” payload type to another value.  The Cisco documentation suggests that we use 111, but you can use whatever is not in use at the moment.  See THIS LINK for more information,

Now let’s configure the dial-peer to use the correct payload type using the following commands.

Once the commands are successfully entered, we can run another debug ccsip messages to see what happened.  Let’s check out the “200 OK” message that is being sent from CUBE toward the HQ CUCM cluster.  That is originally where the H.264 codec was offered using RTP payload type 119.  The output below shows that the CUBE is now offering payload type 97.

We have now successfully negotiated the codec between call legs (HQ to CUBE and CUBE to BB).  There is still one more way to accomplish the same thing.  If we remove the RTP payload commands from dial-peer 689 and instead use the command asymmetric payload full under the global SIP process on the CUBE, this will allow the SDP negotiation to take place as well.   This allows CUBE to accept and send different payload types.  Of course, when entered on a global level, this applies to every dial-peer on the system.  You do, however, have the option to apply this on a specific dial-peer, if desired.

When making the test call, upon examining the “200 OK” message being sent by the CUBE toward the HQ CUCM cluster, we see that both payload types are now offered, even though the RTP payload type on the dial-peer is set to use 119.  This, of course, results in a successful video call.

The last method we can use to successfully configure video calling through the CUBE is to simply let the endpoints negotiate the video codec without CUBE interfering at all.  We can basically configure CUBE to forward whatever SDP messages it receives to the destination endpoint.  Once again, we have the ability to perform this configuration on both a global and dial-peer level in the CUBE.  The global command is called pass-thru content sdp and it is applied under the global SIP configuration under voice service voip.  See the below snippet for the syntax.

When making the test call, upon examining the “200 OK” message being sent by the CUBE toward the HQ CUCM cluster, we see that both payload types are now offered, even though the RTP payload type on the dial-peer is set to use 119.

At this point, we basically see the same thing that happened when using the command asymmetric payload full.  The CUBE offers both 126 and 97 as possible RTP payload types for the HQ CUCM to use when communicating with the BB Phone.

Just to summarize our findings here, we now know that there are three different ways to configure video calling across the CUBE.  The first method involves negotiating the video codec directly on the dial-peer using the rtp payload-type commands.  The second method also uses dial-peer negotiation, but accomplishes it using the asymmetric payload full command under the global SIP process on the CUBE.  The third method basically takes the CUBE out of the equation altogether since it simply passes the SDP information from the sender to the receiver and vice versa.  This can be accomplished using the pass-thru content sdp command.

A call across the CUBE will also work the same way when using CUCME as one of the endpoints.  The only difference is that since CUCME is an IOS-based device, we’ll need to make a decision on what to do with the RTP payload type, in much the same way as it is done with CUBE.  Once again, we can choose the method that we want to use and determine if that will resolve the issue of the dreaded blank video screen.

First, let’s actually set up our dial-peers on CUCME (R3) to communicate with HQ Phone 1 (21001) as well as accept inbound calls.

As you can see in the above, we are using the voice-class codec command as well as the dtmf-relay command.  The latter refers to the method being used to exchange “user key presses”, or DTMF digits.  In this case, we see that we have a wide range of options to choose from; RTP-NTE (RFC 2833, In-Band), SIP-NOTIFY (Out-of-Band), and SIP-KPML (Out-of-Band).  By using this command, we are basically using all options available to us in order to negotiate with the far end.   The voice-class codec command refers to a preference list already configured in the router to select the codec for the audio path.  In the below case, we prefer to use G.711 if supported by the remote end.  Otherwise, we can fall back to G.729.

We also have to configure the global voice settings on the router in a similar fashion to that of CUBE.

As you can see, we have copied the “toll fraud” and “allow connections” commands from CUBE.  Also, we have bound the Vlan31 interface to the global SIP process for both control and media traffic.  In this configuration, we can place our first test call and use the debug ccsip messages command on R3.  Once again, we can see that in the “200 OK” message sent from R3 towards CUBE, we have the same problem; the RTP payload type being offered is 119.

Once again, since this is an IOS device, we can overcome this in one of three ways; change the payload type manually, allow asymmetric payloads, or allow the SDP header to pass through.  The only difference here is that the pass-thru content sdp command tends to cause issues with SCCP phone signaling on CUCME, so it is recommended to use one of the other two methods available.  The below debug verifies that either the asymmetric payload full or the rtp payload-type commands will fix the issue by sending an RTP payload type of 97.

I hope this has been helpful to all that are studying for the CCIE Collaboration lab exam.  Please keep your eye out for many updates to come for both our workbooks and videos.  Also, if you’re ever feeling like you need an extra push to get ready for the lab, are hitting roadblocks in your preparation, or just need some direction on how tackle the CCIE Collaboration Lab, give us a call and speak with an iPexpert Training Adviser about attending one of my bootcamps.  My goal is to get you ready to pass this exam as quickly as possible!

Thanks again for reading and good luck in your preparation!

Andy Vassar
CCIE #22042 (Collaboration, Voice, R&S)
CCIE Collaboration Instructor – iPexpert, Inc.

About Andy:

Andy Vassar is a triple CCIE who passed the CCIE Routing & Switching lab in September 2008 and the CCIE Voice lab in September 2010. He then passed the CCIE Collaboration in May 2014. Andy also holds a Bachelors Degree in Network Engineering Technology from Purdue University in West Lafayette, Indiana.

Andy has been a part of the networking industry for over ten years, and has recently been focused on corporate voice & video (collaboration) network design, support, and implementation. While working for Cisco as a senior network engineer in Chicago, Andy had the opportunity to work with several highly-visible, large-scale clients where he designed, optimized, and trained various staff departments and employees on how to support their enterprise voice and video networks.

With nearly a decade of hands-on experience with Cisco technologies, as well as Cisco’s Collaboration hardware and application portfolio, Andy is leading iPexpert’s Next Generation CCIE Collaboration training and product development initiatives, and will be delivering live CCIE Collaboration Bootcamps in our newest office, right outside of Chicago.

We’re excited to now provide you with a large number of custom bundles which have been designed to fit the phase of preparation you’re in, accommodate your learning style, but most importantly they won’t break your bank!

When you purchase one of our bundles, you’ll be given access to all of the materials in a “downloadable” format that’s heavily discounted so you can begin your CCIE preparation today!

Don’t worry about time restrictions, you’ll always have access to your material. Your videos are downloadable in MP4 format, your CCIE workbooks will be an unencrypted PDF, and your rack sessions will be added to your account in the form of vouchers.

You’ll also have the ability to view your videos via our streaming solution, and utilize our online workbook interface and technical support community when you’re logged into your Member’s Area.

For more information about these new bundles, please visit our Training Bundles Portfolio Page, select the bundle that fits your needs and then select the certification track you’re interested in.

Our Training Advisors are always on standby ready to assist you! Please feel free to either call, email or chat with a live Training Advisor – whatever method is more convenient for you. If it’s outside of our regular working hours (8 AM EST to 6 PM EST), we’ll get back to you the next business morning.

• Telephone: +1.810.326.1444
• Email: sales@ipexpert.com
• Live Chat

Please Join us in congratulating the following iPexpert clients who have all passed their CCIE lab!

This Week’s CCIE Successful Stories

• Eric Hulderson, CCIE #44870 (Wireless)
• Quisher Khan, CCIE #35509 (Routing and Switching, Wireless)
• Robert Lopez, CCIE #44688 (Wireless)
• Greg Chisholm, CCIE #29271 (Routing and Switching)
• Aruna Malalsena, CCIE#21131 (Routing and Switching, Security)
• Joseph Ploehn, CCIE #17658 (Data Center, Storage)
• Robert Lopez, CCIE #44688 (Wireless)
• Natraj Babaria, CCIE #27968 (Routing and Switching)
• Narayan Dev Sarma, CCIE#25509 (Voice)
• Jose Hernandez Asensio, CCIE #15276 (Routing and Switching)
• Kaue Colaneri, CCIE #43577 (Wireless)

This Week’s CCIE Testimonials

Robert Lopez, CCIE #44688 Wrote:
“The wireless training resources at iPexpert brought all the pieces together as I prepared for the CCIE Wireless lab. Having the class resources available via the online portal proved to be very valuable in the review process and in honing my skills across all of the wireless related technologies. Also knowing that Jeff Rensink was an email or text away, was simply icing on the cake. Hats off to the entire iPexpert team…nicely done!”

Greg Chisholm, CCIE #29271 Wrote:
“I greatly accelerated in preparing for the Routing & Switching lab exam by using the Lab Workbooks. Every run-through of the lab scenarios increased my knowledge in several areas and prepared me to handle the network topologies found in the exam. Working on complete lab scenarios is a key component in the CCIE learning process.”

Aruna Malalsena, CCIE#21131 Wrote
“iPexpert materials helped me to pass my CCIEs (R&S and Security) in first attempts.
There where months of driving without music for my family J, I was listening to the audio CDs while driving, it helped a lot to understand the challenging topics. Preparing for the DC these days and iPexpert been a trusted partner for me through out !!!
Thanks for the updated valuable materials.”

Joseph Ploehn, CCIE #17658 Wrote:
“I took your iPexpert Data Center boot camp in July 2013 and it provided me great information, having access to pods and equipment really pushed me over the top.”

Natraj Babaria CCIE #27968 Wrote:
“Your excellent CCIE materials helped me tremendously throughout my Routing and Switching journey. Without these materials, this would not have been possible. I can say that iPexpert provides absolutely great and the best materials for any CCIE track.”

Jose Hernandez Asensio, CCIE #15276
“I used the CCIE RS Workbook and it was a definitive help to master all the topics within blueprint and to face the exam with the needed confidence. I could pass in my first attempt without problems. Thanks IPexpert for the perfect materials.”

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs self-study products or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

A few days ago we announced our new CCIE Collaboration Lab VOD. Well, I’ve decided to post a few samples. Enjoy! – Andy

Presence Federation

SIP CUBE

Please Join us in congratulating the following iPexpert clients who have all passed their CCIE lab!

This Week’s CCIE Successful Stories

• Fatai Adekunle, CCIE #29052 (Voice, Data Center)
• Maciej Mazur, CCIE #39506 (Voice)
• Faek Soussi, CCIE #44947 (Data Center)

This Week’s CCIE Testimonials

Fatai Adekunle, CCIE #29052 Wrote:
“I finally did it in RTP On September 15, 2014. I owe this great feat to iPexpert team. You guys are really wonderful. Jason Lunde, my selfless instructor; always willing to go the extra mile to ensure you know the technology. Thanks a lot for those great impact at the boot camp and the subsequent encouragement even after the boot camp. Your encouragement after my first attempt was awesome. Thanks a lot Terry for the great wonderful recorded boot camp video. I listen to all the videos over and over to consolidate on my knowledge on every of the technology.
My great appreciation also goes to the support team : Joan, Jason Kishi, Simon Swegles, Jenny Demarco and the rest of the team. Thanks a lot to my account manager; Phillip Smith who made my boot camp possible.
You rock guys……..”

Faek Soussi, CCIE #44947 Wrote:
“I passed yesterday my first CCIE DC exam in Brussels on my first attempt. I have to thank you and the iPexpert team on helping me on achieving this huge exam, the rack rental moc lab, the moc labs, workbook was really helpful. Also i would like to thank Rick Mur on UCS mastering class and his great workbook, also Jason on his support on all my technical questions :)”

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs self-study products or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Most of us know that Cisco has different tiers or levels of certifications.  In each technology focus, there are three tiers that you can achieve.  Those are the Associate, Professional, and Expert tiers.  I’d like to take an opportunity to talk a little bit about my perspective on each of the tiers and how they could be viewed.

For this article, I am omitting the Entry level and the Architect level certifications.  The Entry level really just a piece of the Associate level certifications.  The Architect tier is an extension of the design track and is not ubiquitous across each technology focus.

1)      The Associate level (CCNA)

This is the level that people typically start out at.  Most tracks (technology focuses) allow you to earn this level of certification by passing two tests.  The tests are primarily multiple-choice based and often do not test any hands-on abilities.  You mostly pass these tests by memorizing facts and information so that you can answer the questions being asked.  Books and documentation are your primary study materials and the benefit of hands-on experience is not as important here as it is with other levels.

While the CCNA tests do not get into technologies at a deep level, they will test you on a very broad range of topics.  For this reason, they can actually be tougher to pass than you may originally think.  I have had people tell me that they took a CCNA exam “for the heck of it” at Cisco Live that lined up with a discipline that they have been doing for many years and they failed.  So experience alone is usually not enough to pass these exams.  The breadth of topics and the inclusion of non “hands-on” topics usually ensures that most people will need to put in at least some studying.  And for those people starting from scratch, it can take time to learn and retain information across the large range of topics.

While the CCNA can take some work to achieve, it really won’t equip you to be competent in a technology at a day-to-day level.  It mainly gets your toes wet in a technology.  I often like to compare certifications to college degrees (there are many similarities even though they have different scopes).  I would compare the CCNA to an associate level degree (2 year degree).  It’s a good start, but generally not enough education for most specialized job roles.

I would definitely encourage anyone to get their CCNA if you have to deal with a related technology in your job.  If the technology is something that you only dabble in, then it’s probably OK to stop at this level.  But if the technology is a significant portion of your day-to-day responsibilities, you’ll definitely want to progress to the next level.

2)      The Professional level (CCNP)

This is a level that many people strive to obtain.  Most tracks allow you to earn this level of certification by passing three or four tests.  You also need a CCNA in the same technology as a prerequisite.  Much like the CCNA, the tests are primarily multiple-choice based and often do not test any hands-on abilities.  You mostly pass these tests by memorizing facts and information so that you can answer the questions being asked.  Books and documentation are your primary study materials.  But hands-on practice becomes more beneficial in helping to memorize information needed to pass the tests.

The CCNP starts getting into a reasonable level of depth into the tested technologies.  The tests now focus on a subset of technologies since they are getting more in-depth.  So in one aspect, the tests are more difficult because you are digging deeper.  But on the other hand, you have fewer technologies to worry about for a given exam.  So on the whole, I’d put them in the same ballpark as the CCNA exams in terms of the amount of preparation needed for studying.  If anything, I often found it took slightly less time to study for a CCNP exam than a CCNA exam on average.

Thanks to the larger number of exams, the CCNP will usually take longer to achieve than the CCNA.  But now you are really starting to learn technologies at an appropriate level for those that use them on a day-to-day basis.  I would compare the CCNP to a bachelor’s degree (4 year degree).  It generally prepares you competently take on technical roles.  But you still have a lot of learning ahead of you to actually master the technology.

I would definitely encourage anyone to get their CCNP if you have to deal with a related technology in your day-to-day job.  If I were managing a network team, I would make it a minimum requirement.  If you didn’t have it, I’d make it one of the first priorities in your development plan.

3)      The Expert level (CCIE/CCDE)

This is the top dog of the Cisco certifications (unless you want to count the Architect level).  You achieve this level by passing a written exam (very similar to the CCNA/CCNP exams) as well as an 8 hour lab exam.  The written exam is almost like a cross between the CCNA and CCNP exams.  Like the CCNA, you are covering a very large range of topics.  Like the CCNP exams, you are covering them at a deeper level.  But the written exam is a mere formality when compared to the lab exam.  The lab exam is what makes the CCIE so special.  You have to be able to know the technologies well enough to properly interpret requirements, you need to be able to configure most anything, and also troubleshoot most anything.  And all of this with an 8 hour time limit that often feels much shorter.

Preparing for the CCIE often starts out more in the reading/learning side, but soon moves heavily into hands-on practice.  It takes a lot of time and resources to prepare for the lab.  And if you fail, you just spent $1500 + travel for a learning experience and a so-so lunch.  So the pressure is often pretty high.  But you do not actually need to have a CCNA or CCNP in the related technology to go for the CCIE.  The CCIE could be the first Cisco certification that you ever achieve if you wanted.

The CCIE gets even deeper into technologies than the CCNP does.  Once you start focusing on the lab, the nice thing is that you can stop worrying about some of the extraneous stuff that you have to learn for the written exam.  For instance, you don’t need to worry about the governing bodies of networking or some of the silly details like what color a certain alarm severity shows up as in your GUI.  Now it’s all about making stuff work.  So you practice configurations over and over until they become ingrained in you and you stop having to think about it.

Due to the large amount of technologies, the depth of the technologies, and the raw amount of practice needed, the CCIE often takes as long to pass as the CCNA and CCNP combined.  Most people spend a minimum of 6-9 months and may take 2+ years in order to pass.  Some people just give up after a while.  It takes a lot of work.  I would compare the CCIE to a master’s degree (beyond a 4 year).  You have learned things at an advanced level and are generally operating at a high level of proficiency.  Although there will always be more things to learn.  You still won’t know everything about everything in the technology.

I would definitely encourage anyone to get their CCIE if you plan on working day-to-day in a technology for years to come.  If you are going to devote years to working at something, why not become a rock star at it?  It’s such a game changer in a career because it forces you to know how to configure most things inside and out.  It also forces you to work under pressure and troubleshoot well.  Plus, the CCIE carries serious value that will open your career up to a large number of possibilities.

So those are my general thoughts on the different tiers of Cisco certifications.  This is based on my perspective of progressing through these 3 tiers across two separate technology tracks.  Ultimately, they will mean different things to different people.  But if you haven’t made your way through the tiers yet, hopefully you can benefit from the perspective of someone who has.

-Jeff Rensink

CCIE #24834 (R&S and Wireless)
CCIE Wireless Instructor – iPexpert, Inc.

About Jeff:

Jeff Rensink is a dual CCIE who passed the R&S lab in 2009 and the Wireless 2.0 lab in January of 2013. He also holds a bachelors degree in IT Management from Concordia University in St. Paul, MN.

Jeff has worked in the networking industry since 2006, starting in the enterprise space. In 2009, he worked on a team supporting one of the largest datacenters in Minnesota. His last employer was one of the premier Cisco gold partners in Minnesota, where Jeff was the lead wireless engineer for the majority of his time there. Jeff’s wireless experience spans local and national companies across many verticals including enterprise, retail, healthcare, education, and manufacturing.