Labbed up the IEWB-SP Vol2 Lab4 & Analysis
Again, had a 5 ½ hour slot with Internetworkexpert Rack rentals and had a go at Lab4.
Bridging\Switching:- straight forward section, VLAN’s [note VLAN456 not defined in workbook solutions but present in Dynamips Solutions!], VTP, Trunking, Routed Ports, slight digression with 802.1q trunk. Frame-Relay & ATM again straight forward. Additional non-required ATM configs deleted from initial configs.
IGP:- Major boo-boo here, forgot to add NET address to one router, caused a little time to sort out. Enabling level 1, and advertising networks all okay. To ensure fast convergence use isis hello-multiplier and isis hello-interval commands. OSPF – basic setup with security.
EGP:- Create two BGP AS’s as specified; advertise various networks, no issues. Configure VPNv4 peerings, do not exchange IPv4 unicast prefixes -> no bgp default ipv4-unicast. Nothing more!
MPLS: again standard fair – enable MPLS -> mpls ip, mpls label protocol ldp. Use authentication -> mpls ldp neighbor x.x.x.x password cisco. Enable label exchange without using mpls ip -> neighbor x.x.x.x send-label.
MPLS TE – Configure routers to support traffic engineering, with reservations of 5Mbps and total BW of 9Mbps -> mpls traffic-eng tunnels & ip rsvp bandwidth 9000 5000.
Configure MPLS TE Tunnels, one reserved for XMbps, other for YMbps, link redundancy added to question ->
interface Tunnel0
ip unnumbered Loopback0
tunnel source Loopback0
tunnel destination x.x.x.x
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 0 0
tunnel mpls traffic-eng bandwidth 5000
tunnel mpls traffic-eng path-option 1 explicit name primary
tunnel mpls traffic-eng path-option 2 explicit name secondary
!
ip explicit-path name primary enable
next-address a.a.a.a
next-address b.b.b.b
next-address c.c.c.c
!
ip explicit-path name secondary enable
next-address d.d.d.d
next-address c.c.c.c
VPN: Got caught on this – it really is beginning to bug me – I thought I had a handle on this topic – the way I do this is to put a generic configuration on notepad together so something like this ->
ip vrf VPN_A
rd 100:1
route-target import 100:1
route-target export 100:1
!
ip vrf VPN_B
rd 100:2
route-target import 100:2
route-target export 100:2
!
interface ethernet0/1
ip vrf forwarding VPN_A
ip address 10.1.68.6 255.255.255.0
Then I change the parameters for the relevant interfaces & addresses and copy and paste. Somehow I am missing the big picture – I find myself thinking locally instead of globally if you get what I mean – I also got a couple of issues configuring this section up such as…
Rack1R4(config)#ip vrf VPN_B
Rack1R4(config-vrf)# rd 100:2
Rack1R4(config-vrf)# route-target import 100:2
Rack1R4(config-vrf)# route-target export 100:2
Rack1R4(config-vrf)#!
Rack1R4(config-vrf)#interface e0/1
Rack1R4(config-if)# ip vrf forwarding VPN_B
% Interface Ethernet0/1 IP address 10.1.4.4 removed due to enabling VRF VPN_B
Rack1R4(config-if)# ip address 10.1.4.4 255.255.255.0
Rack1R4(config-if)#
%TDP-4-IDENT: cannot set VRF VPN_B TDP ident
Also this…
Rack1R7(config)#ip routing
Rack1R7(config)#ip vrf VPN_A
Rack1R7(config-vrf)#rd 100:1
Rack1R7(config-vrf)#
%L3TCAM-3-SIZE_CONFLICT: VRF requires enabling extended routing
Now this is due to ->
Error Message L3TCAM-3-SIZE_CONFLICT: [chars] requires enabling extended routing.
Explanation This message means that size of the Layer 3 unicast TCAM entry is not sufficient to implement a feature.[chars] is the feature name (either Web Cache Communication Protocol [WCCP] or multiple VPN routing/forwarding [multi-VRF]) that requires the 144-bit TCAM size.
Recommended Action Modify the Switch Database Management (SDM) template to enable the switch to support the 144-bit Layer 3 TCAM. Use the sdm prefer extended-match, sdm prefer access extended-match, or sdm prefer routing extended-match global configuration command, and then reload the switch by using the reload privileged EXEC command.
VRF-Lite & MPLS VPN’s all okay – remember where these are in the Documentation – MPLS Configuration Guide Section 4.
PE-CE Routing – again I got to work on my redistribution!!
Internet Access – 1st part was okay – but caught on the 2nd part – I do not like NAT!
Multicast – first part fine, standard PIM setup, sparse-mode, candidate-RP, Auto-RP, Stop group’s bar Auto-RP should be dense mode? ->
ip pim sparse-mode,
ip pim send-rp-announce…
ip pim send-rp-discovery…
ip pim autorp listener
Inter & Intra-AS Multicast: Configure as specified with relevant RP Information:
ip pim rp-address x.x.x.x to specify RP.
Ensure RP information doesn’t leak from 1 AS to another? ->
Deny on the 224.0.1.39 & .40 addresses and apply with the ip multicast-boundary command on the relevant interface.
When one router sends traffic to group address, then another router contacts a third, times two!
Ip msdp peer
Ip msdp default-peer
Ip igmp join-group
VPN Multicast: Ensure Multicast traffic is GRE Encapsulated. -> Use MDT as so..
ip vrf…
Mdt default x.x.x.x
That was as far as I got within the 5 ½ hours. 4 sections left.
QoS
Security
Systems Management
IP Services
I will complete these 4 sections on the Dynamips on my laptop and report time here to see if I could get it done in 8 hours but I did get a kicking today!
SP Lab Preparation Materials – My View.
A lot of candidates have been in contact regarding SP Lab Preparation Materials or lack thereof! – I have to agree – There are currently…..
[1] No SP Blended Learning Materials
[2] No SP Audio Lectures
[3] No SP Mock Labs such as IPExpert Graded Lab Assessments, Assessor Labs from Cisco, etc. This point is a big beef for me as their value in appraising a candidate’s situation in a Lab Environment is great!
[4] Sub-standard Workbooks – okay this is an unfair point but comparing, for example, the IEWB-SP Vol 2 V1 with the corresponding IEWB-RS Vol 5 – well, even the Brian’s will admit there are a number of quality differences.
[5] Success Stories/Feedback – Walk through the vendors feedback & success stories – Look at Groupstudy – Very few SP Passes – Okay the number going for RS are about 5/6 times the SP therefore we should see between 10%-20% of SP passes for every RS Pass – we do not!
However I am here to provide solutions not problems – here are my recommended steps to working around the above.
Steve’s Answer for [1] Combine answers 2, 3 & 4 below.
Steve’s Answer for [2] Okay, three possible solutions [i] Buy the RS material and supplement it with your own voice reading the additional SP material from notes or books.[ii] Obtain a copy of the very old audio RS lectures from the web somewhere which will include topics such as ATM, ISIS which are now off the RS exam and supplement it with your own voice reading the additional SP material from notes or books. [iii] Purchase the DVD class on demands and using specialist software, rip the audio and burn to your MP3 player or to CD.
Steve’s Answer for [3] Be strict – take a lab from a workbook you own, preferably one you have not done and time yourself to 8 hours and compare your configurations to the provided solutions and grade yourself being 100% honest – that’s the best I can do on that one!
Steve’s Answer for [4] Maybe a positive point – cross reference every solution with the DocCD, books, etc. Maybe it will make us better engineers for it rather than having the solutions/explanations handed up on a plate. If you are not happy with this then purchase the corresponding RS material and supplement the SP material with cross-referencing and research.
Steve’s Answer for [5] Lets increase this by passing this beast and upping the numbers accordingly – there are a lot of RS CCIE’s watching the current SP candidates going, hmmm, maybe this is of interest!
Labbed up the IEWB-SP Vol2 Lab3 & Analysis
Guys, I attempted the IEWB-SP Lab 3 at the weekend using the InternetworkExpert Labs rack rentals. As the Rack Rental Slot is 5 1/2 hours I am judicious with what I test myself on.
Layer 2:- Switching/Frame-Relay & ATM – I skipped these sections from a time perspective – I walked the labs and the solutions the days before the rental slot and I was happy to pre-load the configurations from the solutions guide, nothing there that has not been met before. Time Taken = 15 Minutes.
IGP:-
OSPF – Ok, setup OSPF area 0 on selected routers, advertise loopbacks, none of the devices to be DR, Time = 7 minutes,
OSPF Security – Setup md5 authentication, do not use area 0 authentication command, Time = 5 minutes.
IS-IS: My 1st mistake [again!] – when configuring the NET addresses on the relevant routers in the format 49.000x.0000.0000.000y.00 where x=rack number and y=router number, don’t forget your frame relay map clns statements, after completing the configurations I got the following messages on ALL routers.
%CLNS-4-DUPSYSTEM: ISIS: possible duplicate system ID 0000.0000.0001 detected
The 0001 at the end changed to 0002 on R2 and so on. Following a walkthrough the router configurations I saw on R3….
router isis
net 40.0001.0000.0000.0003.00
is-type level-2-only
What initially confused me was that the message was on all routers not just on R3. So a typo was the problem – too many 0’s for my liking! Time taken = 25 minutes.
IS-IS Security – Setup key chain with specified value, authenticate with MD5 – Time Taken = 7 minutes
=> Time Checkpoint = 1 Hour Complete!
IGP Complete – Golden Moment – Check full connectivity!
Issues – No routes were traversing the ATM Network!
I checked the configurations – because I had pre-loaded them I assumed that all would be good – The configurations matched the solution guide! I then opened a ticket with IE and began debugging – Within seconds I copped on [Isn’t sh ip int bri a great command!] – I had loaded the provided initial configurations, then I loaded the configurations from the solutions guide – however the initial configurations had the ATM interfaces specified as shutdown. I then had to walk the entire configurations and sure enough a ton of interfaces set to shutdown and a ton of extra non-required configurations as well that I deleted. I raised a 2nd ticket to IE stating all ok and to give credit to IE both the support engineer and Brian McGahan emailed me with confirmation that the ATM Switch was good – Thanks for that Guys!
EGP:-
Okay, so some time lost but okay, press on and grab the points.
BGP Peerings – Keeping track here is key – I find notepad indispensable both from a visual confirmation of the config and also from a verbose cut and paste perspective – after all, typing neighbor x.x.x.x update-source loopback 0 several times gets tedious!
No issues, setup peerings, use loopbacks as source ID’s, setup route reflector, configure address-families, etc.
Time Taken = 31 minutes.
BGP Security – My 1st reference to the CCO – question regarding limiting the number of BGP Prefix’s a router should receive and corresponding actions to be taken – Time taken = 8 Minutes.
EGP Complete and all looked great!!!
Hang on I am ahead of schedule – What’s wrong? – I got hung up for a while and still ahead time wise.
MPLS: – Flew through this – enable MPLS on a number of routers and corresponding interfaces, that’s it! – Time Taken = 10 Minutes.
=> Time Checkpoint = 2 Hours Completed!
VPN:-
MPLS VPN: Create VRF’s as per the question; use specific RD’s and route-targets as specified. Again tracking is key and seeing the route as it traverses the inter-network is important – no issues this time enabling ip vrf forwarding unlike my last lab – Time Taken = 20 Minutes.
PE-CE Routing: EIGRP comes into play – advertise loopbacks, provide security, this took me a while and one of the reasons is my redistribution skills are not quite what they should be – I am aware of this and actively working on it but it’s slowing me down and I made a mistake mixing up the BGP AS assignments, right AS numbers on the wrong routers!!!! – Time Taken = 38 Minutes.
=> Time Checkpoint = 3 Hours Completed!
MPLS VPN’s – Similar to previous question setup peering between two sets of routers using required VRF/RD and route-target information – I believe a MPLS VPN diagram is essential going forward as trying to distinguish your VRF path whilst looking at the mix of IGP/EGP colours on the provided diagrams whilst great is too difficult.
Back-Back VRF: This was difficult and time consuming – RIP and BGP redistribution required, get it right on one router and copy and paste to the 2nd router is the key.
=> Time Checkpoint = 4 Hours Completed!
Central Services VPN: Skipped due to time constraints – inputted the solutions guide configuration.
Multicast:
PIM: Setup PIM adjacencies as described, do not use ATM network ergo use tunnel interfaces. Watch for RPF failures, solution = use ip mroute…, Time = 15 minutes.
RP Assignment: Identify and configure the mapping agent and candidate RP based on the descriptions provided. Again watch for RFP failures. The key here being the identification. Time = 20 Minutes
PIM: Basic PIM setup on 2 devices – Time = 5 Minutes.
Intra-AS Multicast VPN Support – Okay this absorbed both me and my time – create MDT [Multicast Distribution Tree], enable multicast routing for the VRF, I will be quicker the next time – Time = 30 Minutes
=> Time Checkpoint = 5 Hours Completed!
Inter-AS Multicast: Solutions Guide has a typo – should be 227.7.7.7 not 224.7.7.7 apart from that use IGMP with filtering via an ACL. Time = 7 minutes.
Multicast Testing – Again use IGMP and test via ping across the inter-network – did I get an ICMP echo reply – Like Hell began to troubleshoot when – Session Finished!!
A little digging around on IEOC indicated I was in good company with this little problem.
Summary: Okay – I am too slow – that is official – however it is mostly on the MPLS VPN area that this is the case and there is a lot of repetitive configuration. I need to get a good handle on that and speed up. This lab caught me cold insofar as I flew through IGP/EGP & MPLS but the later sections were pretty big – Well done to the Brian’s for that!
Redistribution needs to be worked on and finally not for the 1st time I skipped QoS. With that in mind I spent 3 hours last night working solely on QoS, this blog entry aside I will be working Tuesday/Wednesday on it.
This Saturday I will be attempting IEWB-SP Lab 4!
CCIE SP Lab Feedback – Updated!
Some of the guys over at IEOC have provided this feedback from the SP Lab Exam for 2009..
Additional Update – 28-1-2009:
Guys i went to SP lab yesturday….that was my first try i have done all IE labs and was very confident that this time i will def pass……i went to the exam and when i came out of lab i was 100% confident as i did pretty well…..every single thing worked for me…..i attempted all questions and everything worked the only thing i was not sure abt was 3 point question and as per cisco policy i cant discuss that when i got the shock of my life when i saw my result i was failed and i got less then 70%……i couldnt beleive it….i m still in shock…..i am shattered…….i am like a dead man on this earth….all my studies all my efforts went into drain…..guys please sujjest something for me shd i contact cisco or do rechecking or what…….brain,scott guys plz comment on this as i m feeling vvvv down…..i can challenge cisco that it was alright……guys help me out plz
Additional Update 2 – 28-1-2009:
My attempt was the same. I am not saying I got 100% for everything but everything was working IPV4, MBGP, Multicast etc 100%. So I was confident too and very disappointed to see fail as well. Esp. when there are faults which you overcome during the lab and all the lights come on.
However we can fail because we do not interpret the question or questions correctly. The biggest thing which can fail us is that too much config is strung together for the 3 points J So you can have it all good but leave out a line which does not affect the outcome of the results in the routing table e.g. isis network point-to-point does not affect the routes themselves but needed to be under the interface to meet a question requirement!? So we deem it to be correct but we lose 3 points for missing config. Do that a few times and you are a gonner!!
What I find strange is during lab practice before my lab with the kit being used I used to get a lot of “mpls label corruption”. Routes which had labels are withdrawn from the LFIB etc and reachability then goes and nothing works!!! You then have to reload and all works again (ISIS L1 & L2 with TE across both L1 & L2 esp.J). Who is to say that after you have finished your lab and after a few hours label corruption occurs, (bearing in mind we are building quite a few differing technologies on the 2600/3600/3800 which ideally should run on 7206VXR and higher device) when they come to mark it nothing works
My 2 cents
You just have to keep your chin up and go again and hopefully nail it next time. It totally sucks failing but will be worth it once you have achieved it.
Original Post:
Feedback 1:- Well, I just took my SP lab the other day. It was very tough, but I left there thinking I might have passed. For preperation, I had done all the technology labs from Internetwork Expert and another vendor. I did the other vendor’s technology labs twice. I had also gone through all the mock labs from Internetwork Expert (most of them twice) and the other vendor. I did really well in all these mock labs. If I did not understand a topic, I researched it both in books and on Cisco’s documentation website until I understood it. This lab test was a total surprise!! I can’t and will not go into details because of the NDA, but it was really surprising to see my scores. I had everything working save one or two things. I only skipped one question, but they gave me 100% in that area. I’m not sure how that is even possible. I am really scratching my head at this score report. I’m not even close enough to try a regrade. I did nothing the lab said I could not do. Well, I will keep trying. I’ll reschedule again in a few months. Overall, it was a great experience.
Feedback 2:- Hi, Just as my experience, failed SP lab last week. Estimate my score to be something higher than 75% from the table recieved. My configuration was completed at 1340, with 4 task noted not completed. 2 of these completed within 1/2 hour, last 2 tasks neved completed fully according to spesifications. Spent rest of the time verifying and crosschecking over and over. At finish I knew 6 points was lost, 6 more points could be wrong because my solution was working but I was not fully satisfied. Subtract another 10 points for details overlooked or task misunderstood - still optimistic but knew this would be close to 80, above or below. Experience: look out for nasty wording in tasks, nasty configuration and do not expect IElabs to have covered everything. But IElabs are great, would not have my score without these labs. New lab has been booked, found it not easy to find dates within reasonable time in Brussel. Jon
Feedback 3:- Having my lab in around 2 weeks and reading your descriptions, I am getting really afraid about my lab & results…I tried SP lab before and I had similar issue, I didn’t understand why I lost so many points in the areas where I was pretty strong. Lab wasn’t easy, wording in some questions was nasty, but it was still doable. I also had task which was not possible to configure (at least I didn’t know how). Anyway, it is time to go back to study 
If you have any additional advice, subjects to review, etc please let us know 
Cheers, Seba
And finally to finish on more positive note -> A CCIE SP Lab Pass.
Feedback 4:- I’m not sure if this is the right place to post this message but I passed my CCIE SP Lab in RTP on Thursday, Aug 7. It was my first attempt and I only used the Internetwork Expert material to study with. I must say this discussion board is a tremendous addition to the practice labs. One thing I do want to mention is that it’s probably time for the CCIE SP practice labs to be updated, there are some technologies simply not covered in the practice labs that you will see on the real thing. I of course can’t give away any details but I would make a careful comparison of what’s in the practice labs and what’s on the blueprint if I were you. Some items on the blueprint cannot be tested due to the current IOS versions being used in the lab. My only other tip is to really work on your time management and understand your limitations. It was difficult for me but there were two questions on the lab that I skipped completely – both had the potential to break lots of other stuff and they would have consumed lots of time. I’m not saying that is the best approach, but since I was able to identify what I call “sucker” questions, I was able to spend my time on the other parts of the lab that I knew I could do. Thanks again Internetwork Expert – couldn’t have done it without you.
A. Joe Mann
CCIE #17203 (R&S, SP)
PS: Due to a number of questions related to my previous post — here are my observations regarding what is on the CCIE SP lab exam blue print but not covered by the Interwork Expert practice labs. Please note that this is just a comparison of what is on the blue print vs. what is on the practice labs - this is not an indicator of what you will see on the lab – I just believe that to be prepared for the lab, you need to cover the entire blue print:
1) Spanning Tree
2) IS-IS (while on many of the practice labs, I would consider most of the scenarios rather basic IS-IS. I believe it simply needs to be covered in more depth. This could just be my own weakness though, since I was never exposed to IS-IS until I started studying for the SP lab)
3) MP-BGP for multicast
4) mGRE
5) AToM and L2TPv3
6) QinQ
Some of these topics you can pick up in the R&S practice labs. It’s also probably worth mentioning that while there are other features on the blue print that are not covered in the practice labs, I do not believe the current hardware and IOS versions in the lab make these very feasible to test (no guarantees of course).
Also, there are tons of IOS services that you could be tested on. Lots of these can be found in R&S practice labs as well but at the end of the day, you just can’t cover them all — best to know the Doc CD so you can look it up quickly.
Best of luck to all of you and many thanks to others that have posted on this board.
Steve’s Note – Tapping into the various vendors support forums is a great way to glean knowledge irrespective of whether you are a customer of theirs or not!
Ref: http://ieoc.com/forums/t/4868.aspx & http://ieoc.com/forums/t/2810.aspx & http://ieoc.com/forums/t/4956.aspx
MPLS Traffic Engineering Notes
Guys, a super free little resource for MPLS-TE courtesy of Cisco Press. I printed this baby off and carry it with me along with all my summary notes.
PS: Less than 3 weeks to go!
Command Reference
| Command | Description |
| Router(config)#mpls traffic-eng tunnels | Configures TE support on router in the global configuration mode. |
| Router(config-if)#mpls traffic-eng tunnels | Configures MPLS TE support per interface. |
| Router(config-if)# ip rsvp bandwidth {reservable bandwidth 1-10000000 kbps} {maximum reservable bandwidth per flow 1-1000000 kbps} | Configures RSVP bandwidth on the interface-reserved bandwidth with the largest reservable bandwidth/flow. |
| Router(config)#interface tunnel {number} | Configures tunnel interface. |
| Router(config-if)#ip unnumbered loopback {number} | Configures the loopback interface IP address to be associated with the tunnel interface under tunnel interface configuration. |
| Router(config-if)#tunnel mode mpls traffic-eng | Configures the tunnel mode to be an MPLS traffic-engineered tunnel. |
| Router(config-if)#tunnel destination {IP address of remote loopback} | Configures the MPLS traffic-engineered tunnel’s destination or end-point. |
| Router(config-if)#tunnel mpls traffic-eng path-option {priority} dynamic [bandwidth {override bandwidth config value} | attributes {lsp attribute list name} | lockdown] | Configures the LSP path setup to be done by IGP and CSPF (dynamic LSP tunnel creation). The tunnels can be configured with the associated priority and attributes. |
| Router(config)# ip explicit-path name {name} enableor
Router(config)# ip explicit-path identifier {number} enable |
Configures an explicit path to be associated with a TE tunnel. |
| Router(cfg-ip-expl-path)#next-address {ip-address}Router(cfg-ip-expl-path)#exit | Configures the IP next-hop addresses for the explicit MPLS traffic engineered tunnel. |
| Router(config-if)#tunnel mpls traffic-eng priority {setup priority-value} {hold-priority value} | Defines the priority of the tunnel (used in load balancing). |
| Router(config-if)#tunnel mpls traffic-eng autoroute announce | Configures tunnel interface to be announced into IGP routing table (configured under tunnel interface configuration). |
| Router(config-router)#mpls traffic-eng area number | Enables OSPF for TE (under router OSPF configuration). |
| Router(config-router)#mpls traffic-eng router-id interface number | Configures the router ID for the TE process under OSPF or IS-IS. |
| Router(config-router)#mpls traffic-eng level [1 | 2] | Configures IS-IS Level1/Level2 domains for TE. |
| Router(config-router)#metric-style wide | Configures IS-IS to accept and use enhanced TLVs (wide metrics). |
| Router(config-if)# tunnel mpls traffic-eng fast-reroute | Enables the MPLS tunnel for FRR protection. |
| Router(config-if)# mpls traffic-eng backup-path tunnel {interface-number} | Configures the backup tunnel to be used during interface failure. |
Ref: http://www.ciscopress.com/articles/article.asp?p=426640&seqNum=5
IEWB-SP Vol2 Lab2 Analysis
I had a rack rental spot this evening on InterNetworkExperts SP Racks – 5 1/2 hours worth – Had a go at labbing up Lab2 from the Vol2 Workbook.
Lab Prep:
No issues whatsoever with connecting to the routers, opened each router in a different SecureCRT Tab and renamed the tabs at top to R1, R2, etc. Copied/pasted the initial configurations, couple of different interfaces that are a pain but so be it. Time taken = 15 Minutes.
Layer 2 Technologies:
Switching - VLAN, VTP, Trunking, pinging on the 2 3550’s – No issues – Time Taken = 18 mins.
Frame-Relay – 1st mistake - right configuration on the wrong interface – common issue, too eager to get FR up and running – had to redo – the command no encap frame-relay is great. Also a number of interfaces are down in the initial configs, caught me slightly, Time Taken = 23 Mins.
Redundancy – Ensuring FR Circuit active – use either IP SLA feature or end-to-end keepalives, not allowed use SLA! Create map-class, define end-to-end keepalive parameters, and apply class to FR sub-interface. Time Taken = 8 Mins.
ATM – Different interface on rack to lab – also had to delete add ional non-required ATM config from initial configs, otherwise ok. Time Taken = 12 mins.
PPPoE – No issues, identify client\server – enable VPDN on server, create Virtual-Template, reference VT in VPDN, enable pppoe on physical interface & setup security. Create dialer interface on client, encap ppp, create dialer pool, reference dialer pool on physical interface & setup security. Time Taken = 15 Mins.
IGP:
ISIS - Lots of config – had to change AS Numbers and Loopbacks into HEX to be used in NET addresses, initial configs were an issue with wrong loopbacks [ref: R5] also the Serial link between R2 & R3 required clocking. Standard ISIS configs, don’t forget the additional clns mapping for the ATM links under the PVC’s, also sh clns nei, sh ip ro isis. Time Taken = 17 Minutes.
OSPF – All looked fine, standard OSPF config, ip routing, network statements under OSPF processes, 1st gotcha, the unmentioned routers/interfaces that require OSPF config but are not explicitly mentioned – aka R1/R2. Instructions in the lab didn’t match up with the diagrams. sh ip ro os, sh ip os int, Time Taken = 15 Minutes.
EGP:
BGP – Not bad – standard BGP configuration – long time typing – key here is not to miss a config on a router – hence people recommend router by router – easier said than done – various neighbor commands remote-as, update-source, etc parameters, advertising prefix’s with network commands, I am not good at regular expressions so did not use them during verification as advertised by IE. Awkward CIDR query requiring creating an ip prefix-list, creating a route-map referencing the prefix list, applying the route-map in the BGP process and then using a static route to null. The VPNv4 exchange was ok but long. Congestion Management I struggled in – definite use of the solutions required! Time Taken = 70 Minutes.
MPLS:
Label Distribution – No problem, quick, remember LDP = TCP Port 646 and TDP = TCP Port 711, sh mpls ldp nei, Time Taken = 10 Mins.
Label Filtering – create access list, apply ACL to interface, enable MPLS ldp discovery, sh mpls forw table, Time Taken = 15 Minutes.
Label Security – authenticate MPLS adjacencies? -> mpls ldp nei x.x.x.x password cisco on relevant routers – quick – 3 Minutes.
VPN:
VRF – This is tricky and got my 1st blow in the lab – steps taken were to initialise VRF, define RD, define route-target export, enable ip vrf forwarding on interface – remember this kills the configured IP Address on the router – normally you just type it back in but on R4 when the IP died so did my OSPF adjacency - even after typing the IP back in – no joy, deleting the config and tried again – no joy – I had to park that as time was slipping – Time Taken = 28 Minutes [Ouch!!!]
PE-CE Routing – Another blow to the trooper – trying to configure the PE routers for OSPF gave me the following output ->
Rack1R1(config)#ip vrf CCIE_SITE_1
Rack1R1(config-vrf)#rd 1000:1
Rack1R1(config-vrf)#route-target export 200:1
Rack1R1(config-vrf)#!
Rack1R1(config-vrf)#interface FastEthernet1/0
Rack1R1(config-if)#ip vrf forwarding CCIE_SITE_1
Rack1R1(config-if)#ip address 10.1.18.1 255.255.255.0
Rack1R1(config-if)#exit
Rack1R1(config)#ip vrf CCIE_SITE_1
Rack1R1(config-vrf)#route-target import 200:2
Rack1R1(config-vrf)#!
Rack1R1(config-vrf)#interface FastEthernet1/0
Rack1R1(config-if)#ip ospf dead-interval minimal hello-multiplier 3
Rack1R1(config-if)#!
Rack1R1(config-if)#router ospf 1 vrf CCIE_SITE_1
%VRF specified does not match existing router
Rack1R4(config)#ip vrf CCIE_SITE_2
Rack1R4(config-vrf)#rd 1000:1
Rack1R4(config-vrf)#route-target export 200:2
Rack1R4(config-vrf)#!
Rack1R4(config-vrf)#interface Ethernet0/0
Rack1R4(config-if)#ip vrf forwarding CCIE_SITE_2
Rack1R4(config-if)#ip address 10.1.47.4 255.255.255.0
Rack1R4(config-if)#exit
Rack1R4(config)#ip vrf CCIE_SITE_2
Rack1R4(config-vrf)#route-target import 100:1
Rack1R4(config-vrf)#route-target import 200:1
Rack1R4(config-vrf)#!
Rack1R4(config-vrf)#router ospf 1 vrf CCIE_SITE_2
OSPF process 1 already exists and is attached to Default-IP-Routing-Table
Rack1R4(config)#exit
No amount of deleting/re-configuring/reloading helped – researching on the web [Not allowed in the Lab!] yielded this URL – http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/2.1.1/release/notes/relnotes.html
But this did not help – issues had to be parked due to time and section 5.3 Internet Access & 5.4 Management VPN’s had to be skipped. Time taken = 20 Minutes.
Multicast:
PIM – okay this should be fine – right? Wrong – Big Time! – Whilst configuring up basic PIM dense-mode I lost my tunnel-interface ->
Rack1R8#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R8(config)#ip mult
Rack1R8(config)#ip multicast-rou
Rack1R8(config)#ip multicast-routing
Rack1R8(config)#int
Rack1R8(config)#interface tunn
Rack1R8(config)#interface tunnel 78
Rack1R8(config-if)#tu
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel78, changed state to down
Rack1R8(config-if)#tunn
Rack1R8(config-if)#tunnel sour
Rack1R8(config-if)#tunnel source loo
Rack1R8(config-if)#tunnel source loopback 0
Rack1R8(config-if)#tunn
Rack1R8(config-if)#tunnel dest
Rack1R8(config-if)#tunnel destination 10.1.7.7
Rack1R8(config-if)#ip pim den
Rack1R8(config-if)#ip pim dense-mode
Rack1R8(config-if)#ip add 10.1.78.8 255.255.255.0
Rack1R8(config-if)#exit
Rack1R8(config)#int vl
Rack1R8(config)#int vlan 18
Rack1R8(config-if)#ip pim
Rack1R8(config-if)#ip pim dens
Rack1R8(config-if)#ip pim dense-mode
Rack1R8(config-if)#exit
Rack1R8(config)#int vlan 28
Rack1R8(config-if)#ip pim dense-mode
Rack1R8(config-if)#exit
Rack1R8(config)#exit
Rack1R8#sh int tunnel 78
Tunnel78 is up, line protocol is down
Hardware is Tunnel
Internet address is 10.1.78.8/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.1.8.8 (Loopback0), destination 10.1.7.7, fastswitch TTL 15
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled
Last input never, output never, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
I initially thought about keepalives but that wasn’t the issue – At this stage I had just over 25 minutes to go – so QoS was skipped which was Section 7 and worth 12 points.
IP Services:
MPLS Priority – 20 Minutes to grab the low lying fruit – configure specific LDP hello packets to be prioritised? – mpls ldp tcp pak-priority – Time Taken = 2 Mins.
NetFlow – Enable on specified inter and pass to given mgt Station on this port and this version - ip route-cache flow, ip flow-export version/destination & sh ip cache flow – Time Taken = 5 Minutes.
Systems Management:
Syslog – service timestamps, logging commands a little tricky but ok – Time Taken = 6 Minutes.
NTP – source, server, stratum, authentication, master, etc – ok – Time Taken 5 Minutes.
SNMP – Last bit I got done – 2 ACL’s required, several snmp-server….. commands, cut & paste with notepad after configuring the 1st router to apply to the 2nd Router – Time Taken = 10 Minutes.
Saved routers configurations – Time Up! – What score did I achieve – Well assuming what I configured was correct and that’s a big assumption – then I got 60 points – however in reality I also lost the Syslog & SNMP points as although I configured them correctly I had no visibility to the management station which was defined on a VPN address configured under Section 5.4 which I skipped so 54\100!
I will be reviewing DocCD and IEOC, etc during the week to figure out the VRF and Tunnel Issues – Finally for a laugh I put the final solutions through Cisco Output Interpreter and as stated by the various Guru’s a CCIE Lab is very badly designed – 90 errors encountered on each of the routers!!!
Cisco’s CCIE is no longer the biggest cash cow of IT certification?
When I was working in IT in the late 1990s, I remember the reverence with which everyone in the industry talked about the Cisco Certified Internetwork Expert (CCIE) certification. At the time, it was the only prominent IT certification that tested practical skills, in addition to the book knowledge that all of the other certs tested.
Wild stories circulated about the CCIE lab exam. I remember hearing about how you had to set up a network for a complex scenario that took you all day, then Cisco experts came in overnight and trashed the network. Then you came in the next day and had to fix everything.
Whether those stories were hyperbole or not, it was well-known that almost no one passed the CCIE lab exam on the first try. And it was expensive — $1,400 to take the lab exam, plus travel costs to get to a CCIE lab location, prep materials, and written exam pre-tests.
However, there was a big payoff at the end if you joined that elite fraternity of about 12,000 worldwide.
The word on the streets at the time was that as soon as you passed your exams you would be bombarded with phone calls from recruiters and Fortune 500 companies tripping over themselves to offer a job with a six-figure salary. That was the perception. The reality was a little more sober, but still very attractive. Many CCIEs were hired directly by Cisco, and others got lucrative gigs as high value consultants.
However, the CCIE is no longer the highest valued certification in IT. In fact, according to our extensive 2008 IT Skills and Salary Report — which TechRepublic produced in partnership with Global Knowledge — the CCIE has actually slipped to fifth.
Three certifications that involve business management in addition to technology have grabbed the top three spots: Project Management Professional (PMP), Certified Associate in Project Management (CAPM), and ITIL v2 Foundations. That shouldn’t come as much of surprise to anyone who has been in IT over the past decade, as we have seen IT professionals with strong business skills become hot commodities.
The CCIE isn’t even the most valuable technical certification any more. That distinction belongs to the Certified Information Systems Security Professional (CISSP) cert, which was fourth in our survey. Nevertheless, CCIEs are still pulling down good money, with an average salary of $93,500.
How about the world’s most popular (and sometimes most infamous) certification — the Microsoft Certified Systems Engineer (MCSE)? It came in 19th on the list, with an average salary of $71,980. That’s not too far off the average of $67,000 for MCSEs when I got an MCSE back in 1999.
Here’s a look at the top certs on the list:
Checklist V2 being drafted…
Guys, thanks for the feedback to date – lots of helpful comments, some from folks who have passed this exam. Updates for the next version include Verfication Techniques, Product Documentation Procedures, slight change to timings, and a couple of additional points in a few sections.
Regards, Steve.
PS: 37 days to go!!!
My Long Overdue CCIE SP Lab Checklist
Guys, Well take my advice and don’t book your lab for Jan/Feb as Christmas really messes up your study routine. In addition, do not play with your car’s ECU unless you have a handle on what you are doing – it took me days to resolve an issue with my BMW after I reset the airbag light and the Service Interval Display – Won’t go into details!!!!
I have finally completed my CCIE SP Lab Checklist – This is my personal plan of attack for the day itself – Please feel free to read, print out if it helps you and comment back to me with any errors/omissions, etc. This is my 1st Draft so be nice! I have also provided a download link at the bottom of the checklist to download a PDF Version of it.
Title: CCIE SP Lab Checklist
Author: Stephen Bowes
Version: 1.0
Date: January 2009
Abstract:
This is a compilation of notes, gotcha’s, pointers, etc from my research in preparation for my upcoming CCIE SP Lab exam which I have acquired over many years. Please feel free to notify me of more improved ways to those listed below and or errata through my CCIE blog at cciesplab.wordpress.com or by email at cciesp@rocketmail.com.
Points Scoring and Timings:
I am conscious of the number of candidates who have failed due to running out of time. There are a number of reasons for this, here they are and proposed solutions.
|
Reasons for Failure: |
Solutions: |
|
Misinterpreting the questions |
Read the question more slowly, read it again, do not over-engineer the solution, answer what is asked, confirm any doubts with proctor, if proctor answer unacceptable, ask the same question a different way again. |
|
Typing in the right configuration on the wrong interface or router |
Tread carefully, cross-check and reference, validate before moving on. |
|
Tasks taking too long to configure in the time window available |
Practise speed drills, type faster, use aliases, notepad for verbose configurations, and use the Doc CD less if possible. Configure technologies router by router rather than interface by interface [explained later] |
To this end my timing plan is as follows -> Total Time = 8 hours = 480 Minutes. Lab Points Total = 100 Points, allowing 30 minutes for opening moves [see below] and 50 minutes for checking, validation and verification at the end, gives me 400 minutes for configuration => 4 Minutes/Point.
Pre-Lab Actions:
1 Month:
Adjust your body to performing 8 hour labs – Stamina will be key – you will be no use to anyone if you get tired after 5 hours of labbing. With 1 month to go ensure you are not doing 4 hour mini-labs rather the longer ones.
1 Week:
Adjust your body clock to the lab time. In my case I work 11am-7pm GMT whereas the Lab Exam in Brussels starts at 0745. This is 0645 GMT so with a week to go I will be up, showered, and had breakfast and sitting at my desk at 0730 to start an 8 hour lab with lunch at 12 for 30 minutes. I need to be fully alert at 0745 on Lab Day.
Lab Exam Day:
- Get as much sleep as is feasible the night before, up, showered, breakfast complete and be at Cisco by 0730. I booked into the nearest hotel I could find 250m away so no reliance on transport, etc.
- Bring a number of layers of clothes in case the room is cool, bring ear plugs so that the 11 guys/girls typing next to you and also so that the CCIE Voice candidates testing faxes will not interfere with your concentration levels.
Lab Action Plan: [Note: All times below are estimates and dependent on points values as per timing plan noted above]
Opening Moves: [30 Minutes: 0800->0830]
- After the proctor instructions, take a minute, calm yourself, open the booklet, read the exam end to end, visualise the Bridging/Switching, IGP, EGP, MPLS, etc.
- Draw a personalised diagram of the topology – Note: This is a talking point, some do, some don’t, and I think it’s advantageous especially from an IP/Interface perspective.
- Ignore the rush of the other candidates typing or the urge to get started.
- Create a point checklist on the rough paper provided. Here is my example.
Example Point Checklist:
|
Task: |
Section: |
Points: |
Time: [Mins] |
Completed: |
Total Points: |
Comments: |
|
Switching |
1.1 |
3 |
15 |
Yes |
3 |
Watch security requirement section 7.2 |
|
Switching |
1.2 |
2 |
10 |
Yes |
5 |
All ok |
|
Switching |
1.3 |
2 |
10 |
No, moved on |
5 |
Look up DocCD to confirm solution. |
Troubleshooting: [15 Minutes: 0830->0845]
A number of faults may have been entered into the pre-configured devices. Check your SecureCRT software – can you see each of the devices? Reload each device, look for any hardware errors on boot-up, now is the time to spot this, not 11am.
As any issues could have been introduced check everything, IP Addresses matching Interfaces, subnet masks, FR DLCI’s, FR Inverse-Arp, pre-defined VLAN’s, VTP Modes on 3550’s, watch any pre-defined configurations configured on correct interfaces, ATM configurations, NSAP, IP, etc, etc.
I am not an Alias guy but now would be the time to do this, type these into notepad and cut & paste onto the routers ‘show run | b Se’ – Remember for large or repetitive configurations such as BGP, use notepad and then copy and paste.
Frame-Relay: [15 Minutes: 0845->0900]
- Use your diagram to draw out the FR Topology
- Configure Router by router not interface by interface
- Use [1] shut [2]enc frame-relay [3] no frame inverse-arp [4] no shut.
- Decide to use either frame-relay map or use sub-interfaces
- Ping from spoke to spoke if possible to validate.
- If PPP over FR, then always create VT first, user/password
- Save, reload, and then verify all working.
- FRTS – Know your CIR=Bc x 1000\Tc; Be=(AR-CIR) x Tc/1000.
=> Golden Moment: Frame-Relay is the spinal cord of the inter-network, it must be 100% <=
Switching: [30 minutes: 0900->0930]
- Create VLAN’s as per instruction
- VTP Modes
- Trunking
- Access Ports
- Security/Other Requirements
- Ping vlan by vlan. Select only one device and ping all other on a specific vlan.
- No need to ping from multiple interfaces on the same vlan.
- Don’t wait for Arp resolution!
- If naming something, type it exactly as specified – Ref: Narbik
- Specify both Duplex and Speed as Auto-Sense can be troublesome – Ref: IEMentor & Gorito
Cell-Mode MPLS: [20 Minutes: 0930->0950]
- Configure any ATM interfaces required – PVC/SVC, NSAP Addressing,
- Watch for tag-switching or label-switching.
- Security authentication may be required
- Use ping to verify
PPP/Ethernet: [10 Minutes: 0950->1000]
- Configure PPPoE as required, PPPoE enable, pppoe-client, interface dialer, etc.
- Know security configurations, ping and validate.
=> Golden Moment – Bridging & Switching Complete – Total Estimated Time 2 Hours! <=
IGP:
OSPF: [30 Minutes: 1000->1030]]
- While reading the task, use your master diagram to configure OSPF router by router not area by area. Look for the following OSPF characteristics.
- Authentication, stub or nssa, virtual link
- Refer again to your master diagram, colour in the OSPF areas.
- Make a note on redistribution, summary, area-range, DR/BDR, OPSF network type.
- Get Area 0 working 100% first.
- Ensure Area 0 Contiguous, test, create GRE/Virtual-links, and test again.
- Configure other areas.
- Leave OSPF Security until last.
- From a time perspective, router by router saves you revisiting router and typing in additional commands after the fact.
- First Interface and then router ospf
Preferred sequence for configuring interface
1) OPSF network type based,
2) priority,
3) Authentication,
Preferred sequence for configuring OSPF process
1) router-id
2) area authentication,
3) area virtual link,
4) neighbor,
5) Network (copy paste from interface address)
- Validate everything is working (show ip os ne, show ip os vir, show ip os interface, show ip route)
- Do redistribute summary, area range, filtering [Be Careful!]
- Avoid any engagement with giant beasts. But make a note.
- Validate and verify prior to moving on.
- Save Configurations,
- Reload routers and final verification. Note: Some candidates do not reload, some do – I will.
IS-IS: [30 minutes: 1030-> 1100]
- This has been noted by previous candidates and having quite a bit to do on the SP Exam! Refer again to your master diagram, colour in the ISIS areas.
- Configure ISIS on relevant routers
- Note what ISIS Levels are required – 1 or 2,
- Assign appropriate NET addresses
- Remember unlike other IGP’s, ISIS configured at Interface level and is essentially a L2 protocol.
- Verify adjacencies
- Due to ISIS only knowing two forms of media – LAN or point-to-point -> use the frame-relay map clns command to create maps for protocol to run.
- Configure any ISIS filtering/redistribution
- Configure Authentication if required.
- Configure any additional ISIS nuances/parameters such as metrics/timers, etc we encounter.
=> Golden Moment – IGP Complete – IGP Time 1 hour – Total Time 3 Hours <=
EGP:
BGP: [60 Minutes: 1100-1200]
- While reading task, draw BGP topology on master diagram, this is important.
- Determine Route Reflector or confederation or both to do full-mesh iBGP.
- See if neighbor peer-group is required,
- Configure router by router not BGP session-by-session
- Configure one AS then another – be AS focussed.
- Always put no sync and no auto-summary if allowed.
- Ensure reachability, one AS at a time.
- Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path filer), route-aggregate(w/ as-set, summary-only, supress-map, attribute-map, advertise-map), route-manipulation( w/as-prepending, med, local-pref, weight, next-hop, advertise-map/non/existing-map, origin, community, etc ) route-dampening, etc.
- Resolve any next-hop-self issues which are easier to troubleshoot working one AS at a time.
- Validate config. Use “clear ip bgp * soft “not”, clear ip bgp *.
- Leave BGP Authentication until last.
- Save, reload and test.
=> Golden Moment – EGP Complete – Ensure full Reachability Maintained, Save Configs <=
Reachability Test: [Before lunch if possible followed be reloading routers]
Test full reachability with TCL Script. Check you get an ICMP response from every router to every router. If ping has no response, write down IP address and troubleshoot.
The master diagram will help here. Method involves – show ip alias, Copy to Notepad, Search and Replace to “Massage the Data and toss in the PING Command), Wrap what’s left in a TCL or Macro, Copy and Paste into a Router.
Run tclsh script
“foreach addr {
1.1.1.1 <http://1.1.1.1
…
} { ping $ addr}”
Just copy past after tclsh – To quit, just type ” tclq”.
Also to quote Scott Morris -> I’d leave “debug ip routing” turned on through the rest of the day. It can be a quick indicator to things getting messed up (like when you add ACLs!)
MPLS: [30-45 Minutes: 1245->1330]
- Tag Switching v Label Switching, when to use which ones – Watch for IOS Bugs here!
- Watch any integration with EGP
- MPLS might be the final piece of the jigsaw for full lab reachability.
- Cell Mode v Frame Mode
- MPLS traffic Engineering – level,
SP Multicast: [30-45 Minutes: 1330->1415]
- Setup PIM Mode as required – Sparse/Sparse-Dense – Use address-family ipv4 multicast were required
- Identify PIM RP or Bootstrap requirements
- Don’t forget ip multicast-routing
- Be aware of route filtering
- Join any IGMP Groups if required
- Check Unicast and multicast traffic work across different AS.
SP QoS: [30 Minutes: 1415->1445]
- Be careful not to block or drop any IGP updates
- Draw a flow on paper
- Interpretation of what is required & which QoS Method to use is Key!!
- Determine classification method (ACL, NBAR) and direction.
- Determine Shaping v Policing
- Consider all options for queuing (legacy custom/priority, bandwidth/priority, shape average/peak, FRTS/GTS) – Always Outbound.
- Consider all options for policing ( police, rate-limit, ip multicast rate-limit, aggregate police( 3550))
- If frame-relay, don’t forget adaptive-shaping.( becn, fecn, foresight)
- Consider all dropping mode (random detect, ecn, tail drop, marking, etc)
L3/L2 VPN: [45 Minutes: 1445->1530]
- Configure Multicast MPLS VPN if required, VRF Mapping, default MDT, data MDT, MDT Group Addresses
- Important to map out on your master diagram, the flow/direction of the VPN Traffic so that the correct configuration can be applied to the correct interface on the correct router in the correct direction!
- MP-BGP filtering, specifying route-targets, etc
- PE-CE Routing, RIP – Watch Split-Horizon is off on physical FR and ATM, authentication, version, auto-summary, etc; Other IGP/EGP considerations, configure router-by-router, CSC, etc.
- Be aware of various backup routes for the VPN traffic in the event of line/router failure,
- Be aware of VPN and Frame Relay specific limitations
- GRE/mGRE tunnels, when to use, how to configure.
- Be able to provide Internet Access from one portion of the inter-network to another.
- Be able to exchange EGP traffic across AS’s.
- QinQ/PPoE – benefits = reduce no of VLANs, scalability, encap dot1q, pppoe enabled, etc.
SP Security: [20 Minutes: 1530->1550]
- Be careful not to block or drop any IGP updates
- Draw a flow on paper if required
- Consider all options for classification – std/ext/reflexive/dynamic ACL, IP Prefix List, IP inspect, tcp intercept, Unicast RFP, ip accounting output packet /access-violation/precedence.
- Be aware of various ways to configure MD5 for IGP
- When configuring Switchport port-security mac-address, be careful to include virtual and physical mac if HSRP is running
- Know response planning to common security attacks such as DOS, Smurf, etc.
SP Management: [15 Minutes: 1550->1605]
- Know SNMP, setting up community strings, traps, RMON, pointing at various devices, etc
- Netflow, destination address, port no, version, etc
- NTP, master, server, source, etc.
- Know about various IP Services available in the IOS
Timing Note: According to this schedule this only allows me 25 minutes for checking, saving, reloading, troubleshooting, etc. However I have taken the outer marking for Multicast & MPLS which may or may not give me back up to 30 minutes additional time thus leaving 55 Minutes.
Other Gotcha’s/Tips:
- Route Filtering – Know this cold, affects several areas, pass or fail the lab on this alone IMO!
- Skipping Difficult Sections – This is a dangerous but potentially rewarding path up the mountain but slippery and easy to fall down on – Risky Approach.
- Redistribution – Say no more, need to pass routes, this is it – potential failure point.
- Strategy has to be flexible depending on the progress through the day.
- Ensure the “gimme” questions are answered 100% – These are key to success.
- Ongoing Validation, via show commands and TCL Script, saving and reloading at least twice I believe is essential.
- Speed accessing resources on the DOCCD is essential – should be less than 90 seconds lookup per topic.
Authors Note: Please feel free to contact me if you can add value to this initial draft as I would like to think this can help other SP candidates with a lab structure going forward.
Download Link:
http://rapidshare.com/files/180524993/CCIE_SP_Lab_Checklist.pdf
