Recently in Certifications Category

Yestarday was a busy day for me at Cisco Live.  Here is a brief summary:

CCDE Written exam: I decided to take advantage of the free certification exam to recertify my CCDE.  Unfortunately I had no time to study, but I managed to remember enough MPLS-TE to pass anyway.

Cisco Catalyst 3750 Switch Architecture: This session went over the details of the capabilities of the hardware at a very low level.  It covered all the 3750 models.  There was a discussion on how licensing will work in the new 3750-X (Yea! IPv6 has been moved down to IP Services!).  Details on the Stackwise and Stackwise Plus functionality only served to underscore how cool the new 3750-X is! 

Secure Borderless Network Design: Borderless Networks is really an umbrella architecture that combines other technologies and techniques to enable highly secure and mobile solutions.  This session covered the internet module portion of this, specifically the ASA, IPS, and WSA.  VPN technologies were also touched upon.

Cisco ASR1000 Series Routers: System & Solution Architecture: Imagine an ISR router (2800 for example) that can do NAT, IOS Firewall and IPS, and VPN at the same time at 20 Gbps!  Wow.  This session discussed the hardware capabilities and options and how they interoperate to support this highly available chassis.  I am going to be looking for oppertunities where this product might fit in the future.

I also spent a few minutes hanging out in the Certification Lounge.  I found that the CCDE could be recertified with any expert level certification, even though the website says otherwise.  I also met one of the first two CCAr's last night.  He was part of the internal team for CCDE, but not for CCAr.  At least one other individual is in the CCAr path right now.  Unfortunately I secured financing too late to be in the CCAr on this round, but another opening will be coming soon.

On Saturday immediately following Christmas, Santa Clause, who looks remarkably similar to my mailman presented me with a shiney white envelope from Vue, among other things (likely bills or some other such nonsense).  Where I live, it is a long way down the driveway to the house - a trip made even longer by the anticipation and anxiety welling up inside me.  A nearly a month late and near constant clicking on the refresh button the last several days, I had to fight just to keep from flinging the remainder of the post to the wind.  The fact that several highly skilled engineers had already posted less than stellar news on the Cisco Learning Network just the night before.

After finally making it to the house, filled with my wife's guests, I ever so quietly and calmly slid my shakey hands down the length of the envelope's lid and tried to lean against the counter to steady the paper so I could actually focus on it long enough to read the only word I could actually see clearly while in this state: CONGRATULATIONS!  After the trembling stopped, I found my way to the second page to find my score report which was conspicously missing anything that remotely resembled a score or a report, but did contain a number.  From the beginning of the beta program it was decided that there would be a new numbering scheme for CCDEs, but it was not announced what it would be. 

Well that question was now answered: 20080001.  1?  1?  Really?  Its been nearly two weeks since that day, and I still have trouble with that.  First let me say that Cisco only invited the best to the beta program.  200 people took the beta written.  60 were invited to the beta practical, of which 42 (ish) attended.  And out of those, I got the first number?  All I can say is wow!  So far only 3 people have acknowledged reciept of a CCDE number, and from the rumor mill, that is all that passed.  7%  Ouch.  I have to feel humbled here, because there are bigger names than mine that attended.  Some people doing the things I had dreamed, but they didn't pass.  Don't get me wrong: I am very excited, and proud of what is truely a once in a lifetime experience! 

If you ever get the chance to participate in a beta program from Cisco, no matter what it is - DO IT! 

To all of my peers that took this exam: You all passed in my eyes.  Congratulations for helping to make an important new certification for the Cisco community.  I hope you all attend the next exam on Feb 11, 2009.  I expect to hear about the next CCDEs soon!  A special congradulations goes out to the other beta participants that passed. 

Michael Morris    CCDE#20080002

Reinhold Fisher   CCDE#20080003

Many folks are likely practicing for certifications and have trouble being able to get thier hands ahold of real equipment to praactice on.  GNS3 is a great tool for basic emulation of routers, switches (with some tricks) and firewalls!

Most folks want to emulate an ASA, which I am not currently aware of any product thaat will do this, but for the moment, the PIX code is virtually identical!  The primry differences what most people will notice (from an emulation perspective anyway) is that the interfaces have slight differences (Ethernet0-5 vs. Ethernet0/0-3 & Management0/0) and the SSM modules are not present and the IPS and Content inspection commands for the service policies won't exist.

But what aabout licensing?  This is where the real trouble happens, your emulated PIX by default won't have an activation key or serial number.  Ooops!  This means no VPN, not even DES!  No failover either!  Therefore you can't test any config that requires these features.  What you need to do is to locate a valid PIX somewhere.  In my case, I have a PIX 515E at work in our lab. 

I pulled a show ver from that PIX and made note of the Serial Number and Activation Key.  Once I had these, I go into GNS3 and right click on my PIX (from the network topology window) and select configure.  Obviously you need to select your PIX code file here, but you can also paste in the activation key.  You will get an error if you just paste it in though.  You must change the spaces in the activation key into commas ",".  The serial number field requires the information to be entered in hex.  So open your handy calculator and enter the decimal serial number from the real unit or from the show ver and convert it to hex.  You can then past this number into the field in GNS3 with a "0x" in front of it.  Depending on the code you choose, the activation key may or may not work at this point.  If it doesn't simply enter config mode on your virtual PIX and enter the activation-key command.  after a save and reboot the PIX should accept the key and work with the same license as the real one.

Just as an important note: This is NOT intended as a way to bypass Cisco's licensing.  You should not even think about using a GNS3/PEMU emulated firewall for production security purposes.  If you have a production need, eBay a PIX or better yet, buy a shiney new ASA 5505.  Only use this information in a lab.  Also, don't even think about asking me for activation keys or serial numbers.