CCIE Security: re-cert stacking/extension

Can you stack/extend CCIE re-certification time? YES


  • You must wait 180 days after last passed CCIE Written
  • You can only stack/extend by 2 years once every 24 month period


  • You pass CCIE Written January 1st 2017
  • You pass CCIE LAB January 1st 2018 (next re-cert date is January 1st 2020)
  • You pass CCIE Written January 2nd 2018 (next re-cert date is January 1st 2022)


CCIE Security: The road to success, how NOT to study

When I started my Lab exam preparation last summer – I wrote a blog post about my time schedule.
I have been keeping pretty tight to that schedule, but it is not a way that I would ever recommend to a person that asks me “how should I prepare for my CCIE” (I only stuck to that plan because I had a “baby deadline” 9 month in front of me)

In short:

  • 800 hours Technology training over 6 month
  • 7 days intensive Bootcamp Training
  • 2-4 month Full Scale Mock Lab Training 2-3x 8 hours sessions each week (2-400 hours)

The plan was only possible due to a contract that I had with my wife, family and friends. “You will not see me, as in not see me at all for the next 8-10 month”

The overall time spend seen over the entire lenght of my training was a perfect fit for me and my knowledge level – but if you ask me how to sprinkle your study hours across a calender year, then evenly distribute the 800 hours Technology Training over an entire year, so you have time for your family and friends, and you do not have to say no to birthday parties… And when you get to your intensive Mock Lab Training, then you say: “I will be unavailible for 1-2 month” and you go full speed ahead.


CCIE Security: Mock Lab #1

I am so grateful for all of you supporting me, and what better way to give back, than by giving you all a Mock Lab.

First draft of the Topology can be found here and I will work as hard as I can to have the finished topology and workbook/questions ready.

All of it can be build in EVE-NG / GNS3, but even better is it if you have have some physical equipment (for ASA Cluster, and Catalyst Dot1x)


  • Flexvpn HUB-Spoke
  • Site-to-Site IKEv1
  • Clientless SSL VPN
  • AnyConnect VPN
  • PKI
  • Dot1x
  • MAB
  • Securing Routing Protocols (BGP and EIGRP)
  • Firepower/FTD/NGIPS
  • ASA A/S
  • ASA A/A (Requires either physical ASA or ASA8.2 image for GNS3)
  • ASA Cluster (Requires physical ASA)
  • TrustSec
  • WCCP
  • WSA

CCIE Security V5 Mock Lab Topology


Please comment below if you like the Mock Lab or something should be changed.


CCIE Security: Move time between sections

Have you ever seen this image on the Official Cisco CCIE page?


It states, that you can move a maximum of 30 minutes between the Troubleshoot and Configuration section.

In reality you can move an indefinite amount of time from the Troubleshoot section to the Configuration Section – but the Troubleshoot section can never be longer then 2½ hours.

Tip: Can you complete the Troubleshoot section within 1 hour, then you have 6 hours to complete your Configuration section.

(Diagnostic is a fixed 60min section – nothing to do here but wait until the timer runs out)