New CCIE LAB format coming up

CCIE LAB Framework now includes Design (Low Level Design – LLD), Automation and Programmabillity.

CCDE is not going away – CCDE focuses on High Level Design – HLD

LAB exam splits into 2 modules

  • Module 1: Design (3 Hours)
  • Module 2: Deploy, Operate, Optimize (5 hours)

It is not possible to move unused time in module 1 to module 2

The “old” Troubleshot module is moved into Module 2 (Operate & Optimize)


CCIE Security: The road to success, how NOT to study

When I started my Lab exam preparation last summer – I wrote a blog post about my time schedule.
I have been keeping pretty tight to that schedule, but it is not a way that I would ever recommend to a person that asks me “how should I prepare for my CCIE” (I only stuck to that plan because I had a “baby deadline” 9 month in front of me)

In short:

  • 800 hours Technology training over 6 month
  • 7 days intensive Bootcamp Training
  • 2-4 month Full Scale Mock Lab Training 2-3x 8 hours sessions each week (2-400 hours)

The plan was only possible due to a contract that I had with my wife, family and friends. “You will not see me, as in not see me at all for the next 8-10 month”

The overall time spend seen over the entire lenght of my training was a perfect fit for me and my knowledge level – but if you ask me how to sprinkle your study hours across a calender year, then evenly distribute the 800 hours Technology Training over an entire year, so you have time for your family and friends, and you do not have to say no to birthday parties… And when you get to your intensive Mock Lab Training, then you say: “I will be unavailible for 1-2 month” and you go full speed ahead.


CCIE Security: Mock Lab #1

I am so grateful for all of you supporting me, and what better way to give back, than by giving you all a Mock Lab.

First draft of the Topology can be found here and I will work as hard as I can to have the finished topology and workbook/questions ready.

All of it can be build in EVE-NG / GNS3, but even better is it if you have have some physical equipment (for ASA Cluster, and Catalyst Dot1x)


  • Flexvpn HUB-Spoke
  • Site-to-Site IKEv1
  • Clientless SSL VPN
  • AnyConnect VPN
  • PKI
  • Dot1x
  • MAB
  • Securing Routing Protocols (BGP and EIGRP)
  • Firepower/FTD/NGIPS
  • ASA A/S
  • ASA A/A (Requires either physical ASA or ASA8.2 image for GNS3)
  • ASA Cluster (Requires physical ASA)
  • TrustSec
  • WCCP
  • WSA

CCIE Security V5 Mock Lab Topology


Please comment below if you like the Mock Lab or something should be changed.


CCIE Security: Move time between sections

Have you ever seen this image on the Official Cisco CCIE page?


It states, that you can move a maximum of 30 minutes between the Troubleshoot and Configuration section.

In reality you can move an indefinite amount of time from the Troubleshoot section to the Configuration Section – but the Troubleshoot section can never be longer then 2½ hours.

Tip: Can you complete the Troubleshoot section within 1 hour, then you have 6 hours to complete your Configuration section.

(Diagnostic is a fixed 60min section – nothing to do here but wait until the timer runs out)

CCIE Security: The Journey ends here

Thanks to all of you following me, your support is extremely valuable.

Now my focus will shift to my family and our new kid in the making..

Who knows.. maybe I will join the league of experts some other time

Once again, thanks

UPDATE 10.03.2018: I realized that I never shared my final result..
Once more I got a Pass + Pass + Fail = Fail
In the Config section I got a pass rate of 61% (close but no cigar)

CCIE Security: waiting time

Now the waiting game is on..

TSHOOT I was 30min ahead (spend 1.5 hours)

DIAG is always a bit 50/50.. I feel confident, but it can go both ways. (Spend 1 hour)

CONFIG: due to my fast TSHOOT I had 5.5 hours to CONFIG.. everything went after the book and time schedule.. BUT.. 2.5 hours before end time, things started to get buggy, periodically not working, and I started to get nervous and make small mistakes..

At the sound of the proctor’s “Time is up” I pasted the last bit of configuration in the router for the last task (without verification afterwards)..

Soo.. did I pass? Only time will tell..

CCIE Security: T minus 12 days until lift off

12 days until I land in Brussels Airport and 13 days until my next and final lab attempt.. I am so ready.. I would like to do the attempt tommorow, but I will have to wait just a little while longer..

It might be a good thing, because I am starting to get ill, so hopefully it will drift along and within the next 7-10 days I am 100% fit for fight..

CCIE Security Lab attempt, bring it on…