Globalconfig.net

On more than one occasion people have asked me how I became a trainer.  Recently I received a request from Paul Stewart asking how I got into being a trainer so I figured I would blog it for the future reference. Thanks for the question Paul.  I hope this covers it for you without boring you to death.

So here is my story.  It’s a little less than brief.  Sorry.

I have been a Cisco Trainer for 8 years now.  In the last 8 years I have seen ups and down but still can’t imagine doing anything else.  It’s safe to say that I love my job.  What I love about it is the knowledge transfer.  You can honestly see that light bulb turn on, and when you do it makes it all worthwhile.

1994

But I haven’t always been a Cisco Trainer.  In fact I haven’t always been in networking.  When  I was 19 years old I was a volunteer firefighter before joining the US Air Force in December of 1994.  After a short stent in the service, a period if time that I really enjoyed, I left, in hopes of getting a job full time as a firefighter somewhere in Southern California.

1996

At the time becoming a firefighter was extremely difficult, and it probably is, which of course caused me to look for other forms of employment.  Collection Agent, Reservationist for a large Lodge, then Merchandiser for a Distributor of Miller Beer.  Finally I broke down and applied for a Field Tech position at GTE.  I didn’t want to because my Dad worked there but I knew it was a stable job and I had a daughter to provide for (pay child support for).  I ended up getting hired there and spent a year in Santa Monica as the “Phone Man to the Stars.”  Well I wasnt exactly “The” phone man of the stars but I did fix a fax line for Jerome Bettis while he was training in the off season with UCLA, I worked in Madonnas Penthouse, and I even worked on a phone in the Penthouse of Stevie Wonder.  It was a WONDERFUL job.  Except that it didnt pay enough.

I applied for and got the position in Thousand Oaks, California, in the Enhanced Products Group.  Thats a fancy name for Frame Relay/ATM/DSL support and provisioning.  It was there that I got into Cisco and was sent to a class at Ascolta Training.

Now when I was in that class the Cisco Stuff really made sense and I really was amazed with how well the Instructor (Steve Futernik) presented the material.  I knew them I wanted more Cisco training.  I took the entire CCNP and CSS-1 (now called the CCSP) training with Ascolta.  In fact they sent an instructor to us and we did private training at night.

1999

After I got my CCNA and was half way through my CCNP I started one night a week at the Learning Tree University.  I got paid 1500 bucks for 5 weeks of teaching 1 night a week for 2 hours.  What a deal!  Still it kinda sucked there because it was what Cisco calls “Grey Market,” meaning they are not using Cisco Certified material nor was I a Cisco Certified Instructor.  Oh, well.  I didnt need slides, or labs, or a manual to teach from.  I was a trainer. 

After I had taught two of those classes I was also taking classes with Ascolta.  An Instructor named Jack Wood was teaching us the MCNS class and took me out for a beer after class.  It was there, at a Chili’s Restraunt, at 10:45 at night, that I had my first interview with Ascolta.  It wasn’t really an interview.  Jack asked if I wanted to teach.  I said yes.  He called his boss and woke her up.  After speaking to her for a few minutes I had an interview and was on my way.

2000

Now even though I had been hired I still wasnt a trainer.  In fact if you want to be a Cisco Certified Instructor you must:

• be sponsored by a Training Partner
• Pass the VUE exam with an Instructor Score (Somewhat higher than the normal Passing Score)
• Pass the Instructor Certification Program (ICP)

What is the ICP?  The ICP consists of a 7 hour hands on lab exam that is graded by a Cisco Certified Proctor, as well as perform a few lectures in front of a Cisco Proctor that is graded as well.  It’s not easy.  In fact, in the 8 years I have been with Ascolta I have not seen anyone pass the first time.  I passed on the second attempt.

Its all down hill from there.  I then co-taught a few times and Ascolta sent me to a Train-the-trainer class that taught various training techniques.  My greatest non-technical asset is the ability to speak publicly, and to be honest when I dont know something.  I am a trainer, not a know-it-all.  I am ALWAYS learning new things.  I have been given the opportunity to transfer what I have learned to others and I enjoy that.

What about you?

While being a trainer is a tough position to get into it can be done.  If you are interested in teaching I can tell you this, good instructors are hard to find and my boss is always willing to hear from those who are interested, especially in the voice arena.  Drop me an line and I will make the contact.

Finally, what can you expect from being a trainer?

Simple, Fame, Fortune and more…well maybe not.

• You can expect a lot of travel.
• You can expect to know your schedule about 2 weeks out.
• You can expect to constantly be learning new stuff because Cisco is ALWAYS revising the material.
• You can expect to make a decent salary, even in the 6-figure range, but not right off the bat.
• You need to have a wide range of courses under your belt.  The more versatile you are in what you can teach the more you make.
• Finally you can expect it to be easier to teach if you are a contract instructor versus a salary instructor.  As a salary instructor you pretty much need to be certified to teach and ready to go.  As a contractor you will need to invest some time into getting certified but will be given the opportunity to teach.  The better you work with the operations personnel, the better the evaluations are, and the more prepared you are for what you are teaching the more likely you are to be used more often.

I am a salary instructor.  It’s my full time job.  On the side I write books for Cisco Press and I blog.  I couldn’t have asked for a better position to be in and I would do it all over again.  Next on my agenda…pass the CCIE Security exam.

That’s my story and I’m sticking to it.

Powered by Qumana

Cisco Has been making a ton of changes this year to the CCIE exam.  Here is the latest.

29 August 2008

Policy Change to Payment for CCIE Labs

In effort to improve the availability of CCIE lab exams Cisco has updated the CCIE lab payment process.

On September 6, 2008 the payment policy for CCIE labs will be as follows:

Payment in full is due 90 days (calendar) prior to your lab date. Payment must be received to confirm your date. After 90 days refunds will not be available for cancelled lab dates.

The change in this policy will allow for lab seats to be open in a timely manner and create more desirable time frames.

If you have questions or want to confirm you are within the 90+ day window please contact customer support.

News and Announcements – CCIE – Cisco Systems

First off, I spent the better part of today working on IPexperts CCIE Security Multiprotocol Lab B.  It’s not that its hard so far, more like the interuptions make it hard to study.  I really had to catch myself.  I found myself trying to figure out how to get a PDF on my kindle for an upcoming trip and then it dawned on me…you’re gonna have your laptop and guess what- its pretty good at reading PDFs.  DUH.  What a waste of time.  Anyhow, I got another 50 sessions that I need to schedule.  And decided that since I only have 48 days till my second attempt at the lab that anything that can be put off- will be put off.  I need to stay focused.

There are a few things that I am noticing and am quite annoyed with as I use the IPexpert labs.

First and foremost, I’m sick of the telnet sessions timing out.  It doesnt happen when I use the IE labs but it does with Proctor Labs so I’m guessing its not something on my end.  If I have 8 hours it should leave me alone for 8 hours.

Second, the save config and load config option is Totally false advertising that erks me.  If I cant do it…get rid of the buttons.  The fact is that it would be a totally awesome option and every time I see the button I want to use it.  Sometimes I want to pick up where I left off and wasting my time to copy configs is lame…but a necessity.

Third, I just got access to the Security PDFs.  AWESOME.  (okay so not something that annoys me but still I wanted to mention it)

And I think thats it.  Tomorrow I only have early labs and then I MUST spend some time with my family.  Back to the hard core study next week.

When it comes down to taking the CCNA or CCNP exams do you "Cram" or do you "Learn?" 

It's interesting.  When I was studying for my CCNA 10 years ago I remember a site called "Cram Session."  Guys would recommend that I go there and cram as much as possible into my thick head before the exam.  I didn't use cram session.  In fact, all I used was a Cisco Press book and the actual CCNA class which at the time was called ICRC.

Now I can see that the field is riddled with crams, cookbooks, simulators, books, blogs, wikis, and much more.  It's hard to decide what approach to take.  Here is what I suggest:

• Take your time and really learn how something works.

If you really want to pass the test you should really want to know how the things you are being tested on work.  Ask yourself the following questions:

1. What problem does this command or solution address? 
2. Why would I need to do this?
3. What happens if I dont do this?
4. What other ways could I do this with the same results?

I'm sure that once you address the issue then the solution it will stick much better.

Crams are a nice way to refresh knowledge that you already know but its no way to learn new material.

Could it be true?  Cisco to Interview CCIE candidates and count it toward the score?  Read it at IE’s CCIE Blog.

CCIE Lab Interviews? – CCIE Blog

Uploaded with plasq‘s Skitch!” alt=”" class=”aligncenter”/>

Some of you are aware that I use the Amazon Kindle.  I have had it for about 1 month and I have already purchased 167.94 in books.  Most of them are books I already have.

My curiosity is this, would any of you that are also studying for the CCIE use a Lab guide on a Kindle or other eReader?  I have a 2 week trip coming up soon and would sure like to take my CCIE Lab guides from IPexpert and maybe even IE with me, but it is expensive to check additional bags.  I can only carry so much.

To the folks at IPexpert;

I’m willing to beta test a Kindle Version and even sign an NDA!

What a valuable asset that would be.

I updated the blog to reflect the URL ccieprep.me.  I dont know if this is going to effect RSS subscribers.  If you browse to cciestudy.brandonjcarroll.com you can still get here but I like the shorter URL.  Let me know if you have any subscription issues for those of you who are subscribed here.

Thanks

Brandon

It’s funny, yesterday I bought the kindle version of Yusufs Cisco Press book.  I already have the print.  I was thinking that It needed a CCIE lab tips section and then it would be complete.  Well, here it is.  Still its the same stuff that the IPexpert CoD and the IE CoD covers.  But it is cool that it came from Yusuf.

10 Tips for taking the CCIE Lab exam | NetworkWorld.com Community.

Why does anything on Vista Suck?

I have been pretty much using a MAC exclusively for a while now. For work I have to use a Windows PC for certain things, but the list of things is getting smaller and smaller. Today I had a problem where word crashes when its not even running and the pop-up window says that I should do an update. Of course- why didn’t I think of that? Update this Piece of crap so that the update can fix a problem that just started today.

So, I do an update and there is 1 update available for Office. It installs. 5 minutes later- same thing. The message now tells me to run a diagnostic. The diagnostic says that nothing is wrong, however there is clearly something wrong.

I know what’s wrong- I’m wasting my time using this windows crap when I could be using something that works, like my Mac. But no, I’m not bitter.

First thing to mention about this lab is that the wording is horrible.

“Activate Frame Relay interfaces should have IP address 150.50.99.x/24.”

What??? Oh Well, on with the lab:

1. I think so far I prefer to break the DMVPN into 4 parts:
   1. GRE Tunnel
   2. NHRP Configuration
   3. Dynamic Routing Protocol
   4. IPSec
2. GRE needs the following:
   1. IP Address
   2. Tunnel Source
   3. Tunnel Mode since there is not set destination
3. NHRP is broken down into the HUB Configuration and the Spoke Configuration and they differ slightly.
   1. NHRP HUB Configuration has the following:
      1. ip mtu bytes
      2. ip nhrp authentication string
      3. ip nhrp map multicast dynamic
      4. ip nhrp network-id number
      5. ip nhrp holdtime seconds
   2. NHRP Spoke has the following:
      1. ip mtu bytes
      2. ip nhrp authentication string
      3. ip nhrp map hub-tunnel-ip-address hub-physical-ip-address
      4. ip nhrp map multicast hub-physical-ip-address
      5. ip nhrp nhs hub-tunnel-ip-address (totally unique to the spoke)
         
      6. ip nhrp network-id number
4. Dynamic Routing Protocol includes the Private Networks that you want advertised and the Tunnel interface.  Routing Protocol does NOT include the NBMA network.
5. EIGRP has some gotchas that are hard to find documentation on.
   1. You probably need to turn CEF off on the spokes.  If you dont the NHRP times out and drops the neighbor.  You get a really annoying EIGRP timeout message and routing breaks.  You can confirm the EIGRP thing by shutting the tunnel interface and bringing it back up in which the EIGRP neighbor will come back up.  5 minutes later (default NHRP timer) the neighbor goes away again.  For some reason shutting off CEF fixes this and You only need to do this on the Spokes.
   2. Dont forget to turn off EIGRP split horizon on the HUB and more specifically dont forget to put the AS number on the no ip split-horizon command.
   3. If you want to build a direct spoke to spoke tunnel make sure you do a no ip eigrp next-hop-self or everything will still go through the hub.  You can verify the next-hop with the show ip route command.
6. The IPSEC configuration could vary:
   1. The ISAKMP policy is pretty much the same as it always is.  Hash, Encryption, Authentication
   2. If you do the easy pre-shared key configuration the command is crypto isakmp key 0 the_key address 0.0.0.0 0.0.0.0
   3. You can also do authentication with XAUTH by creating an isakmp profile.
   4. You need to create an ipsec profile to attach the transform set and optionally the isakmp profile.  You do not need the set peer command or the match address command because its dynamic.
   5. You do not use the crypto map commad to apply ipsec, rather you apply ipsec with the command tunnel protection ipsec profile Name_of_Profile

Well that turned out to be a ton of notes.  But still for posterity sake lets throw in an example. This example uses simple pre-shared keys.

Example 1: DMVPN with Pre-shared Keys

Hub Config:

hostname R6
!
ip cef
!

The Following Creates the ISAKMP Policy and defines the pre-shared key.

!
crypto isakmp policy 110
encr 3des
hash md5
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!

The following Creates the Transform Set.  This is later tied to the IPSEC profile:

!

crypto ipsec transform-set 3DES_MD5 esp-3des esp-md5-hmac
mode transport
!

The following Creates the IPSEC Profile

!

crypto ipsec profile DMVPN
set transform-set 3DES_MD5
!

The Following Creates the Tunnel Interface on the HUB and sets the NHRP Parameters.  Refer to the bullet list above for the details.

!
interface Tunnel0
ip address 100.0.0.6 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 7
ip nhrp authentication ccie
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip tcp adjust-mss 1360
no ip split-horizon eigrp 7
tunnel source Serial0/1/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
ip address 60.0.0.6 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
ip address 150.50.99.6 255.255.255.0
encapsulation frame-relay
frame-relay map ip 150.50.99.4 602
frame-relay map ip 150.50.99.5 605
no frame-relay inverse-arp
!

The Following Enables EIGRP.  Since you dont set a Crypto ACL whatever you specify here should be encrypted along with all the EIGRP routes that you learn from other DMVPN devices

!
router eigrp 7
network 60.0.0.0
network 100.0.0.0 0.0.0.255
no auto-summary
!

Spoke Config:

This configuration will resemble that of the other spokes.  Change the tunnel interface to reflect a unique host IP and of course you will have a different private network.

hostname R2
!
!

Note on the spoke that CEF has been disabled.

!

no ip cef
!
!

The Following defines the ISAKMP Policy

!
!
crypto isakmp policy 110
encr 3des
hash md5
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!

The Following defines the transform set.

!
crypto ipsec transform-set 3DES_MD5 esp-3des esp-md5-hmac
mode transport
!

The Following Defines the IPSEC Profile:

!

crypto ipsec profile DMVPN
set transform-set 3DES_MD5
!
!
!

The following defines the tunnel interface and the NHRP parameters on the spoke.

!
!
interface Tunnel0
ip address 100.0.0.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ccie
ip nhrp map multicast 150.50.99.6
ip nhrp map 100.0.0.6 150.50.99.6
ip nhrp network-id 100
ip nhrp holdtime 300
ip nhrp nhs 100.0.0.6
tunnel source Serial0/1/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
!
!
interface Serial0/1/0
ip address 150.50.99.4 255.255.255.0
encapsulation frame-relay
frame-relay map ip 150.50.99.4 206
frame-relay map ip 150.50.99.5 205
frame-relay map ip 150.50.99.6 206
no frame-relay inverse-arp
!
!
interface FastEthernet1/0
no switchport
ip address 192.1.24.4 255.255.255.0
!
!

Enable EIGRP

!

router eigrp 7
network 100.0.0.0 0.0.0.255
network 192.1.24.0
no auto-summary

Thats it for this example.  I’ll probably add the ISAKMP Profile later or in another post.

For my own personal study I have used the Cisco Documentation, as well as the three books in the Amazon Widget Below.  Of course I used them on my kindle.