CCIE Security Practice Labs
- Equipment List
- General Guidelines
- Setting Up the Lab
- Practice Lab 1 Exercises Section 1.0: Basic Configuration (10 points)
- Section 2.0: Routing Configuration (25 points)
- Section 3.0: ISDN Configuration (8 points)
- Section 4.0: PIX Configuration (5 points)
- Section 5.0: IPSec/GRE Configuration (10 points)
- Section 6.0: IOS Firewall + IOS IDS Configuration(10 points)
- Section 7.0: AAA (7 points)
- Section 8.0: Advanced Security (10 points)
- Section 9.0: IP Services and Protocol-Independent Features (10 points)
- Section 10.0: Security Violations (5 points)
- Verification, Hints, and Troubleshooting Tips
- Section 1.0: Basic Configuration
- Section 2.0: Routing Configuration
- Section 3.0: ISDN Configuration
- Section 4.0: PIX Configuration
- Section 5.0: IPSec/GRE Configuration
- Section 6.0: IOS Firewall Configuration
- Section 7.0: AAA
- Section 8.0: Advanced Security
- Section 9.0: IP Services and Protocol-Independent Features
- Section 10.0: Security Violations
All labs in this book are multi-protocol, multi-technology, testing you in areas such as Routing, Switching, Security, and VPN, as outlined in the CCIE Security blueprint. When you first read the questions in the lab, you might find them fairly easy, but they are carefully written to present high complexity and many hidden problems. Such is the case in the real CCIE lab exam.
To assist you, solutions are provided for the entire lab, including configurations and common show command outputs from all the devices in the topology. Furthermore, a "Verification, Hints, and Troubleshooting Tips" section is provided, which gives you tips and hints to troubleshoot and identify the hidden problem or trick in the question.
This is the first lab of seven in this book. Each lab is 8 hours and weighs 100 marks, passing of which is 80 marks. The objective is to complete the lab within 8 hours and obtain a minimum of 80 marks to pass. This test has been written such that you should be able to complete all questions, including initial configuration (such as IP addressing), within 8 hours; this excludes cabling time. Allow up to 1 hour for cabling, use the cabling instructions, and observe the instructions in the general guidelines. You can use any combination of routers as long as you fulfill the topology diagram in Figure 1-1. It is not compulsory to use the same model of routers.
Cabling and IP addressing are already completed on the real CCIE Lab. You are not required to do any cabling or the IP addressing.
6 routers with the following specifications (all routers are to be loaded with the latest Cisco IOS version in 12.1(T) train):
1 switch 3550
1 PIX 2 interfaces (with version 6.x)
1 PC with Windows 2000 Server with CiscoSecure ACS 3.x+
The IDS device in the topology is not required; it is there to give you an idea to configure other aspects of this lab. Subsequent chapters do require a Network IDS appliance.
R1 4 serial, 1 BRI (with IP Plus image)
R2 2 serial, 1 Ethernet (with IP Plus + Firewall image)
R3 2 serial, 1 Ethernet, 1 BRI (with IP Plus + IPSec 56 image)
R4 1 serial, 1 Ethernet (with IP Plus + Firewall + IPSec 56 image)
R5 1 serial, 1 Ethernet (with IP Plus image)
R6 5 serial, 3 Ethernet (with IP Plus + IPSec 56 image)
Figure 1-1 Lab Topology Diagram