General Lab Guidelines and Setup

Follow these general guidelines during this lab:

■ Static and default routes are not permitted unless directly stated in a task. This includes floating static routes.

■ Use the DLCIs provided in the Frame Relay diagram (presented shortly).

■ All routers and switches should be able to ping any interface using the optimal routing path.

■ Do not configure any authentication or authorization on any console or aux ports unless specified.

■ Routes to Null0 generated by any routing protocol are permitted.

■ Full access to the two AAA servers from your workstation is permitted. The user ID is admin, and the password is cisco.

■ The Class B address is used throughout the network.

Some configuration tasks are now preconfigured in the Security lab exam. In this sample lab, these tasks are still outlined for practice, but are given a zero point value to indicate that in the real Cisco Security exam you can expect these features to be preloaded for you.

NOTE In the actual CCIE Security lab, beginning October 1, 2004, the equipment in the rack assigned to you is physically cabled and should not be tampered with. Router host names, basic IP addressing, no exec-timeout, and passwords on the con, aux, and vty lines have been preconfigured. The Catalyst has a preconfigured prompt and enable passwords. All precon-figured passwords are cisco and should not be changed unless explicitly stated in a question.

Figure 8-1 displays the topology of the routed network.

Figure 8-1 Lab Topology fast0/0

Figure 8-1 Lab Topology fast0/0

Figure 8-2 displays the Frame Relay topology setup.

NOTE Not all CCIE labs require a communication server to be configured. In fact, most sites will have the communications already configured and you can have separate windows for each router, allowing you to configure more than one router at a time. The IP address assignment is also preconfigured. Understanding IP subnetting is a critical topic that all network designers must master.

Figure 8-2 Frame Relay DLCI Assignment

Figure 8-2 Frame Relay DLCI Assignment

Table 8-1 displays the IP address assignment for the network topology in Figure 8-1.

Table 8-1 IP Address Assignment

Router Interface

IP Address

R1 E0/0

R1 S0/1

R2 E0/0

R2 S0/0

R3 Fast0/0

R3 S0/0

R3 BRI0/0

R4 E0/0

R4 S0/0

R4 S0/1

R5 FaEth0/0

R5 FaEth0/1

R5 BRI0/0

PIX inside

PIX outside

ISP router FastEth0/0

Each router, R1-R5, is to be configured for a loopback interface. Table 8-2 displays the IP address assignment for each router.

Table 8-2 Loopback IP Address Assignment


Loopback IP Address






After you complete your IGP confirmation, you must be able to ping or telnet to each router loopback from any given router.

NOTE Because of recent changes to the CCIE Security exam, the candidate is not required to configure IP addressing. However, the subject is presented here to ensure that potential CCIE candidates have a good understanding of IP address spaces and subnetting. Quickly perform a spot check on all of your routers to ensure that the CCIE Security exam documentation matches what is configured on your CCIE lab rack.

0 0

Post a comment