Home > Articles > Cisco Certification > CCIE > CCIE Security Practice Labs

CCIE Security Practice Labs

Practice Lab 1 Exercises Section 1.0: Basic Configuration (10 points)

1.1: IP Addressing (2 points)

  1. Redraw a detailed topology with all necessary information.

  2. Configure IP addressing as per the diagram.

  3. Do not configure any static or default routes anywhere on the network unless otherwise specified. Configure a default route on R2. Your routing table should have an entry as follows: "Gateway of last resort is" Populate this default route to all the routers.

  4. Create the following loopbacks:

  5. Loopback-1 on R1
    Loopback-2 on R1
    Loopback-1 on R2
    Loopback-2 on R2 
    Loopback-1 on R3
    Loopback-2 on R3
    Loopback-3 on R3
    Loopback-1 on R4
    Loopback-2 on R4
    Loopback-1 on R6
    Loopback-2 on R6

1.2: Frame Relay Configuration (4 points)

  1. Configure R6 as a Frame Relay switch. Use the DLCI information provided for Frame Relay routing as per Figure 1-2.

  2. Configure Frame Relay between R1, R2, R3, and R5. Configure point-to-point subinterfaces on all routers. Do not configure a subinterface on R1 for serial connection to R5. Use only the DLCIs provided in the DLCI information diagram. Use LMI type Cisco. The speed should be set to 56 KB on the DCE ends.

1.3: LAN Switch Configuration (4 points)

  1. Configure Switch1 with the VLAN information provided in the diagram shown in Figure 1-1. Also make sure that it is easier for the network administrator to troubleshoot port/vlan identification.

  2. Configure security such that network devices are operational on allocated ports only. In the event of a security breach, the administrator should take strict action.

  3. Configure the management interface of the switch with IP address Only R4, R5, and R1 should have Telnet access to the switch. Configure redundancy such that the management interface is reachable from R1 if the serial link is down between R1 and R4. Configure a static route on R1 for the network. Do not configure any routing protocol on Switch1 to achieve this task; you can use static routes as required.

  4. Configure port 9 on the switch to be in VLAN 5. There is an IDS sensor deployed off r6. It has been preconfigured. The aim is to protect the pix outside interface, so configure accordingly.

5. Section 2.0: Routing Configuration (25 points) | Next Section Previous Section