I want to build a CCIE Security Lab environment,please help me.

Unanswered Question
Mar 1st, 2008

I have already have 2 catalyst 4006 switch with 2 GBIC modules, one 2600 router and 3 catalyst 2950 with 24 fastethernet port, the question is:

what should I have to buy to complete the Security Lab environment? and the probably costs of the equipments? please give me a detailed list with the lowest cost, thank you very much!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Danilo Dy Sat, 03/01/2008 - 20:04


You can get the idea from here http://www.cisco.com/web/learning/le3/ccie/security/lab_equipment.html

To practice, you need a Workbook. But most Workbook works best with their accompanying rack setup, that's why its best to rent rack online as its more cheaper than to setup your own LAB, besides IOS version in the LAB exam change so you need to keep your devices up-to-date which requires you to purchase back-to-back software maintenance or SmartNet



swmorris Mon, 03/10/2008 - 08:05

You don't NEED a workbook, it's just something that helps you in your studying.

Keep in mind that there was the CCIE lab exam BEFORE there were workbooks and people passed. :)

Workbooks do give you structure, and valuable feedback in terms of letting you know when you have things working correctly.

Each vendor's workbook does have their own physical topology, but the basics are pretty much the same for all of them.

Somewhere between 6-9 routers. 2-4 switches. VPN Concentrator, IPS Sendor, PIX, 2 ASA firewalls. Also two PC's (one for ACS, one for test host) are needed.

But how you hook them up and make them work is entirely up to you!

On the flip side, there's no reason you can't get by with less! Study certain technologies at a time and do things piecemeal.

For the larger integrations, rent rack time from one of the vendors. Let THEM spend the money on all the devices.

Lots of options.



[email protected]

srue Mon, 03/10/2008 - 11:54

i use one of the vendor's workbooks and i've found i can do the majority of the mini labs with 2 or 3 routers and a pix515e w/ 7.2(x) installed, and a low end switch (or even a 3550).

start small like that, and use online rack rental for labs where you don't have all the equipment. that would be my advice.

(i have nearly a complete lab, but i haven't even come close to using all the equipment at a single time...that is, until i start doing the mock labs here in a month or so).

it would probably be useful to have your own vpn3005 also - if you think you'll take/pass the lab this year.

i know nobody outside cisco knows, but i'd be surprised if the concentrators were kept after 2008. but that is just my *opinion*.


This Discussion