ccie security v5 lab access guide - · pdf fileccie security v5 lab has been adopted from...
TRANSCRIPT
Your partner for Success
CCIE Security v5 Lab Access Guide
Version 1.7
Author: Cloudmylab Support
Contents Introduction .................................................................................................................................................................. 3
Audience ....................................................................................................................................................................... 3
Disclaimer ..................................................................................................................................................................... 3
Legal Liability ................................................................................................................................................................ 3
Topology ....................................................................................................................................................................... 3
Devices Used ................................................................................................................................................................. 7
Physical Devices ................................................................................................................................................ 747
Virtual Devices .................................................................................................................................................... 87
Getting Access to the POD ............................................................................................................................................ 8
DEVICE ACCESS ............................................................................................................................................................. 9
How to access the devices ........................................................................................................................................ 9
Guest Machine Reload ............................................................................................................................................. 9
Retrieve Snapshots ................................................................................................................................................. 12
Setup ISE for Lab ..................................................................................................................................................... 13
Accessing the Devices console ............................................................................................................................... 13
Device List ........................................................................................................................................................... 13
Devices CLI Credentials ....................................................................................................................................... 15
Quick Device access ................................................................................................................................................ 16
Virtual Device Access .............................................................................................................................................. 16
Example Method 1 for Virtual Devices with CLI access ...................................................................................... 17
Example Method 2 for Virtual Devices with CLI Access ..................................................................................... 18
Accessing Windows Based machines ..................................................................................................................... 18
Example Method 1 for windows based Device: ................................................................................................. 18
Example Method 2 for windows based Device .................................................................................................. 20
LAB Devices IP Details ................................................................................................................................................. 20
Lab Shortcuts .............................................................................................................................................................. 21
Introduction Cloudmylab offers a platform to run any lab topology. CCIE Security v5 lab has been adopted from various vendors
and is built on the topology and configuration provided by them. We have designed this lab with customers and
online forum feedback. The Lab topology mentioned below is mostly virtual and it aligns with Cisco’s CCIE V5
blueprint.
Audience This lab guide is intended for the students who are preparing for CCIE Security V5 and wish to use our platform for
practicing the CCIE labs.
Disclaimer These labs have been designed and built by topology provided by vendors selling CCIE workbooks and online
student forums. Cloudmylab is not responsible for the accuracy of the labs or workbooks. Cloudmylab does not
endorse any CCIE workbook vendor or company. We have designed our platform per Cisco’s blueprint and it can
be used for any lab scenario. Students will be responsible for loading any pre-configuration.
Cloudmylab does not sell any workbooks or CCIE topology.
Legal Liability Cloudmylab is an IAAS (Infrastructure as a service), PAAS (Platform as a service) and LAAS (LAB as a service)
provider. Cloudmylab either owns or lease the equipment used in the certification labs or proof of concept labs.
Cloudmylab uses all genuine software either procured or evaluation from the manufacturer. Cloudmylab
encourages its users to use their own licensing and/or lease it from Cloudmylab. Cloudmylab doesn’t resell
hardware, software or licensing.
Cloudmylab has no liability for software and licensing used by the customer in their purchased service instance.
Cloudmylab doesn’t endorse any Cisco Certification labs workbook Vendors. Cloudmylab doesn’t endorse any Juniper Certification labs workbook Vendors. Cloudmylab doesn’t endorse any Microsoft Certification labs workbook Vendors. Cloudmylab doesn’t endorse any VMware Certification labs workbook Vendors.
Topology
The following topology has been adopted from CCIE University, this is a topology available on online forums and
vendors page. Cloudmylab offers a platform to run topologies and in no way own or endorse any vendor topology.
Figure 1
Figure 2
Figure 3
Devices Used
Physical Devices
This section details physical devices and software version in the topology.
Device Name Device Model Software Version
ASA1 ASA5515X 9.6.1
ASA2 ASA5515X 9.6.1
ASA3 ASA5512X 9.6.1
ASA4 ASA5512X 9.6.1
SW1 C3750X 12.2 58(SE)
SW2 C3750X 12.2 58(SE) Table 1
Virtual Devices
This section details virtual devices and the software version used in the topology.
Device Name Device Model Software Version
R1 CSR1000v 03.16.06.S
R2 CSR1000v 03.16.06.S
R3 CSR1000v 03.16.06.S
R4 CSR1000v 03.16.06.S
R5 CSR1000v 03.16.06.S
R6 CSR1000v 03.16.06.S
R7 CSR1000v 03.16.06.S
R8 CSR1000v 03.16.06.S
R9 CSR1000v 03.16.06.S
R10 CSR1000v 03.16.06.S
R11 CSR1000v 03.16.06.S
R12 CSR1000v 03.16.06.S
R13 CSR1000v 03.16.06.S
R14 CSR1000v 03.16.06.S
R15 CSR1000v 03.16.06.S
R16 CSR1000v 03.16.06.S
R17 CSR1000v 03.16.06.S
R18 CSR1000v 03.16.06.S
ASAv1 ASAv 9.6.2
ASAv11 ASAv 9.6.2
ASAv2 ASAv 9.6.2
ASAv22 ASAv 9.6.2
ISE ISE-VM-K9 2.1
vWLC WLC-VM 8.5
WSA WSA-VM 9.1.1-041
NGIPS FP-NGIPS 6.1
FMC FP-FMC 6.1
AMP FP-AMP 6.1 Table 2
Getting Access to the POD
1. There are two methods you can get access to the access detail as mentioned below:
a.) Check for the URL and Port Number in the email from [email protected]
Figure 4
b.) You can alternatively log in to your account and under ‘my account’ > Rack access, you will see the details
Figure 5
2. Please login with the credentials provided.
Figure 6
3. After logging in successfully, you will see a customized Desktop from where you can access all the devices.
DEVICE ACCESS This section details how to access the physical and virtual devices.
How to access the devices
Starting the lab environment: https://www.youtube.com/watch?v=rYMvbJci70E (Needs updating)
Guest Machine Reload
1. Once you get the access to the Guest Desktop Environment,
A.) Open the VMware vSphere client and login with the details in table below:
Rack Rack-1 Rack-2
IP Address/hostname 192.168.130.37 192.168.130.38
Username ccisesec ccisesec
Password Ccie123! Ccie123! Table 3
Figure 7
2. Reload the Guest Virtual Machines in the table below using the VMware vSphere Client before you start your
lab.
Windows machine
Wireless-PC
MS-AD
MAB-CLIENT
DOT1X-PC Table 4
The steps below explain how to reload a Virtual Machine:
Step 1: After your successful login to ESX host, select the guest machine.
Figure 8
Step 2: Right Click on the guest machine, click on power and select Power Off.
Figure 9
Step 3: Wait for VM to power off, then right click on the guest machine, click on power and select Power On
Figure 10
Retrieve Snapshots
1. Retrieve the snapshot for the Guest Virtual Machines in the table below using the VMware
vSphere Client before you start your lab.
Virtual Machines
NGIPS
FMC
AMP
WSA
vWLC Table 5
Step1: Right Click on the machine -Snapshotsnapshot manager
Figure 11
Step2: Under Snapshot Manager Click on the BASE-CONF -GO To
Figure 12
Setup ISE for Lab
This section defines how to setup ISE for the lab use. Please follow the steps carefully.
1. Go to Administration > Backup & Restore.
2. Select FTP from the drop-down menu for ‘History for Repository’.
3. Select the lab you want to restore to. When prompted for encryption key, type ISEisC00L and select
‘Restore ADE-OS configuration’.
Figure 13
Note: You will have to again join the AD and re-generate the CA certificates.
Accessing the Devices console
A.) Device Access – All the devices are pre-setup for console access and follow the screenshots for a quick access.
Device List
The table below contains the list of devices and their console access details. Terminal Server is a server which
host the console connections, do not confuse this with actual device IP.
Device Name
Device
Rack-1 Rack-2
Port No Terminal IP address Port No IP address
R1 1501 192.168.130.37 1501 192.168.130.38
R2 1502 192.168.130.37 1502 192.168.130.38
R3 1503 192.168.130.37 1503 192.168.130.38
R4 1504 192.168.130.37 1504 192.168.130.38
R5 1505 192.168.130.37 1505 192.168.130.38
R6 1506 192.168.130.37 1506 192.168.130.38
R7 1507 192.168.130.37 1507 192.168.130.38
R8 1508 192.168.130.37 1508 192.168.130.38
R9 1509 192.168.130.37 1509 192.168.130.38
R10 1510 192.168.130.37 1510 192.168.130.38
R11 1511 192.168.130.37 1511 192.168.130.38
R12 1512 192.168.130.37 1512 192.168.130.38
R13 1513 192.168.130.37 1513 192.168.130.38
R14 1514 192.168.130.37 1514 192.168.130.38
R15 1515 192.168.130.37 1515 192.168.130.38
R16 1516 192.168.130.37 1516 192.168.130.38
R17 1517 192.168.130.37 1517 192.168.130.38
R18 1518 192.168.130.37 1518 192.168.130.38
SW1 2079 192.168.190.156 2079 192.168.190.157 SW2 2078 192.168.190.156 2078 192.168.190.157
ASA1 2074 192.168.190.156 2074 192.168.190.157 ASA2 2075 192.168.190.156 2075 192.168.190.157
ASA3 2076 192.168.190.156 2076 192.168.190.157
ASA4 2077 192.168.190.156 2077 192.168.190.157
AP1 2080 192.168.190.156 2080
192.168.190.157 Terminal Server 23 192.168.190.156 23 192.168.190.157
ASAv1 1539 192.168.130.37 1539 192.168.130.38
ASAv11 1540 192.168.130.37 1540 192.168.130.38
ASAv2 1538 192.168.130.37 1538 192.168.130.38
ASAv22 1537 192.168.130.37 1537 192.168.130.38
ASAv1 1539 192.168.130.37 1539 192.168.130.38
ISE 1534 192.168.130.37 1534 192.168.130.38
vWLC 1522 192.168.130.37 1522 192.168.130.38
WSA 1533 192.168.130.37 1533 192.168.130.38
NGIPS 1520 192.168.130.37 1520 192.168.130.38
FMC 1519 192.168.130.37 1519 192.168.130.38
AMP 1536 192.168.130.37 1536 192.168.130.38 Table 6
Devices CLI Credentials
Table below contains the credentials to access CLI for the undermentioned devices:
Device Name Username Password
R1 cisco cisco
R2 cisco cisco
R3 cisco cisco
R4 cisco cisco
R5 cisco cisco
R6 cisco cisco
R7 cisco cisco
R8 cisco cisco
R9 cisco cisco
R10 cisco cisco
R11 cisco cisco
R12 cisco cisco
R13 cisco cisco
R14 cisco cisco
R15 cisco cisco
R16 cisco cisco
R17 cisco cisco
R18 cisco cisco
SW1 cisco cisco
SW2 cisco cisco
ASA1 cisco cisco
ASA2 cisco cisco
ASA3 cisco cisco
ASA4 cisco cisco
AP1 Cisco Cisco
Terminal Server cisco cisco
ASAv1 cisco cisco
ASAv11 cisco cisco ASAv2 cisco cisco
ASAv22 cisco cisco
ASAv1 cisco cisco
ISE Admin Ccie123
vWLC Admin Ccie123
WSA Admin ironport
NGIPS Admin Ccie123
FMC Admin Ccie123
AMP Admin Ccie123 Table 7
Quick Device access
This section details on how to access the devices via CLI:
1. Click on SecureCRT.
Figure 14
Virtual Device Access
Virtual devices can be accessed using two methods:
1. Using Secure CRT CLI. Its strongly recommended to use terminal emulator to access all the Virtual Routers and
Firewall.
2. Using the vSphere Console
Example Method 1 for Virtual Devices with CLI access
Open SecureCRT >> Click on the Plus Sign against Virtual Device >> Select the relevant device
Figure 15
Example Method 2 for Virtual Devices with CLI Access
Open Vmware Vsphere Client >> right click on the relevant machine >> click open console
Figure 16
Accessing Windows Based machines
There are 4 Windows Based machines as follows:
Machine Rack-1 MGMT IP Rack-2 MGMT IP Username Password
Wireless-PC 150.1.7.204 150.1.7.204 admin Ccie123
Windows Server
AD
150.1.7.200 150.1.7.200 admin Ccie123
Dot1x PC 150.1.7.202 150.1.7.202 admin Ccie123
MAB-PC 150.1.7.203 150.1.7.203 admin Ccie123 Table 8
Example Method 1 for windows based Device:
Click on the remote desktop shortcut on the desktop, you will see 4 shortcuts and named appropriately.
Enter the username and password when prompted
Figure 17
Example Method 2 for windows based Device
Open Vmware Vsphere Client >> right click on the relevant machine >> click open console
Figure 18
LAB Devices IP Details This section details the management IP assigned to the following virtual machines in the table below.
Please do refer to the topology as well.
IP Address Device Name
150.1.7.200 AD
150.1.7.201 Candidate PC
150.1.7.204 Wireless PC
150.1.7.206 NGIPS
150.1.7.211 FMC
150.1.7.212 ISE
150.1.7.213 WSA
150.1.7.214 vWLC
150.1.7.215 CUCM
150.1.7.216 AMP
150.1.7.217 AMP Table 9
Lab Shortcuts
1. Starting a lab with Specific configuration:
Open the physical device console > login > dir flash:
#copy flash: lab1.cgf startup
Reload
Check out the video: https://www.youtube.com/watch?v=I72ExquNIFA
2. Clearing console line to get access: Under SecureCRT click on the plus sign against
Clear line and Select relevant device to clear
3. Reloading the devices: All the devices are connected to managed power PDU and you can use the
shortcut to boot the devices
To get support open a ticket on Support Page or send an email to [email protected].
Please check the documentation and FAQs beforehand.
-------------------------------------------------------END OF Document-------------------------------------------------------