Your partner for Success

CCIE Security v5 Lab Access Guide

Version 1.7

Author: Cloudmylab Support

Contents Introduction .................................................................................................................................................................. 3

Audience ....................................................................................................................................................................... 3

Disclaimer ..................................................................................................................................................................... 3

Legal Liability ................................................................................................................................................................ 3

Topology ....................................................................................................................................................................... 3

Devices Used ................................................................................................................................................................. 7

Physical Devices ................................................................................................................................................ 747

Virtual Devices .................................................................................................................................................... 87

Getting Access to the POD ............................................................................................................................................ 8

DEVICE ACCESS ............................................................................................................................................................. 9

How to access the devices ........................................................................................................................................ 9

Guest Machine Reload ............................................................................................................................................. 9

Retrieve Snapshots ................................................................................................................................................. 12

Setup ISE for Lab ..................................................................................................................................................... 13

Accessing the Devices console ............................................................................................................................... 13

Device List ........................................................................................................................................................... 13

Devices CLI Credentials ....................................................................................................................................... 15

Quick Device access ................................................................................................................................................ 16

Virtual Device Access .............................................................................................................................................. 16

Example Method 1 for Virtual Devices with CLI access ...................................................................................... 17

Example Method 2 for Virtual Devices with CLI Access ..................................................................................... 18

Accessing Windows Based machines ..................................................................................................................... 18

Example Method 1 for windows based Device: ................................................................................................. 18

Example Method 2 for windows based Device .................................................................................................. 20

LAB Devices IP Details ................................................................................................................................................. 20

Lab Shortcuts .............................................................................................................................................................. 21

Introduction Cloudmylab offers a platform to run any lab topology. CCIE Security v5 lab has been adopted from various vendors

and is built on the topology and configuration provided by them. We have designed this lab with customers and

online forum feedback. The Lab topology mentioned below is mostly virtual and it aligns with Cisco’s CCIE V5

blueprint.

Audience This lab guide is intended for the students who are preparing for CCIE Security V5 and wish to use our platform for

practicing the CCIE labs.

Disclaimer These labs have been designed and built by topology provided by vendors selling CCIE workbooks and online

student forums. Cloudmylab is not responsible for the accuracy of the labs or workbooks. Cloudmylab does not

endorse any CCIE workbook vendor or company. We have designed our platform per Cisco’s blueprint and it can

be used for any lab scenario. Students will be responsible for loading any pre-configuration.

Cloudmylab does not sell any workbooks or CCIE topology.

Legal Liability Cloudmylab is an IAAS (Infrastructure as a service), PAAS (Platform as a service) and LAAS (LAB as a service)

provider. Cloudmylab either owns or lease the equipment used in the certification labs or proof of concept labs.

Cloudmylab uses all genuine software either procured or evaluation from the manufacturer. Cloudmylab

encourages its users to use their own licensing and/or lease it from Cloudmylab. Cloudmylab doesn’t resell

hardware, software or licensing.

Cloudmylab has no liability for software and licensing used by the customer in their purchased service instance.

Cloudmylab doesn’t endorse any Cisco Certification labs workbook Vendors. Cloudmylab doesn’t endorse any Juniper Certification labs workbook Vendors. Cloudmylab doesn’t endorse any Microsoft Certification labs workbook Vendors. Cloudmylab doesn’t endorse any VMware Certification labs workbook Vendors.

Topology

The following topology has been adopted from CCIE University, this is a topology available on online forums and

vendors page. Cloudmylab offers a platform to run topologies and in no way own or endorse any vendor topology.

Figure 1

Figure 2

Figure 3

Devices Used

Physical Devices

This section details physical devices and software version in the topology.

Device Name Device Model Software Version

ASA1 ASA5515X 9.6.1

ASA2 ASA5515X 9.6.1

ASA3 ASA5512X 9.6.1

ASA4 ASA5512X 9.6.1

SW1 C3750X 12.2 58(SE)

SW2 C3750X 12.2 58(SE) Table 1

Virtual Devices

This section details virtual devices and the software version used in the topology.

Device Name Device Model Software Version

R1 CSR1000v 03.16.06.S

R2 CSR1000v 03.16.06.S

R3 CSR1000v 03.16.06.S

R4 CSR1000v 03.16.06.S

R5 CSR1000v 03.16.06.S

R6 CSR1000v 03.16.06.S

R7 CSR1000v 03.16.06.S

R8 CSR1000v 03.16.06.S

R9 CSR1000v 03.16.06.S

R10 CSR1000v 03.16.06.S

R11 CSR1000v 03.16.06.S

R12 CSR1000v 03.16.06.S

R13 CSR1000v 03.16.06.S

R14 CSR1000v 03.16.06.S

R15 CSR1000v 03.16.06.S

R16 CSR1000v 03.16.06.S

R17 CSR1000v 03.16.06.S

R18 CSR1000v 03.16.06.S

ASAv1 ASAv 9.6.2

ASAv11 ASAv 9.6.2

ASAv2 ASAv 9.6.2

ASAv22 ASAv 9.6.2

ISE ISE-VM-K9 2.1

vWLC WLC-VM 8.5

WSA WSA-VM 9.1.1-041

NGIPS FP-NGIPS 6.1

FMC FP-FMC 6.1

AMP FP-AMP 6.1 Table 2

Getting Access to the POD

1. There are two methods you can get access to the access detail as mentioned below:

a.) Check for the URL and Port Number in the email from support@cloudmylab.com

Figure 4

b.) You can alternatively log in to your account and under ‘my account’ > Rack access, you will see the details

Figure 5

2. Please login with the credentials provided.

Figure 6

3. After logging in successfully, you will see a customized Desktop from where you can access all the devices.

DEVICE ACCESS This section details how to access the physical and virtual devices.

How to access the devices

Starting the lab environment: https://www.youtube.com/watch?v=rYMvbJci70E (Needs updating)

Guest Machine Reload

1. Once you get the access to the Guest Desktop Environment,

A.) Open the VMware vSphere client and login with the details in table below:

Rack Rack-1 Rack-2

IP Address/hostname 192.168.130.37 192.168.130.38

Username ccisesec ccisesec

Password Ccie123! Ccie123! Table 3

Figure 7

2. Reload the Guest Virtual Machines in the table below using the VMware vSphere Client before you start your

lab.

Windows machine

Wireless-PC

MS-AD

MAB-CLIENT

DOT1X-PC Table 4

The steps below explain how to reload a Virtual Machine:

Step 1: After your successful login to ESX host, select the guest machine.

Figure 8

Step 2: Right Click on the guest machine, click on power and select Power Off.

Figure 9

Step 3: Wait for VM to power off, then right click on the guest machine, click on power and select Power On

Figure 10

Retrieve Snapshots

1. Retrieve the snapshot for the Guest Virtual Machines in the table below using the VMware

vSphere Client before you start your lab.

Virtual Machines

NGIPS

FMC

AMP

WSA

vWLC Table 5

Step1: Right Click on the machine -Snapshotsnapshot manager

Figure 11

Step2: Under Snapshot Manager Click on the BASE-CONF -GO To

Figure 12

Setup ISE for Lab

This section defines how to setup ISE for the lab use. Please follow the steps carefully.

1. Go to Administration > Backup & Restore.

2. Select FTP from the drop-down menu for ‘History for Repository’.

3. Select the lab you want to restore to. When prompted for encryption key, type ISEisC00L and select

‘Restore ADE-OS configuration’.

Figure 13

Note: You will have to again join the AD and re-generate the CA certificates.

Accessing the Devices console

A.) Device Access – All the devices are pre-setup for console access and follow the screenshots for a quick access.

Device List

The table below contains the list of devices and their console access details. Terminal Server is a server which

host the console connections, do not confuse this with actual device IP.

Device Name

Device

Rack-1 Rack-2

Port No Terminal IP address Port No IP address

R1 1501 192.168.130.37 1501 192.168.130.38

R2 1502 192.168.130.37 1502 192.168.130.38

R3 1503 192.168.130.37 1503 192.168.130.38

R4 1504 192.168.130.37 1504 192.168.130.38

R5 1505 192.168.130.37 1505 192.168.130.38

R6 1506 192.168.130.37 1506 192.168.130.38

R7 1507 192.168.130.37 1507 192.168.130.38

R8 1508 192.168.130.37 1508 192.168.130.38

R9 1509 192.168.130.37 1509 192.168.130.38

R10 1510 192.168.130.37 1510 192.168.130.38

R11 1511 192.168.130.37 1511 192.168.130.38

R12 1512 192.168.130.37 1512 192.168.130.38

R13 1513 192.168.130.37 1513 192.168.130.38

R14 1514 192.168.130.37 1514 192.168.130.38

R15 1515 192.168.130.37 1515 192.168.130.38

R16 1516 192.168.130.37 1516 192.168.130.38

R17 1517 192.168.130.37 1517 192.168.130.38

R18 1518 192.168.130.37 1518 192.168.130.38

SW1 2079 192.168.190.156 2079 192.168.190.157 SW2 2078 192.168.190.156 2078 192.168.190.157

ASA1 2074 192.168.190.156 2074 192.168.190.157 ASA2 2075 192.168.190.156 2075 192.168.190.157

ASA3 2076 192.168.190.156 2076 192.168.190.157

ASA4 2077 192.168.190.156 2077 192.168.190.157

AP1 2080 192.168.190.156 2080

192.168.190.157 Terminal Server 23 192.168.190.156 23 192.168.190.157

ASAv1 1539 192.168.130.37 1539 192.168.130.38

ASAv11 1540 192.168.130.37 1540 192.168.130.38

ASAv2 1538 192.168.130.37 1538 192.168.130.38

ASAv22 1537 192.168.130.37 1537 192.168.130.38

ASAv1 1539 192.168.130.37 1539 192.168.130.38

ISE 1534 192.168.130.37 1534 192.168.130.38

vWLC 1522 192.168.130.37 1522 192.168.130.38

WSA 1533 192.168.130.37 1533 192.168.130.38

NGIPS 1520 192.168.130.37 1520 192.168.130.38

FMC 1519 192.168.130.37 1519 192.168.130.38

AMP 1536 192.168.130.37 1536 192.168.130.38 Table 6

Devices CLI Credentials

Table below contains the credentials to access CLI for the undermentioned devices:

Device Name Username Password

R1 cisco cisco

R2 cisco cisco

R3 cisco cisco

R4 cisco cisco

R5 cisco cisco

R6 cisco cisco

R7 cisco cisco

R8 cisco cisco

R9 cisco cisco

R10 cisco cisco

R11 cisco cisco

R12 cisco cisco

R13 cisco cisco

R14 cisco cisco

R15 cisco cisco

R16 cisco cisco

R17 cisco cisco

R18 cisco cisco

SW1 cisco cisco

SW2 cisco cisco

ASA1 cisco cisco

ASA2 cisco cisco

ASA3 cisco cisco

ASA4 cisco cisco

AP1 Cisco Cisco

Terminal Server cisco cisco

ASAv1 cisco cisco

ASAv11 cisco cisco ASAv2 cisco cisco

ASAv22 cisco cisco

ASAv1 cisco cisco

ISE Admin Ccie123

vWLC Admin Ccie123

WSA Admin ironport

NGIPS Admin Ccie123

FMC Admin Ccie123

AMP Admin Ccie123 Table 7

Quick Device access

This section details on how to access the devices via CLI:

1. Click on SecureCRT.

Figure 14

Virtual Device Access

Virtual devices can be accessed using two methods:

1. Using Secure CRT CLI. Its strongly recommended to use terminal emulator to access all the Virtual Routers and

Firewall.

2. Using the vSphere Console

Example Method 1 for Virtual Devices with CLI access

Open SecureCRT >> Click on the Plus Sign against Virtual Device >> Select the relevant device

Figure 15

Example Method 2 for Virtual Devices with CLI Access

Open Vmware Vsphere Client >> right click on the relevant machine >> click open console

Figure 16

Accessing Windows Based machines

There are 4 Windows Based machines as follows:

Machine Rack-1 MGMT IP Rack-2 MGMT IP Username Password

Wireless-PC 150.1.7.204 150.1.7.204 admin Ccie123

Windows Server

AD

150.1.7.200 150.1.7.200 admin Ccie123

Dot1x PC 150.1.7.202 150.1.7.202 admin Ccie123

MAB-PC 150.1.7.203 150.1.7.203 admin Ccie123 Table 8

Example Method 1 for windows based Device:

Click on the remote desktop shortcut on the desktop, you will see 4 shortcuts and named appropriately.

Enter the username and password when prompted

Figure 17

Example Method 2 for windows based Device

Open Vmware Vsphere Client >> right click on the relevant machine >> click open console

Figure 18

LAB Devices IP Details This section details the management IP assigned to the following virtual machines in the table below.

Please do refer to the topology as well.

IP Address Device Name

150.1.7.200 AD

150.1.7.201 Candidate PC

150.1.7.204 Wireless PC

150.1.7.206 NGIPS

150.1.7.211 FMC

150.1.7.212 ISE

150.1.7.213 WSA

150.1.7.214 vWLC

150.1.7.215 CUCM

150.1.7.216 AMP

150.1.7.217 AMP Table 9

Lab Shortcuts

1. Starting a lab with Specific configuration:

Open the physical device console > login > dir flash:

#copy flash: lab1.cgf startup

Reload

Check out the video: https://www.youtube.com/watch?v=I72ExquNIFA

2. Clearing console line to get access: Under SecureCRT click on the plus sign against

Clear line and Select relevant device to clear

3. Reloading the devices: All the devices are connected to managed power PDU and you can use the

shortcut to boot the devices

To get support open a ticket on Support Page or send an email to support@cloudmylab.com.

Please check the documentation and FAQs beforehand.

-------------------------------------------------------END OF Document-------------------------------------------------------