CCIE DC V2 Success: Mr. Tejas CCIE Data Center #57408, Mr. Ankit Verma CCIE Data Center #57200, Mr. Keval Smart CCIE Data Center #56915, Mr. Vijay Pandey CCIE Data Center #56720, Mr. Victor Ade Adeboje CCIE Data Center, #56196 Mr. Binoy CCIE Data Center #56657, Mr. Muruguppan CCIE Data Center #56434, Mr. Pritish Patil CCIE Data Center #56048
HOME > PROGRAMS > CCIE Routing and Switching
  • Course Summary
  • Course Content
  • Career Path ways
  • Why NH?
Outline:

Cisco Certified Internetwork Expert (CCIE) Routing & Switching certifies and validates the skills required by experts for configuring and troubleshooting complex and converged network infrastructure. CCIE Routing and switching training bundle at NetworkersHome offers cost effective and renowned training resources to meet the industry standards and make the students market fit.

To achieve this certification training of CCIE in Routing and Switching, Ciscopresently expects you to clear the following two exams:

  • Cisco CCIE Routing and Switching Written Exam: Here, it is expected that the candidate must pass two hour written exam, which in turn validates to have expertise in configuring and troubleshooting complex network infrastructures. It tests the understanding level of the candidate on the topic as to how infrastructure components interoperate.
  • Cisco CCIE Routing and Switching Lab Exam: The eight-hour lab exam tests the practical knowledge of the candidate and one’s ability to configure actual equipment and troubleshoot the network in a timed test situation. The candidates are expected to have thorough knowledge of troubleshooting and are expected to diagnose and solve all issues which are a part of the CCIE lab exam. The candidates are responsible for fixing all issues of devices residing in the network.

 

The expert level CCIE Routing and Switching certification recognizes ones knowledge and experience in network infrastructure technologies. The training at NetworkersHome allows the participants to work on the Racks, real time CISCO devices. CCIE R&S ensures the trainees to gain technical expertise to help improve network uptime, increase user productivity and provide for business agility in the organization they get employed for.

The Cisco Certified Internetwork Expert (CCIE) Routing and Switching certification wasintroduced to assist the industry in identifying the top stratum of internetworking experts worldwide and to assess Expert-level infrastructure network design skills worldwide. CCIE is a reputed and most prestigious certification one can ever possess in the field of networking domain.

This certification holds its value world-wide. The certification program and pattern continues to be updated and upgraded as recommended by CISCO. This is the reason why it is amongst the widely demanded and accepted certification in the IT industry. The testing methodology, unparalleled program quality, relevance and value of CCIE routing and Switching certification is the reason to choose and desire to earn this certification.

Upon course completion the candidate would be able to:

  • Develop a deep understanding on:
  • Configuring and Troubleshooting Switches, HDLC and PPP
  • Configuring and troubleshooting VPN (DMVPN)
  • Learn to filter all types of BGP Updates usingAS Path Access Lists, Communities, Prefix Lists, and Route Maps
  • Learn to control IGP Updates with the help of Route Maps and Distribute Lists
  • Develop detailed understanding on the following concepts:
    • Label Switching (Multiprotocol) & Layer 3 VPN
    • Manipulation of Border Gateway Protocol (BGP) Attributes
    • PIM Sparse and Dense Modes used for IP Multicast Routing
    • QOS for Routers
    • Dynamic Host Configuration Protocol (DHCP), First Hop Redundancy Protocols,Network Service including Network Address Translation (NAT), Network Time Protocols

 

What I will learn?

Students will learn to plan, design, implement, operate, and troubleshoot complex security scenarios.

  • Perimeter Security and Intrusion Prevention: Deals with in-depth learning of ASA followed by various NGFW concepts like Firepower, FMC & FTD
  • Advanced Threat Protection and Content Security: CWS, WSA, ESA, AMP & Interoperability
  • Secure Connectivity and Segmentation: VPN Technology
  • Identity Management, Information Exchange, and Access Control: AAA, ISE, ACS, AD, Splunk, LogRhythm
  • Infrastructure Security, Virtualization, and Automation: SNRS, Wireless Security, APIC-EM, SAFE, DNA
  • Evolving Technologies: Cloud Computing, SDN, IOT

 

Labs on Real Cisco Device

Our CCNP Data Center Program aims at building strong theoretical knowledge along with Labs on Real Cisco Device for the following topics:

Perimeter Security and Intrusion Prevention

  1. 1) Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)
  2. 2) Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD
  3. 3) Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD
  4. 4) Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD
  5. 5) Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD
  6. 6) Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE
  7. 7) Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD
  8. 8) Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting
  9. 9) Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC
  10. 10) Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes
  11. 11) Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)
  12. 12) Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

Advanced Threat Protection and Content Security

  1. 1) Compare and contrast different AMP solutions including public and private cloud deployment models
  2. 2) Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)
  3. 3) Detect, analyze, and mitigate malware incidents
  4. 4) Describe the benefit of threat intelligence provided by AMP Threat GRID
  5. 5) Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN
  6. 6) Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)
  7. 7) Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA
  8. 8) Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA
  9. 9) Describe, implement, and troubleshoot SMTP encryption on ESA
  10. 10) Compare and contrast different LDAP query types on ESA
  11. 11) Describe, implement, and troubleshoot WCCP redirection
  12. 12) Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent
  13. 13) Describe, implement, and troubleshoot HTTPS decryption and DLP
  14. 14) Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA
  15. 15) Describe the security benefits of leveraging the OpenDNS solution.
  16. 16) Describe, implement, and troubleshoot SMA for centralized content security management
  17. 17) Describe the security benefits of leveraging Lancope

Secure Connectivity and Segmentation

  1. 1) Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5
  2. 2) Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA
  3. 3) Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts
  4. 4) Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication
  5. 5) Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD
  6. 6) Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec
  7. 7) Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)
  8. 8) Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments
  9. 9) Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP
  10. 10) Describe the security benefits of network segmentation and isolation
  11. 11) Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN
  12. 12) Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP
  13. 13) Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE
  14. 14) Describe the functionality of Cisco VSG used to secure virtual environments
  15. 15) Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

Identity Management, Information Exchange, and Access Control

  1. 1) Describe, implement, and troubleshoot various personas of ISE in a multinode deployment
  2. 2) Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA
  3. 3) Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS
  4. 4) Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.
  5. 5) Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server
  6. 6) Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure
  7. 7) Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA
  8. 8) Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS
  9. 9) Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML
  10. 10) Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA
  11. 11) Describe, implement, verify, and troubleshoot posture assessment with ISE
  12. 12) Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor
  13. 13) Describe, implement, verify, and troubleshoot integration of MDM with ISE
  14. 14) Describe, implement, verify, and troubleshoot certificate based authentication using ISE
  15. 15) Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)
  16. 16) Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2
  17. 17) Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER
  18. 18) Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

Infrastructure Security, Virtualization, and Automation

  1. 1) Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques
  2. 2) Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.
  3. 3) Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access
  4. 4) Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH
  5. 5) Describe, implement, and troubleshoot IPv4/v6 routing protocols security
  6. 6) Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL
  7. 7) Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES
  8. 8) Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)
  9. 9) Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER
  10. 10) Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP
  11. 11) Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP
  12. 12) Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv
  13. 13) Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts
  14. 14) Describe the northbound and southbound APIs of SDN controllers such as APIC-EM
  15. 15) Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS
  16. 16) Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE
  17. 17) Validate network security design for adherence to Cisco SAFE recommended practices
  18. 18) Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python
  19. 19) Describe Cisco Digital Network Architecture (DNA) principles and components.

 

Lab Format

Given below is the Lab Format as prescribed by CISCO.
The eight-hour lab format consists of three modules and need to be taken in the following sequence during the day of the exam:

Module 1: Troubleshooting module (two hours)

The Troubleshooting module delivers incidents that are independent of each other, which means that the resolution of one incident does not depend on the resolution of another. The topology that is used in the Troubleshooting module is different than the topology used in the Configuration module.

The Troubleshooting module is two hours long; however, the candidate can borrow up to 30 minutes from the five hours allotted to the Configuration module. In other words, the candidate can choose to use an extra 30 minutes for either the Troubleshooting module or the Configuration module.

Module 2: Diagnostic module (one hour)

The new Diagnostic module focuses on the skills required to properly diagnose network issues, without having device access. Candidates will be provided with a set of documentation that represents a snapshot of a realistic situation: at a point in time in an investigation process that a network engineer might be facing. The main objective of the Diagnostic module is to assess the skills required to properly diagnose network issues. These skills include:

  • Analyze
  • Correlate: Discerning multiple sources of documentation (such as e-mail threads, network topology diagrams, console outputs, logs, and even traffic captures.)

These activities are naturally part of the overall troubleshooting skills. They are designed as a separated lab module because the format of the items is significantly different. In the Troubleshooting module, the candidate needs to be able to troubleshoot and resolve network security issues on actual devices.

In the Diagnostic module, the candidate needs to make choices between pre-defined options to either indicate:

  • What the root cause of the issue is?
  • Where is the issue located in the diagram?
  • What critical piece of information allows you to identify the root cause?
  • What missing piece of information allows you to identify the root cause?

Module 3: Configuration module (five hours)

The Configuration module provides a setup very close to an actual production network having various security components providing various layers of security at different points in the network. Though the major part of the module is based on virtual instances of the Cisco security appliances, the candidate may be asked to work with physical devices as well. At the beginning of the module, the candidate has full visibility of the entire module. A candidate can choose to work in the sequence in which the items are presented or can resolve items in whatever order seems preferable and logical.

NOTE: The candidate must complete the modules in sequence and is not allowed to go back and forth between modules.

Audience:

This expert level certification is intended for the following:

  • Network Managers
  • Network Professionals
  • Senior Network Engineers
  • Network Architects

 

CCIE Routing and Switching Certification is meant for all those who are entrusted with the responsibility of implementing and troubleshooting complex converged networks in organizations networking environment.

Future JOB Scope:

Below are a few job roles for which CCIE Security certified candidates can apply and opt for:

  • System Security Integrator
  • Network Security Engineers
  • Network Security Consultants
  • System Security Engineer

 

Training & Learning:

To advance their career and continue with their learning candidates can go for the highest level of Cisco Certification that is CCAr. Thorough understanding of network infrastructures & principles and avalid Cisco CCDE certification can act as a prerequisite for appearing for CCAr. This exam should be attempted by candidates who already have years (minimum 10 years recommended) of industry (large production network) experience. For more details related to CCAr you can follow this link

The candidates interested in increasing their knowledge domain can also opt for any of the following certification programs in different tracks:

Why Choose NH:

  • All Training on CISCO Official curriculum
  • Biggest CISCO Training Lab in Asia
  • 24×7 Lab Access to students
  • Lab administrator guidance
  • Modern Rack equipment
  • Certified Trainers with remarkable industry experience
  • Produced 4000+ CCIEs over the years
  • We offer Best value for Money, Our service too is exceptional
  • We offer different Tracks (Regular and fast) to suit the beginners as well as experienced professionals
  • You have a choice of four great locations – Gurgaon, Delhi, NCR and Bangalore
  • 1-on-1 training with dedicated attention of trainer for the entire duration of course
  • Live Virtual Classes option also handy at the convenience of students

Apply for this Course

Enquire Now
FREE WEEKLY UPDATES
Get the latest content first.
We respect your privacy.

Stay updated with upcoming training opportunities.

Latest Results and updated information on new Course Launch.Be the first one to know.