CCIE SEC v1.0 Lab Preparation.

August 10, 2025 / Balaji Bandi / 0 Comments

Finally the time arrived for me to attempt the CCIE SEC Lab.

Here is the resource what i have used while i am preparing to attempt the CCIE SEC Lab Exam.

Basic requirement you need to pass Cisco SCOR 350-701

Cisco Blueprint for the Lab Example detailed :

https://learningcontent.cisco.com/documents/marketing/exam-topics/CCIE_Security_v6.1_rel_notes.pdf

https://learningcontent.cisco.com/documents/marketing/exam-topics/CCIE_Security_v6.1_rel_notes.pdf

Lab Exam Equipment List :

https://learningcontent.cisco.com/documents/marketing/exam-topics/CCIE_Security_v6.1_HW_and_SW.pdf

CCIE SEC Lab learning matrix :

https://learningcontent.cisco.com/documents/marketing/exam-topics/CCIE_Security_v6.1-Learning-Matrix.xlsx

Hands-On Exploration of the CCIE Lab Delivery Environment: A DOO Module Task Demonstration

https://www.youtube.com/watch?v=zuaolSpSyhY

Demystifying CCIE Security Exam: Revision, Preparation and Programmability

https://www.youtube.com/watch?v=On29kbyPKzk

Cisco Practice Lab help you to Pratice kind of real Lab experience :

https://learningnetwork.cisco.com/s/article/ccie-security-practice-labs

My Lab Server – 32Cores and 128GB RAM, 4TB SSD, Single Ethernet Card.

I have other Server where i am running only DNAC for hands on, that is UCS Server.

here is the DNAC installation Blog – https://www.balajibandi.com/?p=2515

Most of the Lab can be achieved 95% using Virtuals, Depends on what resource you have, you can use IOL image instead of vIOS and CSR1000v, you can only use CSR1000v only where required (the features not available on IOL)

I use Combination of PNETLabs or CML 2.8 for my practice, also used VM Like DNAC and ISE 3.X

One should be planning for the Lab attempt and strategy to crack the Lab success, Do IP address is very important, Lab Practice will guide what IP addressing used in the Lab for the Management.

Look around in the internet for the Lab network Diagram for the CCIE SEC v1 Lab you find plenty of Lab topology available how the Lab Looks like. Due to non-disclosure i am not going to post in my Blog that diagrams.

Design section will be 32Q – 3 hours, No carry forward time even if you finish early.

DOO Section 4 Sections – 5 hours, You attempt any section, some section need to be done order to get correct outcome – Example you need to have ASA configured for the Remote Access VPN to work.

I will be posting the Labs every week each technology what i am learning until i attempt the LAB.

Major focus on the Labs :

  1. Anyconnect VPN.
  2. Clientless SSL VPN.
  3. Site-to-site IPSec VPN.
  4. FlexVPN.
  5. ASA Active/Standby Configuration.
  6. ASA Multi-Context Active/Active Configuration.
  7. ASA Cluster Configuration.
  8. Zone based Firewall On Router.
  9. ISE Configuration.
  10. ISE and AD Integration.
  11. ISE and DNAC Integration.
  12. 802.1X configuration.
  13. MAB Configuration.
  14. Trustsec Configuration / SGT tagging.
  15. Dynamic ARP Inspection.
  16. Device Administration using TACACS.
  17. Syslog Configuration.
  18. Web Security Appliance and WCCP configuration.
  19. Umbrella configuration.
  20. Programmability.

Happy Labbingggggggggggggggggggggggggggggggg.!!!