I have had a nagging thought over the last couple of days regarding the CCIE Security topology I will be using to start my studies.
My original plan was to work through the INE workbooks towards the end of the studying, but to use their topology for the studies, from the start right to the end.
This really isn’t the best idea. I am trying to fit my own learning around a pre-defined topology, into which I am trying to drop and build my own network.
Instead, I should be building my own. So that’s what I will do.
I will still keep with the same devices, but build up something I know that I can work with. After all, if you are building something, then build something you can build.
So, this is what I have come up with:
Now, let’s plan how the network will actually work.
The IP addressing needs to be sorted, but once that is done, then we have a sub-office, the HQ, and a couple of customer sites:
The HQ will run the majority of the equipment, such as the wireless, authentication servers, IPS, and this is where the servers will live. It will provide authentication services to the other site, and to the customers as well. So fully functioning routing is critical (obviously).
As is pretty standard, I’ll be making use of loopback addresses to extend the network out, so that I can run the VPNs across it. There will be a number of different networks, using the loopbacks as the interesting traffic:
I have left out a couple of switches. At the moment I do not see a need to have these in the topology – at the moment at least. This may change later on.
This seems like a much more workable way to study, it’s much cleaner, makes more sense, and doesn’t look like a jumbled mass of equipment. If I want to look at a jumbled mass of wires and routers then I can look at my study instead.
If this does prove a workable CCIE Security topology, then I will post it on the Unetlab.com website for all to use.