CCIE,全稱Cisco Certified Internetwork Expert,是美國Cisco公司于1993年開始推出的專家級認證考試。被全球公認為IT業最權威的認證,是全球Internetworking領域中最頂級的認證證書。
簡介
思科認證網絡專家項目(CCIE Program)為網絡技術設立了一個專業标準,被業界廣泛認可。擁有CCIE認證被認為是具有專業網絡技術知識和豐富工作經驗的最好證明 CCIE(思科認證網際網路專家)持有者占 思科認證 總人數還不足3%,全球網絡從業者的1%不到(思科官方資料)。Cisco認證主要提供工程師在今日快速變動的網絡環境中駕馭Cisco裝置所需的專業知識。CCIE是Cisco(除了新推出的 CCA 以外)最進階技術能力的認證,位于 Cisco 金字塔 認證體系中塔尖,也是IT界公認的最權威、最受尊重證書之一,2003年被評為全球十大IT認證榜首,具有IT終極認證的美稱。取得CCIE證書除了整個行業的認同之外,CCIE也是你不斷持有最新網絡知識的名額;你将會在你的專業技術領域中成為一位最具競争力的人[1] CCIE認證分active和inactive兩種狀态,Cisco公司為了讓CCIE能夠跟蹤新技術,并保持CCIE的專家水準,從通過CCIE認證開始,每二年就要進行一次重認證,否則你雖然仍然擁有你的CCIE number,但是你的狀态就從active變成inactive,相應的享有在cisco公司賦予的一些權利就沒了,但是CCIE号碼是永久保留。苛刻的認證規則使CCIE成為IT業界中含金量最高的證書之一,當然也成了最受尊重、最難取得的證書之一。 Cisco公司從1993年開設CCIE考試,截止到2013年1月,全球共有CCIE 36000多名(目前号碼減去1024等于全球通過人數),中國大陸共有CCIE 近6000人.(CCIE人數統計是現在CCIE号碼減去1024就是全球CCIE人數)CCIE号是從CCIE#1024開始算起的。為了紀念CCIELab這個艱辛的考試,思科确定:CCIE Lab考試本身就是一個CCIE#号(是以CCIE Lab考試就被冠于第一個CCIE#1024)是以第一位通過CCIE的考生是CCIE#1025(Stuart Biggs)然而Stuart Biggs本人當時就是思科CCIE考試的考官,是以第一位通過CCIE非 cisco 的考生是CCIE#1026 (Terry Slattery)【Netcordia的CEO】 獲得CCIE認證不僅證明你的技術達到專家水準,得到業界認可與肯定,更是一種榮譽的象征,一種自我價值的展現。獲得CCIE認證成為每位網絡技術人員的夢想。Cisco公司為了讓客戶獲得專家級技術支援,在其認證代理體系中規定金銀牌認證代理商必須擁有一定數量的CCIE,這直接刺激了對CCIE的需求,在1999年期間,在中國大陸CCIE的年薪高達80萬RMB。在系統內建項目中,許多業主提出承包商必須擁有CCIE認證專家,才有資格承接項目,由此可見CCIE專家在業界中的認可程度。 通過苛刻的CCIE認證後,您将獲得一個 CCO 帳号,直接得到Cisco 二級專家的支援,享受CCIE擁有的特權。如果您打算技術移民,通過CCIE認證可以獲得額外的加分,在中國通過的CCIE超過半數已經移民到國外。CCIE在美國年薪可達15萬美元,還不包括股票期權和其他福利,在中國大陸,一位CCIE的年薪一般在10萬元以上,如果加上獎金及其他福利将遠遠超過這個數目。 要想獲得苛刻的CCIE認證,必須先通過筆試,擷取資格後才可以參加實驗考試。通過了實驗才最終成為CCIE。學習并獲得CCIE認證途徑大緻有兩種:第一,自學。要想通過自學方式擷取CCIE認證您必須要有兩年以上的工作經驗,有充足的時間和精力,并要有一個完善的實驗環境,此外最重要的是您必須具備堅忍不拔的毅力與永不放棄信念。第二,參加教育訓練。找一家貨真價實的教育訓練機構利用業餘或集中時間參加教育訓練,充分利用教育訓練機構的實驗裝置,在良好的學習氛圍下,學員之間不但可以互相交流技術更重要的是還可以得到教育訓練機構的CCIE專家輔導,提高學習效率,這是一種事半功倍的途徑。
程及考試
CCIE 認證是Cisco認證體系中最頂級的證書。要取得CCIE認證證書,需要取得以下課程考試: 1.CCIE資格考試(即筆試,2.5小時)考試費:350美元 2.CCIE實驗考試(8小時 TS+Lab) 考試費:1500美元,北京考點為RMB10335元 筆試部分考試在中國各個城市基本都能考,而實驗室部分考試在世界範圍内隻有10個考場:研究三角園區(美)、聖何塞(美)、悉尼(澳)、香港(中)、北京(中)、班加羅爾(印)、東京(日)、布魯塞爾(比)、聖保羅(巴)、迪拜(阿)。
分類
Routing & Switching(R&S) 路由交換CCIE Service Provider(ISP) 電信營運商CCIE Security 安全CCIE Voice 語音CCIE Storage Networking 存儲CCIE Wireless 無線CCIE SP Operations 電信營運商運維CCIE Data Center 資料中心CCIE
考試大綱
路由交換
認證介紹: 路由和交換領域的CCIE認證資格表示網絡人士在不同的LAN、WAN接口和各種 路由器 、 交換機 的聯網方面擁有專家級知識。R&S 領域的專家可以解決複雜的連接配接問題,利用技術解決方案提高帶寬、縮短響應時間、最大限度地提高性能、加強安全性和支援全球性應用。考生應當能夠安裝、配置和維護LAN、WAN和撥号接入服務。
再認證
CCIE認證有效期為兩年,且必須在之後每兩年進行再認證。 要進行再認證,請在認證過期之前通過下列考試之一: 通過任何一門提供的642-XXX Professional(資深工程師)級别考試; 通過任何一門提供的CCIE筆試; 通過提供的CCDE筆試或提供的CCDE實踐考試; 通過 思科認證 架構師(CCAr)面試和CCAr委員會稽核,延長較低等級認證的有效期。 未能在再認證期限之前通過資格考試或實驗考試的CCIE和CCDE專業人士,将被置于暫緩狀态,他們的雇主也會被告知這一情況。對處于暫緩狀态的CCIE和CCDE專業人士,在他們的專家級别認證永久失效之前,将有一年時間來通過需要的考試或實驗考試。失效了的CCIE和CCDE專業人士将失去所有利益,并且必須再次通過CCIE筆試和實驗考試或CCDE筆試和實踐考試。 擷取或再認證CCIE、CCDE或CCAr将自動延長您的入門級、工程師、資深工程師、其他專家級别認證或專業化認證的有效期,至最新獲得的CCIE、CCDE或CCAr認證過期日。Exam Sections and Sub-task Objectives 1.00 Implement Layer 2 Technologies √ 1.10 Implement Spanning Tree Protocol (STP) (a) 802.1d (b) 802.1w (c) 801.1s (d) Loop guard (e) Root guard (f) Bridge protocol data unit (BPDU) guard (g) Storm control (h) Unicast flooding (i) Port roles, failure propagation, and loop guard operation 1.20 Implement VLAN and VLAN Trunking Protocol (VTP) 1.30 Implement trunk and trunk protocols, EtherChannel, and load-balance 1.40 Implement Ethernet technologies (a) Speed and duplex (b) Ethernet, Fast Ethernet, and Gigabit Ethernet (c) PPP over Ethernet (PPPoE) 1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control 1.60 Implement Frame Relay (a) Local Management Interface (LMI) (b) Traffic shaping (c) Full mesh (d) Hub and spoke (e) Discard eligible (DE) 1.70 Implement High-Level Data Link Control (HDLC) and PPP 2.00 Implement IPv4 2.10 Implement IP version4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM) 2.20 Implement IPv4tunneling and Generic Routing Encapsulation (GRE) 2.30 Implement IPv4 RIP version 2 (RIPv2) 2.40 Implement IPv4 Open Shortest Path First (OSPF) (a) Standard OSPF areas (b) Stub area (c) Totally stubby area (d) Not-so-stubby-area (NSSA) (e) Totally NSSA (f) Link-state advertisement (LSA) types (g) Adjacency on a point-to-point and on a multi-access network (h) OSPF graceful restart 2.50 Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP) (a) Best path (b) Loop-free paths (c) EIGRP operations when alternate loop-free paths are available, and when they are not available (d) EIGRP queries (e) Manual summarization and autosummarization (f) EIGRP stubs 2.60 Implement IPv4 Border Gateway Protocol (BGP) (a) Next hop (b) Peering (c) Internal Border Gateway Protocol (IBGP) and External Border Gateway Protocol (EBGP) 2.70 Implement policy routing 2.80 Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER) 2.90 Implement filtering, route redistribution, summarization, synchronization, attributes, and other advanced features 3.00 Implement IPv6 3.10 Implement IP version 6 (IPv6) addressing and different addressing types 3.20 Implement IPv6 neighbor discovery 3.30 Implement basic IPv6 functionality protocols 3.40 Implement tunneling techniques 3.50 Implement OSPF version 3 (OSPFv3) 3.60 Implement EIGRP version 6 (EIGRPv6) 3.70 Implement filtering and route redistribution 4.00 Implement MPLS Layer 3 VPNs 4.10 Implement Multiprotocol Label Switching (MPLS) 4.20 Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers 4.30 Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite) 5.00 Implement IP Multicast 5.10 Implement Protocol Independent Multicast (PIM) sparse mode 5.20 Implement Multicast Source Discovery Protocol (MSDP) 5.30 Implement interdomain multicast routing 5.40 Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR) 5.50 Implement multicast tools, features, and source-specific multicast 5.60 Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast Listener Discovery (MLD) 6.00 Implement Network Security 6.01 Implement access lists 6.02 Implement Zone Based Firewall 6.03 Implement Unicast Reverse Path Forwarding (uRPF) 6.04 Implement IP Source Guard 6.05 Implement authentication, authorization, and accounting (AAA) (configuring the AAA server is not required, only the client-side (IOS) is configured) 6.06 Implement Control Plane Policing (CoPP) 6.07 Implement Cisco IOS Firewall 6.08 Implement Cisco IOS Intrusion Prevention System (IPS) 6.09 Implement Secure Shell (SSH) 6.10 Implement 802.1x 6.11 Implement NAT 6.12 Implement routing protocol authentication 6.13 Implement device access control 6.14 Implement security features 7.00 Implement Network Services 7.10 Implement Hot Standby Router Protocol (HSRP) 7.20 Implement Gateway Load Balancing Protocol (GLBP) 7.30 Implement Virtual Router Redundancy Protocol (VRRP) 7.40 Implement Network Time Protocol (NTP) 7.50 Implement DHCP 7.60 Implement Web Cache Communication Protocol (WCCP) 8.00 Implement Quality ofService (QoS) 8.10 Implement Modular QoS CLI (MQC) (a) Network-Based Application Recognition (NBAR) (b) Class-based weighted fair queuing (CBWFQ),modified deficit round robin (MDRR), and low latency queuing (LLQ) (c) Classification (d) Policing (e) Shaping (f) Marking (g) Weighted random early detection (WRED) and random early detection (RED) (h) Compression 8.20 Implement Layer 2 QoS: weighted round robin (WRR), shaped round robin (SRR), and policies 8.30 Implement link fragmentation and interleaving (LFI) for Frame Relay 8.40 Implement generic traffic shaping 8.50 Implement Resource Reservation Protocol (RSVP) 8.60 Implement Cisco AutoQoS 9.00 Troubleshoot a Network 9.10 Troubleshoot complex Layer 2 network issues 9.20 Troubleshoot complex Layer 3 network issues 9.30 Troubleshoot a network in response to application problems 9.40 Troubleshoot network services 9.50 Troubleshoot network security 10.00 Optimize the Network 10.01 Implement syslog and local logging 10.02 Implement IP Service Level Agreement SLA 10.03 Implement NetFlow 10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE) 10.05 Implement Simple Network Management Protocol (SNMP) 10.06 Implement Cisco IOS Embedded Event Manager (EEM) 10.07 Implement Remote Monitoring (RMON) 10.08 Implement FTP 10.09 Implement TFTP 10.10 Implement TFTP server on router 10.11 Implement Secure Copy Protocol (SCP) 10.12 Implement HTTP and HTTPS 10.13 Implement Telnet 安全CCIE認證内容 認證介紹: 安全領域的CCIE 認證表示網絡人士在IP 和IP 路由,以及特定的安全協定群組件方面擁有專家級知識。獲得安全CCIE,能夠設計安全的網絡。熟練使用ASA/PIX,IPS,VPN産品以及各種安全技術。 備考推薦資料: CISCO VPN配置完全手冊 路由器 防火牆 安全原理與實踐 …… 課程設計内容: Implement secure networks using Cisco ASA Firewalls Perform basic firewall Initialization Configure device management Configure address translation (nat, global, static) Configure ACLs Configure IP routing Configure object groups Configure VLANs Configure filtering Configure failover Configure Layer 2 Transparent Firewall Configure security contexts (virtual firewall) Configure Modular Policy Framework Configure Application-Aware Inspection Configure high availability solutions Configure QoS policies Implement secure networks using Cisco IOS Firewalls Configure CBAC Configure Zone-Based Firewall Configure Audit Configure Auth Proxy Configure PAM Configure access control Configure performance tuning Configure advanced IOS Firewall features Implement secure networks using Cisco VPN solutions Configure IPsec LAN-to-LAN (IOS/ASA) Configure SSL VPN (IOS/ASA) Configure Dynamic Multipoint VPN (DMVPN) Configure Group Encrypted Transport (GET) VPN Configure Easy VPN (IOS/ASA) Configure CA (PKI) Configure Remote Access VPN Configure Cisco Unity Client Configure Clientless WebVPN Configure AnyConnect VPN Configure XAuth, Split-Tunnel, RRI, NAT-T Configure High Availability Configure QoS for VPN Configure GRE, mGRE Configure L2TP Configure advanced Cisco VPN features Configure Cisco IPS to mitigate network threats Configure IPS 4200 Series Sensor Appliance Initialize the Sensor Appliance Configure Sensor Appliance management Configure virtual Sensors on the Sensor Appliance Configure security policies Configure promiscuous and inline monitoring on the Sensor Appliance Configure and tune signatures on the Sensor Appliance Configure custom signatures on the Sensor Appliance Configure blocking on the Sensor Appliance Configure TCP resets on the Sensor Appliance Configure rate limiting on the Sensor Appliance Configure signature engines on the Sensor Appliance Use IDM to configure the Sensor Appliance Configure event action on the Sensor Appliance Configure event monitoring on the Sensor Appliance Configure advanced features on the Sensor Appliance Configure and tune Cisco IOS IPS Configure SPAN & RSPAN on Cisco switches Implement Identity Management Configure RADIUS and TACACS+ security protocols Configure LDAP Configure Cisco Secure ACS Configure certificate-based authentication Configure proxy authentication Configure 802.1x Configure advanced identity management features Configure Cisco NAC Framework Implement Control Plane and Management Plane Security Implement routing plane security features (protocol authentication, route filtering) Configure Control Plane Policing Configure CP protection and management protection Configure broadcast control and switchport security Configure additional CPU protection mechanisms (options drop, logging interval) Disable unnecessary services Control device access (Telnet, HTTP, SSH, Privilege levels) Configure SNMP, Syslog, AAA, NTP Configure service authentication (FTP, Telnet, HTTP, other) Configure RADIUS and TACACS+ security protocols Configure device management and security Configure Advanced Security Configure mitigation techniques to respond to network attacks Configure packet marking techniques Implement security RFCs (RFC1918/3330, RFC2827/3704) Configure Black Hole and Sink Hole solutions Configure RTBH filtering (Remote Triggered Black Hole) Configure Traffic Filtering using Access-Lists Configure IOS NAT Configure TCP Intercept Configure uRPF Configure CAR Configure NBAR Configure NetFlow Configure Anti-Spoofing solutions Configure Policing Capture and utilize packet captures Configure Transit Traffic Control and Congestion Management Configure Cisco Catalyst advanced security features Identify and Mitigate Network Attacks Identify and protect against fragmentation attacks Identify and protect against malicious IP option usage Identify and protect against network reconnaissance attacks Identify and protect against IP spoofing attacks Identify and protect against MAC spoofing attacks Identify and protect against ARP spoofing attacks Identify and protect against Denial of Service (DoS) attacks Identify and protect against Distributed Denial of Service (DDoS) attacks Identify and protect against Man-in-the-Middle (MiM) attacks Identify and protect against port redirection attacks Identify and protect against DHCP attacks Identify and protect against DNS attacks Identify and protect against Smurf attacks Identify and protect against SYN attacks Identify and protect against MAC Flooding attacks Identify and protect against VLAN hopping attacks Identify and protect against various Layer2 and Layer3 attacks
認證内容
認證介紹: 電信營運商CCIE認證(以前被稱為通信和服務)表示網絡人士在IP原理和核心IP技術(例如單點傳播IP路由、QoS、多點傳播、MPLS、MPLS VPN、流量工程和多協定BGP)方面擁有專家級知識,并且在至少一項與電信營運商有關的網絡領域具有專業知識。這些領域包括撥号、DSL、有線網絡、光網、WAN交換、IP電話、内容網絡和城域以太網。 備考用書: MPLS VPN 體系結構卷一 MPLS VPN 體系結構卷二 MPLS 流量工程 進階MPLS VPN設計 域間多點傳播技術 …… 課程内容: . Bridging and Switching VTP, VLAN, Trunk, Spanning tree Frame Relay, DLCI, FR multilink ATM PVC, SVC, FR/ATM interworking PPPoE IGP Routing IS-IS, Level 1/2, Metric OSPF, LSA, Area Redistribution, Summarization, Filtering Policy routing EGP Routing IBGP, EBGP BGP attributes Confederation, Route reflector Synchronization, Aggregation, Stability Redistribution, Filtering Multipath SP Multicast PIM-SM, PIM-DM, SSM, PIM-BIDIR, IGMP Auto RP, Static RP, BSR, Anycast RP MP-BGP for multicast, MSDP MPLS Label distribution, LDP/ TDP Label filtering, Label merging, Multipath MPLS COS MPLS Netflow MPLS over ATM MPLS Traffic Engineering L3/L2 VPN MPLS VPN, MP-iBGP PE-CE routing, RIPv2, OSPF, EIGRP, Static, ISIS, EBGP BGP Extended Community Inter AS MPLS VPN Carrier Supporting Carrier VRF-Lite, VRF Select Multicast MPLS VPN GRE, multipoint GRE AToM, L2TPv3 802.QinQ SP QoS and Security DSCP/EXP, TOS, NBAR Marking, Shaping, Policing CAR, FRTS WRQ, CBWFQ, LLQ, PQ, CQ RED, WRED LFI, cRTP RSVP ACL, RPF, Filtering Routing update security Common attacks High Availability NSF, GLBP Fast reroute, Link/Node protection HSRP, VRRP Management SNMP, SYSLOG, RMON A cco unting Netflow NTP
![BGP 路由反射器[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)