CCIE全稱Cisco Certified Internetwork Expert—— Cisco認證互聯(lián)網(wǎng)專家， 是美國Cisco公司于1993年開始推出的專家級認證考試。被公認為IT業(yè)最權(quán)威的認證,是全球網(wǎng)絡(luò)互連領(lǐng)域中最高級別的認證證書。這個認證主要提供工程師在今日快速變動的網(wǎng)絡(luò)環(huán)境中駕馭Cisco設(shè)備所需的專業(yè)知識。成為CCIE除了整個產(chǎn)業(yè)的認同之外，CCIE也是你不斷持有最新網(wǎng)絡(luò)知識的指標；你將會在你的專業(yè)領(lǐng)域中成為一位最具競爭力的人。

CCIE 認證是目前Cisco認證體系中最頂級的證書。要取得CCIE認證證書，需要取得以下課程考試：

1、CCIE資格考試（即筆試，2.5小時） 考試費：￥3000

2、CCIE實驗考試（一天） 考試費：￥10850

3、CCIE面試（英文）

筆試部分考試在中國各個城市基本都能考，而實驗室部分考試在世界范圍內(nèi)只有9個考場：研究三角園區(qū)（美）、圣何塞（美）、悉尼（澳）、香港（中）、北京（中）、班加羅爾（印）、東京（日）、布魯塞爾（比）、圣保羅（巴）、。

CCIE目前在考的共分為5類：

Routing & Switching(R&S) 路由交換CCIE

Service Provider(SP) 電信運營商CCIE

Security 安全CCIE

Voice 語音CCIE

Storage Networking 存儲CCIE

CCIE認證的有效期為兩年

如果以通過CCIE試驗考試重認證只需要進行筆試重認證；如果在證書沒有過期時進行重認證那么有效日期將累加

重認證 重新參加筆試

以下為CCIE考試大綱和學習內(nèi)容

路由交換CCIE認證內(nèi)容(紅色字體為：2009年10月18日起，新增的CCIE RS考試內(nèi)容)

認證介紹：

路由和交換領(lǐng)域的CCIE認證資格表示網(wǎng)絡(luò)人士在不同的LAN、WAN接口和各種路由器、交換機的聯(lián)網(wǎng)方面擁有專家級知識。R&S 領(lǐng)域的專家可以解決復雜的連接問題，利用技術(shù)解決方案提高帶寬、縮短響應(yīng)時間、最大限度地提高性能、加強安全性和支持全球性應(yīng)用?？忌鷳?yīng)當能夠安裝、配置和維護LAN、WAN和撥號接入服務(wù)。

備考參考用書：

TCP /IP路由協(xié)議卷一

TCP /IP路由協(xié)議卷二

3560交換機配置指南

端到端的QOS網(wǎng)絡(luò)設(shè)計

IPV6設(shè)計與實現(xiàn)

#p#

課程涉及內(nèi)容：

橋接部分

Frame relay

VLANs, VTP, STP, MSTP, RSTP, Trunk, Etherchannel, management, features, advanced configuration, Layer 3

Tunneling

IGP部分：

OSPF

EIGRP

RIPv2

IPv6: Addressing, RIPng, OSPFv3 ，EIGRP IPV6

GRE

ODR

Filtering, redistribution, PBR，summarization and other advanced features

BGP 部分

IBGP

EBGP

Filtering, redistribution, summarization, synchronization, attributes and other advanced features

IP特性部分：

IP addressing

DHCP

HSRP

IP services

IOS user interfaces

System management

NAT

NTP

SNMP

RMON

Accounting

SLA

多播部分：

PIM, bi-directional PIM

MSDP

Multicast tools, source specific multicast

DVMRP

Anycast

MPLS/L3VPN

服務(wù)質(zhì)量：

Quality of service solutions

Classification

Congestion management, congestion avoidance

Policing and shaping

Signaling

Link efficiency mechanisms

Modular QoS command line

安全特性部分：

AAA

Security server protocols

Traffic filtering and firewalls

Access lists

Routing protocols security, catalyst security

CBAC

Other security features

安全CCIE認證內(nèi)容

認證介紹：

安全領(lǐng)域的 CCIE 認證表示網(wǎng)絡(luò)人士在 IP 和 IP 路由，以及特定的安全協(xié)議和組件方面擁有專家級知識。獲得安全CCIE，能夠設(shè)計安全的網(wǎng)絡(luò)。熟練使用ASA/PIX，IPS，VPN產(chǎn)品以及各種安全技術(shù)。

備考推薦資料：

CISCO VPN配置完全手冊

路由器防火墻

安全原理與實踐

……

課程涉及內(nèi)容：

Implement secure networks using Cisco ASA Firewalls

Perform basic firewall Initialization Configure device management Configure address translation (nat, global, static) Configure ACLs Configure IP routing Configure object groups Configure VLANs Configure filtering Configure failover Configure Layer 2 Transparent Firewall Configure security contexts (virtual firewall) Configure Modular Policy Framework Configure Application-Aware Inspection Configure high availability solutions Configure QoS policies

Implement secure networks using Cisco IOS Firewalls Configure CBAC Configure Zone-Based Firewall Configure Audit Configure Auth Proxy Configure PAM Configure access control Configure performance tuning Configure advanced IOS Firewall features

Implement secure networks using Cisco VPN solutions Configure IPsec LAN-to-LAN (IOS/ASA) Configure SSL VPN (IOS/ASA) Configure Dynamic Multipoint VPN (DMVPN) Configure Group Encrypted Transport (GET) VPN Configure Easy VPN (IOS/ASA) Configure CA (PKI) Configure Remote Access VPN Configure Cisco Unity Client Configure Clientless WebVPN Configure AnyConnect VPN Configure XAuth, Split-Tunnel, RRI, NAT-T Configure High Availability Configure QoS for VPN Configure GRE, mGRE Configure L2TP Configure advanced Cisco VPN features

Configure Cisco IPS to mitigate network threats Configure IPS 4200 Series Sensor Appliance Initialize the Sensor Appliance Configure Sensor Appliance management Configure virtual Sensors on the Sensor Appliance Configure security policies Configure promiscuous and inline monitoring on the Sensor Appliance Configure and tune signatures on the Sensor Appliance Configure custom signatures on the Sensor Appliance Configure blocking on the Sensor Appliance Configure TCP resets on the Sensor Appliance Configure rate limiting on the Sensor Appliance Configure signature engines on the Sensor Appliance Use IDM to configure the Sensor Appliance Configure event action on the Sensor Appliance Configure event monitoring on the Sensor Appliance Configure advanced features on the Sensor Appliance Configure and tune Cisco IOS IPS Configure SPAN & RSPAN on Cisco switches

Implement Identity Management Configure RADIUS and TACACS+ security protocols Configure LDAP Configure Cisco Secure ACS Configure certificate-based authentication Configure proxy authentication Configure 802.1x Configure advanced identity management features Configure Cisco NAC Framework

Implement Control Plane and Management Plane Security Implement routing plane security features (protocol authentication, route filtering) Configure Control Plane Policing Configure CP protection and management protection Configure broadcast control and switchport security Configure additional CPU protection mechanisms (options drop, logging interval) Disable unnecessary services Control device access (Telnet, HTTP, SSH, Privilege levels) Configure SNMP, Syslog, AAA, NTP Configure service authentication (FTP, Telnet, HTTP, other) Configure RADIUS and TACACS+ security protocols Configure device management and security

Configure Advanced Security Configure mitigation techniques to respond to network attacks Configure packet marking techniques Implement security RFCs (RFC1918/3330, RFC2827/3704) Configure Black Hole and Sink Hole solutions Configure RTBH filtering (Remote Triggered Black Hole) Configure Traffic Filtering using Access-Lists Configure IOS NAT Configure TCP Intercept Configure uRPF Configure CAR Configure NBAR Configure NetFlow Configure Anti-Spoofing solutions Configure Policing Capture and utilize packet captures Configure Transit Traffic Control and Congestion Management Configure Cisco Catalyst advanced security features

Identify and Mitigate Network Attacks Identify and protect against fragmentation attacks Identify and protect against malicious IP option usage Identify and protect against network reconnaissance attacks Identify and protect against IP spoofing attacks Identify and protect against MAC spoofing attacks Identify and protect against ARP spoofing attacks Identify and protect against Denial of Service (DoS) attacks Identify and protect against Distributed Denial of Service (DDoS) attacks Identify and protect against Man-in-the-Middle (MiM) attacks Identify and protect against port redirection attacks Identify and protect against DHCP attacks Identify and protect against DNS attacks Identify and protect against Smurf attacks Identify and protect against SYN attacks Identify and protect against MAC Flooding attacks Identify and protect against VLAN hopping attacks Identify and protect against various Layer2 and Layer3 attacks

電信運營商CCIE認證內(nèi)容

認證介紹：

電信運營商CCIE認證（以前被稱為通信和服務(wù)）表示網(wǎng)絡(luò)人士在IP原理和核心IP技術(shù)（例如單播IP路由、QoS、組播、MPLS、MPLS VPN、流量工程和多協(xié)議BGP）方面擁有專家級知識，并且在至少一項與電信運營商有關(guān)的網(wǎng)絡(luò)領(lǐng)域具有專業(yè)知識。這些領(lǐng)域包括撥號、DSL、有線網(wǎng)絡(luò)、光網(wǎng)、WAN交換、IP電話、內(nèi)容網(wǎng)絡(luò)和城域以太網(wǎng)。

備考用書：

MPLS VPN 體系結(jié)構(gòu)卷一

MPLS VPN 體系結(jié)構(gòu)卷二

MPLS 流量工程

高級MPLS VPN設(shè)計

域間多播技術(shù)

……

課程內(nèi)容：

Bridging and Switching VTP, VLAN, Trunk, Spanning tree Frame Relay, DLCI, FR multilink ATM PVC, SVC, FR/ATM interworking PPPoE

IGP Routing IS-IS, Level 1/2, Metric OSPF, LSA, Area Redistribution, Summarization, Filtering Policy routing

EGP Routing IBGP, EBGP BGP attributes Confederation, Route reflector Synchronization, Aggregation, Stability Redistribution, Filtering Multipath

SP Multicast PIM-SM, PIM-DM, SSM, PIM-BIDIR, IGMP Auto RP, Static RP, BSR, Anycast RP MP-BGP for multicast, MSDP

MPLS Label distribution, LDP/ TDP Label filtering, Label merging, Multipath MPLS COS MPLS Netflow MPLS over ATM MPLS Traffic Engineering

L3/L2 VPN MPLS VPN, MP-iBGP PE-CE routing, RIPv2, OSPF, EIGRP, Static, ISIS, EBGP BGP Extended Community Inter AS MPLS VPN Carrier Supporting Carrier VRF-Lite, VRF Select Multicast MPLS VPN GRE, multipoint GRE AToM, L2TPv3 802.QinQ

SP QoS and Security DSCP/EXP, TOS, NBAR Marking, Shaping, Policing CAR, FRTS WRQ, CBWFQ, LLQ, PQ, CQ RED, WRED LFI, cRTP RSVP ACL, RPF, Filtering Routing update security Common attacks

High Availability NSF, GLBP Fast reroute, Link/Node protection HSRP, VRRP

Management SNMP, SYSLOG, RMON Accounting Netflow NTP

【編輯推薦】

1. 思科培訓專區(qū)
2. 2009年三次惡戰(zhàn)CCIE RS 實驗經(jīng)歷
3. CCIE的考試經(jīng)歷和學習經(jīng)驗總結(jié)
4. 各個方向CCIE認證投資回報分析