CCIE EI V1.1 (Rev 2) Workbook
Introduction
Imagine sitting down for an eight-hour CCIE Enterprise Infrastructure lab exam, and the very first task asks you to build a multi-area OSPF topology with virtual links, redistribute it into BGP with route tagging, then overlay the entire design with SD-WAN templates and SDA fabric segmentation. If that scenario makes your pulse quicken, you are not alone. The CCIE EI V1.1 Rev 2 Workbook is the single most comprehensive resource you can use to prepare for exactly these kinds of compound, multi-domain challenges.
Spanning 755 pages and thirteen meticulously structured modules, this workbook walks you through more than 200 individual labs. Each lab builds on the one before it, gradually layering complexity until you are configuring full-scale enterprise networks that mirror real exam conditions. Whether you are solidifying your Layer 2 switching fundamentals or diving into MPLS VPN extranets and DMVPN Phase III tunnels, the CCIE EI V1.1 Rev 2 Workbook has a lab that targets the exact skill you need.
In this article, we break down every module, explain what each lab section teaches, highlight the configuration concepts you must master, and give you a study strategy that turns hundreds of labs into a clear, manageable path toward your CCIE number. If you are starting your CCIE Enterprise Infrastructure journey or looking for a structured way to close your knowledge gaps, read on.
What Does the CCIE EI V1.1 Rev 2 Workbook Cover?
The workbook is organized into thirteen modules that collectively address every domain on the CCIE Enterprise Infrastructure v1.1 blueprint. Here is an overview of what each module targets:
| Module | Topic | Number of Labs |
|---|---|---|
| 1 | Layer 2 Technologies -- Ethernet Switching | 15 |
| 2 | EIGRP | 23 |
| 3 | OSPF | 14 |
| 4 | BGP | 27 |
| 5 | IPv6 | 7 |
| 6 | Virtual Private Networks (VPNs) | 10 |
| 7 | MPLS Unicast Routing | 10 |
| 8 | SD-WAN | 36 |
| 9 | SDA (Software-Defined Access) | 42 |
| 10 | IP Services and Security | 13 |
| 11 | Quality of Service (QoS) | 6 |
| 12 | Multicast Routing | 7 |
| 13 | Automation and Programmability | 13 |
That is over 200 labs across the full spectrum of enterprise networking. The CCIE EI V1.1 Rev 2 Workbook does not just list commands -- it takes you through progressively harder scenarios that force you to understand the "why" behind every configuration decision.
Pro Tip: Do not skip the early labs in each module, even if you consider yourself advanced. The workbook deliberately builds foundational configurations that later labs depend on. Skipping Lab 1 in Module 3, for instance, means you will lack the base OSPF topology needed for virtual links and area type labs later.
Module 1: Layer 2 Technologies -- Ethernet Switching in the CCIE EI V1.1 Rev 2 Workbook
Layer 2 is where every enterprise network begins, and the workbook dedicates its first fifteen labs to making sure your switching fundamentals are rock-solid. The progression is deliberate: you start with trunking, move into port aggregation, then tackle spanning tree in multiple flavors before finishing with security features.
Trunking and Port-Channels
The module opens with Lab 1: Configuring Trunking -- Dot1q, which establishes 802.1Q trunk links between switches. From there, you move into port-channel configuration -- first with manual channel groups (Lab 2), then with LACP negotiation (Lab 3). Understanding the difference between static and dynamic aggregation is critical for the lab exam, where mismatched modes can silently break connectivity.
interface range GigabitEthernet0/1 - 2
channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
VTP, VLANs, and Spanning Tree
Labs 4 and 5 cover VLAN Trunking Protocol (VTP) and VLAN configuration respectively. The workbook then pivots to spanning tree with three labs: PVSTP root switch selection (Lab 6), MST configuration (Lab 7), and MST root switch selection (Lab 8). Understanding how to control the root bridge election is a skill that surfaces repeatedly in CCIE scenarios.
Labs 9 and 10 handle physical-to-logical mapping and Layer 3 logical topology configuration -- the bridge between your switching and routing domains.
Spanning Tree Security Features
The final five labs in Module 1 are all about hardening your Layer 2 domain:
- Lab 11 -- PortFast: Speeds up access port convergence by skipping the listening and learning states
- Lab 12 -- BPDU Guard: Shuts down PortFast-enabled ports if they receive a BPDU, preventing rogue switches
- Lab 13 -- VLAN ACLs: Filters traffic within a VLAN using access maps
- Lab 14 -- Root Guard: Prevents an unauthorized switch from becoming the root bridge
- Lab 15 -- Port-Security: Limits the number of MAC addresses learned on a port
If you want to build your Layer 2 foundation before tackling this module, check out the VLANs and Trunking and EtherChannel and STP courses on NHPREP.
Module 2: How Does the CCIE EI V1.1 Rev 2 Workbook Teach EIGRP?
With 23 labs, EIGRP receives some of the deepest coverage in the entire workbook. The module starts with fundamentals and escalates into complex multi-domain redistribution scenarios that are a staple of the CCIE lab exam.
Foundational EIGRP Configuration
The first three labs cover the basics: initializing EIGRP with network statements (Lab 1), configuring passive interfaces to suppress unnecessary adjacencies (Lab 2), and establishing unicast neighbors for non-broadcast scenarios (Lab 3).
router eigrp 100
network 10.0.0.0 0.0.0.255
passive-interface default
no passive-interface GigabitEthernet0/0
Metrics, Load Balancing, and Summarization
Lab 4 dives into EIGRP metric calculations, which use bandwidth, delay, reliability, and load by default. Lab 5 then applies those metrics to equal and unequal cost load balancing using the variance command -- a feature unique to EIGRP among common IGPs.
Route summarization gets three full labs: auto-summary behavior (Lab 6), manual summarization (Lab 7), and the use of leak maps to advertise specific subnets through a summary boundary (Lab 8). Leak maps are an advanced technique that appears frequently on the CCIE lab exam.
Route Filtering and Authentication
Labs 9 and 10 cover route filtering with ACLs and prefix-lists respectively. The workbook then dedicates Labs 11 through 14 to EIGRP authentication -- both legacy MD5 and modern SHA-based HMAC in named mode. Understanding the differences between classic and named-mode EIGRP configuration is essential.
router eigrp LAB
address-family ipv4 unicast autonomous-system 100
af-interface default
authentication mode hmac-sha-256 Lab@123
exit-af-interface
Redistribution -- The Heart of CCIE Routing
Labs 16 through 22 form the redistribution block, and this is where the workbook earns its reputation. You progress through:
- Redistributing connected and static routes (Lab 16)
- Redistributing between RIP and EIGRP (Lab 17)
- Redistributing between two EIGRP autonomous systems (Lab 18)
- Redistributing between OSPF and EIGRP (Lab 19)
- Redistribution with route filtering (Lab 20)
- Redistribution with route tagging (Lab 21)
- Multi-point redistribution with route tagging (Lab 22)
Lab 22 is particularly important because multi-point redistribution creates routing loops if not handled correctly. The workbook teaches you to use route tags to prevent routes from being redistributed back into their originating protocol -- a technique that is almost guaranteed to appear on the actual exam.
The module closes with Lab 23: Configuring BFD for EIGRP, which enables sub-second failure detection alongside standard EIGRP timers.
Module 3: OSPF Configuration Labs in the CCIE EI V1.1 Rev 2 Workbook
OSPF is the backbone IGP for most enterprise networks, and the workbook dedicates 14 labs to ensuring you can configure every aspect the exam tests.
Basic OSPF and Multi-Area Design
The module opens with OSPF on Ethernet (Lab 1) and serial links (Lab 2) in Area 10, then moves to Area 0 configuration (Lab 3). Lab 4 covers unicast-based OSPF adjacencies, while Lab 5 configures an OSPF ASBR for external route injection. Lab 6 brings it all together with a multi-area, multi-domain topology.
Summarization, Filtering, and Area Types
Labs 7 and 8 cover inter-area and external route summarization at ABRs and ASBRs respectively. Lab 9 teaches LSA Type 3 filtering, which lets you selectively block inter-area routes at ABR boundaries -- a powerful tool for controlling routing table size.
Lab 10 addresses OSPF authentication, and Lab 11 takes you through OSPF area types: stub, totally stubby, NSSA, and totally NSSA. Each area type controls which LSA types are permitted, and choosing the correct one is a common exam task.
router ospf 1
area 20 nssa no-summary
area 10 stub
Virtual Links, BFD, and IP FRR
Lab 12 covers virtual links, which extend Area 0 connectivity through a transit area. Lab 13 adds BFD for OSPF fast failure detection. Lab 14 introduces IP Fast Reroute (FRR) for OSPF, which pre-computes backup paths to enable sub-50ms failover -- a feature that has become increasingly important in modern enterprise designs.
For a foundational review of inter-VLAN routing concepts that underpin multi-area OSPF designs, visit the Inter-VLAN Routing course on NHPREP.
Module 4: BGP -- The Largest Module in the CCIE EI V1.1 Rev 2 Workbook
With 27 labs, BGP is the single largest module in the workbook. This reflects the protocol's outsized importance on the CCIE Enterprise Infrastructure exam, where BGP appears in everything from basic eBGP peering to complex route reflection with conditional advertisement.
eBGP, iBGP, and Route Reflectors
The module begins with straightforward eBGP configuration (Lab 1), eBGP multi-hop peering (Lab 2), network redistribution into BGP (Lab 3), and BGP authentication (Lab 4). Lab 5 introduces iBGP with route reflectors, which eliminates the need for a full mesh of iBGP peers.
Route Filtering Techniques
Three labs cover the major filtering methods:
| Lab | Filtering Method | Use Case |
|---|---|---|
| Lab 6 | ACLs | Simple prefix-based filtering |
| Lab 7 | Prefix-Lists | Flexible prefix and mask length matching |
| Lab 8 | AS-Path Filters | Filtering based on the BGP AS path attribute |
Route Aggregation
Labs 9 through 11 explore three approaches to BGP route aggregation:
- Summary-Only (Lab 9): Suppresses all component routes
- Manual Filtering (Lab 10): Selective suppression using unsuppress-map
- Suppress Maps (Lab 11): Granular control over which routes are suppressed
BGP Attributes and Path Selection
Labs 12 through 18 form the core of BGP path manipulation. Lab 12 sets up the base topology with both eBGP and iBGP peers, and then each subsequent lab focuses on a single attribute:
- Local Preference (Lab 13): Influences outbound path selection within an AS
- MED (Lab 14): Suggests inbound path preference to an external AS
- Weight (Lab 15): Router-local path preference (highest wins)
- AS-Path prepending (Lab 16): Lengthens the AS path to make a route less preferred
- No-Export Community (Lab 17): Prevents a route from being advertised to eBGP peers
- No-Advertise Community (Lab 18): Prevents a route from being advertised to any peer
route-map SET_LP permit 10
set local-preference 200
router bgp 65001
neighbor 10.1.1.2 route-map SET_LP in
Advanced BGP Features
The remaining labs cover increasingly sophisticated scenarios:
- Conditional Advertisement (Lab 19): Advertises routes only when specific conditions are met
- BGP Multi-Path for eBGP and iBGP (Lab 20): Enables load balancing across multiple BGP paths
- Redistributing iBGP routes into IGP (Lab 21): A tricky scenario requiring careful loop prevention
- Route Reflector with Next-Hop Changed (Lab 22): Modifies next-hop behavior in RR topologies
- Route Reflection with Dynamic Neighbors (Lab 23): Uses listen ranges instead of explicit neighbor statements
- Private AS Number handling (Lab 24): Stripping private ASNs before advertising to public peers
- Local-AS command (Lab 25): Allows a router to appear as a member of a different AS
- BFD for BGP (Lab 26): Sub-second BGP peer failure detection
- BGP Confederations (Lab 27): An alternative to route reflectors for scaling iBGP
Module 5: IPv6 Across Routing Protocols
The IPv6 module contains seven labs that ensure you can deploy IPv6 addressing and run the major routing protocols in a dual-stack or IPv6-only environment. Lab 1 covers IPv6 addressing fundamentals, followed by OSPFv3 (Lab 2), EIGRP for IPv6 (Lab 3), IS-IS for IPv6 (Lab 4), and BGP for IPv6 (Lab 5).
Labs 6 and 7 address transition mechanisms: IPv6-in-IP tunneling and NAT64. These labs are particularly relevant because many enterprise networks still operate in a dual-stack mode and need clean interoperability between IPv4 and IPv6 domains.
How Does the CCIE EI V1.1 Rev 2 Workbook Handle VPN Technologies?
Module 6 progresses through ten VPN labs, starting with simple point-to-point GRE tunnels and ending with FlexVPN.
GRE and IPSec Fundamentals
Lab 1 configures a basic point-to-point GRE tunnel, Lab 2 adds IPSec encryption to that tunnel, and Lab 3 sets up a native IPSec tunnel interface without GRE encapsulation. Understanding when to use GRE+IPSec versus native IPSec is a key design decision on the exam.
DMVPN Phases
The workbook dedicates four labs to DMVPN:
| Lab | DMVPN Phase | Key Characteristic |
|---|---|---|
| Lab 5 | Phase I | Hub-and-spoke only; all traffic transits the hub |
| Lab 6 | Phase II | Spoke-to-spoke tunnels via NHRP resolution |
| Lab 7 | Phase III | Spoke-to-spoke with NHRP shortcuts and redirects |
| Lab 8 | Dual-Hub | Redundant hub design for high availability |
Lab 4 covers mGRE VPN configuration, which is the foundation that DMVPN builds upon. Lab 9 then layers IPSec encryption over the DMVPN fabric, and Lab 10 introduces FlexVPN in point-to-point mode as the modern successor to legacy crypto maps.
Module 7: MPLS VPN Labs in the CCIE EI V1.1 Rev 2 Workbook
MPLS remains a critical technology for service provider and large enterprise networks. The workbook's ten MPLS labs cover unicast label switching, LDP authentication, and a comprehensive set of MPLS VPN PE-CE routing scenarios.
Core MPLS and LDP
Lab 1 configures MPLS unicast routing with LDP label distribution, and Lab 2 adds LDP peer authentication to secure the label exchange process.
PE-CE Routing Variations
Labs 3 through 9 systematically work through every PE-CE routing option:
- Static Routing (Lab 3): Simplest PE-CE connectivity
- EIGRP (Lab 4): PE-CE with EIGRP, including SoO for loop prevention
- BGP -- Configuration 1 (Lab 5): Basic MP-BGP VPNv4 with eBGP PE-CE
- BGP -- Configuration 2 (Lab 6): Extended BGP PE-CE scenarios
- OSPF (Lab 7): PE-CE with OSPF, including LSA Type 3/5/7 considerations
- OSPF with Domain-ID (Lab 8): Controls route type preservation across the MPLS backbone
- OSPF with Sham-Link (Lab 9): Ensures OSPF prefers the MPLS backbone over a backdoor link
Lab 10 wraps up the module with MPLS VPN Extranets, which allow controlled route leaking between VRFs -- a design pattern used for shared services.
Module 8: SD-WAN -- The Largest Hands-On Section
With 36 labs, SD-WAN is the second-largest module and reflects the technology's growing weight on the CCIE Enterprise Infrastructure exam. The workbook takes you from zero to a fully functional SD-WAN fabric with advanced policies.
Controller Initialization
Labs 1 through 10 build the SD-WAN control plane from scratch:
- Configure non-SD-WAN routers for underlay connectivity (Lab 1)
- Install the enterprise certificate server (Lab 2)
- Initialize vManage, vSmart, and vBond via CLI (Labs 3-5)
- Initialize the same controllers via GUI (Labs 6-8)
- Initialize Catalyst 8000v WAN edge routers via CLI and GUI (Labs 9-10)
Feature and Device Templates
Labs 11 through 22 are the template-building heart of the module. You create feature templates for system settings (Lab 11), banners (Lab 12), and site-specific WAN edge parameters. Device templates are then assembled for HQ (Lab 14), BR-1 (Lab 16), BR-2 (Lab 17), BR3-1 (Lab 19), BR3-2 (Lab 20), and BR-4 (Lab 22).
Pro Tip: On the CCIE lab exam, template misconfiguration is one of the most common causes of time loss. Practice the template workflow until it is second nature: create feature templates first, then assemble them into device templates, then attach to devices.
Advanced SD-WAN Policies
The final block covers the policy features that distinguish expert-level SD-WAN engineers:
- Application Aware Routing (AAR) for Telnet, Web, and Chat applications (Labs 26-27)
- Direct Internet Access (DIA) for local internet breakout (Lab 28)
- Topology Policies to manipulate TLOCs (Lab 29)
- Route Filtering via centralized policies (Lab 30)
- Multiple Service VPNs for network segmentation (Lab 31)
- Route Leaking between VPNs for shared services (Lab 32)
- QoS implementation including custom options, scheduler configuration, localized policies, and interface parameters (Labs 33-36)
Module 9: SDA (Software-Defined Access) in the CCIE EI V1.1 Rev 2 Workbook
SDA is the largest module in the workbook at 42 labs, reflecting its prominence on the current CCIE blueprint. The module covers two complete SDA deployment models: a full multi-building fabric and a Fabric-In-A-Box (FIAB) deployment.
Initial Setup and Design
The module begins with DNAC and ISE integration (Lab 1), border switch configuration (Lab 2), and fusion router setup (Lab 3). Labs 4 through 7 handle DNAC design tasks:
- Network hierarchy -- sites and buildings (Lab 4)
- Server configuration -- AAA, NTP, and DHCP (Lab 5)
- Device credentials (Lab 6)
- IP address pools (Lab 7)
Underlay Options
The workbook provides two paths for building the underlay:
- Manual underlay (Labs 8-10): Skinny configuration, IGP with OSPF, device discovery and provisioning
- LAN Automation (Labs 11-14): Seed device configuration, assignment, LAN automation execution, and device provisioning
Overlay Configuration
Labs 15 through 20 build the overlay:
- Reserve IP pools for overlay and underlay (Lab 15)
- Create Virtual Networks (VNs) for segmentation (Lab 16)
- Create transit networks with L3 handoff (Lab 17)
- Configure host onboarding (Lab 18)
- Provision control plane and border devices (Lab 19)
- Provision fabric edge devices (Lab 20)
Segmentation -- Macro and Micro
Labs 21 through 31 are where SDA's security model comes alive:
- Macro segmentation via VRFs, SVIs, BGP, and route leaking on the fusion router (Lab 21), verified in Lab 26
- Micro segmentation using Scalable Group Tags (SGTs) -- creating SGTs (Lab 27), assigning them via ISE authorization policies (Lab 28), blocking inter-SGT communication with default contracts (Lab 29), creating custom SG-ACL contracts (Lab 30), and applying and verifying them (Lab 31)
Labs 22 through 25 handle ISE configuration: users and groups (Lab 22), authorization profiles (Lab 23), authorization policies (Lab 24), and DHCP for client provisioning (Lab 25).
Fabric-In-A-Box (FIAB)
Labs 33 through 42 walk through a complete FIAB deployment across two buildings, including base network setup (Lab 33), ISE-DNAC integration and design (Lab 34), device discovery and provisioning (Lab 35), fabric site and pool creation (Lab 36), IP and SDA transits (Lab 37), FIAB configuration for Building 1 (Lab 38) and Building 2 (Lab 42), fusion router configuration (Lab 39), ISE setup (Lab 40), and DHCP with connectivity verification (Lab 41). Lab 32 also covers L2 Handoff as a standalone topic.
Modules 10-13: IP Services, QoS, Multicast, and Automation
The final four modules round out the CCIE EI V1.1 Rev 2 Workbook with technologies that frequently appear as overlay tasks on the lab exam.
Module 10: IP Services and Security (13 Labs)
This module covers essential infrastructure services:
- Zone-Based Firewall (Lab 1): Stateful firewall policy between security zones
- FHRP: HSRP (Lab 2) and VRRP (Lab 3) for gateway redundancy
- DHCP: Server configuration (Lab 4), relay agent (Lab 5), and DHCP snooping (Lab 6)
- NTP (Lab 7): Time synchronization across the network
- AAA Services (Lab 8): Authentication, authorization, and accounting
- IP SLA (Lab 9): Proactive monitoring and path verification
- NAT: Dynamic NAT (Lab 10), Dynamic PAT (Lab 11), Static NAT (Lab 12), and Static PAT (Lab 13)
ip dhcp pool LAN_POOL
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
domain-name lab.nhprep.com
Module 11: Quality of Service (6 Labs)
QoS configuration follows a logical progression:
- Policing (Lab 1): Rate-limiting traffic at ingress
- Bandwidth Reservation (Lab 2): Guaranteeing minimum bandwidth per class
- Low-Latency Queuing (LLQ) (Lab 3): Priority queuing for voice and video
- NBAR Classification (Lab 4): Application-aware traffic identification
- Shaping (Lab 5): Smoothing traffic bursts at egress
- Advanced Class Maps (Lab 6): Complex match criteria for granular classification
Module 12: Multicast Routing (7 Labs)
The multicast module covers every PIM mode and RP discovery mechanism:
| Lab | Topic | Description |
|---|---|---|
| Lab 1 | PIM Dense Mode | Flood-and-prune multicast distribution |
| Lab 2 | PIM Sparse Mode -- Single Static RP | Explicit join model with one RP |
| Lab 3 | PIM Sparse Mode -- Multiple Static RPs | Load sharing across RPs |
| Lab 4 | PIM Sparse Mode -- Dense Mode Fallback | Hybrid mode for RP failure |
| Lab 5 | PIM Sparse Mode -- Auto-RP | Dynamic RP discovery |
| Lab 6 | PIM Sparse Mode -- BSR | Standards-based RP election |
| Lab 7 | MSDP | Multicast Source Discovery Protocol for inter-domain multicast |
Module 13: Automation and Programmability (13 Labs)
The automation module bridges traditional CLI skills with modern programmability:
- EEM (Embedded Event Manager): Controlling interface shutdown (Lab 1) and emailing errors to administrators (Lab 2)
- Python -- Interactive: Retrieving information from routers (Lab 3), configuring devices (Labs 4-6)
- Python with Netmiko: Single-router initialization (Labs 7-8), multi-router information retrieval (Lab 9), single-router backup (Lab 10), multi-router backup (Lab 11), and multi-device configuration (Labs 12-13)
event manager applet LINK_DOWN
event syslog pattern "Interface GigabitEthernet0/1, changed state to down"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface GigabitEthernet0/1"
action 4.0 cli command "no shutdown"
Key Redistribution Scenarios in the CCIE EI V1.1 Rev 2 Workbook
Redistribution is the single topic that separates candidates who pass the CCIE lab from those who do not. The workbook dedicates significant lab time across Modules 2, 3, and 4 to redistribution because the exam almost always includes a scenario where multiple routing protocols must exchange routes without creating loops or suboptimal paths.
Why Redistribution Is Difficult
When you redistribute between two routing protocols, each protocol applies its own metric to the injected routes. EIGRP assigns a default seed metric to redistributed routes, OSPF marks them as E2 (external type 2) by default, and BGP sets the origin to incomplete. Without careful metric and route-map configuration, redistributed routes can create feedback loops in multi-point redistribution topologies where two or more routers perform redistribution simultaneously.
The workbook addresses this progressively. In Module 2, you start with simple one-way redistribution of connected and static routes (Lab 16), then move to mutual redistribution between RIP and EIGRP (Lab 17) and between two EIGRP autonomous systems (Lab 18). By Lab 22, you are handling multi-point redistribution with route tagging -- the most complex and exam-relevant scenario.
Route Tagging as a Loop Prevention Mechanism
The route tagging technique taught in Labs 21 and 22 of Module 2 works as follows: when a route is redistributed from Protocol A into Protocol B, it receives a tag (for example, tag 100). At every other redistribution point, a route map denies routes carrying that tag from being redistributed back into Protocol A. This prevents the classic redistribution loop where a route originates in Protocol A, gets redistributed into Protocol B, then gets redistributed back into Protocol A at a different point with a potentially better metric.
route-map EIGRP_TO_OSPF deny 10
match tag 200
route-map EIGRP_TO_OSPF permit 20
set tag 100
route-map OSPF_TO_EIGRP deny 10
match tag 100
route-map OSPF_TO_EIGRP permit 20
set tag 200
This pattern is so important that it reappears in Module 3 (OSPF-to-EIGRP redistribution in Lab 19 context) and Module 4 (BGP redistribution scenarios). Mastering it in the EIGRP module gives you a reusable mental model for every redistribution task the exam can throw at you.
Study Strategy for the CCIE EI V1.1 Rev 2 Workbook
Approaching 200+ labs without a plan is a recipe for burnout. Here is a phased strategy that works:
Phase 1: Foundation (Weeks 1-4)
Complete Modules 1, 2, and 3 in order. These Layer 2, EIGRP, and OSPF labs establish the routing and switching baseline that every other module depends on. Focus on understanding convergence behavior and metric manipulation.
Phase 2: Advanced Routing (Weeks 5-8)
Tackle Module 4 (BGP) and Module 5 (IPv6). BGP is the largest module for a reason -- spend extra time on the attribute manipulation labs (Labs 13-18) and the redistribution scenarios. Then apply your routing knowledge in an IPv6 context.
Phase 3: Overlay Technologies (Weeks 9-14)
Work through Modules 6 (VPNs), 7 (MPLS), 8 (SD-WAN), and 9 (SDA). These are the most exam-relevant modules in the current blueprint. SD-WAN and SDA together account for 78 labs -- roughly 38 percent of the entire workbook.
Pro Tip: When working SD-WAN labs, keep a reference sheet of your template hierarchy. Map which feature templates feed into which device templates and which device templates are attached to which WAN edge routers. This mental model is essential under exam pressure.
Phase 4: Services and Automation (Weeks 15-16)
Finish with Modules 10 through 13. These topics often appear as add-on tasks in the CCIE lab -- you might be asked to add QoS policies to an existing topology or write an EEM applet to automate a monitoring task. Familiarity here prevents losing easy points.
Phase 5: Full Integration (Weeks 17-20)
Return to the workbook and attempt multi-module scenarios. For example, build the Layer 2 topology from Module 1, run OSPF from Module 3 over it, redistribute into BGP from Module 4, overlay DMVPN from Module 6, and add QoS from Module 11. This compound practice mirrors the actual exam experience.
Frequently Asked Questions
How many labs are in the CCIE EI V1.1 Rev 2 Workbook?
The workbook contains over 200 individual labs spread across 13 modules. The smallest module (QoS) has 6 labs, while the largest (SDA) has 42. Every lab is designed to be completed in a logical sequence, with each building on the configuration from the previous one.
What topics does the CCIE EI V1.1 Rev 2 Workbook cover?
The workbook covers every domain on the CCIE Enterprise Infrastructure v1.1 blueprint: Layer 2 switching, EIGRP, OSPF, BGP, IPv6, VPN technologies (GRE, IPSec, DMVPN, FlexVPN), MPLS VPNs, SD-WAN (vManage, vSmart, vBond, templates, policies), SDA (DNAC, ISE, fabric, segmentation), IP services (DHCP, NAT, NTP, AAA, HSRP, VRRP), QoS, multicast, and automation with Python and EEM.
Is the CCIE EI V1.1 Rev 2 Workbook suitable for beginners?
The workbook is designed for candidates who already hold CCNP-level knowledge. If you are comfortable with basic routing and switching concepts, the workbook's progressive structure will guide you from intermediate to expert-level configurations. If you need to strengthen your fundamentals first, consider starting with the VLANs and Trunking or EtherChannel and STP courses on NHPREP before diving in.
How long does it take to complete all the labs?
Most candidates report spending 16 to 20 weeks working through the entire workbook when dedicating 2 to 3 hours per day. The SD-WAN and SDA modules take the longest due to their GUI-based workflows and the number of interdependent components. Plan to spend at least 3 to 4 weeks on Modules 8 and 9 combined.
What is the difference between the DMVPN phases covered in the workbook?
The workbook covers all three DMVPN phases. Phase I supports only hub-and-spoke traffic patterns. Phase II adds spoke-to-spoke tunnels through NHRP resolution but requires specific routing configurations. Phase III introduces NHRP shortcuts and redirects for optimal spoke-to-spoke communication without requiring changes to the routing protocol configuration. A dual-hub lab (Lab 8) also covers high-availability designs.
Does the workbook cover both manual and automated SDA deployment?
Yes. Module 9 provides two complete underlay provisioning paths. Labs 8 through 10 walk through manual underlay configuration with skinny device configs and OSPF as the IGP. Labs 11 through 14 cover LAN Automation, which uses DNAC to automatically discover and provision underlay devices. Both paths converge at the overlay configuration stage starting at Lab 15.
Conclusion
The CCIE EI V1.1 Rev 2 Workbook is not just a collection of labs -- it is a structured curriculum that transforms CCNP-level knowledge into CCIE-ready expertise. With 200+ labs spanning Layer 2 switching, IGP and BGP routing, VPN and MPLS technologies, SD-WAN and SDA fabrics, IP services, QoS, multicast, and automation, it addresses every domain on the current CCIE Enterprise Infrastructure blueprint.
The key to success with this workbook is disciplined, sequential practice. Each lab builds on the one before it, and the compound complexity of later labs -- multi-point redistribution with route tagging, SD-WAN application-aware routing, SDA micro-segmentation with SGT contracts -- can only be mastered if the foundational labs are solid.
Start your CCIE Enterprise Infrastructure preparation today. Build your Layer 2 and routing foundation with courses like VLANs and Trunking and Inter-VLAN Routing on NHPREP, then use the CCIE EI V1.1 Rev 2 Workbook to take your skills from solid to exceptional. The CCIE number is earned in the lab -- and this workbook is where that lab preparation begins.