Curriculum, labs, and how we compare.
12 weeks. Week-by-week. Build real engineers.
L2 → L7 across Juniper SRX, Cisco ASA, and Palo Alto, plus cloud networking — every week ships a hands-on lab and a graded project. AI prompt engineering & Python automation in weeks 11–12.
Install EVE-NG on your laptop. Import Juniper SRX, Cisco ASA, Palo Alto, and IOSvL2 images. First topology online.
Live lab: boot EVE-NG, build a 4-node topology, console into each device.
Assignment — submit a screenshot of your running 4-node lab and a short writeup of your image inventory.
Encapsulation, headers, MTU/MSS, ARP, ICMP. Advanced IPv4/IPv6 subnetting drills.
Packet capture drills in Wireshark — identify each header field on real frames.
Assignment — subnet a /22 into eight VLANs and document the plan in a CSV.
VLANs, 802.1Q trunking, STP/RSTP, EtherChannel, port security, voice VLANs.
Build a 3-switch lab with VLANs, trunks, EtherChannel, and watch STP converge.
Assignment — design + configure a campus access/distribution layer for a 4-VLAN office.
Static routes, route selection, OSPF single-area, redistribution basics.
Bring up OSPF in EVE-NG across 4 routers, break it, fix it.
Assignment — migrate a static-route lab to OSPF without dropping reachability.
Areas, LSAs, summarization. eBGP/iBGP, attributes, route maps, prefix-lists.
Multi-area OSPF + eBGP peering between two ASes in your lab.
Assignment — influence path selection with local-pref and MED, document outcomes.
One intensive week covering all three vendors side-by-side: zones, security policies, source/destination NAT, App-ID, security profiles, HA pairs, and Panorama/AnyConnect/GlobalProtect basics.
Build the same DMZ + inside + outside policy on Juniper SRX, Cisco ASA, and Palo Alto — then compare CLIs.
Assignment — write a vendor-comparison matrix for a real customer scenario and pick the right firewall.
IKEv2, route-based vs policy-based tunnels, site-to-site between SRX, ASA, and PAN, plus remote access (AnyConnect / GlobalProtect).
Stand up a working IPsec triangle: SRX ↔ ASA ↔ Palo Alto.
Assignment — design and document a 3-site hub-and-spoke VPN with redundancy.
VPCs, VNets, subnets, route tables, security groups/NSGs, transit gateways, site-to-site VPN from on-prem to cloud, intro to hybrid architectures.
Build a VPC + VNet, peer them, and connect your EVE-NG lab to AWS over IPsec.
Assignment — design a hybrid network for a 50-person company with one HQ and AWS workloads.
AAA (RADIUS/TACACS+), 802.1X, device hardening, secure management plane, change control, logging & SIEM-friendly outputs.
Configure TACACS+ login on a switch + firewall and lock down management access.
Assignment — produce a hardening checklist for a multi-vendor edge.
Wireshark on lab captures, latency/loss triage, structured troubleshooting frameworks (OSI top-down, divide-and-conquer).
Instructor breaks your lab — you find and fix the fault on the clock.
Assignment — write a 1-page post-mortem from a recorded outage scenario.
Using LLMs to draft configs, parse logs, generate ACLs, explain BGP outputs, and build runbooks — safely. Prompt patterns for CLI, change windows, and incident response.
Live prompting session — turn raw `show` output into a clean change plan with AI, then peer-review it.
Assignment — build a personal prompt library (10+ tested prompts) for your daily NOC tasks.
Wrap automation into AI prompting: use LLMs to generate, review, and refactor Python scripts (Netmiko, NAPALM, Nornir, Paramiko) for bulk config push, backup, compliance checks, and log parsing across SRX/ASA/PAN.
Live build: AI-generate a Netmiko script, run it against your EVE-NG lab, fix what breaks.
Capstone — design + automate a multi-site, multi-vendor network. Resume review + mock tech interviews.
Type a network task. Get a Python script.
Our AI workflow turns plain-English tasks into runnable Netmiko, NAPALM, or Nornir scripts — with credentials from env, dry-run flags, and proper error handling. Try it free, no signup.
- Bulk config backup across hundreds of switches
- Compliance audits on SRX, ASA & Palo Alto policies
- Push VLANs/ACLs with dry-run + rollback
- Parse show commands into CSV/JSON
- Nightly HA + BGP health checks