Free, hands-on containerized labs for Network+, Linux+, and Security+ exam preparation
This repository provides 9 free, containerized labs (3 per certification) designed to help you pass CompTIA Network+, Linux+, and Security+ exams through hands-on practice with real tools.
No VMs. No simulators. Real Linux networking in containers.
π‘ Looking for full exam prep? Visit PingToPass.com for practice exams, study guides, and comprehensive CompTIA certification resources!
| Lab | Duration | Exam Objectives | Difficulty |
|---|---|---|---|
| 01-static-routing-basics | 30 min | Domain 2: Routing technologies | Beginner |
| 02-nat-pat-configuration | 45 min | Domain 2: NAT/PAT | Intermediate |
| 03-vlan-trunking | 45 min | Domain 2: VLANs, Domain 4: VLAN security | Intermediate |
| Lab | Duration | Exam Objectives | Difficulty |
|---|---|---|---|
| 01-network-interface-config | 30 min | Domain 1: Configure network interfaces | Beginner |
| 02-iptables-firewall-basics | 45 min | Domain 2: iptables firewall rules | Intermediate |
| 03-systemd-service-management | 30 min | Domain 1: systemd service management | Beginner |
| Lab | Duration | Exam Objectives | Difficulty |
|---|---|---|---|
| 01-dmz-network-design | 45 min | Domain 3: Security zones, DMZ | Intermediate |
| 02-ssh-key-authentication | 30 min | Domain 3: Authentication methods | Beginner |
| 03-network-segmentation-zones | 45 min | Domain 3: Network segmentation | Intermediate |
Click the "Code" button above β "Create codespace on main"
Everything is pre-configured. No setup required.
Prerequisites:
- Docker Desktop installed
- Containerlab installed (Install Guide)
Clone and run:
git clone https://github.com/ciscoittech/comptia-certification-labs.git
cd comptia-certification-labs/network-plus/01-static-routing-basics
sudo containerlab deploy -t topology.clab.ymlWe carefully selected these 9 labs based on:
- High-weight exam domains (20%+ of exam)
- Hands-on requirements (can't learn from videos alone)
- Real-world relevance (skills used in actual jobs)
- Progression difficulty (beginner β intermediate)
1. Static Routing Basics - Domain 2 (20% of exam)
- β Foundation for all routing concepts
- β Required for understanding dynamic protocols (OSPF, BGP)
- β Appears in 5-10 exam questions
- β Used daily in network engineering
2. NAT/PAT Configuration - Domain 2 (20% of exam)
- β Critical for IPv4 address conservation
- β Appears in troubleshooting scenarios
- β Required knowledge for home/SMB networks
- β Foundation for understanding PAT vs SNAT
3. VLAN Trunking - Domains 2 & 4 (34% of exam combined)
- β Core switching technology
- β Security segmentation concept
- β Appears in multiple question types
- β NEW in N10-009: Emphasis on VLAN security
1. Network Interface Config - Domain 1 (32% of exam)
- β Most fundamental Linux networking skill
- β Required for all other network tasks
- β
ipcommand is exam-critical - β
Replaces deprecated
ifconfig
2. iptables Firewall Basics - Domain 2 (21% of exam)
- β Essential security skill
- β Appears in simulation questions
- β Foundation for firewalld understanding
- β Real-world filtering requirements
3. systemd Service Management - Domain 1 (32% of exam)
- β Modern Linux service control
- β Appears in troubleshooting scenarios
- β Critical for production systems
- β
systemctlandjournalctlare exam-heavy
1. DMZ Network Design - Domain 3 (18% of exam)
- β Core security architecture concept
- β Three-zone model is exam-critical
- β Demonstrates defense-in-depth
- β Real-world enterprise requirement
2. SSH Key Authentication - Domain 3 (18% of exam)
- β Modern authentication best practice
- β Appears in both Linux+ and Security+
- β Replaces password authentication
- β Foundation for zero-trust concepts
3. Network Segmentation with Zones - Domain 3 (18% of exam)
- β Microsegmentation is trending topic
- β Demonstrates least privilege
- β Zone-based firewalls are common
- β Applies to both on-prem and cloud
These labs use the same tools used in production:
- Alpine Linux - Lightweight container OS
- iproute2 - Modern Linux networking (
ipcommand) - iptables/nftables - Linux firewall
- FRR - Production routing daemon (OSPF, BGP)
- Containerlab - Network lab orchestration
β Configure network interfaces and routes β Troubleshoot connectivity issues β Implement firewall rules and NAT β Design secure network architectures β Manage Linux services with systemd β Deploy authentication best practices
Beginner Labs (3):
βββ Network+ Static Routing
βββ Linux+ Network Interface Config
βββ Security+ SSH Key Authentication
Intermediate Labs (6):
βββ Network+ NAT/PAT Configuration
βββ Network+ VLAN Trunking
βββ Linux+ iptables Firewall Basics
βββ Linux+ systemd Service Management
βββ Security+ DMZ Network Design
βββ Security+ Network Segmentation Zones
Recommended Study Path:
- Start with all 3 Beginner labs
- Move to certification-specific Intermediate labs
- Practice troubleshooting scenarios
- Take practice exams
Each lab includes:
lab-name/
βββ README.md # Learning objectives, exercises
βββ topology.clab.yml # Container topology
βββ configs/ # Pre-built configurations
βββ scripts/
β βββ validate.sh # Automated testing
βββ .devcontainer/ # GitHub Codespaces config
Every lab provides:
- π Clear learning objectives
- π― Exam objective mapping
- π¬ Hands-on exercises
- β Automated validation tests
| Certification | Domains Covered | Exam Weight | Labs Provided |
|---|---|---|---|
| Network+ N10-009 | Domains 2, 4 | 34% | 3 labs |
| Linux+ XK0-005 | Domains 1, 2 | 53% | 3 labs |
| Security+ SY0-701 | Domain 3 | 18% | 3 labs |
Combined Exam Coverage: These 9 labs address ~30% of total exam content across all three certifications.
vs. Virtual Machines:
- β 10x faster startup (5 seconds vs 5 minutes)
- β 75% less memory (50MB vs 1GB per node)
- β 90% less disk space (500MB vs 5GB per lab)
- β Run on laptops, no beefy hardware needed
vs. Simulators (Packet Tracer, CertMaster):
- β Real Linux networking stack, not simulated
- β Learn tools used in actual jobs
- β Transferable skills (Docker, containers)
- β Free and open source
vs. Cloud Labs (INE, CBT Nuggets):
- β $0 cost (vs $50-100/month)
- β No time limits
- β Full control over environment
- β Works offline after initial pull
Knowledge:
- Basic understanding of IP addressing
- Familiarity with command line
- Willingness to experiment and break things!
Software (for local usage):
No prerequisites for GitHub Codespaces - everything is pre-configured!
We welcome contributions! Ideas for new labs:
Network+ Expansion:
- IPv6 addressing and configuration
- DNS server setup (BIND9)
- DHCP server configuration
- Wireless network setup
Linux+ Expansion:
- LVM and RAID configuration
- Bash scripting basics
- SELinux configuration
- User and group management
Security+ Expansion:
- IDS/IPS deployment (Snort/Suricata)
- VPN configuration (OpenVPN, WireGuard)
- Certificate management (PKI)
- Log analysis and SIEM basics
See CONTRIBUTING.md for guidelines.
This project is licensed under the MIT License - see LICENSE file for details.
- Containerlab - Amazing network lab orchestration tool
- FRR Project - Open-source routing protocol suite
- Alpine Linux - Lightweight container OS
- CompTIA - Certification exam objectives
- π Bug Reports: Open an issue
- π¬ Discussions: GitHub Discussions
- π Need Exam Help? Check out PingToPass.com for comprehensive CompTIA exam preparation resources
- β Star this repository to bookmark it
- π Launch a Codespace or clone locally
- π Start with a beginner lab (Static Routing, Network Interface, or SSH Keys)
- β Run validation tests to verify your configuration
- π Practice, practice, practice!
Good luck on your certification journey! π
Made with β€οΈ for aspiring network and security engineers