CCNA/CCNA Security Lab

ssnyderu2

Starting March 1st I will be working on getting my CCENT, CCNA Routing & Switching and my CCNA Security. What hardware do I need to be able to get the out of all 3 certifications? I have a 2950 48 port switch and a budget of 300 to 500 dollars. I would like to stick closer to the 300 dollar mark if I can. Oh, and I need the hard ware to be useful for the CCNP; if that is possible.

clarson

Well, you going to want two switches and the 2950's will for fine. But, they are level 2 switches and you will need level 3 switches for your ccnp.
for the ccna I'd suggest 3 routers, at least one that will run version 15 of the ios. for the ccna voice your going to want two. For the version 15 router your going to want a 1841 (256/64), 2801 (384/12, or 2811/21/51 (512/12. and for security your going to the ios of at least advance ip services. I prefer the 2811/21/51 over they 1841/2801. and the 2821/51 has gigabit ports compared to the 10/100 ports on the 2811. The version 15 routers can be used for the ccnp also. if you do the asa5500 in hardware that can be pretty expensive especially if you get a ssm-10 module. That alone could blow your budget.
what i reccomend is to buy just what you need now for as cheap as you can. wait to buy the more spendy items when you need them. They are only coming down in price. So, if it takes you a year to get your ccna, the expensive items for your security cert or ccnp will only be cheaper come next year.
get some 2950 switches, 2600xm and 2800 routers for your ccna. Then buy more 2800 routers or level 3 switches for your ccnp or asa5500 for security later. Let their prices come down while sitting on someone else's shelf instead of yours. of course, if you run across a cheap one, snatch it up.

mikeybinec

I started out with 2950s and 26XXs. What's important is to get the 26's with a good ios on them--at least ipadvanced--because router on a stick does not work on ipbase.. There's a guy on this forum that seems to have some good routers for sale.. I'll try to remember his name

ssnyderu2

On the routers, when you say get say the 280 (384/12), what is the (384/12)? I am guessing it is memory of some kind.

Switch1

ssnyderu2 wrote: »

On the routers, when you say get say the 280 (384/12), what is the (384/12)? I am guessing it is memory of some kind.

DRAM/Flash Memory, respectively.

I think he meant to type 384/128 but the ) turned it into an emoticon.

Cisco 2800 Series Memory

clarson

yes that would be 384D/128F. 384mb dram and 128mb flash usually a compact flash card
and you will need at least that much. and people try to sell them with less all the time. So, don't buy one without knowing how much you'll be getting.

ssnyderu2

Gotcha. Now those numbers make since. lol Last question and then its time to start price shopping. Do you need to keep a PC near the lab and can it just be any old PC? My PC is in a different room from when the Cisco stuff would be.

Switch1

ssnyderu2 wrote: »

Gotcha. Now those numbers make since. lol Last question and then its time to start price shopping. Do you need to keep a PC near the lab and can it just be any old PC? My PC is in a different room from when the Cisco stuff would be.

You'll be spending a lot of time with a terminal emulator for initial configuration using a console cable, so yes you'll need a computer capable of inputting and outputting text onto the screen. Make sure the PC has a COM Port, or simply buy a USB to Serial Adapter for use with the console cable. I run an old Pentium 4 with 512MB of RAM for all my labs, cost 15$.

If you want the mobility, you could connect your lab to a wired/wireless network and telnet/ssh from around the house.

clarson

well console management cables are usually about 5-6 feet long. not all that far. you can set up telnet/ssh to log into your equipment. And, then you can be as far away as your longest network cable. But, with telnet/ssh you lose your connection when powering on/off the equipment and you cant see the startup info. But that usually isn't a problem. I just use old pc's running xp. In your case your going to need an operating system that will run ccp (cisco's configuration professional software). Release Notes for Cisco Configuration Professional 2.8 - Cisco
or you can do like me. Have a pc close by for logging into the equipment. and work from computer that is much further away by using "remote desktop connection" to log into the close computer when i have a need.

theodoxa

The 1841 would be good router for CCNA, CCNA: Security and CCNP: R&S. For Voice (I didn't see it mentioned in your post, but I saw someone mention it further down) you'd need the 2800 Series (2801, 2811, or 2821). For switches, Layer 2 are fine for CCNA and CCNA; Security, but you'll want Layer 3 switches for CCNP. The 3550 is quite cheap, but won't cover 100% of the CCNP topics (PVLANs, IPv6, VTPv3). Unfortunately, the 3560 and 3750 are still around the $100/each mark, which wouldn't fit in your budget.

You can always add devices as you go. 3 x Layer 2 switches and 3 Routers should be fine for CCNA and CCNA: Security. You'll want a couple of Layer 3 switches and 1 or 2 more routers for CCNP.

CCNA and CCNA: Security -- 3 Switches + 3 Routers
CCNP: R&S -- 4 Switches (At least 2 x 3560/3750 or Above) + 5-6 Routers

BTW, you can always simulate additional routers in GNS3. Only downside is you'd be limited to older routers (1700 and 2600XM series) and GNS3 does have [in my experience] significant stability issues with larger topologies.

theodoxa

Cisco 1760 (Pre-ISR Router) -- $25 to $35 (This seems a bit high right now)
Cisco 1841 (ISR Router) -- $45 to $60
Cisco 2801 (ISR Router) -- $60 to $70
Cisco 2811 (ISR Router) -- $60 to $70
Cisco 2950 (L2 Switch) -- $25
Cisco 2960 (L2 Switch) -- $45 to $75 (Make sure it is LAN Base (24TT-L) and NOT LAN Lite.)
Cisco 3550 (L3 Switch) -- $35 to $50 (This seems a bit high right now)
Cisco 3560 (L3 Switch) -- $100 (24TS or 48TS, The PoE Models for some reason have less DRAM)

To save some money, you might consider using T1 WICs (WIC-1DSU-T1-V2) rather than the traditional WIC-1T/2Ts. The WICs are cheaper and you can roll your own cables (If you can make an Ethernet cable, you can make a T1 cable) rather than having to buy serial cables. Just remember [for the actual test] that when you use a serial cable, you need to set the clock rate on the DCE end.

theodoxa

You could buy a Console/Terminal server, such as the DigiCM32, but that'll take a nice bite out of your budget. With the DigiCM32, you simply connect the Ethernet port to your network and the numbered ports connect to the console ports [with regular patch cables] on your various devices. You Telnet or SSH to the DigiCM32, which establishes a Console session to the Router or Switch.

Digi CM32 | eBay

ssnyderu2

Based on what i am seeing this is my plan, feel free to offer suggestions.

For CCENT and CCNA R&S:

Low end PC that I can remote into
3x 2950 Switches (I already have one)
3x 2821 (512D/128F) Routers

CCNA Security

Add a ASA 5505 Firewall

CCNP will be a while, but I should be able to just add to what I have.

theodoxa

ssnyderu2 wrote: »

3x 2821 (512D/128F) Routers

Is there a specific reason for the 2821s? These are good routers, but are also bigger.

clarson

well it isn't quite as easy as picking a router then finding the cheapest price.
First thing you need to know is what ios package your going to need. the advanced security package, your going to need for sure. but, you'd really like to have the advanced ip services package because it has all the advanced security package items plus ipv6 and more. And, the advanced enterprise services package has everything in the advanced ip services package and more. So, you want the advanced ip services or the advanced enterprise services package. router doesn't come with it, how you going to get it?
Second, what version of the ios are you going to use. the test is written for an ios version 15. some say you can get by with a 12.4T version, or even 12.4. But, it is nice to have at least one router that runs version 15. a lot of older equipment such as the 1760 and 2600xm can't run version 15, but do fine with 12.4 or 12.4T. And, ever older equipment like the 2500 series cant even run version 12.4.
Thrid, the newer and more capable the ios is the more memory it needs. So, you need to lookup the hardware with version of the ios your going to want to use. Then see how much dram and flash your going to need. if the router doesn't have that much memory, your going to need to buy more.
https://software.cisco.com/download/navigator.html?mdfid=268437593&flowid=2532
So, if it doesn't have the ios package or the ios version or the memory to run that version your going to have to upgrade that router to get it to do what you want it to do. There are a lot of routers out there for sale. Alot of them don't tell you tell you what the ios package name or the ios version or how much memory there is. Mostly because they want to sell them cheap by not taking the time to find out what that information is. So, maybe you get what you want cheap, maybe you don't.
and of couse the last thing is how are you going to interface your routers together. as mentioned there are several different kinds. Some are cheaper than others. But, your going to have to stay consistant with your routers. in general different wics can not be connected together. So, you need to decide which your going to use and stick with those. And, of course, it would be nice if the router came with the wic's your wanting to use.

clarson

as mentioned the 2821's are big (2u in height) and heavy (about 25 pounds). Which makes shipping them more expensive. 3x 2811's are 3u and 45 pounds (goes in one box). 3x 2821's are 6u and 75 pounds (that isn't going in one box). But, if you can pick up the 2821's (or 2851's) locally (without paying for shipping) they are nice to have. Those gigabit interfaces are nice if you are using the router in your home network.

clarson

theodoxa wrote: »

Cisco 3560 (L3 Switch) -- $100 (24TS or 48TS, The PoE Models for some reason have less DRAM)

actually less flash, 16mb vs. 32mb so, the poe models can not run version 15 of the ios.

theodoxa

clarson wrote: »

actually less flash, 16mb vs. 32mb so, the poe models can not run version 15 of the ios.

Wasn't thinking. I meant Flash. IOS 15 takes up a hair over 16 MB of space and won't fit on the 16 MB Flash used on the PoE models.

ssnyderu2

theodoxa wrote: »

Is there a specific reason for the 2821s? These are good routers, but are also bigger.

No reason. Just saw this (2811/21/51) in an earlier post and just picked the one in the middle. Did not realize the size/weight difference. Since it will run IOS 15, I am going to switch to the 2811 512d/128f.

JeanM

Another thing to think about about 35xx series switches, if you think you'll want to try Voice track, you'll want to spend a little bit extra and the POE switches otherwise your VoIP phones will all need power bricks. The POE switches can also power wireless AP's as well.

For CCNA, I used PT and then purchased 2950 switches and 26xx series routers, and since then upgraded to 2600xm models and 2811s (for voice track) and picked up 4 3550 (2 are poe) for voice and ccnp track. Also keep in mind 3550 does not have 100% feature set needed for CCNP track, you would need to get the 3560

Catalyst 3560 and 3550 Comparison | INE - INE

So for CCNA , basic PT and/or 2950s switches and even 26xx series or 18xx series will do.

ssnyderu2

To get the most out of the test lab, do i need to hook up a few computers to the switches?

clarson

of course you are going to need one to connect to the cisco equipment to work on it. one other one might be nice to have to check on acls to see if they working correctly, but not really neccessary

ssnyderu2

clarson wrote: »

of course you are going to need one to connect to the cisco equipment to work on it. one other one might be nice to have to check on acls to see if they working correctly, but not really neccessary

So its overkill to add a bunch of network cards to my server and load a bunch of virtual machines to simulate a work environment?

I have 4 Ethernet ports on my server and I was going to add 6 dual Ethernet port network cards for a total of 16 ports. Then setup 15 virtual machines and assign each a Ethernet port. Overkill?

OfWolfAndMan

Your options are as follows:

Option 1: A few switches and a few routers
Option 2: Packet tracer
Option 3: GNS3 routers and a couple of switches.

Your choice. It all depends on you. As for CCNA Security, don't expect to work much at all in the command line. The majority of the configuration and labbing you will be doing will be done in CCP (Cisco Configuration Professional). After that, you can configure a loopback (With an IP in the same subnet as your first hop router) and insert it inside of GNS3, connecting it to the first router. Getting the bugs out of CCP takes some config in the browser (Has to be IE) and in Java, so have fun. If you need a link to my CCNA Security notes, let me know. I'd be more than happy to share (That goes for anyone here interested).

ssnyderu2

OfWolfAndMan wrote: »

Your options are as follows:

Option 1: A few switches and a few routers
Option 2: Packet tracer
Option 3: GNS3 routers and a couple of switches.

Your choice. It all depends on you. As for CCNA Security, don't expect to work much at all in the command line. The majority of the configuration and labbing you will be doing will be done in CCP (Cisco Configuration Professional). After that, you can configure a loopback (With an IP in the same subnet as your first hop router) and insert it inside of GNS3, connecting it to the first router. Getting the bugs out of CCP takes some config in the browser (Has to be IE) and in Java, so have fun. If you need a link to my CCNA Security notes, let me know. I'd be more than happy to share (That goes for anyone here interested).

Thanks for the info. I will be building a lab. If possible I always like to get real hands on. In a job you will need to work with real hardware, so I want to work that way. Bummer about having to IE for CCP. Kinda used to Firefox now. I will take all the help I can get, so I would appreciate a linke to your notes.

thatguy67

OfWolfAndMan wrote: »

Your options are as follows:

Option 1: A few switches and a few routers
Option 2: Packet tracer
Option 3: GNS3 routers and a couple of switches.

Your choice. It all depends on you. As for CCNA Security, don't expect to work much at all in the command line. The majority of the configuration and labbing you will be doing will be done in CCP (Cisco Configuration Professional). After that, you can configure a loopback (With an IP in the same subnet as your first hop router) and insert it inside of GNS3, connecting it to the first router. Getting the bugs out of CCP takes some config in the browser (Has to be IE) and in Java, so have fun. If you need a link to my CCNA Security notes, let me know. I'd be more than happy to share (That goes for anyone here interested).

That would be cool if you could share the notes if it involves GNS3. I am setting up ASA in GNS3 right now, after that will be CCP.

ssnyderu2

theodoxa wrote: »

Cisco 3560 (L3 Switch) -- $100 (24TS or 48TS, The PoE Models for some reason have less DRAM)

What is the DRAM difference? Is it worth passing on a PoE version?

clarson

The dram size is the same. But, because the flash is only 16mb, the poe version can not run version 15 of the ios.
It depends on weather you need poe or not. if you need poe for connecting wireless access points or phones, maybe it is.
But, you don't need poe, then there isn't a reason for buying that model.

ssnyderu2

clarson wrote: »

The dram size is the same. But, because the flash is only 16mb, the poe version can not run version 15 of the ios.
It depends on weather you need poe or not. if you need poe for connecting wireless access points or phones, maybe it is.
But, you don't need poe, then there isn't a reason for buying that model.

Bummer, I found the PoE version for $20.00. But I need it to run OS 15. At the moment I dont plan on doing voice, at least not this year.

ssnyderu2

I have the one WS-C2950G-48-EI

Can it be updated to the latest OS? From what i can tell 12.1 is as good as it gets.

clarson

Well, $20 is a really good price. it might not be able to run ios version 15, but it still can do the version right before that. And, still do level 3 switching, private vlans, ipv6, etc. And, it isn't all that easy to find a 2950 for $20. much less a 3560. I'd buy it. You can always sell it for $20 (and probably more) if you don't want to keep it.