nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

IOS Feature Set?

emsrescue

Hi Folks,

I am looking through the IOS Feature Selector and wanted peoples thoughts on the best feature set to get for CCNA Security.

I assume that the latest 12.4 release would be best but stumped on the features.

Cheers

Jon

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

mikej412

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/ciscoiospackaging-eng.pdf

You probably want a minimum of Advanced Security feature set....

Advanced IP Services and Advanced Enterprise Services would include the Advanced Security features.

You probably want at least version 12.4(9)T

NullCode

Well i tried c7200-adventerprisek9-mz.124-22.T , c3725-adventerprisek9-mz.124-15.T5 and a few others, and none of them seem to have ZoneFirewall(i cannot see ZonePair on SDM,it says it is not supported)
Can someone who passed CCNA:Security say the version he used?!
Thx,
NullCode

mikej412

NullCode wrote: »

i cannot see ZonePair on SDM

What version of SDM are you using?

Did you create zones or have the option to?

NullCode

No i did not create zones, i did the Basic Firewall Wizard, and i DO NOT GET this: http://filedb.experts-exchange.com/incoming/2008/12_w51/87623/Firewall-Config.png , i get this http://www.3cx.com/support/images/cisco4.png.
I cannot select the security LVL(Low,High,Medium), all it does is SDM_LOW.
And when i try Firewall with DMZ wizard, i cannot change the LOW security lvl( in basic, it doesn't show).
SDM: 2.5, 2002-2007
Any ideea? Can you suggest an IOS?( c7200advent should have worked). Thx for help mikej412

mikej412

I checked an unpacked version of c7200-adventerprisek9-mz.124-11.T.bin with Dynamips and zone firewalls are supported (at least via the CLI).... so I guess the next question is -- Real hardware? Dynamips/Dynagen? Dynamips/GNS3?

NullCode

Gns3 Dynamips.

NullCode

Yea i can configure it from CLI too, but SDM says it does not suppor, strange things

Netwurk

Dynamips as your only lab can be problematic

It doesn't behave like real gear

Currently, I'm using GNS3 to do a simple GLBP lab for my CCNP studies. It sometimes takes several minutes for the lab to notice a topology change. With real equipment it would take seconds. My point is that anything you see happening with these virtual routers has to be taken with a grain of salt - it ain't the real thing.

I will admit that I am running GNS3 on an XP box with a P4 and 1GB mem. So if you are running GNS3 on a highspeed rig, you might get results that get closer to real equipment. Otherwise I highly recommend you get at least a small lab with real Cisco gear.

NullCode

Well i have Intel Cor2Duo, 2.5GHZ and 3 mbRam, so it is fast enough(on a Dell Vostro).
The things is that, i can configure zones/zone-pair/zone-members on CLI, but on SDM it says that the IOS does not support it.

mikej412

I don't remember SDM coming with a 7200 configuration file..... did you use/do the copy and rename the 3800 sdm configuration file to 7200 trick if you're running SDM off the 7200?

I guess that's another question -- are you running SDM from your PC or did you copy the files to your "7200?"

Another option would be to test SDM and Zone firewalls with GNS3 using one of the platforms that has a configuration file that comes with SDM.

Another option would be to have someone with a real 7200 and proper IOS give SDM a try and let us know if it's supported by the real hardware.

NullCode

just tryed it now, but no use, maybe i'm doing it wrong?!

NullCode

Router#show zone security INSIDE
zone INSIDE
Member Interfaces:
FastEthernet0/0

Router#show zone security INTERNET
zone INTERNET
Member Interfaces:
FastEthernet0/1

But in SDM it show: "Zones Unavailabe" The IOS image in your router does not support the requested feature.
IOS: ROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)

Any ideea about the problem?! Anyone?
I'm running Windows Vista.GNS3

LE: I think i'm gonna try in Linux, and see how it goes. Will post back!

mgeorge

SDM was not initially designed to be supported on such high end routers and probably with good reason.

You'd never want anyone configuring a company 7200VXR boarder router with SDM, that just shows pure laziness or lack of CLI knowledge. In either case they should not even be touching it.

But as far as lab use goes, the 3725 will support 99% of all SDM features running dynamips.

tiersten

NullCode wrote: »

LE: I think i'm gonna try in Linux, and see how it goes. Will post back!

The OS you run Dynamips on won't affect how IOS inside Dynamips behaves.

It is what mgeorge said anyway. You're not really supposed to use SDM for a 7200. It does have some support for things but not to the level of the smaller ISRs.

NullCode

As i last posted, it seems that the problem is with SDM, any hints?

NullCode

FIXED IT.
Well not really fixed it, but i got a good IOS(c1700-advsecurityk9-mz.124-15.T8 ), and it worked like a charm. Thanks for all your help, i'm planning to give the EXAM in a few days.(Playing with ZBF was my only issue)