IOS Feature Set?
emsrescue
Member Posts: 97 ■■□□□□□□□□
Hi Folks,
I am looking through the IOS Feature Selector and wanted peoples thoughts on the best feature set to get for CCNA Security.
I assume that the latest 12.4 release would be best but stumped on the features.
Cheers
Jon
I am looking through the IOS Feature Selector and wanted peoples thoughts on the best feature set to get for CCNA Security.
I assume that the latest 12.4 release would be best but stumped on the features.
Cheers
Jon
Comments
-
mikej412
Member Posts: 10,086 ■■■■■■■■■■
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/ciscoiospackaging-eng.pdf
You probably want a minimum of Advanced Security feature set....
Advanced IP Services and Advanced Enterprise Services would include the Advanced Security features.
You probably want at least version 12.4(9)T:mike: Cisco Certifications -- Collect the Entire Set! -
NullCode
Member Posts: 72 ■■□□□□□□□□
Well i tried c7200-adventerprisek9-mz.124-22.T , c3725-adventerprisek9-mz.124-15.T5 and a few others, and none of them seem to have ZoneFirewall(i cannot see ZonePair on SDM,it says it is not supported)
Can someone who passed CCNA:Security say the version he used?!
Thx,
NullCode -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
What version of SDM are you using?i cannot see ZonePair on SDM
Did you create zones or have the option to?:mike: Cisco Certifications -- Collect the Entire Set! -
NullCode
Member Posts: 72 ■■□□□□□□□□
No i did not create zones, i did the Basic Firewall Wizard, and i DO NOT GET this: http://filedb.experts-exchange.com/incoming/2008/12_w51/87623/Firewall-Config.png , i get this http://www.3cx.com/support/images/cisco4.png.
I cannot select the security LVL(Low,High,Medium), all it does is SDM_LOW.
And when i try Firewall with DMZ wizard, i cannot change the LOW security lvl( in basic, it doesn't show).
SDM: 2.5, 2002-2007
Any ideea? Can you suggest an IOS?( c7200advent should have worked). Thx for help mikej412 -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
I checked an unpacked version of c7200-adventerprisek9-mz.124-11.T.bin with Dynamips and zone firewalls are supported (at least via the CLI).... so I guess the next question is -- Real hardware? Dynamips/Dynagen? Dynamips/GNS3?:mike: Cisco Certifications -- Collect the Entire Set!
-
NullCode
Member Posts: 72 ■■□□□□□□□□
Yea i can configure it from CLI too, but SDM says it does not suppor, strange things
-
Netwurk
Member Posts: 1,155 ■■■■■□□□□□
Dynamips as your only lab can be problematic
It doesn't behave like real gear
Currently, I'm using GNS3 to do a simple GLBP lab for my CCNP studies. It sometimes takes several minutes for the lab to notice a topology change. With real equipment it would take seconds. My point is that anything you see happening with these virtual routers has to be taken with a grain of salt - it ain't the real thing.
I will admit that I am running GNS3 on an XP box with a P4 and 1GB mem. So if you are running GNS3 on a highspeed rig, you might get results that get closer to real equipment. Otherwise I highly recommend you get at least a small lab with real Cisco gear. -
NullCode
Member Posts: 72 ■■□□□□□□□□
Well i have Intel Cor2Duo, 2.5GHZ and 3 mbRam, so it is fast enough(on a Dell Vostro).
The things is that, i can configure zones/zone-pair/zone-members on CLI, but on SDM it says that the IOS does not support it. -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
I don't remember SDM coming with a 7200 configuration file..... did you use/do the copy and rename the 3800 sdm configuration file to 7200 trick if you're running SDM off the 7200?
I guess that's another question -- are you running SDM from your PC or did you copy the files to your "7200?"
Another option would be to test SDM and Zone firewalls with GNS3 using one of the platforms that has a configuration file that comes with SDM.
Another option would be to have someone with a real 7200 and proper IOS give SDM a try and let us know if it's supported by the real hardware.:mike: Cisco Certifications -- Collect the Entire Set! -
NullCode
Member Posts: 72 ■■□□□□□□□□
Router#show zone security INSIDE
zone INSIDE
Member Interfaces:
FastEthernet0/0
Router#show zone security INTERNET
zone INTERNET
Member Interfaces:
FastEthernet0/1
But in SDM it show: "Zones Unavailabe" The IOS image in your router does not support the requested feature.
IOS: ROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
Any ideea about the problem?! Anyone?
I'm running Windows Vista.GNS3
LE: I think i'm gonna try in Linux, and see how it goes. Will post back! -
mgeorge
Member Posts: 774 ■■■□□□□□□□
SDM was not initially designed to be supported on such high end routers and probably with good reason.
You'd never want anyone configuring a company 7200VXR boarder router with SDM, that just shows pure laziness or lack of CLI knowledge. In either case they should not even be touching it.
But as far as lab use goes, the 3725 will support 99% of all SDM features running dynamips.There is no place like 127.0.0.1 -
tiersten
Member Posts: 4,505
The OS you run Dynamips on won't affect how IOS inside Dynamips behaves.LE: I think i'm gonna try in Linux, and see how it goes. Will post back!
It is what mgeorge said anyway. You're not really supposed to use SDM for a 7200. It does have some support for things but not to the level of the smaller ISRs. -
NullCode
Member Posts: 72 ■■□□□□□□□□
As i last posted, it seems that the problem is with SDM, any hints?
-
NullCode
Member Posts: 72 ■■□□□□□□□□
FIXED IT.
Well not really fixed it, but i got a good IOS(c1700-advsecurityk9-mz.124-15.T8 ), and it worked like a charm. Thanks for all your help, i'm planning to give the EXAM in a few days.(Playing with ZBF was my only issue)
