CCSP/CCNP lab

Bl8ckr0uter

I have looked at the Faqs here and read some other things online and I think I have decided on my next lab purchases. My goal is to complete the CCNP and CCSP before I leave my school ( so in about a year and a half) . This thread will probably end up being used for tracking and hopefully be helpful for some folks here. Here is what I have


3 1721s (max mem)
- 4Wic 1ts

1 2610 (non xm)
- Wic 4 A/s

2 2950s (one is currently being used as my production switch)

My next purchases will be as follows

1 871w (for na wireless and wireless topics of CCNP)
1-2 3550 Switchs (for switch exam)
1 Asa 5505 (for SP)
1 1760 (for Na voice and voice topics of NP)
1-3 26X0 (xm) or 3640s to replace my 1721s with something rackable
Several wic 1csu/dsus
Possibly a 25XX terminal server
Maybe a pix 506e simply to learn the platform.
Everything else will be virtualized or emulated.
For those who have the SP or who are going for the SP does this seem like enough?


This is my reading list

IPS
Amazon.com: CCSP IPS Exam Certification Guide (9781587201462): Earl Carter: Books
- Even though this book is slightly old people have still said this is good


SNRS
Amazon.com: Router Security Strategies: Securing IP Network Traffic Planes (978158705336: Gregg Schudel, David J. Smith: Books

Amazon.com: LAN Switch Security: What Hackers Know About Your Switches (9781587052569): Eric Vyncke, Christopher Paggen: Books

http://www.amazon.com/End-Network-Se...ref=pd_sim_b_3

ASA exams

Amazon.com: Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition) (9781587058196): Jazib Frahim, Omar Santos: Books

Amazon.com: Cisco ASA Configuration (Networking Professional's Library) (9780071622691): Richard Deal: Books

Amazon.com: Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) (9781587054570): David Hucaby: Books


With the cisco docs and the CBTs for CCSP I think this will be fine for the exams. There are a couple of other books (IPV6 Security, Voice over IP security and WLan Security) that I would want to add to my reading list just for kicks.

tiersten

knwminus wrote: »

3 1721s (max mem)
- 4Wic 1ts

Look at the WIC-2Ts as well. When I bought all of mine, they were nearly the same price as the WIC-1Ts.

knwminus wrote: »

1 2610 (non xm)
- Wic 4 A/s

NM-4A/S you mean? There is also a NM-8A/S available if you want more serial interfaces.

knwminus wrote: »

1 Asa 5505 (for SP)

You can emulate this if you want but I'm not sure how good the transparent mode support is at the moment. The last time I looked it didn't work properly.

knwminus wrote: »

Possibly a 25XX terminal server

NM-16A and NM-32A are also possibilities with a cheap 2610. Sometimes cheaper if the 2509/2511s are overpriced.

knwminus wrote: »

Maybe a pix 506e simply to learn the platform.

See ASA5505 comment.

Bl8ckr0uter

tiersten wrote: »

Look at the WIC-2Ts as well. When I bought all of mine, they were nearly the same price as the WIC-1Ts.

Do you think that these would be a better buy than the T1 cards?

tiersten wrote: »

NM-4A/S you mean? There is also a NM-8A/S available if you want more serial interfaces.

Yes that is the one. I figure that I may move up to the NM-8A/S but I kinda wanted to put that in a 3640 and have it as my WAN box (for frame relay and the like).


I want at least 1 real ASA (2 would be cool) but I may emulate the pix.

tiersten wrote: »

NM-16A and NM-32A are also possibilities with a cheap 2610. Sometimes cheaper if the 2509/2511s are overpriced.

Haven't heard of this one so thanks for the tip. The 25XX cost a whole lot of money on ebay (more than I am willing to spend) so depending how much those wics cost, that would be cool.

I also need a good rack. I was thinking about this one 20U Deluxe Rack Stand but I am open to suggestion.

kalebksp

knwminus wrote: »

I also need a good rack. I was thinking about this one 20U Deluxe Rack Stand

But I am open to suggestion.

I'm a fan of the Skeletek racks. I've found them to have very good service.

tiersten

knwminus wrote: »

Do you think that these would be a better buy than the T1 cards?

They're 2 serial interfaces in a WIC instead of the single serial interface on the WIC-1T. The socket on it is different though. It uses the small SmartSerial connectors instead of the DB60 on the WIC-1T.

If you want 2 serial ports in your 1721 then you'd either fill both WIC slots with a WIC-1T or just put in a single WIC-2T and still have a spare WIC slot. You can get WIC-1ENETs for the 1700s that give you another (slow) Ethernet port.

knwminus wrote: »

Yes that is the one. I figure that I may move up to the NM-8A/S but I kinda wanted to put that in a 3640 and have it as my WAN box (for frame relay and the like).

If you're just using it as a frame switch then the cheapest 2610 you can find would be enough to handle that NM-4A/S or NM-8A/S. Bit of a waste to dedicate a 3640 to it unless you're putting other NMs in and doing other things with it.

knwminus wrote: »

I want at least 1 real ASA (2 would be cool) but I may emulate the pix.

Yeah. That'd be a better idea. Get a cheap ASA5505 and just emulate the earlier PIX releases.

knwminus wrote: »

Haven't heard of this one so thanks for the tip. The 25XX cost a whole lot of money on ebay (more than I am willing to spend) so depending how much those wics cost, that would be cool.

Sometimes it is cheaper to get the 2509/2511 than the 2610+NM-16A but othertimes its cheaper to get the 2610+NM-16A. It is just whatever is available on eBay at the time. Just something to consider anyway.

The advantage of the 2610+NM-16A is that your console server will have a much more recent IOS so using SSH doesn't require digging around to find a specific IOS version and it won't be slow as molasses.

Bl8ckr0uter

I will buy an ASA 5505. The question is whether or not I am going to buy a new one from new egg or take my chance with ebay.

As far as the Wic 2t my only issue is that the smart serial cables cost a little more (but the T1 cables cost are insane, guess I will have to make those) but I see your point.

Bl8ckr0uter

kalebksp wrote: »

I'm a fan of the Skeletek racks. I've found them to have very good service.

These racks look pretty good lol. Well I guess I will have to take a look.

ColbyG

kalebksp wrote: »

I'm a fan of the Skeletek racks. I've found them to have very good service.

I second this. I have a 24u rolling rack and a 27u cabinet both Skeletek. Good stuff.

Bl8ckr0uter

ColbyG wrote: »

I second this. I have a 24u rolling rack and a 27u cabinet both Skeletek. Good stuff.

Did you have to buy a power distribution unit or did the racks come with it?

ColbyG

knwminus wrote: »

Did you have to buy a power distribution unit or did the racks come with it?

The cabinet came with an 8 port power strip IIRC. The rack didn't come with anything, I don't think.

Edit: I have a couple of these:

http://www.cablesandkits.com/apc-1ru-surge-suppressing-power-strip-nine-515a-outlets-p-4296.html

They're cheap and I haven't had any issues.

Bl8ckr0uter

ColbyG wrote: »

The cabinet came with an 8 port power strip IIRC. The rack didn't come with anything, I don't think.

Edit: I have a couple of these:

APC 19" 1RU Surge Suppressing Power Strip W/ Nine 5-15A Outlets

They're cheap and I haven't had any issues.

I saw that on your blog post and I was going to ask you about that.

On another note, have you had any issues with power? I am concerned (actually my wife is concerned) about potential power issues that could come up with running 8-10 devices on my home power outlets. Guess I need to find a chart that shows how much these devices will pull at normal loads and pray that my outlets can handle it.

Mrock4

In regards to the racks..I purchased the 20U rack from ciscokits..and got a Skeletek 24U rack..so..if that's what they're shipping, I recommend it

It's a great rack, cage nuts can be a pain at first, but I don't mind them really. I also got two 9-outlet PDU's, and would highly recommend buying a cable management shelf off amazon if you can, they're like $15 and very worth it. Rack is strong and looks good. It's the same one ColbyG mentioned, I just didn't put the wheels on. Check out the thread "What a rack!" in the CCIE forum..we both posted shots of our gear. I also got two 9-outlet PDU's, and would highly recommend buying a cable management shelf off amazon if you can, they're like $15 and very worth it.

ColbyG

knwminus wrote: »

I saw that on your blog post and I was going to ask you about that.

On another note, have you had any issues with power? I am concerned (actually my wife is concerned) about potential power issues that could come up with running 8-10 devices on my home power outlets. Guess I need to find a chart that shows how much these devices will pull at normal loads and pray that my outlets can handle it.

I haven't had any issues with power. I haven't brought the new rack up yet though, but I don't foresee any problems.

Mrock4

I've been running a desktop (with 650W PSU), 2 monitors, 2 external HD's, 11 routers, 4 switches off of two outlets on the wall...it all has been running for a while now with no trouble. I'd say a bigger worry is the heat and sound

Bl8ckr0uter

Mrock4 wrote: »

I'd say a bigger worry is the heat and sound

Sound isn't an issue but heat might be. I'll have to figure out something to do about that, maybe a well placed fan or turning up the AC during my labbing days.

Bl8ckr0uter

I have been thinking about this some more, would an IDS 4200 be good for an CCSP CCIE security lab? I have seen some on ebay for like 190 and I am not sure if that is a decent price.


I try to model my thoughts from CCIE security labs (since I will probably go right into the CCIE security Written Late 2011-early 2012) and most of the labs have and IDS 4200.

mikej412

knwminus wrote: »

I have been thinking about this some more, would an IDS 4200 be good for an CCSP CCIE security lab? I have seen some on ebay for like 190 and I am not sure if that is a decent price.


I try to model my thoughts from CCIE security labs (since I will probably go right into the CCIE security Written Late 2011-early 2012) and most of the labs have and IDS 4200.

What's the actual model number and what's the software version. Does it even have the hard drive(s)?

In the past people would sell the old net rangers (without the hard drive, which means no software) and call it an IDS.

Since the upgrade to the IPS, a cheap 4210 IDS is better than nothing, but you'd want a "bigger one" like the 4235 IDS/IPS (that can run the newer software) so that you use the inline function. But you still need to watch the software version -- someone had cheap IDS-4235 last year, but they came with 3.x software.

You might want to do research and jump on a deal if you find one -- but with the changes/upgrades to the software being tested, the device you buy today may be useless for exam study tomorrow. It's probably best to wait until you get closer to studying for the exam before you decide on lab gear and your budget.

Bl8ckr0uter

mikej412 wrote: »

What's the actual model number and what's the software version. Does it even have the hard drive(s)?

In the past people would sell the old net rangers (without the hard drive, which means no software) and call it an IDS.

Since the upgrade to the IPS, a cheap 4210 IDS is better than nothing, but you'd want a "bigger one" like the 4235 IDS/IPS (that can run the newer software) so that you use the inline function. But you still need to watch the software version -- someone had cheap IDS-4235 last year, but they came with 3.x software.

You might want to do research and jump on a deal if you find one -- but with the changes/upgrades to the software being tested, the device you buy today may be useless for exam study tomorrow. It's probably best to wait until you get closer to studying for the exam before you decide on lab gear and your budget.

You are probably right. I will have to revisit this in a few months.

CiskHo

knwminus wrote: »

On another note, have you had any issues with power? I am concerned (actually my wife is concerned) about potential power issues that could come up with running 8-10 devices on my home power outlets. Guess I need to find a chart that shows how much these devices will pull at normal loads and pray that my outlets can handle it.

Most home outlets/circuits will handle a 10A or 15A current draw before the breaker (or fuse) in your power panel trips and you have to go flip the breaker (or replace the fuse). As long as you have a PDU/powerstrip/etc plugged into your home outlet and all the devices in your rack are plugged into the PDU then its built in breaker should trip 1st, ensuring the home breaker/fuse is not affected. All you have to do then is press the reset button on the PDU and things will start powering back up. Obviously you would want to unplug one device to keep that from happening again BUT I highly doubt that would be a problem for a home lab.

Check the documentation for your devices to find their max amperage or current draw then add all those figures up (you may also find stickers on the devices which state their max current draw). If the total exceeds 15A then you may have an issue BUT keep in mind that the current draws listed by the MFG will be their MAX draw. That max draw is only going to be reached when the router/switch is running at MAX capacity (think all ports in use, all routing protocols in use, and MAX traffic flowing through the device). Because home labs rarely max out any of those factors the chance of you reaching max current draw is slim to none. Some PDUs even have an LED/LCD built in to show you what the current draw is at and I doubt they are more than $100. I would avoid the $10 walmart checkout line type powerstrips as I have seen them fail, literally catch fire, and fuse themselves to the carpet!!

I commend you (or your wife) for thinking about the power issue! But it shouldn't be a problem for the gear you have listed. I am running all devices in my signature along with a BEEFY PC off of one PDU plugged into one home outlet. I don't recall seeing the amps/current get over 8A or 9A but I didn't have all the configs setup for all protocols, etc.

The real issue for me has been the temps and the noise!!! Some chassis fans are really loud. My 3550 is insanely loud compared to the 2600s. The 7200s are fairly loud as well but not too bad. When I have half of the gear powered up in my small 10'x12' office I start to sweat within an hour