Options

Lab setup for CCNA-Security GNS3 or Real Equipment

cyberjunkiecyberjunkie Member Posts: 13 ■□□□□□□□□□
in CCNA Security
Hi,

I am going to start preparation for CCNA-Security, How can I use GNS 3 for this which IOS version will it be sufficient or I have to buy real equipments.
“Power corrupts. Knowledge is power. Study hard. Be evil.”:wink:
· Share on FacebookShare on Twitter

Comments

  • Options
    CiskHoCiskHo Member Posts: 188
    2600XMs or 1800s would be ideal for a home lab setup, I think. However, I think GNS3 using 7200s with 12.4T would work as well.... Hopefully someone can explain in more detail if I am incorrect.

    I'm not sure exactly what kind of labs one should setup to cover the CCNA:S as my study material hasn't referenced any specific labs yet. I would guess that reviewing SDM 2.5 on an 1800 would work. Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.
    My Lab Gear:
    2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server

    Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
    Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT
    · Share on FacebookShare on Twitter
  • Options
    mikem2temikem2te Member Posts: 407
    CiskHo wrote: »
    Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.
    Yes, learn all the ins and outs of VPNs in SDM. If possible try to understand some of the ios syntax too.
    Blog : http://www.caerffili.co.uk/

    Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
    Currently : EIGRP & OSPF
    Next : CCNP Route
    · Share on FacebookShare on Twitter
  • Options
    mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Zone Firewall support did show up in 12.4(6)T, but you want 12.4(9)T or 12.4(11)T (or higher) -- can't remember if it was bug fixes or more features.... Advanced Security, Advanced IP Services, or Advanced Enterprise Services feature sets should have the Security Features you need.

    Dynamips (Dynagen/GNS3) should be enough for the router side of things (if you have access to supported IOS images and no qualms about violating the Cisco Software License).
    :mike: Cisco Certifications -- Collect the Entire Set!
    · Share on FacebookShare on Twitter
  • Options
    ian gian g Member Posts: 29 ■■□□□□□□□□
    I'm a big fan of GNS3, and have been using it almost exclusively for my CCNA:S studies. It saves you a bunch on equipment costs, and it's really convenient being able to do all the labs on my laptop.
    With a 12.4(15)T image, I've set up labs for IPS and ZBF on my virtualized 7200s. I'm about to start researching doing layer 2 stuff using virtualized switches - I've heard this can be done.
    I'm working through the Cisco Academy (highly reccomended) which includes an excellent lab manual.
    I'm not sure about the legalities of using Cisco IOS images in my lab, but I don't have any moral issues with it. The way I see it, I'm benefitting from it academically, but ultimately it must be good for Cisco too, having more people skilled and able to promote their equipment.
    · Share on FacebookShare on Twitter
  • Options
    blackninjablackninja Member Posts: 385
    A couple of guys at work are doing the CCNA through the Cisco Network Acadamy and using packect tracer 5.2.

    Had a go and seems to support all what is needed for the CCNA:S.

    I'm currently studying for the CCNA:S and I've got 2620XMs with IOS c2600-advsecurityk9-mz.124-23.bin.

    I also use GNS3 when studying at night or from work.
    Currently studying:
    CCIE R&S - using INE workbooks & videos

    Currently reading:
    Everything. Twice ;)
    · Share on FacebookShare on Twitter
  • Options
    cyberjunkiecyberjunkie Member Posts: 13 ■□□□□□□□□□
    Thank u all for ur quick response and support :)
    “Power corrupts. Knowledge is power. Study hard. Be evil.”:wink:
    · Share on FacebookShare on Twitter
  • Options
    peanutnogginpeanutnoggin Member Posts: 1,096 ■■■□□□□□□□
    CiskHo wrote: »
    2600XMs or 1800s would be ideal for a home lab setup, I think. However, I think GNS3 using 7200s with 12.4T would work as well.... Hopefully someone can explain in more detail if I am incorrect.

    I'm not sure exactly what kind of labs one should setup to cover the CCNA:S as my study material hasn't referenced any specific labs yet. I would guess that reviewing SDM 2.5 on an 1800 would work. Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

    Here's the CCNA Security Lab Manual. Excellent resource for the CCNA Security Exam.

    CCNA Security Lab Manual

    HTH

    ~Peanut
    We cannot have a superior democracy with an inferior education system!

    -Mayor Cory Booker
    · Share on FacebookShare on Twitter
  • Options
    Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    I bought the stuff, but then I discovered it was just easier to use Packet Tracer. Either way, 2621xm would be perfect along with a 2950. For the SSH VPN though, you might need an ASA.
    -Daniel
    · Share on FacebookShare on Twitter
  • Options
    Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Daniel333 wrote: »
    I bought the stuff, but then I discovered it was just easier to use Packet Tracer. Either way, 2621xm would be perfect along with a 2950. For the SSH VPN though, you might need an ASA.


    SSH VPN? You mean SSL VPN or am I missing something?


    SSL VPN isn't on the blueprint so in theory you don't need to cover this for the exam. You can do everything on the blueprint with a cisco 1721 if you are looking for a cheaper option. Just know that they aren't rackable.

    Looking at the ios feature navigator will determine which ios versions you can use

    Cisco Feature Navigator - Cisco Systems
    · Share on FacebookShare on Twitter
  • Options
    CiskHoCiskHo Member Posts: 188
    knwminus wrote: »
    You can do everything on the blueprint with a cisco 1721 if you are looking for a cheaper option. Just know that they aren't rackable.
    Pardon my noobishness but what do you mean by "not rackable"?
    My Lab Gear:
    2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server

    Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
    Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT
    · Share on FacebookShare on Twitter
  • Options
    peanutnogginpeanutnoggin Member Posts: 1,096 ■■■□□□□□□□
    The cisco 1721 model cannot be rack mounted. Here's an image of the 1721. HTH.

    ~Peanut
    We cannot have a superior democracy with an inferior education system!

    -Mayor Cory Booker
    · Share on FacebookShare on Twitter
  • Options
    CiskHoCiskHo Member Posts: 188
    Thanks Peanut! I didn't realize the 1721 had that chassis type. I knew my 1761 was rackable and I assumed all 1700s had the same chassis. I guess one should never assume anything in the world of Cisco ;)
    My Lab Gear:
    2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server

    Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
    Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT
    · Share on FacebookShare on Twitter
Sign In or Register to comment.