Lab setup for CCNA-Security GNS3 or Real Equipment

cyberjunkie · February 2010

Hi,

I am going to start preparation for CCNA-Security, How can I use GNS 3 for this which IOS version will it be sufficient or I have to buy real equipments.

CiskHo · February 2010

2600XMs or 1800s would be ideal for a home lab setup, I think. However, I think GNS3 using 7200s with 12.4T would work as well.... Hopefully someone can explain in more detail if I am incorrect.

I'm not sure exactly what kind of labs one should setup to cover the CCNA:S as my study material hasn't referenced any specific labs yet. I would guess that reviewing SDM 2.5 on an 1800 would work. Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

mikem2te · February 2010

CiskHo wrote: »

Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

Yes, learn all the ins and outs of VPNs in SDM. If possible try to understand some of the ios syntax too.

mikej412 · February 2010

Zone Firewall support did show up in 12.4(6)T, but you want 12.4(9)T or 12.4(11)T (or higher) -- can't remember if it was bug fixes or more features.... Advanced Security, Advanced IP Services, or Advanced Enterprise Services feature sets should have the Security Features you need.

Dynamips (Dynagen/GNS3) should be enough for the router side of things (if you have access to supported IOS images and no qualms about violating the Cisco Software License).

ian g · February 2010

I'm a big fan of GNS3, and have been using it almost exclusively for my CCNA:S studies. It saves you a bunch on equipment costs, and it's really convenient being able to do all the labs on my laptop.
With a 12.4(15)T image, I've set up labs for IPS and ZBF on my virtualized 7200s. I'm about to start researching doing layer 2 stuff using virtualized switches - I've heard this can be done.
I'm working through the Cisco Academy (highly reccomended) which includes an excellent lab manual.
I'm not sure about the legalities of using Cisco IOS images in my lab, but I don't have any moral issues with it. The way I see it, I'm benefitting from it academically, but ultimately it must be good for Cisco too, having more people skilled and able to promote their equipment.

blackninja · February 2010

A couple of guys at work are doing the CCNA through the Cisco Network Acadamy and using packect tracer 5.2.

Had a go and seems to support all what is needed for the CCNA:S.

I'm currently studying for the CCNA:S and I've got 2620XMs with IOS c2600-advsecurityk9-mz.124-23.bin.

I also use GNS3 when studying at night or from work.

cyberjunkie · February 2010

Thank u all for ur quick response and support

peanutnoggin · February 2010

CiskHo wrote: »

2600XMs or 1800s would be ideal for a home lab setup, I think. However, I think GNS3 using 7200s with 12.4T would work as well.... Hopefully someone can explain in more detail if I am incorrect.

I'm not sure exactly what kind of labs one should setup to cover the CCNA:S as my study material hasn't referenced any specific labs yet. I would guess that reviewing SDM 2.5 on an 1800 would work. Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

Here's the CCNA Security Lab Manual. Excellent resource for the CCNA Security Exam.

CCNA Security Lab Manual

HTH

~Peanut

Daniel333 · February 2010

I bought the stuff, but then I discovered it was just easier to use Packet Tracer. Either way, 2621xm would be perfect along with a 2950. For the SSH VPN though, you might need an ASA.

Bl8ckr0uter · February 2010

Daniel333 wrote: »

I bought the stuff, but then I discovered it was just easier to use Packet Tracer. Either way, 2621xm would be perfect along with a 2950. For the SSH VPN though, you might need an ASA.

SSH VPN? You mean SSL VPN or am I missing something?

SSL VPN isn't on the blueprint so in theory you don't need to cover this for the exam. You can do everything on the blueprint with a cisco 1721 if you are looking for a cheaper option. Just know that they aren't rackable.

Looking at the ios feature navigator will determine which ios versions you can use

Cisco Feature Navigator - Cisco Systems

CiskHo · February 2010

knwminus wrote: »

You can do everything on the blueprint with a cisco 1721 if you are looking for a cheaper option. Just know that they aren't rackable.

Pardon my noobishness but what do you mean by "not rackable"?

peanutnoggin · February 2010

The cisco 1721 model cannot be rack mounted. Here's an image of the 1721. HTH.

~Peanut

CiskHo · February 2010

Thanks Peanut! I didn't realize the 1721 had that chassis type. I knew my 1761 was rackable and I assumed all 1700s had the same chassis. I guess one should never assume anything in the world of Cisco

Lab setup for CCNA-Security GNS3 or Real Equipment

Comments