Lab setup for CCNA-Security GNS3 or Real Equipment

Hi,

I am going to start preparation for CCNA-Security, How can I use GNS 3 for this which IOS version will it be sufficient or I have to buy real equipments.

Find more posts tagged with

Comments

CiskHo

2600XMs or 1800s would be ideal for a home lab setup, I think. However, I think GNS3 using 7200s with 12.4T would work as well.... Hopefully someone can explain in more detail if I am incorrect.

I'm not sure exactly what kind of labs one should setup to cover the CCNA:S as my study material hasn't referenced any specific labs yet. I would guess that reviewing SDM 2.5 on an 1800 would work. Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

mikem2te

CiskHo wrote: »

Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

Yes, learn all the ins and outs of VPNs in SDM. If possible try to understand some of the ios syntax too.

mikej412

Zone Firewall support did show up in 12.4(6)T, but you want 12.4(9)T or 12.4(11)T (or higher) -- can't remember if it was bug fixes or more features.... Advanced Security, Advanced IP Services, or Advanced Enterprise Services feature sets should have the Security Features you need.

Dynamips (Dynagen/GNS3) should be enough for the router side of things (if you have access to supported IOS images and no qualms about violating the Cisco Software License).

ian g

I'm a big fan of GNS3, and have been using it almost exclusively for my CCNA:S studies. It saves you a bunch on equipment costs, and it's really convenient being able to do all the labs on my laptop.
With a 12.4(15)T image, I've set up labs for IPS and ZBF on my virtualized 7200s. I'm about to start researching doing layer 2 stuff using virtualized switches - I've heard this can be done.
I'm working through the Cisco Academy (highly reccomended) which includes an excellent lab manual.
I'm not sure about the legalities of using Cisco IOS images in my lab, but I don't have any moral issues with it. The way I see it, I'm benefitting from it academically, but ultimately it must be good for Cisco too, having more people skilled and able to promote their equipment.

blackninja

A couple of guys at work are doing the CCNA through the Cisco Network Acadamy and using packect tracer 5.2.

Had a go and seems to support all what is needed for the CCNA:S.

I'm currently studying for the CCNA:S and I've got 2620XMs with IOS c2600-advsecurityk9-mz.124-23.bin.

I also use GNS3 when studying at night or from work.

cyberjunkie

Thank u all for ur quick response and support

peanutnoggin

CiskHo wrote: »

2600XMs or 1800s would be ideal for a home lab setup, I think. However, I think GNS3 using 7200s with 12.4T would work as well.... Hopefully someone can explain in more detail if I am incorrect.

I'm not sure exactly what kind of labs one should setup to cover the CCNA:S as my study material hasn't referenced any specific labs yet. I would guess that reviewing SDM 2.5 on an 1800 would work. Not sure if something like setting up IPSec between 2 routers is needed info for the exam... I'd love any additional input on that.

Here's the CCNA Security Lab Manual. Excellent resource for the CCNA Security Exam.

CCNA Security Lab Manual

HTH

~Peanut

Daniel333

I bought the stuff, but then I discovered it was just easier to use Packet Tracer. Either way, 2621xm would be perfect along with a 2950. For the SSH VPN though, you might need an ASA.

Bl8ckr0uter

Daniel333 wrote: »

I bought the stuff, but then I discovered it was just easier to use Packet Tracer. Either way, 2621xm would be perfect along with a 2950. For the SSH VPN though, you might need an ASA.

SSH VPN? You mean SSL VPN or am I missing something?

SSL VPN isn't on the blueprint so in theory you don't need to cover this for the exam. You can do everything on the blueprint with a cisco 1721 if you are looking for a cheaper option. Just know that they aren't rackable.

Looking at the ios feature navigator will determine which ios versions you can use

Cisco Feature Navigator - Cisco Systems

CiskHo

knwminus wrote: »

You can do everything on the blueprint with a cisco 1721 if you are looking for a cheaper option. Just know that they aren't rackable.

Pardon my noobishness but what do you mean by "not rackable"?

peanutnoggin

The cisco 1721 model cannot be rack mounted. Here's an image of the 1721. HTH.

~Peanut

CISCO1721.jpg

CiskHo

Thanks Peanut! I didn't realize the 1721 had that chassis type. I knew my 1761 was rackable and I assumed all 1700s had the same chassis. I guess one should never assume anything in the world of Cisco