Security endeavor

So i have decided to embark on the CCNA:Sec root. and as such i'm just after a bit of clarification on equipment.

I have searched through the forums for this topic prior, and have changed my original idea.

As i understand the majority of the exam is with ISR, so have been looking at the 1800/2800 series routers instead of my original goal of 3600/3700 series routers. and maybe even some more 2600XMs.

Currently I have some of which i will dispose of though i think;
2x 2950G-24-EI
1x 3550-24PWR-SMI
and from other studies
4x 2924
2x 2620
1x 2620XM (CME voice router)
1x 2505
1x 2501

So my question is, should this suffice as an upgrade (at the moment the 2811s are a bit out my budget at the moment);

2x 1841
or
2x 26x1XM (i've seen a number of members with these routers)
or even
2x 871?

I know the question is flogging a dead horse, however I was unable to find the solutinos i was after through search of the site.

Anyway, any help will be more than appreciated.
Cheers!

Comments

  • cisco_nerdcisco_nerd Posts: 198Member
    no bites?...
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    Some of the switch stuff like port-security and DHCP snooping you can do with an old 2950. I think you need higher-end switches to do PVLANs and dynamic ARP inspection.

    http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

    The tricky part is being able to use SDM (assuming they're still basing the certification off of it) with the right Java version on the client to learn the old-school CBAC firewalling on the IOS side as well as the newer zone-based firewalls. I'd guess the 871s might work, assuming you have the right image. I personally never use these since where I've worked it has always been ASAs or PIXs if it was a Cisco shop.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • cisco_nerdcisco_nerd Posts: 198Member
    the 2600XM routers support SDM, with 12.4 IOS installed. I will be using advipservicesk9 and adventerprisek9 ios on the routers.

    do 3640s serve any real place in the CCNA:S track? or is it best to just go with all 2600XMs with AIM VPN modules installed

    at the moment i cant really afford a 3560/3750 series switch.. and don't really want to have a great big 4500 switch either... but if i need one, then i may have to convince the boss!
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    I think the XM models are usually the recommended ones. While private VLANs are a good thing, I don't see too many people using them. If you already have some experience with Cisco concentrators, ASA, PIX, or IPsec in general, you can probably get by at least on the concepts without investing much in terms of physical equipment.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • cisco_nerdcisco_nerd Posts: 198Member
    Cheers for that.

    with respect to the AIM-VPN modules, is there any preference as to which particular version is best?
    ie;
    - AIM-VPN/EP
    - AIM-VPN/EPII PLUS
    - AIM-VPN/SSL2
    - AIM-VPN/SSL3
    - AIM-VPN/BP DES/3DES
    - AIM-VPN/BPII PLUS

    after searching around on eBay, i have become more confused regarding the AIM-VPN modules as these vary in price from around $50 up to and over $200.
  • BrizoHBrizoH Posts: 73Member ■■□□□□□□□□
    For CCNA: Sec I think purchasing AIM-VPN modules is overkill - if you have a CCO account and can access IOS images, GNS3 is all you need for the VPN sections (although admittedly SDM is a bit flakey on GNS3)
  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIPosts: 1,854Member ■■■■■■■■□□
    I just recently completed the CCNA Security course and the hardware requirements for this cert are not that great. This cert focuses strictly on routers and switches, so there's no need for anything else, or any add in modules. 2 routers and a switch were sufficient to get through any lab.

    Add another router capable of IOS 12.4 or better and you'll be fine. Look at a 2600XM, 3640, 1721 or 1760.
  • cisco_nerdcisco_nerd Posts: 198Member
    Thanks for the tips, I'll look more into GNS3 - last time i used that it was a bit flakey, but i'll incorporate it with hands-on lab time aswell.

    Cheers.
Sign In or Register to comment.