How to build a CCNA security lab?
Certification: Cisco CCNA Security - CCNA Security Certification
Most of the candidates taking up the CCNA Security certification seek to build a CCNA security lab of their own to get the practical knowledge that would supplement the theoretical texts while preparing for the exam. Though idea of building a Cisco lab is the best way of learning more about the working, the investment required for building it up is one critical factor a candidate must consider. But if not a Cisco lab, what else is the option? The other option available for candidates isGraphic Network Simulator version 3 (GNS3). GNS3 is a graphic user interface for Dynamips, which is the emulator to the Cisco Router hardware. It is a cost-effective way for many candidates taking up the certification exam, who can save on the cost of purchasing and building a Cisco lab.
Though cost-effective, GNS3 has its own demerits. The Cisco hardware emulator, Dynamips that runs under GNS3 can only match Cisco Routers but not Cisco catalyst switches. Another drawback of using GNS3 is that its effective operation requires a relatively modern personal computer with at least a dual core processor and 2 gigabytes of RAM. Therefore, though building a Cisco lab is an costly affair, it is worth the time and money invested in comparison to GNS3.
Building a Cisco Lab
Building a Cisco lab is definitely going to be of great help in understanding the concepts and topics relating to the exam. However, before starting with buildingthe lab it is very important to have a clear understanding of what is being built. The significance of having this clarity helps a candidate in identifying the required components and accessories for the lab and to know about various platforms and competencies of each platform. Following are the hardware requirements for building a Cisco lab:
The requirement for building a basic Cisco lab is ISR (Integrated Services Router) model routers. It must be ensured that these routers support 15.1 Advanced IP Services which can back IPS, CCP and zone-based firewalls. And the most cost-effective router models that support it are the 1841 and 2800 series of routers. It is also important to ensure that the router has enough memory for running the IOS 12 and 15, and CCP properly. For example, a 184 router must have a memory of 256/64; a 2801 router must have a memory of 348/128 and 2811 routers 512/128. The most effective way is to have a mix of these routers to get an exposure to the working of all the router models.
Both 2950 switches and 2960 switches can be used for the lab. Although 2950 switches are capable of covering all the commands and test concepts, Cisco recommends the use of 2960 switches for building the lab as the 2950 switches does not have the feature of Dynamic ARP Inspection.
Adaptive Security Appliance (ASA)
ASA is a new addition to the CCNA Security 640-554 exam and thus, is one of the requirements for the lab. The lab can be completed with ASA-5505 or ASA-5510. Cisco recommends the higher version ASA-5510 for better understanding of the security system. ASA-5510 with SSM-10 modules can be a great way to learn about the Control Services and Context Services features such as anti-spyware, anti-spam, URL filtering and blocking, anti-virus, content filtering, file blocking and anti – phishing.
Finally, cables are required to connect the hardware components. The cables must be 6x DB60 DCE to DTE serial cables for the WIC-1T’s and 2x DB60 DTE to Smart Serial DCE Cables for R2′s WIC-2T for connecting R1 and R3 with R2.
Cisco's Feature Navigator
One of the best sources to find out the IOS that would support the router platform in a Cisco lab is Cisco’s Feature Navigator. The Cisco Feature Navigator helps in selecting the appropriate Cisco IOS, IOS XR, CatOS,NX-OS and IOS XE software releaseswith the features for operating the network. The Navigator allows search by specifying feature or technology, search by software or platform or product code or image, compare between software releases and view end of life information for images.
Plan for the Higher Version
Though three routers are sufficient for a CCNA Lab, if there is a willingness to go ahead in the career in Cisco and attain the CCNP certification it is better to set up a lab that supports the elements of the CCNP exam blueprints as well. The difference between a CCNA and CCNP workbook arises in the hardware requirements. The CCNA workbook requires Cisco 2950G switches in the Stub Area; however, the requirement as per CCNP workbook requires one 560-24TS-S for SW1 and two 3550-24-SMI switches as SW2 and SW3. This provides a candidate with an educational experience in the multi-layer switch environment.
Moreover, a CCNA lab with three routers does not have the capacity to completely show realistic scenarios to make it easily understandable and related. Setting up a Cisco Security lab that also supports CCNP lab requirements will be a sound investment with much more beneficial returns. A CCNA lab with a prospect of being used as a CCNP lab later on must have a Stub Area Networking Topology. All the Stub Area Networking workbooks have the same topology which becomes a major advantage for building the CCNA lab with Stub Area Networking Topology. The Stub Area Networking Topology has more than three routers that can be helpful in higher certifications such as CCNP. Moreover, it also has the capacity to create much more realistic experience of training with real life scenarios.Hence, if a candidate has plans for pursuing CCNP certification the extra investment for building a CCNP syllabus supporting lab is a profitable investment.