Can any one recommend a CCIE Security Home lab ?

Answered Question
Aug 23rd, 2007

Can any one recommend a CCIE Security Home lab ?

Correct Answer by galamayur about 9 years 6 months ago

Hi,


Dynagen / Dynamibs /pixemu are the opensource application which runs cisco IOS software for training purpose


So can we use IOS images , in this software, is this legal?


I have a huge network setup where I have all the required IOS/pix sofwtare. So in my environment can I make a Virtual Cisco Lab using these products & load the actual Cisco IOS for training purpose.


we will not be adding any new cisco Hardware only thing which will be used is the existing IOS images.


Awaiting reply


Regards

Mayur

Correct Answer by RamyElSisy about 9 years 6 months ago

There is no recommended number of devices to build your home lab exam to prepare for your CCIE Security lab exam, but it depends which technology you are trying to practice.


For example if you need to practice ASA technologies, you need 2 ASAs and 3 routers.

If you need to practice VPN technology, you need at most 4 Routers, VPN Conc. and Cisco VPN client S/W Ver. 4.x machine.

If you need to practice IPS technologies, you need 1 IPS, 2 or 3 routers and client machine.

It means 4 routers, 1 switch and all the security devices will let you practice all exam technologies independently.


But when you need to practice all the technologies together (same like real lab environment) you need at least:


 6 routers, 4 of them should have 2 Fast Ethernet/Ethernet interfaces and WIC-2T or WIC-2A/S each (12.2.15T Enterprise or higher IOS) ?you can use Routers with single Ethernet interface but you need to configure sub interfaces for each of them to simulate multiple Ethernet interfaces?


 2 backbone routers to inject Backbone routes, and you can configure one of them work as a FR switch by adding NM-8A/S network module or using Cisco 2522 router. The other one can support Terminal server by adding NM-16A network module or using Cisco 2511 router (12.2.15T Enterprise or higher IOS)

 2 ASAs 5510 (7.2.2 OS)

 1 PIX 515E (7.2.2 OS)

 1 4215 IPS (5.x OS)

 1 VPN Conc. 3005 (4.7 OS)

 1 ACS, CA, Client machine

 2 3550 Switches

 5 DB60-SS Serial cables, 2 SS-SS Serial Cables, 30 UTP Ethernet cables, 4 UTP Cross over cables


Also you can use whatever Cisco model that can fulfill 12.2T or higher IOS features.

For example you can use Dynamips to build 8 virtual 7200 series routers or 3640, 3660 routers and connect it to a switch with trunk port and support sub interfaces. And you will be able to achieve all workbooks scenarios but you need to build your own startup configuration files.


Also you can build your own lab and test as much as you can and for any unsupported features, you can get something like 4 or 5 remote sessions to test whatever missing.


Best Regards,

Ramy Sisy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
srue Thu, 08/23/2007 - 05:22

4 routers (12.2T or 12.3 mainline), with serial interfaces for Frame-relay

1 router to act as frame switch

2 ASA's or 2 PIX'es and 1 ASA (7.2(2))

1 3005 concentrator (4.7.2)

1 IDS 4210 (5.1)

1 3550 (2 if you can afford it)

1 server with CS ACS (trial version is downloadable)

1 PC for testing with vpn client.


I have two pix515e's, they can do everything the ASA can do except webvpn. I dont have a 3550 switch , only an older L2 switch. I'm still able to do most of the 'mini labs' w/o requiring online rack rental. If you want to set up a full mock lab, add 2 or 3 routers, and you'll probably need 2x3550's.

Correct Answer
RamyElSisy Thu, 08/23/2007 - 20:42

There is no recommended number of devices to build your home lab exam to prepare for your CCIE Security lab exam, but it depends which technology you are trying to practice.


For example if you need to practice ASA technologies, you need 2 ASAs and 3 routers.

If you need to practice VPN technology, you need at most 4 Routers, VPN Conc. and Cisco VPN client S/W Ver. 4.x machine.

If you need to practice IPS technologies, you need 1 IPS, 2 or 3 routers and client machine.

It means 4 routers, 1 switch and all the security devices will let you practice all exam technologies independently.


But when you need to practice all the technologies together (same like real lab environment) you need at least:


 6 routers, 4 of them should have 2 Fast Ethernet/Ethernet interfaces and WIC-2T or WIC-2A/S each (12.2.15T Enterprise or higher IOS) ?you can use Routers with single Ethernet interface but you need to configure sub interfaces for each of them to simulate multiple Ethernet interfaces?


 2 backbone routers to inject Backbone routes, and you can configure one of them work as a FR switch by adding NM-8A/S network module or using Cisco 2522 router. The other one can support Terminal server by adding NM-16A network module or using Cisco 2511 router (12.2.15T Enterprise or higher IOS)

 2 ASAs 5510 (7.2.2 OS)

 1 PIX 515E (7.2.2 OS)

 1 4215 IPS (5.x OS)

 1 VPN Conc. 3005 (4.7 OS)

 1 ACS, CA, Client machine

 2 3550 Switches

 5 DB60-SS Serial cables, 2 SS-SS Serial Cables, 30 UTP Ethernet cables, 4 UTP Cross over cables


Also you can use whatever Cisco model that can fulfill 12.2T or higher IOS features.

For example you can use Dynamips to build 8 virtual 7200 series routers or 3640, 3660 routers and connect it to a switch with trunk port and support sub interfaces. And you will be able to achieve all workbooks scenarios but you need to build your own startup configuration files.


Also you can build your own lab and test as much as you can and for any unsupported features, you can get something like 4 or 5 remote sessions to test whatever missing.


Best Regards,

Ramy Sisy

Correct Answer
galamayur Tue, 08/28/2007 - 20:46

Hi,


Dynagen / Dynamibs /pixemu are the opensource application which runs cisco IOS software for training purpose


So can we use IOS images , in this software, is this legal?


I have a huge network setup where I have all the required IOS/pix sofwtare. So in my environment can I make a Virtual Cisco Lab using these products & load the actual Cisco IOS for training purpose.


we will not be adding any new cisco Hardware only thing which will be used is the existing IOS images.


Awaiting reply


Regards

Mayur

Actions

This Discussion