CCNA Security Home Lab

The CCNA SECURITY lab has most of its hardware roots from the routing and switching (R&S) track. You need one more piece of hardware if you already have 3 routers and 3 switches. Here is my input on finding the right hardware. I should note that these recommendations are based on my experience and outcomes.

Lets start with all the technologies that you must master for the CCNA Security:

Hash algorithms, digital signatures, certificates, Public Key Infrastructure (PKI), AAA, Adaptive Security Appliance (ASA), Virtual Private Networks (VPN), RADIUS , TACACS+, 802.1X, IPsecurity (IPSec), clientless SSL remote access VPN, AnyConnect SSL remote access VPN, IPsec site-to-site VPN on Cisco routers and ASA firewalls, Cisco IOS role-based CLI access, securing routing protocols, control plane policing, DHCP snooping, Dynamic ARP Inspection, L2 port security, BPDU guard, root guard, loop guard, private VLANs, Network address translation (NAT), Zone Based Firewalls(ZBF), , Intrusion Prevention System (IPS)

With this info, here are my recommendations :

Switches:

Catalyst 2960

If you got this switch for your CCNA, CCNP SWITCH studies, then you are already set!

Image result for cisco 2960 switch

I recommend getting 3 of each. The switches are mostly used for practicing AAA concepts, 802.1X authentication, Cisco IOS role-based CLI access, and layer 2 security. These topics are on the CCNA and CCNP SWITCH exams, so lab work will be a review mostly.

Routers:

2800 Series-

If you got this router for your CCNA, CCNP ROUTE studies, then you are already set!

Image result for cisco 2811 router

I recommend getting 3 of each. The 2800 is end of life, but is still supported by Cisco. It’s the best bang for the buck right now.  Like the switches, you will work on hash algorithms, digital signatures, certificates, Public Key Infrastructure, role based access, AAA, RADIUS, and TACACS+. The specific router topics you will master are: IPsec site-to-site VPN, routing protocol security, NAT, and ZBF. Make sure your are running the Advance Security code.

Security Appliance:

Cisco ASA 5505:

CiscoASA5505

 

The Cisco Adaptive Security Appliance 5505 model is designed for small to medium size security solutions. The good news for those building home labs is this device is now going to be sunset by Cisco in a few years, so look for decommissioned enterprise units to become available on the re-seller market! I suggest getting 1 ASA  with a Security Plus license.

Here are some of the other items you need to get up and running:

Router Modules:

WAN Interface Cards (WIC)- For your routers to make serial connections. WIC -2T will give you enough connections for your router triangle. Get 3 of these.

Cables:

Ethernet (straight through & cross over) cables and a console cable.

Serial cables for routing links. Use WIC-2T cables.

You should also invest in the Cisco lab workbook.

As always, do you research!

 

Places I buy equipment:

Ebay

Amazon

Cables and kits

 

My CCNA SECURITY Lab (phase 2)

20170809_215935[1]

2 x 2811 ISRs w 2 WIC-1T serial cards- enterprise edge routers

1 x 2610XM w/2 -WIC-1T serial cards – ISP router

3 x 2950 catalyst switches – LAN switches (1 installed)

3 x 2610  (using as end user test devices)

2 x 5505 (currently deployed as a firewall)

1 x 3620 router – (currently deployed as terminal server)

Not in use:

 

Advertisements
Posted in Certification, Skill Development

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 690 other followers

Mr Bart

Cisco certification and other topics

TTy BroadCast

A network engineer blog

ccdewiki

Cisco Certified Design Expert Study Guide

mrn-cciew

My CCIE Wireless Journey & More.....

PacketLife.net Blog

The path to becoming a fully realized network architect

%d bloggers like this: