lab gear

my lab is home-based, not as powerful as I want to have but think it's enough to fulfill the requirements of CCIE Security Lab exam. There are two servers and because of the costs (TCO and operational) - the one is running all the time and is serving as the WWW, DNS, MAIL and FTP server, this is just a Raspberry Pi. The second is a Dell PE2950 with VMWare ESXi and it's running on on-demand basis, so only Remote Control (over IP) is running 24/7 and the real server is running just for labbing purpose.

physical topology

list of HW stuff

my home lab is based on one physical server (Dell PE2950) with 16GB of RAM, so I think that's the absolute minimum to handle the virtual CCIE Sec lab with Unetlab and some virtual appliances running outside the UNL. The Cisco Catalyst switch must be used because of a few of security features they're not supported neither on the UNL/IOL nor the UNL/Dynamips images - e.g. dot1x MAB, dot1x guest portal, RSPAN etc.

  • Server Dell Poweredge 2950, 2x2 cores, 16 GB RAM, 500GB SAS, 2xETH, 1x remote unit - DRAC
  • Cisco Catalyst 3560 - WS-C3560-24TS, 24xFastEth, 2xGigEth + IP Services 12.2(55)SE10
  • Cisco AP 1131
  • Raspberry Pi II

list of SW stuff

when I was planning this lab I had to consider the limits - disk space, RAM usage, core count etc. It means I went through the CCIE Sec blueprint and description and tried to find the optimal version of all the products. I also checked the IP Expert and INE resources what are they using in their preparation materials and rack rentals.

the whole lab is running on the VMWare ESXi 5.5 and the most important VM is Unetlab (0.9.56) where almost all the network devices are emulated.

  • VMWare ESXi 5.5, free personal license (up to four cores)
  • Unetlab 0.9.56, periodically checking the actual release and upgrading if needed
  • Cisco ISE 1.2
  • Cisco ACS 5.4
  • Cisco vWLC 7.4 - this is just because of 1131 to be used in this lab
  • Cisco IronPort WSA
  • MS Windows 8 evaluation kit
  • MS Windows Server 2012

and of course a lot of network devices inside the UNL, specifically these for CCIE Sec:

  • Router
    • IOL - i86bi_linux-adventerprisek9-ms.153-1.3.T.bin
    • IOL - i86bi_linux-adventerprisek9-ms.154-2.T4.bin
  • Switch
    • IOL - i86bi_linux_l2-adventerprisek9-ms.nov3_2015_high_iron.bin
    • Dynamips - c3725-adventerprisek9-mz.124-15.T14.image + NM16-ESW
  • Firewall
    • QEMU - Cisco ASA 8.0(2)
    • QEMU - Cisco ASA 8.4(2)
  • Intrusion Prevention/Detection System
    • QEMU - IDS-4235, IPS version 6.0(6)E3
  • Packet Generator - Ostinato

add your own note here:

Name: human verification: 5 + 5 =    

your opinions/notes:

fadine 2016-08-17
hello, please how to get this image i86bi_linux-adventerprisek9-ms.153-1.3.T.bin ???

Copyright © TR2016