14 Replies Latest reply: Mar 3, 2015 6:51 PM by Darby Weaver CCDP/CCNP x8 RSS

    Home Lab - CCNA R&S/Security

    B Haines

      Hello all,

      I am going to briefly list my current home lab as well as some suggestions for those of you who wish to build a lab of your own. I will add this to my documents and update it as my lab grows. First, let me say this.. keep it simple.. It is easy to buy a lot of stuff that you do not need! Especially when you get into the habit of watching eBay for deals! For all of your associate level studies you will ONLY need three routers and three switches. I will focus on the CCNA R&S as well as the CCNA Security here as the topology will not change (nor hardware requirements). As you progress to the professional level certifications (CCNP/CCSP) you should only have to add to this existing lab not replace it.


      First things first is the hardware. I personally like the 3640 series routers. They support tons of Network Modules (NM) and WAN Interface Cards (WICs). I personally own three of these routers. I would also recommend the 2950 Enhanced (EI) switches. I also own three. There are, however, other options available for your home Cisco lab. I will list some of these options below.



      851W - This is a great choice if you want a wireless Cisco router that can deliver your wireless internet throughout the house. Another plus is that this is a k9 router that supports IPSec VPN. Perfect for your R&S/Sec studies. Regular 851 is the same without wireless. I would probably go with another model if you do not need the wireless.


      871W - Ditto just more features and performance.


      891 - Coming soon (Comparable to 18xx series routers) but would use in the stead of the 851/871 (Make sure to get 891W if you want wireless. I am waiting to buy one of these.


      3620 - Avoid these if possible. Try to go with the 3640.


      3640 - I love these routers.


      3660 - These are nice as well but rather big and power hungry. I would still recommend the 3640 for home use.


      26xx XM - The XM series routers are a perfect, albeit slightly more expensive than 3640, option for your lab. They are slightly more expensive than the 3640 and offer less slots. However, they do max out with more memory/flash than the 3640 which is nice when thinking about future-proofing your lab. If you find a good deal on these routers then they would be the better option. That said, the 3640 is usually much less expensive (Under $100 each) so this is still my recommendation.


      18xx - These are great if you find a deal on one but otherwise I would wait for professional studies.


      28xx - Ditto.



      2950 (EI) - Perfect switch for your lab. Inexpensive and supports all CCNA commands.


      3550 - These switches are nice and will be necessary for your professional level studies but not yet. Wait to buy these unless you find a crazy cheap deal on them as they will decline in price over time..


      3560 - ditto (I am looking at buying a pair of 3550's and a pair of 3560's on down the line)


      3750 - Wishful thinking.. These are expensive but support Stackwise as does the 3560's.. I will eventually buy one of these as well but they are not necessary for any of the Cisco certs...


      2924 - These switches can be a great tool for playing around with CatOS as opposed to IOS. You will still see a lot of CatOS stuff in the real world and these switches are VERY cheap. That said, buy these AFTER you own some IOS switches if you want but not in the stead of.


      ASA-5505 - You do not need an ASA or PIX for any of your associate level studies. I would wait until you reach that portion of your certification studies before purchasing as they will eventually drop in price. (Ditto 5510 etc)


      I have owned several routers but have recently cut back to three 3640's as that was all I was using 98% of the time. I sold some and gave the rest away to friends. The reason I mention this is because it is easy to buy 8 or 10 2600 series routers that you do not need and will seldomly use. Remember that running 8 routers and 6 switches is steadily running up the electric bill.. LoL


      I currently run this setup:


      3x 3640

      2x NM-4A/S

      1x NM-1FE2W

      1x NM-1FE2W with 2x WIC-1T

      Plus a bunch of ISDN and ATM modules that you do not need! (I just like to toy around)

      3x 2950 switches (2x EI and 1x standard)

      1x 2511 Access Server

      1x Octal Cable


      I also have three servers..

      1x Dell PowerEdge 6650

      1x Sun SunFire VT-100

      1x Sun SunFire VT-120


      I would recommend that you buy one server throughout your CCNA Security and CCSP studies. There is a lot that you can do with this. One obvious tool is http://freeradius.org/ If you download Ubuntu server edition for free you can install FreeRadius via the Synaptic Package Manager.. No need for the make/make install setup from the CLI. (Just for those unfamiliar with Linux). There is also a Windows FreeRadius option and students can purchase Windows Server 2003/2007 for app. $130! Ok.. Enough about that.


      Now that we have covered hardware (and some non-Cisco software) let's move on to the Cisco IOS software that you will need on these routers. For your regular CCNA pretty much any IP Plus IOS will work. If you are going to contact your local Cisco SE and request an IOS for your router then it would be best if you get it right the first time. He/She may not help you out if you keep bugging them.. remember they are VERY busy people.


      That said, roll over to the Cisco Feature Navigator and determine exactly what IOS you will be needing. http://www.cisco.com/go/fn If you are pursuing the Security after the R&S then you can go ahead and try to obtain this IOS release as it will support the features necessary for both!





      c3640-jk9o3s-mz.124-23.bin (This is no longer displaying in the FN so it could possibly be buggy.. You may want to go with 21a. Either way, look and study the available features. This is a great learning tool. Also, there is a compare link that will show you the EXACT differences between these IOS versions and their supported features. It's kinda cool!



      You will probably want an access server of some sort.. IE. Cisco 2509, 2511, 2509RJ or 2511RJ. Or you can go with a regular 26xx series router such as the 2610 (or a 3640.. LoL) with an NM-16A or NM-32A network module which will allow you to use the same octal cables as the 2509/11. This will keep you from constantly plugging/unplugging into your routers/switches console cable every time you want to telnet in! Here is a nice simple config.. Just tweak it a little to adjust to your topology and paste it in to your access server!



      You may also decide on down the line that you want to be able to access your lab remotely. That will work great if you have a nice VPN capable router delivering your home internet (such as the aforementioned 851W/871W or of course a 3640). But you will not want to leave all of your other equipment powered on all of the time. If this ends up being something that you are interested in then take a peek at a remote power controller. Here are a couple of examples.. http://www.remotepowerswitch.com/ and http://dataprobe.com/iboot-remote-reboot.html


      Alternatively you can search eBay for 'SWITCHED PDU' to locate some nice rack mountable strips. These guys all allow you to log in via your web browser and an SSL HTTPS connection and remotely power your equipment on and off. If you go on a trip or to a friends/study group/user group/Cisco Live Convention etc. just leave your border router and remote power controller turned on and you should be good to go!


      Regarding your electric bill you may want to call your local electric company and inquire about various residential plans. Some locations offer a steady MAX payment option that can be especially helpful if you are running a home lab. That said, with three routers and three switches (and using them as need.. IE. switches are off until working on switches etc.) you should not incur too much of an increase. I use mine about three times a week. Usually for an hour or two a night for two of those nights and a three to six hour stint on weekends.. My bill only jumped $30 (but that may not have all been the equipment).


      I hope this helps!

        • 1. Re: Home Lab - CCNA R&S/Security


          Hi B Haines,



          Thank you so much, these are great .



          On 3640, your favorite( LOL) router, what minimum IOS version and memory you would recomend that it would be good for CCNA? I know the more is better but also more costly.






          • 2. Re: Home Lab - CCNA R&S/Security
            Nathanael Law


            Thanks for the tips!



            I'm in the middle of building a CCNA/CCNP lab with a friend. Do you find that the fast ethernet modules are that much more useful than the plain 10Base-T ones? Given the price difference ($19 vs. $90), I've ordered just NM-1E2W modules, but now I'm wondering if there's something I missed.



            • 3. Re: Home Lab - CCNA R&S/Security


              Thanks Billy,



              I'm going to start slowly putting the pieces together per your recommendations. This will really help a lot of folks out.






              • 4. Re: Home Lab - CCNA R&S/Security
                Gene Savage


                Thanks! Great info here. I am looking at purchasing a used 3640.









                • 5. Re: Home Lab - CCNA R&S/Security
                  E.A. Broda





                  You asked - "Do you find that the fast ethernet modules are that much more useful than the plain 10Base-T ones? Given the price difference ($19 vs. $90), " I have an extensive lab as Billy does but I use 26xxXM routers for the most part. As for your question, you really will want to have at least 1 Fast Ethernet interface for doing VLANs, trunking, router-on-a-stick etc. when you do your labs with the switches for CCNA.



                  YES, there are IOSs that will do router-on-a-stick with a 10BaseT Ethernet interface but I have found I not only like to learn what I need for an exam, but what I will likely see in the real world!



                  This is why I do like the 2610XM routers, they run about $75 to $110 on Ebay, they have 1 Fast Ethernet, 2 WIC slots and 1 NM slot and you can get them with 12.4 IOS which is a must now!!



                  Oh - GREAT POST BILLY HAINES!!!!!! or I should say - GREAT POST as usual Billy



                  Hope this helps






                  • 6. Re: Home Lab - CCNA R&S/Security
                    Nathanael Law





                    I have two 2620XMs arriving soon, so I think I'm safe there. I had heard that you couldn't do a router-on-a-stick setup with a 10Base-T port, but it worked with my 3640 and I've done it with a PC's 10Base-T NIC which lead me to believe that it works in general. Thanks for clearing that up! IOS feature sets scare me more than the actual content.






                    • 7. Re: Home Lab - CCNA R&S/Security
                      B Haines

                      3640 Questions:

                      Minimum RECOMMENDED IOS = c3640-jk9o3s-mz.124-21a.bin This is because you will want to get something that supports all of your associate exams and this IOS will do that.. If you do not contact a Cisco SE and request an IOS and you instead choose to use a tool like IOSHunter then you will be reloading IOS's as the need changes.. Not really a bad deal but I like this IOS!


                      Minimum Memory = 128MB DRAM and 32 MB FLASH (The Max!) Do know that you can scate by with 64/16 and install a base IOS but you WILL want more and it will be cheaper to buy it with the 128/32 than it will to add to it. Thanks, I will update my document to include this info!


                      Also, I had this question in another forum.. The max PCMCIA card that can be used with the 3640 is a 20 meg!


                      And finally the last question "I don't want the big, bad 3640 router.. it's too heavy and the 2610XM is much sleeker and has less slots to fill.. Is this a good replacement?" J/K Gene LoL Actually, yes.. Like Gene said the 2610XM (or any 26xxXM series router for that matter) is a good option. For one it is a 1U router as opposed to a 2U which means it takes up less space in your rack. Additionally, it provides you with that one fast ethernet (FE) port.. Does that mean that the 2610XM is a better choice than the 3640 for your home lab? Definitely not. Take a peek at Cisco's Feature Navigator http://www.cisco.com/go/fn and compare the feature sets.. The 3640 offers the aforementioned Enterprise/FW/IDS IPSec 3DES where you are limited to either a non-crypto enterprise with the 2610XM or the Advanced Security IOS.. Use the FN compare feature to see the difference. If you are going to pursue Security/Wireless or Voice concentrations then I would definitely recommend the 3640. Plus you get four NM slots for the price of one. That said, you could definitely add an XM into the mix instead of buying that NM-1FE2W card.. The choice is yours! Hope this helps.. By the way, Gene and I are old friends so we tend to joke a lot! He actually helped me a lot when I was pursuing the CCNA (and still does)! He is a Network Academy Instructor (a good one) and he has several racks (which are color coded by subnet.. ie. blue net, red net etc) All in all he is a great source for advice and he is right about the 2610XM being a solid candidate for your lab!


                      Hope this helps!

                      • 8. Re: Home Lab - CCNA R&S/Security
                        B Haines

                        One more thing.. Know that the routers you are buying now and certifying with are going to be your base routers later on when you move on to the professional level certifications. If you take a peek at http://www.internetworkexpert.com 's remote lab setup you will see that it is packed full of 3640's! But it also has a few 28xx series routers, some 18xx series, an ASA or two and some REALLY nice switches! (While on the subject you can use this setup for a little over $2 an hour so that prove more cost efficient to some while they are piecing their lab together)! The thing is that you don't need the expensive routers initially but you will eventually. For now just buy some 3640's or 26xxXM series routers. You need THREE routers for CCNA R&S and can choose any of those listed above. If pursuing security afterwards then two can be 2610/11/20/21/50/51XM etc. as long as one of them is a 3640 then you will be fine! CCIE lab topologies may have an excess of eight routers. You will have plenty of time to buy some more.. LoL Remember my first comment.. Keep it simple for now.. Learn to use the Feature Navigator and navigate the Cisco documentation. Use Cisco to power your home internet.. that way you can actually experience the demand side of getting the network operational.. (While the wife is screaming at ya' to quit 'messing' with the 'internet' and won't believe that you didn't break it! LoL) Just don't forget to make the lab building process an educational one! Certify to learn.. don't learn to certify!


                        Have fun guys.. Hope this helps!

                        • 9. Re: Home Lab - CCNA R&S/Security

                          Billy or Broad or any one who can help,


                          When you guys talk about 26xx routers or 3640 routers, what are the interfaces the equipment needs to have. doees it need to have Serial interface also.

                          I am trying to prepare for ICND1 and eventually i will get to CCNP.


                          It will help a lot to know what are all the interfaces these routers need to have to successfuly pratice for CCNA and  then CCNP.



                          • 10. Re: Home Lab - CCNA R&S/Security

                            Hi Jenefa,


                            B. Haines listed the NM's and WIC's in one of his posts in this thread.  Do a Google or Cisco.com search on the routers B. Haines and others mentioned to ascertain which NM's/WIC's are supported on various chassis's.


                            Better yet try GNS3.

                            • 11. Re: Home Lab - CCNA R&S/Security

                              Hi Vlansmpls,


                              What is "Better yet try GNS3".


                              English pleaseeeeeeeeeeee.


                              When i look at the ebay site, they have a lot of equipment with a lot of modules.

                              What are teh modules i need to work the CCNA exams. Do i need a serial port in all the routers i am going to buy. ?


                              I am new to this side of the world.




                              • 12. Re: Home Lab - CCNA R&S/Security

                                Hi Jenefa,


                                GNS3 is a GUI-based Cisco Router emulator not simulator.  Hence, you have all features of the IOS you have loaded into the router dependant of course on the NM's/WIC's you are "emulating."  Do a Google/Cisco Learning Network search for GNS3.  Please use the search toolbar on this site for most of what you'll need to get started.


                                Yes, if you want to practice WAN implementation, then, yes, you'll need serial ports, i.e. WIC 1T/2T.  Again B.Haines has pretty much laid it all out.  Start by choosing one of the above routers and then choose the NM/WIC you'll need dependent on which one you choose.  The above models will all come with ethernet/fastethernet ports for LAN access, so you'll most likely be purchasing WIC 2T, which fit in the WIC slots or NM WIC slots....again Google for images and router specs.


                                Another resource to research what'll you'll need for CCNA and beyond:  http://www.ciscokits.com/ccna-certification-kits/

                                     Search the above website thoroughly as it explains the purpose and functions of various NM/WIC, transceivers, cables, everything you'll need with pictures.  You don't have to purchase from them just mimic what kits they have on eBay if you need to.

                                • 13. Re: Home Lab - CCNA R&S/Security

                                  Noob here...I have a question. Why do you like 26xxXM? It only has 1 fe port. or do i have to buy a WIC for it?  another thing. can i create a " Router on a Stick Setup with cisco 851? need your expertise please

                                  • 14. Re: Home Lab - CCNA R&S/Security
                                    Darby Weaver CCDP/CCNP x8

                                    Any oldie but goodie post that candidates today can still use take good advice from in my own humble opinion.




                                    Darby Weaver