CCNP 5.0: Implementing Secure Converged Wide Area Networks (ISCW)

NDG has worked closely with the Cisco CCNP lab team to develop ISCW labs that are compatible with the standard installed base NETLAB_AE router pods.

ISCW is supported by one or more of the following NETLAB_AE standard pods:

Cuatro Router Pod (CRP)
Basic Router Pod Version 2 (BRPv2) [PARTIAL]
Basic Router Pod Version 1 (BRPv1) [PARTIAL]

The supported lab list (below) provides a list of CCNP 5.0 ISCW compatible labs and the pod types that can be used for each lab.

For CCNP, we have added the Cuatro Router Pod (CRP), a four router version of Basic Router Pod Version 2.

CRP provides the greatest lab coverage for CCNP5.0 ISCW.
CRP is required in order to complete the case studies.
All labs that work on BRPv1 and BPRv2 will also work on CRP.

The routers used must meet minimum IOS requirements specified by the curriculum. The following recommendations are based on the official CCNP 5.0 equipment list (available on Academy Connection):

Cisco 2811: ISR Advanced IP Services K9 IOS (S28NAISK9-12410)
Cisco 2801: ISR Advanced IP Services K9 IOS (S280AISK9-12410)
Cisco 1841: Advanced IP Services K9 IOS (S184AISK9-12410)

On CRP and BRPv2 router R1 should be a Cisco 2800. A Cisco 2811 is recommended (according to the CCNP Equipment List).

Skills exams are contained in separate lab package and are enabled in the class settings separately from the core CCNP 5.0 ISCW labs. This allows instructors to defer access to the exams until the end of the course.

Enabling the Labs

To enable the ISCW labs, check the box for "AE CCNP5.0 ISCW V5.0 English" in the class settings. This must be done for each class requiring access to ISCW labs.

You may also allow the class to make "pod-only" reservations using the ISCW pod types listed above. To enable pod-only reservations, check the box for "AE CCNP Pod Reservations (no labs)" in the class settings. These reservations are not tied to specific lab exercises. Therefore, the pod will be configured using the default network configuration. Please note however, not all ISCW labs use the default network configuration and must be completed by selecting the correct lab exercise (see the following discussion).

Using the Labs

Always select the correct lab exercise for the lab being performed.

Students or teams should schedule the correct lab exercise from the catalog. NETLAB_AE will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped.

Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.

Importance of Choosing the Correct Lab Exercise

Several of the labs differ from the standard pod topologies. This is handled by NETLAB's Dynamic VLAN Mapping technology. Always select the correct lab exercise for the actual lab. This insures that NETLAB_AE will set up VLANs on the control switch such that lab devices and PCs are placed in the correct LAN segment for the exercise being performed. Selecting the correct exercise will also make the completed lab output easier to find in the archive.

Supported Lab List

Course	Lab	Description	Pod Required	Comments
CCNP5.0 ISCW	3.1	Configuring SDM on a Router	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	3.2	Configuring a Basic GRE Tunnel	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	3.3	Configuring Wireshark and SPAN		Please see the list of required software. Step number 3 is not supported
CCNP5.0 ISCW	3.4	Configuring Site-to-Site IPsec VPNs with SDM	CRP or BRPv2	The optional challenge section is not supported.
CCNP5.0 ISCW	3.5	Configuring Site-to-Site IPsec VPNs with the IOS CLI	CRP, BRPv2, or BRPv1	The optional challenge section is not supported.
CCNP5.0 ISCW	3.6	Configuring a Secure GRE Tunnel with SDM	CRP or BRPv2	Please see the list of required software The optional challenge section is not supported.
CCNP5.0 ISCW	3.7	Configuring a Secure GRE Tunnel with the IOS CLI	CRP, BRPv2, or BRPv1	The optional challenge section is not supported.
CCNP5.0 ISCW	3.8	Configuring IP sec VTIs	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	3.9	Configuring Easy VPN with SDM	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	3.10	Configuring Easy VPN with the IOS CLI	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	4.1	Configuring Frame Mode MPLS	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	4.2	Challenge Lab: Implementing MPLS VPNs		This lab is not directly supported, but can be implemented using Pod Designer.
CCNP5.0 ISCW	5.1	Using SDM One-Step Lockdown	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	5.2	Securing a Router with Cisco AutoSecure	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	5.3	Disabling Unneeded Services	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	5.4	Enhancing Router Security	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	5.5	Configuring Logging	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	5.6a	Configuring AAA and TACACS+	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	5.6b	Configuring AAA and RADIUS	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	5.6c	Configuring AAA Using Local Authentication	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	5.7	Configuring Role-Based CLI Views	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	5.8	Configuring NTP	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	6.1	Configuring a Cisco IOS Firewall using SDM	CRP or BRPv1	Please see the list of required software
CCNP5.0 ISCW	6.2	Configuring CBAC	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	6.3	IPS with SDM	CRP or BRPv2	Please see the list of required software
CCNP5.0 ISCW	6.4	Configuring IPS with CLI	CRP, BRPv2, or BRPv1
CCNP5.0 ISCW	Case Study 1	CLI IPsec and Frame-Mode MPLS	CRP
CCNP5.0 ISCW	Case Study 2	SDM	CRP	Please see the list of required software
CCNP5.0 ISCW	Skill Exam	Assessment 1	CRP	Enabled separately
CCNP5.0 ISCW	Skill Exam	Assessment 2	CRP	Enabled separately

List of required Software

CCNP 5.0 ISCW labs require certain software must be installed on the PCs. The following is a list of the required software. If possible, we suggest installing Windows 2003 server on all PCs in the pods and preloading all of the installer executable files for the software on the list. If it is not possible to have Windows 2003 installed on all the PCs, we suggest installing it on at least one, preferably PC1a for CRP and BRPv2.

Software Name Purpose Requirements Comments

Secure Device Manager (SDM) The SDM is installed onto the router's flash memory or in the PCs. For installing Supported OS: Microsoft Windows ME/NT 4.0 Workstation SP 4/XP Professional/2003 server/2000 Professional SP 4. For using SDM: The web browser needs SUN JRE 1.4 or later and ActiveX control must be enabled. Visit www.cisco.com for more information.

Cisco Secure ACS This software will be used as TACACS+ and Radius authentication server. The labs use a 90-days trial version. If all the PCs for one pod have the correct OS, NETLAB+ offers the possibility of doing labs with ACS by using all of them. For installing Supported OS: Microsoft Windows Server Editions. Please note, additional requirements may be needed such as Service Pack. Visit www.cisco.com for more information.

Kiwi Syslog This software will be used as syslog server. For installing Supported OS: Microsoft Windows 98 or better, x86-based Linux distributions with GTK+ 2.0 (or higher) and glibc-2.3 (or higher). Visit www.kiwisyslog.com for more information.

Wireshark This software will be used as sniffer and packet analyzer. For installing Supported OS: Several Microsoft Windows and Linux OS. Visit www.wireshark.org for more information.

NMAP This software will be used in order to test the lab configuration. For installing Supported OS: Several Microsoft Windows and Linux OS. Visit www.insecure.org for more information.

Cisco VPN Client This software will be used in order to build a VPN. This software should be loaded only on PC1a. Visit www.cisco.com for more information.

Software Name	Purpose	Requirements	Comments
Secure Device Manager (SDM)	The SDM is installed onto the router's flash memory or in the PCs.	For installing Supported OS: Microsoft Windows ME/NT 4.0 Workstation SP 4/XP Professional/2003 server/2000 Professional SP 4.	For using SDM: The web browser needs SUN JRE 1.4 or later and ActiveX control must be enabled. Visit www.cisco.com for more information.
Cisco Secure ACS	This software will be used as TACACS+ and Radius authentication server. The labs use a 90-days trial version. If all the PCs for one pod have the correct OS, NETLAB+ offers the possibility of doing labs with ACS by using all of them.	For installing Supported OS: Microsoft Windows Server Editions.	Please note, additional requirements may be needed such as Service Pack. Visit www.cisco.com for more information.
Kiwi Syslog	This software will be used as syslog server.	For installing Supported OS: Microsoft Windows 98 or better, x86-based Linux distributions with GTK+ 2.0 (or higher) and glibc-2.3 (or higher).	Visit www.kiwisyslog.com for more information.
Wireshark	This software will be used as sniffer and packet analyzer.	For installing Supported OS: Several Microsoft Windows and Linux OS.	Visit www.wireshark.org for more information.
NMAP	This software will be used in order to test the lab configuration.	For installing Supported OS: Several Microsoft Windows and Linux OS.	Visit www.insecure.org for more information.
Cisco VPN Client	This software will be used in order to build a VPN.	This software should be loaded only on PC1a.	Visit www.cisco.com for more information.

Copyright Š Network Development Group. NETLAB+, NETLAB Academy Edition, and NETLAB Professional Edition are registered trademarks of Network Development Group. Cisco and Networking Academy are registered trademarks of Cisco Systems.