Network Security Pod - Specifications and Requirements

Topology	Maximum per System¹	Supports...	Documentation...
	4	Network Security 2.0	Overview Flash Video Planning and Installation Guide

¹ This value indicates the maximum number of pods of this pod type. A single NETLAB_AE system can host up to 10 equipment pods, total.

Lab Topology

Lab Device Requirements

Lab devices are part of the topology and users can interact with them either directly through the console or indirectly through the network.

The equipment listed in the tables below is derived from the official Academy spreadsheet NSv2.0_Configuration_and_Pricing_Guide_03OCT05.xls. Other equipment may work if it is supported by NETLAB_AE and can meet the minimum requirements for feature sets, interfaces, IOS, RAM, and Flash.

Please note: compatibility with NETLAB_AE does not guarantee compatibility with the Academy labs.

Router1 and Router2

Recommended Models Ethernet Ports Required IOS Releases

Cisco 831 (Economy) 2 S831CHK9-12402T
Cisco 831 Series IOS IP/FW 3DES

Cisco 1841 (Standard) 2 IP Advanced Security
Minimum of 12.3.(8)T IOS IP/FW/IDS Plus
IPSec56 or 3DES image

Cisco 2621XM 2 IP Advanced Security
Minimum of 12.3.(8)T IOS IP/FW/IDS Plus
IPSec56 or 3DES image

Recommended Models	Ethernet Ports Required	IOS Releases
Cisco 831 (Economy)	2	S831CHK9-12402T Cisco 831 Series IOS IP/FW 3DES
Cisco 1841 (Standard)	2	IP Advanced Security Minimum of 12.3.(8)T IOS IP/FW/IDS Plus IPSec56 or 3DES image
Cisco 2621XM	2	IP Advanced Security Minimum of 12.3.(8)T IOS IP/FW/IDS Plus IPSec56 or 3DES image

PIX1 and PIX2

Devices Ethernet Ports Required IOS Releases

Recommended
ASA 5510
3 IOS 7.0(6) or higher.

Supported (EOS/EOL)
PIX 515E
3 PIX-515E-DMZ Bundle (Chassis, Restricted SW, 64MB SDRAM, 3 FE ports. Includes PIX-1FE PIX 10/100 Fast Ethernet card)
Select SF-PIX-515-7.0 [PIX OS 7.0- or later] for the PIX 515E Chassis for Software Option.
Select PIX-515-VPN-3DES for PIX-VPN Options (or select PIX-VPN-DES in encryption restricted countries)

Not Recommended PIX 501
PIX 506E
2 * * 501s and 506s do not have a DMZ interface and cannot be upgraded to OS v 7.0 or later. These models are options in NETLAB, but they are limited in functionality. At least one PIX in the pod should be a PIX 515E.

Devices	Ethernet Ports Required	IOS Releases
Recommended ASA 5510	3	IOS 7.0(6) or higher.
Supported (EOS/EOL) PIX 515E	3	PIX-515E-DMZ Bundle (Chassis, Restricted SW, 64MB SDRAM, 3 FE ports. Includes PIX-1FE PIX 10/100 Fast Ethernet card) Select SF-PIX-515-7.0 [PIX OS 7.0- or later] for the PIX 515E Chassis for Software Option. Select PIX-515-VPN-3DES for PIX-VPN Options (or select PIX-VPN-DES in encryption restricted countries)
Not Recommended PIX 501 PIX 506E	2 *	* 501s and 506s do not have a DMZ interface and cannot be upgraded to OS v 7.0 or later. These models are options in NETLAB, but they are limited in functionality. At least one PIX in the pod should be a PIX 515E.

RBB (backbone router)

RBB is a backbone router with a static configuration. At least one Fast Ethernet port supporting 802.1q is required.

NETLAB_AE does not allocate an access server connection for RBB, so users cannot directly access the console port. However, it is part of the topology so users can indirectly interact with it (i.e. ping, trace, RIP, etc.).

You may allow student Telnet access to RBB from BB, PC1, or PC2. Since RBB is part of the pod infrastructure, we do not recommend privileged (enable) access.

Recommended Models Ethernet Ports Required IOS Features

Cisco 1841
Cisco 2801
Cisco 2620/2621 1 12.2, IP, 802.1q, RIP

Recommended Models	Ethernet Ports Required	IOS Features
Cisco 1841 Cisco 2801 Cisco 2620/2621	1	12.2, IP, 802.1q, RIP

PCs and Servers

Remote PCs are implemented by integrating with a separate VMware GSX server. The Network Security Pod support up to 7 VMware GSX virtual machines. The NETLAB+ Remote PC Guide contains general information for setting up a VMware server.

Please note: only VMware GSX virtual machines are supported. Standalone PC's are not supported.

Please note: the Academy labs refer to a SuperServer option. This is not supported by VMware or NETLAB_AE. Multiple servers in the pod are implemented as virtual machines on VMware GSX server.

The following operating system choices are typical based on the curriculum. These choices are not mandatory; you can make substitutions provided:

VMware GSX supports the operating system (as a .guest.).
Your choices are compatible with the curriculum.

Virtual Machines Operating System Functions

PC1
PC2 Windows XP Student PC, client activities, VPN

IS1
IS2 Windows 2000 or 2003 Server CSACS, Web, FTP, DHCP

DMZ1
DMZ2 Linux or Windows Web, FTP

BB Windows 2000 or 2003 Server Backbone Server

Virtual Machines	Operating System	Functions
PC1 PC2	Windows XP	Student PC, client activities, VPN
IS1 IS2	Windows 2000 or 2003 Server	CSACS, Web, FTP, DHCP
DMZ1 DMZ2	Linux or Windows	Web, FTP
BB	Windows 2000 or 2003 Server	Backbone Server

Control Device Requirements

NETLAB_AE control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLAB_AE and are not accessible or configurable by end users.

Control Device Resource Quantity Required

Control Switch 11 Consecutive ports

Access Server 4 Lines

Switched Outlet Devices 4 Outlets

Control Device Resource	Quantity Required
Control Switch	11 Consecutive ports
Access Server	4 Lines
Switched Outlet Devices	4 Outlets

Control switch ports provide connectivity between devices in the pod. The Network Security Pod requires 11 consecutive ports on a control switch.

Access server lines provide console access to routers in the pod. The Network Security Pod requires 4 async ports on an access server.

Please note: router RBB is not connected to an access server.

Switched outlets provide managed electrical power, allowing NETLAB_AE and users to turn lab equipment on and off. The Network Security Pod requires 4 outlets on a switched outlet device.

Please note: router RBB is not connected to a switched outlet.

For More Information

Please refer to the Planning and Installation Guide