Security Router Pod - Specifications and Requirements
| Topology | Maximum per System1 | Supports... | Documentation... |
|---|---|---|---|
 |
2 | FNSR 1.x |
|
Lab Device Requirements
Lab devices are part of the topology and users can interact with them either directly through the console or indirectly via Telnet and other protocols.ROUTER1 and ROUTER2
Both routers in the Security Router Pod have the same interface requirements, as noted in the following table:
| NETLABAE Supported Devices | Ethernet Ports Required |
IOS Release | Images (in order of preference) |
|---|---|---|---|
|
2611XM 2621XM 2651XM 26211 |
2 |
|
|
VPN Router bundles ship by default with 12.3(4)T or later. Do not go above the 12.3(7)T image, as the IOS Intrusion Detection commands have changed significantly in version 12.3(8)T. If the router has 12.3(8)T or later, the image must be downgraded.
Security Device Manager (SDM) version 1.2 or later will be required for labs in Modules 2 through 7. VPN router bundles ship by default with SDM.
1The 2621 model router will work for all labs excluding SDM labs once they have been upgraded from 16F/32DRAM to 16F/64DRAM.
The hardware you select must:
- Be supported by NETLABAE.
- Conform to NETLABAE router interface naming requirements (see below).
- Meet the specifications for the lab exercises of the curriculums your Academy wishes to implement.
Router Backbone (RBB)
RBB is a static router. It is not accessible or configurable by users. However, it is part of the topology so users can indirectly interact with it (i.e. ping, trace, RIP, etc.).
You can implement RBB in one of two ways:
- (1) A separate standalone RBB router for each Security Router Pod
- (2) Simulating RBB for two or more security pods by utilizing multi-VRF on one physical router.
Backbone Server / VPN Client PC
The Backbone Server (BB) provides services that are typically provided by Internet servers. The FNS curriculum provides two options for the backbone server (BB):
- Option 1 - a dedicated BB server.
- Option 2 - one SuperServer with Intel Pro Server NIC with VLAN support, serving as several PCs in the pod.
FNSR refers to a Client-to-IOS Firewall configuration. NETLABAE does not have a pod type for this topology. However, you may also configure the Backbone Server (BB) for direct access, which means that users can login and interact with the Windows interface.
By loading the Cisco VPN client software on BB, users can use the NETLABAE Security Router Pod for client-to-IOS firewall labs. Direct access also allows BB to be used as an external PC for labs that require testing from an outside network (i.e. simulating the Internet).
PCs and Servers
The Security Router Pod includes placeholders for 5 remote PCs. Please refer to the
NETLAB+ Remote PC Guide
Control Device Requirements
NETLABAE control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLABAE and are not accessible or configurable by end users.
| Control Device Resource | Quantity Required |
|---|---|
| Control Switch | 10 Consecutive ports + Up to 5 Reserved Ports |
| Access Server | 2 Lines |
| Switched Outlet Devices | 2 Outlets |
Control switch ports provide connectivity between devices in the pod. The Security Router Pod requires 10 consecutive ports and up to 5 reserved ports on a control switch.
Access server lines provide console access to routers in the pod. The Security Router Pod requires 2 async ports on an access server.
Switched outlets provide managed electrical power, allowing NETLABAE and users to turn lab equipment on and off. The Security Router Pod requires 2 outlets on a switched outlet device.