Security PIX Pod - Specifications and Requirements

Topology	Maximum per System1	Supports...	Documentation...
	2	FNSP 1.x	Planning and Installation Guide

¹ This value indicates the maximum number of pods of this pod type. A single NETLAB_AE system can host up to 10 equipment pods, total.

Lab Topology

Lab Device Requirements

Lab devices are part of the topology and users can interact with them either directly through the console or indirectly via Telnet and other protocols.

PIX1 and PIX2

Both PIX security appliances in the Security PIX Pod have the same requirements, as noted in the following table:

NETLABAE Supported Devices	Ethernet Ports Required	IOS Release	Image Files
PIX515E	3	6.3(4) 7.0(1)	pix634.bin (IOS) pix701.bin (IOS) pdm-302.bin (pix device manager2)
PIX501 PIX506E	21	6.3(4)	pix634.bin (IOS) pdm-302.bin (pix device manager2)

¹The PIX 501 and PIX 506E do not support a DMZ.
²NETLAB_AE does not automatically manage the PDM image.

The hardware you select must:

• Be supported by NETLAB_AE.
• Conform to NETLAB_AE router interface naming requirements (see below).
• Meet the specifications for the lab exercises of the curriculums your Academy wishes to implement.

Router Backbone (RBB)

RBB is a static router. It is not accessible or configurable by users. However, it is part of the topology so users can indirectly interact with it (i.e. ping, trace, RIP, etc.).

You can implement RBB in one of two ways:

• (1) A separate standalone RBB router for each Security PIX Pod
• (2) Simulating RBB for two or more security pods by utilizing multi-VRF on one physical router.

Configuration of each option is covered in detail in section 8 of the Planning and Installation Guide

Backbone Server / VPN Client PC

The Backbone Server (BB) provides services that are typically provided by Internet servers. The FNS curriculum provides two options for the backbone server (BB):

• Option 1 - a dedicated BB server.
• Option 2 - one SuperServer with Intel Pro Server NIC with VLAN support, serving as several PCs in the pod.

NETLAB_AE currently does not support the SuperServer (option 2). You should use VMware GSX (or other virtualization) products to simulate several machines. Virtual machines have their own routing tables, which avoids asymmetric routing problems in the pod.

FNSP refers to a Client-to-IOS Firewall configuration. NETLAB_AE does not have a pod type for this topology. However, you may also configure the Backbone Server (BB) for direct access, which means that users can login and interact with the Windows interface.

By loading the Cisco VPN client software on BB, users can use the NETLAB_AE Security PIX Pod for client-to-IOS firewall labs. Direct access also allows BB to be used as an external PC for labs that require testing from an outside network (i.e. simulating the Internet).

PCs and Servers

The Security PIX Pod includes placeholders for 7 remote PCs. Please refer to the NETLAB+ Remote PC Guide

Control Device Requirements

NETLAB_AE control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLAB_AE and are not accessible or configurable by end users.

Control Device Resource	Quantity Required
Control Switch	14 Consecutive ports + Up to 5 Reserved Ports
Access Server	2 Lines
Switched Outlet Devices	2 Outlets

Control switch ports provide connectivity between devices in the pod. The Security PIX Pod requires 14 consecutive ports and up to 5 Reserved Ports on a control switch.

Access server lines provide console access to routers in the pod. The Security PIX Pod requires 2 async ports on an access server.

Switched outlets provide managed electrical power, allowing NETLAB_AE and users to turn lab equipment on and off. The Security PIX Pod requires 2 outlets on a switched outlet device.