CCNA Security Labs
NETLAB+ support materials for CCNA Security have been revised to provide compatibility with the recently released CCNA Security version 1.1. A new topology, MAP with ASA, has been created to provide added functionality.
Several labs have been added to the lab list below:
- Ch. 0, Lab A, in which devices are configured for use with Cisco Configuration Professional (CCP) 2.5.
- Ch. 10, labs A, B, C and D which are only supported on a MAP with ASA, with an ASA 5505.
- Ch. 10, labs E, F, G and H which are only supported on a MAP with ASA, with an ASA 5510.
CCNA Security labs require different console and enable secret password settings from other courses. Please review the information on enabling CCNA Security labs.
Pod Compatibility Quick Reference Table
NDG has worked closely with the Cisco CCNA Security lab team to develop these labs and to ensure compatibility with NETLAB+ topologies. This table indicates the NETLAB+ topologies that may be used for each lab.
| CCNA Security Lab | Multi-Purpose Academy Pod with ASA | Multi-Purpose Academy Pod | Basic Router Pod | Cuatro Router Pod | LAN Switching Pod |
|---|---|---|---|---|---|
| MAP w/ASA | MAP | BRPv2 | CRP | LSP | |
| Ch. 0 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 1 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 2 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 3 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 4 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 5 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 6 Lab A | Yes | Yes | Yes | ||
| Ch. 7 Lab A | Yes | Yes | Yes | ||
| Ch. 8 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 8 Lab B | Yes | Yes | Yes | Yes | |
| Ch. 9 Lab A | Yes | Yes | Part 1 | Part 1 | Part 2 |
| Ch. 10 Lab A | Yes1 | ||||
| Ch. 10 Lab B | Yes1 | ||||
| Ch. 10 Lab C | Yes1 | ||||
| Ch. 10 Lab D | Yes1 | ||||
| Ch. 10 Lab E | Yes2 | ||||
| Ch. 10 Lab F | Yes2 | ||||
| Ch. 10 Lab G | Yes2 | ||||
| Ch. 10 Lab H | Yes2 |
1Supported using ASA 5505
2Supported using ASA 5510
Router, Switch, and IOS Requirements
The routers used must meet minimum IOS requirements specified by the curriculum. The following recommendations are based on the CCNA Security Equipment List (available on Academy Connection). Other routers and switches models may be used. Please consult Academy Connection NetAcad Maintenance - Image & Hardware Support Assistance with Legacy Equipment and Software.
| Router / Switch |
Recommended Model(s) |
Minimum DRAM |
Minimum IOS |
Feature Set |
|---|---|---|---|---|
| R1 | Cisco 1841 Cisco 1941 |
192 MB | 12.4(20)T1 | Advanced IP Services |
| R21 | Cisco 1841 Cisco 1941 |
128 MB | 12.4(20)T1 | IP Base |
| R31 | Cisco 1841 Cisco 1941 |
192 MB | 12.4(20)T1 | Advanced IP Services |
| S1 | Cisco 2960 | LAN Base Image | ||
| S2 | Cisco 2960 | LAN Base Image | ||
| S3 | Cisco 2960 | LAN Base Image |
1Routers R2 and R3 do not apply to Lan Switching Pods (LSP)
Adaptive Security Appliance (ASA) Requirements
The ASA is required in order to complete 8 of the labs (Ch. 10, labs A,B,C,D,E,F and G) as noted in the pod compatibility table above. These 8 labs are the only CCNA Security labs that require the ASA. You will use either Labs A-D or Labs E-H, depending on the ASA model you install on your MAP w/ASA.
Four of the labs requiring the ASA, Ch.10 labs A, B, C and D are supported using the ASA 5505.
The other four labs requiring the ASA, Ch.10 labs E, F, G and H are supported using the ASA 5510.
Please refer to the Multi-purpose Academy Pod with ASA page for details on implementation.
| Device | Recommended Model(s) |
Minimum DRAM |
Minimum Flash |
Minimum IOS Feature Set |
|---|---|---|---|---|
| ASA | Cisco 5505 Adaptive Security Appliance (ASA) |
512 MB | 128 MB | Cisco (ASA) Software Version 8.4(2) Base License Cisco ASDM Version 6.4(5) |
| ASA | Cisco 5510 Adaptive Security Appliance (ASA) |
1 GB | 256 MB | Cisco (ASA) Software Version 8.4(2) Base License Cisco ASDM Version 6.4(5) |
Enabling the Labs
CCNA Security labs require different console and enable secret password settings from other courses. If CCNA Security and other courses are enabled in the same class, it is likely that the NETLAB+ automation will fail to save configuration files, since the default passwords, cisco and class are not the correct passwords for CCNA Security.
To avoid configuration management problems, we recommend that the CCNA Security course be enabled in a separate class from other courses. Enabling this course within a separate class will allow you to set the appropriate console and enable secret passwords in the class settings required for CCNA Security.
Create a new class to be used for the CCNA Security Course using the following settings:
If your MAP with ASA pod has an ASA 5505:
- In the Global Labs section of the class settings, select
AE CCNA Security V1.1 ASA5505
Do not enable any other labs for this class. - Change the Console Password to ciscoconpass
- Change the Enable Password to cisco12345
If your MAP with ASA pod has an ASA 5510:
- In the Global Labs section of the class settings, select
AE CCNA Security V1.1 ASA5510
Do not enable any other labs for this class. - Change the Console Password to ciscoconpass
- Change the Enable Password to cisco12345
The pod types listed are also available for "pod-only" reservations. To enable pod-only reservations, select the check boxes for the following options in the class settings that are appropriate for the pods available on your system:
- "Multi-Purpose Academy Pod with ASA (no labs)" (provides access to the MAP pod with ASA only)
- "Multi-Purpose Academy Pod (no labs)" (provides access to the MAP pod only)
- "AE CCNA Pod Reservations (no labs)" (provides access to CRP, BRP2 and LSP pods)
"Pod-only" reservations are not tied to specific lab exercises. Therefore, the pod will be configured using the default network configuration and will not be properly configured to complete CCNA Security labs.
More information is available in the Enable Multi-Purpose Academy
Pod Exercises section of the Multi-purpose Academy Pod Planning and Installation Guide 
Using the Labs
Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.
Importance of Choosing the Correct Lab Exercise
Several of the labs may differ from the standard pod topologies. This is
handled by NETLAB+ Dynamic VLAN Mapping technology. Always select the
correct lab exercise for the actual lab. This insures that NETLAB+
will set up VLANs on the control switch such that lab devices and PCs are
placed in the correct LAN segment for the exercise being performed. Selecting
the correct exercise will also make the completed lab output easier to find in
the archive.
NETLAB+ will configure the routers and switches with initial configuration files that include basic IP connectivity. Please verify this configuration by pinging the network interfaces before starting the lab exercise.