CCNP 5.0: Implementing Secure Converged Wide Area Networks (ISCW)
NDG has worked closely with the Cisco CCNP lab team to develop
NETLAB+ compatible labs for ISCW.
ISCW is supported by one or more of the following NETLAB+
pods:
The supported lab list (below) provides a list of CCNP 5.0 ISCW compatible labs
and the pod types that can be used for each lab.
-
For CCNP, we have added the Cuatro Router Pod (CRP), a four router
version of Basic Router Pod Version 2.
- CRP provides the greatest lab coverage for CCNP5.0 ISCW.
- CRP is required in order to complete the case studies.
- All labs that work on BRPv1 and BPRv2 will also work on CRP.
-
The routers used must meet minimum IOS requirements specified by
the curriculum. The following recommendations are based on the official
CCNP 5.0 equipment list (available on Academy Connection):
- Cisco 2811: ISR Advanced IP Services K9 IOS (S28NAISK9-12410)
- Cisco 2801: ISR Advanced IP Services K9 IOS (S280AISK9-12410)
- Cisco 1841: Advanced IP Services K9 IOS (S184AISK9-12410)
-
On CRP and BRPv2 router R1 should be a Cisco 2800. A Cisco 2811
is recommended (according to the CCNP Equipment List).
-
Skills exams are contained in separate lab package and are enabled in
the class settings separately from the core CCNP 5.0 ISCW labs. This allows
instructors to defer access to the exams until the end of the course.
Enabling the Labs
To enable the ISCW labs and pod types, check the box for "AE CCNP ISCW V5.0 English"
in the class settings. This must be done for each class requiring access to the ISCW labs.
You may also allow the class to make "pod-only" reservations on a Cuatro Switch Pod.
To enable pod-only reservations, check the box for
"AE CCNP Pod Reservations (no labs)" in the class settings.
These reservations are not tied to specific lab exercises. Therefore, the pod will be
configured using the default network configuration. Please note however, not all
ISCW labs use the default network configuration and must be completed by selecting
the correct lab exercise (see the following discussion).
Using the Labs
Always select the correct lab exercise for the lab being performed. Students
or teams should schedule the correct lab exercise from the catalog.
NETLAB+ will only show those labs for which the required pod type
is available. A lab that works on different pod types may appear more than
once if your system is so equipped. Instructors should select the correct lab
from the Exercise tab during instructor-led lab reservations. This can be done
as many times as needed during the reservation.
Importance of Choosing the Correct Lab Exercise
Several of the labs may differ from the standard pod topologies. This is
handled by NETLAB+ Dynamic VLAN Mapping technology. Always select the
correct lab exercise for the actual lab. This insures that NETLAB+
will set up VLANs on the control switch such that lab devices and PCs are
placed in the correct LAN segment for the exercise being performed. Selecting
the correct exercise will also make the completed lab output easier to find in
the archive.
Supported Lab List
| Lab |
Description |
Pod Required |
Comments |
| 3.1 |
Configuring SDM on a Router |
CRP or BRPv2 |
Please see the list of required software |
| 3.2 |
Configuring a Basic GRE Tunnel |
CRP, BRPv2, or BRPv1 |
|
| 3.3 |
Configuring Wireshark and SPAN |
|
Please see the list of required software. Step number 3 is not supported |
| 3.4 |
Configuring Site-to-Site IPsec VPNs with SDM |
CRP or BRPv2 |
The optional challenge section is not supported. |
| 3.5 |
Configuring Site-to-Site IPsec VPNs with the IOS CLI |
CRP, BRPv2, or BRPv1 |
The optional challenge section is not supported. |
| 3.6 |
Configuring a Secure GRE Tunnel with SDM |
CRP or BRPv2 |
Please see the list of required software The optional challenge section is not supported. |
| 3.7 |
Configuring a Secure GRE Tunnel with the IOS CLI |
CRP, BRPv2, or BRPv1 |
The optional challenge section is not supported. |
| 3.8 |
Configuring IP sec VTIs |
CRP, BRPv2, or BRPv1 |
|
| 3.9 |
Configuring Easy VPN with SDM |
CRP or BRPv2 |
Please see the list of required software |
| 3.10 |
Configuring Easy VPN with the IOS CLI |
CRP, BRPv2, or BRPv1 |
|
| 4.1 |
Configuring Frame Mode MPLS |
CRP, BRPv2, or BRPv1 |
|
| 4.2 |
Challenge Lab: Implementing MPLS VPNs |
|
This lab is not directly supported, but can be implemented using Pod Designer. |
| 5.1 |
Using SDM One-Step Lockdown |
CRP or BRPv2 |
Please see the list of required software |
| 5.2 |
Securing a Router with Cisco AutoSecure |
CRP, BRPv2, or BRPv1 |
|
| 5.3 |
Disabling Unneeded Services |
CRP, BRPv2, or BRPv1 |
|
| 5.4 |
Enhancing Router Security |
CRP, BRPv2, or BRPv1 |
|
| 5.5 |
Configuring Logging |
CRP or BRPv2 |
Please see the list of required software |
| 5.6a |
Configuring AAA and TACACS+ |
CRP or BRPv2 |
Please see the list of required software |
| 5.6b |
Configuring AAA and RADIUS |
CRP or BRPv2 |
Please see the list of required software |
| 5.6c |
Configuring AAA Using Local Authentication |
CRP or BRPv2 |
Please see the list of required software |
| 5.7 |
Configuring Role-Based CLI Views |
CRP, BRPv2, or BRPv1 |
|
| 5.8 |
Configuring NTP |
CRP, BRPv2, or BRPv1 |
|
| 6.1 |
Configuring a Cisco IOS Firewall using SDM |
CRP or BRPv1 |
Please see the list of required software |
| 6.2 |
Configuring CBAC |
CRP, BRPv2, or BRPv1 |
|
| 6.3 |
IPS with SDM |
CRP or BRPv2 |
Please see the list of required software |
| 6.4 |
Configuring IPS with CLI |
CRP, BRPv2, or BRPv1 |
|
| Case Study 1 |
CLI IPsec and Frame-Mode MPLS |
CRP |
|
| Case Study 2 |
SDM |
CRP |
Please see the list of required software |
| Skills Exam |
Assessment 1 |
CRP |
Enabled separately |
| Skills Exam |
Assessment 2 |
CRP |
Enabled separately |
Required Software List
CCNP 5.0 ISCW labs require certain software must be installed on the PCs.
The following is a list of the required software. If possible, we suggest
installing Windows 2003 server on all PCs in the pods and preloading all
of the installer executable files for the software on the list. If it
is not possible to have Windows 2003 installed on all the PCs, we
suggest installing it on at least one, preferably PC1a for CRP and BRPv2.
| Software Name |
Purpose |
Requirements |
Comments / Links |
| Secure Device Manager (SDM) |
The SDM is installed onto the router's flash memory or in the PCs. |
Supported Microsoft Windows O/S:
- ME
- NT 4.0 Workstation SP 4
- XP Professional
- 2003 Server
- 2000 Professional SP 4
|
For using SDM, the web browser requires SUN JRE 1.4 or later and
ActiveX control must be enabled.
www.cisco.com
|
| Cisco Secure ACS |
This software will be used as TACACS+ and Radius authentication server. The labs use a 90-days trial version. If all the PCs for one pod have the correct OS, NETLAB+ offers the possibility of doing labs with ACS by using all of them. |
Supported OS:
- Microsoft Windows Server Editions.
|
Please note, additional requirements may be needed, such as Service Pack.
www.cisco.com
|
| Kiwi Syslog |
This software will be used as the syslog server. |
Supported O/S:
- Windows 98 or later
- x86-based Linux distributions with GTK+ 2.0 (or higher) and glibc-2.3 (or higher)
|
www.kiwisyslog.com |
| Wireshark |
This software will be used as the sniffer and packet analyzer. |
Windows/Linux |
www.wireshark.org |
| NMAP |
This software is used to test the lab configuration. |
Windows/Linux |
www.insecure.org |
| Cisco VPN Client |
This software is used to build a VPN. |
|
www.cisco.com |
