CCNA Security Labs

CCNA Security labs require different console and enable secret password settings from other courses. Please review the information on enabling CCNA Security labs.

Pod Compatibility Quick Reference Table

NDG has worked closely with the Cisco CCNA Security lab team to develop these labs and to ensure compatibility with NETLAB_AE topologies. This table indicates the NETLAB_AE topologies that may be used for each lab.

CCNA Security Lab	Multi-Purpose Academy Pod	Basic Router Pod	Cuatro Router Pod	LAN Switching Pod
	MAP	BRPv2	CRP	LSP
Ch. 1 Lab A	Yes	Yes	Yes
Ch. 2 Lab A	Yes	Yes	Yes
Ch. 3 Lab A	Yes	Yes	Yes
Ch. 4 Lab A	Yes	Yes	Yes
Ch. 5 Lab A	Yes	Yes	Yes
Ch. 6 Lab A	Yes			Yes
Ch. 7 Lab A	Yes			Yes
Ch. 8 Lab A	Yes	Yes	Yes
Ch. 8 Lab B	Yes	Yes	Yes
Ch. 9 Lab A	Yes	Part 1	Part 1	Part 2

Router, Switch, and IOS Requirements

The routers used must meet minimum IOS requirements specified by the curriculum. The following recommendations are based on the CCNA Security Equipment List (available on Academy Connection). Other routers and switches models may be used. Please consult Academy Connection NetAcad Maintenance - Image & Hardware Support Assistance with Legacy Equipment and Software.

Router / Switch	Recommended Model(s)	Minimum DRAM	Minimum IOS	Feature Set
R1	Cisco 1841	192 MB	12.4(20)T1	Advanced IP Services
R2¹	Cisco 1841	128 MB	12.4(20)T1	IP Base
R3¹	Cisco 1841	192 MB	12.4(20)T1	Advanced IP Services
S1	Cisco 2960			LAN Base Image
S2	Cisco 2960			LAN Base Image
S3	Cisco 2960			LAN Base Image

¹Routers R1 and R3 do not apply to Lan Switching Pods (LSP)

Enabling the Labs

CCNA Security labs require different console and enable secret password settings from other courses. If CCNA Security and other courses are enabled in the same class, it is likely that the NETLAB+ automation will fail to save configuration files, since the default passwords, cisco and class are not the correct passwords for CCNA Security.

To avoid configuration management problems, we recommend that the CCNA Security course be enabled in a separate class from other courses. Enabling this course within a separate class will allow you to set the appropriate console and enable secret passwords in the class settings required for CCNA Security.

Create a new class to be used for the CCNA Security Course using the following settings:

In the Global Labs section of the class settings, select AE CCNA Security V1.0
Do not enable any other labs for this class.
Change the Console Password to ciscoconpass
Change the Enable Password to cisco12345

The pod types listed are also available for "pod-only" reservations. To enable pod-only reservations, select the check boxes for the following options in the class settings that are appropriate for the pods available on your system:

"Multi-Purpose Academy Pod (no labs)" (provides access to the MAP pod only)
"AE CCNA Pod Reservations (no labs)" (provides access to CRP, BRP2 and LSP pods)

"Pod-only" reservations are not tied to specific lab exercises. Therefore, the pod will be configured using the default network configuration and will not be properly configured to complete CCNA Security labs.

More information is available in the Enable Multi-Purpose Academy Pod Exercises section of the Multi-purpose Academy Pod Planning and Installation Guide pdf

Using the Labs

Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB_AE will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.

Importance of Choosing the Correct Lab Exercise

Several of the labs may differ from the standard pod topologies. This is handled by NETLAB+ Dynamic VLAN Mapping technology. Always select the correct lab exercise for the actual lab. This insures that NETLAB_AE will set up VLANs on the control switch such that lab devices and PCs are placed in the correct LAN segment for the exercise being performed. Selecting the correct exercise will also make the completed lab output easier to find in the archive.

NETLAB_AE will configure the routers and switches with initial configuration files that include basic IP connectivity. Please verify this configuration by pinging the network interfaces before starting the lab exercise.

Supported Lab List

Lab	Description	Pod Required	Comments
Ch. 1 A	Researching Network Attacks and Security Audit		No equipment is required.
Ch. 2 A	Securing the Router for Administrative Access	MAP or CRP or BRPv2
Ch. 3 A	Securing Administrative Access Using AAA and RADIUS	MAP or CRP or BRPv2
Ch. 4 A	Configuring CBAC and Zone-Based Firewalls	MAP or CRP or BRPv2
Ch. 5 A	Configuring an Intrusion Prevention System (IPS) Using the CLI and SDM	MAP or CRP or BRPv2
Ch. 6 A	Securing Layer 2 Switches	MAP or LSP	For part 4 (Configure SPAN and Monitor Traffic) please use task 2, option 2.
Ch. 7 A	Exploring Encryption Methods	MAP or LSP
Ch. 8 A	Configuring a Site-to-Site VPN Using IOS and SDM	MAP or CRP or BRPv2
Ch. 8 B	Configuring a Remote Access VPN Server and Client	MAP or CRP or BRPv2
Ch. 9 A Part1	Security Policy Development and Implementation	MAP
Ch. 9 A Part 1	Security Policy Development and Implementation Part 1	CRP or BRPv2	Security with routers.
Ch. 9 A Part 2	Security Policy Development and Implementation Part 2	LSP	Security with switches.

Required Software List

Software Name	Purpose	Requirements	Comments / Links
Secure Device Manager (SDM)	The SDM is installed onto the router's flash memory or in the PCs.	Supported Microsoft Windows O/S: ME NT 4.0 Workstation SP 4 XP Professional 2003 Server 2000 Professional SP 4	When using SDM: The web browser needs SUN JRE 1.4 or later and ActiveX control must be enabled. The recommended screen size for the virtual PCs is 1024 x 768. Visit www.cisco.com for more information
Kiwi Syslog	This software will be used as the syslog server.	Supported O/S: Windows 98 or later x86-based Linux distributions with GTK+ 2.0 (or higher) and glibc-2.3 (or higher)	www.kiwisyslog.com
Wireshark	This software will be used as the sniffer and packet analyzer.	Windows/Linux	www.wireshark.org
WinRadius	WinRadius is a standard RADIUS server for network authentication and accounting.	Windows/Linux	www.suggestsoft.com
NMAP	This software is used to test the lab configuration.	Windows/Linux	www.insecure.org
Cisco VPN Client	This software is used to build a VPN.		www.cisco.com
Tera Term Pro V2.3	Software terminal emulator for Windows.		www.ayera.com/teraterm/
TFTP32	DHCP, TFTP, SMTP, Syslog servers, and TFTP client.		tftpd32.jounin.net.com
IOS-Sxxx-CLI.pkg	This file is used with the Chapter 5 lab.		To obtain instructions on the file version and how to download, please read the Chapter 5 Lab.
real-cisco.pub.key.txt	This file is used with the Chapter 5 lab.		To obtain instructions on the file version and how to download, please read the Chapter 5 Lab.