Network Security Pod - Quick Reference Page
This quick reference page provides a summary of the specifications
of this topology. For a complete reference including installation details,
please refer to the Network Security Pod Planning and Installation Guide 
NSP is an excellent pod if your Academy still teaches firewall configuration based on ASAs or PIXs. If you are adopting the new CCNA Security course, you will need to use the new Multi-purpose Academy Pod (MAP). The MAP topology supports CCNA Security, Exploration and Discovery labs.
| Topology | Maximum Per System1 | Supports | Documentation |
|---|---|---|---|
|
4 |
Planning and Installation Guide
|
1This value indicates the maximum number of pods of this pod type. A single NETLABAE system can host up to 12 equipment pods, total.
Lab Topology
Lab Device Requirements
Lab devices are part of the topology and users can interact with them either directly through the console or network.
Hardware compatibility with NETLABAE does not guarantee the compatibility of labs. Please check the Academy curriculum, NDG pod guides, and lab support pages for specific hardware and IOS requirements.
Recommended devices for this topology are listed in the table below. The equipment listed is derived from the official Academy spreadsheet NSv2.0_Configuration_and_Pricing_Guide_03OCT05.xls.
Other equipment may work if it is supported by NETLABAE and can meet the minimum requirements for feature sets, interfaces, IOS, RAM, and Flash
Router1 and Router2
| Recommended Model(s)1 |
Ethernet Ports Required | IOS Features |
|---|---|---|
| Cisco 831 (Economy) | 2 | S831CHK9-12402T Cisco 831 Series IOS IP/FW 3DES |
| Cisco 1841 (Standard) | 2 | IP Advanced Security Minimum of 12.3.(8)T IOS IP/FW/IDS Plus IPSec56 or 3DES image |
| Cisco 2621XM | 2 | IP Advanced Security Minimum of 12.3.(8)T IOS IP/FW/IDS Plus IPSec56 or 3DES image |
PIX1 and PIX2
| Recommended Model(s)1 |
Ethernet Ports Required | IOS Releases |
|---|---|---|
| Recommended ASA 5510 |
3 | IOS 7.0(6) or higher. |
| Supported (EOS/EOL) PIX 515E |
3 |
PIX-515E-DMZ Bundle (Chassis, Restricted SW, 64MB SDRAM, 3 FE ports. Includes PIX-1FE PIX 10/100 Fast Ethernet card) Select SF-PIX-515-7.0 [PIX OS 7.0- or later] for the PIX 515E Chassis for Software Option. Select PIX-515-VPN-3DES for PIX-VPN Options (or select PIX-VPN-DES in encryption restricted countries) |
| Not Recommended PIX 501 PIX 506E |
2* | * 501s and 506s do not have a DMZ interface and cannot be upgraded to OS v 7.0 or later. These models are options in NETLAB+, but they are limited in functionality. At least one PIX in the pod should be a PIX 515E. |
RBB (backbone router)
RBB is a backbone router with a static configuration. At least one Fast Ethernet port supporting 802.1q is required. NETLABAE does not allocate an access server connection for RBB, so users cannot directly access the console port. However, it is part of the topology so users can indirectly interact with it (i.e. ping, trace, RIP, etc.).
You may allow student Telnet access to RBB from BB, PC1, or PC2. Since RBB is part of the pod infrastructure, we do not recommend privileged (enable) access.
| Recommended Model(s)1 |
Ethernet Ports Required | IOS Features |
|---|---|---|
|
Cisco 1841 Cisco 2801 Cisco 2620/2621 |
1 | 12.2, IP, 802.1q, RIP |
1Other routers and switches models may be used. Please consult your Cisco NetAcad support contact for more information.
Router Interfaces
The NETLABAE interface name translation feature is supported on this pod type. This may influence the selection of modular interface cards and slot placement within the router. Please review the expected interface names for each router.
Virtual PC Support
Remote PCs are implemented by integrating with 3rd party virtualization products. The NETLABAE documentation library includes several guides with extensive detail on the implementation of virtualization with your NETLAB+ system.
The following operating system choices are typical based on the curriculum. These choices are not mandatory; you can make substitutions provided that:
- Your choice of NETLAB+ supported virtualization product supports the operating system (as a guest).
- Your choices are compatible with the curriculum.
Only virtual machines are supported on this topology. Standalone PCs are not supported.
The Academy labs refer to a SuperServer option. This is not supported by virtualization products or NETLAB+. Multiple servers in the pod are implemented as virtual machines.
The Network Security Pod supports up to seven (7) virtual machines.
| Virtual Machine | Recommended O/S |
Functions | VLAN Offset1 |
|---|---|---|---|
| PC1 | Windows XP | Student PC, client activities, VPN | +0 |
| PC2 | Windows XP | Student PC, client activities, VPN | +4 |
| IS1 | Windows 2000 or 2000 Server | CSACS Web, FTP,DHCP | +0 |
| IS2 | Windows 2000 or 2000 Server | CSACS Web, FTP,DHCP | +4 |
| DMZ1 | Linux or Windows | Web, FTP | +1 |
| DMZ2 | Linux or Windows | Web, FTP | +5 |
| BB | Windows 2000 or 2003 Server | Backbone Server | +8 |
1See the planning and installation guide for detaiils
Control Device Requirements
Control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLABAE and are not accessible or configurable by end users.
- Control switches provide connectivity between devices in the pod.
- Access server lines provide console connections to lab equipment.
- Switched outlets provide managed electrical power, allowing NETLABAE and users to turn lab equipment on and off.
Control Device Requirements for the Network Security Pod
| Control Device Resource | Quantity Required |
|---|---|
| Control Switch | 11 Consecutive Ports |
| Access Server | 4 Lines |
| Switched Outlet Devices | 4 Outlets |
The Network Security Pod requires 11 consecutive ports on a control switch.
The Network Security Pod requires 4 async ports on an access server.
The Network Security Pod requires 4 outlets on a switched outlet device.
For More Information
Please refer to the Network Security Pod Planning and Installation Guide