This quick reference page provides a summary of the specifications of this topology. For a complete reference including installation details, please refer to the Multi-purpose Academy Pod with ASA Planning and Installation Guide

This enhanced version of the MAP pod includes additional hardware that is needed in order to support CCNA Security.

CCNA Security labs require different Console and Enable Secret Password settings from other courses. Please review the information on enabling CCNA Security labs.

CCNP TSHOOT v7 labs require a different Enable Secret Password setting from other courses. Please review the information on enabling CCNPv7 TSHOOT labs.

 

Lab Topology

MAP ASA

The Multi-Purpose Academy Pod with ASA includes three routers (R1, R2 and R3),three switches (S1, S2 and S3) and an Adaptive Security Appliance (ASA).

All NETLAB+ topologies with lab switches and Virtual Machines require additional switch configuration tasks for successful operation. The Multi-purpose Academy Pod with ASA requires switch configuration commands on control switch ports S1, S2 and S3.

 

Cisco Standard Topology Configurations

To simplify equipment purchasing, we have organized equipment requirements by pod type. Since these requirements change over time, we further categorized as Configuration A, Configuration B, Configuration C, etc... Equipment lists for each configuration are provided below, with the most recent configuration listed first.


  • Configurations are presented in descending alphabetical order. For example, Configuration D is the most recent configuration among A, B, C and D. Configuration A contains hardware from the earliest bundle supported by NETLAB+ VE.
  • The latest configuration is typically recommended for new purchases. Your selection of courses and equipment budget should also be considered when choosing a configuration.
  • Earlier configurations are supported for reference until the equipment no longer supports the requirements of the Cisco Networking Academy.

To reduce equipment expenses, schools purchasing new equipment that do not plan to teach CCNP SWITCH and/or TSHOOT can consider using the MAP ASA C configuration rather than the MAP ASA D configuration.

The table below lists the number of labs supported for each of the Cisco courses, for each of the topology configurations.

Cisco Course MAP ASA
D
MAP ASA
C
MAP ASA
B
MAP ASA
A
CCNA v6.0 ALL ALL ALL ALL
CCNA v5.1 ALL ALL ALL ALL
CCNA v5.0 ALL ALL ALL ALL
Security v2.0 ALL ALL ALL ALL
CCNA Security v1.2 ALL ALL ALL ALL
CCNP ROUTE v7.0 15 out of 22 15 out of 22 15 out of 22 15 out of 22
CCNP ROUTE v6.0 21 out of 34 21 out of 34 21 out of 34 21 out of 34
CCNP SWITCH v7.0 2 out of 17 n/a n/a n/a
CCNP SWITCH v6.0 1 out of 19 n/a n/a n/a
CCNP TSHOOT v7.0 ALL n/a n/a n/a
CCNP TSHOOT v6.0 ALL n/a n/a n/a
 

MAP ASA D - Cisco Standard Topology Configuration

NETLAB Versions: NETLAB+ VE

Qty Product Number Description Software Version Device Names Notes
3 ISR4321-SEC/K9 Cisco ISR 4321 (2GE,2NIM,4G FLASH,4G DRAM,Sec bundle) IP Security isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin R1, R2, R3  
3 NIM-2T= 2-Port Serial WAN Interface Card       1
3 CAB-SS-26MTC-02 All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet       2
1 WS-C2960+24TC-L Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image LAN BASE c2960-lanbasek9-mz.150-2.SE7.bin S2  
2 WS-C3650-24TS-E Cisco Catalyst 3650 24 Port Data 4x1G Uplink IP Services IP Services cat3k_caa-universalk9.SPA.03.06.05.E.152-2.E5.bin S1, S3  
1 ASA5505-BUN-K9 Adaptive Security Appliance (ASA) Model 5505 ASDM 74.1   asa923-k8.bin ASA  
5   6-foot Cat5e Cable (straight)        
5   3-foot Cat5e Cable (straight)        
10   1-foot Cat5e Cable (crossover)        
Notes
  1. Not supported by 1921, 1941, 2901, 2911 router.
  2. Third-party cable type, certified and sold by Converge One. An alternative, using longer cables is CAB-SS-V35MT= (V.35 Cable, DTE Male to Smart Serial, 10 Feet) + CAB-SS-V35FC= (V.35 Cable, DCE Female to Smart Serial, 10 Feet) in place of each CAB-SS-26MTC-02 (All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet).
 

MAP ASA C - Cisco Standard Topology Configuration

NETLAB Versions: NETLAB+ VE

`
Qty Product Number Description Software Version Device Names Notes
3 ISR4321-SEC/K9 Cisco ISR 4321 (2GE,2NIM,4G FLASH,4G DRAM,Sec bundle) IP Security isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin R1, R2, R3  
3 NIM-2T= 2-Port Serial WAN Interface Card       1
3 CAB-SS-26MTC-02 All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet       2
3 WS-C2960+24TC-L Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image LAN BASE c2960-lanbasek9-mz.150-2.SE7.bin S1, S2, S3  
1 ASA5505-BUN-K9 Adaptive Security Appliance (ASA) Model 5505 ASDM 74.1   asa923-k8.bin ASA  
5   6-foot Cat5e Cable (straight)        
5   3-foot Cat5e Cable (straight)        
10   1-foot Cat5e Cable (crossover)        
Notes
  1. Not supported by 1921, 1941, 2901, 2911 router.
  2. Third-party cable type, certified and sold by Converge One. An alternative, using longer cables is CAB-SS-V35MT= (V.35 Cable, DTE Male to Smart Serial, 10 Feet) + CAB-SS-V35FC= (V.35 Cable, DCE Female to Smart Serial, 10 Feet) in place of each CAB-SS-26MTC-02 (All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet).
 

MAP ASA B - Cisco Standard Topology Configuration

NETLAB Versions: NETLAB+ VE, NETLAB AE/PE

Qty Product Number Description Software Version Device Names Notes
3 CISCO1941-SEC/K9 Cisco 1941 with Security Technology Package License w/2 GE, 2 EHWIC slots, 256MB CF, 512MB DRAM, IP Sec IP Security c1900-universalk9-mz.SPA.154-3.M2.bin R1, R2, R3  
3 HWIC-2T= 2-Port Serial WAN Interface Card       1
3 CAB-SS-26MTC-02 All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet       2
3 WS-C2960+24TC-L Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image LAN BASE c2960-lanbasek9-mz.150-2.SE7.bin S1, S2, S3  
1 ASA5505-BUN-K9 Adaptive Security Appliance (ASA) Model 5505 ASDM 74.1   asa923-k8.bin ASA  
5   6-foot Cat5e Cable (straight)        
5   3-foot Cat5e Cable (straight)        
10   1-foot Cat5e Cable (crossover)        
Notes
  1. Not supported by ISR 4321 router.
  2. Third-party cable type, certified and sold by Converge One. An alternative, using longer cables is CAB-SS-V35MT= (V.35 Cable, DTE Male to Smart Serial, 10 Feet) + CAB-SS-V35FC= (V.35 Cable, DCE Female to Smart Serial, 10 Feet) in place of each CAB-SS-26MTC-02 (All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet).
 

MAP ASA A - Cisco Standard Topology Configuration

NETLAB Versions: NETLAB+ VE, NETLAB AE/PE

Qty Product Number Description Software Version Device Names Notes
3 CISCO1921-SEC/K9 C1921 Modular Router, 2 GE, 2 EHWIC slots, 512DRAM, IP Sec IP Security c1900-universalk9-mz.SPA.154-3.M2.bin R1, R2, R3  
3 HWIC-2T= 2-Port Serial WAN Interface Card       1
3 CAB-SS-26MTC-02 All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet       2
3 WS-C2960+24TC-L Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image LAN BASE c2960-lanbasek9-mz.150-2.SE7.bin S1, S2, S3  
1 ASA5505-BUN-K9 Adaptive Security Appliance (ASA) Model 5505 ASDM 74.1   asa923-k8.bin ASA  
5   6-foot Cat5e Cable (straight)        
5   3-foot Cat5e Cable (straight)        
10   1-foot Cat5e Cable (crossover)        
Notes
  1. Not supported by ISR 4321 router.
  2. Third-party cable type, certified and sold by Converge One. An alternative, using longer cables is CAB-SS-V35MT= (V.35 Cable, DTE Male to Smart Serial, 10 Feet) + CAB-SS-V35FC= (V.35 Cable, DCE Female to Smart Serial, 10 Feet) in place of each CAB-SS-26MTC-02 (All-in-One, Smart Serial to Smart Serial Cable, DTE/DCE, 2 Feet).

Router Interfaces

The NETLAB+ interface name translation feature is supported on this pod type. This may influence the selection of modular interface cards and slot placement within the router. Please review the expected interface names for each router.

Virtual PC Support

Remote PCs are implemented by integrating with 3rd party virtualization products. The NETLAB+ documentation library includes several guides with extensive detail on the implementation of virtualization with your NETLAB+ system.

The following operating system choices are typical based on the curriculum. These choices are not mandatory; you can make substitutions provided that:

  1. Your choice of NETLAB+ supported virtualization product supports the operating system (as a guest).
  2. Your choices are compatible with the curriculum.

Only virtual machines are supported on this topology. Standalone PCs are not supported.


The Multi-Purpose Academy Pod with ASA supports three (3) virtual machines.
Virtual Machine Recommended
O/S
Functions VLAN Offset1
PC A Windows XP Student PC, client activities +0
PC B Windows XP Student PC, client activities +1
PC C Windows XP Student PC, client activities +3

1See the planning and installation guide for details.

Control Device Requirements

Control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLAB+ and are not accessible or configurable by end users.

  • Control switches provide connectivity between devices in the pod.
  • Access server lines provide console connections to lab equipment.
  • Switched outlets provide managed electrical power, allowing NETLAB+ and users to turn lab equipment on and off.

Control Device Requirements for the Multi-purpose Academy Pod with ASA
Control Device Resource Quantity Required
Control Switch 9 Consecutive Ports
1 reserved port (VMware)
Access Server 7 Lines
Switched Outlet Devices 7 Outlets

The Multi-Purpose Academy Pod with ASA requires 9 consecutive ports on a control switch. Also,1 reserved port is required. This port on the control switch connects to an 802.1q NIC card on the VMware server. This allows devices in the pod to communicate with virtual machines.
MAP_CS
The Multi-Purpose Academy Pod with ASA requires 7 async ports on an access server.
MAP_AS
The Multi-Purpose Academy Pod with ASA requires 7 outlets on a switched outlet device.
MAP_SW

For More Information

Please refer to the Multi-purpose Academy Pod with ASA Planning and Installation Guide