8/10/2004 -- In the first article in this series, we looked at the various options for Cisco certification. From now on, we'll focus on solely the home lab -- what you need, the best ways to get it and the best ways to use it. In this installment, we're looking at equipment and set-up basics.

Obviously, the type of equipment you'll need will vary by certification: If you're aiming for the CCIE, you will need a lot more equipment than if you are simply looking to pass the CCNA. Even so, there are similarities for all labs. Below I've outlined the four major types of products and related technologies required by for the range of Cisco certifications, with a brief overview for each type.

-- advertisement (story continued below) --

The four main equipment categories are

• Routers
• Switches
• Security Products (for CCSP and CCIE Security)
• Ancillary Equipment

Note that while I do get into some specifics by certification below, we'll get into much more detail for each in future installments of this series.

Routers
Cisco has grown to be known as a "routing" company -- only quite recently did Cisco branched out into other emerging markets, such as security and storage. Therefore, it's no surprise to find that routers are the core component of every certification lab. From the CCNA to the CCIE, your routing skills will be tested. In fact, virtually every Cisco product you touch today has some form of routing capability within; for example, you now get layer 3 switches that perform both switching and routing. You'll also see advanced dynamic routing protocol support in products like the Cisco PIX Firewall and Cisco VPN Concentrator.

When looking at routers for your lab, you have many choices. The actual router is not as important as the number and type of interfaces within that router, with many of the newer models being modular. A few years ago, the backbones of all labs were the Cisco 2500 series of routers. Even though these are not modular (as a rule, apart from a few of the later models), they still provided a good supply of the always important serial interfaces.

Today, the sensible choice is the 2600 as a base for building a serious lab. The 2600 is a fully modular router that has two WAN interface card (WIC) module bays and one network module (NM) bay. There are various WIC and NM cards available for these routers, ranging from simple Ethernet WIC cards to Voice over IP Network Modules that provide full voice functionality. The 2600 always has at least one on-board Ethernet. There are models available with both dual and also Fast Ethernet.

2600 series routers do not come cheap. When you add up the interface, and extra DRAM and FLASH that's required to run the latest Internetwork Operating System (IOS) images, you can hit your wallet hard. Fortunately for those of you pursuing the CCNA, this is probably overkill for the basic certifications.. For the Associate-level Cisco certifications, the 800 range of routers is the more logical choice (especially if you've not yet decided on a career in networking). The 800-series are pretty much introductory-level routers in that they contain a pretty fully featured version of IOS that's adequate for the CCNA requirements. I personally passed my CCNA with flying colors by using nothing more than an 801 ISDN router with the standard IP Only IOS image.

As I mentioned above, the interfaces on the routers you acquire are very important. It is imperative to have a good mix of LAN and WAN interfaces on the router. For LAN interfaces, Ethernet or Fast Ethernet is required. Note that token ring can (and should) be avoided as it was recently taken off the CCIE lab and isn't really tested elsewhere. (This has obviously brought down the price of routers with token ring interfaces, so they do look very appealing.)

The most common WAN interfaces are serial, ISDN and ATM. Serial interfaces are normally presented as DB60 female interfaces. ISDN is presented as RJ45. ATM can be presented in quite a few different formats.

TIP: ATM should really only be considered for the CCIE lab preparation; it's a luxury for any other titles.

The most common -- and usable -- WAN interface is a DB60 serial interface. You can very simply cable this interface for a "back-to-back" WAN connection, the building block of every lab you will use. To do this, use a serial crossover cable that is one side a DTE and one side a DCE, then connect then two routers over their retrospective Serial Interfaces.

TIP: You can also carry out frame relay (essential for the CCIE!) using this back-to-back connection. Alternatively, you can look for a router with four or more Serial interfaces and use it as a frame relay switch, then connect the other routers to this using their serial interfaces.

There are two types of ISDN. These are primary rate ISDN (PRI) and basic rate IDSN (BRI). For this article, I'm going to focus on BRI as this is what is tested at the CCNA, CCNP and CCIE (R&S) level.

BRI interfaces are presented as RJ45 and are pretty useless unless connected to an ISDN network. There are two ways to do this. You can connect to a public ISDN network -- for example, Internet access -- and play with the configurations. Or, the more sensible way, especially if you are studying for your CCIE, is to purchase an ISDN simulator. Complete mastery of ISDN is required for the CCIE lab and obtaining an ISDN simulator, really is a must for CCIE studies. When I was studying for my CCIE lab I purchase an Elmeg PABX. This PABX included three "S" buses -- addressable ISDN connections so that I can connect three routers and dial between them, owning both sides of the configuration and also not incurring any call charges.

Switches
Switches can play two distinct roles in your Cisco certification lab. The first is physical: You'll need a switch to connect the LAN interfaces of other devices, to hang together the Ethernet segments of your lab.

TIP: This job can be done with any Layer 2 hub or switch, so it's worthwhile to look around for something cost effective.

The second is topical: Hands-on knowledge of switches is now a requirement for all of the Cisco certifications, with several exams now testing switching at the professional level. Even the CCNA exam is more focused on switching than ever before. For potential CCIEs, both R&S and Security will heavily test on switches and their associated configuration/troubleshooting.

Cisco switches have two differing operating systems: CatIOS and CatOS. CatIOS and is very similar to the IOS on routers, while CatOS -- to put it simply -- isn't. CatIOS is tested at Associate and Expert level; both CatIOS and CatOS are tested at Professional level.(Cisco sure likes making things hard for you!)

CatIOS is found by default on the lower-model range of switches. The real entry-level switch is the Cisco 2950 series. This provides various models with varying port densities and comes complete with CatIOS. The Catalyst 2900XL is an older model of switch with pretty much the same IOS but can be purchased a lot cheaper due to end-of-life status of these devices.

The next major model of switch to consider is the Catalyst 3550. The Catalyst 3550 comes in a standard image and enhanced image versions. The main difference is that the enhanced image(EMI)version offers Layer 3 switching. This means that if you have a 24 port 3550, you can use every port on the switch as either a switch port or a router port. The switch provides full dynamic routing support, including OSPF and BGP. The backbone of the CCIE lab utilizes two 3550s, so it is obvious that a serious attempt at either of the CCIE lab exams is helped by prior exposure to a 3550. The 3550 switch runs CatIOS.

Moving up the value chain are the Catalyst 4500 and 6500 switches. These chassis-based switches are what you will find in the wiring closets and datacenters of large corporations. The Catalyst 4500 and 6500 both support either CatIOS or CatOS. Unless you are very privileged, it is unfeasible to really look at one of these for your home lab due to the sheer size and cost.

Security Products
If you are considering a Cisco security title, such as the CCSP or CCIE Security, there is yet more equipment over and above the routing and switching requirements. One good thing is that the equipment for the CCSP and CCIE Security is common, the only exception being the addition of a Certificate Authority (CA) server for the CCIE Security (there is no current requirement for this on the CCSP).

There are three distinct types of equipment you must obtain for these certifications:

• a Cisco PIX Firewall
• Cisco VPN Concentrator
• Cisco IDS Sensor

The Cisco PIX Firewall is available in quite a few different models, ranging from the cheap 501 up to the very expensive (and powerful) 535. It would be advised to look at the 501 or 506 to start your studies on due to the fact that these are relatively cheap as they are aimed at the SME marketplace. For the CCIE Security, the PIX 515 with ideally three or more interfaces would actually be more of a requirement so that you can get used to how the OS interacts with the third interface. Note that the PIX OS is similar in appearance to IOS but very different in the way it operates and in the configuration.

TIP: The OS is exactly the same on the 501 as it is on the 535.

The VPN Concentrator is tested on the CSVPN exam for the CCSP and is now an integral part of the CCIE Security lab exam. The basic model -- and only real choice -- is the VPN 3005. This has two interfaces and is still a considerable purchase. All of the 3000-range of concentrators use a propriety, Web-based HTML manager with only a simplified, menu-based command line interface (CLI).

Now comes the difficult part: IDS. There is a specific exam for IDS on the CCSP, and an IDS sensor is now on the CCIE security lab exam. The problem with the IDS Sensor is that they are NOT cheap and also in quite short supply. The basic model is the 4210 IDS Sensor, providing 45MBps of scanning throughput. As well as a standalone sensor, you can also get a network module for a 2600 or 3700 series router, if you can afford and find one. Management of the IDS sensor can be carried out with an IOS like CLI, or by using the built-in IDS Device Manager (IDM), a Java based GUI application that exists on the device itself. You access IDM by using a standard Web browser and connecting over HTTPS to the command and control interface of the sensor.

Ancillary Equipment
As well as the Cisco equipment, there is also what I call ancillary equipment, which ties together the lab and enables connectivity and power to the lab.

One obvious piece of equipment you'll need cables. Lots of them You'll need enough Ethernet cables and serial cables to fully connect your lab. The serial cables need to be DCE and DTE, so you either have to buy a purpose-built back-to-back cable or buy two cables: one DCE and one DTE. The prices of cables can get up there: When I studied for my CCIE, I probably spent close to $1,000 on cables alone!

While it's nice to have this lab set up at home, many of you would probably find it helpful to be able to access it from work or another remote location you want to study from. To do this, you will need to set up a terminal server of some sort to provide asynchronous connections that you can reverse telnet through. Basically, you connect the console cables to the console ports on your devices, and then connect all of these to the terminal server. You can then telnet or SSH to the terminal server and reverse telnet from the terminal server to connect to the device over the console port. This gives you an out of band connection, in band. Confused yet? This is very handy when you are away from the lab as it allows you to power cycle the devices and not lose your connection (and also practice password resets etc..), or just when you are at home with the lab so you do not have to keep swapping the console cables and you can keep multiple connections open simultaneously. I used a Cisco 2511RJ as my terminal server. This has 16 Async ports. The 2509RJ has 8 Async ports. There is also a 2511 and 2509 (minus the RJ). These use a single (in the case of the 2509) or a double (in the case of the 2511) octal cable for connecting to the console port of the equipment. Note that there are many other vendors that operate in this marketspace -- such as Digi -- and it isn't essential to purchase a Cisco terminal server.

One other consideration is a remote power device. My CCIE study lab was based at home in my study. It was not really an option to leave the equipment on all day so that I could catch an hour of study during my lunch -- both the noise and heat would have been inconvenient for my family, not to mention the electricity cost. So I did some research and bought an APC Master switch. The APC Master switch is an 8-port power switch complete with a network connection and a built-in, password-protected Web interface. I could connect to this Web interface and selectivity turn devices on and off at my leisure from anywhere in the world. This, doubled with my terminal server, really increased the availability of my study lab. I also played with X10 equipment and the Web control interface. The whole are of home automation is a growing technology, and there are some neat power managing gadgets now available two years on since I bought the master switches.

Next Time: Getting Equipment Deals
This brings us to the end of the second article in this series. We have looked at the different type of equipment that is needed to build study labs for the Cisco certifications. In the next article, I will be looking at places where you can buy this equipment without it breaking the bank, after that we will start looking at specific lab configurations for specific certifications.

More articles by Andrew G Mason:

Guide To Building a Home Study Lab, Part III: Purchasing Equipment

Guide To Building a Cisco Study Lab Part I: Introduction and Study Options

By Design: The CID Exam