NETLAB+ support materials for CCNA Security have been revised to provide compatibility with the recently released CCNA Security version v2.0. All labs are compatible with the MAP with ASA topology. Some labs may also be completed using the MAP topology. See the table below.
CCNA Security v2.0 labs require different console and enable secret password settings from other courses. Please review the information on enabling CCNA Security v2.0 labs.
| Lab | Description | Pod Required | Comments |
|---|---|---|---|
| 1.2.4.12 | Social Engineering | No equipment required. | |
| 1.4.1.1 | Researching Network Attacks and Security Audit Tools | No equipment required. | |
| 2.6.1.2 | Securing the Router for Administrative Access | MAP w/ASA or MAP | |
| 3.6.1.1 | Securing Administrative Access Using AAA and RADIUS | MAP w/ASA or MAP | |
| 4.4.1.2 | Configuring Zone-Based Policy Firewalls | MAP w/ASA or MAP | Changed S3 port number connected to PC3. |
| 5.4.1.1 | Configure an Intrusion Prevention System (IPS) | MAP w/ASA or MAP | |
| 6.3.1.1 | Securing Layer 2 Switches | MAP w/ASA or MAP | Placed PCA and PCB IPs on the topology. | 7.5.12 | Exploring Encryption Methods | No equipment required. |
| 8.4.1.3 | Configure a Site-to-Site VPN Using CLI | MAP w/ASA or MAP | Lab versions provided for both the ASA 5505 and 5506. |
| 9.3.1.2 | Configure ASA Basic Settings and Firewall Using CLI | MAP w/ASA | Lab versions provided for both the ASA 5505 and 5506. |
| 10.1.4.8 | Configure ASA Basic Settings and Firewall Using ASDM | MAP w/ASA | Lab versions provided for both the ASA 5505 and 5506. |
| 10.2.1.9 | Configure a Site-to-Site IPsec VPN Using ISR CLI and ASA ASDM | MAP w/ASA | Lab versions provided for both the ASA 5505 and 5506. |
| 10.3.1.1 | Configure Clientless Remote Access SSL VPNs Using ASDM | MAP w/ASA | Lab versions provided for both the ASA 5505 and 5506. |
| 10.3.1.2 | Configure AnyConnect Remote Access SSL VPN Using ASDM | MAP w/ASA | Lab versions provided for both the ASA 5505 and 5506. |
| 11.3.1.2 | CCNA Security Comprehensive Lab | MAP w/ASA | Lab versions provided for both the ASA 5505 and 5506. Corrected S3 VLAN1 IP and PC default gateway in lab addressing. |
| Skills A | Skills-Based Assessment - A | MAP w/ASA | |
| Skills B | Skills-Based Assessment - B | MAP w/ASA |
CCNA Security v2.0 labs require different console and enable secret password settings from other courses. If CCNA Security v2.0 and other courses are enabled in the same class, it is likely that the NETLAB+ automation will fail to save configuration files, since the default passwords, cisco and class are not the correct passwords for CCNA Security.
To avoid configuration management problems, we recommend that the CCNA Security v2.0 course be enabled in a separate class from other courses. Enabling this course within a separate class will allow you to set the appropriate console and enable secret passwords in the class settings required for CCNA Security v2.0.
Create a new class to be used for the CCNA Security v2.0 Course and select the global labs in the class settings as described in the table below, depending on the pod(s) that will be used. You may also select the Skills-Based Assessments (Skills A and/or Skills B), as indicated in the table below.
| Pods | Global Labs | Instructions |
|---|---|---|
| Multi-purpose Academy Pod | AE CCNAS v2.0 - MAP - English | On the Global Labs section of the class settings, check the "AE CCNAS v2.0 - MAP - English" if the MAP will be used to perform the labs. |
| Multi-purpose Academy Pod w/ASA | AE CCNAS v2.0 - MAPASA - English | On the Global Labs section of the class settings, check the "AE CCNAS v2.0 - MAPASA - English" if the MAP w/ASA will be used to perform the labs. |
| Multi-purpose Academy Pod w/ASA | AE CCNAS v2.0 SkillsA - MAPASA - English | On the Global Labs section of the class settings, check "AE CCNAS v2.0 SkillsA - MAPASA - English" to select Skills A. |
| Multi-purpose Academy Pod w/ASA | AE CCNAS v2.0 SkillsB - MAPASA - English | On the Global Labs section of the class settings, check "AE CCNAS v2.0 SkillsB - MAPASA - English" to select Skills B. |
Update the following settings:
Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.
Importance of Choosing the Correct Lab Exercise
Several of the labs may differ from the standard pod topologies. This is handled by NETLAB+ Dynamic VLAN Mapping technology. Always select the correct lab exercise for the actual lab. This insures that NETLAB+ will set up VLANs on the control switch such that lab devices and PCs are placed in the correct LAN segment for the exercise being performed. Selecting the correct exercise will also make the completed lab output easier to find in the archive.
NETLAB+ will configure the routers and switches with initial configuration files that include basic IP connectivity. Please verify this configuration by pinging the network interfaces before starting the lab exercise.
The routers used must meet minimum IOS requirements specified by the curriculum. The following recommendations are based on the CCNA Security v2.0 Equipment List (available on Academy Connection). Other routers and switches models may be used. Please consult Academy Connection NetAcad Maintenance - Image & Hardware Support Assistance with Legacy Equipment and Software.
| Router / Switch |
Recommended Model(s) |
Minimum DRAM |
Minimum Flash |
Minimum IOS |
Feature Set/Technology Packages |
|---|---|---|---|---|---|
| R1 | CISCO1941 | 512 MB | 256 MB | 15.4(3)M2 | IP Base, Security |
| R2 | CISCO1941 | 512 MB | 256 MB | 15.4(3)M2 | IP Base, Security |
| R3 | CISCO1941 | 512 MB | 256 MB | 15.4(3)M2 | IP Base, Security |
| S1 | WS-C2960+24TC-L | 128 MB | 64 MB | 15.0(2)SE7 | LAN Base |
| S2 | WS-C2960+24TC-L | 128 MB | 64 MB | 15.0(2)SE7 | LAN Base |
| S3 | WS-C2960+24TC-L | 128 MB | 64 MB | 15.0(2)SE7 | LAN Base |
As indicated in the Supported Labs table above, an Adaptive Security Appliance (ASA) is required in order to complete 6 labs (9.3.1.2, 10.1.4.8, 10.2.1.9, 10.3.1.1, 10.3.1.2, 11.3.1.2) of the CCNA Security v2.0 course. These labs are the only CCNA Security v2.0 labs that require the ASA.
Please refer to the Multi-purpose Academy Pod with ASA page for details on implementation.
| Device | Recommended Model(s) |
Minimum DRAM |
Minimum Flash |
Recommended IOS Feature Set |
|---|---|---|---|---|
| ASA | Cisco ASA5505-BUN-K9 | 512 MB | 128 MB | Cisco (ASA) Software Version 9.2(3) Base License Cisco ASDM Version 7.4(1) anyconnect-win-4.1.00228-k9.pkg (or later) should be uploaded to flash. |
| Software Name | Purpose | Requirements | Comments / Links |
|---|---|---|---|
| AnyConnect Secure Mobility Client release 4.1.00028 | Installed on the ASA 5505. |
Supported Microsoft Windows O/S:
|
|
| Kiwi Syslog | This software will be used as the syslog server. Tftpd32 can also be used as the syslog server. |
Supported O/S:
|
www.kiwisyslog.com |
| WinRadius | WinRadius is a standard RADIUS server for network authentication and accounting. | Windows/Linux | sourceforge.net/projects/winradius/ |
| NMAP/ZENMAP | This software is used to test the lab configuration. | Windows/Linux | www.insecure.org |
| TFTP32 | DHCP, TFTP, SMTP, Syslog servers, and TFTP client. | http://tftpd32.jounin.net/tftpd32_download.html | |
| IOS-S855-CLI.pkg | This file is used with Lab 5.4.1.1. | To obtain instructions on the file version and how to download, please see Lab 5.4.1.1. | |
| realm-cisco.pub.key | This file is used with Lab 5.4.1.1. | To obtain instructions on the file version and how to download, please see Lab 5.4.1.1. |
