Network Security Pod - Quick Reference Page


This quick reference page provides a summary of the specifications of this topology. For a complete reference including installation details, please refer to the Network Security Pod Planning and Installation Guide

NSP is an excellent pod if your Academy still teaches firewall configuration based on ASAs or PIXs. If you are adopting the new CCNA Security course, you will need to use the new Multi-purpose Academy Pod (MAP). The MAP topology supports CCNA Security, Exploration and Discovery labs.

Topology Supports Documentation

LSP 		Planning and Installation Guide
 

Lab Topology

NSP

Lab Device Requirements

Lab devices are part of the topology and users can interact with them either directly through the console or network.

Hardware compatibility with NETLAB+ does not guarantee the compatibility of labs. Please check the Academy curriculum, NDG pod guides, and lab support pages for specific hardware and IOS requirements.

Recommended devices for this topology are listed in the table below. The equipment listed is derived from the official Academy spreadsheet NSv2.0_Configuration_and_Pricing_Guide_03OCT05.xls.

Other equipment may work if it is supported by NETLAB+ and can meet the minimum requirements for feature sets, interfaces, IOS, RAM, and Flash


Router1 and Router2
Recommended
Model(s)1		 Ethernet Ports Required IOS Features
Cisco 831 (Economy) 2 S831CHK9-12402T
Cisco 831 Series IOS IP/FW 3DES
Cisco 1841 (Standard) 2 IP Advanced Security
Minimum of 12.3.(8)T IOS IP/FW/IDS Plus
IPSec56 or 3DES image
Cisco 2621XM 2 IP Advanced Security
Minimum of 12.3.(8)T IOS IP/FW/IDS Plus
IPSec56 or 3DES image

PIX1 and PIX2
Recommended
Model(s)1		 Ethernet Ports Required IOS Releases
Recommended
ASA 5510
 3 IOS 7.0(6) or higher.
Supported (EOS/EOL)
PIX 515E
 3

PIX-515E-DMZ Bundle (Chassis, Restricted SW, 64MB SDRAM, 3 FE ports. Includes PIX-1FE PIX 10/100 Fast Ethernet card)

Select SF-PIX-515-7.0 [PIX OS 7.0- or later] for the PIX 515E Chassis for Software Option.

Select PIX-515-VPN-3DES for PIX-VPN Options (or select PIX-VPN-DES in encryption restricted countries)

Not Recommended PIX 501
PIX 506E
 2* * 501s and 506s do not have a DMZ interface and cannot be upgraded to OS v 7.0 or later. These models are options in NETLAB+, but they are limited in functionality. At least one PIX in the pod should be a PIX 515E.

RBB (backbone router)

RBB is a backbone router with a static configuration. At least one Fast Ethernet port supporting 802.1q is required. NETLAB+ does not allocate an access server connection for RBB, so users cannot directly access the console port. However, it is part of the topology so users can indirectly interact with it (i.e. ping, trace, RIP, etc.).

You may allow student Telnet access to RBB from BB, PC1, or PC2. Since RBB is part of the pod infrastructure, we do not recommend privileged (enable) access.

Recommended
Model(s)1		 Ethernet Ports Required IOS Features
Cisco 1841
Cisco 2801
Cisco 2620/2621 		1 12.2, IP, 802.1q, RIP

1Other routers and switches models may be used. Please consult your Cisco NetAcad support contact for more information.

Router Interfaces

The NETLAB+ interface name translation feature is supported on this pod type. This may influence the selection of modular interface cards and slot placement within the router. Please review the expected interface names for each router.

Virtual PC Support

Remote PCs are implemented by integrating with 3rd party virtualization products. The NETLAB+ documentation library includes several guides with extensive detail on the implementation of virtualization with your NETLAB+ system.

The following operating system choices are typical based on the curriculum. These choices are not mandatory; you can make substitutions provided that:

  1. Your choice of NETLAB+ supported virtualization product supports the operating system (as a guest).
  2. Your choices are compatible with the curriculum.

Only virtual machines are supported on this topology. Standalone PCs are not supported.

The Academy labs refer to a SuperServer option. This is not supported by virtualization products or NETLAB+. Multiple servers in the pod are implemented as virtual machines.


The Network Security Pod supports up to seven (7) virtual machines.
Virtual Machine Recommended
O/S		 Functions VLAN Offset1
PC1 Windows XP Student PC, client activities, VPN +0
PC2 Windows XP Student PC, client activities, VPN +4
IS1 Windows 2000 or 2000 Server CSACS Web, FTP,DHCP +0
IS2 Windows 2000 or 2000 Server CSACS Web, FTP,DHCP +4
DMZ1 Linux or Windows Web, FTP +1
DMZ2 Linux or Windows Web, FTP +5
BB Windows 2000 or 2003 Server Backbone Server +8

1See the planning and installation guide for detaiils

Control Device Requirements

Control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLAB+ and are not accessible or configurable by end users.

  • Control switches provide connectivity between devices in the pod.
  • Access server lines provide console connections to lab equipment.
  • Switched outlets provide managed electrical power, allowing NETLAB+ and users to turn lab equipment on and off.

Control Device Requirements for the Network Security Pod
Control Device Resource Quantity Required
Control Switch 11 Consecutive Ports
Access Server 4 Lines
Switched Outlet Devices 4 Outlets

The Network Security Pod requires 11 consecutive ports on a control switch.
NSP_CS
The Network Security Pod requires 4 async ports on an access server.
NSP_AS
The Network Security Pod requires 4 outlets on a switched outlet device.
NSP_SW

For More Information

Please refer to the Network Security Pod Planning and Installation Guide