This quick reference page provides a summary of the specifications of this topology. For a complete reference including installation details, please refer to the Security PIX Pod Planning and Installation Guide

Topology Supports Documentation

SXP
FNSP 1.x Planning and Installation Guide
 

Lab Topology

SXP

Lab Device Requirements

Lab devices are part of the topology and users can interact with them either directly through the console or network.

Hardware compatibility with NETLAB+ does not guarantee the compatibility of labs. Please check the Academy curriculum, NDG pod guides, and lab support pages for specific hardware and IOS requirements.

Other equipment may work if it is supported by NETLAB+ and can meet the minimum requirements for feature sets, interfaces, IOS, RAM, and Flash.


PIX1 and PIX2
Recommended
Models
Ethernet
Ports Required
IOS Release Images
(in order of preference)
PIX515E 3 6.3(4)
7.0(1)
pix634.bin (IOS)
pix701.bin (IOS)
pdm-302.bin (pix device manager2)
PIX501
PIX506E
21 6.3(4) pix634.bin (IOS)
pdm-302.bin (pix device manager2)

1The PIX 501 and PIX 506E do not support a DMZ.

2NETLAB+ does not support the PDM image.


Router Backbone (RBB)

RBB is a static router. It is not accessible or configurable by users. However, it is part of the topology so users can indirectly interact with it (i.e. ping, trace, RIP, etc.).

You can implement RBB in one of two ways:

  1. A separate standalone RBB router for each Security Router Pod
  2. Simulating RBB for two or more security pods by utilizing multi-VRF on one physical router.

Configuration of each option is covered in detail in section 8 of the Planning and Installation Guide.


Backbone Server / VPN Client PC

The Backbone Server (BB) provides services that are typically provided by Internet servers.

The FNS curriculum provides two options for the backbone server (BB):

  • Option 1 - a dedicated BB server.
  • Option 2 - one SuperServer with Intel Pro Server NIC with VLAN support, serving as several PCs in the pod.

NETLAB+ currently does not support the SuperServer (option 2). You should use VMware GSX (or other virtualization) products to simulate several machines. Virtual machines have their own routing tables, which avoids asymmetric routing problems in the pod.

FNSP refers to a Client-to-IOS Firewall configuration. NETLAB+ does not have a pod type for this topology. However, you may also configure the Backbone Server (BB) for direct access, which means that users can login and interact with the Windows interface.

By loading the Cisco VPN client software on BB, users can use the NETLAB+ Security Router Pod for client-to-IOS firewall labs. Direct access also allows BB to be used as an external PC for labs that require testing from an outside network (i.e. simulating the Internet).

Virtual PC Support

Remote PCs are implemented by integrating with 3rd party virtualization products. The NETLAB+ documentation library includes several guides with extensive detail on the implementation of virtualization with your NETLAB+ system.

The following operating system choices are typical based on the curriculum. These choices are not mandatory; you can make substitutions provided that:

  1. Your choice of NETLAB+ supported virtualization product supports the operating system (as a guest).
  2. Your choices are compatible with the curriculum.

The Security PIX Pod includes placeholders for 7 remote PCs.

Control Device Requirements

Control devices provide internal connectivity, console access, and managed power. Control devices are dynamically managed by NETLAB+ and are not accessible or configurable by end users.

  • Control switches provide connectivity between devices in the pod.
  • Access server lines provide console connections to lab equipment.
  • Switched outlets provide managed electrical power, allowing NETLAB+ and users to turn lab equipment on and off.

Control Device Requirements for the Security PIX Pod
Control Device Resource Quantity Required
Control Switch 10 Consecutive Ports + up to 5 Reserved Ports
Access Server 2 Lines
Switched Outlet Devices 2 Outlets

The Security Router Pod requires 14 Consecutive Ports + up to 5 Reserved Ports on a control switch.
SXP_CS
The Security PIX Pod requires 2 async ports on an access server.

The Security PIX Pod requires 2 outlets on a switched outlet device.

For More Information

Please refer to the Security PIX Pod Planning and Installation Guide