By stretch | Monday, October 5, 2009 at 11:10 a.m. UTC

As mentioned in a previous post, I've begun acquiring the hardware for a community training lab. Once completed, the lab will be opened to site members for free scheduled practice sessions. So far, I have (or have ordered) the following:

  • 1x 1811
  • 2x 1841
  • 2x 2811
  • 1x 3725
  • 1x ASA5505
  • 2x Catalyst 3550-24

I think I have the makings of a respectable lab, but I would like to add a few more boxes. It would be nice to have at least one Catalyst 3560 for private VLAN support (the CCIE R&S lab uses two 3550s and two 3560s). Unfortunately, as these are very advanced switches, they don't come cheap. I'd also like to add some non-Cisco gear, perhaps a Juniper router or two. These can be difficult to source for cheap simply because Juniper moves a much lower volume of products relative to Cisco. Other vendors are a possibility as well.

You may be wondering how the 3725 fits in, since it won't support anything past IOS 12.4(15)T (like the new IOS 15.0). Equipped with two NM-4Ts (which are not supported on the x800 series), it should serve as a more-than-adequate serial hub for frame relay configurations. (Why Cisco still considers frame relay a relevant technology is beyond me.) I've secured a bunch of WIC-2Ts for the serial spokes, however I'm still working on the (rather expensive) cabling. If anyone would like to donate/sell for cheap some 3-foot smart serial-to-DB60 cables, please shoot me an email.

I'm still figuring out remote lab access. As it seems unlikely I'll be able to secure any colocation space in the near future, for now I'm planning to run the lab out of my apartment. An ideal solution would be to install a cheap ADSL line dedicated to the lab; unfortunately, only cable is available where I am (thank you, US broadband monopolies). I'll have to check whether Cox will offer me a second broadband cable connection.

So, that's where I'm at. The lab is obviously geared toward R&S, though I'd be willing to add some more security or voice capabilities (especially if said gear is donated). Suggestions?

Robert (guest)
October 5, 2009 at 11:51 a.m. UTC

hm, a ASA5505 has no failover capabiltiy...better use an ASA5510 or, cheaper -> Pix515, but then there is no SSL VPN -.- i dont know what you are doing with the device(s)

October 5, 2009 at 12:16 p.m. UTC

The Junipers will be great. We have a couple on our edged running BGP and as such don't get to play much with them :(

mike (guest)
October 5, 2009 at 12:42 p.m. UTC

beautiful idea this comm.lab - adding a xorp/vyatta could be interesting aswell

October 5, 2009 at 12:53 p.m. UTC

"Why Cisco still considers frame relay a relevant technology is beyond me."

We still use Frame Relay at my work, for lots of backhaul-type links, but then we also have a big MPLS network too, I'm guessing there's gotta be a reason it isn't all MPLS...

shivlu jain (guest)
October 5, 2009 at 1:05 p.m. UTC

GNS server can be integrated and for ASA open source could be used which is available at the given address

regards shivlu jain

Vito_Corleone (guest)
October 5, 2009 at 1:40 p.m. UTC

Why not setup a Dynamips server as well? Would be easy and pretty cheap.

October 5, 2009 at 1:43 p.m. UTC

@Vito: Because anyone can set one up. What's the point in having one remote?

October 5, 2009 at 1:47 p.m. UTC

@Stretch, why some many ISR's? Can't some 2600's do the job?

October 5, 2009 at 2:06 p.m. UTC

@tacack: Future-proofing. The 2600s are pretty much done for. There will way more stuff to play with on the ISRs anyway.

Morbo (guest)
October 5, 2009 at 3:04 p.m. UTC

Monoprice sells Cisco serial cables for a decent price:

October 5, 2009 at 3:16 p.m. UTC

I'll scrounge around for the serial cables. I may have some for the cause.

A guest
October 5, 2009 at 3:40 p.m. UTC

I know you do not want virtual routers/switches but for your Juniper gear you can always consider setting up an "olive" VM. Simulates Juniper great.

October 5, 2009 at 3:42 p.m. UTC

Definitely check out for back-to-back serial cables.

October 5, 2009 at 7:39 p.m. UTC

Frame Relay is still relevant, as it's the method of choice to provide virtual interface functionality for POS connections. PPP doesn't have (and seemingly never will have) anything similar and Ethernet isn't as widely supported without additional hardware (that is changing, but isn't their yet with the Telcos).

Virtual interfaces aren't necessary for standard WAN connections, but it's becoming more common to isolate networks that run on the same WAN infrastructure (think VRF Lite). That makes Frame very viable. Personally, I'm hoping for an solely Ethernet-based WAN long term, just to drive down the cost of edge hardware.

felix001 (guest)
October 5, 2009 at 7:48 p.m. UTC

You mention Olive ... anyone found a way to emulate Netscreen.... ??

A guest
October 5, 2009 at 8:40 p.m. UTC

Might consider a Netscreen. 5GT Netscreens can be found for $50 on Ebay and run the 6.x code (although the 5.4 code does what I need). From what I have seen, they run lots of the mainstream stuff the high-end ones do except failover.

October 5, 2009 at 9:17 p.m. UTC

Good call Stretch. Whatever you buy and set up will be a great addition to the site.

Vito_Corleone (guest)
October 5, 2009 at 9:43 p.m. UTC


Yea, anyone could set one up, but I don't see that as a drawback. Especially if it's nearly transparent to the user(s). You could have multiple pods. Just a thought.

October 6, 2009 at 1:13 a.m. UTC

Sounds great Stretch, if you can swing it try getting a ScreenOS Firewall like an SSG5 or Netscreen (Same as SSG just old and really cheap to get). Another idea would be that if you get a Juniper Router, load the ES (Enhanced Services) version of code, this would give you Firewall capabilities and also has the exact same platform that all new Juniper Firewalls will be running (SRX series).

October 6, 2009 at 1:40 p.m. UTC

I've got 2 5GT's in my lab. Great to have. Good practice VPN'ing them up with a Cisco

xphile[marc] (guest)
October 7, 2009 at 2:30 p.m. UTC

Vito has a point here, dynamips can platform simulate an array of different routers(non ISR) that will save you rackspace and money and be completely transparent. Get a beefy enough machine and you can have more than 40 routers( trust me, its what I do).

Also, any thoughts on getting any SP gear? All the stuff you listed is more along the lines of CCIE/enterprise.

Lastly, not sure if you got any email from the guys that joined my project that vito had a very large hand in..

Check it, im sure you'd be interested. :-)

DJ (guest)
October 9, 2009 at 8:47 p.m. UTC

Ideally we should have a lab which supports studying for the major CCIE exams.....R&S/SECURITY/VOICE/SECURITY, oh wait did I say security twice? Stretch hit me up..

felix001 (guest)
October 12, 2009 at 9:29 p.m. UTC

This is a great idea. I have a 2600 which you can add if you want...

felix001 (guest)
October 12, 2009 at 9:31 p.m. UTC

I forgot to add.... Have you managed to sort out the Colo space yet, if not give me a shout...

October 13, 2009 at 9:34 a.m. UTC

Where I can find your Routing TCP/IP Volume 2 notes ?

October 13, 2009 at 3:32 p.m. UTC

man O man am i looking forward to this. i'm a CCNA but i rarely get to touch any Cisco gear.. gotta say though, love the vyatta routing platform.

IntegrationArchitect (guest)
October 14, 2009 at 7:37 p.m. UTC

One could consider a used c2511 access server for terminal access to all the lab devices unless you already had that in mind. In gear selection please don’t forget the electrical power, number of circuits, heat output that will need to be cooled, noise, and operational costs on a yearly basis.

Official CCNP/NA RS Lab gear for version 5 (the CCNP 3 exam V6 is expected to be announced in Nov 2009 so this may change then):

WS-C2811: built like this •CD28N-AISK9=, WIC-2T=, CAB-SS-V35MT=, CAB-SS-V35FC=, (need 3) MEM2801-128U192D, NM-AIR-WLC6-K9=, AIR-LAP1242AG-A-K9, AIR-ANT4941

For PC or Laptop Wireless •AIR-PI21AG-A-K9 or AIR-CB21AG-A-K9 (cardbuss)



(SmartNet all around)

These next 2 options favor new gear to use less power and space in lab. Or what about this new/used blended lab instead?

WS-1841 HWIC-3G-GSM-64MB FL/256M DRAM Adv Sec $1200 Runs BGP/EIGRP/OSPF, supports 12.9(T) Adv Ent. IOS!

c3560 8 port used $800

Or this entry level lab instead for beginners and low cost, less power, but some CCNP configuration labs would not run

Cisco SR520-T1-K9 $500 •Supports T1, 3DES/AES, VPN(IPSEC/SSL), FW/IPS/Content Filtering, 2-FE10/100, SRCU, NAT, ACLs, console, web management, VLAN/802.1q trunking, RIPv1&2, RSVP, Custom queuing, AAA, RADIUS, TACACS, SNMPv3 •No support for BGP/OSPF/EIGRP due to limited fixed memory 128 mb (Use GNS3 for BGP/OSPF/EIGRP labs)

Cisco SR520W-FE-K9 •adds 802.11b/g, deletes the T1

Cisco SRW2008P $150 •Supports IOS, VLANs, & POE (Layer 3 static routes only) •Supports Fe10/100/1000, DIFSERV/ToS, SSH, SSL, LACP, JumboF, RMON, SNMP v3, rackable, Webview, console port, TFTP, RADIUS, DHCP, BOOTP, SNTP, TELNET, 802.1x RADIUS, QoS, ACLs, RSTP, STP, MSTP, CoS

felix001 (guest)
October 16, 2009 at 7:09 a.m. UTC

ive so far offered a free router and colo space and havent heard anything....

October 16, 2009 at 11:33 a.m. UTC

@felix001: Thanks but I'm keeping the lab limited to newer equipment to avoid becoming a dumping ground for EoL gear. Also, said colocation space would have to be local to Northern Virginia.

October 28, 2011 at 8:05 a.m. UTC

DB60-V.35(female) <-> V.35(male)- Smart serial also work,right?

