Lab Equipment

Official CCIE Security Lab Equipment and Software v5.0
https://learningnetwork.cisco.com/docs/DOC-30658

First off, you need a US keyboard with the “small” Enter key

Logitech K120 (costs 10-20 USD)

I have bought and build my own Home Lab to almost match the official requirements from Cisco.

To my luck, most of the devices needed are virtual and can be hosted on VMware ESXi.

As of now I do not have the following physical equipment: Catalyst C3850, ASA5512-X, WLC2504 and IP Phone 7965

I do have a Cisco Switch C3560CG (I recommend a C3560CX for more feature support) and a Cisco IP Phone 7975.

CCIE Security Home LAB
Say hello to my small form factor, low-noise and low-power (40-60Watt) “Wonder BoX”

What’s on the inside:

  • Board: SuperMicro X10SRM-F
  • CPU: 10 Core/20 Threads 2.2GHz Intel XEON E5-2630V4 L3 25MB
  • Cooler: Noctua NH-U12DX i4
  • RAM: 128GB ECC Kingston ValueRAM
  • Storage: 32GB SanDisk Ultra Fit V2 (ESXi 6.5 Host)
  • Storage: 1TB NVMe Samsung 960 EVO (ESXi Guests)
  • Case: Silverstone SST-SG10B Sugo
  • PSU: Corsair RM550x 550 Watt
  • WiFi NIC: TP-Link 150Mbps Wireless N Nano USB

“Wonder BoX” currently runs 26 Virtual Guests (the entire equipment list except; APIC-EM, CUCM and Firepower Private Cloud) and draws 88GB of Memory and 3GHz of CPU (when it boots it draws 20-21GHz of CPU)

To give you an understanding of what’s running in the VMware ESXi environment.

The topology is not set in stone and is “first draft”, just to have things installed and running.

Some of the equipment can run without licenses (limited bandwidth throughput) others require either full, demo or evaluation licenses.

CCIE_Security_LABv3.jpg

Nice to know

  • Cisco Access Control Server (ACS) only support crazy old browsers: Mozilla Firefox version 44 works like a charm
  • GNS3 VLAN Trunk to “real world” physical switch
    • Port configuration on physical switch connected to VMware ESXi
      interface GigabitEthernet0/10
       description VMware vmnic3
       switchport trunk encapsulation dot1q
       switchport mode trunk
       switchport nonegotiate
       no cdp enable
       spanning-tree bpdufilter enable
      end
    • In VMware ESXi you need to separate the VLANs into “Port Groups”2017_07_24_13_44_35_100.64.99.103_vSphere_Client
      and attach each VLAN as i Network adapter on the GNS3 VM2017-07-24 13_46_50-GNS3 - Virtual Machine Properties
    • SSH/Console to the GNS3 VM and confirm the adapters show up on the host2017-07-24 13_46_50-GNS3 - ifconfig.png
      If for some reason they do not show up, you can manually initiate the interfaces (remember VM ESXi counts 1-2-3 and GNS3 counts 0-1-2)

       sudo ifconfig eth4 up
       sudo ifconfig eth5 up
    • Now add “Clouds” in GNS3 and connect them to Cisco IOS L2 “Access Ports” in the desired VLANs (each Cloud represents a NIC in GNS3 and a VLAN Port Group in VMware ESXi)2017-07-24 14_01_19-GNS3-VLAN.png

30 thoughts on “Lab Equipment

  1. thanks, im looking to start CCIE Security aswell, I notice you are at INE bootcamp, would really like know how you get on, I can see you have updated how Day 1 went, looking forward to see other days aswell.

  2. Hi, i was just wodering how is the server holding up so far running all the lab equipments? I am actually planning to build a system with similar specs as yours, basically “Wonder Box 2” :).

    Also is there a specific reason you are not using GNs3 VM and host all vAppliances onto it(if i understood right) instead running cisco vAppliances from Esxi directly?

    1. Hi Nabil,
      Thanks for your comment.
      The box hold up perfect, could not be a better build..
      CPU is 100% at bootup, but else it’s around 20%
      Memory is around 90-100GB with everything powered on.. you can do a Build with 64GB memory
      Disk is around 500GB used.

      I have thought about the bare metal GNS3, but for now I will not change it.

      1. Sounds promising! And the reason why i like this build as compared to rack server is the low noise and power consumption. This will sit well in my apartment alongside my computer table so you basically gave me a perfect idea!

        And yes i am planning to go for 64 GB first and then see if i’d need to add more. Also because in whole build, RAM is the most expensive part. As per my estimate, exact same specs as yours are going to cost me around 3200 Euros but i think i can cut short by going for 3.5″ SATA HDD (server/enterprise edition), that might allow me to go straight for 128 GB.

        One more thing i was curious to find out, is the Noctua cooler enough for handling heat? I am guessing at ~20% consumption during normal operation would not really heat up CPU.

      2. Hi Nabil,

        I would go for at least SSD (HDD will be to slow to start Firepower and ISE)
        The CPU cooler runs auto adjustment speed, and are always on slowest RPM.
        My worries is RAM and Chip heat.. but the Chassis cooler can take care of that (more cooling more noise)

  3. That’s true! More fans more noise. Luckily i have two 120mm fans already from my other NZXT case as i replaced them with the RGB fans so those should come handy as the case has space for two additional 80/92 mm fans but looks like will need some trick to fit in atleast one 120mm.

    And yes i think i should atleast go for SSD. I suppose spending 200-300 more should not hurt when you are spending that much already.

  4. Hi Henrik, I was just wondering if you could share the product code of DIMM kit you got? Just wanted to finalize if i should go for RDIMM and also considering the speed and CAS latency.

  5. Hi Henrik, in ur blog u said firefox 44 works a charm, are u usin acs 5.8.0.32.7 and does ur monitoring and reports work, the park im trying to access is TACACS authentication System report.

  6. Hello Henrikmeyer
    can you explain how much was the total cost? have you paid any licensing fees if so how much for which softwares? Thanks

    regards Farhad

  7. Hi Henrik, Thanks for the info. I founded it very inspiring, so I decided to follow your path and purchase some of the components. I’m in the process of building it but I have found some problems with the connection of the front panel components to the motherboard (power and reset buttons, plus the power led – USBs are workingn ok) – did you do something special when you set it up?

    1. Hi Jose,

      I’m glad that I can inspire 🙂

      I have connected all front buttons exept the USB, and it is working.
      Cannot remember how I did it, but think I followed the instructions in the Motherboard Userguide.

      1. Hi Henrik,

        Indeed I was making a mistake with the FP connections – the user guides it is not very clear up to what is the relative positions of the PIN in relation to the MB. There is a grey box that represent the first pin. It ended up that I was connecting those connectors the other way around – so 1 to 16, 2 to 15 and so – connecting them the other way around made the magic :). I had other issue with the boot devices. The SSD is a UEFI boot device and even when dual boot was selected, the disk did not boot. I had to modify the BIOS setting so dual boot was disabled and just UEFI devices were used. I have a fully working server now 🙂

        Again many thanks for your blog!

        Cheers, Jose

  8. Hello sir
    I got a doubt for ine ccie security virtual lab ..
    Can we use Dell precision t7500 with 2 hexacore CPU and 128gb ram and 1tb harddisk or Dell poweredge 2950 with same config but with 2 quad core CPU . ? Or we need to take Dell poweredge r610 only .
    Please do reply and help
    Thanks

  9. Hi sir I have seen your comments but can u tell me will ccie security v5 virl lab will work on Dell precision t7500 with 2x hexacore processor and. 128gb ram and 1tb harddisk . Can we install VMware exsi on it ? Please help me out sir

  10. This and the rest of the blog is very helpful. Thank you Henrik for sharing your IE-Security experience!

  11. is anyone willing to sell the whole CCIE Security Lab Hardware and Software package? I want to buy

  12. So were you able to run all CCIE Sec lab VMs at the same time with those server specs? I’m starting to build my own lab but it will be primarily to practice new techs. However, I’d nice to support and mimic a CCIE lab (like the INE’s one).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s