Official CCIE Security Lab Equipment and Software v5.0
https://learningnetwork.cisco.com/docs/DOC-30658
First off, you need a US keyboard with the “small” Enter key
I have bought and build my own Home Lab to almost match the official requirements from Cisco.
To my luck, most of the devices needed are virtual and can be hosted on VMware ESXi.
As of now I do not have the following physical equipment: Catalyst C3850, ASA5512-X, WLC2504 and IP Phone 7965
I do have a Cisco Switch C3560CG (I recommend a C3560CX for more feature support) and a Cisco IP Phone 7975.
What’s on the inside:
- Board: SuperMicro X10SRM-F
- CPU: 10 Core/20 Threads 2.2GHz Intel XEON E5-2630V4 L3 25MB
- Cooler: Noctua NH-U12DX i4
- RAM: 128GB ECC Kingston ValueRAM
- Storage: 32GB SanDisk Ultra Fit V2 (ESXi 6.5 Host)
- Storage: 1TB NVMe Samsung 960 EVO (ESXi Guests)
- Case: Silverstone SST-SG10B Sugo
- PSU: Corsair RM550x 550 Watt
- WiFi NIC: TP-Link 150Mbps Wireless N Nano USB
“Wonder BoX” currently runs 26 Virtual Guests (the entire equipment list except; APIC-EM, CUCM and Firepower Private Cloud) and draws 88GB of Memory and 3GHz of CPU (when it boots it draws 20-21GHz of CPU)
To give you an understanding of what’s running in the VMware ESXi environment.
The topology is not set in stone and is “first draft”, just to have things installed and running.
Some of the equipment can run without licenses (limited bandwidth throughput) others require either full, demo or evaluation licenses.
Nice to know
- Cisco Access Control Server (ACS) only support crazy old browsers: Mozilla Firefox version 44 works like a charm
- GNS3 VLAN Trunk to “real world” physical switch
- Port configuration on physical switch connected to VMware ESXi
interface GigabitEthernet0/10 description VMware vmnic3 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no cdp enable spanning-tree bpdufilter enable end
- In VMware ESXi you need to separate the VLANs into “Port Groups”
and attach each VLAN as i Network adapter on the GNS3 VM - SSH/Console to the GNS3 VM and confirm the adapters show up on the host
If for some reason they do not show up, you can manually initiate the interfaces (remember VM ESXi counts 1-2-3 and GNS3 counts 0-1-2)sudo ifconfig eth4 up sudo ifconfig eth5 up
- Now add “Clouds” in GNS3 and connect them to Cisco IOS L2 “Access Ports” in the desired VLANs (each Cloud represents a NIC in GNS3 and a VLAN Port Group in VMware ESXi)
- Port configuration on physical switch connected to VMware ESXi
pretty cool stuff!! – Good luck on the Lab
Hi, your server do you have the name of the server and where someone could buy from.
Hi Saima,
The server is a Home Build, so you need to buy all the spare parts an assemble it yourself
thanks, im looking to start CCIE Security aswell, I notice you are at INE bootcamp, would really like know how you get on, I can see you have updated how Day 1 went, looking forward to see other days aswell.
Hi, i was just wodering how is the server holding up so far running all the lab equipments? I am actually planning to build a system with similar specs as yours, basically “Wonder Box 2” :).
Also is there a specific reason you are not using GNs3 VM and host all vAppliances onto it(if i understood right) instead running cisco vAppliances from Esxi directly?
Hi Nabil,
Thanks for your comment.
The box hold up perfect, could not be a better build..
CPU is 100% at bootup, but else it’s around 20%
Memory is around 90-100GB with everything powered on.. you can do a Build with 64GB memory
Disk is around 500GB used.
I have thought about the bare metal GNS3, but for now I will not change it.
Sounds promising! And the reason why i like this build as compared to rack server is the low noise and power consumption. This will sit well in my apartment alongside my computer table so you basically gave me a perfect idea!
And yes i am planning to go for 64 GB first and then see if i’d need to add more. Also because in whole build, RAM is the most expensive part. As per my estimate, exact same specs as yours are going to cost me around 3200 Euros but i think i can cut short by going for 3.5″ SATA HDD (server/enterprise edition), that might allow me to go straight for 128 GB.
One more thing i was curious to find out, is the Noctua cooler enough for handling heat? I am guessing at ~20% consumption during normal operation would not really heat up CPU.
Hi Nabil,
I would go for at least SSD (HDD will be to slow to start Firepower and ISE)
The CPU cooler runs auto adjustment speed, and are always on slowest RPM.
My worries is RAM and Chip heat.. but the Chassis cooler can take care of that (more cooling more noise)
That’s true! More fans more noise. Luckily i have two 120mm fans already from my other NZXT case as i replaced them with the RGB fans so those should come handy as the case has space for two additional 80/92 mm fans but looks like will need some trick to fit in atleast one 120mm.
And yes i think i should atleast go for SSD. I suppose spending 200-300 more should not hurt when you are spending that much already.
The Chassis come with 3 fans (top, back and side) plus your PSU fan
Oh right! I suppose that is more than enough.
Hi Henrik, I was just wondering if you could share the product code of DIMM kit you got? Just wanted to finalize if i should go for RDIMM and also considering the speed and CAS latency.
Hi Henrik, in ur blog u said firefox 44 works a charm, are u usin acs 5.8.0.32.7 and does ur monitoring and reports work, the park im trying to access is TACACS authentication System report.
Hi Saima,
I got everything to work with the setup described in my post.
Sorry for not being able to help out more.
thanks, did u use ASDM in your test lab or only CLI.
I used both
Hello Henrikmeyer
can you explain how much was the total cost? have you paid any licensing fees if so how much for which softwares? Thanks
regards Farhad
Hi Farhad…
I bought it one year ago for approximately 3.000 USD
No license fee
Hi Henrik, Thanks for the info. I founded it very inspiring, so I decided to follow your path and purchase some of the components. I’m in the process of building it but I have found some problems with the connection of the front panel components to the motherboard (power and reset buttons, plus the power led – USBs are workingn ok) – did you do something special when you set it up?
Hi Jose,
I’m glad that I can inspire 🙂
I have connected all front buttons exept the USB, and it is working.
Cannot remember how I did it, but think I followed the instructions in the Motherboard Userguide.
Hi Henrik,
Indeed I was making a mistake with the FP connections – the user guides it is not very clear up to what is the relative positions of the PIN in relation to the MB. There is a grey box that represent the first pin. It ended up that I was connecting those connectors the other way around – so 1 to 16, 2 to 15 and so – connecting them the other way around made the magic :). I had other issue with the boot devices. The SSD is a UEFI boot device and even when dual boot was selected, the disk did not boot. I had to modify the BIOS setting so dual boot was disabled and just UEFI devices were used. I have a fully working server now 🙂
Again many thanks for your blog!
Cheers, Jose
Hello sir
I got a doubt for ine ccie security virtual lab ..
Can we use Dell precision t7500 with 2 hexacore CPU and 128gb ram and 1tb harddisk or Dell poweredge 2950 with same config but with 2 quad core CPU . ? Or we need to take Dell poweredge r610 only .
Please do reply and help
Thanks
Hi,
Please see the configuration of my server, and my comments on the power. Then you will have a guideline for how much power is needed.
Hi sir I have seen your comments but can u tell me will ccie security v5 virl lab will work on Dell precision t7500 with 2x hexacore processor and. 128gb ram and 1tb harddisk . Can we install VMware exsi on it ? Please help me out sir
Hi,
I have no clue. I do not know the servers. If the spec matches my Server, then it can run my setup.
Sorry I cannot help you
This and the rest of the blog is very helpful. Thank you Henrik for sharing your IE-Security experience!
Thanks Jem
is anyone willing to sell the whole CCIE Security Lab Hardware and Software package? I want to buy
So were you able to run all CCIE Sec lab VMs at the same time with those server specs? I’m starting to build my own lab but it will be primarily to practice new techs. However, I’d nice to support and mimic a CCIE lab (like the INE’s one).
Hi Roberto,
Yes, it ran everything and at a OK speed 🙂
Good luck on your Labbing 🙂