CCNP Labs: What is the Best Setup?

The CCNP is your next giant hurdle to achieving Cisco certification and networking know-how nirvana. Your CCNA was a major achievement and is nothing to scoff at. The professional-level cert tier, however, represents a huge jump in domain knowledge and experience around Cisco kit, IOS, and general networking architecture.

It’s worth noting that the CCNP has changed significantly over the years. What was once a single Routing and Switching certification is now split into multiple professional tracks, including Enterprise, Security, Collaboration, and others—each built around a core exam plus a concentration exam. 

While the focus and tools vary slightly by track, the same question applies across the board: what’s the most effective way to build a lab that actually prepares you for today’s CCNP exams?

But is it the only way? There are software emulators that let you build and test networking with real Cisco firmware; those should be good enough, right? Well, as with most things, the answer is a firm maybe. It’s not like we really need to give most of you an excuse to build a physical lab, but software labs do have some advantages over hardware.

Either way, let’s get you geared up and look at all the various CCNP lab options, how they are used, and what works best for different scenarios to find the best possible lab setup.

CCNP Lab #1: How to Build a Hardware Lab

Let’s start at a high level. You’re going to need some switches, a router, and a rack to hold them all instead of as a pile on your desk. Maybe add a firewall or other security appliance, wireless components if you're targeting those technologies, a healthy handful of patch cables, and a UPS for continuous power. Don’t forget the physical space to hold everything convenient to where you want to study.

As you can see, this is no easy or cheap proposition. eBay will definitely be your friend, as older Cisco gear is abundant and easy to find for much less than retail. 

Companies that buy, refurbish, and resell network hardware are also easy to find, but expect to pay them more as a middleman than buying direct on ebay. Another source where you can find a deal (if you’re lucky) is the government auction site GovDeals. The section for computer equipment is always loaded with all kinds of fun listings for bulk products. Unfortunately, they are almost always local pickup only, so you would have to get really lucky to find a deal close by.

3 Best Switches for a CCNP Enterprise Home Lab

Now the real question with hardware: what models? You don’t need the fanciest, most feature-packed 48-port PoE Cisco Nexus switches with fiber uplinks. Some simple Catalyst switches will be fine. They are plentiful, and even the less expensive models have almost all the features you’ll need to practice for the CCNP. 

Here are some specific models you might want to look for:

• Catalyst 3560-X / 3750-X: A solid choice for a CCNP Enterprise home lab. These switches support newer IOS versions and enough Layer 2 and Layer 3 features to cover most switching topics without breaking the bank.

• Catalyst 3650 / 3850: A step closer to modern enterprise networks. These run IOS-XE and are a good option if you want hardware that better reflects what’s used in production environments today.

• Catalyst 9300: More than most home labs need, but the closest match to current enterprise access switches. Best for those who want real-world parity rather than just exam coverage.

You’ll want three switches total so you can configure them in a variety of ways, such as all connected in a triangle configuration to practice spanning tree protocol. For most home labs, two or three mid-range Catalyst switches are more than enough to practice common CCNP Enterprise scenarios.

Find the models with the fewest ports you can (most come with either 24 or 48); having more ports won’t help your studies.

A Few Options for CCNP Home Lab Routers

For the router, older models like the Cisco 1841, 2801, or 2811 can still be useful for practicing basic routing concepts, but they don’t reflect what’s covered on today’s CCNP Enterprise exams. A better option is an ISR 4000-series router (such as the 4321 or 4331), which runs IOS-XE and more closely matches modern enterprise networks.

Many candidates skip physical routers altogether and use virtual options like Cisco’s CSR1000v in a software lab, which supports the features and workflows you’ll actually see on the exam.

If you are specifically targeting the CCNP Security, things start getting a little tricky. Your hardware choices here will reflect the core and concentration exams required for the CCNP Security track. 

For CCNP Security, physical firewall hardware is no longer required. The exam focuses on Firepower Threat Defense (FTD) and centralized management using Firepower Management Center (FMC), which are best practiced in a virtual lab environment using tools like Cisco Modeling Labs or GNS3. 

Where to Find IP Phones for CCNP Collaboration

Another consideration is hardware you will need specific for the CCNP Collaboration, if that’s the cert you’re after. This cert is all about technologies like chat, video, and especially VoIP, which means you’ll need some IP phones. The Cisco 7960 or 7971 will be perfect options and they are cheap and plentiful on the used market. They also will pair nicely with those PoE switches for power.

Those switches and routers will come in handy as well to practice different phone setups, like multiple sites and QoS. Finally, you’ll need the server apps to run your VoIP system, so factor in some dedicated PC hardware to run Cisco Unity Connection and/or Unified Communications Manager.

Next is all the boring bits: network cables, serial cables, power cables, and any of the extra stuff you feel like adding. Rack it up or stack it in a pile and get to work!

Cisco Certifications that Don't Require Hardware 

It’s also worth noting that not every professional-level Cisco certification benefits from a physical lab. Tracks like CCNP Security, Cisco CyberOps Professional, and DevNet Professional are heavily focused on software, automation, monitoring, and centralized management. In these cases, virtual labs and simulations are often more effective—and more realistic—than physical hardware.

CCNP Lab #2: How to Build a Software Lab

If you can run virtual fleets of servers through hypervisors, why can’t you run virtual networks via software? Well you can, and while there are many options available most people turn to the open source GNS3. In their words, “GNS3 is used by hundreds of thousands of network engineers worldwide to emulate, configure, test, and troubleshoot virtual and real networks.” It’s definitely a powerful app, capable of building just about any complex, real-world network you can dream up.

Basically, click and drag some virtual Cisco gear into your virtual network, connect the interfaces, open a real SSH session to the hardware to configure it, connect your hardware to a virtual WAN, and watch the packets flow. GNS3.com has an excellent tutorial on getting started, specifically with Cisco hardware. Read that right after going through the installation, setup, and initial topology docs.

The pros of training with a virtual network are huge. Add as many Cisco switches and routers as you want, deployed with a click. No tracking down used hardware, building a rack, or messes of cables. 

Virtual Workstations

Add virtual workstations running DNS or other network services. Save and load different configurations to practice different scenarios in a snap. Connect your virtual LAN to other real hardware on the same physical LAN, like phones and APs. Lastly, GNS3 uses Cisco firmware, so the experience of configuring the hardware is identical to the real thing.

In that last point, however, comes one of the first cons: Cisco firmware is proprietary software and GNS3 does not provide it for you legally. Your options: if you have a support contract, you can download an IOS image directly from Cisco, or if you already have a switch or router you can download the IOS image off of it. 

Any non-Cisco sites you might find offering a free IOS download aren’t upright citizens, so let’s keep it legal. If nothing else, find a single cheap switch just to nab the image. It would be worth asking the seller what version is loaded, and pass on anything that can’t run a reasonably recent IOS or IOS-XE image.

There are other options for virtual networks besides GNS3. Cisco offers Packet Tracer, which is free and doesn’t require a separate IOS image, however some of the more advanced features you’ll need to study for a CCNP are missing. Cisco Modeling Labs is a cloud-based tool similar to GNS3 with official IOS images. 

What’s the Best CCNP Lab Setup: Hardware or Software?

To answer our initial question, the best setup is, well, it depends on your preference for the joy of seeing a beautiful rack of hardware or the ease and budget-friendly option of software. Both will let you practice anything you’ll need to do or most CCNP tests—none of which will require you to touch any hardware. Hopefully, the best option for you is clear by now after we’ve explored both options.

The important thing is that you commit to a choice and start the actual hard work of hitting the books, good luck in your CCNP pursuits! 

Not a CBT Nuggets subscriber? Sign up today, and your first 7 days of learning are free.