| certifications | cisco - Matt McClure
CCNP Labs: What is the Best Setup?
The CCNP: your next giant hurdle in seizing Cisco certification celebration and networking know-how nirvana. Indeed, your CCNA was a big achievement and nothing to be looked down upon. The professional-level cert tier, however, represents a huge jump in domain knowledge and experience around Cisco kit, IOS, and general networking architecture.
The path will not be easy, delving into new depths of network configurations. Book knowledge will not be enough. The only way to truly prepare will be to get your hands on some actual Cisco gear and rack it up, building yourself the ultimate CCNP lab.
This is the only way…or is it? There are software emulators that allow you to build and test networking using real Cisco firmware, those should be good enough, right? Well as with most things, the answer is a firm maybe. It’s not like we really need to give most of you an excuse to build a physical lab, but software labs do have some advantages over hardware.
Either way, let’s get you geared up and look at all the various CCNP lab options, how they are used, and what works best for different scenarios to find the best possible lab setup.
CCNP Lab #1: How to Build a Hardware Lab
Let’s start at a high level. You’re going to need some switches, a router, a rack to hold them all in lieu of a pile on your desk. Maybe a firewall or other security appliance, some wireless access points, a healthy handful of patch cables, and probably a UPS for continuous power. Don’t forget the physical space to hold everything convenient to where you want to study.
As you can see, this is no easy or cheap proposition. eBay will definitely be your friend as used older Cisco gear is abundant and easy to find for much less than retail. Companies that buy, refurbish, and resell network hardware are also easy to find, but expect to pay them more as a middle man. Another source where you find a steal if you’re incredibly lucky is government auction site GovDeals. The section for computer equipment is always loaded with all kinds of fun listings for bulk products. Unfortunately they are almost always local pickup only, so you would have to get really lucky to find a deal close by.
3 Best Switches for a CCNP Enterprise Home Lab
Now the real question with hardware: what models? You don’t need to fanciest, most feature packed 48-port PoE Cisco Nexus switches with fiber uplinks. Some simple Catalyst switches will be fine. They are plentiful and even the less expensive models have almost all the features you’ll need to practice for the CCNP. Here are some specific models you might want to look for:
- Catalyst 2950: Basic Layer-2 switch, this should cover a lot of your test objectives, and they are dirt cheap ($20-$30 on eBay).
- Catalyst 3550: A step up from the 2950, this Layer-3 switch adds support for routing protocols that you will definately be tested on.
- Catalyst 3560: A step up from the 3550, the 3750 adds support for QoS and private VLANs, the last few topics you’ll need to meet all the test objectives.
You’ll want three switches total so you can configure them in a variety of ways, such as all connected in a triangle configuration to practice spanning tree protocol. To get fully equipped on a budget, your best bet is a single 3560 and two 2950s. That should cover about every setup you’ll need to study. Find the models with the lowest number of ports that you can (most come with either 24 or 48); having more ports won’t help your studies.
A Few Options for CCNP Home Lab Routers
For the router, look for either a Cisco 1841, 2801, or 2811. Any of these will support IOS 15, so you’re set on getting the features you need to study out of the software. Again, hit up eBay for deals.
If you are specifically targeting the CCNP Security, things start getting a little tricky. Your hardware choices here will reflect the specific two tests you chose to take to satisfy the certification requirements. The most bang for your buck will probably come from the 300-710 SNCF which covers the Firepower security appliances.
Unfortunately the workhorse ASA 5505 or 5510 that you scored on eBay for $15 won’t cut it as that hardware doesn’t support the newest Firepower features. You’re going to have to look at something more like the ASA 5506-X, which can still be found used but for closer to $250-300.
For the CCNP Enterprise (the replacement for the old Routing and Switching cert), you can choose to take one of two tests over wireless technologies. In this case you’ll need some wireless gear like a 2504 controller, at least two 3502i APs, and a single stand-alone AP like the 1142. Bonus points if you found switches with PoE, to avoid using power injectors for the APs.
Where to Find IP Phones for CCNP Collaboration
Another consideration is hardware you will need specific for the CCNP Collaboration, if that’s the cert you’re after. This cert is all about technologies like chat, video, and especially VoIP, which means you’ll need some IP phones. The Cisco 7960 or 7971 will be perfect options and they are cheap and plentiful on the used market. They also will pair nicely with those PoE switches for power.
Those switches and routers will come in handy as well to practice different phone setups like multiple sites and QoS. Finally, you’ll need the server apps to run your VoIP system, so factor in possibly some dedicated PC hardware to run Cisco Unity Connection and/or Unified Communications Manager.
CyberOps: No Hardware Required
It’s worth pointing out also how some CCNP certs aren’t really going to require any hardware at all. The Cisco Certified CyberOps Professional for example is all about the logistics of operating and managing a security operations center and responding to cyber threats, not messing with configuring hardware. Also the Cisco Certified DevNet Professional is much more focused on software, automation, and interacting with Cisco APIs.
Next is all the boring bits: network cables, serial cables, power cables and any of the extra stuff you feel like adding. Rack it up or stack it in a pile and get to work!
Now this all sounds fine and good, it may even be super exciting for some to get their hands on all this gear and get the blikenlights going. The cost can be a problem for some however, especially considering you have to pay for the tests and study materials as well.
Don’t forget that you can resell all this kit when you’re done to recoup most of the cost. There is an alternative if hardware is still out of your budget.
CCNP Lab #2: How to Build a Software Lab
If you can run virtual fleets of servers through hypervisors, why can’t you run virtual networks via software? Well you can, and while there are many options available most people turn to the open source GNS3. In their words, “GNS3 is used by hundreds of thousands of network engineers worldwide to emulate, configure, test and troubleshoot virtual and real networks.” It’s definitely a powerful app, capable of building just about any complex, real-world network you can dream up.
Basically, click and drag some virtual Cisco gear into your virtual network, connect the interfaces, open a real SSH session to the hardware to configure it, connect your hardware to a virtual WAN, and watch the packets flow. They have an excellent tutorial on getting started specifically with Cisco hardware, check it out here right after going through the installation, setup, and initial topology docs.
The pros of training with a virtual network are huge. Add as many Cisco switches and routers as you want, deployed with a click. No tracking down used hardware, building a rack, or messes of cables. Add virtual workstations running DNS or other network services. Save and load different configurations to practice different scenarios in a snap. Connect your virtual LAN to other real hardware on the same physical LAN, like phones and APs. Lastly, GNS3 uses Cisco firmware, so the experience of configuring the hardware is identical to the real thing.
In that last point however comes one of the first cons, Cisco firmware is proprietary software and GNS3 does not provide it for you legally. Your options: if you have a support contract you can download an IOS image direct from Cisco, or if you already have a switch or router you can download the IOS image off of it. Any non-Cisco sites you might find offering a free IOS download aren’t upright citizens, so let’s keep it legal. If nothing else, find a single cheap switch just to nab the image. It would be worth asking the seller what version is loaded, pass on anything below IOS 15.
There are other options for virtual networks besides GNS3. Cisco offers Packet Tracer, which is free and doesn’t require a seperate IOS image, however some of the more advanced features you’ll need to study for a CCNP are missing. Cisco Modeling Labs is a cloud-based tool similar to GNS3 with official IOS images. You pay a yearly subscription starting at $199, which isn’t bad but is more than free. Cisco VIRL is another tool similar to GNS3, but also with a pricetag >$0 and the more advanced feature support just isn’t there yet.
What’s the Best CCNP Lab Setup: Hardware or Software?
To answer our initial question, the best setup is, well, it depends. Really on your preference for the joy of seeing a beautiful rack of hardware or the ease and budget-friendly option of software. Both will let you practice anything you’ll need to do or most CCNP tests — none of which will require you to touch any hardware. Hopefully the best option for you is clear by now after we’ve explored both options.
The important thing now is that you commit to a choice and start the actual hard work of hitting the books, good luck in your CCNP pursuits!