In this article, we will cover the hardware you will need to build your own CCNA Security 640-553 lab. The really cool thing about the CCNA Security lab is you probably have equipment from your CCNA lab. Much of that equipment can be used in your CCNA Security lab. So without further ado, let’s start to figure out the best way to build our CCNA Security Lab.

We should probably open up by covering some of the differences between the CCNA 640-802 and the CCNA Security 640-553 exam. First and foremost, the CCNA Security exam puts a much greater emphasis on SDM(Security Device Manager) and less on the CLI(Command Line Interface). Next, the CCNA Security exam covers many topics only from a SDM perspective. So get very comfortable with SDM! All that said, if you made it this far in your Cisco career, I think you will find the SDM GUI interface quite easy to use compared to remembering all the levels and syntax of the CLI interface.

How Many Routers for my CCNA Security Lab?

The lab kits we offer for CCNA Security use either two or three routers and the same number of switches. In our Standard CCNA Security Lab Kit we use two routers and two switches. In our Premium CCNA Security Lab Kit we use three routers and three switches. In building your CCNA Security lab, the first thing you need to consider is picking up a router that can support the IOS with the feature set to cover the exam objectives. Many students assume that the older 2500 or 2600 non-XM series routers which support IP/FW/IDS Plus or IPSEC 3DES will do the job. Although they can cover some of the CLI topics, the first issue is that they do not support zone-based firewalls or IPS. The second issue is that they do not support SDM. Since much of the exam covers SDM, these routers are not really a viable option.

Standard CCNA Security Lab Topology 1

Standard CCNA Security Lab Topology 2

Premium CCNA Security Lab Topology

What Routers Will Work and Why?

So what routers will work? The most economical router we suggest is the 2600XM series router. These routers will support the 12.4 Advanced IP Services feature set which supports zone-based firewalls and IPS. They also support SDM. You are also going to want to make sure they have 256MB DRAM and 48MB Flash so you can run the proper IOS and SDM. Otherwise you will find out that you can’t run both as you don’t have enough memory. So it looks like we have a winner! As a side note, you can also use the 1800 platform such as an 1841, but we find that these are still a bit too expensive for a lab environment.

So why does our Standard CCNA Security Kit only have two routers and switches whereas our Premium CCNA Security Kit has three routers and switches? Well our Premium CCNA Security kit follows the Cisco Academy topology and labs. You get the Cisco Academy CCNA Security Lab Workbook in that kit to follow with and you also get the CertificationKits CCNA Security Lab Workbook as an added bonus to help reinforce your CCNA Security concepts. Since we had a lot of students ask for a cheaper version of the CCNA Security Lab Kit, we developed our very own CCNA Security Lab Workbook with 35 labs using only two routers and two switches. This kit also covers you base CCNA certification. So it is really a great value and you get both the CertificationKits CCNA and CCNA Security Lab Workbooks.

What About Switches for my CCNA Security Lab?

Finally from a switch perspective the 2950 switches are the way to go for most people. The 2960 switches are what are suggested by Cisco, but the 2950 covers all the test concepts and commands except the Dynamic ARP Inspection feature is missing. In my opinion, it is not worth about $350 extra per switch for that one command.

What About ASA(Adaptive Security Devices) Like the ASA 5505?

Well most large companies are not really going to use a 2611xm running a firewall feature set as their Internet edge router. The 2611xm is a good low cost router to get experience on the features and concepts, but I am sure you want more. So what can you do to get "real world" experience? I am glad you asked. We have created another lab workbook focused specifically on the Cisco ASA 5500 devices(this lab workbook will also work on the PIX firewalls too!).

ASA 5500 Lab Topology

So your next logical step would be to check out our ASA 5500 & PIX Firewalls Demystified! Lab Workbook. It covers 25 different real world PIX and ASA 5500 series scenarios. How to setup ASA Security Levels, a DMZ with multiple internal zones, site to site VPNs and much, much more! This is where you really start to have some fun in your CCNA Security Lab!

For many more CCNA Security articles and videos, we highly suggest you subscribe to our Premium CCNA Content section of our website. Here you will find access to over 350 CCNA, CCNA Security and CCNA Voice articles explaining the most difficult concepts to master. That is not it, you will also have access to over 100 CCNA, CCNA Security and CCNA Voice labs found no where else. Not even in our lab workbooks that we sell. They are only available to our CCNA Premium Content subscribers. But there is more! You also get access to over 60 videos and tons of games to make your CCNA studies fun such as exam questions, flash cards, CCNA Hangman, Jeopardy, Million Dollar Question and much more!

Also please take advantage of our Test Question of the Day service. Have a CCNA, CCNA Voice or CCNA Security exam question sent to your inbox daily with detailed explanations on why each answer is right or wrong.