I built a CCIE lab a while back and found the process to be a bit cumbersome. The hardware and software requirements were clear (4.0 version found HERE), but not the actual construction of a home lab. Here is an explanation of how I built my lab. This is my experience so I’m not saying it’s the right way, but its how I did it.
The first step when building my lab was deciding which lab guides I was planning to study. This way I could visit the vendor site and mirror the hardware to what they offer for rack rental. I went with IPExperts since they are pretty known and had two guide options that seemed to cover most concepts. IPExperts uses proctorlabs for rack rental so you can see the rack details via checking out the security lab at http://www.proctorlabs.com/shop. You can also find details on their racks on the ipexpert site HERE.
Next thing was purchasing a cable crimper since many various sizes of cables are needed to match all the lab guide connections. Plus I had a few very long 50+ foot cat5e cables that became 30 or so short cables once cut down. I found cheap crimper packages that included 100 connectors and tester on Amazon. The crimper quality wasn’t great, as some plastic parts broke after a few uses however it got the job done. You will defiantly want a cable tester and extra connecters since you will likely botch up a cable every so often as you hammer them out. My crimper package was around 50 dollars.
IPExpers’s rental rack lists four ASAs, nine to eleven routers, four switches and a bunch of stuff hosted off of VM such as ISE, AD, etc. After reviewing the IPExperts lab guides, I found many of the exercises didn’t need this much hardware running at the same time so you can build up a lab as you work on things rather than assuming its all or nothing. I personally like focusing on a particular technology and working through it multiple times meaning usually only a few things need to be on. For example, you may just need two ASAs and a few routers to work on the firewall sections as the guides want you to get hands on with ASA code version 8.4 and 8.2 as specified by Cisco.
To access each box, I picked up a terminal server. They are pretty cheap on Ebay (around $100 dollars). You also need two octo cables to accommodate all the hardware (16 connections) aka two DB62(M) to 8 x DB9(M) Cables. I used THIS youtube video to set it up. It took me a little trail and error via setting the octo cable to a port, accessing a device terminal and seeing if I matched the right name to device. I found using a MAC and virtual windows systems are a pain when hitting the Terminal release commands. I recommend a windows system when using a terminal server.
A lot of technology can be virtualized so I went that route for things like Identity Services Engine (ISE) and Web Security Appliance (WSA). I converted a basic laptop to ESXi server for this purpose. I have done similar things with MACMINI servers (more on that found HERE) so I recommend doing your research before proceeding. The major points to note is you will need the laptop’s network drivers since they will be lost during the install process. You can find details on this by searching google using your hardware version and ESXi.
Hardware can range from a few models for each device as long as the code is right. IPExerts uses three first generation ASAs and one second generation ASA. I went with 5510s since it’s the smallest module that isn’t vlan based like the 5505s. Routers models can very so I have a blend of 2600s and 1841s. I prefer the 1841s but you will need a larger model to be the frame-relay server. I went with four 3750-48s for my switches and found I typically only used 2 or 3 per exercise.
And that’s pretty much all she wrote. The final product can be seen in the images above. My lab is two stacks of hardware connected between two power supplies and a laptop sitting on top to host ESXI. It servers its purpose well and easy to fire up and kill as time permits study.