I have built a home mini CCIE-lab out of left-overs. The current hardware is:
- 3 Cisco 1811 routers (2+8 Ethernet)
- 2 Cisco 2960 switches (each 24 FastEthernet and 2 GigabitEthernet)
- 1 ASA 5505. Unfortunately DMZ-restricted.
- 1 Linksys Accesspoint (SOHO-model 54ABG)
- My Current Winddows7 PC running VmWare Workstation
The Lab is physically connected in the same way as all remote-lab-racks where the wiring is static and all logical connections are done with vlan-tagging. With this solution I can redesign the topology without moving cables, and even do it remote. Also, since there are plenty of switch ports unused, I can easily expand the lab with more hardware.
This is how it looks like:
By default, all switch ports are shutdown. By enabling them and putting them in different vlans I can rearrange the topology. Let´s say for example that I want to connect R2 to internet (my C2960-8 in the bottom), R2 inside to the firewall and R1 on the firewall inside, I will do like this:
vlan 168
name Internet
vlan 10
name R2-FW
vlan 20
name Inside
int fa0/xx (oops! Forgot to put the if on the line between c2960-8 and sw1)
descr sw1 to internet
switchport mode access
switchport access vlan 168
no shut
!
int fa0/2
descr R2 fa0 to internet
switchport mode access
switchport access vlan 168
no shut
!
int fa0/12
descr R2 fa1 to firewall outside
switchport mode access
switchport access vlan 10
no shut
!
int fa0/xx (oops!)
descr ASA outside
switchport mode access
switchport access vlan 10
no shut
!
int fa0/xx (oops!)
descr ASA inside
switchport mode access
switchport access vlan 20
no shut
!
int fa0/1 (oops!)
descr R1 Fa0
switchport mode access
switchport access vlan 20
no shut
!
Now they´re all connected. Voila.
My current L3-setup looks like this:
These configs are saved as startup-config in all devices, and is being used as a baseline right now. With this setup I can test most basic scenarios.
All Cisco-hardware is connected from console to my windows7 serial ports (USB-2-Serial converters) so that I can control all equipment from my PC. This is also RDP-accessible so that I can access it wherever I am.
Ths Linksys-AP is just a way for me at home to be able to connect testing-clients wireless to whichever vlan I use. It is configured with a static WPA-PSK and can be moved by putting the accessport into the access-vlan of choice. Actually I haven´t used it yet. 🙂
My windows7 PC is connected statically to my home network, but it also has a second NIC (see l2-topology above). This NIC is not in use by win7 but only by vmware WS. Right now I have one virtual Win2003-server running ACS, and the access-port connected to Vlan20. By doing that I have my inside Lab ACS-server in place.
Next step is to move the pile of hardware somewhere else so that I can get my leg-space below the desk back. But that requires some long and ugly Ethernet- and USB-cabling which isn´t easily solved…
