CCNA Lab Setup

I recently started studying for the CCNA exam and though that it would be cool to have some physical gear to play with as well. It turns out there are quite a few affordable (relatively) options to do this.

This instructable outlines the purchase, construction, and setup of my lab.

There are many options and configurations, you should build only what you need and can afford. There are also much richer simulators available online; Packet tracer from Cisco and NetSim from Boson to name but a few. I just really wanted to get my hands on some real "iron", thus my lab was born.

My base was a kit from eBay, for around $300 it contained 3 routers, 2 switches, rack, and cables. Just search "CCNA Lab" on eBay and you can find many options.

Mine was similar to this one: Cisco Premium CCENT CCNA CCNP R&S SECURITY Home Lab KIT BONUS 12U Rack & DVD

There is a lot of variability in the descriptions, and many conflicting descriptions, so use care when picking your kit.

I received from the eBay kit:

• 3 Cisco 1841 Routers
• 2 Cisco 2950 Layer 2 Switches
• 4 T1 Modules
• 2 T1 Cables
• 3 Ethernet cables
• 1 Crossover cable
• 1 Console cable
• 5 Power Cables
• 1 DVD (no idea what's on it, never looked at it)
• 12U Desktop Rack, with screws and washers

I also added the following (all optional but I tend to go a little overboard):

• One switchable power strip, rack mounted (link)
• One USB Console Cable (link)
• One rack mounted shelf (link)
• Five cross-over adapters (I like to just use straight through cables everywhere and use the cross over adapter when a cross over is needed) (link)
• One Cisco 4-port Ethernet card (link) I may order more of these, as I got a lot of congestion on the T1 links (1.5Mbps)

I also purchased a number of flat network cables, I like the flat cables for shorter runs, I also bought mostly CAT6 cable so I can used them for other uses around the house. For this gear, CAT5e is perfectly fine (and even overkill) since that is cheaper and easier to find. But I must say that flat cable rock!

• Ten 6-inch Flat CAT6 Ethernet Cables (link)
• Ten 12-inch Flat CAT6 Ethernet Cables (link)
• Eight 18-inch Flat CAT6 Ethernet Cables (link)
• Six 24-inch Flat CAT5e Ethernet Cables (link)
• One 7-foot Flat CAT6 Ethernet Cable (link) - this one connects to the house network switch

I have my existing windows 10 PC that I'm using for console access, but I also wanted to have some hosts on the network to test pings, sniff traffic, etc. I decided to use Raspberry Pi 2's as they are a capable, relatively inexpensive platform.

My purchases for the compute side of the lab were this:

• Four Raspberry Pi 2 Model B (link)
• Four Micro SD Cards (8Gb is the minimum, I usually use 16Gb for no good reason) (link)
• One 4-layer Raspberry Pi case (link)
• One HDMI KVM (link)
• Four 18-inch USB A to B cables (link)
• Four 18-inch super think HDMI cables (link)
• Six 12-inch Micro USB cables (link)
• One 5-port USB power supply (link)
• A keyboard/mouse (link)

Note:I bought an IOGear KVM, but it sucks with the Pi, so caveat emptor. I currently use it to switch the video, but I have to move the wireless keyboard/mouse dongle manually. Also, the KVM cables were super bulky and way too long, so I bought shorter and thinner HDMI and USB cables.

And finally to hold all the pieces, parts, cables, adapters, and a few tools, I purchased a storage box:

• Plano Molding 1363 Stow-N-Go (link)

Some notes on putting this together:

• The rack doesn't need to be perfectly straight (I had one corner that wouldn't stay on the table). Once the weight of the gear is in the rack, all the corners will be flush with the surface and stable.
• I had to mount the power supply one hole up from the very bottom as the rack is angled and I wanted to ensure that I had room to add and remove power cords easily.
• For most devices, I used the bottom hole of the bracket (or ear) of the device. The due to the angle of the rack, the weight of the device is counterbalanced against the top of the bracket, so thus far a single screw at the bottom of the bracket has worked for me.
• For each screw into the rack I had this order: 1) Rack 2) Washer 3) Device bracket 4) Screw

1. The base rack is the first to be put together. It's pretty simple, although I waited to fully tighten the screws to try and get the frame as square as possible. Once the rack is totally assembled, fully hand tighten the screws.
2. Now it's time to start adding gear. You should think about the order you want to mount your gear. I knew I wanted my shelf on top, and decided to place the power strip at the very bottom (well, one hole up from the very bottom). I recommend mounting that first and ensure you have enough room for power cables and power adapters. Get this one right first, changing it later will be a pain.
3. I put the routers next. Ensure you leave gaps between equipment for cable management where needed. The routers will actually go in "backwards" so that the majority of the ports are facing the front of the rack. With the routers you should see the port for the power cable.
4. Next the switches can be mounted. My switches didn't have the rack mounting brackets (ears) attached. The kit came with some generic metal brackets and screws that were fairly easy to mount on the switches and then mount the switches. With the switches you mount them "front facing" so you see the Ethernet ports to the front of the rack. With the switches, you should NOT see the console or power cable ports (they will be facing the back of the rack).
5. The last rack mount in my lab was the shelf. This one was a little tricky given that the rack is angled. If the shelf is mounted (normally) anything round would roll of the shelf behind the rack and the gear. Since I wanted to put the raspberry pi's there and the occasional screwdriver, I needed a flat shelf. This was accomplished with the remaining washers.
   • I first screwed in the bottom bolt just enough for the threads to grab.
   • I then added five washers to the top screw as show in the picture and screwed in the bolt just enough for the threads to grab.
   • I then tightened the bottom screw in most of the way.
   • I then tighened the top screw in all the way.
   • By balancing the tension with the top and bottom screw you can get the shelf pretty level.

Once all the network gear is racked and the shelf in place.

1. Put the Raspberry Pi's into the cases, in my instance i used a stackable 4-layer case to keep everything as compresses as possible.
2. Use the USB A to B, and HDMI Cables to connect each Pi's Video and one USB port to the HDMI KVM.
3. Use a wire wrap to secure the USB Power Supply (optional)
4. Run 18-inch micro USB cables from the USB power supply to each Raspberry Pi's power connection.

I decided on a design that wasn't too complex, but incorporated many of the things I've learned so far with the first half of the CCNA Routing and Switching course I've been taking online (thanks PuralSight!).

My Network has the following:

• 3 VLANs: 10, 20, and 30 (plus the default VLAN 1 which I move off of)
• The following networks:
  • 10.10.0.0/16 associated with VLAN 10
  • 10.20.0.0/16 associated with VLAN 20
  • 10.30.0.0/16 associated with VLAN 30
  • 10.100.0.0 carved out with /30's for point to point ranges
• A port trunk from switch 2 to router 3 for VLAN's 10 and 20
• A port trunk from switch 2 to switch 1 for VLAN 30
• A port trunk from switch 1 to Router 2, with Router 2's interface being 10.30.0.1/16
• A management interface on switch 2 of 10.10.0.2/16
• A management interface on switch 1 of 10.30.0.2/16
• A .1q interface on Routers 3 FastEthernet 0/0 of 10 with address 10.10.0.1/16
• A .1q interface on Routers 3 FastEthernet 0/0 of 20 with address 10.20.0.1/16
• A point to point link from Router 3 to Router 2 on interfaces F0/1 on both routers
• A point to point link from Router 3 to Router 1 on interfaces S0/1/0 on both routers
• A point to point link from Router 2 to Router 1 on interfaces S0/1/0 and S0/0/0 respectively
• OSPF with ID 10, area 0 on all routers
• All routers and switches with NTP to my domain controller at 192.168.0.215
• All routers and switches logging syslog to my syslog server at 192.168.0.80
• An up-link to my home network (and the internet) on Router 1 on interface F0/0 with address 192.168.0.12/24
• Gateway of last resort on Router 3 set to 192.168.0.50 (my wireless access point and NAT to the Internet)
• Raspberry Pi 01 at 10.10.0.10/16 (on VLAN 10)
• Raspberry Pi 02 at 10.20.0.10/16 (on VLAN 20)
• Raspberry Pi 03 at 10.30.0.10/16 (on VLAN 30 on Switch 2)
• Raspberry Pi 05 at 10.30.0.11/16 (on VLAN 30 on Switch 1)

Note: To reach this network structure from your home network you'll need to add a static route on each PC, or configure your NAT device (your wireless access point or your cable modem) to use a static route. My home wireless access point (WAP) allows static routes, so this was the path of least resistance and also allows the Pi's to get to the internet (to be totally accurate, it allows the return packets to make their way back to the initiating Pi).

I wanted to have a single 10.0.0.0/8 route, but my WAP would only accept /16 routes, so I added the above mentioned four routes 10.10, 10.20, 10.30, 10.100 all /16's with a next hop of 192.168.0.12 (the address of Router 1 that's connected to the unmanaged switch for my home network.)

If you don't need to get to the internet with the Pi's you can add a static route to each PC you need to talk to your lab. This can be done on Windows 10 like this:

1. Open an elevated command prompt
2. route -p add 10.0.0.0 mask 255.0.0.0 192.168.0.12
3. Ping 10.100.0.1 (once Router 1 is configured) to see if you're up any running

You'll need some or all of the following software.

These can be installed on the PC you'll be accessing the network devices from:

1. PuTTY - The universal standard for Serial, Telnet, and SSH access.
2. Tftpd64 - A light weight syslog server and tftp client.
3. Wireshark - A nice sniffer for network traffic debuging and analysis, also available for the Pi's.
4. SD Formatter 4.0 - A basic formatter for your SD Cards.
5. NOOBS - The OS bits for the Raspberry Pi

Wire all devices as shown in the Design diagram.

From the top:

1. Pi01 plugged into Switch2 switchport 3
2. Pi02 plugged into Switch2 switchport 9
3. Pi03 plugged into Switch2 switchport 18
4. Pi04 plugged into Switch1 switchport 18
5. Switch2 switchport 17 plugged into Switch1 switchport 17 - crossover cable or crossover adapter required!
6. Switch2 switchport 1 plugged into Router3 interface F0/0
7. Switch1 switchport 1 plugged into Router2 interface F0/0
8. Router3 interface F0/1 plugged into Router2 interface F0/1 - crossover cable or crossover adapter required!
9. Router3 interface S0/1/0 plugged into Router1 interface S0/1/0 - use T1 cable
10. Router2 interface S0/1/0 plugged into Router1 interface S0/0/0 - use T1 cable
11. Router1 interface F0/0 plugged into unmanaged home network switch, any port.

The files associated with this step can configure the routers and switches as depicted in the Design diagram.

In the file anything in the file with ******* must be replaced with a user name, password, or domain name.

Make sure you ping test as you build these out, it's better to find mistakes as you're building each device than to configure all and then start troubleshooting.

Prerequisites:

• Download the software mentioned on the Software step.
• Review the setup video on raspberrypi.org (link)

1. Prep the SD Cards
   • On a PCformat the SD card using the SD Formatter utility
   • Copy all the files from the Noobs download to the SD Card (no imaging utilities, just plain old file copy)
   • Repeat for four SD Cards
2. Install Noobs on each Raspberry Pi
   • Power on all Pi's
   • Connect using the KVM to the first Raspberry Pi
     1. Change the Host Name:
        • Open a Terminal window
        • sudo raspi-config
        • Select "Boot Options"
          • Select "Desktop Autologin"
        • Advanced Menu
          • Change Hostname
          • Pick a name, I used "Pi01"
        • Select Finish
        • Say yes to reboot
     2. After reboot, add static IP address:
        • Open a Terminal window
        • sudo nano /etc/network/interfaces
        • Update the eth0 line and the follow lines so it looks like this:
          • iface eth0 inet static
          • address 10.10.0.10
          • netmask 255.255.0.0
          • network 10.10.0.0
          • broadcast 10.10.255.255
          • gateway 10.10.01
        • Save the file:
          • CRTL+X
          • Yes
     3. Update the DNS server:
        • sudo nano /etc/resolv.conf
        • replace or add the following lines to signify your DNS server. If you don't have a local DNS server you can use 8.8.4.4 for Google's secondary public DNS server address.
          • nameserver
          • nameserver 8.8.8.8
        • CRTL+X
        • Yes
     4. Reboot the Pi for changes to take effect:
        • sudo reboot
     5. Validate the config:
        • From a terminal prompt run "ifconfig" to verify IP address
        • Ping local gateway
        • Ping 8.8.8.8
        • Ping yahoo.com
        • If all return a ping you're good to go
     6. Repeat on remaining Pi's using new host name, IP address, and network settings as appropriate.
3. Optional step if your network is connected to the internet

   • sudo apt-get update (Update is used to resynchronize the package index files from their sources. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list. An update should always be performed before an upgrade or dist-upgrade.)

   • sudo apt-get upgrade (Upgrade is used to install the newest versions of all packages currently installed on the system from the sources enumerated in /etc/apt/sources.list. An update must be performed first so that apt-get knows that new versions of packages are available.)

   • sudo apt-get install dnsutils (Installs basic DNS tools like NSLookUp)

   • If you want to install wireshark, a good tutorial can be found at http://donsthinktank.blogspot.com/2015/07/wireshark-raspberry-pi.html