Building a LAB (1/n)

Having a LAB environment can be quite useful when you want to test our certain features or ideas, or simply for studying.

The problem is that it can be time consuming getting the environment up and running before you start doing what you intended in the first place.
For example, I just got a hold of a pair of Cisco FirePower 2110 appliances, and I want to play around a bit with ISE and Active Directory, but I currently don’t have ISE or Active Directory set up in our LAB that I can utilize right away.

My previous lab setup was wiped a year ago, and as I’m building a new environment with a coworker I’m going to [try to] document what we do.

The first challenge is deciding what we plan on testing in the nearby future:
(The list is somewhat based on what test/demo equipment we already have access to.)

  • FirePower (VPN, user IDs for access policies, etc.)
  • 802.1x (old style, IBNS 2.0, certificate authentication, ?SGTs?, …)
  • WiFi stuff (identity PSKs, some other stuff (this is not my field so I have no idea)
  • Maybe: f5, DUO, Cisco ESA.

So, what components do we need (at least to start with):

  • FirePower 2110
  • WLC + APs
  • L3 capable switch
  • additional L2 switch (can also use the L3 switch to start with.)
  • Some virtual machines for AD, ISE, FMC, and something else.

We sketched up a diagram that looked like this:







What we need to do next is probably:

  • Deciding on an IP range for subnets etc.
  • Deciding on VLANs
  • Finding the hardware needed (FirePower, WLC, switches, and racking it up.)
  • Connecting the firepower to the Internet
  • Connecting to the UCS (we already have a compute platform in place for lab/testing)
  • Deciding on a domain name identifier for the Active Directory

Let’s see how this goes.

Leave a Comment