CCNA Security Lab Equipment 640-554

The release of 640-554 CCNA Security in early 2012 brought along new exam topics. One of the biggest additions is the knowledge of using Cisco Configuration Professional and the introduction of the Cisco ASA.

What equipment does a candidate need to successfully practice and pass the exam? Can you use GNS3?

There are a few ways you can tackle this:

Real Hardware

I like using real routers, switches, and firewalls. It’s close enough to the real world. For the CCNA Security, 640-554, you may need to make an investment. Here’s what I used.

  • Two Cisco 1841 routers – You may be able to get a good deal on Ebay between $150-200 each. You want to run at least IOS 12.4 with 64MB of Flash memory and 192MB of RAM. Different labs require specific images.
  • Three Cisco switches – 3550 worked for me – Be sure to run IOS version 12.4. You’ll need to correct images to run certain labs, such as SSH.
  • One Cisco ASA 5505 – I got my ASA for $250. Try using the “Best Offer” on Ebay. You’ll be surprised how low some sellers will go. Running version 8.4 will be needed for the exam.


You can get by with GNS3 but the only downside is not being able to emulate switches. You can emulate routers and an ASA and then purchase switches online.

It is possible to run CCP alongside GNS3 which I will table for a different blog post. The majority of my labs were ran on GNS3 unless I labbed with my ASA.

Total Cost

I purchased one Cisco 1841 (the other is a loaner), one Cisco 3550, two Cisco 2950s, and one Cisco ASA 5505 all on ebay. My cost is broken down to:

1841 – $130
ASA 5505 – $250
3550 – $125
Two 2950s – $90

Total: $595

The cost may appear high but I can squeeze this equipment into the CCNP R&S and possibly use the ASA 5505 for the CCNP Security.

Keep in mind, all of the hardware I purchased needed upgraded images. My routers also needed upgraded Flash cards, which is a trivial process.

Related Posts

About Rowell Dionicio

I am Rowell Dionicio, a network engineer with a coffee addiction, an advocate of WordPress, with a passion about networking and wireless. I am part of the Cisco Champion program and my purpose is to help you become a better engineer. Follow me on Twitter, LinkedIn, Facebook and YouTube.

  • John

    Hi Rowell, I have all devices listed here. Will you be able to share your topology/setup of your CCNA-S lab?

    • Rowell

      Hi John,

      I didn’t have any specific topologies. What I would do is replicate a private network. I created a network within my home network and just ensured I was able to reach the Internet. From inside the firewall I would run through some of the examples in the textbooks. I followed along as best I could with the book.

      Take the blueprint and try to do every item in the blueprint. Once you’re comfortable with one objective, go on to the next.

      Another book that helped, but I didn’t use the whole book, was the CCNA Security Lab Manual. There are some topologies in there but like I said, I only did a few of them.

      I connected a router to my Macbook Pro, started up a Windows virtual machine and used Cisco Configuration Professional. You should become familiar with the GUI and how to do certain things. You can get Cisco Configuration Professional on Cisco’s website.

  • Justin

    What IOS version would you suggest?

    Is IOS 15.1 Advanced Security enough? Or should I aim for the enterprise version?

    • Rowell

      That should be good enough although I think the exam focuses around 12.4. I couldn’t find evidence if that on the blueprint. As long as 15.1 has the features in the blueprint you will be ok.