How to build a Network Home Lab

Every profession has its tools. As network engineers, we need network devices. Not only to build production networks but also to study and build labs or prototype networks. This is what we can use a home network lab for. If your goal is to pass a single exam, and that’s it, you might not want to build an entire home lab. This could be an option if networking is only part of your job. The information in this lesson about simulators and emulators should still prove useful to you.

If you want to become a networking professional, a home lab is a great investment. Your goal shouldn’t be to pass one or a few exams but to be a lifelong learner. A decent home lab will help you throughout your entire career. You can try out anything in your lab without messing things up. Do you run into an issue at work that you can’t figure out? Instead of testing something on a production network, you can rebuild the problem in your own lab. Want to learn something new? Build it. You can build anything and tear it down.

You could say that it’s the responsibility of your employer to supply a lab, especially when you are dealing with expensive equipment. However, it’s your responsibility to learn new technology and to get rid of knowledge gaps. One major advantage of networking over other professions is that we can learn a lot in our lab, without leaving the comfort of our home and without the risk of messing things up on a production network.

Your home lab should be easy and convenient to work with. If it’s a hassle, you are not going to use it. A home lab is not something you build once and are done with it. Instead, throughout the years, you’ll add and remove hardware.

In this lesson, I’ll give you an overview of what is required to build a home network lab. We’ll answer questions like:

• Should I buy hardware like routers or switches or use a simulator or emulator?
• What hardware should I buy?
• Is this router or switch suitable for CCNA/CCNP/CCIE?
• What emulator should I use?
• What software do I need?

I will explain your options and the advantages and disadvantages of each option. Let’s dive in!

Hardware

Nowadays, you can virtualize many network devices. Vendors supply many Virtual Network Functions (VNF). For example, Cisco has these virtual devices:

• CSR1000v
• Firepower NGFWv
• ASAv
• vEdge Cloud

However, not everything can be emulated. Some things work better on real hardware. I’ll explain this further in the switches section. You don’t want to waste time figuring out whether an issue you run into is caused by a simulator, emulator, or misconfiguration.

Let’s look at some hardware options.

Cisco

Let me explain how to figure out what hardware you could buy. This might take some time, but it’s a valuable skill. You’ll need to figure out what hardware you can use if you want to study for a CCNA, CCNP, or CCIE exam but also if you need to design a production network.

You’ll need two items:

• The blueprint of the exam you want to study for. For example, here is the CCNA blueprint.
• Cisco’s Feature Navigator.

You can find what features are supported by the different router and switch models. For example, I can see whether MACsec is supported on specific IOS (XE) versions of the 3560CX and 3850:

You can look up any feature, model, and IOS version to see whether it is supported or not.

Licensing

Licensing can be complex, as explained in the IOS licensing lesson. Even if it’s a home lab, you should have legitimate licenses. On older Cisco equipment, it was easy to download an image that included all required features. Newer devices come with all features, but you need licenses to unlock or activate them. Your employer might have a support contract with Cisco; you might be able to obtain licenses through them. If you buy used hardware, check what licenses the device has.

Switches

Switches use ASICs to perform some tasks in hardware instead of software. This is why some things work better on real switches than emulated ones. An example is IGMP snooping. You can configure this on emulated switches, but you’ll get some strange results.

If you want to practice Quality of Service (QoS)  you could use an emulator and see “hits” on your access-lists. But if you want to see real traffic patterns, you should use real hardware. You’ll also need real hardware if you want to test features like VSS or Stackwise. Switches are also useful when you need Power over Ethernet (PoE) for your IP phones or wireless access points.

Many switch models are available with 8, 16, 24, or 48 ports. The 8-port models usually make less noise than the models with more ports. If you buy real switches, I would get at least three. This allows you to test protocols like spanning tree without any issues.

Routers

Routers are easier to virtualize than switches. Most protocols that you can configure on routers don’t require ASICs as we do on switches. If you get real hardware, I would suggest getting three routers. You’ll need at least two routers to route packets between your routers, but some scenarios require at least three routers. For example, OSPF DR/BDR.

Servers

Besides networking equipment, you will have to run some software. This could be a simulator or emulator, but there are some other applications like iPerf or FreeRADIUS that are useful in a lab. We’ll talk about this more in the software section. Let’s look at some hardware options to run software like this.

PC / Laptop

You could use your PC or laptop but a dedicated server is a better solution. Here are three reasons:

• You might spend days on some labs and larger topologies. Shutting down and restarting your work all the time is a pain.
• Some labs require a lot of CPU cores and memory. For example, a SD-WAN topology with multiple routers requires 10 CPU cores and ~32GB of memory.
• A dedicated server might have extra NICs that you can connect to your switches and routers.

What dedicated server(s) should you get? Let’s take a look.

Decommissioned Servers

Technology improves and servers have an end-of-life (EOL). Companies decommission these servers. This is a great opportunity to get a server for your lab. There are a couple of things you have to think about:

• Form factor: Servers come in tower or rack format. We’ll talk about racks in the server rack section.
• Power: Some servers draw a lot more power than your average laptop or computer.
• Noise: Many rack servers are designed for data centers where physical space is limited. These servers use small high-RPM noisy fans.
• Heat: Depending on the power draw some servers can generate a lot of heat.

Two popular server vendors are:

• Dell: The R610 or R710 servers are popular.
• HP: The ProLiant servers are popular.

Remote Management

You don’t want to walk to your server every time you want to power it on, reboot it, or install new software. Your server should support remote management. This allows you to remotely:

• Power on or off your server.
• View the screen and use a virtual keyboard and mouse.

Some remote management tools allow you to remotely mount an ISO file so that you can install an operating system on your server. Some examples of remote management software are:

• Dell: IDRAC
• HP: ILO
• Supermicro: IPMI

Intel NUC

The Intel NUC is a mini PC but has capable hardware. These systems don’t require much power, don’t make a lot of noise, and don’t take up much space.

Since the 7th gen NUCs, some intel NUCs offer AMT vPro: Intel AMT (Active Management Technology). This allows you to remotely manage and control your Intel NUC. An Intel NUC is a great choice for a home lab.

Raspberry Pi

The Raspberry Pi is a popular option. You see these often in home labs. They are inexpensive and don’t draw much power. Hardware is limited though. They can be useful for applications that don’t require much CPU power, memory, networking bandwidth, and I/O. A disadvantage of the Raspberry Pi is that they use SD cards for storage. These are prone to errors when it loses power or you write too much data.

A dedicated server with virtual machines (VM) and containers is easier to work with.

CPU and Memory requirements

How many CPU cores and how much RAM do you need? This depends on what you want to run. Here is an overview of the requirements for different virtual network devices:

A small lab with three CSR1000v routers and three IOSv2L2 switches requires 6 CPU cores and ~8GB of memory. Some labs require a lot of CPU cores and memory. For example, the SD-WAN controllers require about 8 CPU cores and ~20GB of memory.

Console / Terminal Server

If you are working with network devices then you’ll use have to use the console to configure the device. Cisco devices have the blue console cable. Other vendors use similar connections.

When working with your lab, you don’t want to move your console cable from one device to another. Depending on your hardware choices, you might want to move your lab to a location like your attic or basement where the noise and heat don’t bother you.

It’s easier to have a central device that you connect to, which has console cables to all the network devices you want to work with.

You could build something yourself using a Raspberry Pi or buy a Cisco Terminal Server. This works, but you’ll also waste time tinkering and getting your terminal server to work.

It’s better to get a dedicated console server. These are appliances that are expensive when you buy them new, and very inexpensive when you buy a decommissioned one.

I’m using an Avocent ACS 6032. You can use regular UTP cables as console cables, which is very convenient as you don’t have to create your own cables.

You can access all the console ports either through telnet, SSH, or a GUI. Here are some other console servers you can look into:

• APC AP9303
• Digi CM32

Power Distribution Unit (PDU)

If you put your lab in another location, you don’t want to go there every time you want to power on or off your lab. A power distribution unit (PDU) is a device with multiple power outlets that you can control remotely and individually through a GUI, telnet, or SSH.

Like console servers, PDUs are expensive when you buy them new and cheap when you buy decommissioned ones. There are horizontal and vertical models. Here is a picture of an APC vertical PDU:

UPS

You don’t really need a UPS unless you live in an area where power outages are common. If you do, get a UPS with a maximum runtime of 5-10 minutes. That should be enough to save your work before you lose power. If you buy a used UPS, make sure the battery is still in good condition.

Topology

If you buy real hardware, you need to think about the topology you are going to use. You could re-cable everything from scratch every time you want to create a lab but that becomes a hassle.

Physical

I suggest connecting your switches in a triangle like this:

If you have four switches, connect them in a square:

Connecting your switches like this allows you to mess around with spanning- tree and etherchannels without having to re-cable anything.

Connect other network devices like your routers to your switches:

Most routers have two built-in Ethernet interfaces. This physical topology allows you to practice almost anything without having to re-cable your lab.

Logical

Our physical topology allows us to create any logical topology needed. For example, using VLANs or sub-interfaces I could create this topology:

The physical topology looks like this:

Once you build a logical topology, you can save the configurations of your routers and switches on the NVRAM. This allows you to quickly re-use a logical topology in the future.

Cabling

If you have a larger lab, you might want to use a label printer that supports cable wrap labels. For example, I use a DYMO Rhino industrial 5200 label maker. It takes 30 seconds to print and attach a label but you’ll save time later down the road when you have to identify your cables.

The more devices you have, the more cables you have. I have like 6-8 UTP cables to a single server. Having to follow the UTP cable is a pain. If you have a cable wrap label on both ends, you can quickly identify the cable. I use a random 4-digit hexadecimal value.

Server Rack

If you only have a few devices, it’s OK to stack them on top of each other. With a larger lab, you might want to consider a server rack.

A server rack is designed to organize and hold IT equipment. Server cabinets are similar to server racks but they are enclosed with doors and side panels. For a home lab, I prefer an open relay rack because it makes it easier to access everything. You’ll see server cabinets in data centers because of optimal airflow.

Besides rack servers, there are some other options like a desktop open-frame rack mount or wall mount:

Server racks are measured in “U”. One rack unit (1U) is 44.45 mm or 1.75 inches. Rack-mountable devices usually specify the height in U. For example, a 1U server, or a 2U network router. A full-size server rack is usually 42U.

For equipment that doesn’t come in rack-mountable options, you can use a rack shelf:

If you look for a server rack, be aware of the depth. Most network devices like routers, switches, and firewalls fit any rack. Devices like servers or data center switches are usually much deeper. For example, a Cisco catalyst 3850 switch is about  ~44 cm / 17 inches deep. A Cisco Nexus 5548 switch is ~75 cm / 29.5 inches deep.

I have a StarTech open relay rack with an adjustable mounting depth of 22 to 40 inches.

Buying

Last but not least. Where do you buy (used) hardware? eBay might be the most familiar option. In the US, there’s craigslist. I would also keep an eye on auction sites. Sometimes, you can find deals under the radar and obtain equipment cheaper than what you would normally pay for if you buy it from websites where people are familiar with prices.

Software

Enough about hardware for now. Let’s take a look at the software.

Simulators

Simulators “simulate” Cisco IOS (or other operating systems) so that you can practice with configuration, show, and debug commands. A simulator doesn’t run the real operating system, it only mimics the commands and outputs. As long as you try something that is within the boundaries of the simulator, it’s all good. If you want to go one step further than what the simulator offers, you are out of luck. Two examples of simulators are Boson’s Netsim and Cisco’s Packet Tracer. A simulator can be useful if you only use it for one particular goal. For example, Cisco’s Packet Tracer was created for those studying for the CCNA exam.

Emulators

An emulator is more advanced than a simulator because it runs the actual operating system on different hardware. Emulators are a great option, either as your main lab component or as an addition next to your real hardware.

Let’s look at some emulators.

GNS3

GNS3 is one of the first emulators. The first version was based on Dynamips, a Cisco router emulator. Dynamips is able to emulate the Cisco 1700, 2600, 2691, 3600, 3725, 3745, and 7200 routers. These routers are old nowadays and you can’t run the latest Cisco IOS images on them anymore. GNS3 has improved over the years. Nowadays, you can emulate network devices from over 20 network vendors, including recent Cisco images. The software is free.

You can run it on your own computer and there are installers for Windows, Linux, and Mac.

GNS3 is a great choice if you never tried an emulator before and want to try something on your local computer.

Cisco CML

Cisco’s first emulator was known as VIRL. Later, they rebranded VIRL to Cisco Modeling Labs (CML). Running Cisco IOS software on non-Cisco devices is a legal gray area. With Cisco CML, you have a legal option to run Cisco software for your lab. Cisco CML is not free. As of writing, it costs $199 for an annual license. If you want to try it, you can use the sandbox for free for 4 hours. It has a web-based GUI where you can click and drag nodes to a canvas to create a topology:

CML works great but only includes a selection of Cisco images:

These images come with Cisco CML, so you don’t have to look for images yourself and upload them. Running anything else besides these built-in images is difficult. Also, you need to run this on a dedicated machine or in a VM. Cisco CML is a great choice if:

• You don’t want to mess around looking for images and trying to get them to work in your emulator.
• The supplied images are enough for 99% of your labs.
• You want a “legal” solution because running Cisco images on non-Cisco hardware is an issue because of copyright.
• You have a dedicated machine or can create a VM for it.

EVE-NG

EVE-NG is an emulator that supports many vendor images. Like Cisco CML, it is web-based, and you can use the GUI to create topologies. You can create topologies with devices from Cisco, Juniper, Aruba, Fortinet, and more. You can also run virtual machines and Docker containers. There is a free version and a paid (pro) version for $150. The pro version is worth it because it has some useful features such as :

• Wireshark capture integration,
• Docker support
• Change connections on devices in your topology without shutting them down.

It’s more affordable than Cisco’s CML and easier to work with than GNS3 if you ask me. Like Cisco CML, you need to run this on a dedicated machine or in a VM.  EVE-NG is a great choice if:

• You want to run topologies with devices from different vendors.
• You want to run different images.
• You don’t mind looking for images and adding them to EVE-NG yourself.
• You have a dedicated machine or can create a VM for it.

ContainerLab

Containerlab was originally created by Nokia engineers and has a different approach. Emulators such as GNS3, Cisco CML, or EVE-NG have a GUI where you create topologies. Containerlab uses the CLI to orchestrate and manage labs. Most of these labs are based on (Docker) container images. Labs are defined in YAML files. For example:

name: leafspinecisco
topology:
  nodes:
    spine1:
      kind: cisco_n9kv
      image: vrnetlab/vr-n9kv:10.2.7
    spine2:
      kind: cisco_n9kv
      image: vrnetlab/vr-n9kv:10.2.7
    leaf1:
      kind: cisco_n9kv
      image: vrnetlab/vr-n9kv:10.2.7
    leaf2:
      kind: cisco_n9kv
      image: vrnetlab/vr-n9kv:10.2.7
    leaf3:
      kind: cisco_n9kv
      image: vrnetlab/vr-n9kv:10.2.7
  links:
    - endpoints: ["spine1:eth1", "leaf1:eth1"]
    - endpoints: ["spine1:eth2", "leaf2:eth1"]
    - endpoints: ["spine1:eth3", "leaf3:eth1"]
    - endpoints: ["spine2:eth1", "leaf1:eth2"]
    - endpoints: ["spine2:eth2", "leaf2:eth2"]
    - endpoints: ["spine2:eth3", "leaf3:eth2"]

Containerlab supports many different images from Nokia, Juniper, Cisco, Dell, Arista, Palo Alto, Check Point, Aruba, and more. What I like about Containerlab is its Infrastructure as code (IaaC) approach where everything is defined in code. This makes it suitable for DevOps and automation where you can use containerLab in your pipelines to automatically start/configure/stop entire topologies.

I would recommend trying Containerlab if:

• You are familiar with the CLI, IaaC, and YAML and want a solution without a GUI.
• You are looking for automation.
• You don’t mind tweaking and spending a bit more time learning.

Miscellaneous

There is some useful software that you can use for your lab. Here are some examples:

• Syslog server: You’ll need one if you want to send syslog messages from your network device to an external server,
• LibreNMS: If you want to test SNMP, this is one of your best options.
• OpenVPN: Great solution if you want to access your lab from outside of your own network.
• FreeRADIUS: If you want to test AAA and 802.1X.
• TFTP server: Want to store your configuration files somewhere else? A TFTP server does the job.

Virtualization

About two decades ago, we ran a single operating system on physical hardware:

Nowadays, thanks to virtualization, a single server has plenty of CPU power and memory so that we can easily run multiple operating systems simultaneously:

On top of our physical hardware, we run a hypervisor. This allows us to create virtual computers (servers) called virtual machines (VM). A good hypervisor to start with is VMWare’s ESXi. There are two reasons:

• You can download ESXi for free.
• Many vendors supply images that you can easily import into ESXi.

I use VMs to run some of the tools I described earlier but I also use them as “host” or “desktop” devices. I have different Linux and Windows VMs.

Another virtualization option is containers. In a nutshell, a container is a pre-built “package” that contains an application and its dependencies. Containers run on top of a container engine, which runs on top of an operating system. A popular container engine is Docker.

A huge advantage of containers is that it only takes a few seconds to test an application. Instead of installing an application yourself, you only need to download and run the container. For example, let’s say you want to test FreeRADIUS. You could use this container. You only need to run this single-line command to start it:

docker run --name my-radius -d freeradius/freeradius-server

That’s it. One line and FreeRADIUS is up and running. This saves so much time when you want to try something in your lab. With containers you don’t have to worry about installing software yourself.

Network Documentation

Documentation is not the most exciting topic for most of us but it’s important. In the short term, it takes a few extra minutes to write down your thoughts. In the long term, you save time. I recommend taking notes of everything you learn. I also recommend taking notes for your lab:

• Create network diagrams of how everything is connected.
• Write down MAC addresses and IP addresses.
• Write down VLANs.
• Write down how to start useful Docker containers.

To create notes and documentation, I recommend Obsidian. It’s free and the ability to link notes to each other is great. To draw network diagrams, you could use:

• Draw.io
• Creately
• LucidChart
• Excalidraw
• Microsoft Visio
• Google Draw

I prefer Excalidraw because it integrates nicely with Obsidian. Make sure that you use a tool that allows you to edit your images later. If you create an image and only save it as a JPG or PNG, it will be difficult to edit it later.

Conclusion

That wraps up this lesson about building a network home lab. I hope this is helpful for you to build your own home lab.

Of course, any home lab lesson is not complete without a picture of my current home lab (on the left):

Here’s what I have from top to bottom:

• Cisco 3850 switch
• Avocent ACS 6032 console server
• 2x ASA 5515-X
• Checkpoint firewall
• WatchGuard Firebox M200
• Juniper SRX300
• Cisco WLC 2514
• Rack shelf with 5x Raspberry Pi
• ESXi server (2U case with Supermicro X11SDV motherboard and intel Xeon-D CPU)
• 4x Cisco ISR4331 router
• 4x Cisco 3850 switch
• 4x Cisco Nexus 5548 switch
• 2x Cisco Nexus 2248 fabric extender

I hope that this lesson is useful to build your own home lab. Do you miss anything? If you have any questions or suggestions, please leave a comment below.