I am currently enrolled in a Cybersecurity boot camp (Total program length about a year). We just finished up the Network Fundamentals Unit, and it really got me thinking about setting up a home lab , both to separate my HA stuff from everything else, but also to get hands on practice on. Of course the big issue right away is cost. Naturally I turned to Ebay . What has caught my eye to start with is this switch. At that price, I cant help but feel there is some kind of gotcha waiting for me. What are you thoughts or suggestions?
Can I (at least initially while I build out) use this with my current ASUS router? If not any suggestion for Routers or access points? Any other suggestions or tips are also greatly appreciated.
Table 1. End-of-life milestones and dates for the Cisco Catalyst 2960X Fanless SKU
Milestone
Definition
Date
End-of-Life Announcement Date
The date the document that announces the end of sale and end of life of a product is distributed to the general public.
October 31, 2022
End-of-Sale Date:
HW
The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.
April 30, 2023
Last Ship Date:
HW
The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.
July 29, 2023
End of SW Maintenance Releases Date:
HW
The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.
April 29, 2024
End of Vulnerability/Security Support:
HW
The last date that Cisco Engineering may release a planned maintenance release or scheduled software remedy for a security vulnerability issue.
April 29, 2026
End of Routine Failure Analysis Date:
HW
The last-possible date a routine failure analysis may be performed to determine the cause of hardware product failure or defect.
April 29, 2024
End of New Service Attachment Date:
HW
For equipment and software that is not covered by a service-and-support contract, this is the last date to order a new service-and-support contract or add the equipment and/or software to an existing service-and-support contract.
April 29, 2024
End of Service Contract Renewal Date:
HW
The last date to extend or renew a service contract for the product.
July 26, 2027
Last Date of Support:
HW
The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete.
Relatively low cost Cisco equipment to work with. Would love to go new, but that just isn't in the budget currently. I need the POE for my hubs.. all 5 (Hubitat and Ecowitt) are on POE currently using a Mokerlink Managed POE switch that @rlithgow1 had recommended a couple years ago. So far it has worked well. Primarily I am looking at this as a way to get hand-on practice with the Cisco equipment and IOS and integrate it with what I am currently using and have option for future additions.
No, but IMHO, as a network security architect, the switch isn't the most "interesting bit" - Sure it should be a managed switch, support POE and VLANs, but that's not a high bar. - The interesting stuff is in the router/FW - That's where the magic happens (IMHO).
So if you want to learn enterprise stuff, sure Cisco and IOS makes sense (Arista seems to be an up and comer in the enterprise space), but the more important discussion is what firewall and router are you using, and ASUS definitely isn't used in any significant enterprise apllications that I'm aware of. - Cisco/Juniper routers, Palo Alto FW's, that's where the hard applications and learning's are to be had.
So a Cisco 2900 is the "old" workhorse switch of 10 years ago - We still have hundreds of them, but they are definitely "on the way out"..
Watchguard every time.... (cisco edge stuff can be a pain especially for the novice) and for what ever diety you believe in's sake.... Stay the fark away from sonicwall... Juniper's stuff is ok but costly for what it is. Aruba? Good for NAC and AP stuff as well as they're managed L2 switches and good in general price.
Since that what we were using in class that's why i decided to start with Cisco. I already figured I would also need to replace the Asus router at some point as well, just wondered if I could get started with it. Any suggestions for router or Wi-Fi access point? I know this is WAY WAY more than I need, but I'm looking to do this primarily for educational purposes.
There are hundreds of people like you that are weeks, months, years further along the education path and at the end they dump most of their stuff on eBay. As said, as long as it's a working device, you're golden for a few years. But it's the router that's going to be the basis for most learning, and then Firewall. So go low cost on that switch because it's relatively uninteresting and keep an eye out for a bargain router or firewall... is my opinion
I've been using a 48 port version of the same switch for the last 2 years, it's been the most reliable piece of network equipment I've ever owned. For 4 years prior I used a 2960S. Where you're going to need some help is with the web interface. If it's not running the latest IOS you'll get certificate errors when trying to load the web interface, and Chrome will refuse to load the interface.
Easy to fix with putty and a download of the latest IOS(you need a cisco account-free)
I agree with the others. It’s the FW/router where all the action is, as long as you have VLAN support and what other features you want (like PoE) on the switch. I’m running old HP switches myself. They just work
The web interface on those is a big security issue (well on all the catalyst switches). I don't even bother installing it for anyone... Also I think any updates are dead for EOL hardware
Oh wow, I hadn't even noticed that! Yeah. Ill definetly keep looking. Clearly I have more research to do. Router, switch, etc. still open to suggestions. Would liek to de able to find a balance between cost effective (use for the next 2-5 years) prefer to continue getting updates, as well as something i can gain hands on experience with. All suggestions and ideas are greatly appreciated !
I really only need a 24 port, but there is a small part of my brain that says go with 48 ports on the wild off chance I might need the extras some day.
2960 is what all of the labs and simulations we are doing have used (Cisco Packet tracer).
Do you have any suggestions what to look for in these?
Thank you for the encouragement! Network Fundamentals s done (and somewhat kicked my butt, hence why i want to get hands on with this). Next up is Microsoft Security admin..
For the switch I linked to? or the 2960's? so if no pdates for EOL, then it sort of doesn't really help me much then, does it?
Hey Rick, I know this is your field, so is it still a security risk within a properly firewalled homelab LAN environment? I recall turning off/deactivating some type of "anywhere access" or something like that during setup.
A known vulnerability is always going to be a security risk until it is patched. However, you can take steps to mitigate the risk of it being exploited by, for example, segmenting off the access to the vulnerability to a network with very limited access to it and ideally from it. The risk is going to be the same no matter what network it is on (a home network or an enterprise network) but the consequences of it being exploited will be different. It all comes down to your risk appetite in relation to the potential consequences.
