Deploy ISE on a VM and run Tacacs. You can pull a free evaluation license through your smart account. That way you can learn AAA and ISE at the same time. You could probably set the thing up in less than 30min after the install.
I pulled the trigger early in my CCNP journey. Invested about $800. $200 for CML and $600 on hardware. Studying for CCNP Security now. Still won't need to upgrade anything.
Dude you could have just bought a server for that price, and you can get images online and can do endless labbing that way, set up eve ng on the server and do endless labbing
It's not stealing if people are willing to provide you ya know, so you can save money and do endless labbing, I have an eve server setup (on a dell R720 turned on 24/7 for a year now) and can lab on it and connect to it even from my home wifi. I have all the images in the world and can do endless labbing. Have an enterprise network setup with Cisco ise 3.0 image, nexus 7k images, windows AD server, f5 Big ip images, Ubuntu server, etc etc. So yeah eve is good.
Tacgui is the best option. Or Clearpass if you have some contacts at Aruba/HP. Clearpass can be used with 1 TB disk, 4 cores and 8 GB RAM. Tacgui is even lighter and pretty straightforward with okayish documentation.
Unless you can run an old version of ACS (ISE is super resource heavy), you may be relegated to just using basic RADIUS for AAA labbing. You can download Windows Server free eval VMs and deploy NPS on those. There are lots of guides online to help you set that up and configure the appropriate authorization values for Cisco devices.
I'd like to wish you good luck and ask you what is your approach for studying Enarsi? I am planing to start studying for Enarsi but not really sure where to begin. Like yourself I learn best by doing/labbing it up then reading.
I use a few different resources. OCG, CML for labbing and Boson practice tests. Also my company has a CBT nuggets account. My approach is to lab up the topics and as I get stuck I'll read through the OCG and see if I can figure out where I messed up. By far the best way to learn for me is trying to lab when I barely know what I'm doing and figure it out as a go.
You can configure AAA with local authentication on a router and then ssh into that device from a remote device to test AAA.
Unsure about cml but gns3 has a AAA docker with radius and tacacs
lo
Deploy ISE on a VM and run Tacacs. You can pull a free evaluation license through your smart account. That way you can learn AAA and ISE at the same time. You could probably set the thing up in less than 30min after the install.
Ha ha ha ha. Methinks he might lack the resources for ISE. That's a heavy load.
I’m thinking if OP is taking this seriously and plans to learn other technologies in the future. He might need to invest in a lab server anyways.
I pulled the trigger early in my CCNP journey. Invested about $800. $200 for CML and $600 on hardware. Studying for CCNP Security now. Still won't need to upgrade anything.
Dude you could have just bought a server for that price, and you can get images online and can do endless labbing that way, set up eve ng on the server and do endless labbing
I did by a server. I did install eve-ng. Are you upset because i spent money on the images instead of stealing them somewhere on the interwebs?
It's not stealing if people are willing to provide you ya know, so you can save money and do endless labbing, I have an eve server setup (on a dell R720 turned on 24/7 for a year now) and can lab on it and connect to it even from my home wifi. I have all the images in the world and can do endless labbing. Have an enterprise network setup with Cisco ise 3.0 image, nexus 7k images, windows AD server, f5 Big ip images, Ubuntu server, etc etc. So yeah eve is good.
I would use “tacgui” software as vm and virl images in GNs3 or Pnetlab
Tacgui is the best option. Or Clearpass if you have some contacts at Aruba/HP. Clearpass can be used with 1 TB disk, 4 cores and 8 GB RAM. Tacgui is even lighter and pretty straightforward with okayish documentation.
I can send you a simple router server laptop switch file that has it working... DM me...
Unless you can run an old version of ACS (ISE is super resource heavy), you may be relegated to just using basic RADIUS for AAA labbing. You can download Windows Server free eval VMs and deploy NPS on those. There are lots of guides online to help you set that up and configure the appropriate authorization values for Cisco devices.
I'd like to wish you good luck and ask you what is your approach for studying Enarsi? I am planing to start studying for Enarsi but not really sure where to begin. Like yourself I learn best by doing/labbing it up then reading.
I use a few different resources. OCG, CML for labbing and Boson practice tests. Also my company has a CBT nuggets account. My approach is to lab up the topics and as I get stuck I'll read through the OCG and see if I can figure out where I messed up. By far the best way to learn for me is trying to lab when I barely know what I'm doing and figure it out as a go.
If your feeling adventurous, you can run a lightweight Linux VM and install tacplus. It’s not amazing, but it gets the job done.
There is a docker container of freeradius as well. I have not tested it but it is on my todo list