So, back to the CCNP lab stuff. I've already discussed some of the considerations for the BCMSN and ONT exams in this blog during the past 3-4 weeks. Today, I'll begin to examine the ISCW exam, which means we'll look at the configuration topics for the exam, and in this case, focus on IOS versions and feature sets.

First, a quick review of the ISCW exam topics shows quite a variety of features. After reviewing the exam topics and doing a little research, two important items seemed to leap to the forefront:

• A lot of topics use Security Device Manager (SDM) for configuration - which in turn requires 12.3T/12.4 IOS
• IOS Intrusion Prevention System (IPS) wasn't in the good 'ol Firewall features sets.

So, I decided that support for SDM is a must for prepping for ISCW, which means a minimum version of 12.3T/12.4 (at least according to the feature navigator). Also, since IPS was the only feature that I researched that wasn't in the "IP/FW/IDS Plus IPSEC 3DES" feature set (say that 3 times fast), I figured that was a good area of compromise if you don't have the ability to upgrade existing gear. The reasoning is that maybe some of the older (cheaper) routers could support that feature set, but not some of the newer ones like Advanced Security, so I figured it was worth a little comparison shopping. (For the list of feature sets that support IOS IPS, look here.)

(OK, disclaimer time - this is all to the best of my knowledge, and it's up to you to obtain IOS images per the legalities of your maintenance contracts and relationships with Cisco, etc etc etc.)

So, I did the usual - find the configuration items listed in the exam topics, looked at the course lab guide for other clues, and made a list of features to look for in the Cisco Feature Navigator (www.cisco.com/go/fn). Here's what I came up with; granted, I left out a few smaller topics just to shorten this NP-incomplete algorithm for looking for things in the feature navigator:

• PPPoE
• PPPoA
• IPSEC
• GRE
• EZ VPN Client
• EZ VPN Server
• AutoSecure
• CBAC
• AAA
• SDM
• IPS

After looking at these feature sets, for 12.4 and 12.4T, here's what I found:

IP/FW/IDS/ Plus IPSEC 3DES: It supports everything in the list except IPS.

Advanced IP Services and Advanced Security: They've got it all.  

Also, for perspective, note that the ISCW course materials suggested 2800 series routers with Advanced IP Services.

Where does that leave us? Well, we've got some pretty robust feature sets that'll support most or all of what's needed. From here, we might want to consider other feature sets, and of course we want to look at platform support. So:

• What other feature sets do you think might be a good compromise solution? Particularly, any that run on older routers?
• What platforms can support these feature sets? I'll get to that in the next post.

Cheers!