securebytes.net
← All projects

PROJECT — ACTIVE

Network Design Lab

May 6, 2026

The lab I use for network design, validation, and the things I want to break before they touch a customer environment. Cisco Modeling Labs runs on the Proxmox cluster with a 20-node Personal license. EVE-NG handles non-Cisco vendors, starting with Fortinet.

Platform

Cisco Modeling Labs covers most of the Cisco stack I see in customer environments:

  • Routing — IOSv, IOS XRv 9000, CSR1000v, Catalyst 8000V, IOL XE
  • Switching — IOSvL2, IOL XE Switch, Catalyst 9000v (Q200 and UADP), Nexus 9000v
  • Wireless — Catalyst 9800 Wireless Controller for Cloud
  • Security — ASAv, Firepower Threat Defense (FTDv), Firepower Management Center (FMCv)
  • Catalyst SD-WAN — Manager, Controller, Validator, vEdge, Edge
  • Identity & AAA — ISE, FreeRADIUS, TACACS+
  • Observability & Traffic — Splunk Enterprise, ThousandEyes Agent, Syslog NG, TRex traffic generator, WAN Emulator
  • Linux — Ubuntu, Alpine, Tiny Core for endpoints, services, and Docker workloads

EVE-NG covers non-Cisco vendors. Currently Fortinet FortiGate, with Juniper planned.

What’s running

L3 BGP Hot Cut — BGP migration topology for practicing live cutover work. Mirrors the customer onboarding and route policy migration I did at Cogent, with the freedom to break it on purpose.

securebytes-failure-series-01 — Failure injection topology. Convergence behavior under partial peer drops and asymmetric paths. The point is to see how a design fails before it ships.

L2 — HSRP active and standby, STP root election, VLAN segmentation, port-channel trunking.

Akwaaba Tech Solutions Lab V2 — Multi-site enterprise topology with distribution-layer redundancy.

FTD lab and v2 — Cisco Firepower NGFW iterations.

Fortinet lab — FortiGate policy, NAT, and VPN topologies on EVE-NG.

Network Automation Lab — Test environment for the Ansible work happening on the homelab platform. Configuration drift detection, idempotency testing, rollback rehearsal.

What’s next

  • More multi-vendor interop work as Juniper comes online in EVE-NG
  • Data center fabric topologies (leaf-spine, VxLAN, EVPN) for study
  • ISE-driven 802.1X and TrustSec topologies for identity-aware segmentation work
  • Catalyst SD-WAN topology with Manager, Controller, Validator, and vEdge
  • A sanitized topology repo on GitHub once the dual-repo workflow is in place

Field notes

Topology files and configs live locally for now. A clean public reference will go up once it’s run through the same dual-repo sanitization workflow as the NOC stack rebuild.

Stack

Cisco CMLEVE-NGIOS-XRNX-OSCatalyst SD-WANISEFTDvFortinet