There doesn’t seem to be many serious responses here. My recommendations

Find a consultant who 1) knows his/her stuff, 2) you trust, and 3) is willing to sit with you and explain what they are doing, why they are doing it, and review your work when you make changes (preferably before the changes are made). You don’t want to be learning from someone who is wrong and you will need someone to fall back on when things get really hairy (and they will, I promise). You also need to set expectations with the consultant early. They need to understand your intention is to manage the network yourself and not rely on them 100%. Consultants often are reluctant to release passwords to someone if they believe you will only screw stuff up and then likely blame them for the failure (though not to imply that a consultant would ever forcibly withhold passwords). They need to know up front this will be a dual-managed environment and have an accurate understanding of your expectations of them.

I highly recommend a few structured professional training courses. Go to their training facilities for the classes (minimize distractions while learning). Wait till you are a little more experienced before trying online at home courses. For intro level network stuff, nearly any vendor will do. Pick one and roll with it. Just don’t get too caught in certifications. They are great and all but won’t give you what you need to run a network. You need *practical* knowledge. Save the certifications for when you want to leave this job.

Consume any information you can: books, podcasts, YouTube How-To’s, etc. Just remember, trying to find time during what will soon be your very busy schedule to read books and play in your lab will be tricky. Hence the structured professional training above. CCNA books are considering to be a good starting point. Just remember, these only teach fundementals. When it comes to "how will this router react when I make this change", those answers take time and experience to learn.

As for the lab, get a minimum of two switches, two routers, and two firewalls. They should match or be smaller versions of what you have in production wherever possible (if the lab doesn’t closely represent production, it won’t help much when you try to reproduce problems or test solutions). This will give you enough to build most typical network scenarios. Beyond that, it’s a crapshoot on lab gear. When it comes to hardware vendors, buy what fits your need. I don’t personally care if it’s Cisco, HP, Brocade, or Bob’s Networking Stuff. I would encourage keeping the total number of manufactures low in order to maintain manageability but which manufactures you choose is a business question only you and your company can answer.

of AltertNIC? http://en.wikipedia.org/wiki/AlterNIC

What's the easiest way to find out who/what is using an a network port? Disable/unplug the port and wait for someone to call in and complain. This might be the same mentality at work, just a little larger scale.

...I am still trying to find a way to get desktop support techs to read the error messages.

Ponder this scenario... a convicted and registered sex offender living in state that has not passed a similar law visits a social network site. While the offender's data packets are in transit across the Internet, they are passed through a router residing in a state that has passed such a law, e.g. Illinois. Has that person suddenly unwittingly committed a crime and is now prosecutable in IL for the violation? Admittedly, this is an extreme scenario but far from unimaginable (and easily abused, especially if the social networking site's web servers physically reside in a state with a similar law). While it is admirable that the state of Illinois is pushing laws with intent to further protect its state's children (I am making an assumption that this is their true intent), state laws just do not scale well when applied to a system as large and dynamic as the Internet (technically, neither do national laws but that is a discussion for another article on another day).