Cisco Virtualization Lab for Linux-Based Certification

Introduction

Many in preparation for passing Cisco exams or simply studying networks for practical exercises prefer to assemble and use a real-iron lab. In this case, one of the ways out is to buy used tsiskovsky iron on Ebay, but it will cost you more than one hundred dollars.
Others are content with using a network simulator - Cisco Packet Tracer. To prepare for CCNA, I used it. It is easy to use, convenient, does not require strong iron and is ideal for beginners. But due to limited functions, it is unsuitable for a more serious study.
If you don’t want to spend your hard-earned $$ and get devices with real iOS, then you need to look towards the use of a GNips3 network emulator based on Dynamips. Introduction to its use is alreadyis on Habré.

I’ll tell you how it can be connected to the Linux host OS (on which it is running) and the servers in VirtualBox. This greatly expands our ability to create complex topologies using Cisco routers, servers with various services in VirtualBox and Internet access through the Linux host OS.

Topology Description

In this example, I used a network of three interconnected routers R1, R2, and R3, the router models were Cisco 2651XM. R1 through the C1 cloud is connected to the native Gentoo Linux host (which runs GNS3). Let his name be gbox. Through this host, ntp time synchronization is carried out, additional files on tftp are downloaded to routers, and Internet access is available. Through cloud C2, the network is connected to a virtual machine in VirtualBox. In this case, it is Debian with FreeRADIUS installed for authentication and authorization on routers and a Syslog server for logs. It is still very good to test ACLs and firewall settings by scanning the Debian nmap from host Linux and vice versa. By the way, Debian-a packages are perfectly installed from repositories on the Internet through this whole chain.

Configuring Linux with GNS3

In order for all this farming to work, we need to take the following actions. I use Gentoo Linux, in which emerge is the command to install packages. Users of other distributions should have the same package names.

Install the tunctl utility for creating and managing TUN / TAP virtual network interfaces:

gbox $ sudo emerge usermode-utilities

Install brctl utility for creating and configuring network bridges:

gbox $ sudo emerge bridge-utils

We create and configure virtual network interfaces:

gbox $ sudo tunctl -t tap0 -u username
gbox $ sudo tunctl -t tap1 -u username
gbox $ sudo ifconfig tap0 192.168.1.3 netmask 255.255.255.0 up

tap0 - for communication with Linux, on which GNS3 is running.
tap1 - for communication through the bridge with VirtualBox guest machines.
We bind them to the cloud:


Communication with VirtualBox is via the br0 bridge, which consists of the virtual Host-only interface vboxnet0 and the already created tap1.

gbox $ sudo ifconfig tap1 0.0.0.0
gbox $ sudo ifconfig vboxnet0 0.0.0.0
gbox $ sudo brctl
addif br0 tap1
gbox $ sudo brctl addif br0 vboxnet0
gbox $ sudo ifconfig br0 192.168.3.4 netmask 255.255.255

To connect all this economy with the host Linux, it is necessary to register routing on the used subnets on it:

gbox $ sudo route add -net 10.1.1.0/24 gw 192.168.1.1
gbox $ sudo route add -net 10.2.2.0/24 gw 192.168.1.1
gbox $ sudo route add -net 192.168.3.0/24 gw 192.168.1.1

Configure routers

On all routers, you also need to register routing on subnets, well, or use dynamic routing protocols. I used the proprietary Tsisk dynamic routing protocol EIGRP. This is what the setup looks like.

R1 # conf t
R1 (config) # router eigrp 1
R1 (config-router) # passive-interface FastEthernet0 / 0
R1 (config-router) # network 10.1.1.0 0.0.0.3
R1 (config-router) # network 192.168.1.0
R1 (config-router) # no auto-summary
R1 (config-router) # exit
R1 (config) # ip route 0.0.0.0 0.0.0.0 FastEthernet0 / 0

R2 # conf t
R2 (config) # router eigrp 1
R2 (config-router) # network 10.1.1.0 0.0.0.3
R2 (config-router) # network 10.2.2.0 0.0.0.3
R2 (config-router) # no auto- summary
R2 (config-router) # exit
R2 (config) # ip route 0.0.0.0 0.0.0.0 Serial0 / 0

R3 # conf t
R3 (config) # router eigrp 1
R3 (config-router) # passive-interface FastEthernet0 / 0
R3 (config-router) # network 10.2.2.0 0.0.0.3
R3 (config-router) # network 192.168.3.0
R3 (config-router) # no auto-summary
R3 (config-router) # exit
R3 (config) # ip route 0.0.0.0 0.0.0.0 Serial0 / 0

Setting up Debian in VirtualBox

On Debian, the network address and default gateway are set:

debianbox $ ifconfig eth0 192.168.3.3 netmask 255.255.255.0 up
debianbox $ route add default gw 192.168.3.1

The final

It seems to have forgotten nothing. Now everything should work perfectly and communicate with each other. Based on this example, you can build network topologies even more and more complicated. GNS3 allows you to emulate ASA, PIX, IPS, JunOS; Simple Ethernet, ATM and Frame Relay switches; allows you to intercept packets using Wireshark. Using this software, without any extra costs, you can prepare at least for CCIE, you can study network technologies in real conditions, run configs before using them in production, and much more. I used this configuration for self-preparation for CCNA Security, which was successfully delivered. The requirements for iron are humane, for example, the considered topology works fine on my laptop with Core2Duo and 2GB of memory.

Bonus

In order for the Internet to work through host Linux (wlan0 - the external interface).

echo 1> / proc / sys / net / ipv4 / ip_forward
gbox $ sudo / sbin / iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
gbox $ sudo / sbin / iptables -t nat -A POSTROUTING -o wlan0 -j LOG
gbox $ sudo / sbin / iptables -A FORWARD -i wlan0 -o tap0 -m state --state RELATED, ESTABLISHED -j ACCEPT
gbox $ sudo / sbin / iptables -A FORWARD -i tap0 -o wlan0 -j ACCEPT

And yet, in the course of the experiments, it was found out that startup-config is not saved in the Cisco 3745 routers. This is a known issue, so be careful.