Connecting the GNS3 Topology to Cisco dCloud
The development of virtualization technologies has made the training of IT specialists much more affordable. Even 10 years ago, in order to get acquainted with the new OS or deploy a laboratory infrastructure for testing, I had to look for hardware, now it’s enough to deploy one or more virtual machines.
But technology and the desire of manufacturers to increase sales do not stand still. Currently, for testing and demonstration of their products, many companies offer free test stands, the so-called hands on labs or HOL. I know such solutions from Microsoft , VMWare and Cisco . The test stands of the latest company will be discussed in my article.
Cisco dCloud appeared in 2013. I was fortunate enough to learn about him at one of the Cisco Learning Club events. dCloud has one interesting feature that distinguishes it from the solutions of other companies. If in HOL from Microsoft or VMWare you are limited to the sandbox, then Cisco allows you to connect to the network of the test bench using a VPN (AnyConnect or Easy VPN). And here we have great opportunities for training, preparing for certification or testing various network solutions. For example, in order to “play around” with a bunch of Cisco Prime Infrastructure and Cisco ISE, you need at least 16 GB of RAM for virtual machines and not everyone has such free resources. Cisco dCloud allows you to connect to a test bench in which Cisco PI, ISE, MS AD, and much more are already deployed.
To connect to the Cisco demo cloud, we need either a PC with the AnyConnect client installed or a Cisco router from the list . But, you see, not everyone can find a Cisco piece of iron at home, and it’s not always convenient to make iron stands at home. However, no one forbids us to use GNS3 or Unetlab in conjunction with IOU for these purposes.
I will try to briefly describe the process of connecting the GNS3 topology to the dCloud test bench using the L3 IOU image.
The first step is to release the L3 IOU image on the Internet. There are enough instructions on this topic in the network, so there should not be any difficulties with this. As a result, we get a topology similar to the following:
Next, you need to register our L3 image in dCloud. Go to the “My Dashboard” menu, expand the “My Endpoint Routers” panel and press the “Register New Endpoint Router” button.
In the window that appears, enter “Nickname” - the displayed name of the router in the dCloud console, “Router Model” - the model of the router (affects only the composition of the generated configuration file, I stopped at 2911), “Router Serial Number” - you can fill it with an arbitrary sequence of characters and click Next button.
Download the proposed configuration file for our router. We will not apply the entire proposed configuration, but we will use only the minimally necessary parameters to configure the client ezvpn connection.
Below I give the minimum necessary configuration in terms of setting up client ezvpn connection to dCloud. First you need to configure access to the Internet and dns client on the IOU image.
We order one of the demo stands and wait until the virtual infrastructure is ready (usually takes from 15 to 30 minutes). When the stand is deployed we raise the vpn tunnel.
Now we can use infrastructure elements and services from the dCloud demo stand. For example, add our IOU images to Cisco Prime Infrastructure for centralized management or use the Cisco ISE + AD cloud bundle to prepare for the updated CCNP Security track.
But technology and the desire of manufacturers to increase sales do not stand still. Currently, for testing and demonstration of their products, many companies offer free test stands, the so-called hands on labs or HOL. I know such solutions from Microsoft , VMWare and Cisco . The test stands of the latest company will be discussed in my article.
Cisco dCloud appeared in 2013. I was fortunate enough to learn about him at one of the Cisco Learning Club events. dCloud has one interesting feature that distinguishes it from the solutions of other companies. If in HOL from Microsoft or VMWare you are limited to the sandbox, then Cisco allows you to connect to the network of the test bench using a VPN (AnyConnect or Easy VPN). And here we have great opportunities for training, preparing for certification or testing various network solutions. For example, in order to “play around” with a bunch of Cisco Prime Infrastructure and Cisco ISE, you need at least 16 GB of RAM for virtual machines and not everyone has such free resources. Cisco dCloud allows you to connect to a test bench in which Cisco PI, ISE, MS AD, and much more are already deployed.
To connect to the Cisco demo cloud, we need either a PC with the AnyConnect client installed or a Cisco router from the list . But, you see, not everyone can find a Cisco piece of iron at home, and it’s not always convenient to make iron stands at home. However, no one forbids us to use GNS3 or Unetlab in conjunction with IOU for these purposes.
I will try to briefly describe the process of connecting the GNS3 topology to the dCloud test bench using the L3 IOU image.
The first step is to release the L3 IOU image on the Internet. There are enough instructions on this topic in the network, so there should not be any difficulties with this. As a result, we get a topology similar to the following:
Next, you need to register our L3 image in dCloud. Go to the “My Dashboard” menu, expand the “My Endpoint Routers” panel and press the “Register New Endpoint Router” button.
In the window that appears, enter “Nickname” - the displayed name of the router in the dCloud console, “Router Model” - the model of the router (affects only the composition of the generated configuration file, I stopped at 2911), “Router Serial Number” - you can fill it with an arbitrary sequence of characters and click Next button.
Download the proposed configuration file for our router. We will not apply the entire proposed configuration, but we will use only the minimally necessary parameters to configure the client ezvpn connection.
Below I give the minimum necessary configuration in terms of setting up client ezvpn connection to dCloud. First you need to configure access to the Internet and dns client on the IOU image.
ip access-list extended acl-vpn-initiate
permit ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255
crypto isakmp keepalive 10 periodic
crypto ipsec client ezvpn ToDemo
connect acl acl-vpn-initiate
ctcp port 443
group dcloud-ipsec key Sup6pSup6p
local-address Ethernet0/0
mode network-extension
peer dcloud-emear-ipsec.cisco.com
peer dcloud-rtp-ipsec.cisco.com
peer dcloud-apjc-ipsec.cisco.com
peer dcloud-chi-ipsec.cisco.com
username password
xauth userid mode local
interface Ethernet0/0
ip virtual-reassembly in
crypto ipsec client ezvpn ToDemo
no shut
!
interface Ethernet0/1
ip address 10.72.159.49 255.255.255.240
ip virtual-reassembly in
ip tcp adjust-mss 1000
crypto ipsec client ezvpn ToDemo inside
no shut
!
We order one of the demo stands and wait until the virtual infrastructure is ready (usually takes from 15 to 30 minutes). When the stand is deployed we raise the vpn tunnel.
Now we can use infrastructure elements and services from the dCloud demo stand. For example, add our IOU images to Cisco Prime Infrastructure for centralized management or use the Cisco ISE + AD cloud bundle to prepare for the updated CCNP Security track.