Topdog.za.net http://www.topdog.za.net A bored sysadmin Fri, 26 Feb 2016 10:06:56 GMT Blogofile hourly 1 How to setup a Cisco Lab on Linux (Centos 5.2) http://www.topdog.za.net/2008/08/17/how-to-setup-a-cisco-lab-on-linux--centos-5.2- Sun, 17 Aug 2008 18:23:00 SAST http://www.topdog.za.net/2008/08/17/how-to-setup-a-cisco-lab-on-linux--centos-5.2- How to setup a Cisco Lab on Linux (Centos 5.2) Background

I recently decided to study for the Cisco CCSP certification. My main concern in the beginning was the fact that most of the lab simulation software that i found out there could only run on Windows, this was a problem for me given the fact that i do not own a windows computer.

After a quick search i found the wonderful Dynamips project that goes beyond what other simulators do by running actual Cisco IOS images, as well as the PEMU project which allows for running of Cisco PIX and images. To integrate the various pieces of software and provide an interface for interaction with the devices i used dynagen

Prerequisites

You will need Linux command line skills as well as working knowledge of Cisco IOS/PIX, Please NOTE that you will have to provide your own Cisco IOS/PIX images, do not send me any messages requesting images.

Software Installation

These instructions are based on Centos 5.2 but can easily be adapted for use on other Linux systems. Given the fact that we are using an rpm based system we will install all our packages as rpm's instead of source given the advantages of package management. All the above mentioned projects (Apart from pemu) have source rpm's which can be obtained and compiled. I obtained and compiled the source rpm's which you can download from my site, you can how ever obtain the source rpm's and compile on your own should you want to. I built my own rpm for PEMU which you can download.

The above rpms are signed using my key so you will be able verify them

 wget http://www.topdog-software.com/oss/roundcube/andrew_topdog-software.com_key.txt
 rpm --import andrew_topdog-software.com_key.txt

Now on to the installation.

Dynamips

This is the main component that provides the Cisco IOS emulator as well as PEMU wrapper

 rpm -Uvh http://www.topdog-software.com/oss/dynamips/dynamips-0.2.8RC2-1.i386.rpm

Dynagen

This is the interface to the dynamips software, it provides a simplified ini type configuration, frame-relay, built in switch, bridge as well as a management CLI.

 rpm -Uvh http://www.topdog-software.com/oss/dynagen/dynagen-0.11.0-1.noarch.rpm

PEMU

This is the Cisco PIX emulator which allows you to run the PIX images.

 rpm -Uvh http://www.topdog-software.com/oss/pemu/pemu-0.0.1-20070420.i386.rpm

Sample Lab

For our sample lab i will setup a LAB from the SNPA module as this will enable us to see both IOS and PIX in action. But first lets start the services :

 service dynamips start
 service pemu start

Extract the images as they will boot faster.

 unzip snrs.bin 
 cp C3640-JK.BIN /var/lib/pemu/images/snrs.bin
 unzip asa722-k8.bin
 cp target/f1/pix /var/lib/pemu/images/pix

For this lab we will use this dynagen ini file so create a file /tmp/snpa.net with the following content

autostart = false
model = 3640
ghostios = true
sparsemem = true
[localhost]
workingdir = /var/lib/pemu
        [[3640]]
        image = /var/lib/pemu/images/snrs.bin
        #idlepc = 0x60ba8df4
        [[router inside]]
        # This router will be on the "inside" of the firewall
        # Connect this router's e0/0 interface to fw1's e1 interface
        e0/0 = fw1 e1

        [[router outside]]
        # This router will be on the "outside" of the firewall
        # Connect this router's e0/0 interface to fw1's e0 interface
        e0/0 = fw1 e0

        [[ethsw s1]]
        1 = access 1
        # Bridge the below interface to allow fw1's e2 interface access to real networks
        # e.g. for using ASDM from a PC to manage the firewall, change the interface to
        # reflect your system
        2 = access 1 NIO_gen_eth:eth1
[pemu localhost]
        [[525]]
        #for pix 7 & 8
        serial = 0x1234568
        key = 0xffffffff,0xffffffff,0xffffffff,0xffffffff
        image = /var/lib/pemu/images/pix
        [[fw fw1]]
        # Connect the firewall's e2 interface to the virtual switch, which will bridge it
        # to the real network
        e2 = s1 1

Now that we have everything in place lets connect to the dynagen console and interact with our lab environment.

 dynagen /tmp/snpa.net

You will be presented with the following prompt

Reading configuration file...

Network successfully loaded

Dynagen management console for Dynamips and Pemuwrapper 0.11.0
Copyright (c) 2005-2007 Greg Anuzelli, contributions Pavel Skovajsa

=>

Lets look at the options that are available on the dynagen console, type the familier ? command

=> ?

Documented commands (type help <topic>):
========================================
capture  confreg  cpuinfo  export  hist    list  py      save   show   suspend
clear    console  end      filter  idlepc  no    reload  send   start  telnet
conf     copy     exit     help    import  push  resume  shell  stop   ver

=>

Lets list the devices available in our lab environment using the list command

=> list
Name       Type       State      Server          Console
inside     3640       stopped    localhost:7200  2000
outside    3640       stopped    localhost:7200  2001
fw1        525        stopped    localhost:10525 4000
s1         ETHSW      always on  localhost:7200  n/a
=>

Lets start the devices

=> start outside
100-VM 'outside' started
=> start inside
100-VM 'inside' started
=> start fw1
100-PEMU 'fw1' started
=>

To improve performance of our devices, we set the idlepc values for the various devices

=> idlepc get inside
Please wait while gathering statistics...
   1: 0x605a39c8 [61]
   2: 0x605a3a40 [25]
   3: 0x604fd014 [78]
   4: 0x604fd044 [64]
   5: 0x6048daa0 [80]
   6: 0x604fe168 [75]
*  7: 0x604fe584 [59]
   8: 0x604fe734 [46]
   9: 0x604fe75c [49]
Potentially better idlepc values marked with "*"
Enter the number of the idlepc value to apply [1-9] or ENTER for no change: 7

Repeat the above for all the devices you want to set idlepc values for.

Other sample labs

You can find other sample labs in the /usr/share/doc/dynagen-0.11.0/sample_labs directory.

Console Access

Okay we are up and running, but i bet you are asking well and good but how do i console in and begin working with the device ? Each of the devices you started will provide you with console access on a port, to see which device is on which port use the list command in the dynagen console.

So as we see the inside router can be consoled to on port 2000 so lets go ahead and check it out.

 telnet localhost 2000

The first time you should be presented with the following screen

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Connected to Dynamips VM "inside" (ID 0, type c3600) - Console port

% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]:

Next lets connect to the PIX console

 telnet localhost 4000

Press enter and you should be presented with the following screen

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.

pixfirewall>

GUI version

For those who prefer using a GUI to setup the labs, you can take a look at the GNS project, i have not used it personally as i prefer using the command line.

Acknowledgements

Thanks to the developers of these helpful projects please consider making donations to these projects if you can.

]]>