Linux Virtual Lab to Prepare for Cisco Certification

Introduction

Many, when preparing for the Cisco exams or simply exploring the networks for practical exercises, prefer to assemble and use a real-iron laboratory. In this case, one of the ways out is to buy second-hand ciskovski iron on Ebay, but this will cost you not one hundred dollars.
Others are content to use the network simulator - Cisco Packet Tracer. To prepare for CCNA, I used it. It is easy to use, convenient, does not require strong iron and is ideal for beginners. But due to limitations in the functions for a more serious study, it is unsuitable.
If you do not want to spend your hard-earned $$ and get devices with real IOS, then you need to look towards using the GNMS3 emulator based on Dynamips. An introduction to its use is already on Habré.

I will tell you how it can be connected to the Linux host OS (on which it is running) and servers in VirtualBox. This greatly expands our ability to create complex topologies using Cisco routers, servers with various services in VirtualBox and Internet access through the Linux host OS.


')

Topology description

In this example, I used a network of three interconnected routers R1, R2 and R3, the router models are Cisco 2651XM. R1 is connected through the C1 cloud to the Gentoo Linux native host (on which GNS3 is running). Let his name be gbox. Through this host, time synchronization via ntp, downloading additional files via tftp to the routers and accessing the Internet is carried out. Through cloud C2, the network is connected to a virtual machine in VirtualBox. In this case, it is Debian with FreeRADIUS installed for authentication and authorization on routers and Syslog server for logs. You can still test ACLs and firewall settings by scanning Debian nmap from host Linux and vice versa. By the way, Debian-a packages are perfectly installed from repositories on the Internet through this entire thread.

Configuring Linux with GNS3

In order for this agriculture to work, we need to take the following steps. I use Gentoo Linux, where the command for installing packages is emerge. Users of other distributions should have the same package names.

Install the tunctl utility to create and manage TUN / TAP virtual network interfaces:

gbox $ sudo emerge usermode-utilities

Install the brctl utility to create and configure network bridges:

gbox $ sudo emerge bridge-utils

We create and configure virtual network interfaces:

gbox $ sudo tunctl -t tap0 -u username
gbox $ sudo tunctl -t tap1 -u username
gbox $ sudo ifconfig tap0 192.168.1.3 netmask 255.255.255.0 up

tap0 - to communicate with Linux, on which GNS3 is running.
tap1 - for communication over the bridge with VirtualBox guest machines.
Bind them to the cloud:


Communication with VirtualBox is carried out through the br0 bridge, which consists of the virtual Host-only interface vboxnet0 and the already created tap1.

gbox $ sudo ifconfig tap1 0.0.0.0
gbox $ sudo ifconfig vboxnet0 0.0.0.0
gbox $ sudo brctl addbr br0
gbox $ sudo brctl addif br0 tap1
gbox $ sudo brctl addif br0 vboxnet0
gbox $ sudo ifconfig br0 192.168.3.4 netmask 255.255.255.0 up

To connect this whole economy with the Linux host, it is necessary to prescribe the routing to the used subnets on it:

gbox $ sudo route add-net 10.1.1.0/24 gw 192.168.1.1
gbox $ sudo route add-net 10.2.2.0/24 gw 192.168.1.1
gbox $ sudo route add-net 192.168.3.0/24 gw 192.168.1.1

Configuring routers

All routers also need to register routing on a subnet, well, or use dynamic routing protocols. I used the proprietary tsiskovsky protocol of dynamic routing EIGRP. Here is the setting.

R1 # conf t
R1 (config) # router eigrp 1
R1 (config-router) # passive-interface FastEthernet0 / 0
R1 (config-router) # network 10.1.1.0 0.0.0.3
R1 (config-router) # network 192.168.1.0
R1 (config-router) # no auto-summary
R1 (config-router) # exit
R1 (config) # ip route 0.0.0.0 0.0.0.0 FastEthernet0 / 0

R2 # conf t
R2 (config) # router eigrp 1
R2 (config-router) # network 10.1.1.0 0.0.0.3
R2 (config-router) # network 10.2.2.0 0.0.0.3
R2 (config-router) # no auto-summary
R2 (config-router) # exit
R2 (config) # ip route 0.0.0.0 0.0.0.0 Serial0 / 0

R3 # conf t
R3 (config) # router eigrp 1
R3 (config-router) # passive-interface FastEthernet0 / 0
R3 (config-router) # network 10.2.2.0 0.0.0.3
R3 (config-router) # network 192.168.3.0
R3 (config-router) # no auto-summary
R3 (config-router) # exit
R3 (config) # ip route 0.0.0.0 0.0.0.0 Serial0 / 0

Configuring Debian in VirtualBox

On Debian, the network address and default gateway are set:

debianbox $ ifconfig eth0 192.168.3.3 netmask 255.255.255.0 up
debianbox $ route add default gw 192.168.3.1

The final

It seems to have forgotten nothing. Now everything should work fine and communicate with each other. Based on this example, you can build network topologies even more and more difficult. GNS3 allows you to emulate ASA, PIX, IPS, JunOS; simple Ethernet, ATM and Frame Relay switches; allows you to intercept packets using Wireshark. Using this software, you can even prepare for CCIE without any extra costs, you can study network technologies in real conditions, run in configs before use in production and a lot more. I used this configuration for self-preparation for CCNA Security, which was successfully handed over. The requirements for the humane hardware, for example, the considered topology works fine on my laptop with Core2Duo and 2GB of memory.

Bonus

In order to work the Internet through the host Linux (wlan0 - external interface).

echo 1> / proc / sys / net / ipv4 / ip_forward
gbox $ sudo / sbin / iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
gbox $ sudo / sbin / iptables -t nat -A POSTROUTING -o wlan0 -j LOG
gbox $ sudo / sbin / iptables -A FORWARD -i wlan0 -o tap0 -m state --state RELATED, ESTABLISHED -j ACCEPT
gbox $ sudo / sbin / iptables -A FORWARD -i tap0 -o wlan0 -j ACCEPT

And yet, during the experiments it was found that the startup-config in the Cisco 3745 routers is not saved. This is a known issue, so be careful.