We connect GNS3 topology to Cisco dCloud
The development of virtualization technologies has made it possible to make training IT professionals much more accessible. 10 years ago, in order to get acquainted with the new OS or deploy a laboratory infrastructure for testing, you had to look for hardware, now it is enough to deploy one or more virtual machines.
But the technology and the desire of manufacturers to increase sales do not stand still. Currently, for testing and demonstration of their products, many companies offer free test benches, the so-called hands on labs or HOL. I know of such solutions from Microsoft , VMWare and Cisco . The test stands of the latest company will be discussed in my article.
Cisco dCloud appeared in 2013. I was lucky to find out about him at one of the Cisco Learning Club events. dCloud has one interesting feature that distinguishes it from the decisions of other companies. If you are limited to a sandbox in Microsoft HOL or VMWare, then Cisco allows you to connect to the test bench network using a VPN (AnyConnect or Easy VPN). And here we have ample opportunities for training, preparing for certification or testing of various network solutions. For example, in order to play with a bunch of Cisco Prime Infrastructure and Cisco ISE, you will need at least 16 GB of RAM for virtual machines and not everyone has such free resources. Cisco dCloud allows you to connect to a test bench in which you have already deployed Cisco PI, ISE, MS AD, and more.
')
To connect to the Cisco demo cloud, we will need either a PC with an installed AnyConnect client or a Cisco router from the list . But, you see, not everyone will be able to find a Cisco piece of hardware at home, and it’s not always convenient to fence iron stands at home. However, no one forbids us to use GNS3 or Unetlab in conjunction with IOU for these purposes.
I will try to briefly describe the process of connecting the GNS3 topology to the dCloud test bench with the help of the L3 IOU image.
The first step is to release the L3 IOU image to the Internet. There are enough instructions on this topic on the net, so there should be no difficulties with this. As a result, we have a topology of the following form:
Next, you need to register our L3 image in dCloud. Go to the menu "My Dashboard", expand the panel "My Endpoint Routers" and click the button "Register New Endpoint Router".
In the window that appears, enter “Nickname” - the display name of the router in the dCloud console, “Router Model” - the model of the router (only affects the composition of the generated configuration file, I stopped at 2911), “Router Serial Number” - you can fill in with an arbitrary sequence of characters and click button “Next”.
Download the proposed configuration file for our router. We will not use all the proposed configuration, we will use only the minimum necessary parameters to configure the client ezvpn connection.
Below I give the minimum necessary configuration in the part of setting up a client ezvpn connection to dCloud. You must first configure access to the Internet and dns client on your IOU image.
We order one of the demo stands and wait until the virtual infrastructure is ready (usually takes from 15 to 30 minutes). When the stand is deployed, we raise the vpn tunnel.
Now we can use infrastructure elements and services from the dCloud stand demo. For example, add our IOU images to Cisco Prime Infrastructure for centralized management or use the Cisco ISE + AD cloud bundle to prepare for the updated CCNP Security track.
But the technology and the desire of manufacturers to increase sales do not stand still. Currently, for testing and demonstration of their products, many companies offer free test benches, the so-called hands on labs or HOL. I know of such solutions from Microsoft , VMWare and Cisco . The test stands of the latest company will be discussed in my article.
Cisco dCloud appeared in 2013. I was lucky to find out about him at one of the Cisco Learning Club events. dCloud has one interesting feature that distinguishes it from the decisions of other companies. If you are limited to a sandbox in Microsoft HOL or VMWare, then Cisco allows you to connect to the test bench network using a VPN (AnyConnect or Easy VPN). And here we have ample opportunities for training, preparing for certification or testing of various network solutions. For example, in order to play with a bunch of Cisco Prime Infrastructure and Cisco ISE, you will need at least 16 GB of RAM for virtual machines and not everyone has such free resources. Cisco dCloud allows you to connect to a test bench in which you have already deployed Cisco PI, ISE, MS AD, and more.
')
To connect to the Cisco demo cloud, we will need either a PC with an installed AnyConnect client or a Cisco router from the list . But, you see, not everyone will be able to find a Cisco piece of hardware at home, and it’s not always convenient to fence iron stands at home. However, no one forbids us to use GNS3 or Unetlab in conjunction with IOU for these purposes.
I will try to briefly describe the process of connecting the GNS3 topology to the dCloud test bench with the help of the L3 IOU image.
The first step is to release the L3 IOU image to the Internet. There are enough instructions on this topic on the net, so there should be no difficulties with this. As a result, we have a topology of the following form:
Next, you need to register our L3 image in dCloud. Go to the menu "My Dashboard", expand the panel "My Endpoint Routers" and click the button "Register New Endpoint Router".
In the window that appears, enter “Nickname” - the display name of the router in the dCloud console, “Router Model” - the model of the router (only affects the composition of the generated configuration file, I stopped at 2911), “Router Serial Number” - you can fill in with an arbitrary sequence of characters and click button “Next”.
Download the proposed configuration file for our router. We will not use all the proposed configuration, we will use only the minimum necessary parameters to configure the client ezvpn connection.
Below I give the minimum necessary configuration in the part of setting up a client ezvpn connection to dCloud. You must first configure access to the Internet and dns client on your IOU image.
ip access-list extended acl-vpn-initiate permit ip 10.64.0.0 0.63.255.255 198.18.0.0 0.1.255.255 crypto isakmp keepalive 10 periodic crypto ipsec client ezvpn ToDemo connect acl acl-vpn-initiate ctcp port 443 group dcloud-ipsec key Sup6pSup6p local-address Ethernet0/0 mode network-extension peer dcloud-emear-ipsec.cisco.com peer dcloud-rtp-ipsec.cisco.com peer dcloud-apjc-ipsec.cisco.com peer dcloud-chi-ipsec.cisco.com username <username_from_config> password <password_from_config> xauth userid mode local interface Ethernet0/0 ip virtual-reassembly in crypto ipsec client ezvpn ToDemo no shut ! interface Ethernet0/1 ip address 10.72.159.49 255.255.255.240 ip virtual-reassembly in ip tcp adjust-mss 1000 crypto ipsec client ezvpn ToDemo inside no shut ! We order one of the demo stands and wait until the virtual infrastructure is ready (usually takes from 15 to 30 minutes). When the stand is deployed, we raise the vpn tunnel.
Now we can use infrastructure elements and services from the dCloud stand demo. For example, add our IOU images to Cisco Prime Infrastructure for centralized management or use the Cisco ISE + AD cloud bundle to prepare for the updated CCNP Security track.
Source: https://habr.com/ru/post/271223/
All Articles