INDEX
Index
gns3
lab1general
lab2vlans
Some stuff for later
Tacacs
VirtualBox

gns3

Installing

I found myself having to do an unexpected upgrade that forced me to do reinstallation of gns3. Then I found that it was not that easy as I remember it. Therefore I will document it here. This is on Fedora 14. Fedora 15 is much the same.

Install the prerequisites:

yum -y install python python-devel xorg-x11-proto-devel libXext-devel
yum -y install python sip qt4 PyQt4
ln -s /usr/bin/qmake-qt4 /usr/bin/qmake

Download GNS3 v0.8.1 tgz from http://www.gns3.net/download. Get the CISCO-simulator from the Dynamips blog Web site at http://www.dynagen.org/ get the latest latest .bin for the Linux platform. Do not use the RPM; it has a broken dependency. Go to the download direcctory and do:

chmod a+x dynamips-0.2.8-RC2-x86.bin
sudo cp dynamips-0.2.8-RC2-x86.bin /usr/local/bin
tar xvzf GNS3-0.7.4-src.tar.gz

Setting up images

When you want to use Cisco routers, you'll need router images. These images have cryptic names, but there is some logic to it. With thanks to the Routergeek (http://www.routergeek.net):

The IOS file name is usually similar to this form:

xxxx-yyy-ww.aaa-bb.bin

The xxxx is the platform. For example:
c1700For 1700, 1720, and 1750 platforms
c2600For 2600 platform
c3620For 3620 platform
c3640For 3640 platform
etcetera

The yyy gives you the feature set:
bApple talk support
bootboot image
cCommServer lite (CiscoPro)
dragIOS based diagnostic image
gISDN subset (SNMP, IP, Bridging, ISDN, PPP, IPX, and AppleTalk)
iIP sebset (SNMP, IP, Bridging, WAN, Remote Node, and Terminal Services)
k9Crypto support; needed for SSHv2
nIPX support
qasynchronous support
tTelco return (12.0)
yreduced IP (SNMP, IP RIP/IGRP/EIGRP, Bridging, ISDN, and PPP) (c1003 or c1004)
zmanaged modems
4040 bit encryption
5050 bit encryption
The ww is for the format (where the IOS file runs in the router)
fflash
mRAM
rROM
lthe image will be relocated at run time
The file might also be compressed. The following letters denote the compression type,
zzip compression
xmzip compression
w"STAC" compression
aaa-bb represent the version of the IOS. The last part of the IOS file name might contain letters like T (new feature release identifier), S (individual release number), or XR (modular packages).

At Cisco feature navigator there is a way to create your own filename based on the features you require.

Connecting your home network

GNS3 will connect to the tap-interface tap0. In Linux, you'll need to create a bridge between the ethernet and the tap-interface. That bridge allows access from the tap to the real network.

First install tunctl. And then configure the bridge:

sudo tunctl -t tap0
sudo ifconfig tap0 0.0.0.0 promisc up
sudo ifconfig eth0 0.0.0.0 promisc up
sudo brctl addbr br0
sudo brctl addif br0 tap0
sudo brctl addif br0 eth0
sudo ifconfig br0 up
sudo dhclient br0
sudo route add -net 10.128.0.0 netmask 255.128.0.0 gw 192.168.1.41
What this does is create a tap-interface tap0. The ethernet and tap interface are then put in promicuus mode. A bridge br0 is created and both the tap and ethernet are connected to the bridge. The bridge is configured with the IP-address that was originally on the ethernet interface and the default gateway is also added. The gateway to the 10.128.0.0 network allows me to create a large virtual network.

In gns3, the home network is represented by a cloud. Configure the cloud to have access to the tap0-interface as follows:

In the configure-dialog of the cloud, under NIO TAP, put the tap0-interface Next put a router in and connect via a fast ethernet interface. The router should get a minimum configuration for this test:

enable
config t
hostname r1
enable password secret
ip domain name home
crypto key generate rsa
1024
username netadmin password secret
ip ssh version 2
interface FastEthernet0/0
 ip address 192.168.1.41 255.255.255.0
 no shutdown
line vty 0 4
 password secret
 login local
 transport input ssh

Anyone will tell you that this is not a secure setup. It is the minimal configuration required from the console. After this, you can do the rest via ssh.

VPCs

If you want to complete the simple labs in the courses, you'll need a pc-like system that is able to do some pings. Gns3 uses vpc for that. Vpc is a very simple PC emulator.

To put a PC in gns3, first start vpcs and type sh at the prompt. This will show you something like:

NAME   IP/CIDR              GATEWAY           MAC                LPORT  RPORT
PC1    0.0.0.0/0            0.0.0.0           00:50:79:66:68:00  20000  30000
PC2    0.0.0.0/0            0.0.0.0           00:50:79:66:68:01  20001  30001
PC3    0.0.0.0/0            0.0.0.0           00:50:79:66:68:02  20002  30002
PC4    0.0.0.0/0            0.0.0.0           00:50:79:66:68:03  20003  30003
PC5    0.0.0.0/0            0.0.0.0           00:50:79:66:68:04  20004  30004
PC6    0.0.0.0/0            0.0.0.0           00:50:79:66:68:05  20005  30005
PC7    0.0.0.0/0            0.0.0.0           00:50:79:66:68:06  20006  30006
PC8    0.0.0.0/0            0.0.0.0           00:50:79:66:68:07  20007  30007
PC9    0.0.0.0/0            0.0.0.0           00:50:79:66:68:08  20008  30008

In gns3, under edit/symbol manager, add a computer with the type cloud.

Now you can drag a computer to your lab. You will need to configure the computer. Select the NIO UDP tab and fill in the addresses and portnumbers. Keep in mind that local ports on the vpc is the remote port in gns3.

Some set-ups for testing

Putting it all together. Some VLAN testing