I made my own gns3 .net topology for Narbik CCIE R&S Tshoot workbook.
As we all know, switching features is very limited in gns3 so there might be some tickets that we can not resolve using this setup.
The following tickets are not supported:
Lab 1: Tickets 1, 4 and 15
Lab 2: Tickets 1 and 13
Lab 3: Ticket 1
Lab 4: Ticket 1
Lab 5: Ticket 1
Lab 6: Ticket 1
Lab 7: Tickets 1 and 2
Lab 8: Tickets 1 and 2
Lab 9: Tickets 1, 2 and 13
Lab 10: Tickets 1 and 2
Few days ago, while doing some labs in gns3, I stumbled upon this blog about running sparc solaris in qemu. I asked myself would it be possible to use it together with gns3? Searched the web, and I came across this nobel prize winner “iou2net.PL” script made by our good community friend “einval”. From then I decided, why not try it?
Cheers also goes to our good community friend “atar” for taking the time to write this blog and sharing it for us to make our life easier.
Full credit goes to our good community friend “dmz” from 7200emu.hacki forum.
He was able to write a patch that automates the process of extracting the kernel and initrd of version 8.4(2).
This really saves us all from the burden of finding the right offset location of the header not mentioning all the necessary patches that needs to be done to be able to run the asa with as much features as possible.
DISCLAIMER: All the information provided in this post are for self-education purposes only. Use it at your own risk.
Here’s the topology for narbik security workbook. I tried to match all the interfaces as closely as I can to minimize myself from the burden of editing the initial configurations. Its working fine and serving its purpose to say at least.
Here’s a snapshot from gns3:
Here’s the .net file:
I made my own .net file for the ccie security workbook from netmetrc solutions.
This will allow us to use gns3 for lab practice, as most hardware on the security blueprint can be emulated by gns3 i.e. asa and ids/ips.
Here’s the gns3 topology:
Here’s the .net file:
We can setup our own virtual voice lab with the help of gns3 and vmware. This guide can serve as our starting point to build a virtual voice lab that can be adjusted to work with any ccie vendor workbooks.
DISCLAMER: All the information provided in here are for educational and testing purposes only. User it at your own risk. Also, you can obtain a copy of UC ISO’s using your cco account.
Installing esxi 5.0 in vmware workstation is no different to esxi 4.1. With the release of vmware workstation version 8.0, the new esxi 5.0 is now supported as a native hypervisor and can be run directly as a guest operating system. cool.
intel-vt/amd-v compatible cpus are still needed to install esxi 5.0 in vmware workstation.
Open vmware workstation 8.0, specify the link for the iso file and then choose VMware ESX as the guest operating system and 5.0 as the version:
Just follow the same initial settings from this post and your good to go.
Having the ability to configure cacti for 1 minute polling is great if you need a much higher resolution on monitoring certain devices in your network. Whats even more better is we can do this without the need of additional plugins or patches. We just need to install the the later version of cacti (version .8.7 and above) and we’re good to go.
One recommendation before doing this is to have a good deal of knowledge about RRAs or Round Robin Archives. RRAs are widely used by most monitoring systems, including cacti, basically any servers that uses rrdtool as their graphing mechanism. Here’s a good RRA discussion to start with.
Smokeping is a very good tool for graphing latency statistics for your network. It also uses rrdtool for logging and graphing. by It is highly recommended to enable fastcgi on your webserver, but running webserver with cgi only is also fine in a small network.
I used freebsd 9.0 for this guide, but you can use any linux distros that you have at your disposal to follow along. The commands are pretty much the same, very straight forward and doesn’t require any technical know-how and whatsoever to comprehend.
For this guide, we will install nfsen and nfdump in ubuntu that can be later be use cacti for netflow traffic statistics monitoring.
This is definitely useful for traffic accounting as well as security purposes much like wireshark and other packet sniffers do.
This is can also be done on other distros of linux. Most of the commands are the same. I just used ubuntu in this guide because its very easy to use and have desktop versions that anyone can play out of the box. And also as of now, I don’t have any new iso files for other distros except ubuntu.
Cacti is very good network monitoring system (nms) that allows us to view our network utilization in graphical templates. It is highly customizable, fast poller and a very intuitive management interface. We use it in the office and also on my own lab at home. Has a huge community and offers contract support for enterprise implementation. It can support small up to large complex network environment.
On this guide, I will outline all the step for installing cacti version 0.8.7i with plugin-in architecture on freebsd 9.0 jail.
This would also work on any linux distros that you preferred. Just go out and find the required dependencies on your linux distros for all the packages outlined below:
Configuring ssl vpn (anyconnect) in ASA is pretty much the same with webvpn. One obvious difference is that we need to enable svc and define the .pkg path on the webvpn configuration prompt. We also want to configure split tunneling to define what king traffic should be encrypted.
We are going to work the same gns3 topology that we used on the webvpn lab:
For the lab setup, we configured ospf 100 as our igp. We configured static nat on the EDGE_ROUTER to translate the private ip addresses of the ASA’s outside interface g0 to the global serial interface of the router. HOME_ROUTER has a default route pointing the the EDGE_ROUTER.
SSL VPN functionality is also available in ASA. In fact, ASA offers more features to IOS SSL VPN. Also, configuration on ASA is much more simpler and straight forward compare to IOS.
We are going to use ASA version 8.4(2) that runs under qemu. Kudos to our good community “dmz” for providing the script.
Here’s the gns3 topology that we are working on this lab:
Recent Comments