I am starting to get myself ready for the Narbik course in a few months time. I have brought all my routers and switches home from work and now the routers are sitting in the garage and the switches are racked and ready. I am using a 12u desktop rack which was a good price at just over £30 from Amazon.co.uk, you can get the same rack in the USA for just under $50.
I did realise though that now the v5 has replaced the v4 all my routers are redundant. I will still be able to find a use for the 1841s, but as far as the others go, they are just space fillers in the garage. But it also means that I need to use GNS3 and a breakout switch to connect to the real switches.
This also meant having to buy another switch, so there is a space to fill in between the 3560 and the cable management bit. I am also still waiting for the rack ears for the top 3550 to arrive. The rack ears for the 3550 arrived a few moments ago and now the switch is sitting properly in the rack. The ASA is just for fun, and I need a couple of crossover cables for the 3550s.
So now comes the fun part, making the GNS3 topology and connecting it from my iMac to the real switches.
Narbik’s foundation guides are designed to start bridging the gap between the CCNP and CCIE, so that when you go to his class you are ready to hit the ground running. The foundation guides (there are two parts) run to around 800+ pages, and are based around a singular topology. And this is what I have come up with so far:
The routers are all connected to SW1, which is just there to carry the vlan traffic, and will pass it through to the 3750 breakout switch, which in turn will pass it down to the 3560, which will be switch 1 on Narbik’s topology. There are other switches as well, which will also connect to the real switches (SW2, SW3 and SW4).
Connecting GNS3 to a breakout switch
Connecting to a switch is pretty easy in GNS3, just drag over a cloud icon, right click and select configure. Once you are there select the first tab and connect it to the relevant ethernet interface.I changed the icon on mine to a nice layer 3 switch icon
With that all done and the first couple of routers fired up we can check for basic connectivity:
R1#sh int fa 0/0 | i line|address FastEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is ca09.0443.0008 (bia ca09.0443.0008) R1# R2#sh int fa 0/0 | i line|address FastEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is ca06.0442.0008 (bia ca06.0442.0008) R2#
So we have both lines up that connect us to the real network, let’s see if we can see them on the breakout switch:
Breakout#sh mac-address-table int fa1/0/48
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 10dd.b1b3.6ba6 DYNAMIC Fa1/0/48
1 ca06.0442.0008 DYNAMIC Fa1/0/48
1 ca09.0443.0008 DYNAMIC Fa1/0/48
Total Mac Addresses for this criterion: 3
Breakout#sh cdp neigh fa 1/0/48
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Fas 1/0/48 135 R 7206VXR Fas 0/0
R1 Fas 1/0/48 157 R 7206VXR Fas 0/0
Breakout#
No problems there! But what we actually need is for them to be connected to SW1.
The first (proper) task on the Narbik workbook is to put both R1 and R2 in VLAN 12 and make sure that they can ping each other.
SW1(config)#vlan 12 SW1(config-vlan)#exit SW1(config)#int ra f0/1-2 SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 12 SW1(config-if-range)#no shut R1(config)#int fa 0/0 R1(config-if)#ip address 12.1.1.1 255.255.255.0 R1(config-if)#end R1# R2(config)#int fa 0/0 R2(config-if)#ip add 12.1.1.2 255.255.255.0 R2(config-if)# R1#ping 12.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1#
We know that the interfaces are up because they are in the MAC address table on the breakout switch. There is a great article over at gns3.net about how to set this up, and the original article from which it is based is also well worth a look. Following these guides I got a bit further:
Breakout(config)#int fa 1/0/1 Breakout(config-if)#desc Down to SW1 f0/1 Breakout(config-if)#switchport access vlan 12 Breakout(config-if)#switchport mode dot1q-tunnel Breakout(config-if)#l2protocol-tunnel cdp Breakout(config-if)#l2protocol-tunnel stp Breakout(config-if)#l2protocol-tunnel vtp Breakout(config-if)#no cdp enable Breakout(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet1/0/1 but will only have effect when the interface is in a non-trunking mode. Breakout(config-if)#int fa 1/0/2 Breakout(config-if)#desc Down to SW1 f0/2 Breakout(config-if)#switchport access vlan 12 Breakout(config-if)#switchport mode dot1q-tunnel Breakout(config-if)#l2protocol-tunnel cdp Breakout(config-if)#l2protocol-tunnel stp Breakout(config-if)#l2protocol-tunnel vtp Breakout(config-if)#no cdp enable Breakout(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet1/0/2 but will only have effect when the interface is in a non-trunking mode. Breakout(config-if)#int fa 1/0/48 Breakout(config-if)#desc Uplink to iMac Breakout(config-if)#switchport trunk encap dot1q Breakout(config-if)#l2protocol-tunnel cdp Breakout(config-if)#l2protocol-tunnel stp Breakout(config-if)#l2protocol-tunnel vtp Breakout(config-if)#no cdp enable Breakout(config-if)#spanning-tree portfast
Now things look a bit better:
R1#sh cdp neigh | beg Device Device ID Local Intrfce Holdtme Capability Platform Port ID SW1 Fas 0/0 176 S I WS-C3560- Fas 0/2 SW1 Fas 0/0 163 S I WS-C3560- Fas 0/1 R2 Fas 0/0 169 R 7206VXR Fas 0/0 R1 Fas 0/0 159 R 7206VXR Fas 0/0 R1# R2#sh cdp neigh | beg Device Device ID Local Intrfce Holdtme Capability Platform Port ID SW1 Fas 0/0 150 S I WS-C3560- Fas 0/2 SW1 Fas 0/0 138 S I WS-C3560- Fas 0/1 R2 Fas 0/0 143 R 7206VXR Fas 0/0 R1 Fas 0/0 133 R 7206VXR Fas 0/0 R2#
We are getting double entries though, and a ping from R1 to R2 still does not work. Hmmm…. Well let’s double check our configuration, starting with our virtual switch:
That’s all fine, we have the correct ports in the correct vlan. Let’s check the physical switch:
SW1#sh run int fa0/1 Building configuration... Current configuration : 84 bytes ! interface FastEthernet0/1 switchport access vlan 12 switchport mode access end SW1#sh run int fa0/2 Building configuration... Current configuration : 122 bytes ! interface FastEthernet0/2 switchport access vlan 12 switchport trunk encapsulation dot1q switchport mode access end
Looks like we have a lingering remnant from previous work… Let’s get rid of that and see what happens:
SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#int fa 0/2 SW1(config-if)#no switchport trunk encapsulation dot1q SW1(config-if)#end SW1# R1#ping 12.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/18/24 ms R1# R2#ping 12.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/27/44 ms R2#
Hurrah!
So far so good. I still need to get the second switch racked and cabled, it’s waiting for me back at the office, I also need to sort out the USB NICs, or re-do part of the topology. Switches 2, 3 and 4 on the GNS3 topology either need to connect to SW1, and then to the breakout switch, or have separate USB connections to separate “clouds”. I have the USB nics (Dynamode USB-NIC-1427-100) but my iMac doesn’t seem to want to play ball with them, the lights all flash and look impressive blinking away as they do, but I cant seem to get them recognized as an ethernet interface yet.
Nevertheless it’s all off to a good start, and we can save the rest for part two, when I figure out how to finish it off!
If you have any suggestions then please do comment.
Why not using IOU with web interface you described in some other post ? I believe most of his Narbik labs will work, let me know
True, but I need to justify the expense of buying all this hardware somehow!
Also do a write up of this lab using IOU with web interface 🙂
upload the gns3 topology file, because i can't tell what is connected to what
and a diagram of how you switch is connected to each other including the cross-over cables and how it's connected to your mac.
be very detail about this project, and give updates, config change & why.
also upload the config of the switches.
What version of GNS3 are you using ?
What IOS version are you using on routers & switches ?
Pardon? Surely you mean "Please would you upload the GNS3 file…" A few "Please" and "thank you's" would not go amiss, and it might make me a bit more receptive.
Again, saying please might be a good thing to do here.
Sorry about that, and Thanks.
I wrote a long list of questions and suggestions and before i had a changes to finish, we had a power outage, lost that long post, and i couldn't find back my thought. I was so upset and all i could manage what that post. Sorry again.
Hi,
This is how i normally start a post, with a thank you for the blog/article/etc…
then i would ask a few question if there is something i don't get/understand.
then post my own 2-cent.
I even thank you and ask about the virl/cml.
can'r remember everything.
Anyway Thank you.
btw: i did mention the gns3.net QinQ
No worries
thats cool. I want to try and finish off the second part of this on Thursday, all the kit has arrived now so I should be able to finish the lab off. So hopefully I''ll have an update with everything on Thursday.
Nice write-up, im doing the same as of right now
Hello Stuart,
Thank you for taking time to write this blog. I'm planning to implement the same network/lab setup.
May I ask if we're you able to connect the whole topology (10 routers in gns3) to the physical switches? Have you had troubles connecting the physical topology to the trunk/LAN card of the desktop.
Thank you.
To be honest I gave up and switched over to Web-IOU, and now onto UNetLab, I spent a massive amount on hardware, then Cisco went all virtual for the R&!
I am currently trying to do something similar in UNetLab – new ESXi server running UNetLab as a VM, with a 4 port PCI-X ethernet card, connecting to an IP Phone, and if that guy from eBay ever gets around to sending me the AP that I purchased, then that should be on it as well.
I'll be posting about it in a week or two.
Thank you, Stuart. Very kind of you to share this.
Do you also have GNS Topology for Narbik CCIE Security V4 workbook please?
Hi, I don't have that.
The topology should be in the workbooks though.
Thank you for your time, Stuart.
My bad, I meant to ask whether you got GNS project file (.gns) for the Mastering ASA workbook?
http://www.micronics.nl/Sample-Mastering-ASA-WB-v1.0.pdf