How To Set Up A Cisco Lab On Linux (CentOS 5.2)
Author: Andrew Colin Kissa <andrew [at] topdog [dot] za [dot] net>
Last edited 03/08/2008
I recently decided to study for the Cisco CCSP certification. My main concern in the beginning was the fact that most of the lab simulation software that I found out there could only run on Windows, this was a problem for me given the fact that I do not own a windows computer.
After a quick search I found the wonderful Dynamips project that goes beyond what other simulators do by running actual Cisco IOS images, as well as the PEMU project which allows for running of Cisco PIX images. To integrate the various pieces of software and provide an interface for interaction with the devices I used dynagen.
You will need Linux command line skills as well as working knowledge of Cisco IOS/PIX. Please NOTE that you will have to provide your own Cisco IOS/PIX images, do not send me any messages requesting images.
These instructions are based on Centos 5.2 but can easily be adapted for use on other Linux systems. Given the fact that we are using an rpm based system we will install all our packages as rpm's instead of source given the advantages of package management. All the above mentioned projects (Apart from pemu) have source rpm's which can be obtained and compiled. I obtained and compiled the source rpm's which you can download from my site, you can how ever obtain the source rpm's and compile on your own should you want to. I built my own rpm for PEMU which you can download.
The above rpms are signed using my key so you will be able verify them.
rpm --import andrew_topdog-software.com_key.txt
Now on to the installation.
This is the main component that provides the Cisco IOS emulator as well as PEMU wrapper
rpm -Uvh http://www.topdog-software.com/oss/dynamips/dynamips-0.2.8RC2-1.i386.rpm
This is the interface to the dynamips software, it provides a simplified ini type configuration, frame-relay, built in switch, bridge as well as a management CLI.
rpm -Uvh http://www.topdog-software.com/oss/dynagen/dynagen-0.11.0-1.noarch.rpm
This is the Cisco PIX / ASA emulator which allows you to run the PIX images.
rpm -Uvh http://www.topdog-software.com/oss/pemu/pemu-0.0.1-20070420.i386.rpm
For our sample lab I will set up a LAB from the SNPA module as this will enable us to see both IOS and PIX in action. But first let's start the services:
service dynamips start
service pemu start
Extract the images as they will boot faster.
cp C3640-JK.BIN /var/lib/pemu/images/snrs.bin
cp target/f1/pix /var/lib/pemu/images/pix
For this lab we will use this dynagen ini file so create a file /tmp/snpa.net with the following content:
autostart = false model = 3640 ghostios = true sparsemem = true [localhost] workingdir = /var/lib/pemu [] image = /var/lib/pemu/images/snrs.bin #idlepc = 0x60ba8df4 [[router inside]] # This router will be on the "inside" of the firewall # Connect this router's e0/0 interface to fw1's e1 interface e0/0 = fw1 e1 [[router outside]] # This router will be on the "outside" of the firewall # Connect this router's e0/0 interface to fw1's e0 interface e0/0 = fw1 e0 [[ethsw s1]] 1 = access 1 # Bridge the below interface to allow fw1's e2 interface access to real networks # e.g. for using ASDM from a PC to manage the firewall, change the interface to # reflect your system 2 = access 1 NIO_gen_eth:eth1 [pemu localhost] [] #for pix 7 & 8 serial = 0x1234568 key = 0xffffffff,0xffffffff,0xffffffff,0xffffffff image = /var/lib/pemu/images/pix [[fw fw1]] # Connect the firewall's e2 interface to the virtual switch, which will bridge it # to the real network e2 = s1 1
Now that we have everything in place let's connect to the dynagen console and interact with our lab environment.
You will be presented with the following prompt:
Reading configuration file... Network successfully loaded Dynagen management console for Dynamips and Pemuwrapper 0.11.0 Copyright (c) 2005-2007 Greg Anuzelli, contributions Pavel Skovajsa =>
Let's look at the options that are available on the dynagen console, type the familier ? command
=> ? Documented commands (type help <topic>): ======================================== capture confreg cpuinfo export hist list py save show suspend clear console end filter idlepc no reload send start telnet conf copy exit help import push resume shell stop ver =>
Let's list the devices available in our lab environment using the list command:
=> list Name Type State Server Console inside 3640 stopped localhost:7200 2000 outside 3640 stopped localhost:7200 2001 fw1 525 stopped localhost:10525 4000 s1 ETHSW always on localhost:7200 n/a =>
Let's start the devices:
=> start outside 100-VM 'outside' started => start inside 100-VM 'inside' started => start fw1 100-PEMU 'fw1' started =>
To improve performance of our devices, we set the idlepc values for the various devices:
=> idlepc get inside Please wait while gathering statistics... 1: 0x605a39c8  2: 0x605a3a40  3: 0x604fd014  4: 0x604fd044  5: 0x6048daa0  6: 0x604fe168  * 7: 0x604fe584  8: 0x604fe734  9: 0x604fe75c  Potentially better idlepc values marked with "*" Enter the number of the idlepc value to apply [1-9] or ENTER for no change: 7
Repeat the above for all the devices you want to set idlepc values for.
Other sample labs
You can find other sample labs in the /usr/share/doc/dynagen-0.11.0/sample_labs directory.
Okay we are up and running, but I bet you are asking well and good but how do I console in and begin working with the device? Each of the devices you started will provide you with console access on a port, to see which device is on which port use the list command in the dynagen console.
So as we see the inside router can be consoled to on port 2000 so let's go ahead and check it out.
telnet localhost 2000
The first time you should be presented with the following screen:
Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. Connected to Dynamips VM "inside" (ID 0, type c3600) - Console port % Please answer 'yes' or 'no'. Would you like to enter the initial configuration dialog? [yes/no]:
Next let's connect to the PIX console:
telnet localhost 4000
Press enter and you should be presented with the following screen:
Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. pixfirewall>
For those who prefer using a GUI to setup the labs, you can take a look at the GNS project, I have not used it personally as I prefer using the command line.
Thanks to the developers of these helpful projects; please consider making donations to these projects if you can.