Archive for the ‘ Lab ’ Category

Building a Juniper Lab with Remote Access – The Access Gateway

GNS3 is a great tool that can help us in many ways. One thing that may not be very evident, however, is how we can set up our GNS3 lab for remote access so we can practice when we’re not at home. The aim of this article is to show you how to do that.

This is part one in a series. This article describes how to install OpenBSD in a virtual machine (using VirtualBox). We go through the initial installation as well as assigning IP addresses to our interfaces. In part 2, we install Python and write a Python script that controls access to our gateway server.

This article assumes that you have already created virtual machines in VirtualBox before. If you have not, it is extremely intuitive. If you still need help, please see the VirtualBox website (here) or search Google.

Before we get started, here is our finished product in GNS3:

10 routers connected to a switch.  Two interfaces on a server connected to same switch.  Cloud connected to same switch

GNS 3 Topology

First, please create a new Virtual Machine with the OS type of BSD and OpenBSD. You can use the defaults throughout the wizard. Now open up the settings for the VM. Go to the storage tab and set the CD/DVD image to be the install50.iso you obtained from the OpenBSD website (here). Next, go to the Network tab. We need two interfaces. One will be bridged while the other will be internal.

The bridged adapter will be the one that is on our physical LAN. It is what will let us into the box. The internal adapter will get us to the actual GNS3 lab, but it will not automatically pass traffic between the GNS3 lab and our LAN (and thus the internet). In this way, although we have given ourselves remote access to the GNS3 lab (through this OpenBSD server), we have also isolated the GNS3 lab because there are no routes on the OpenBSD box. We will later use hostnames on the OpenBSD box to simplify accessing equipment, but there still will be no routes.

Next, start your VM. Press enter at the “boot>” prompt. The system will run through some internal loading and present you with the following screen:

Installation screen for OpenBSD 5.0

Installation Screen

Please accept the defaults until you get to the network configuration. For em0, we will want to use DHCP. This is our first adapter–the one that is bridged. When that is finished, you should see it ask you if you wish to configure any additional interfaces. We do. Type “em1.”

The screen for if em1

Interface em1 Configuration

Now we need to enter some information. I use the following to match the requirements of my GNS3 lab:

  • IP Address – 10.0.0.1
  • Subnet Mask – 255.255.255.240 – This mask accommodates 14 interfaces total. My lab example has 11.

The installation will ask you to set a root password. Do this. Also create a new user with a password. Enable sshd by default. Disable root login for sshd.

Enter defaults until the system asks if you want to use a graphical environment, XWindows. Say no here. We don’t need a GUI.

No GUI option

Removing X Windows

Again, accept defaults until it asks you if you would like to create a new add or remove packages. YES! We want to remove all of the XWindows packages and the games package. Prepend the package name with a hyphen to remove it. So, enter the following commands:


-xserv50.tgz
-xfont50.tgz
-xshare50.tgz
-xetc50.tgz
-xbase50.tgz
-games50.tgz

Removing X WIndows and Games

Remove Packages

If there are more prompts, accept defaults. Finally, type reboot to restart the system. Remove the installation media.

At this point, we have a working OpenBSD system and gateway to the GNS3 network. We could stop here, but we are going to go farther in future articles because we might want to have access to this system for more than one person.

To access your network, be sure you open your firewall to the IP of your OpenBSD system. SSH to your public IP. You will be directed to your OpenBSD server. From here, ssh or telnet to your GNS3 routers.

Please ask if you have questions!

No Lab Today

I’ve been getting ready for a business trip to Little Rock all day, so no lab today.

We’ll pick up next week. Happy networking!

Preparing for JNCIA/JNCIS Labs

Friday will kick of our Feature Lab Fridays.  Before that, though, I’d like to set up a baseline config and go over some of the basics of our lab topology.  I’ll add a graphical logical topology in the next few days, but for now, all you need to know is that for these labs we will have a 4-router topology.  We will sometimes use all four routers, and at other times we may use only two, depending on what we are trying to accomplish.

To start with, let’s look at our baseline configuration.  We’re going to set this up on all routers, with the only difference being the host-name and the em0 address.  Here’s the config from Junos:

root@Junos-Olive-1> show configuration 
## Last commit: 2011-11-17 04:20:15 UTC by root
version 9.6R1.13;
system {
    host-name Junos-Olive-1;
    root-authentication {
        encrypted-password "$1$AncI8FwF$RI6NApLL5Swl8Yb54Z6Vo1"; ## SECRET-DATA
    }
    login {
        class noc-staff {
            permissions [ configure firewall-control interface-control network rollback routing routing-control system trace view ];
        }
        user pkttlk {
            uid 2000;
            class noc-staff;
            authentication {
                encrypted-password "$1$J6qlqzfS$ocaUcf/3B84XWGtaa7HBh."; ## SECRET-DATA
            }
        }
    }
    services {
        ssh;
    }
}
interfaces {
    em0 {
        unit 0 {
            family inet {
                address 10.212.9.200/24;
            }
        }
    }
}

Now that you see the config, let’s see what commands we can use to set it all up, starting with the root prompt (I will leave out the username@host):

% cli
> configure
# edit system
# set host-name Junos-Olive-1
# set root-authentication plain-text-password
# edit login
# set class noc-staff permissions [ configure firewall-control interface-control network rollback routing routing-control system trace view ]
# edit user pkttlk
# set class noc-staff
# set authentication plain-text-password
# up 2 set services ssh
# top edit interfaces em0 unit 0 family inet
# set address 10.212.9.200/24
# commit and-quit

Everything above should make perfect sense. The em0 interface will be used on all four routers in different subnets. Tomorrow, we will build static routes that will allow access to your LAN so that you can SSH into each router. For now, just put the em0 interface on all four routers into different subnets. Keep these address in mind. If you’re looking for a simple scheme for now, assign the following addresses:

  • Router 1 – 192.168.0.1/24
  • Router 2 – 192.168.1.1/24
  • Router 3 – 192.168.2.1/24
  • Router 4 – 192.168.3.1/24

Once you have built all of these, the last step is to create a rescue config. In the future, we will restore this rescue config at the end of every lab. This will give us practice configuring interfaces and other aspects of our routers. It gives us a baseline with a hostname, root password, a non-root user, ssh access to the box (once it is more completely configured), and a single correctly configured interface that will give us a direct connection to our LAN (after a static route is configured). To create our rescue config, issue the following commands:

> request system configuration rescue save

That’s it. You have a baseline config for all four of your routers, as well as rescue configs on each router that you can use to “start over from scratch” if you botch something horribly. We’ll actually be using these rescue configurations as a way to reset the routers to a baseline at the end of each lab so that when we start the next lab, the router will be clean.

Come back Friday for Feature Lab Friday #1 – Static Routes!

[edit]
Please note that these labs are not designed to teach you all of the features available in Junos. They are designed to help you in your studies. For further explanation of any command or option used in these labs, please see the official documentation or the information from the FastTrack resource site. You should, at a minimum, read through Study Guide Part 1 and Study Guide Part 2 of the JNCIA-Junos FastTrack website.
[/edit]