Scribd
Upload
498 views56 pages

GNS3 Installation and Configuration v1.5

GNS3 Installation and Configuration v1.5

Uploaded by

Nemes Samuel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
498 views56 pages

GNS3 Installation and Configuration v1.5

GNS3 Installation and Configuration v1.5

Uploaded by

Nemes Samuel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 56

Installation and Configuration of GNS3

in a Remoteserver-Deployment

Contents

Version History............................................................................................................................. 2
Preface ........................................................................................................................................ 3
Prerequisites........................................................................................................................................ 3
GNetiquetteS3 ..................................................................................................................................... 3
1. SSL-VPN-Clientinstallation......................................................................................................... 4
2. Basic installation of the GNS3-Software..................................................................................... 8
3. Configuration of the GNS3-Frontend ....................................................................................... 13
Setting up the first lab ....................................................................................................................... 17
4. Available Devices on that server ............................................................................................. 25
Router ................................................................................................................................................ 25
Switches............................................................................................................................................. 25
Hosts .................................................................................................................................................. 25
Firewalls............................................................................................................................................. 25
Brief documentation of the available appliances.............................................................................. 26
Category Router ............................................................................................................................ 26
Category Switches ......................................................................................................................... 29
Category Hosts .............................................................................................................................. 33
Category Firewalls ......................................................................................................................... 39
5. Using the pre-provided templates ........................................................................................... 43
Using Superputty with GNS3 / Optional! ..................................................................................... 47
Appendix ................................................................................................................................... 56
GNS3, can I trust it? ........................................................................................................................... 56
Some minor bugs… ............................................................................................................................ 56
Version History
22.1.2018 Document created by Andreas Wittemann

6.2.2018 Installation of SSL-VPN-Client, updated Server-IP to new System, SuperPutty-


Integration, added usage guidelines and minor bug descriptions

2.3.2018 Added several devices, also included descriptions of the appliances and how to use
them

19.3.2018 Comments about IOU bugs (Available devices on that server -> Switches) / added
devices / Added section about duplicating the pre-provisioned lab templates

18.5.2018 Changed naming scheme for labs…still missing some more detailed descriptions of
recently added appliances -> ToDo, will be done later

22.5.2018 Updated appliance descriptions


Preface
As perhaps some of you already know, you can install GNS3 as a local server client architecture. This
involves your own PC in computing and processing of all the running emulated and virtual
router/switch/node instances, with all its drawbacks and limits of your actual PC. For example,
limited CPU-performance or free RAM, which will therefore limit the size of labs you can execute in
GNS3.

In this document, we will install and configure GNS3 as client, leaving only the GUI and your system
as a client. All the hard work will be done on a remote server, with more powerful hardware to
execute your labs directly there. Which means: GNS3 on your PC is now only the graphical frontend.

The document is basically a bunch of screenshots, but due to that you should be able to install and
configure quite easily, if you follow precisely what you see in here. If any questions occur besides of
this documents focus, don´t hesitate to contact Harald Dewitz or Andreas Wittemann!

Prerequisites
- A PC
- The Internet

GNetiquetteS3
All the Labs are running on a single server, so we should be nice to each other. We provide the
system to enable you to set up some labs for your studies, also we will use it for our instructor led
trainings. So, we prefer a not heavily fucked up system. In case we recognize abusive behavior, we
will have to change lots of things, and we lack the time to do so.

Please follow these very few simple guidelines:

- For your personal labs, please name them as follows:


<FirstnameFamilyname>_CHOOSEMEANINGFULTITLE>
For example: AndreasWittemann_OSPF-Areasummarization
In case we will find “anonymous” labs…we will just delete them.
- Keep your labs simple, we use shared resources! In most cases, it will not help you to use 40
router instances, when you could use just 4
- Please don’t mess with your colleagues labs, and yes, we know you can access them!
- Hacking the GNS3 server is boooooring. Set up one for yourself, if you feel the urge to do so!
- Please close your labs and shutdown your devices, when you are finished!
- Please do NOT change the device definitions/templates on the server, in case you need
additional devices talk to us!
- In case you think you need to change something on a device WITHIN your lab, do it in there,
not on the device templates!

If you think we should add anything else in this


document, please feel free to contact us!
[email protected]

[email protected]
1. SSL-VPN-Clientinstallation
Please simply use the installer we provided in the Academy.zip, after you unpacked that archive in a
folder. Doubleclick on the installer, the installation itself is quite simple, so we will provide you just
screenshots:

This is the installer file, which contains the VPN-Client itself and the correct configuration.

Yes, you do.


After installation, this traffic light symbol will appear in the system tray, right click on it to connect.

You can have more configurations than one, which should be not the case since you do a fresh install,
so your choice will be only: [email protected]

Enter your user information as shown, each time you disconnect/connect you have to enter it
again…so memorize it.
Ok, good to go, we are connected!
2. Basic installation of the GNS3-Software
Doubleclick the provided “GNS3-2.1.5-all-in-one.exe”, to start the installation process, screenshots
are from the old version…nothing severely different about that procedure.
Please UNCHECK the Solarwinds-Tools…we will not need them for our labs.
This part can take a bit, depending of the speed the GNS3-installer can download some parts
dynamically. I experienced it to take around 5 minutes for the whole process, but this actually might
take up to 30min…go grab a cup of coffee.

The Installation itself is finished now, but…


…one of the sponsors wants to pull you in their database…again, not needed, so choose “No” and
proceed!

Congratulations, basic install is done, we will go ahead to configure your GNS3 installation after you
click finish and eventually start GNS3 directly afterwards.
3. Configuration of the GNS3-Frontend
This is what you will see directly after GNS3 started, like before you will see any further steps in the
following screenshots, comments added to them if needed.
Since everything runs and is mostly already provisioned on the remote server, there is no need to
install any appliances by yourself. In case you will need other virtual devices, contact Harald or
Andreas.
Press cancel for now, let´s change some defaults first…
This will make spotting currently selected devices way easier!

This helps you arranging your virtual devices, otherwise it can be a mess.
Setting up the first lab
Now we will use GNS3 to set up our first lab from scratch!

To prevent another mess, we changed the naming convention:


<FirstnameFamilyname>_<CHOOSEMEANINGFULTITLE>

When you want to get back to your saved labs, you can easily navigate to and open them later using
“Projects library”, as you can see already in the screenshot.
Expand the router category on the left, you can see different pictograms representing different node
categories. We will start with a simple router<->router lab.

Just drag and drop the devices from the expanded menu, you can close the choice selection using the
X, if you don´t need it anymore…saves some desktop space…
Let’s connect our two routers, you have to click on the cable pictogram on the left to activate cabling
mode, afterwards the devices you want to connect with other devices in your topology, then choose
the desired port…

…drag the virtual cable to the other device…


…and finally connect it to the target port, done!

Stop cabling mode by clicking on the pictogram on the left, it will change after you did this.
Time to start the virtual routers, first rightclick the devices, “Start”, then afterwards directly do the
same and choose “Console” …this will bring up the nodes command line interface. GNS3 utilizes the
formerly installed Putty application …
In the window titlebar your instances ID, according to your topology’s hostname, is shown…

Type in “no”, we don´t use assistants…

Your router is up and running, let´s configure!


Please ignore minor error messages, always remember…it´s an emulated router. In the following
screenshots you will see the procedure to configure a static IP address on a routers interface, and do
a ping check afterwards…check the titlebars, you will see the instance where to configure what!

As you can see in the example, the titlebar doesn´t use the configures hostname, it will show the
nodes name according to your topology! Please keep that in mind…
Don´t forget to save your nodes configuration otherwise it will be lost. The SAVED configuration is
what you will see when you start up your lab the next time! You have been warned.

Let´s exit GNS3…you have to just “Quit” GNS3, all your (saved!, see above!) configs will be there
again.

Hmm, sure…
…and just ignore it…happens often in the Windows version…on my Mac I never saw this.

4. Available Devices on that server


Some of them in different software versions, usually not the most recent one.

But, the focus of that system is NOT to test the newest software versions, we just want to get
familiar with technologies without real-life-impact, don’t we ?

Router

26xx / 37xx / 7200 / CSR1000v / IOSv L3 / IOS XRv / IOU L3 / Juniper / F5 Big-IP / Internet / Mikrotik
CHR

Switches

Arista / ATM-Switch / IOSv L2 / IOU L2 / NX-OSv / NX-OSv 9k / Cumulus VX / Ether Switch Router
(Cisco Router with 16-Port Switch-Module) / Frame Relay Switch / Ethernet Hub / Generic Ethernet
Switch (VLAN-capable!) / Juniper / Open vSwitch

Hosts

AAA / AsteriskNOW / Cisco DCNM / Cisco vWLC / ipterm, Kali Linux / ntopng / VRIN (Routeinjector) /
webterm Firefox / F5 BIG IQ / Ostinato / TinyCoreLinux / Ubuntu / Windows clients and Server

Firewalls

Checkpoint GAiA / Cisco ASAv / pfSense / Smoothwall Express / Sophos UTM Home Edition / Cisco
Firepower Series / Cisco ISE / Cisco Web Security Virtual Appliance

…to be continued…
Brief documentation of the available appliances
In case you need passwords/credentials, this can be found here for the four categories, plus some
comments for usage if needed. For furthermore instructions…GIYF, it always helps to ask there and
put “<Appliancename> +GNS3” in the search field. You should find all you need then.

Category Router

CISCO IOS(Dynamips)/IOU and IOSv(QEMU) IMAGES


Basically, nothing much to say about these ones, they emulate routers and switches in different
versions or chassis sizes, which affects the number and type of connections (including serial/frame-
relay!) you can simulate with them.

In case you want to emulate a Catalyst switch, best option is using a IOSv-image. For
Multilayerswitching i would recommend using the Etherswitchrouter, which is just a 3745-router
with a NM-16ESW switchportmodule. Works super stable and reliable, only speciality is: You have to
use the old vlan-database commands to setup your Layer2-VLANs...keep this in mind.

Another thing about the classic router/dynamips images: The use IOS in version 12.x.

If you want to play with version 15.x you have to use the IOSv-images, there is also a router/L3 one.

The IOU images didn´t do a too good job for me in the past, got stuck, and did sort of weird
behaviors...so better stay with the classic Dynamips/Router-Images(rock-solid) or use the IOSv!

CISCO CSR1000v
RAM: 3072 MB

THIS is your choice when you want to work with IOS-XE!

The Cisco Cloud Services Router 1000V (CSR 1000V) is a router and network services platform in
virtual form factor that is intended for deployment in cloud and virtual data centers. It is optimized to
serve as a single-tenant or multitenant WAN gateway. Using proven, industry-leading Cisco IOS® XE
Software networking and security features, the CSR 1000V enables enterprises to transparently
extend their WANs into external provider-hosted clouds and cloud providers to offer their tenants
enterprise-class networking services.

More information on http://www.cisco.com/c/en/us/support/routers/cloud-services-router-1000v-


series/tsd-products-support-series-home.html

CISCO IOS XRv 6.0.x


RAM: 3072 MB

IOS XRv supports the control plane features introduced in Cisco IOS XR.

More information on http://virl.cisco.com/

You can set admin username and password on first boot. Don't forget about the two-staged
configuration, you have to commit your changes.
CISCO IOS XRv 9000 6.0.0
RAM: 16384 MB

WATCH OUT: Resource killer!

IOS XRv 9000 (aka Sunstone) is the 1st VM released running the 64-bit IOS XR operating system as
used on the NCS-6xxx platform. This appliance requires 4 vCPUs and 16GB of memory to run!

More information on http://virl.cisco.com/

Default username/password: admin/admin, cisco/cisco and lab/lab. There is no default configuration


present.

F5 BIG-IP LTM VE 13.1.0 HF1


RAM: 4096 MB

WATCH OUT: Resource killer!

The BIG-IP family of products offers the application intelligence that network managers need to
ensure applications are fast, secure, and available. All BIG-IP products share a common underlying
architecture, F5's Traffic Management Operating System (TMOS), which provides unified intelligence,
flexibility, and programmability. Together, BIG-IP's powerful platforms, advanced modules, and
centralized management system make up the most comprehensive set of application delivery tools in
the industry. BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual
machine in specifically-supported hypervisors. BIG-IP VE emulates a hardware-based BIG-IP system
running a VE-compatible version of BIG-IP software.

More information on https://f5.com/products/modules/local-traffic-manager

Console credentials: root/default. WebUI credentials: admin/admin. The boot process might take a
few minutes without providing any output to the console. Please be patient (or set console to vnc to
see tty outputs).

In case the 'localhost emerg logger: Re-starting chmand' log appears on the console, you can find the
solution here: https://devcentral.f5.com/questions/big-ip-ltm-ve-on-kvm

INTERNET 0.1
RAM: 64 MB

This appliance simulates a domestic modem. It provides an IP via DHCP and will NAT all connection to
the internet without the need of using a cloud interface in your topologies. IP will be in the subnet
172.16.0.0/16. Multiple internet will have different IP range from 172.16.1.0/24 to 172.16.253.0/24 .

Just connect stuff to the appliance. Everything is automated.


JUNIPER vMX vCP
RAM: 2048 MB

The vMX is a full-featured, carrier-grade virtual MX Series 3D Universal Edge Router that extends 15+
years of Juniper Networks edge routing expertise to the virtual realm. This appliance is for the Virtual
Control Plane (vCP) VM and is meant to be paired with the Virtual Forwarding Plane (vFP) VM.

More information on http://www.juniper.net/us/en/products-services/routing/mx-series/vmx/

Initial username is root, no password. USAGE INSTRUCTIONS Connect the first interface (fxp0) to
your admin VLAN. Connect the second interface (em1) directly to the second interface (eth1) of the
vFP.

JUNIPER vMX vFP


RAM: 4096 MB

The vMX is a full-featured, carrier-grade virtual MX Series 3D Universal Edge Router that extends 15+
years of Juniper Networks edge routing expertise to the virtual realm. This appliance is for the Virtual
Forwarding Plane (vFP) VM and is meant to be paired with the Virtual Control Plane (vCP) VM.

More information on http://www.juniper.net/us/en/products-services/routing/mx-series/vmx/

Initial username is root, password is root

MIKROTIK CHR 6.40.5


RAM: 128 MB

Cloud Hosted Router (CHR) is a RouterOS version meant for running as a virtual machine. It supports
x86 64-bit architecture and can be used on most of popular hypervisors such as VMWare, Hyper-V,
VirtualBox, KVM and others. CHR has full RouterOS features enabled by default but has a different
licensing model than other RouterOS versions.

More informations on http://www.mikrotik.com/download

Default credentials: Username "admin" and an empty password.


Category Switches

ARISTA vEOS
RAM: 2048 MB

Arista EOS® is the core of Arista cloud networking solutions for next-generation data centers and
cloud networks. Cloud architectures built with Arista EOS scale to tens of thousands of compute and
storage nodes with management and provisioning capabilities that work at scale. Through its
programmability, EOS enables a set of software applications that deliver workflow automation, high
availability, unprecedented network visibility and analytics and rapid integration with a wide range of
third-party applications for virtualization, management, automation and orchestration services.

Arista Extensible Operating System (EOS) is a fully programmable and highly modular, Linux-based
network operation system, using familiar industry standard CLI and runs a single binary software
image across the Arista switching family. Architected for resiliency and programmability, EOS has a
unique multi-process state sharing architecture that separates state information and packet
forwarding from protocol processing and application logic.

More information on https://eos.arista.com/

The login is admin, with no password by default

CISCO IOS(Dynamips)/IOU and IOSv(QEMU) IMAGES


Basically, nothing much to say about these ones, they emulate routers and switches in different
versions or chassis sizes, which affects the number and type of connections (including serial/frame-
relay!) you can simulate with them.

In case you want to emulate a Catalyst switch, best option is using a IOSv-image.

Another thing about the classic router/dynamips images: They use IOS in version 12.x.

If you want to play with version 15.x you have to use the IOSv-images, there is also a router/L3 one.

The IOU images didn´t do a too good job for me in the past, got stuck, and did sort of weird
behaviors...so better stay with the classic Dynamips/Router-Images(rock-solid) or use the IOSv!

IMPORTANT:

The least resource-intensive ones are the IOU-Images, but, in case you want to have more than one
interconnected switch in your lab…stay away from them! Things like Spanning-Tree are super
buggy on them, the CPU-usage of our server goes straight through the roof…even you will not get
any error messages on your virtual switch console itself. So, if you want to have ONE multilayer-
switch within your virtual branch (for example) in your lab, use them…otherwise: Stay with the
Etherswitch router (best solution regarding stability AND resource consumption) or take the IOSv
Layer2!
CISCO NX-OSv 7.3.0
RAM: 3072 MB

NXOSv is a reference platform for an implementation of the Cisco Nexus operating system, based on
the Nexus 7000-series platforms, running as a full virtual machine on a hypervisor. This includes
NXAPI and MPLS LDP support.

More information on http://virl.cisco.com/

The default username/password is admin/admin. A default configuration is present.

Features have to be enabled with:

license grace-period

...otherwise things like FabricPath will not work!

Again, keep in mind, it´s a switch emulation, and switches run on ASICs...not all features will work.

CISCO NX-OSv 9000


RAM: 8096 MB

WATCH OUT: Resource killer!

The NX-OSv 9000 is a virtual platform that is designed to simulate the control plane aspects of a
network element running Cisco Nexus 9000 software. The NX-OSv 9000 shares the same software
image running on Cisco Nexus 9000 hardware platform although no specific hardware emulation is
implemented. When the software runs as a virtual machine, line card (LC) ASIC provisioning or any
interaction from the control plane to hardware ASIC is handled by the NX-OSv 9000 software data
plane.

The NX-OSv 9000 for the Cisco Nexus 9000 Series provides a useful tool to enable the devops model
and rapidly test changes to the infrastructure or to infrastructure automation tools. This enables
network simulations in large scale for customers to validate configuration changes on a simulated
network prior to applying them on a production network. Some users have also expressed interest in
using the simulation system for feature test ,verification, and automation tooling development and
test simulation prior to deployment. NX-OSv 9000 can be used as a programmability vehicle to
validate software defined networks (SDNs) and Network Function Virtualization (NFV) based
solutions.
CUMULUS VX
RAM: 512 MB

Cumulus VX is a community-supported virtual appliance that enables cloud admins and network
engineers to preview and test Cumulus Networks technology at zero cost. You can build sandbox
environments to learn Open Networking concepts, prototype network operations and script &
develop applications risk-free. With Cumulus VX, you can get started with Open Networking at your
pace, on your time, and in your environment!

More informations on https://cumulusnetworks.com/cumulus-vx/

Default username is cumulus and password is CumulusLinux!

ETHERSWITCH ROUTER
RAM: 256 MB

For Multilayerswitching i would recommend using the Etherswitchrouter, which is just a 3745-router
with a NM-16ESW switchportmodule. Works superstable and reliable, only speciality is: You have to
use the old vlan-database commands to setup your Layer2-VLANs...keep this in mind.

How to add VLANs:

ESW1#vlan database

ESW1(vlan)#vlan 10 name TEST

VLAN 10 added:

Name: TEST

ESW1(vlan)#exit

APPLY completed.

JUNIPER vQFX PFE


RAM: 2048 MB

The vQFX10000 makes it easy for you to try out our physical QFX10000 high-performance data
center switch without the wait for physical delivery. Although the virtual version has limited
performance relative to the physical switch, it lets you quickly emulate the same features for the
control plane of the physical switch, or both its control and data planes.

More information on https://www.juniper.net/us/en/dm/free-vqfx-trial/

USAGE INSTRUCTIONS Connect the first interface (em0) to your admin VLAN. Connect the second
interface (em1) directly to the second interface (em1) of the RE. The switch ports do not connect
here, but on the RE
JUNIPER vQFX RE
RAM: 1024 MB

The vQFX10000 makes it easy for you to try out our physical QFX10000 high-performance data
center switch without the wait for physical delivery. Although the virtual version has limited
performance relative to the physical switch, it lets you quickly emulate the same features for the
control plane of the physical switch, or both its control and data planes.

More information on https://www.juniper.net/us/en/dm/free-vqfx-trial/

Initial username is root, password is Juniper (capitol J). USAGE INSTRUCTIONS Connect the first
interface (em0) to your admin VLAN. Connect the second interface (em1) directly to the second
interface (em1) of the PFE. The switch ports connect here on the RE

OPEN vSWITCH
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source
Apache 2.0 license. It is designed to enable massive network automation through programmatic
extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow,
IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple
physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.

More information on http://openvswitch.org/

By default all interfaces are connected to the br0

OPEN vSWITCH MANAGEMENT


Open vSwitch is a production quality, multilayer virtual switch licensed under the open source
Apache 2.0 license. It is designed to enable massive network automation through programmatic
extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow,
IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple
physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. This is a
version of the appliance with a management interface on eth0.

The eth0 is the management interface. By default all other interfaces are connected to the br0
Category Hosts

AAA
This appliance provides RADIUS and TACACS+ services with preconfigured users and groups.

RADIUS users: - alice - bob

TACACS+ users: - gns3 (role: admin) - readonly

All users, as well as the RADIUS/TACACS+ clients have the password 'gns3' set.

ASTERISK NOW
RAM: 1024 MB

AsteriskNOW makes it easy to create custom telephony solutions by automatically installing the
'plumbing'. It's a complete Linux distribution with Asterisk, the DAHDI driver framework, and, the
FreePBX administrative GUI. Much of the complexity of Asterisk and Linux is handled by the installer,
the yum package management utility and the administrative GUI. With AsteriskNOW, application
developers and integrators can concentrate on building solutions, not maintaining the plumbing.

More information on http://www.asterisk.org/downloads/asterisknow

Select 'No RAID' option when installing the appliance using the VNC console. Installing the freepbx
package takes a lot of time (15+ minutes).

CISCO DCNM
RAM: 8192 MB

WATCH OUT: Resource killer!

Cisco Data Center Network Manager (DCNM) 10 unifies and automates Cisco Nexus and Cisco MDS
9000 Family multitenant infrastructure for data center management across Cisco Nexus 5000, 6000,
7000, and 9000 Series Switches in NX‑OS mode using Cisco NX-OS Software as well as across Cisco
MDS 9100 and 9300 Series Multilayer Fabric Switches, 9200 Series Multiservice Switches, and 9500
and 9700 Series Multilayer Directors. Data Center Network Manager 10 lets you manage very large
numbers of devices while providing ready-to-use management and automation capabilities plus
Virtual Extensible LAN (VXLAN) overlay visibility into Cisco Nexus LAN fabrics.

More informations on http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-


data-center-network-manager/index.html

Default credentials: root / cisco123

CISCO vWLC
RAM: 2048 MB
The Virtual Wireless Controller can cost-effectively manage, secure, and optimize the performance of
local and branch wireless networks. Ideal for small and medium-sized businesses, the Virtual Wireless
Controller facilitates server consolidation and improves business continuity in the face of outages.

More informations on http://www.cisco.com/c/en/us/support/wireless/virtual-wireless-


controller/tsd-products-support-series-home.html

F5 BIG-IQ CM 5.4.0
RAM: 4096 MB

WATCH OUT: Resource killer!

When you go from managing a few boxes to managing a few dozen, your processes, logistics, and
needs all change. BIG-IQ Centralized Management brings all of your devices together, so you can
discover, track, upgrade, and deploy more efficiently. You can also monitor key metrics from one
location, saving yourself both time and effort.

Centrally manage up to 200 physical, virtual, or virtual clustered multiprocessing (vCMP) based BIG-IP
devices. BIG-IQ Centralized Management also handles licensing for up to 5,000 unmanaged devices,
so you can spin BIG-IP virtual editions (VEs) up or down as needed.

More information on https://f5.com/products/big-iq-centralized-management

Console credentials: root/default

WebUI credentials: admin/admin

The boot process might take a few minutes without providing any output to the console. Please be
patient (or set console to vnc to see tty outputs).

FIREFOX
RAM: 256 MB

A light Linux based on TinyCore Linux with Firefox preinstalled

More information on https://www.mozilla.org/firefox

IPTERM
ipterm is a debian based networking toolbox.

It contains the following utilities: net-tools, iproute2, ping, traceroute, curl, host, iperf3, mtr, socat,
ssh client, tcpdump and the multicast testing tools msend/mreceive.

The /root directory is persistent.


KALI LINUX
RAM: 1024 MB

From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration
testing platform ever created. We have a set of amazing features lined up in our security distribution
geared at streamlining the penetration testing experience.

Default password is toor

nTOPNG
ntopng is the next generation version of the original ntop, a network traffic probe that shows the
network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and
it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on
Windows as well. ntopng users can use a a web browser to navigate through ntop (that acts as a web
server) traffic information and get a dump of the network status. In the latter case, ntopng can be
seen as a simple RMON-like agent with an embedded web interface.

In the web interface login as admin/admin

OSTINATO
RAM: 256 MB

Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer


with a friendly GUI. Craft and send packets of several streams with different protocols at different
rates.

Very useful when playing around with QoS, for example designing queues with different protocols.

More information on http://ostinato.org/

Use interfaces starting with eth1 as traffic interfaces, eth0 is only for the (optional) management of
the server/drone.

TINY CORE LINUX


RAM: 96 MB

Core Linux is a smaller variant of Tiny Core without a graphical desktop.

It provides a complete Linux system in few MB.

More information on http://distro.ibiblio.org/tinycorelinux

Login is gns3/gns3. sudo works without password


TOOLBOX
This appliance contains server side software for secondary management of network devices:

- www (nginx)

- ftp (vsftpd)

- tftp (tftpd)

- syslog (rsyslog)

- dhcp (isc-dhcpd)

- snmp server (snmpd + snmptrapd)

Root password: gns3

UBUNTU 17.04
RAM: 1024 MB

Ubuntu is a full-featured Linux operating system which is based on Debian distribution and freely
available with both community and professional support, it comes with Unity as its default desktop
environment. There are other flavors of Ubuntu available with other desktops as default like Ubuntu
Gnome, Lubuntu, Xubuntu, and so on. A tightly-integrated selection of excellent applications is
included, and an incredible variety of add-on software is just a few clicks away. A default installation
of Ubuntu contains a wide range of software that includes LibreOffice, Firefox, Empathy,
Transmission, etc.

More information on https://www.ubuntu.com/desktop

Username: osboxes Password: osboxes.org

UBUNTU DOCKER
Ubuntu is a Debian-based Linux operating system, with Unity as its default desktop environment. It is
based on free software and named after the Southern African philosophy of ubuntu (literally,
"human-ness"), which often is translated as "humanity towards others" or "the belief in a universal
bond of sharing that connects all humanity".

vRIN
RAM: 256 MB

vRIN is a VM appliance capable to inject high number of routes into a network. It was tested on GNS3
topologies using VirtualBox and Qemu with up to 1M BGP routes. Runs Quagga. Supported protocols:
BGP (IPv4/6), OSPF, OSPFv3, RIP v2, RIPng

Wanna play BGP? There you go...


Connect eth0 to the network where you want vRIN to inject routes into then start the VM. You can
either run the VM in normal or headless mode; in the latter case you can access vRIN through serial
console. User input is not checked; it's your responsibility to enter valid information.

After generating the routes, each Quagga process can be reached through eth0 using their default
ports:

- zebra: 2601

- rip: 2602

- ripng: 2603

- ospf: 2604

- bgp: 2605

- ospf6d: 2606

VTY password: vrin

Notes:

- Route generation may take a while when creating lots of routes (i.e. 10k+).

- Login (serial / VM window): root / vrin

WEBTERM
webterm is a debian based networking toolbox.

It contains the firefox web browser plus the following utilities: net-tools, iproute2, ping, traceroute,
curl, host, iperf3, mtr, socat, ssh client, tcpdump, ab(apache benchmark) and the multicast testing
tools msend/mreceive.

The /root directory is persistent.

WINDOWS7 WITH IE11


RAM: 1024 MB

Microsoft Windows, or simply Windows, is a metafamily of graphical operating systems developed,


marketed, and sold by Microsoft. It consists of several families of operating systems, each of which
cater to a certain sector of the computing industry with the OS typically associated with IBM PC
compatible architecture.

More information on https://www.microsoft.com/en-us/windows

These virtual machines expire after 90 days.

The password used is: Passw0rd!


Username/Password: IEUser/Passw0rd!

WINDOWS10 WITH EDGE


RAM: 1024 MB

Microsoft Windows, or simply Windows, is a metafamily of graphical operating systems developed,


marketed, and sold by Microsoft. It consists of several families of operating systems, each of which
cater to a certain sector of the computing industry with the OS typically associated with IBM PC
compatible architecture.

More information on https://www.microsoft.com/en-us/windows

Username/Password: IEUser/Passw0rd!

This virtual machine expires after 90 days.

WINDOWS 2012 R2
RAM: 2048 MB

Microsoft Windows, or simply Windows, is a metafamily of graphical operating systems developed,


marketed, and sold by Microsoft. It consists of several families of operating systems, each of which
cater to a certain sector of the computing industry with the OS typically associated with IBM PC
compatible architecture.

More information on https://www.microsoft.com/en-us/windows

This virtual machine expires after 180 days.

WINDOWS SERVER 2016


RAM: 2048 MB

Microsoft Windows, or simply Windows, is a metafamily of graphical operating systems developed,


marketed, and sold by Microsoft. It consists of several families of operating systems, each of which
cater to a certain sector of the computing industry with the OS typically associated with IBM PC
compatible architecture.

More information on https://www.microsoft.com/en-us/windows

This virtual machine expires after 180 days.


Category Firewalls

CHECKPOINT GAiA
RAM: 2048 MB

Check Point Gaia is the next generation Secure Operating System for all Check Point Appliances,
Open Servers and Virtualized Gateways.

Gaia combines the best features from IPSO and SecurePlatform (SPLAT) into a single unified OS
providing greater efficiency and robust performance. By upgrading to Gaia, customers will benefit
from improved appliance connection capacity and reduced operating costs. With Gaia, IP Appliance
customers will gain the ability to leverage the full breadth and power of all Check Point Software
Blades.

Gaia secures IPv6 networks utilizing the Check Point Acceleration & Clustering technology and it
protects the most dynamic network and virtualized environments by supporting 5 different dynamic
routing protocols. As a 64-Bit OS, Gaia increases the connection capacity of existing appliances
supporting up-to 10M concurrent connections for select 2012 Models.

Gaia simplifies management with segregation of duties by enabling role-based administrative access.
Furthermore, Gaia greatly increases operation efficiency by offering Automatic Software Update.

The feature-rich Web interface allows for search of any command or property in a second.

Gaia provides backward compatibility with IPSO and SPLAT CLI-style commands making it an easy
transition for existing Check Point customers.

At boot choose the install on disk options. You need to open quickly the terminal after launching the
appliance if you want to see the menu. You need a web browser in order to finalize the installation.
You can use the firefox appliance for this.

CISCO ASAv
RAM: 2048 MB

The Adaptive Security Virtual Appliance is a virtualized network security solution based on the
market-leading Cisco ASA 5500-X Series firewalls. It supports both traditional and next-generation
software-defined network (SDN) and Cisco Application Centric Infrastructure (ACI) environments to
provide policy enforcement and threat inspection across heterogeneous multisite environments.

More information on http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-


appliance-firewall/index.html

There is no default password and enable password. A default configuration is present. ASAv goes
through a double-boot before becoming active. This is normal and expected.
CISCO FIREPOWER FMCv
RAM: 8192 MB

WATCH OUT: Resource killer!

This is your administrative nerve center for managing critical Cisco network security solutions. It
provides complete and unified management over firewalls, application control, intrusion prevention,
URL filtering, and advanced malware protection. Easily go from managing a firewall to controlling
applications to investigating and remediating malware outbreaks.

More information on
http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/kvm/fmcv-kvm-qsg.html

BE PATIENT On first boot FMCv generates about 6GB of data. This can take 30 minutes or more. Plan
on a long wait after the following line in the boot up: usbcore: registered new interface driver usb-
storage Initial IP address: 192.168.45.45. Default username/password: admin/Admin123

CISCO FIREPOWER FTDv

RAM: 8192 MB

WATCH OUT: Resource killer!

Cisco Firepower Threat Defense Virtual NGFW appliances combine Cisco's proven network firewall
with the industry’s most effective next-gen IPS and advanced malware protection. All so you can get
more visibility, be more flexible, save more, and protect better.

More information on
http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/kvm/ftdv-kvm-qsg.html

Default username/password: admin/Admin123

CISCO FIREPOWER NGIPSv


RAM: 8192 MB

WATCH OUT: Resource killer!

Cisco Firepower Next-Generation IPS (NGIPS) threat appliances combine superior visibility,
embedded security intelligence, automated analysis, and industry-leading threat effectiveness.

More information on http://www.cisco.com/c/en/us/support/security/ngips-virtual-appliance/tsd-


products-support-series-home.html

Default username/password: admin/Admin123


PFSENSE 2.3.2
RAM: 2048 MB

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system
with a custom kernel and including third party free software packages for additional functionality.
pfSense software, with the help of the package system, is able to provide the same functionality or
more of common commercial firewalls, without any of the artificial limitations. It has successfully
replaced every big name commercial firewall you can imagine in numerous installations around the
world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro,
and more.

CISCO ISE
RAM: 4096 MB

WATCH OUT: Resource killer!

The Cisco ISE platform is a comprehensive, next-generation, contextually-based access control


solution. Cisco ISE offers authenticated network access, profiling, posture, guest management, and
security group access services along with monitoring, reporting, and troubleshooting capabilities on a
single physical or virtual appliance.

More informations on http://www.cisco.com/c/en/us/products/security/identity-services-


engine/index.html

The initial username is setup.

SMOOTHWALL EXPRESS 3.1


RAM: 256 MB

A Free firewall that includes its own security-hardened GNU/Linux operating system and an easy-to-
use web interface.

More information on http://www.smoothwall.org/about/

WebUI can be accessed at https://GREEN_IP:441/ after installation. GREEN interface is used for the
LAN, RED for the WAN connections. ORANGE and PURPLE can be used for DMZ.

SOPHOS UTM HOME EDITION


RAM: 2048 MB

Sophos Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall,
available at no cost for home users – no strings attached. It features full Network, Web, Mail and
Web Application Security with VPN functionality and protects up to 50 IP addresses. The Sophos UTM
Free Home Use firewall contains its own operating system and will overwrite all data on the
computer during the installation process. Therefore, a separate, dedicated computer or VM is
needed, which will change into a fully functional security appliance.
More information on https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-
edition.aspx

Connect to VNC console for installation, everything else can be set on the WebUI.

WEB SECURITY VIRTUAL APPLIANCE


RAM: 4096 MB

WATCH OUT: Resource killer!

The Cisco WSA was one of the first secure web gateways to combine leading protections to help
organizations address the growing challenges of securing and controlling web traffic. It enables
simpler, faster deployment with fewer maintenance requirements, reduced latency, and lower
operating costs. “Set and forget” technology frees staff after initial automated policy settings go live,
and automatic security updates are pushed to network devices every 3 to 5 minutes. Flexible
deployment options and integration with your existing security infrastructure help you meet quickly
evolving security requirements.

More informations on http://www.cisco.com/c/en/us/products/security/web-security-


appliance/index.html

Boot takes some time. NIC0 is the management port, it gets its initial address using DHCP. Default
credentials: admin / ironport
5. Using the pre-provided templates
For ease-of-use we started to provide you some preconfigured labs, for example with four routers
and already set up basic IP addressing as well as interface speeds and connections. Therefore, you
can directly start with configuring within these labs, focusing on your main objectives, in this case
how to configure routing.

The information (IP addressing and so on) about the labs should be included directly within the
templates.

Please do NOT under any circumstance delete our templates, delete your own duplicates if you are
ready with your tests!

And again, as mentioned so often, please use the naming scheme like mentioned completely on top
of this document…we are sorry to stress this topic over and over again, but it seems to be somehow
hard to decipher the cryptic information in this document. We will delete labs if you don´t follow
that naming scheme. You have been warned! 😊

If you didn´t already use the opening dialogue, go to “File” and open projects

Highlight one of our templates (ACAD_TEMPLATE_), and click “Duplicate”


You will be asked how to name it now. Will you choose “Once, at band camp”…?

…definitely no, you will follow the naming scheme here and give your new lab a proper name.

WATCH OUT: CHANGED NAMING SCHEME!!! SEE ABOVE, USE


<FirstnameFamilyname> instead of initials!

GNS3 will now copy the existing template to one having the name you chose above.
After GNS3 has finished the duplication process, you can directly highlight your freshly duplicated lab
and open it from the dialogue.

As you can see, it´s your own playground now, you can delete the comments if you want to, it´s
yours.
In case something went wrong, or you are maybe finished with your lab tasks, just use the “Delete
project” under the “File” menu in GNS3.

Again, please only delete YOUR lab, not the template itself…just doublecheck the window title to
be sure what you are doing.
Using Superputty with GNS3 / Optional!
In case you prefer using ONE window instead of lots of separate Putty-Windows, depending how big
your lab is, a program called SuperPutty is really helpful.

It collects all the console-sessions to your lab components in one window, using tabs, while you can
still arrange it like you want. However, if you prefer a bunch of windows, you can stay with that.

Here is how to integrate SuperPutty in GNS3, again just some commented screenshots, since it´s not
too complicated. We integrated the needed files in the Academy.zip, so you will find everything in
the folder you used already for the installations of the VPN-Client and GNS3.

Open the folder within your unpacked Academy.zip.

Mark and copy all the files in this folder to the clipboard.
Navigate to your installation folder of GNS3, if you didn´t change the defaults it should be
C:\Program Files\GNS3 and paste the contents of your clipboard to this folder.

Now switch to GNS3, go into the Preferences, we must change the console application there.
This is the default configuration, after the installation…

…but we want SuperPutty, so we select it in the dropdown-menu…all the parameters will be set
correctly, no need to change something there.
To avoid error messages of SuperPutty when starting up with a load of several console connections,
please adjust the delay from 500ms to 1000ms, as shown in the screenshot. Afterwards Apply->OK,
the config in GNS3 is done so far.

All you have to do now is selecting a running virtual device and choose Console, this will bring up
SuperPutty the first time…almost done, we have to adjust some basic settings there to make our life
easier.
First, SuperPutty asks for the location of your putty.exe in the General-tab, because it’s just another
frontend/GUI for Putty and therefore needs it … no-brainer, since it came with your GNS3-
installation, just choose that folder.

In the GUI-tab we adjust the tab-titles, you will see the names of your devices you chose in the GNS3-
topology, which makes totally sense.
In the Advanced-tab we configure SuperPutty to run just one instance, which enables it to show all
the virtual consoles of your devices as tabs within one window. Afterwards, click on OK, SuperPutty
configuration is done, last steps in Putty itself.

Access Putty-configuration with the menu of SuperPutty.


Scrollback-buffer! By default, this one is set to 200 lines…you don´t want that, because a simple
“show running-config” can easily fill that buffer already, and you cannot scroll to the begin of your
device configuration! So, change it to, for example, 5000 lines…should be OK.

Afterwards, go to the Session part, and fill in “Default Settings” and click on Save. This will take care
of Putty using it every time it gets started.
We are finished! Now you can select some devices, for testing…they have to be UP, see the green
lights on the side.

After right clicking one of the marked devices, choose Console.


Done! SuperPutty successfully integrated, as you can see:

- We have tabs within ONE main window


- Each of our tabs has as title the name of our node in the topology
- Scrolling buffer is set to 5000 lines, so it’s easy to get the outputs from above…especially
useful if you use debugs, they can be quite verbose
Appendix

GNS3, can I trust it?


You can realize complex topologies, especially regarding routing. GNS3 is used by Cisco TAC, Andreas
used it lots of times for doing Proof-Of-Concepts, when he wanted to roll out major technology
changes in customer networks or trying to figure out how to migrate or expand customer networks
with minimum impact.

However, it´s EMULATION, so whenever it comes to advanced switching topics based on lots of built-
in-hardware/ASIC functionalities, it may not work everything within GNS3. Use the “Cisco IOSvL2”-
Appliances provided on the server for Layer2-switching, basically this IS a Catalyst with all its look and
feel, you can do almost anything especially the CCNA Routing&Switching track, and most of the
topics of CCNP Routing&Switching. Sometimes you simply have to be a bit creative, if not everything
works like on real hardware…deal with it, or ask Harald or Andreas.

Some of you may know already Packet Tracer from Cisco…don´t use it, it´s just SIMULATION.

Know the difference! It will not even give you the real error messages you should see in case of
misconfiguration, because that snippet wasn´t provided or in focus at the time the simulation was
programmed.

Some minor bugs…


GNS3 has some little problems, but none of them severe…just be aware of them:

- “reload” will not work properly. Instead, save your config, stop and start the node
- “wr erase” to completely erase the config is also buggy in most cases. Just delete the node,
reconnect it in the topology and paste your config.
- Working on the flash: filesystem, for example doing software upgrades, is also nothing you
really can train on GNS3.
- Depending on the type of the template/node type, don´t trust the interface status. The nice
side effect of this: You will encounter the same problem in the labs when you do your exam!
Therefore, get familiar troubleshooting problems with other outputs, instead of putting too
much weight in “link up” and “protocol up”. Try spanning-tree infos, for example, or the
routing table…just sayin´…be leet, not noob.
- Some features, even configurable, will just not work on the virtual platforms…for example
BFD, as always…GIYF. Check the technology and add GNS3 in the search field.

Andreas Wittemann/22.5.2018

You might also like