IERG4090 Lab00 P.1

Lab00: Basics of GNS3 and Cisco IOS Objectives: Upon completion of this lab, you will be able to:

- Extract a given topology GNS3 archive - Start GNS3 - Open the given topology file in GNS3 and rename to new lab - Cabling devices in GNS3 - Start devices in GNS3 - Start device terminal in GNS3 - Configuration of network devices - Configuration of docker container labvpc

Prerequisite:

- You are provided with virtual machine in VMware Workstation format that contains the required tools. - You should know how to start the virtual machine in VMware Workstation. - For information about VMware Workstation, please visit the official website:

http://www.vmware.com/ap/products/workstation.html - For tutorials about how to use VMware Workstation, please visit Youtube and search by keyword “vmware

workstation tutorial”. - For tutorials about how to use GNS3, please visit Youtube and search by keyword “GNS3” - For docker container, please visit:

https://docs.docker.com/engine/understanding-docker/ Procedures for Lab file recovery:

1) Download the Lab file “Topo01.tar” into “~/GNS3/projects/IERG4090/” directory

2) Start a terminal at the top left corner of the VM desktop. At the terminal, change to the directory “~/GNS3/projects/IERG4090” and recover the Lab file by “tar xvf Topo01.tar”

……

IERG4090 Lab00 P.2

3) Start GNS by clicking the icon on the top menu bar:

- The “New project” window pop up

- Click the “Open a project” button on the “New project” window:

- Select the IERG4090 folder

IERG4090 Lab00 P.3 - Select the file “Topo01.gns3” under “IERG4090/Topo01/” directory and click Open button:

- Some devices appeared in the working area of GNS3.

Procedures for saving into a new project:

1) In the top menu File Save project as… Select IERG4090 folder

IERG4090 Lab00 P.4

2) In the Project name textbox, change the name from Topo01 to Lab00. Make sure that it is still under the “IERG4090” directory. Click the Save button

3) The project name is now saved to “Lab00.gns3” as shown in the title bar of GNS3.

Procedures for cabling devices:

1) On the top menu bar, click the “Add a link” button:

2) The button picture will be changed when the mode is activated:

IERG4090 Lab00 P.5

3) To add a link between labvpc-1:Ethernet0 and SW1:Ethernet0/0

Click on labvpc-1 Select eth0

Click on SW1 Select Ethernet0/0

They are connected

4) Move the mouse arrow over a link, the link will be highlighted in RED with a message describing the connection.

5) To delete a link, move the mouse arrow over a link, right click and then select the “Delete” from the menu.

Note: You have to restart lab-vpc1 (lab-vpc) if the link is deleted and reconnected. To restart a device, move the mouse arrow over the device, right click and then select the “Reload” item on the menu.

IERG4090 Lab00 P.6

After “Reload”, the console on the Terminal screen will be gone. Click “Console” on the sub-menu to display labvpc-1’s console on the terminal again.

6) Similarly connect the devices together as shown in the diagram below:

- To exit from “Add a link” mode, click the “Add a link” button again to toggle the mode.

7) Save the project

- Click the “Save project” button on the top menu to save the topology.

IERG4090 Lab00 P.7

Procedures for starting the simulation:

1) Clicking the “Start/Resume all devices” button on the top menu to start up all devices:

2) All devices are turned on. The link color on the devices will change from RED to GREEN when they are started.

IERG4090 Lab00 P.8

Procedure to configure network devices:

1) To configure devices, click the “Console connect to all devices” button on the top menu:

- A terminal will be popped up showing all devices tab on the left.

2) To select the console of SW2, click the “SW2” tab on the left. The title will be changed to the current terminal “SW2”.

IERG4090 Lab00 P.9

3) To configure SW1, click the SW1 tab on the left of the terminal.

- The terminal screen should show the privilege exec mode of SW1. It is indicated by the “#” sign in the prompt:

SW1# - In privilege exec mode, you are the super-user and you have the privilege to configure everything in the

device.

4) To switch to user exec mode, use the command “disable”.

SW1#disable SW1>

- The prompt will change from “#” to “>”. It is the mode that general users can obtain limited information

about the device.

5) To switch to privilege exec mode, use the command “enable”

SW1>enable SW1#

6) To get the information of all interfaces in SW1:

SW1#show interface status Port Name Status Vlan Duplex Speed Type Et0/0 connected 1 auto auto unknown Et0/1 connected 1 auto auto unknown Et0/2 connected trunk auto auto unknown Et0/3 connected trunk auto auto unknown - The Status shows “connected”. It means that they are in enabled state. - The Vlan shows “1” for Et0/0. It is an access port . - The Vlan shows “trunk” for Et0/2 and Et0/3. They are negotiated as trunk port with neighbor switches.

7) To configure the device, in the privileged exec mode, change to the “global configuration mode” by:

SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#

8) To configure an interface, say, Ethenet0/1 (Nothing is connected to this interface), change to the

console into “interface configuration mode” by:

SW1(config)#interface e0/1

9) To shutdown an interface, use “shutdown” command under the “interface configuration mode”:

SW1(config-if)#shutdown SW1(config-if)# *Jan 10 01:26:52.042: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down *Jan 10 01:26:53.042: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down

- Note: In Cisco IOS, use the prefix “no” to reverse a command. E.g. Use “no shutdown” to bring up an

interface.

IERG4090 Lab00 P.10

10) After configuration, return to the privilege exec mode by:

SW1(config-if)#end SW1# *Dec 12 10:58:49.127: %SYS-5-CONFIG_I: Configured from console by console SW1# Summary of walking around different configuration mode: User EXEC mode: SW1>

To Privilege EXEC mode: SW1>enable SW1#

To Global Configuration Mode: SW1#configure terminal SW1(config)#

To Interface Configuration Mode: SW1(config)#interface e0/0 SW1(config-if)#

Return to Global Configuration Mode: SW1(config-if)#exit SW1(config)#

Return to Privilege EXEC mode: SW1(config)#exit SW1#

Return to User EXEC mode: SW1#disable SW1>

11) Check the interface status by:

SW1#show interface status Port Name Status Vlan Duplex Speed Type Et0/0 connected 1 auto auto unknown Et0/1 disabled 1 auto auto unknown Et0/2 connected trunk auto auto unknown Et0/3 connected trunk auto auto unknown

- The status of Ethernet0/1 becomes “disabled” now.

12) According to the network diagram, the switch ports SW1:e0/2 and SW1:e0/3 are connected to SW2

and SW3 respectively. Enable the interfaces simultaneously by:

SW1(config)#interface range e0/2 - 3

- By default, the operation mode of switch ports are negotiated dynamically. To change the mode of switch port into static access mode (carries only a single vlan):

SW1(config-if-range)#switchport mode access SW1(config-if-range)#end SW1#

13) Verify the interface status again:

SW1#show interfaces status Port Name Status Vlan Duplex Speed Type Et0/0 connected 1 auto auto unknown Et0/1 disabled 1 auto auto unknown Et0/2 connected 1 auto auto unknown Et0/3 connected 1 auto auto unknown

IERG4090 Lab00 P.11

14) Similarly, enable the interfaces e0/0, e0/2 and e0/3 on SW2 and SW3. Command shortcut is used in the configuration as shown below:

SW2:

SW2# SW2#conf? To show the command(s) beginning with “conf” Configure The only command is “configure” The shortcut “conf” can replace “configure” SW2#conf ? To show the command(s) beginning with command “configure “ confirm Confirm replacement of running-config with a new config file memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP network host replace Replace the running-config with a new config file revert Parameters for reverting the configuration terminal Configure from the terminal <cr> SW2#conf t? To show the command(s) beginning with “t” terminal The only command is “terminal” The shortcut “t” can replace “terminal” SW2#conf t Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#int e0/1 SW2(config-if)#shut *Jan 10 01:29:32.012: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down *Jan 10 01:29:33.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down SW2(config-if)#int range e0/2 - 3 SW2(config-if-range)#sw mo ac SW2(config-if-range)#end SW2#sh int status Port Name Status Vlan Duplex Speed Type Et0/0 connected 1 auto auto unknown Et0/1 disabled 1 auto auto unknown Et0/2 connected 1 auto auto unknown Et0/3 connected 1 auto auto unknown SW3: SW3#conf t Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#int e0/1 SW3(config-if)# shut SW3(config-if)# *Jan 10 01:29:32.012: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down *Jan 10 01:29:33.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down SW3(config-if)#int range e0/2 - 3 SW3(config-if-range)#sw mo ac SW3(config-if-range)#end *Dec 22 03:03:36.868: %SYS-5-CONFIG_I: Configured from console by console SW3#sh int status Port Name Status Vlan Duplex Speed Type Et0/0 connected 1 auto auto unknown Et0/1 disabled 1 auto auto unknown Et0/2 connected 1 auto auto unknown

IERG4090 Lab00 P.12 Et0/3 connected 1 auto auto unknown

15) To save the configuration in switch:

SW1#wr Building configuration... Compressed configuration from 1225 bytes to 824 bytes[OK] SW1#

- Similarly, save the configuration in SW2 and SW3.

16) For further information about Cisco IOS Basics, please google with keyword “introduction to Cisco IOS CLI”.

Procedures for Docker container (labvpc) configurations:

- In the past, end devices (e.g. hosts) are simulated by routers. The purpose is to use “ping” and “traceroute” for verification of network accessibility.

- With host running in docker, it can replace routers to act as end devices. - Docker provides the ability to run an application in a loosely isolated environment called a container. The

isolation and security allow the system to run many containers simultaneously. - The docker container (labvpc) can execute a few network commands like “ping” and “traceroute”.

1) Configure IP address of labvpc-1, labvpc-2 and labvpc-3:

labvpc-1 10.0.0.1/24 labvpc-2 10.0.0.2/24 labvpc-3 10.0.0.3/24 Modify the network configuration of labvpc as shown below:

Move the mouse over the device, left click and select Configure

Click Edit to modify the network configuration

IERG4090 Lab00 P.13

The network configuration window is shown

Modify the network setting as shown and click Save

Click OK to make the changes. Note: The labvpc will be restarted.

2) Verify the configured IP address by:

Select Console to access the terminal.

IERG4090 Lab00 P.14

bash-4.3# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 9E:B7:0A:08:BA:12 inet addr:10.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::9cb7:aff:fe08:ba12%32691/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:24 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3015 (2.9 KiB) TX bytes:648 (648.0 B) bash-4.3#

3) Similarly, configure IP address for labvpc-2 and labvpc-3. Verification of network connectivity:

1) At labvpc-1, perform PING test to labvpc-2 and labvpc-3:

bash-4.3# ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2): 56 data bytes 64 bytes from 10.0.0.2: seq=0 ttl=64 time=1.152 ms 64 bytes from 10.0.0.2: seq=1 ttl=64 time=0.403 ms 64 bytes from 10.0.0.2: seq=2 ttl=64 time=0.494 ms 64 bytes from 10.0.0.2: seq=3 ttl=64 time=0.412 ms ^C --- 10.0.0.2 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.403/0.615/1.152 ms bash-4.3# ping 10.0.0.3 PING 10.0.0.3 (10.0.0.3): 56 data bytes 64 bytes from 10.0.0.3: seq=0 ttl=64 time=1.676 ms 64 bytes from 10.0.0.3: seq=1 ttl=64 time=0.475 ms 64 bytes from 10.0.0.3: seq=2 ttl=64 time=0.510 ms 64 bytes from 10.0.0.3: seq=3 ttl=64 time=0.497 ms ^C --- 10.0.0.3 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.475/0.789/1.676 ms bash-4.3#

Discovering directly connected neighbors of a device:

- To show which devices are connected, use the following command: SW1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID SW2 Eth 0/2 156 R S I Linux Uni Eth 0/3 SW3 Eth 0/3 156 R S I Linux Uni Eth 0/3 SW1#

- The “Device ID” column shows the neighbor device being discovered. - The “Port ID” column shows the interface of the neighbor device being discovered. - The “Local Intrfce” column shows the interface of the device discovering the neighbor.

IERG4090 Lab00 P.15

Procedures for packet capture

1) Select the port to capture packet - Move the mouse over the link (between SW1 and SW2). - The link turns red. - Right click on the red link. A sub-menu comes out. - Select “Start capture”

- A “Packet capture” windows pops up showing the port to be captured.

- Select SW2:e0/3 and click OK button

- Wireshark is started automatically and packets are captured in real time. - In the Wireshark, some spanning tree frames are captured which are shown in the Packet List Pane.

- To view the details information of a frame, click the small triangle in the Packet Details Pane.

IERG4090 Lab00 P.16

2) On labvpc-2, perform PING to labvpc-3: bash-4.3# ping 10.0.0.3 PING 10.0.0.3 (10.0.0.3): 56 data bytes 64 bytes from 10.0.0.3: seq=0 ttl=64 time=2.032 ms 64 bytes from 10.0.0.3: seq=1 ttl=64 time=0.713 ms 64 bytes from 10.0.0.3: seq=2 ttl=64 time=0.675 ms 64 bytes from 10.0.0.3: seq=3 ttl=64 time=0.675 ms - Some ICMP frames are captured and appeared on the Wireshark screen in real time.

3) To stop the capture - On GNS3, move the mouse over the link and the link turns to red. - Right click on the link and select “Stop capture”. This stops packet capture in the Wireshark.

- Wireshark has stopped the packet capture.

4) On the Wireshark, move the scroll bar on the right until ICMP frames are displayed.

IERG4090 Lab00 P.17 - According to the Wireshark output:

o ARP request is sent by labvpc-2 (10.0.0.2). o ARP response is sent by labvpc-3 (10.0.0.3) with MAC Address 00:50:79:66:68:03 o Five pairs of Echo request and Echo reply follows.

4) Packet filter on Wireshark - To only display particular type of packets on Wireshark, say, ICMP packet - On the “Filter” textbox, type in “icmp” and then click “Apply” button

- The Wireshark only shows ICMP packets on screen.

Check list when a Lab is completed?

1) Have you saved the configurations of all devices? 2) Have you stop all devices and saved the project? 3) Have you restart GNS3, load the project and start all devices for verifications?

--- End of Lab--- Note on lab submission:

- After finish the lab, save the configurations in all devices. Then save the projects in GNS3. - Exit the GNS3 and then restart the lab again. Make sure that your setup can be recovered. If not, you have to

do the lab again until you can save your setup properly. If the tutor cannot recover your lab, it will be scored with ZERO mark even you have submitted lab report properly.

- In the command prompt, go to “/home/gns3/GNS3/projects/IERG4090”. Archive your lab directory by the command “sudo tar cfz XXX.tar.gz XXX” where XXX is the folder name of your lab.

- Retrieve the archive file via SCP or “Copy and Paste” to your desktop computer. - ZIP the lab report and the lab archive into a single file with filename “SID_LabXX.zip” where “SID” is your

student ID and “XX” is the lab number. - Submit it to the tutor via eLearning system.