Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen: gns3-02
en:ausbildung:gns3-02

Inhaltsverzeichnis

Task 3 - Setting up a topology with pfSense firewall and virtual Cisco switch

In task 3, the GNS3 VM is installed on the basis of the already realised GNS3 environment. The GNS3 VM is a Linux VM with an integrated GNS3 server. The GNS3-VM makes it possible to bypass the limitations (lack of support for QEMU) of Windows and run the network simulations directly on a Linux controller. The GNS3-VM can be run in various virtualisation environments. In this task, a complex topology with a pfSense firewall and a virtual Cisco switch is to be set up in the GNS3-VM. The following diagram illustrates the TARGET status of this task:

Topology Task 3 Target state

The main area (workspace) shows the target topology: As in task 1, two VPCSs are to be connected to a switch. However, the switch is not the built-in switch from GNS3 but a virtual Cisco switch with the Internetwork Operating System Software (IOS) as the operating system. A pfSense firewall serves as a gateway for the network, which is connected to the host network on the WAN side via the virbr0 bridge. In the „Servers Summary“ area, it can be seen that the GNS3 server of the GNS3 VM is now active in addition to the local GNS3 server. All nodes are realised on the GNS3 VM.

Task 3 comprises several subtasks:

3.1 Creating the components required in GNS3 [only necessary for local installation]
3.2 Creating the target topology
3.3 Testing the solution

3.1 Creating the components required in GNS3 [only necessary for local installation]

A GNS3 environment is available on the server side in Rafisa: http://gns3.rafisa.org

A local installation of GNS3 is therefore not necessary. If you still want to install GNS3 locally, read on. Otherwise, go directly to Task 2.2.

Downloading the GNS3 VM

The first step is to download the GNS3 VM from gns3.org. The following video shows what you need to pay attention to:

Installing a virtualisation environment and importing the GNS3-VM

A virtualisation environment is required to host the GNS3-VM. VMware Workstation is still officially recommended Pro1). However, since version 6.1 VirtualBox2) also has the nested virtualisation feature for Intel-CPU's3). This feature enables virtualisation within virtualisation, e.g. the creation of a virtual switch within the GNS3 VM. The following video shows how the GNS3 VM is installed under VMware. We used VirtualBox for our testing and everything worked perfectly. Please decide for yourself which of the two solutions you want to use. The 30-day trial version of VMware Workstation Pro can be used.

The following video shows how to install the GNS3 VM under VMware. The steps can practically be transferred 1:1 to VirtualBox.

Important notes

☛ Make sure that the version of the GNS VM matches the installed version of GNS3

The GNS3 VM is started by GNS3 via API call, do not start it manually from the GUI of VMware or VirtualBox

Memory and virtual processor cores are also allocated via GNS3 and not directly in the virtualisation environment

☛ Always allow the GNS3 VM to boot before starting work

Allocate as much memory to the GNS3 VM as is possible from the host system. The default allocation of 2048MB is very tight, especially if a pfSense firewall is to be installed

☛ All templates and their instances are installed in the GNS3 VM in this task

Creating the Cisco L2 template using a Cisco VIRL image

A major advantage of GNS3 is that the Marketplace4) templates are offered for devices from well-known manufacturers of network devices. For example, so-called Cisco VIRL images - developed for Cisco's own virtualisation platform Virtual Internet Routing Lab (VIRL)5) virtualisation platform - can be used within GNS3.

The following video explains how to integrate a VIRL image into the GNS3 VM and use it to create a template for a fully-managed Cisco switch with the Cisco Operating System (IOS):

Here is the link to the licenced VIRL image: </ignore>CiscoIOSvL2

Once the VIRL image has been successfully imported, a new template for the CiscoIOSvL2 switch can be found in the template area on the left. The template can now be dragged into the workspace of the GNS3-VM to start setting up the topology.

Creating the pfSense template

A pfSense template must now be created. To do this, a new template is first created in the „All Devices“ view:

Opening a new template

Select pfSense from the Firewalls drop-down menu:

Firewall template

Then select the GNS3-VM as the installation location. In the following screen you can see which versions of pfSense6) of GNS3 are supported. The files are still all set to missing. As soon as the missing files have been downloaded to the Downloads folder (default), click on Refresh. The files will then be imported automatically. If this does not work, try the import button.

pfSense versions

pfSense can be obtained from the following URL: https://docs-v1.gns3.com/appliances/pfsense.html. Make sure to select the AMD64-ISO version 2.4.5p1:

pfSense versions

Please also note that the downloaded image must first be unzipped. Once the installation has been successfully completed, you will now see the pfSense icon in the device list. You can drag this icon into the workspace to complete your topology.

Important notes

☛ Make sure that you have a version of pfSense supported by GNS3

☛ Select the AMD64 ISO of pfSense for download

The ISO comes zipped, unzip it, otherwise it will not be recognised by GNS3

3.2 Creating the target topology

Specifications for the topology to be created

All templates required to build the topology should now be available. The following network should be created:

Topology Task 3 Target state

  • CiscoIOSvL2 (Managed Cisco Switch from template); host name: Switch 1; default number of interfaces; IP address: 192.168.1.2/24; gateway: 192.168.1.1
  • PC1 (built-in VPCS; host name: PC1; IP address: DHCP; DHCP server: 192.168.1.1
  • PC2 (built-in VPCS; host name: PC2; IP address: DHCP; DHCP server: 192.168.1.1
  • pfSense (pfSense-FW from template): Hostname: FW1; 2 interfaces: LAN + WAN; LAN IP (em1): 192.168.1.1/24; WAN IP (em0): DHCP
  • Cloud1 (connection to host network): Hostname: Cloud1; Bridge

Important notes

☛ If you change a configuration on the Cisco switch, ALWAYS SAVE IT! Otherwise, all the settings you have made will be lost! Save by entering „copy running-config startup-config“ in Privileged EXEC mode. This saves the configuration.

The number of interfaces for switches and firewalls is set in the menu Configure menu (right-click on the device) (reduce from 6 to 2 on pfSense)

☛ Quick references for configuring the switch can be found here:
Using the Command-Line Interface7): Table 1-1 shows the commands that can be used to access the corresponding config modes of the switch Configure an IP address on a Cisco IOS switch8): Here you will find the commands to set the IP address of the switch.

pfSense can be accessed via the console after starting (right-click on Device, Console select Console). The following tutorial can be used for the basic configuration via the console: https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html

☛ After the basic installation, pfSense can be configured via the web interface. To do this, add a minilinux with Firefox from the templates:

The pfSense web interface can be accessed via the IP address 192.168.1.1 (User: admin, PW: pfsense). A DHCP server is active on the pfSense, so you only need to connect the Minilinux with Firefox to the switch, after which you should automatically be assigned a suitable IP.

☛ Two devices are available for connecting to the host network and ultimately to the Internet: the cloud and the NAT device. The two devices are the bridge (cloud) familiar from other virtualisation solutions and the connection via a virtual NAT router. With bridging, the network is connected directly to a network interface. The cloud device is used in the target topology.

3.3 Testing the solution

Download the test protocol

Please use the following form to test the solution: Test protocol, which you can download as an ODT template (Libre Office):

ODT export test protocol

Replace the notes in italics with your content. What you want to test and how and how many test cases you need is up to you. The testing must cover the most important aspects of your solution of your solution. As completion of the task the test protocol to your Wekan order upload.

Important notes

☛ Suggestions for testing: Ping tests for all hosts and the Internet; screenshot of the topology; screenshots of the device information (tooltips)

1)
https://www.vmware.com/ch/products/workstation-pro.html
2)
https://www.virtualbox.org/
3)
https://www.youtube.com/watch?v=JMT2qimIL9Q&feature=youtu.be&ab_channel=DavidBombal
4)
https://www.gns3.com/marketplace
5)
https://learningnetwork.cisco.com/s/article/what-is-virl-virtual-internet-routing-lab-x
6)
https://pfsense.org
7)
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_46_se/command/reference/cr1/intro.pdf
8)
https://study-ccna.com/configure-an-ip-address-on-a-switch/
en/ausbildung/gns3-02.txt · Zuletzt geändert: 2023/12/07 17:28 von e.rueefli