Wednesday, September 28, 2011

Emulating a Multi Layer Switch in GNS3

As most of you know, you can get switch-like capabilities in GNS3 by inserting a NM-16ESW in to a compatible router. This is necessary because at present, dynamips is unable to emulate a real switch. This is because Cisco switches use hardware ASICs to perform their duties and unfortunately it is difficult/impossible for this to be emulated in software.

This is not so bad though as you may find you can get quite a lot done with an NM-16ESW. You can even use it to emulate a multilayer switch, as I will now demonstrate using the following topology:



As you can see by the interface numbers on R1 (f1/0, f1/1 and f1/2), I'm only using the router's NM-16ESW module, not its integrated layer 3 ports.

Using the "no switchport" command on R1's fa1/0 port will turn it in to a layer 3 interface, and therefore will allow me to assign an IP address to it:

R1(config)#interface FastEthernet1/0
R1(config-if)# no switchport
R1(config-if)# ip address 10.1.1.1 255.255.255.252


Next, I'll configure VLAN10 and 20. (Unfortunately the NM-16ESW requires you use the older "VLAN database" command as opposed to the newer "vlan" command that multilayer switches use):

R1#vlan database
R1(vlan)#vlan 10
R1(vlan)#vlan 20
R1(vlan)#apply

R1(vlan)#exit

Now that the VLAN interfaces are created, I can now assign IP addresses to them:

R1(config)#interface Vlan10
R1(config-if)# ip address 10.10.10.1 255.255.255.252
R1(config-if)#interface Vlan20
R1(config-if)# ip address 10.20.20.1 255.255.255.252


I can also assign ports to the VLANs too. As per the diagram, port Fa1/1 is to be put in VLAN10 and port Fa1/2 is to be put in VLAN20:

R1(config-if)#interface FastEthernet1/1
R1(config-if)# switchport access vlan 10
R1(config-if)#interface FastEthernet1/2
R1(config-if)# switchport access vlan 20


And that's it for R1 at this stage.

In regards the VLAN10, VLAN20 and R2 routers, they  all have very simple configurations, as shown below:

VLAN10:

interface FastEthernet0/0
 ip address 10.10.10.2 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1


VLAN20:

 interface FastEthernet0/0
 ip address 10.20.20.2 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 10.20.20.1


R2:

interface FastEthernet0/0
 ip address 10.1.1.2 255.255.255.252

!
ip route 0.0.0.0 0.0.0.0 10.1.1.1


One other thing to note is that as the connection between R1 and R2 is layer 3, you could remove the default route from R2's configuration and use a routing protocol such as EIGRP to advertise the accessible routes instead:

R1:

router eigrp 10
 network 10.1.1.1 0.0.0.0
 network 10.10.10.1 0.0.0.0
 network 10.20.20.1 0.0.0.0
 no auto-summary


R2:

router eigrp 10
 network 10.1.1.2 0.0.0.0
 no auto-summary
!
no ip route 0.0.0.0 0.0.0.0 10.1.1.1

After performing the above changes, the routing table will look like  this:

R2(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 3 subnets
D       10.20.20.0 [90/284160] via 10.1.1.1, 00:34:06, FastEthernet0/0
D       10.10.10.0 [90/284160] via 10.1.1.1, 00:36:41, FastEthernet0/0
C       10.1.1.0 is directly connected, FastEthernet0/0



As always, if you have any questions or have a topic that you would like me to discuss, please feel free to post a comment at the bottom of this blog entry, e-mail at myciscolabsblog@gmail.com, or drop me a message on Twitter (@OzNetNerd).

Note: This website is my personal blog. The opinions expressed in this blog are my own and not those of my employer.

Saturday, September 24, 2011

GNS3 Duplex Mismatch Messages

When Cisco devices are connected to one another and CDP is enabled (which it is by default), if one port is configured as full duplex but the other is configured as half duplex, the two devices will log "duplex mismatch" messages. This can be very helpful in the real world.  However, when using GNS3 these messages can appear for no reason at all, and they will constantly reappear, over and over again. Things get worse when you've got one router connected to two others, as was the case in the example below: 

01:43:20.579: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:43:20.911: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:44:20.839: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:45:20.567: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:45:20.971: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:46:20.607: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:46:20.935: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:47:20.579: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:47:20.983: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).

As the duplex mismatch is found through CDP, you could always disable CDP on all of your GNS3 routers to stop these messages appear. However, this is not may not be an ideal solution for you, especially if you've got a large lab network. The other alternative is to issue the following command: 

R3(config)#no cdp log mismatch duplex

This command stops the log messages appearing, while still leaving CDP enabled.

As always, if you have any questions or have a topic that you would like me to discuss, please feel free to post a comment at the bottom of this blog entry, or you can send me an e-mail at myciscolabsblog@gmail.com


Note: This website is my personal blog. The opinions expressed in this blog are my own and not those of my employer.

Friday, September 23, 2011

GNS3 IOS Memory Errors

Update: Please see this page for a fix to this issue.

The other day I decided to upgrade my GNS3 IOS to c3725-adventerprisek9-mz.124-15.T14.bin. All seemed to be going well until I tried to issued the "ip nat inside" command on one of the interfaces...

R1(config)#int fa0/0
R1(config-if)#ip nat inside
% NBAR ERROR: parsing stopped
% NBAR Error : Activation failed due to insufficient dynamic memory
% NBAR Error: Stile could not add protocol node
%NAT: Error activating CNBAR on the interface FastEthernet0/0
*Mar  1 00:00:27.307: %SYS-2-MALLOCFAIL: Memory allocation of 10260 bytes failed from 0x62912920, alignment 0
Pool: Processor  Free: 13696  Cause: Memory fragmentation
Alternate Pool: None  Free: 0  Cause: No Alternate pool
 -Process= "Exec", ipl= 0, pid= 94,  -Traceback= 0x61488C44 0x60015E58 0x6001BDB8 0x6001C410 0x636726CC 0x62912928 0x628F12D8 0x628F6E7C 0x628F25B4 0x628F7104 0x628F25B4 0x628F257C 0x628F4F90 0x628F25B4 0x628F2778 0x62925C0
*Mar  1 00:00:27.311: %NBAR-2-NOMEMORY: No memory available for StILE lmalloc,  -Traceback= 0x61488C44 0x62912944 0x628F12D8 0x628F6E7C 0x628F25B4 0x628F7104 0x628F25B4 0x628F257C 0x628F4F90 0x628F25B4 0x628F2778 0x62925C08 0x6293066C 0x6291D81C 0x6293ABBC 0x6293AF3C
R1(config-if)#
*Mar  1 00:00:27.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
*Mar  1 00:00:30.263: %AAA-3-ACCT_LOW_MEM_UID_FAIL: AAA unable to create UID for incoming calls due to insufficient processor memory


Things got worse when I tried issueed the "ip nat outside" command on the other interface... 

R1(config-if)#int fa0/1
R1(config-if)#ip nat outside
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR ERROR: symbol addition
% NBAR Error : Activation failed due to insufficient dynamic memory
% NBAR Error: Stile could not add protocol node
%NAT: Error activating CNBAR on the interface FastEthernet0/1


Then the router complained some more when I issued the "ip nat inside source" command... 

R1(config-if)#ip nat inside source list TEST int fa0/0
R1(config)#
*Mar  1 00:01:28.651: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x625B21C8, alignment 0
Pool: Processor  Free: 8836  Cause: Not enough free memory
Alternate Pool: None  Free: 0  Cause: No Alternate pool
 -Process= "Exec", ipl= 0, pid= 94,  -Traceback= 0x61488C44 0x60015E58 0x6001BDB8 0x6001C2C4 0x625B21D0 0x625B3818 0x6254A408 0x62509078 0x625C223C 0x6255B8E0 0x6257DAE8 0x61CDB278 0x61CDB518 0x61C70178 0x61C7596C 0x614D5078
*Mar  1 00:01:28.671: CCE_CP: Can't cce_create_class_group: Can't allocate class group id.


After seeing all this, I got to work trying to resolve the issue. As the log messages clearly say, there is insufficient memory. So I thought I'd just upgrade the memory allocated to the router and all should be well. Unfortunately, all was not well. After increasing the memory and rebooting the router, I received the following error message in the GNS3 Console: 

=> *** Warning: ghostsize is to small for device R1. Increase it with the ghostsize option.

I can only assume that this "ghostsize" option relates to Ghostios, which, according to the GNS3 Quick Start guide is used to: 

"Significantly reduce the amount of real host RAM needed for labs with multiple routers running the same IOS image. With this feature, instead of each virtual router storing an identical copy of IOS in its virtual RAM, the host will allocate one shared region of memory that they will all utilize. So for example, if you are running 10 routers all with the same IOS image, and that image is 60 MB in size you will save 9*60 = 540 MB of real RAM when running your lab. Ghostios is enabled, by default, in GNS3."

A very useful application indeed. However, after an hour or so of searching, I was unable to find any information about the ghostsize option or its syntax, so I had no other option but to return to using my previous IOS, c3725-advipservicesk9-mz.124-4.T8.bin. I know it is old, but it has been reliable and up to this date, has supported all of the features I have needed, so I'm happy to continue using it.

Update: Please see this page for a fix to this issue.

As always, if you have any questions or have a topic that you would like me to discuss, please feel free to post a comment at the bottom of this blog entry, e-mail at myciscolabsblog@gmail.com, or drop me a message on Twitter (@OzNetNerd).

Note: This website is my personal blog. The opinions expressed in this blog are my own and not those of my employer.

Sunday, September 18, 2011

Connecting Your PC to Your Virtual GNS3 Routers

Update: Please also see my "Virtual Equipment + Physical Equipment = Big Lab" post for more information.

As you already know, GNS3 allows you to create virtual routers on your PC. What some people struggle with is connecting their physical PC to their virtual GNS3 network. In this blog entry, I'll explain how this can be done using GNS3's cloud object.

Note: Before you make any changes to your PC's routing table (as per the instructions below), please make sure you know what your doing. Changing the routing table may cause you to lose network connectivity to parts of your network. If this happens to you, rebooting your PC should resolve the issue.

Note: Once the PC is connected to the virtual GNS3 network, it will act as if it were connected to a real network. For example, you will be able to use it has a DHCP server,Web server, Syslog server, packet sniffer, etc, as well as a normal networked PC.

Note: PC Firewall software as well as Malware Prevention software installed on your PC can prevent this process from working. If you find this guide does not work for you, please disable all Firewall and Malware Prevention software and try again. 

1) First, you'll need to install a loopback adapter on your PC.

2) Next, you'll need to fire up GNS3 as an Administrator. To do this, you have to right click on the GNS3 icon, and select "Run as Administrator".

Note: Using an Administrator account is not enough. You still need to follow the above instruction.

3) Once GNS3 has started, locate the "Cloud" node in the "Node Types" panel and drag it in to the workspace.

4) Double click on the "Cloud" node, then, when the new screen opens click on the "NIO Ethernet" tab. At the top of the screen you'll see the "Generic Ethernet NIO (Administrator access required)" dropdown menu.

Click on the dropdown and select the "MS Loopback Adapter" option, then click "OK".

5) Next, create your GNS3 topology the way you normally would. Give a thought to your IP address plan too.

Note: Make sure your IP address plan does not conflict with the network that your physical PC connects to. Failing to do so may prevent your setup from working.

6)  Connect the Cloud node to one of the routers in your topology the same way you connect other devices to one another.

Once you have done the above, your GNS3 topology should look like this:




7) As you can see from the example topology above, the physical's PC's address is going to 10.50.50.2. To configure this, in Windows, navigate to the "Manage Network Connections" settings and locate your "MS Loopback Adapter". Configure the adapter with the above mentioned IP address.

8) Your PC will now be connected to the virtual network. This can be confirmed by sending a couple of pings: 

ping 10.50.50.1

Pinging 10.50.50.1 with 32 bytes of data:
Reply from 10.50.50.1: bytes=32 time=63ms TTL=255
Reply from 10.50.50.1: bytes=32 time=62ms TTL=255
Reply from 10.50.50.1: bytes=32 time=32ms TTL=255
Reply from 10.50.50.1: bytes=32 time=50ms TTL=255

Ping statistics for 10.50.50.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 63ms, Average = 51ms


However, pings to all other virtual network subnets will not work at this stage. This is because your PC will be using the default route configured on your physical network card to try to access these networks. To fix this, continue on to Step 9.

9) What you'll need to do now is install a route on your PC, telling it to route traffic destined to virtual networks through your loopback adapter.

For this example you'd need to issue the following command: 

route add 172.16.15.0 mask 255.255.255.0 10.50.50.2 

Note: You will need to add a route for every subnet you are using in your virtual GNS3 network and point it out of your loopback interface.

Once you have done that, your data will be able to flow freely between the virtual network and your physical PC.

And that's it! Your done!

Here is an example of a Syslog server running on the physical PC. It is receiving log messages from both R1 and R2 (10.50.50.1 and 172.16.15.2 respectively):




Update: Please also see my "Virtual Equipment + Physical Equipment = Big Lab" post for more information.

UPDATE
Please see my new website for a step by step guide, including screenshots and network diagrams.

As always, if you have any questions or have a topic that you would like me to discuss, please feel free to post a comment at the bottom of this blog entry, e-mail at myciscolabsblog@gmail.com, or drop me a message on Twitter (@OzNetNerd).

Note: This website is my personal blog. The opinions expressed in this blog are my own and not those of my employer.