Connect GNS3 lab to real world equipment

Connect GNS3 lab to real world equipment

Connect GNS3 lab to real world equipment

As I was studying for an exam, I needed a lab with routers and layer 2/3 switches in order to prepare properly. While GNS3 is very good in emulating Cisco IOS routers, it still lacks the ability to fully emulate Catalyst switches. I have some physical routers and switches available, but the routers does not have any serial interfaces, which I needed in this particular lab. In the same lab, I needed access to some of the features in the switches, which cannot be emulated in GNS3. So why not run routers in GNS3 and connect them to some real physical switches?

This can be done in several ways, and the most simple is having a bunch of NICs on the computer running GNS3 and using these to connect the physical switches. I don’t have that, so this was not an option for me. Another way of doing this, is using VLANs and creating a 802.1Q trunk on the computers NIC and connect this to a trunk port on a breakout switch. The switchports are then used to connect the lab switches with the GNS3 lab routers – simple, right? πŸ™‚

Apparently, the recommended switch for doing this is a Catalyst 3750, which is quite expensive, but it is also possible to use less expensive switches, although with reduced functionality. I tried with a Catalyst 3650 compact model (8 ports), and it worked great – even better than expected!

I tested it first with the Windows versions of GNS3, but it never got to work properly; or, at least I did not have enough patience to get it working :). Therefore, I made myself an Ubuntu installation running of a USB3 stick, so I would be able to use it on my work laptop, without messing with the existing operating system.

 

OS configuration – Ubuntu

These configurations steps will make the VLAN interfaces persistent and disable all IP/IPv6 services on them.

First, install and activate vlan support in the operating system.


sudo apt-get install vlan

Enable the 8021q module to the kernel at boot time, by adding this line in the /etc/modules configuration file


8021q

Create the VLAN interfaces, by adding N number of interfaces to the /etc/network/interfaces configuration file. I have used eth0 as the physical interface represented by the vlan_raw_device eth0. Because I do not want ANY IP configuration on the interface, the inet protocol is set to manual.


auto vlan101
iface vlan101 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

IPv6 will still be active on the VLAN interfaces (if IPv6 is enabled globally on the system), and this needs to be disabled as well. I don’t want to disable IPv6 all over, but only for the VLAN interfaces. This is done by adding the following for each interface to the /etc/sysctl.conf configuration file.


net.ipv6.conf.vlan101.disable_ipv6 = 1

These are all the configurations on my system for 8 VLAN interfaces

/etc/modules


8021q

 

/etc/network/interfaces


auto vlan101
iface vlan101 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan102
iface vlan102 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan103
iface vlan103 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan104
iface vlan104 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan105
iface vlan105 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan106
iface vlan106 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan107
iface vlan107 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

auto vlan108
iface vlan108 inet manual
vlan_raw_device eth0
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

/etc/sysctl.conf


# Disable ipv6 for specific interfaces
net.ipv6.conf.vlan101.disable_ipv6 = 1
net.ipv6.conf.vlan102.disable_ipv6 = 1
net.ipv6.conf.vlan103.disable_ipv6 = 1
net.ipv6.conf.vlan104.disable_ipv6 = 1
net.ipv6.conf.vlan105.disable_ipv6 = 1
net.ipv6.conf.vlan106.disable_ipv6 = 1
net.ipv6.conf.vlan107.disable_ipv6 = 1
net.ipv6.conf.vlan108.disable_ipv6 = 1

Partial output from ifconfig

ifconfig

 

Breakout switch configuration

c3560c

On the breakout switch, first create the VLANs.

vtp mode transparent
vlan dot1q tag native
vlan 101-108

Configure a 802.1Q trunk port which connects to the PC with the needed VLANs allowed. Disable CDP to make sure the breakout switch itself will not show up as a CDP neighbor.


interface GigabitEthernet0/1
description PC UPLINK
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101-108
switchport mode trunk
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast trunk

Configure the ports for the lab switches. The switchport mode is set til dot1q-tunnel to make it possible for the lab to pass VLAN tags between the GNS3 routers and physical world – this is a Q-in-Q tunnel.


interface FastEthernet0/1
switchport access vlan 101
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast

This is my configuration for 8 breakout interfaces and an uplink


!
system mtu 1546
!
vtp mode transparent
!
vlan dot1q tag native
!
vlan 101-108
!
interface GigabitEthernet0/1
description PC UPLINK
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101-108
switchport mode trunk
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast trunk
!
interface FastEthernet0/1
switchport access vlan 101
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 102
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 103
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 104
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 105
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 106
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 107
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 108
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree portfast
!

GNS3 Topology

GNS3 needs to run under administrative privileges to be able to directly connect to the NIC. In the topology, add a Cloud device, which can be found under End devices. You can change the icon to match whatever you like, i.e. if you connect a router to a layer 3 switch, change the cloud icon to a multilayer switch. In the topology shown below, the two distribution layer switches are actually cloud devices with a changed icon.

GNS3-topo

Right click on the cloud device, and choose Configure. Under the configuration pane, you can add connection points to the device. Here is an example, where the DLS01 Cloud device is having a connection to the vlan101 interface.

GNS3-Cloud-config

If more connections are needed in a single cloud device, just add additional vlan interfaces to the device. In the breakout switch the vlan is associated with a switchport, and that port is virtually available inside GNS3.

 

Layer 1/2 verification

Screenshots from R1 and DLS01 proves that Layer 1 and 2 are working in both directions.

 

r1-cdp-neighbors

dls01-cdp-neighbors

Happy labbin’…. πŸ™‚