paulmataruso/cml-community
1
0
Fork 0
mirror of https://github.com/CiscoDevNet/cml-community.git synced 2025-10-23 16:13:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: paulmataruso:ccnaprep
Branches Tags
paulmataruso:master paulmataruso:code-server.custom.01.4.102 paulmataruso:ccnaprep paulmataruso:aaa-tacacs-topology paulmataruso:remote-backup
...
compare: paulmataruso:code-server.custom.01.4.102
Branches Tags
paulmataruso:master paulmataruso:code-server.custom.01.4.102 paulmataruso:ccnaprep paulmataruso:aaa-tacacs-topology paulmataruso:remote-backup

41 Commits
ccnaprep ... code-serve

Author SHA1 Message Date
Hank Preston
80db952042 Initial Code Server Custom Commit 2025-08-01 13:03:00 -04:00
Hank Preston
675e7d491c Merge pull request #65 from jcpmunizie/fix-missing-libnsl-dev 
Add libnsl-dev to the aaa-tacacs-exploration lab topologies
 2025-07-21 08:54:38 -04:00
Joe Clarke
ef9821a504 Synchronize to get re-runs to work on the latest repo. 2025-07-20 04:52:06 -04:00
Joe Clarke
cc711f220e Add ext4 as a provision disk type. 2025-07-20 04:37:59 -04:00
branoTaran
2d3049f918 SIMPLE-7648: Added configuration to the ISE node definition (#62) 
* SIMPLE-7648: Added configuration to the ISE node definition

* Added Windows 11 node-definition from simple.

* Fixed typo

* Update ise.yaml

Updated some of the parameters of the config content; Commented all parameters which are not required to run ISE; For some parameters kept the <...> description but added a sample input to help fill them in;
 2025-07-20 04:36:10 -04:00
branoTaran
c30265c1ee Simple win11 node definition (#64) 
* SIMPLE-7648: Added configuration to the ISE node definition

* Added Windows 11 node-definition from simple.

* Fixed typo

* Reverted ise.yaml to upstream state
 2025-07-20 04:35:46 -04:00
Joe Clarke
a0f1f4b6aa Pet markdown lint. 2025-07-12 17:24:05 -04:00
Joe Clarke
91def995a0 Add the CML Sizing Calculator. 2025-07-12 15:47:59 -04:00
Joe Clarke
f9801dddfc Remove submodules in favor of READMEs. 
Also, add a new script, the cml-exporter.
 2025-07-12 15:41:21 -04:00
Joao Muniz
e0045ff571 Add libnsl-dev as it's a required dependency to compile tac_plus package used in aaa-tacacs-exploration lab topology 2025-07-07 02:01:26 +01:00
CML-TAC
12aef0e592 Added JUNOS vSwitch and vRouter node definitions. (#57) 2025-06-27 15:10:47 -04:00
Joe Clarke
e94e1a5669 Fix a typo. 2025-06-10 11:08:40 -04:00
Joe Clarke
6aeb469bf2 Add links to the other HV docs. 2025-06-09 21:26:00 -04:00
Joe Clarke
202c430cf4 Sync to latest eve2cml 2025-06-01 09:55:44 -04:00
Joe Clarke
00665a7564 Remove the Webex link. 2025-06-01 09:53:10 -04:00
Joe Clarke
3952e23fa0 Update Sandbox image. 2025-06-01 09:51:28 -04:00
Joe Clarke
e22d6a170b Update the main CML image. 2025-06-01 09:48:46 -04:00
Joe Clarke
4106a62170 Sync to latest ciscolive-brkcrt-2059 2025-06-01 09:45:29 -04:00
Joe Clarke
a0925ec081 Update schema for CML 2.9. 2025-05-25 15:08:31 -04:00
Ralph Schmieder
0683e4af4a Add autostart script and documentation (#63) 
Add a script to be deployed on CML that allows labs marked with "(autostart)" in their descriptions to be started as soon as the CML server boots up.
 2025-05-20 15:19:25 -04:00
Joe Clarke
c9f06ab4c6 Remove dead submodule. 
Reported by:	Tomas Mikuska
 2025-05-14 05:05:52 -04:00
Hank Preston
8d16025b29 Add CCNA Prep S2E7 - SNMP 2025-04-30 12:45:29 -04:00
Hank Preston
54dc0a6c4e CCNA Prep S2E6 - Syslog 2025-04-17 10:46:45 -04:00
Joe Clarke
ad902c9602 Update with latest testing values. 2025-04-09 10:58:35 -04:00
Joe Clarke
385766c69f Add some modernization. 2025-04-09 09:43:12 -04:00
Joe Clarke
4cc9778d53 Reduce memory RAM to 1 MB. 2025-04-09 09:38:15 -04:00
Hank Preston
79c0df82aa Added S02E05 NTP to list 2025-03-26 12:24:30 -04:00
Hank Preston
2b5b77ceb2 CCNA Prep S02E05 NTP Resources 2025-03-26 12:23:24 -04:00
dependabot[bot]
ea6f212a88 Bump jinja2 from 3.1.5 to 3.1.6 in /scripts/brk2iterm (#61) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.5...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-26 00:09:55 -04:00
Chris McCoy
ecae100078 Document Node Definition that supports a vEOS day0 config (#60) 
* Correct ordering of interfaces.  Management1 is the first interface, followed by Ethernet1 and the rest.
* Document how to create a base image after SWI completes
* Tests good with vEOS 4.33.2F 64-bit
 2025-03-22 22:19:45 -04:00
Hank Preston
0b7bb154f8 updated CCNA Prep main README wiht details for Season 2 2025-03-19 09:55:25 -04:00
Hank Preston
568e961235 CCNA Prep S02Ep04 SSH Resources 2025-03-19 09:51:27 -04:00
Hank Preston
1f510d7b08 CCNA Prep S2E3 NAT Resources 2025-03-09 09:29:59 -04:00
dependabot[bot]
a4205b4bfe Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/brk2iterm (#58) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-01 08:52:02 -05:00
Joe Clarke
9aabef36f5 Fix typo. 2025-03-01 08:49:33 -05:00
Joe Clarke
a9cdfb5a71 Add support for sim parameters. 2025-02-28 14:10:53 -05:00
Joe Clarke
a37d7651b3 Add a VLAN tasks topology tailored for CML Free. 2025-02-23 10:26:14 -05:00
Hank Preston
8f1cbca437 Adding Episodes 1 and 2 from CCNA Prep 2025-02-04 10:16:46 -05:00
Greg Neujahr
0095977080 Updated CML on Hyper-V Documentation (#56) 
* docs: added documentation for running CML on hyper-v

* docs: Updated hyper-v instructions with recommended comments
 2025-01-08 11:25:52 -05:00
Greg Neujahr
1e71172679 docs: added documentation for running CML on hyper-v (#55) 
Initial revision.  More refinements to come.
 2024-12-29 18:58:23 -05:00
Hank Preston
3d899609cf Adding CCNA Prep Resources (#54) 
* CCNA Prep Season 1 Resources

* typo fixes
 2024-12-12 16:51:33 -05:00
101 changed files with 21444 additions and 172 deletions
Expand all files Collapse all files

2
.github/workflows/nd_validation.yaml vendored
View File

@@ -2,9 +2,11 @@ name: Node definition schema check
on:
push:
types: [synchronize]
paths:
- 'node-definitions/**/*.yaml'
pull_request:
types: [synchronize]
paths:
- 'node-definitions/**/*.yaml'

30
.gitmodules vendored
View File

@@ -1,30 +0,0 @@
[submodule "use-cases/cml-class-automation"]
path = use-cases/cml-class-automation
url = https://github.com/CiscoDevNet/cml-class-automation
[submodule "use-cases/cml-cicd"]
path = use-cases/cml-cicd
url = https://github.com/CiscoDevNet/cml-cicd
[submodule "use-cases/dst-automation"]
path = use-cases/dst-automation
url = https://github.com/CiscoDevNet/dst-automation
[submodule "use-cases/virlutils"]
path = use-cases/virlutils
url = https://github.com/CiscoDevNet/virlutils
[submodule "use-cases/ansible-cml"]
path = use-cases/ansible-cml
url = https://github.com/CiscoDevNet/ansible-cml
[submodule "use-cases/cml-nxos-l3-edge-fabric"]
path = use-cases/cml-nxos-l3-edge-fabric
url = https://github.com/charliefenwick/cml-nxos-l3-edge-fabric
[submodule "use-cases/sdwan-devops"]
path = use-cases/sdwan-devops
url = https://github.com/CiscoDevNet/sdwan-devops
[submodule "lab-topologies/ciscolive-brkcrt-2059"]
path = lab-topologies/ciscolive-brkcrt-2059
url = https://github.com/CiscoLearning/ciscolive-brkcrt-2059.git
[submodule "use-cases/cloud-cml"]
path = use-cases/cloud-cml
url = https://github.com/CiscoDevNet/cloud-cml.git
[submodule "scripts/eve2cml"]
path = scripts/eve2cml
url = https://github.com/CiscoDevNet/eve2cml.git

36
README.md
View File

@@ -4,47 +4,53 @@
Community Contributed Content and Resources for Cisco Modeling Labs
![](readme_images/cml-labmanager.jpg)
![CML Screenshot](readme_images/cml-lab.png)
## Repository Description
[Cisco Modeling Labs](http://developer.cisco.com/modeling-labs) (CML) is a network simulation platform from Cisco that allows for the creation of robust network topologies made up of nearly anything you can imagine. It supports virtual machine based devices using QCOW or KVM format, and can be tied into physical components by "bridging" the simulation to the real world.
This repository is intended to be a place for the CML community to find and share content that builds on top of the standard CML installation. Examples of this content include:
CML is officially supported on bare-metal x86\_64 servers and in VMware ESXi and VMware Workstation virtual machines.
Unofficially, CML can be installed onto [HyperV](documentation/cml_on_hyperv.md), [Proxmox](documentation/cml_on_proxmox.md),
and [Nutanix AHV](documentation/cml_on_nutanix.md).
This repository is intended to be a place for the CML community to find and share content that builds on top of the standard CML installation. Examples of this content include:
### Node and Image Definition Files
Included with CML is a library of ["reference platforms"](https://developer.cisco.com/docs/modeling-labs/#!reference-platforms-and-images) for a variety of Cisco network devices as well as images for Linux servers, traffic generators, unmanaged devices, etc. However, CML allows a "bring your own image" model for any KVM supported image. While we **cannot** share the actual QCOW image files for nodes that require proper licensing and rights from individual platform owners, we can post the CML YAML file definitions that have been created to support different platforms from Cisco as well as third party vendors.
The folder structure of this repository reflect the folder structure and naming conventions used on the CML server itself for storing the definitions.
Included with CML is a library of ["reference platforms"](https://developer.cisco.com/docs/modeling-labs/#!reference-platforms-and-images) for a variety of Cisco network devices as well as images for Linux servers, traffic generators, unmanaged devices, etc. However, CML allows a "bring your own image" model for any KVM supported image. While we **cannot** share the actual QCOW image files for nodes that require proper licensing and rights from individual platform owners, we can post the CML YAML file definitions that have been created to support different platforms from Cisco as well as third party vendors.
The folder structure of this repository reflect the folder structure and naming conventions used on the CML server itself for storing the definitions.
* [node-definitions](node-definitions) - Folder containing YAML file definitions for a CML node. The YAML file includes details on how the VM would be configured (ie CPU, RAM, Network Adapters, etc).
* [virl-base-images](virl-base-images) - Folder containing a folder for each added platform disk image. Within each platform folder you will find a YAML file that references a specific `disk_image` file for a platform. A base image definition will reference a node definition.
* *Note: You will need to download the disk images from the vendors yourself.*
* **Note: You will need to download the disk images from the vendors yourself.**
When deciding how many total resources you need to use CML, consult the [CML Sizing Calculator](documentation/cml_sizing_calculator.xlsx).
### Sample Lab Topologies
### Sample Lab Topologies
CML includes a series of Sample Labs that are available from the Tools menu in Lab Manager, however these are just a start of the possible network simulations that can be created. Within this repository users of CML can find, or share, network topologies that have been created to highlight a specific type of simulation challenge.
> Note: Sample Lab Topologies from this repository may leverage nodes that are **NOT** included with the standard reference platform for CML. Be sure to look at the requirements for any given lab topology.
> Note: Sample Lab Topologies from this repository may leverage nodes that are **NOT** included with the standard reference platform for CML. Be sure to look at the requirements for any given lab topology.
## DevNet Sandbox
A great way to make your repo easy for others to use is to provide a link to a [DevNet Sandbox](https://developer.cisco.com/site/sandbox/) that provides a network or other resources required to use this code. In addition to identifying an appropriate sandbox, be sure to provide instructions and any configuration necessary to run your code with the sandbox.
If you are new to Cisco Modeling Labs, you can explore and test drive CML within [DevNet Sandbox](https://developer.cisco.com/site/sandbox/). Just search for "Cisco Modeling" from the Sandbox Catalog.
If you are new to Cisco Modeling Labs, you can explore and test drive CML within [DevNet Sandbox](https://developer.cisco.com/site/sandbox/). Just search for "Cisco Modeling" from the Sandbox Catalog.
![](readme_images/sandbox-catalog-cml.jpg)
![DevNet Sandbox Screenshot](readme_images/sandbox-catalog-cml.png)
## Getting help
Instruct users how to get help with this code; this might include links to an issues list, wiki, mailing list, etc.
**Example**
### Example
If you have questions, concerns, bug reports, etc., please create an issue against this repository.
If you've questions on using CML, here are some places to checkout:
* [Cisco Modeling Labs Support](https://developer.cisco.com/docs/modeling-labs/#!support)
* [Cisco Modeling Labs Webex Teams Space](https://eurl.io/#bWHTbWz1Z)
If you've questions on using CML, post them to our [CML community](https://developer.cisco.com/docs/modeling-labs/#!support).
## Getting involved

74
documentation/cml_on_hyperv.md Normal file
View File

@@ -0,0 +1,74 @@
# CML on Hyper-V
These instructions explain how to deploy CML as a virtual machine (VM) that runs on Hyper-V on Windows. (When deploying to Hyper-V, you do not need to install VMware Workstation on your local system.) You will need a version of Windows that supports and provides the Hyper-V feature. Recent versions of Windows Pro and Windows Enterprise should work. Windows Server 2016 should also include Hyper-V, but the steps to deploy on Windows Server may differ slightly. These instructions will probably not work on other editions of Windows, such as Windows 11 Home. YMMV.
These instructions were tested on Windows 11 Enterprise but should work for other editions of Windows that meet the requirements.
## Requirements
- Windows 10 Pro/Enterprise or later, Server 2016 or later
- Hyper-V windows feature installed and enabled
## Setup
### Enable Hyper-V
To enable Hyper-V on Windows refer to these [instructions](https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/). The steps below are a summary of what is provided in the linked documentation.
- Open the **Control Panel**
- Click **Programs** and then **Programs and Features**
- Click **Turn Windows Features on or off**
- Check the checkbox for the top-level **Hyper-V** feature to enable all Hyper-V features
- Click **OK**
- Reboot when asked
### Create Hyper-V Bridged Network
By default, the CML VM will only be visible from your local host OS where Hyper-V is running. If you would like to access the CML VM from a different host on your network, you must create a bridged network in Hyper-V. You will also need to create a Hyper-V bridged network if you would like to send traffic into a lab running on the CML VM from another host or device on your network. See the CML documentation on [external connectors](https://developer.cisco.com/docs/modeling-labs/external-connectors/) for further information.
If you only plan to access the CML instance or the labs running in CML from the local machine where Hyper-V is running, you can skip these steps.
- Launch the Hyper-V GUI
- In the menu on the right of the screen, click **Virtual Switch Manager**
- In the **Create virtual switch** section, select **External** and click **Create Virtual Switch**
- From the list of external network cards, select a network card connected to your local network
- Click **OK** to save the changes
If you skip the above steps and decide later to utilize external network connections, you can follow the above instructions later. However, you will need to edit the virtual machine settings (created below) and change the associated _Virtual Switch_ to one created above to enable external connections.
### Create Hyper-V Virtual Machine
Before proceeding with the following steps, make sure to [download the latest CML ISO](https://developer.cisco.com/docs/modeling-labs/downloading-files-for-cml-installation/). For this step you do **NOT** need the _refplat_ ISO image, only the ISO for the _bare metal installation_.
#### Initial Creation
- Open the Hyper-V GUI from the windows start menu
- In the menu on the right of the screen, click **New** and **Virtual Machine** to open the **New Virtual Machine Wizard**
- Click **Next** on the **Before You Begin** screen if it was not previously dismissed
- On the **Specify a Name and Location** screen, use a **Name** without spaces to avoid quoting/escaping issues
- On the **Specify Generation** screen, select **Generation 2**
- On the **Assign Memory** screen, assign sufficient memory to meet the requirements for CML, as well as any labs you wish to run. Refer to the [CML documentation](https://developer.cisco.com/docs/modeling-labs/system-requirements/).
- Do **NOT** use dynamic memory
- **ATTENTION** Using dynamic memory with the CML VM will have a negative impact on the performance on your labs running in the CML VM. The nodes in your network simulation use nested virtualization, and using dynamic memory in Hyper-V can cause _significant_ performance problems because of page swapping.
- On the **Configure Networking** screen, connect the network adapter to either the external network (created above) or the default Hyper-V virtual switch (if you wish to only access CML from the host machine)
- On the **Connect Virtual Hard Disk** screen, assign sufficient disk space to meet the requirements for CML, as well as labs you wish to run. Refer to the [CML documentation](https://developer.cisco.com/docs/modeling-labs/system-requirements/).
- On the **Installation Options** screen, select **Install an Operating System Later**
- Click **Finish** to create the VM. Note the name of the VM you created for the following steps.
#### Additional Settings
- Right click the virtual machine you just created in the **Virtual Machines** list and select **Settings**
- Click the **Security** tab in the left menu
- In the **Security Settings** section, uncheck **Enable Secure Boot** on the right to disable it
- Click the **Processor** tab in the left menu
- In the **Processor** section, adjust **Number of Virtual Processors** according to the CML requirements and your lab demands. Refer to the [CML documentation](https://developer.cisco.com/docs/modeling-labs/system-requirements/).
- Click the **SCSI Controller** tab in the left menu
- In the **SCSI Controller** section, select **DVD Drive** and click **Add**.
- Under the **Media** section, select **Image File** and click **Browse** to select the CML bare metal installation ISO you downloaded earlier
- Click **OK** to save the configuration changes. Do **NOT** start the VM yet.
### Enable Nested Virtualization
- Open a PowerShell prompt as an administrator
- Run
```powershell
PS C:\> Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
```
`<VMName>` should be replaced with your VM name from above. Quote appropriately if it contains spaces.
### Boot the Virtual Machine and configure CML
- Double click the CML VM in the **Virtual Machines** list
- Click the green **Start** button in the toolbar
- Follow the [CML instructions](https://developer.cisco.com/docs/modeling-labs/bare-metal-installation-bare-metal-installation/) for a bare metal installation

BIN
documentation/cml_sizing_calculator.xlsx Normal file
View File

Binary file not shown.

1
lab-topologies/aaa-tacacs-exploration/Snack_Minute_AAA_TACACS_Exploration.yaml
View File

@@ -223,6 +223,7 @@ nodes:
- flex
- bison
- libwrap0-dev
- libnsl-dev
write_files:
# Create the tac_plus configuration file

1
lab-topologies/aaa-tacacs-exploration/aaa-exploration-ios-nxos.yaml
View File

@@ -499,6 +499,7 @@ nodes:
- bison
- libwrap0-dev
- python3.10-venv
- libnsl-dev
write_files:
# Create the tac_plus configuration file

33
lab-topologies/ccna-prep/README.md Normal file
View File

@@ -0,0 +1,33 @@
# CCNA Prep CML Resources
The CCNA Prep Program is a study resource put together by the Learning and Certifications team within Cisco to help engineers working towards earning their CCNA certification. Each session dives into a topic from the CCNA blueprint, exploring it through a hands on/labs driven approach. These hands on labs are run on Cisco Modeling Labs and include full lab guides that can be used after the session for anyone to practice and hone their skills as they prepare for their CCNA Exam. We are sharing the CML topology files with the CML Community for fun, learning and inspiration.
![](ccnaprep-01.jpg)
> Sign up for CCNA Prep and access recordings from sessions at: [CCNA Prep Program](https://learningnetwork.cisco.com/s/ccna-live-stream)
## CCNA Prep Hosts
The current hosts of the CCNA Prep Program are:
**Hank Preston:** I'm a Principal Engineer at Cisco Systems, and my journey in network engineering began with the CCNA. Over the years, I've earned multiple certifications, including CCNP, CCIE, and DevNet Expert. My passion for networking and teaching has led me to help engineers worldwide through Cisco's learning and certification programs.
**Patrick Gargano:** As a Lead Content Advocate and Instructor at Cisco Learning & Certifications, I am responsible for developing and delivering official Cisco course content. I started my CCNA journey in 2000 when I became a Cisco Networking Academy instructor. Since then, I've authored Cisco Press books and achieved multiple Cisco certifications. The CCNA was a pivotal point in my career, and I'm excited to share my experiences and insights with you.
## Season 1 (Fall 2024) - Back to Basics
1. [Mastering VLAN Configuration: Unlock the power of VLANs](s1e1/README.md)
1. [Spanning Tree Protocol (STP) Unleashed: Navigate network efficiency](s1e2/README.md)
1. [Building Resilient Links with EtherChannel: Gain EtherChannel excellence](s1e3/README.md)
1. [Routing Fundamentals & Static Routes: Master concepts and static routes](s1e4/README.md)
1. [Conquering OSPF: Optimize your network with OSPF](s1e5/README.md)
1. [The Router's Guild: Adventures in AD, Metrics, and Prefix Lengths](s1e4/README.md)
1. [GET a Head(er) of REST APIs for the CCNA Certification](s1e7/README.md)
## Season 2 (Spring 2025) - IP Services
1. [DHCP in Action: Streamlining Network Client Address Management](s2e1/README.md)
1. [DNS Deepdive: Exploring a Backbone of Network Communication”](s2e2/README.md)
1. [Navigating NAT: Bridging Private Networks to the Internet](s2e3/README.md)
1. [Securing Network Access: From Telnet to SSH](s2e4/README.md)
1. [Syncing Success: The Role of NTP in Network Operations](s2e5/README.md)
1. [The Syslog Detective: Unraveling Network Mysteries](s2e6/README.md)
1. [Simplifying SNMP: Delivery Data for Network Operation Dashboards](s2e7/README.md)

BIN
lab-topologies/ccna-prep/ccnaprep-01.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 179 KiB

BIN
lab-topologies/ccna-prep/s1e1/CCNA Prep S01 E01 Lab Guide.pdf Normal file
View File

Binary file not shown.

2262
lab-topologies/ccna-prep/s1e1/CCNA_Prep_2024_S1E1_Mastering_VLANs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

5
lab-topologies/ccna-prep/s1e1/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Mastering VLAN Configuration: Unlock the Power of VLANs
*Abstract*: Join our exciting live stream to master VLAN configuration and discover the complete capabilities of VLANs in your network. Whether you're just starting out or seeking to enhance your existing skills, this session will offer valuable insights and practical techniques to improve your network management. Don't miss this chance to elevate your networking expertise to new heights!
![](s1e1-vlan.jpeg)

BIN
lab-topologies/ccna-prep/s1e1/s1e1-vlan.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
lab-topologies/ccna-prep/s1e2/CCNA Prep S01 E02 Lab Guide.pdf Normal file
View File

Binary file not shown.

1833
lab-topologies/ccna-prep/s1e2/CCNA_Prep_2024_S1E2_STP.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

5
lab-topologies/ccna-prep/s1e2/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Spanning Tree Protocol (STP) Unleashed: Navigate Network Efficiency
*Abstract:* Navigate the landscape of network optimization with this live stream event dedicated to the Spanning Tree Protocol (STP). Our subject matter experts will guide through the essentials of STP configuration and management, ensuring you can navigate network efficiency with confidence. In addition, you'll be equipped with the necessary tools and knowledge to optimize your network. Get ready to master the Spanning Tree Protocol and see its full capabilities in action.
![](s1e2-stp.jpeg)

BIN
lab-topologies/ccna-prep/s1e2/s1e2-stp.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 134 KiB

BIN
lab-topologies/ccna-prep/s1e3/CCNA Prep S01 E03 Lab Guide.pdf Normal file
View File

Binary file not shown.

1753
lab-topologies/ccna-prep/s1e3/CCNA_Prep_2024_S1E3_EtherChannel.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

5
lab-topologies/ccna-prep/s1e3/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Building Resilient Links with EtherChannel: Gain EtherChannel Excellence
*Abstract:* Learn the secrets to establishing robust and efficient network links in our comprehensive live stream event on EtherChannel. This session is crafted to provide a thorough understanding of EtherChannel concepts and configurations, helping you achieve excellence in network resilience and performance. Enhance your network management skills and master the art of building resilient links with EtherChannel.
![](s1e3-etherchannel.jpeg)

BIN
lab-topologies/ccna-prep/s1e3/s1e3-etherchannel.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 210 KiB

BIN
lab-topologies/ccna-prep/s1e4/CCNA Prep S01 E04 Guide.pdf Normal file
View File

Binary file not shown.

2718
lab-topologies/ccna-prep/s1e4/CCNA_Prep_2024_S1E4_Static_Routing.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

10
lab-topologies/ccna-prep/s1e4/README.md Normal file
View File

@@ -0,0 +1,10 @@
# Routing Fundamentals & Static Routes: Master Concepts and Static Routes
*Abstract:* Ready to advance your networking skills? Dive into our specialized live stream on Routing Fundamentals and Static Routes. Designed to lay a strong foundation in routing principles, this session provides the practical knowledge required to effectively configure static routes. Gain critical insights and hands-on tools to master routing concepts and ensure your network operates smoothly and efficiently. By the end of this session, you will have enhanced your network management capabilities.
> CCNA Prep returned to this topology for a second session:
> **The Router's Guild: Adventures in AD, Metrics, and Prefix Lengths**
>
> Starting where Episode 4 left off, this session will revisit the concepts of administrative distance, metric, and prefix length, and how they are used to build the routing table and make packet forwarding decisions.
![](s1e4-staticroute.jpeg)

BIN
lab-topologies/ccna-prep/s1e4/s1e4-staticroute.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 154 KiB

BIN
lab-topologies/ccna-prep/s1e5/CCNA Prep S01 EP05 Lab Guide.pdf Normal file
View File

Binary file not shown.

1438
lab-topologies/ccna-prep/s1e5/CCNA_Prep_2024_S1E5_Conquering_OSPF.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

4
lab-topologies/ccna-prep/s1e5/README.md Normal file
View File

@@ -0,0 +1,4 @@
# Conquering OSPF: Optimize Your Network with OSPF
*Abstract:* Maximize your network's potential with our in-depth focus on OSPF. This live stream event is tailored to help you master OSPF and optimize your network through dynamic routing and effective path selection. Perfect for networking professionals aiming to deepen their expertise, you'll be provided with the skills needed to ensure your network runs at peak performance. Join us to conquer OSPF and elevate your network optimization skills.
![](s1e5-ospf.jpeg)

BIN
lab-topologies/ccna-prep/s1e5/s1e5-ospf.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 180 KiB

BIN
lab-topologies/ccna-prep/s1e7/CCNA Prep S01 E07 Lab Guide.pdf Normal file
View File

Binary file not shown.

1178
lab-topologies/ccna-prep/s1e7/CCNA_Prep_2024_S1E7_REST_APIs.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

5
lab-topologies/ccna-prep/s1e7/README.md Normal file
View File

@@ -0,0 +1,5 @@
# GET a Head(er) of REST APIs for the CCNA Certification
*Abstract:* It is time to dive into network automation skills needed to succeed in the journey towards your CCNA certification. Learn everything you need to describe authentication, decode any possible CRUD operation, and handle JSON and XML results when working with REST APIs in this bonus CCNA Prep webinar.
![](s1e7-rest.jpeg)

BIN
lab-topologies/ccna-prep/s1e7/s1e7-rest.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 222 KiB

922
lab-topologies/ccna-prep/s2e1/CCNA_Prep_2025_-_S2E1_-_DHCP.yaml Normal file
View File

@@ -0,0 +1,922 @@
annotations:
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: 192.168.1.0/24
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -440.0
y1: -120.0
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: 192.168.2.0/24
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 40.0
y1: -120.0
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#1820C8'
rotation: 0
text_bold: false
text_content: DHCP Client
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 4.334521504159601
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#1820C8'
rotation: 0
text_bold: false
text_content: DHCP Client
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 120.0
y1: 4.334521504159601
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#1820C8'
rotation: 0
text_bold: false
text_content: DHCP Server
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -331.9199341364389
y1: -240.0
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: ''
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 160.0
y1: -200.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: OSPF AREA 0
text_font: monospace
text_italic: false
text_size: 16
text_unit: pt
thickness: 1
type: text
x1: -200.0
y1: 40.0
z_index: 4
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: 10.1.1.0/30
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -193.49821774376065
y1: -191.33095699168084
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: DNS Server 8.8.8.8
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 95.2436807701726
y1: -348.7528058356377
z_index: 5
- border_color: '#00000000'
border_style: ''
color: '#1820C8'
rotation: 0
text_bold: false
text_content: DHCP Client
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 37.8327392479203
y1: -226.9964354875213
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: 'CCNA Exam Prep: Back to Networking Basics with Hank Preston and
Patrick Gargano (Season 2)'
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -1125.258776447585
y1: -407.1581438914021
z_index: 6
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: 'DHCP in Action: Streamlining Network Client Address Management'
text_font: monospace
text_italic: false
text_size: 18
text_unit: pt
thickness: 1
type: text
x1: -1127.7286604756591
y1: -380.50714500921066
z_index: 7
- border_color: '#00000000'
border_style: ''
color: '#4557D2'
rotation: 0
text_bold: false
text_content: |-
In this lab, we will explore how to:
* Configure a router as an IPv4 DHCP Client
* Configure a Router as an IPv4 DHCP Server
* Configure an IPv4 DHCP Relay
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -1140.7773154740125
y1: 22.337510119328677
z_index: 8
- border_color: '#00000000'
border_style: ''
color: '#2A3FCC'
rotation: 0
text_bold: false
text_content: |-
Dynamic Host Configuration Protocol (DHCP) is a network protocol
that lets network administrators manage and automate the assignment
of IP addresses.
Without DHCP for IPv4, the administrator must manually assign
and configure IP addresses, preferred DNS servers, and default
gateways.
As the network grows in size, this becomes an administrative
problem when devices are moved from one internal network to another.
Related CCNA v1.1 exam topic:
4.3 Explain the role of DHCP and DNS within the network
4.6 Configure and verify DHCP client and relay
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -1132.1896418060846
y1: -324.20038804830887
z_index: 9
- border_color: '#808080FF'
border_radius: 0
border_style: ''
color: '#70BE58'
thickness: 1
type: rectangle
x1: -513.2157309182571
y1: -270.3112384285854
x2: 765.0004137890356
y2: 338.9822192837643
z_index: -3
nodes:
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname RTR1
!
interface range Ethernet 0/0 - 3
no ip address
shutdown
!
int e0/0
ip address 10.1.1.1 255.255.255.252
no shut
!
int e0/1
ip address 192.168.1.1 255.255.255.0
no shut
!
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
router-id 0.0.0.1
!
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n0
image_definition: null
label: RTR1
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: -280
y: -201
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname RTR2
!
interface range Ethernet 0/0 - 3
no ip address
shutdown
!
int e0/0
ip address 10.1.1.2 255.255.255.252
ip nat inside
no shut
!
int e0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
no shut
!
int e0/3
ip nat outside
no ip address
shutdown
!
router ospf 1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
router-id 0.0.0.2
default-information originate
!
access-list 1 permit any
!
ip nat inside source list 1 interface e0/3 overload
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n1
image_definition: null
label: RTR2
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: -1
y: -199
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname PC2
# configurable user account
USERNAME=cisco
PASSWORD=cisco
iface eth0 inet dhcp
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: PC2
node_definition: desktop
parameters: {}
ram: null
tags: []
x: 160
y: -40
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname PC1
# configurable user account
USERNAME=cisco
PASSWORD=cisco
iface eth0 inet dhcp
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: PC1
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -440
y: -40
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: hostname ASW1
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: ASW1
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: -280
y: -40
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: 'hostname ASW2
'
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n5
image_definition: null
label: ASW2
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: 0
y: -40
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n6
image_definition: null
label: Internet
node_definition: external_connector
parameters: {}
ram: null
tags: []
x: 120
y: -320
interfaces:
- id: i0
label: port
slot: 0
type: physical
links:
- id: l0
n1: n0
n2: n1
i1: i1
i2: i1
conditioning: {}
label: RTR1-Ethernet0/0<->RTR2-Ethernet0/0
- id: l1
n1: n0
n2: n4
i1: i2
i2: i2
conditioning: {}
label: RTR1-Ethernet0/1<->ASW1-Ethernet0/1
- id: l2
n1: n1
n2: n5
i1: i2
i2: i2
conditioning: {}
label: RTR2-Ethernet0/1<->ASW2-Ethernet0/1
- id: l3
n1: n4
n2: n3
i1: i1
i2: i0
conditioning: {}
label: ASW1-Ethernet0/0<->PC1-eth0
- id: l4
n1: n5
n2: n2
i1: i1
i2: i0
conditioning: {}
label: ASW2-Ethernet0/0<->PC2-eth0
- id: l5
n1: n1
n2: n6
i1: i4
i2: i0
conditioning: {}
label: RTR2-Ethernet0/3<->Internet-port
lab:
description: ''
notes: |-
<html><head><style>body {
color: black;
}
</style></head><body><p><strong>CCNA Exam Prep: Back to Networking Basics with Hank Preston and Patrick Gargano -- Season 2</strong></p>
<h1 id="dhcp-in-action-streamlining-network-client-address-management">DHCP in Action: Streamlining Network Client Address Management</h1>
<p>Dynamic Host Configuration Protocol (DHCP) is a network protocol that lets network administrators manage and automate the assignment of IP addresses.
Without DHCP for IPv4, the administrator must manually assign and configure IP addresses, preferred DNS servers, and default gateways. As the network grows in size, this becomes an administrative problem when devices are added or moved from one internal network to another.</p>
<p>Related CCNA v1.1 exam topic:</p>
<ul>
<li>4.3 Explain the role of DHCP and DNS within the network</li>
<li>4.6 Configure and verify DHCP client and relay</li>
</ul>
<p>In this lab, we will explore how to:</p>
<ul>
<li>Configure a router as an IPv4 DHCP Client</li>
<li>Configure a Router as an IPv4 DHCP Server </li>
<li>Configure an IPv4 DHCP Relay </li>
</ul>
<h2 id="setup-and-scenario">Setup and Scenario</h2>
<p>In this set of lab-based demonstrations, you are the network engineer for a growing organization tasked with updating the network to support new network needs. The network was originally deployed using static IPv4 addresses on all hosts and servers since the network was small, but now the network has grown and requires that IPv4 address assignment be automated and centralized on a DHCP server. </p>
<p>You&#39;ve been asked to: </p>
<ul>
<li>Configure RTR2 E0/3 to request and receive a dynamic IPv4 address from the ISP.</li>
<li>Configure RTR1 as an IPv4 DHCP server for the RTR1 LAN and RTR2 LAN.</li>
<li>Configure RTR2 as an IPv4 DHCP Relay Agent for the RTR2 LAN.</li>
</ul>
<p><em>Be sure to <strong>START</strong> the lab before continuing to the demo labs but do not power on PC1 or PC2 for now.</em></p>
<h2 id="part-1-reviewing-the-current-state-of-the-network">Part 1: Reviewing the Current State of the Network</h2>
<p>Before we jump into configuring DHCP across the network, let&#39;s check the current status of the network and how it is operating. </p>
<h3 id="step-1">Step 1</h3>
<p>Open a console connection to RTR1 and RTR2 and verify the OSPF configuration.</p>
<pre>
RTR1# <b>show run | section ospf</b>
router ospf 1
router-id 0.0.0.1
network 10.1.1.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
RTR2# <b>show run | section ospf</b>
router ospf 1
router-id 0.0.0.2
network 10.1.1.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.255 area 0
default-information originate
</pre>
Notice that both RTR1 and RTR2 are configured with OSPF process ID 1 and that all network statements are assigned to area 0. RTR2 is also configured with the `default-information originate` command that allows RTR2 to advertise a default route to other OSPF routers as long as RTR2 has a default route in its own routing table. RTR2 does not currently have a default route but this will be corrected in the next steps.
### Step 2
Verify the routing tables on RTR1 and RTR2
<pre>
RTR1# <b>show ip route</b>
<... output omitted ...>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Ethernet0/0
L 10.1.1.1/32 is directly connected, Ethernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.1/32 is directly connected, Ethernet0/1
O 192.168.2.0/24 [110/20] via 10.1.1.2, 2w3d, Ethernet0/0
RTR2# <b>show ip route</b>
<... output omitted ...>
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Ethernet0/0
L 10.1.1.2/32 is directly connected, Ethernet0/0
O 192.168.1.0/24 [110/20] via 10.1.1.1, 2w3d, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.1/32 is directly connected, Ethernet0/1
</pre>
<p>RTR1 is learning about the RTR2 LAN (192.168.2.0/24) and RTR2 is learning about the RTR1 LAN (192.168.1.0/24).</p>
<p>Also notice that RTR2 does not currently have a default route to advertise to RTR1.</p>
<h3 id="step-3">Step 3</h3>
<p>Verify the interfaces on RTR2</p>
<pre>
RTR2# <b>show ip interface brief</b>
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.1.1.2 YES TFTP up up
Ethernet0/1 192.168.2.1 YES TFTP up up
Ethernet0/2 unassigned YES TFTP administratively down down
Ethernet0/3 unassigned YES unset administratively down down
</pre>
<p>The internet-facing Ethernet0/3 interface is currently administratively down and has not IP address configured. You will correct this in the next part of the lab.</p>
<h2 id="part-2-configure-a-router-as-an-ipv4-dhcp-client">Part 2: Configure a router as an IPv4 DHCP Client</h2>
<p>The RTR2 Ethernet 0/3 interface is connected to the &quot;Internet&quot; external connector node in CML. This node acts as an ISP that provides dynamic IPv4 addresses to its clients. In this part of the lab, you will enable RTR2 to request and receive an IPv4 DHCP address on interface Ethernet 0/3. RTR2 will also automatically create a default route pointing to the ISP. RTR2 should then advertise this default route to RTR1 via OSPF.</p>
<h3 id="step-1">Step 1</h3>
<p>Configure RTR2 E0/3 as an IPv4 DHCP client and enable the interface. After the interface comes up, it should take about 10 seconds for the E0/3 to received its IPv4 address.</p>
<pre>
RTR2# <b>conf t</b>
Enter configuration commands, one per line. End with CNTL/Z.
RTR2(config)# <b>interface E0/3</b>
RTR2(config-if)# <b>ip address dhcp</b>
RTR2(config-if)# <b>no shutdown</b>
RTR2(config-if)#
*Jan 3 16:48:43.228: %LINK-3-UPDOWN: Interface Ethernet0/3, changed state to up
RTR2(config-if)#
*Jan 3 16:48:44.228: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/3, changed state to up
RTR2(config-if)#
<mark>*Jan 3 16:48:50.386: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/3 assigned DHCP address 192.168.255.141, mask 255.255.255.0, hostname RTR2</mark>
</pre>
<p>In the highlighted text above, notice that the interface is now configured with the 192.168.255.141/24 address. Use the <code>show ip interface brief</code> command to confirm the new DHCP address.</p>
<h3 id="step-2">Step 2</h3>
<p>Verify the routing table on RTR1 and RTR2. Both routers should now have a default route in its routing table.</p>
<pre>
RTR1# <b>show ip route</b>
<... output omitted ...>
<mark>Gateway of last resort is 10.1.1.2 to network 0.0.0.0</mark>
<mark>O*E2 0.0.0.0/0 [110/1] via 10.1.1.2, 00:06:47, Ethernet0/0</mark>
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Ethernet0/0
L 10.1.1.1/32 is directly connected, Ethernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.1/32 is directly connected, Ethernet0/1
O 192.168.2.0/24 [110/20] via 10.1.1.2, 2w3d, Ethernet0/0
RTR2# <b>show ip route </b>
<... output omitted ...>
<mark>Gateway of last resort is 192.168.255.1 to network 0.0.0.0</mark>
<mark>S* 0.0.0.0/0 [254/0] via 192.168.255.1</mark>
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Ethernet0/0
L 10.1.1.2/32 is directly connected, Ethernet0/0
O 192.168.1.0/24 [110/20] via 10.1.1.1, 2w3d, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.1/32 is directly connected, Ethernet0/1
192.168.255.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.255.0/24 is directly connected, Ethernet0/3
L 192.168.255.141/32 is directly connected, Ethernet0/3
</pre>
RTR2 is automatically configured with a static default route thanks to DHCP. RTR1 is learning the default route via OSPF thanks to an External Type 5 LSA being advertised by RTR2 because of the default-information originate command.
### Step 3
Verify connectivity from RTR1 and RTR2 to a public Internet address.
<pre>
RTR1# <b>ping 8.8.8.8</b>
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RTR2# <b>ping 8.8.8.8</b>
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
</pre>
Since RTR2 is configured with NAT (which will be covered in Season 2, Episode 3), both RTR1 and RTR2 are able to reach a public Internet address.
## Part 3: Configure a Router as an IPv4 DHCP Server
The Cisco IOS DHCP server is a full DHCP server implementation that assigns and manages IPv4 addresses from specified address pools within the device to DHCP clients. The DHCP server can be configured to assign additional parameters such as the IPv4 address of the DNS server and the default gateway. In this part of the lab, you will configure RTR1 as an IPv4 DHCP server for the RTR1 LAN and the RTR2 LAN.
### Step 1
Configure the IPv4 DHCP pool for the RTR1 LAN (192.168.1.0/24) and exclude the first five addresses of that network. Use the pool name RTR1_LAN.
<pre>
RTR1(config)# <b>ip dhcp pool RTR1_LAN</b>
RTR1(dhcp-config)# <b>network 192.168.1.0 /24</b>
RTR1(dhcp-config)# <b>default-router 192.168.1.1</b>
RTR1(dhcp-config)# <b>dns-server 8.8.8.8</b>
RTR1(dhcp-config)# <b>domain-name lab.example</b>
RTR1(dhcp-config)# <b>lease 0 12</b>
RTR1(dhcp-config)#exit
RTR1(config)# <b>ip dhcp excluded-address 192.168.1.1 192.168.1.5</b>
</pre>
In the configuration example above the, IPv4 addresses are assigned from the address pool 192.168.1.0/24 with a lease time of 12 hours. Additional parameters are the default gateway, domain name, and DNS server. Also, IPv4 addresses from 192.168.1.1 to 192.168.1.5 are not assigned to the end devices. Use the ``?`` option under the DHCP pool to investigate the different configuration options available.
### Step 2
Use the `show ip dhcp pool RTR1_LAN` command to investigate the DHCP pool configuration.
<pre>
RTR1# <b>show ip dhcp pool RTR1_LAN</b>
Pool RTR1_LAN :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 0
Excluded addresses : 5
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased/Excluded/Total
192.168.1.1 192.168.1.1 - 192.168.1.254 0 / 5 / 254
</pre>
The output confirms that 5 addresses are excluded from the total range and that there are currently no leased addresses.
### Step 3
Enable DHCP debugging on RTR1 and then start the PC1 device.
<pre>
RTR1# <b>debug ip dhcp server events</b>
DHCP server event debugging is on.
RTR1# <b>debug ip dhcp server packet</b>
DHCP server packet debugging is on.
</pre>
<p>Right-click on PC1 and select <strong>Start</strong>.</p>
<p>Within a few seconds you should see some DHCP debugging messages. If you scroll through them, you should find the four DHCP messages exchanged between PC1 and RTR1:</p>
<pre>
*Jan 6 15:34:45.855: <mark>DHCPD: DHCPDISCOVER</mark> received from client 0152.5400.1529.f9 on interface Ethernet0/1.
*Jan 6 15:34:47.856: <mark>DHCPD: Sending DHCPOFFER</mark> to client 0152.5400.1529.f9 (192.168.1.6).
*Jan 6 15:34:47.859: <mark>DHCPD: DHCPREQUEST received</mark> from client 0152.5400.1529.f9 on interface Ethernet0/1
*Jan 6 15:34:47.859: <mark>DHCPD: Sending DHCPACK</mark> to client 0152.5400.1529.f9 (192.168.1.6).
</pre>
In the output above, PC1 was assigned the 192.168.1.6 address by the DHCP server on RTR1.
### Step 4
Verify the IPv4 configuration on PC1 and test connectivity to the Internet.
Open the console on PC1. Use the `ip addr show dev eth0` command to verify its IPv4 configuration. PC1 will have an IP address from the 192.168.1.0/24 network.
<pre>
PC1:~$ <b>ip addr show dev eth0</b>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:15:29:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.6/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe15:29f9/64 scope link
valid_lft forever preferred_lft forever
</pre>
<p>Use the <code>ip route list</code> command to verify the PC&#39;s routing table. You should see the default gateway set to 192.168.1.1 which is the IP address of RTR1 E0/1.</p>
<pre>
PC1:~$ <b>ip route list</b>
<mark>default via 192.168.1.1 dev eth0 metric 202 </mark>
172.17.0.0/16 dev docker0 scope link src 172.17.0.1
192.168.1.0/24 dev eth0 scope link src 192.168.1.6
</pre>
<p>From the command prompt, ping the public DNS server at <strong>8.8.8.8</strong>. This ping should be successful.</p>
<p>Open a VNC connection to PC1 and use the browser to test connectivity to <strong>www.cisco.com</strong>. This test should also be successful since the DHCP server is configured to provide clients with the DNS server&#39;s IP address (8.8.8.8)</p>
<h3 id="step-5">Step 5</h3>
<p>Configure the IPv4 DHCP pool for the RTR2 LAN (192.168.2.0/24) and exclude the first five addresses of that network. Use the pool name RTR2_LAN.</p>
<pre>
RTR1(config)# <b>ip dhcp pool RTR2_LAN</b>
RTR1(dhcp-config)# <b>network 192.168.2.0 /24</b>
RTR1(dhcp-config)# <b>default-router 192.168.2.1</b>
RTR1(dhcp-config)# <b>dns-server 8.8.8.8</b>
RTR1(dhcp-config)# <b>domain-name lab.example</b>
RTR1(dhcp-config)# <b>lease 0 12</b>
RTR1(dhcp-config)#exit
RTR1(config)# <b>ip dhcp excluded-address 192.168.2.1 192.168.2.5</b>
</pre>
<h3 id="step-6">Step 6</h3>
<p>Start a packet capture on the link between RTR1 and RTR2 to capture the DHCP messages sent from PC2.</p>
<p> Right-click the link between RTR1 and RTR2 and click <strong>Packet Capture</strong>. In the packet capture tab, select Settings and add a BPF filter for DHCP packets. Cick <strong>Apply</strong> and then click <strong>Start</strong>.</p>
<p> Right-click on PC2 and select <strong>Start</strong> to boot up the device.</p>
<p> Return to the packet capture tab. You should not see any DHCP messages crossing the link between RTR1 and RTR2. Recall that DHCP messages from PC2 (DHCP Discover and DHCP Request) are broadcast messages and don&#39;t get forwarded off the local LAN by default. You will correct this issue in the next part of the lab.</p>
<h2 id="part-4-configure-an-ipv4-dhcp-relay">Part 4: Configure an IPv4 DHCP Relay</h2>
<p> A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used for forwarding requests and replies between clients and servers when they are not on the same subnet. DHCP requests are sent as broadcasts, and because routers don&#39;t forward broadcasts, you need a relay functionality to reach the DHCP server. In this part of the lab, you will configure RTR2 E0/1 as a DHCP relay agent. This will allow PC2 DHCP messages to be forwarded to RTR1.</p>
<p> To configure the DHCP relay agent to forward packets to a DHCP server, you need to enter the interface configuration mode using the interface interface command. Then, use the <code>ip helper-address</code> command to specify that the interface will forward UDP broadcasts, including BOOTP and DHCP, to the specified server address.</p>
<p> The <code>ip helper-address</code> command should be issued on the interface where the DHCP broadcasts are received.</p>
<p>These steps show how DHCP requests are processed when DHCP relay is used:</p>
<ol>
<li><p>A DHCP client broadcasts a DHCP request.</p>
</li>
<li><p>The DHCP relay device includes option 82 and sends the DHCP request as a unicast packet to the DHCP server. Option 82 includes remote ID and circuit ID information.</p>
</li>
<li><p>The DHCP server responds to the DHCP relay.</p>
</li>
<li><p>The DHCP relay strips off option 82 and sends the response to the DHCP client.</p>
<h3 id="step-1">Step 1</h3>
<p>Configure the DHCP relay functionality on RTR2 E0/1.</p>
</li>
</ol>
<pre>
RTR2(config)# <b>interface E0/1</b>
RTR2(config-if)# <b>ip helper-address 10.1.1.1</b>
</pre>
<p>The <code>ip helper-address</code> command tells RTR2 that any broadcasts received on E0/1 will be sent to the 10.1.1.1 address which is configured on RTR1 E0/0.</p>
<p>Stop and re-start PC2 to trigger the client&#39;s DHCP process again.</p>
<h3 id="step-2">Step 2</h3>
<p>Return to the packet capture tab to observe the DHCP messages that are now crossing the link between RTR1 and RTR2. Your output should be similar to what is shown below:</p>
<table>
<thead>
<tr>
<th>Time</th>
<th>Source</th>
<th>Destination</th>
<th>Protocol</th>
<th>Info</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>0.000000</code></td>
<td><code>192.168.2.1</code></td>
<td><code>10.1.1.1</code></td>
<td><code>DHCP</code></td>
<td><code>DHCP Discover - Transaction ID 0xba02f774</code></td>
</tr>
<tr>
<td><code>0.001355</code></td>
<td><code>10.1.1.1</code></td>
<td><code>192.168.2.1</code></td>
<td><code>DHCP</code></td>
<td><code>DHCP Offer - Transaction ID 0xba02f774</code></td>
</tr>
<tr>
<td><code>0.002901</code></td>
<td><code>192.168.2.1</code></td>
<td><code>10.1.1.1</code></td>
<td><code>DHCP</code></td>
<td><code>DHCP Request - Transaction ID 0xba02f774</code></td>
</tr>
<tr>
<td><code>0.003654</code></td>
<td><code>10.1.1.1</code></td>
<td><code>192.168.2.1</code></td>
<td><code>DHCP</code></td>
<td><code>DHCP ACK - Transaction ID 0xba02f774</code></td>
</tr>
</tbody>
</table>
<p>The packet capture confirms that DHCP Discover and DHCP Request received on RTR2 E0/1 are being relayed to 10.1.1.1 on RTR1. Click through the captured packets to investigate the option fields in the DHCP header.</p>
<h3 id="step-3">Step 3</h3>
<p>Verify the IPv4 configuration on PC2 and test connectivity to the Internet.</p>
<p>Open the console on PC2 and access the command prompt. Use the <code>ip addr show dev eth0</code> command to verify its IPv4 configuration. PC1 will have an IP address from the 192.168.2.0/24 network.</p>
<p>Use the <code>ip route list</code> command to verify the PC&#39;s routing table. You should see the default gateway set to 192.168.2.1 which is the IP address of RTR2 E0/1.</p>
<p>From the command prompt, ping the public DNS server at <strong>8.8.8.8</strong>. This ping should be successful.</p>
<p>Open a VNC connection to PC2 and use the browser to test connectivity to <strong>www.cisco.com</strong>. This test should be successful.</p>
<h3 id="step-4">Step 4</h3>
<p>Return to RTR1 and inspect the DHCP debugging output. You should see the following messages:</p>
<p><pre>
*Jan 6 16:21:01.881: DHCPD: DHCPDISCOVER received from client 0152.5400.1f04.4d <mark>through relay 192.168.2.1.</mark></p>
<p>*Jan 6 16:21:01.881: DHCPD: Sending DHCPOFFER to client 0152.5400.1f04.4d (192.168.2.7).</p>
<p>*Jan 6 16:21:01.883: DHCPD: DHCPREQUEST received from client 0152.5400.1f04.4d on interface Ethernet0/0</p>
<p>*Jan 6 16:21:01.883: DHCPD: Client is Selecting (<mark>DHCP Request with Requested IP = 192.168.2.7, Server ID = 10.1.1.1</mark>)</p>
<p>*Jan 6 16:21:01.883: DHCPD: Sending DHCPACK to client 0152.5400.1f04.4d (192.168.2.7).
</pre>
Notice that RTR1 is aware that the DHCP Discover message was relayed from 192.168.2.1 and the DHCP client (PC2) is being serviced by the DHCP server located at 10.1.1.1.</p>
</body></html>
title: CCNA Prep 2025 - S2E1 - DHCP
version: 0.2.2

BIN
lab-topologies/ccna-prep/s2e1/CCNA_Prep_DHCP_Guide.pdf Normal file
View File

Binary file not shown.

5
lab-topologies/ccna-prep/s2e1/README.md Normal file
View File

@@ -0,0 +1,5 @@
# DHCP in Action: Streamlining Network Client Address Management
*Abstract:* Review the essential role of Dynamic Host Configuration Protocol (DHCP) in managing network client address assignments in this practical, demonstration focused live event. Gain insights into configuring and verifying DHCP clients and relay agents, and reinforce how DHCP simplifies IP address distribution. Through real-world examples, you'll practice the skills needed to effectively manage and troubleshoot DHCP in your network environment as you prepare for your CCNA Exam.
![](s2e1-dhcp.jpeg)

BIN
lab-topologies/ccna-prep/s2e1/s2e1-dhcp.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
lab-topologies/ccna-prep/s2e2/CCNA Prep S02 E02 Lab Guide.pdf Normal file
View File

Binary file not shown.

1296
lab-topologies/ccna-prep/s2e2/CCNA_Prep_2025_S2E2_DNS_Deepdive.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

5
lab-topologies/ccna-prep/s2e2/README.md Normal file
View File

@@ -0,0 +1,5 @@
# DNS Deepdive: Exploring a Backbone of Network Communication
*Abstract:* Step into the dynamic world of DNS in this engaging, lab focused live event. Discover how to configure basic DNS servers and clients while unraveling the mystery of how domain names translate into IP addresses. Through practical demonstrations, you'll see firsthand how DNS keeps your network running smoothly and efficiently, mastering this vital technology before you take your CCNA exam.
![](s2e2-dns.jpeg)

BIN
lab-topologies/ccna-prep/s2e2/s2e2-dns.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

1127
lab-topologies/ccna-prep/s2e3/CCNA_Prep_2025_-_S2E3_-_NAT.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
lab-topologies/ccna-prep/s2e3/CCNA_Prep_S02E03_NAT_Guide.pdf Normal file
View File

Binary file not shown.

5
lab-topologies/ccna-prep/s2e3/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Navigating NAT: Bridging Private Networks to the Internet
*Abstract:* Explore the critical role of Network Address Translation (NAT) in providing Internet access for networks using private IP addresses. In this live session, you'll review the configuration of NAT using static and pool techniques. The practical insights into how NAT enables efficient connectivity between private networks and the wider Internet will prepare you for your CCNA exam.
![](s2e3-nat.jpg)

BIN
lab-topologies/ccna-prep/s2e3/s2e3-nat.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
lab-topologies/ccna-prep/s2e4/CCNA Prep S02 E04 Lab Guide.pdf Normal file
View File

Binary file not shown.

885
lab-topologies/ccna-prep/s2e4/CCNA_Prep_2025_S2E4_Telnet_to_SSH.yaml Normal file
View File

@@ -0,0 +1,885 @@
annotations:
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'CCNA Exam Prep: Back to Networking Basics with Hank Preston and
Patrick Gargano'
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: -80.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'Securing Network Access: From Telnet to SSH'
text_font: monospace
text_italic: false
text_size: 18
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: -40.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: |-
No doubt you've heard that SSH is better than telnet because, well "security". But what does that mean?
Is it really a problem? And how exactly do you ensure secure device administration? Well, we will tackle all
this in the following lab with the following exercises:
In this lab you will explore device adminstration with some hands on exercises focused on:
* Enabling Telnet device administration, and seeing why it might not be the most secure
* Creating local administrator accounts on network devices
* Migrating to SSH from Telnet for device administration
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 0.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: |2-
host user/pass: cisco / cisco
network enable password: enablepass
network telnet password: telnetpass
network admin user/pass: admin / adminpass
network oper user/pass: oper / operpass (read-only)
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: |
Credentials:
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: ____________
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#7FF0FA'
thickness: 2
type: rectangle
x1: -483.21004499370474
y1: 310.36986501888595
x2: 538.6848224811145
y2: 117.88725898435627
z_index: 4
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#F593E1'
thickness: 2
type: rectangle
x1: 61.89486747481904
y1: 310.77931009652815
x2: 306.0242893998466
y2: 265.1398836171298
z_index: 4
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: Inside
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -475.31049493075153
y1: 318.42773531686413
z_index: 5
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: Outside
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 69.73658407878582
y1: 317.76716539660475
z_index: 5
nodes:
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n0
image_definition: null
label: internet
node_definition: external_connector
parameters: {}
ram: null
tags: []
x: 320
y: 360
interfaces:
- id: i0
label: port
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname rtr01
!
! In order to avoid entering a configuration dialog
! on boot, please ensure that all ethernet interfaces
! have some ip configuration present here such as the
! example below:
!
interface range Ethernet 0/0 - 3
no ip address
shutdown
!
ip host rtr01.example.com 10.0.0.1
ip host sw01.example.com 192.168.0.2
ip name-server 192.168.255.1
ip domain name example.com
ip dns server
ip dns primary example.com soa 192.168.0.1 admin@example.com 21600 900 7776000 86400
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp pool inside
network 192.168.0.0 /24
default-router 192.168.0.1
dns-server 10.0.0.1
domain-name example.com
exit
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
!
ip nat inside source list NAT interface e0/0 overload
!
interface e0/1
description Link to Inside Hosts
ip address 192.168.0.1 255.255.255.0
ip nat inside
no shut
!
interface e0/0
description Link to Internet
ip address dhcp
ip nat outside
no shut
!
!
interface loopback0
ip address 10.0.0.1 255.255.255.255
!
line vty 0 4
no login
transport input none
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n1
image_definition: null
label: rtr01
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: 24
y: 361
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname sw01
ip domain name example.com
!
vtp version 2
vtp mode transparent
!
vlan 10
name inside-network
!
interface e0/0
description Link to rtr01
switchport mode access
spanning-tree portfast
switchport access vlan 10
!
interface e0/1
description Link to netadmin
switchport mode access
spanning-tree portfast
switchport access vlan 10
!
interface vlan 10
description Switch Management Interface
ip address 192.168.0.2 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip name-server 10.0.0.1
!
line vty 0 4
no login
transport input none
!
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: sw01
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: -200
y: 360
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname netadmin
# configurable user account
USERNAME=cisco
PASSWORD=cisco
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: netadmin
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -440
y: 360
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: ext-sw
node_definition: unmanaged_switch
parameters: {}
ram: null
tags: []
x: 160
y: 360
interfaces:
- id: i0
label: port0
slot: 0
type: physical
- id: i1
label: port1
slot: 1
type: physical
- id: i2
label: port2
slot: 2
type: physical
- id: i3
label: port3
slot: 3
type: physical
- id: i4
label: port4
slot: 4
type: physical
- id: i5
label: port5
slot: 5
type: physical
- id: i6
label: port6
slot: 6
type: physical
- id: i7
label: port7
slot: 7
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname outside-host
# configurable user account
USERNAME=cisco
PASSWORD=cisco
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n5
image_definition: null
label: outside-host
node_definition: alpine
parameters: {}
ram: null
tags: []
x: 160
y: 520
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
links:
- id: l0
n1: n2
n2: n1
i1: i1
i2: i2
conditioning: {}
label: sw01-Ethernet0/0<->rtr01-Ethernet0/1
- id: l1
n1: n3
n2: n2
i1: i0
i2: i2
conditioning: {}
label: netadmin-eth0<->sw01-Ethernet0/1
- id: l2
n1: n1
n2: n4
i1: i1
i2: i0
conditioning: {}
label: rtr01-Ethernet0/0<->ext-sw-port0
- id: l3
n1: n4
n2: n0
i1: i1
i2: i0
conditioning: {}
label: ext-sw-port1<->internet-port
- id: l4
n1: n5
n2: n4
i1: i0
i2: i2
conditioning: {}
label: outside-host-eth0<->ext-sw-port2
lab:
description: Discover why SSH is the preferred choice over Telnet for secure network
management in this insightful event. Through hands-on activities, master the ins
and outs to configuring SSH on Cisco switches and routers, ensuring encrypted
and authenticated remote access. Understand the security implications of using
SSH, and elevate your skills in managing network devices securely and efficiently.
Join us as you prepare for your CCNA exam.
notes: |-
**CCNA Exam Prep: Back to Networking Basics with Hank Preston and Patrick Gargano**
# Securing Network Access: From Telnet to SSH
> Discover why SSH is the preferred choice over Telnet for secure network management in this insightful event. Through hands-on activities, master the ins and outs to configuring SSH on Cisco switches and routers, ensuring encrypted and authenticated remote access. Understand the security implications of using SSH, and elevate your skills in managing network devices securely and efficiently. Join us as you prepare for your CCNA exam.
No doubt you've heard that SSH is better than telnet because, well "security". But what does that mean? Is it really a problem? And how exactly do you ensure secure device adminsistration? Well, we will tackle all this in the following exercices:
In this lab you will explore device adminstration with some hands on exercises focused on:
* Enabling Telnet device administration, and seeing why it might not be the most secure
* Creating local administrator accounts on network devices
* Migrating to SSH from Telnet for device administration
> This lab touches on several topics from the [CCNA v1.1 Topics List](https://learningcontent.cisco.com/documents/marketing/exam-topics/200-301-CCNA-v1.1.pdf)
> 2.8 Describe network device management access (Telnet, SSH, HTTP, HTTPS, console, TACACS+/RADIUS, and cloud managed)
> 4.8 Configure network devices for remote access using SSH
> 5.3 Configure and verify device access control using local passwords
## Setup and Scenario
This setup of lab based demonstrations includes a small network made up of an IOS based switch and router, that provides internet access to a `netadmin` host. There is also an `outside-host` that will be used for some testing. The network is preconfigured to provide connectivity to the Internet for the `netadmin` host with DHCP, DNS, and NAT services provided by `rtr01`. `sw01` is configured with a management IP address, and there are DNS entries for both network devices configured to allow `netadmin` to reach the devices by name.
```
netadmin:~$ ping -c 2 sw01
PING sw01 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: seq=0 ttl=42 time=0.975 ms
64 bytes from 192.168.0.2: seq=1 ttl=42 time=1.418 ms
netadmin:~$ ping -c 2 rtr01
PING rtr01 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=42 time=1.447 ms
64 bytes from 10.0.0.1: seq=1 ttl=42 time=1.125 ms
```
Go ahead and open the console for the `netadmin` host and try out the above pings yourself. "Pinging" is fun :-)!!
> Note: The credentials for `netadmin` and `outside-host` are `cisco / cisco`.
*Be sure to **START** the lab before continuing to the demo labs.*
## Setting up initial IP based device management with Telnet
Using serial (console) connectivity to configure and operate networking equipment requires the engineer be in physical proximity to the device so that a cable can be plugged from the devices port into their laptop. This is fine during initial setup or emergency troubleshooting, but it isn't very convenient when you want to add a VLAN to a switch, update a router's static routes, or run some show commands to understand the current state of the network. The ability to log into the network devices over "the network" is a far more convenient option.
> There are dedicated "terminal server" or "console server" appliances that can be provide the direct connection to serial ports on devices and offer network administrators access over the network. Many organizations do deploy these to aid in remote adminstration of devices, but even when they are available, console based administration is typically reserved for times when devices are unreachable over the network. Upgrades, troubleshooting, etc.
While it is highly recommended that network devices only be administered using a secure protocol like SSH, we'll begin this lab by configuring telnet to fully explore how (and why) secure network access can be configured.
1. We'll start by verifying that we can NOT log into the network devices with telnet at the start of the lab. Open the console for `netadmin`. The username/password to log in is `cisco/cisco`.
1. Attempt to use telnet to log into the `rtr01`. DNS is configured so you can use the hostname.
```
telnet rtr01
# Output
telnet: can't connect to remote host (10.0.0.1): Connection refused
```
1. Repeat for `sw01`.
1. Now that we've seen that telent does NOT work, we'll learn how to enable it.
1. Open the console for `rtr01` and enter enable mode.
1. To access the CLI for a network device over the network, you connect to a "VTY line", or "virtual teletype line". Different network devices have different numbers of VTY lines. The IOS router and switch in this lab each have 5 lines, numbered 0 -> 4. Another common number of lines is 16, numbered 0 -> 15.
1. Add the following configuration to `rtr01`. To enable `login` over the VTY lines and to allow communication on the line with `telnet`.
```
line vty 0 4
login
transport input telnet
```
1. You should get a console message like the below. This is an exmaple of a very useful message to the administrator. While we've turned on logging in via telnet on the lines, the router will NOT allow that to happen until a password is set. Because once telnet administration is enabled, anyone connected to the network could begin administering the device. Security is important!
```
% Login disabled on line 2, until 'password' is set
```
* You will actually see several of these messages, 5 to be exact. Why do you think that is?
<details><summary>Answer:</summary>
You are configuring 5 different lines at the same time, indicated by `line vty 0 4`. So one message per "line" being configured.</details>
1. So go ahead and add the password to the `line vty 0 4` configuration block.
```
password telnetpass
```
> Note: If you left `config-line` mode, you will need to re-enter with `line vty 0 4`.
1. Now return to the console for `netadmin` and try to connect with telnet. When you are prompted for the `Password:`, use the newly configured `telnetpass` that you just set.
```
telnet rtr01
# Output
Connected to rtr01
Entering character mode
Escape character is '^]'.
User Access Verification
Password:
rtr01>
```
1. Now enter enable mode. Did it work? Why not?
<details><summary>Answer</summary>
While the network device does NOT mind allowing unauthenticated privileged mode access over the console port, an `enable password` (or `secret`) is required for over the network administration.</details>
1. Return to the console for `rtr01` and set an enable secret.
```
enable secret enablepass
```
1. And now go back to the console for `netadmin` and try to enter enable mode again.
1. Ta-da... you can now administer `rtr01` remotely from your network administration workstation, from anywhere on the network.
1. Disconnect by typing `exit`.
1. Repeat the configuration to enable telnet administration on `sw01` and verify that you can login and access enable mode from `netadmin`.
1. Make sure to `exit` from the connection to `sw01` when you are done.
## Understanding why clear text protocols like Telnet are a bad idea
Great work... maybe. I'm sure you've heard by now that "telnet bad, ssh good" but why? "Security" you may say. You might even know that the issue is because "telnet isn't encrypted". Both true, but let's see if we can experience this with our own eyes.
> ***Pro Tip!:*** CML allows you to "split" the Panes display into multiple sections to allow the viewing of two or more different interfaces (ie Console, VNC, or Packet Capture) at the same time. This feature is particularly handy when doing a packet capture, so you can see the captured packets while performing actions on a node.
>
> Click the `+` button on the right side of the "Panes" to split the window. Then "click" within the section before opening starting the capture. You can also "drag" a window from one pane to another.
1. Right-click the link between `netadmin` and `sw01` and choose "Packet Capture".
1. Click the gear icon to open the settings for the capture. Add the following BPF filter and "Apply" the settings change.
```
tcp port 23
```
> Why tcp port 23?
> <details><summary>Answer</summary>
> Telnet is an application that uses TCP and operates on port 23.</details>
1. Start the packet capture.
1. Now return to the console for `netadmin` and connect to `rtr01` with telnet. Go ahead and enter the password to login.
1. Now look at the packet capture and click on Frame 6 that shows "Telnet Data..." in the Info column. Click on the frame and expand the `Telnet` section in the packet details. What do you see?
<details><summary>Answer:</summary>
You'll see the login message sent by `rtr01` to `netadmin` in clear text. </details>
1. Change to page 2 and look at Frame 12, 14, 16, and the other "Telnet Data..." frames sourced by `netadmin`. What do you see?
<details><summary>Answer:</summary>
What you should see is the password you entered to log into the router, one (or two) characters at a time.</details>
> Note: The frame numbers above should match for you if you created the filter, started the capture, and then used `telnet rtr01` from `netadmin` and logged in with the password immediately. If you aren't seeing the expected data within the frame numbers indicated, click and check the "Telnet Data..." frames until you find them.
So now you see why "telnet bad". Anyone who has access to the network packets that have a telnet session running can see everything that is sent in both directions. And you don't need to do it frame by frame. There are many programs that can be used to analyze network streams, find telnet applications, capture the output and search for credentials.
> So why is "SSH good"? Because as an encrypted protocol, an attack like this isn't possible. You'll be able to try this out yourself and see it in action later!
## Configuring local user accounts for managing network devices
Now the network team can all log into the network devices remotely from the convenience of anywhere on the network. However, everyone uses the same telnet password. Providing individual accounts to each user is a standard procedure for organizations and applications. There are many reasons to go down this path including:
* Allowing for accurate auditing of who is connected to the network and making changes
* Providing different levels of access to different people. Often called "Role Based Access Control" or "RBAC"
* Being able to disable access to individuals without effecting an entire team
There is another reason we are going to enable individual user accounts in this lab, SSH access requires it to be setup. And that's our ultimate destination :-)
1. Go ahead and log into `rtr1`. Either with the direct console connection, or through telnet from `netadmin`.
1. Enter configuration mode, and create a new admin user on the router.
```
username admin secret adminpass
```
> Note: Be careful to ***NOT*** add a space after the password. If you do, the space becomes PART of the password. This is a common mistake that can lead to you being unable to log in and access your router. The author of this lab guide has made this mistake many many times.
1. Now you need to update the VTY configuration to use the "local" username/passwords rather than the telnet password that was configured.
```
line vty 0 4
login local
```
* It is also a good idea to remove the telnet password that we won't be using anymore.
```
line vty 0 4
no password
```
1. Now return to the `netadmin` host and try to log into `rtr01` with telnet once again. Use the `admin / adminpass` credentials you just configured.
```
telnet rtr01
# Output
Connected to rtr01
Entering character mode
Escape character is '^]'.
User Access Verification
Username: admin
Password:
rtr01>
```
1. Go ahead and enter "enable" mode. You should be prompted for the enable password, this will be the same `enablepass` that you configured before.
### Adding privilege to user accounts
Now we'll enhance the login process by adding a "privilege level" to the user accounts. This isn't required, but it is a common configuration that will place "administrators" automatically into "enable" mode. We can also use it to provide "read only" access to "operator" users.
Cisco IOS uses "privilege levels" to track access levels. `priv 15` is the same as "Privileged EXEC mode" (ie "enable mode"), and `priv 1` is the same "User EXEC mode".
1. From the CLI of `rtr01` (either console or using the telnet access), add `priv 15` to the `admin` user.
```
username admin priv 15
```
1. Now try to reconnect with telnet to the router.
> If you configured the above from the telnet connection, `exit` out to disconnect and reconnect.
1. Did you see any difference?
<details><summary>Answer:</summary>
You should now have been dropped into `Priveleged EXEC mode` automatically.</details>
1. Handy right? Create a new account with `priv 15` for yourself with whatever username and password you want to use. You can do all this with a single line of configuration.
```
username carl priv 15 secret carlpass
```
1. Create one more user, `oper` with the secret password `operpass` that has `priv 1`.
```
username oper priv 1 secret operpass
```
1. Take a look at the configuration for the user accounts.
```
show run | section username
# Output
username admin privilege 15 secret 9 $9$JTuPJ0yjNpNuNk$hCbbeDhhX8DStDn5BKbOlJ7LWjvKkZP.wnFmZdNhwHA
username carl privilege 15 secret 9 $9$O1J7C4XQ8aE/rU$TcDZQXJiv3h1c7gkqdgUqKJEhCydXfY2yz6hZzxWJbI
username oper secret 9 $9$cjBNZ2V.CJT.fU$BDC0biwbJ8Wn.Lw1uau53B3jQhlFqYoEG5VF2BjpitY
```
* What do you notice about them?
<details><summary>Answer:</summary>
A couple things should jump out at you. First, the passwords (or secrets) are encrypted using a method that is (currently) difficult to break. This is indicated by `secret 9` in the output. Older versions of IOS used methods other than `9` to "hide" passwords in configurations. Most of them are considered insecure today. `secret 9` is the best practice used today. Second, `username oper` lacks a `priv 1` element to the configuration. This is because `priv 1` is the lowest privilege level and the default. </details>
### Configuring `sw01`
Before moving onto SSH, go ahead and configure `sw01`.
1. Create user accounts for `admin` and `oper` with appropriate `priv` levels
1. Update the VTY lines to use the newly created user accounts.
1. Remove the telnet password
## Migrating from Telnet to SSH for managing network devices
Excellent work so far. Just one more thing to do, enable SSH and make our device administration secure. Well, there are a couple of steps needed to enable SSH, but let's get to it!
1. Log into `rtr01` from the console or with the `admin` account and telnet.
1. From "Privileged EXEC mode" (enable mode) and NOT "Configuration Mode", create an RSA key-pair.
> Note: If you enter this command from `config` mode, you'll get an error message about deprecation of the command. Keys should now be generated from "enable mode".
```
crypto key generate rsa general-keys modulus 2048
# Output
The name for the keys will be: rtr01.example.com
% The key modulus size is 2048 bits
% Generating crypto RSA keys in background ...
```
* `rsa` is the type of key we are generating `ec` is an alternative key generation mechanism, but it won't work for SSH.
* `general-keys` means we are creating a single key that can be used by the router for both signing and encryption.
* `modulus 2048` indicates we are creating a `2048` bit key. The more bits, the more secure. `2048` is generally considered secure today, however some organizations opt for larger bit sizes for more security.
1. If you are on the console, or watching the console output, you'll also see this output.
```
*Mar 9 14:08:48.049: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named rtr01.example.com has been generated or imported by crypto-engine
*Mar 9 14:08:48.050: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 9 14:08:48.732: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named rtr01.example.com.server has been generated or imported by crypto-engine
```
> Note: The "name" of the RSA key is in the format of `<HOSTNAME>.<DOMAIN NAME>`. This means that if you have NOT configured either of these on your network device, you will get an error message. The initial configuration for this lab included both `hostname <HOSTNAME>` and `ip domain name <DOMAIN NAME>` configuration.
* In the console log message, notice the `SSH-5-ENABLED` message. SSH is typically already setup to be "enabled" on an IOS device, but in order for it to work there needs to be a "key" that can be used to encrypt the traffic. As soon as you create the key, the device will enable SSH.
* `SSH 2.0` is enabled. The version `2.0` is significant because earlier versions of SSH are insecure today and shouldn't be used. Some network devices may default to an earlier version and should be explicitly configured for `ip ssh version 2`. Newer devices likely only support version 2.
1. Go ahead and try to connect to `rtr01` with SSH from `netadmin`.
```
ssh admin@rtr01
# Output
ssh: connect to host rtr01 port 22: Connection refused
```
* Why didn't it work? We say that SSH was enabled already?
<details><summary>Answer:</summary>
The reason is because while SSH is indeed "enabled" on the router, we need to update the configuration for the VTY lines to allow SSH "input". Remember that we configured `transport input telnet`.</details>
1. Update the configuration of the VTY lines to support SSH.
```
line vty 0 4
transport input ssh
```
> Note: You could enable both telnet and ssh at the same time with `transport input telnet ssh`, and if you are making this change remotely without console access to the router, that is recommended. But once you've verified that SSH is working, don't forget to remove it as a supported input protocol or you are still vulnerable.
1. Now try to log into `rtr01` with SSH again.
```
ssh admin@rtr01
# Output
The authenticity of host 'rtr01 (10.0.0.1)' can't be established.
RSA key fingerprint is SHA256:uKLBCGaK0AWdqR6NOVbvSFjB6Mc0GMiRGH7xcI7+X0w.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'rtr01' (RSA) to the list of known hosts.
(admin@rtr01) Password:
rtr01#
```
* You will first be asked if you want to trust the fingerprint for the SSH key. The best practice for security would be to check the shown fingerprint against the known fingerprint for the device you are connecting to. Unfortunately, there isn't an easy way to find the fingerprint for an SSH key for an IOS device, and calculating it is out of scope for this lab or the CCNA. So just type "yes" at the prompt.
* Once you connect the first time to a router, your computer will store the fingerprint and verify it on future connections to the router. If the fingerprint changes, you'll be warned something is different. This could indicate a security problem, ***OR*** it could indicate that key changed on the device. A key change can happen if a device is replaced or upgraded. The key can also change if an administrator manually changes it.
* Provide the password for the `admin` user and log in.
1. Disconnect with SSH and try to log in with telnet. This should fail.
### Verifying Encryption
Setup a new packet capture between `netadmin` and `sw01`, but use the filter `tcp port 22` for SSH traffic. With it running, log back into `rtr01` with SSH. Then checkout the packets captured. You'll see many packets setting up the secure communications, and then "Encrypted packets" being sent. If you look at those you'll find that you can NOT read the messages being sent between the devices.
### Configuring SSH on `sw01`
Now go ahead and configure `sw01` for SSH with the same approach we used on `rtr01`.
1. Create a new RSA key
1. Change the VTY transport method to only support SSH
## SSH from anywhere... even the Internet?
So far we've been testing SSH access from our "trusted host", `netadmin`. But can we also access the router from "the Internet"
1. Find the "public IP" for `rtr01`. This will be the IP address on interface 'E0/0'.
```
show ip int brief
# Output
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 192.168.255.196 YES DHCP up up
Ethernet0/1 192.168.0.1 YES TFTP up up
Ethernet0/2 unassigned YES TFTP administratively down down
Ethernet0/3 unassigned YES TFTP administratively down down
Loopback0 10.0.0.1 YES TFTP up up
```
> ***Note:*** The IP address assigned to YOUR `Ethernet0/0` interface will mostly likely differ from the above output. This is because the IP address is assigned with DHCP from the CML server itself. Make note of YOUR address for the next command.
1. Open up the console for `outside-host` and try to SSH into the router using the "public IP".
* ***Remember to use the IP address from YOUR output in the below command.***
```
ssh admin@<YOUR E0/0 IP address>
```
1. After answering "yes" to accept the fingerprint, this should work just like from `netadmin`. This is because the VTY lines are "available" from all router Interfaces. Even more reason to use SSH instead of a clear text protocol like telnet.
1. Now that you are connected, checkout the output from a couple of handy `show commands`.
```
show ssh
show users
show crypto key mypubkey rsa
```
## Great Job!
Excellent work on this lab! You've successfully enabled SSH on your network devices and seen why it is a much better choice than Telnet. This is by no means the end to device administration. Here are some other topics to look into.
1. How can you limit management access to a network device? Maybe you do NOT want the Internet to be able to log into your router - even if it is secure?
1. How do TACACS+ and RADIUS fit into device administration? How would they be configured?
title: CCNA Prep 2025 S2E4 Telnet to SSH
version: 0.2.2

5
lab-topologies/ccna-prep/s2e4/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Securing Network Access: From Telnet to SSH
*Abstract:* Discover why SSH is the preferred choice over Telnet for secure network management in this insightful event. Through hands-on activities, master the ins and outs to configuring SSH on Cisco switches and routers, ensuring encrypted and authenticated remote access. Understand the security implications of using SSH, and elevate your skills in managing network devices securely and efficiently. Join us as you prepare for your CCNA exam.
![](s2e4-ssh.jpg)

BIN
lab-topologies/ccna-prep/s2e4/s2e4-ssh.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

BIN
lab-topologies/ccna-prep/s2e5/CCNA Prep S02 E05 Lab Guide.pdf Normal file
View File

Binary file not shown.

709
lab-topologies/ccna-prep/s2e5/CCNA_Prep_2025_S2E5_NTP_Basics.yaml Normal file
View File

@@ -0,0 +1,709 @@
annotations:
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'CCNA Exam Prep: Back to Networking Basics with Hank Preston and
Patrick Gargano'
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: -80.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'Syncing Success: The Role of NTP in Network Operations'
text_font: monospace
text_italic: false
text_size: 18
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: -40.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: |-
NTP is how IT systems can "synchronize their watches". These IT systems can be network devices
like switches and routers, end user computers and mobile devices, and servers hosting the
critical applications we rely on. The "systems" also include the unimaginable number of IOT
devices that exist around us in cars, planes, trains, ships, manufacturing plants, and so on.
So yeah, NTP is a foundational protocol that is often overlooked, until something goes wrong
with it...
In this lab you will NTP with some hands on exercises focused on:
* Asking a router and switch "what time is it?" and manually setting the time.
* Configuring the NTP client in IOS to synchronize the clock with an NTP server.
* Configuring the NTP server in IOS to act as a time source for other clients
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 0.0
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: |2-
host user/pass: cisco / cisco
network enable password: enablepass
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: 'Credentials:
'
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: ____________
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#7FF0FA'
thickness: 2
type: rectangle
x1: -483.21004499370474
y1: 310.36986501888595
x2: 763.2100449937047
y2: 260.47255474961986
z_index: 0
nodes:
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n0
image_definition: null
label: internet
node_definition: external_connector
parameters: {}
ram: null
tags: []
x: 240
y: 360
interfaces:
- id: i0
label: port
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname rtr01
!
! In order to avoid entering a configuration dialog
! on boot, please ensure that all ethernet interfaces
! have some ip configuration present here such as the
! example below:
!
interface range Ethernet 0/0 - 3
no ip address
shutdown
!
ip host rtr01.example.com 10.0.0.1
ip host sw01.example.com 192.168.0.2
ip host ntpserver.example.com 192.168.100.100
ip name-server 192.168.255.1
ip domain name example.com
ip dns server
ip dns primary example.com soa 192.168.0.1 admin@example.com 21600 900 7776000 86400
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp pool inside
network 192.168.0.0 /24
default-router 192.168.0.1
dns-server 10.0.0.1
domain-name example.com
exit
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
permit 192.168.100.0 0.0.0.255
!
ip nat inside source list NAT interface e0/0 overload
!
interface e0/1
description Link to Inside Hosts
ip address 192.168.0.1 255.255.255.0
ip nat inside
no shut
!
interface e0/0
description Link to Internet
ip address dhcp
ip nat outside
no shut
!
interface e0/2
description Link to Lab NTP Server
ip address 192.168.100.1 255.255.255.0
ip nat inside
no shut
!
interface loopback0
ip address 10.0.0.1 255.255.255.255
!
line vty 0 4
no login
transport input none
!
do clock set 00:00:00 01 Jan 1993
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n1
image_definition: null
label: rtr01
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: 0
y: 360
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname sw01
ip domain name example.com
!
vtp version 2
vtp mode transparent
!
vlan 10
name inside-network
!
interface e0/0
description Link to rtr01
switchport mode access
spanning-tree portfast
switchport access vlan 10
!
interface e0/1
description Link to netadmin
switchport mode access
spanning-tree portfast
switchport access vlan 10
!
interface vlan 10
description Switch Management Interface
ip address 192.168.0.2 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip name-server 10.0.0.1
!
line vty 0 4
no login
transport input none
!
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: sw01
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: -200
y: 360
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname netadmin
# configurable user account
USERNAME=cisco
PASSWORD=cisco
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: netadmin
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -440
y: 360
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname ntpserver
# configurable user account
USERNAME=cisco
PASSWORD=cisco
# Static IP address
ip address add 192.168.100.100/24 dev eth0
ip route add default via 192.168.100.1
# NTP Server Setup
echo 'NTPD_OPTS="-l -N"' > /etc/conf.d/ntpd
service ntpd start
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: ntpserver
node_definition: alpine
parameters: {}
ram: null
tags: []
x: 0
y: 520
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
links:
- id: l0
n1: n2
n2: n1
i1: i1
i2: i2
conditioning: {}
label: sw01-Ethernet0/0<->rtr01-Ethernet0/1
- id: l1
n1: n3
n2: n2
i1: i0
i2: i2
conditioning: {}
label: netadmin-eth0<->sw01-Ethernet0/1
- id: l2
n1: n4
n2: n1
i1: i0
i2: i3
conditioning: {}
label: outside-host-eth0<->rtr01-Ethernet0/2
- id: l3
n1: n1
n2: n0
i1: i1
i2: i0
conditioning: {}
label: rtr01-Ethernet0/0<->internet-port
lab:
description: Delve into the importance of Network Time Protocol (NTP) in maintaining
synchronized time across network devices. In this session, review the steps to
configure NTP for both client and server modes. Discover why synchronized time
is crucial for accurate event logging, seamless coordination of network operations,
and effective security measures. Master this important topic in “time” to take
your exam.
notes: |-
**CCNA Exam Prep: Back to Networking Basics with Hank Preston and Patrick Gargano**
# Syncing Success: The Role of NTP in Network Operations
> Delve into the importance of Network Time Protocol (NTP) in maintaining synchronized time across network devices. In this session, review the steps to configure NTP for both client and server modes. Discover why synchronized time is crucial for accurate event logging, seamless coordination of network operations, and effective security measures. Master this important topic in “time” to take your exam.
Time and the passage of time is inescapble in life and network engineering. There are many "time" related topics that come up while you study for your CCNA. There is latency, how long it takes takes for a data packet to move from the source to destination. And jitter, how much variation in that time between different packets.
In this lab we are going to explore NTP, or Network Time Protocol. NTP is how IT systems can "synchronize their watches". These IT systems can be network devices like switches and routers, end user computers and mobile devices, and servers hosting the critical applications we rely on. The "systems" also include the unimaginable number of IOT devices that exist around us in cars, planes, trains, ships, manufacturing plants, and so on. So yeah, NTP is a foundational protocol that is often overlooked, until something goes wrong with it...
In this lab you will NTP with some hands on exercises focused on:
* Asking a router and switch "what time is it?" and manually setting the time.
* Configuring the NTP client in IOS to synchronize the clock with a known good source - an NTP server.
* Configuring the NTP server in IOS to act as a time source for other clients
> This lab touches on the following topic from the [CCNA v1.1 Topics List](https://learningcontent.cisco.com/documents/marketing/exam-topics/200-301-CCNA-v1.1.pdf)
> 4.2 Configure and verify NTP operating in a client and server mode
## Setup and Scenario
This setup of lab based demonstrations includes a small network made up of an IOS based switch and router, that provides internet access to a `netadmin` host. The network is preconfigured to provide connectivity to the Internet for the `netadmin` host with DHCP, DNS, and NAT services provided by `rtr01`. `sw01` is configured with a management IP address, and there are DNS entries for both network devices configured to allow `netadmin` to reach the devices by name.
*Be sure to **START** the lab before continuing to the demo labs.*
```
netadmin:~$ ping -c 2 sw01
PING sw01 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: seq=0 ttl=42 time=0.975 ms
64 bytes from 192.168.0.2: seq=1 ttl=42 time=1.418 ms
netadmin:~$ ping -c 2 rtr01
PING rtr01 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=42 time=1.447 ms
64 bytes from 10.0.0.1: seq=1 ttl=42 time=1.125 ms
```
Go ahead and open the console for the `netadmin` host and try out the above pings yourself. "Pinging" is fun :-)!!
> Note: The credentials for `netadmin` are `cisco / cisco`.
## Finding an available NTP server
Before we dive into this lab and explore configuring NTP to keep network time in sync, we need to find an available NTP server that is reachable from our lab. There are many publicly available NTP providers that can be freely leveraged by anyone around the world. Two sources for time provided by reliable clusters of NTP servers are [NIST (National Institute of Standards and Technology)](https://tf.nist.gov/tf-cgi/servers.cgi) and [pool.ntp.org](https://www.ntppool.org/en/).
The NTP server addresses for these sources are:
* NIST - `time.nist.gov`
* NTP Pool - `pool.ntp.org`
If you are running this lab from a CML server in your home lab, or a cloud provider, you should be able to leverage either of these NTP server addresses.
While these sources are trusted worldwide, some companies block access to these public NTP servers from within private networks and opt to provide their own NTP servers for internal systems. This means that if you are running this lab on a CML server that is hosted on a network that blocks access to public NTP servers, you'll need to check with the IT team to find the address for a reachable NTP server to query.
To test to see if the public servers are reachable, follow these steps.
1. Open the console to `netadmin` and login.
1. Use the `ntpd` service to query the public servers.
```
ntpd -dw -p pool.ntp.org -p time.nist.gov
```
> Note: End the `ntpd` query by pressing `Cntrl-C` (`^C`).
1. If you see output that looks like the below, these public servers are NOT available for you to leverage for this lab.
```
ntpd: 'pool.ntp.org' is 104.234.67.234
ntpd: 'time.nist.gov' is 132.163.97.4
ntpd: sending query to 132.163.97.4
ntpd: sending query to 104.234.67.234
ntpd: timed out waiting for 132.163.97.4, reach 0x00, next query in 1s
ntpd: 'time.nist.gov' is 132.163.97.4
ntpd: timed out waiting for 104.234.67.234, reach 0x00, next query in 1s
```
1. See if you can find an available NTP server for your lab environment. For example, suppose you are told an NTP server is available at `10.1.1.1`. Let's test that address.
```
ntpd -dw -p 10.1.1.1
# Output
ntpd: sending query to 10.1.1.1
ntpd: reply from 10.1.1.1: offset:+36.082774 delay:0.002821 status:0x24 strat:3 refid:0x05f1c00a rootdelay:0.001083 reach:0x01
```
* This output shows a reachable NTP server. Don't worry about the details of the output just now.
1. What should you do if the public servers aren't reachable AND you can't find information on an available server? Never fear! We have included an NTP server in the lab that can be used. It might not have exact accurate time, but it will work for the lab. This NTP server is available at `ntpserver.example.com`.
```
ntpd -dw -p ntpserver.example.com
# Output
ntpd: 'ntpserver.example.com' is 192.168.100.100
ntpd: sending query to 192.168.100.100
ntpd: reply from 192.168.100.100: offset:-0.191950 delay:0.002921 status:0x24 strat:1 refid:0x00000000 rootdelay:0.000000 reach:0x01
```
## Checking the current date/time on the router
So NTP can be used to set the time on network devices, but how do you check what the current clock is set to on an IOS router or switch?
1. Open up the console to `rtr01`, and enter enable mode.
1. Run the command `show clock` to check the current time on the router.
```
show clock
# Output
00:11:51.832 UTC Fri Jan 1 1993
```
1. Well.. unless you've gone back in time to the early nineties, the time displayed by the router probably doesn't look close to accurate.
1. Let's go ahead and "fix" the time manually. Check the current time on your computer and use the following command to correct the time.
> ***Note: The timezone setting on the router is UTC, be sure to convert your local time to UTC before setting the time in this step.***
```
clock set 19:49:00 23 March 2025
! Command Format
clock set <MM:HH:SS> <1-31> <MONTH> <YEAR>
# Output
Mar 23 19:49:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:00:46 UTC Fri Jan 1 1993 to 19:49:00 UTC Sun Mar 23 2025, configured from console by console.
```
1. Verify the time was updated correctly with `show clock`.
Excellent job! The clock on the router is right and we can all go out for some dinner and watch a movie right?
## Configuring NTP client to maintain time sync
Unfortunately dinner and the movie is going to have to wait. It is just a fact of modern computing that computers eventually experience a time drift. Typically they drift slower over time. There are many contributing factors to time loss for computers, but it does happen. A little bit every day. And even if computers did NOT lose time, there is another reason why configuring NTP to maintain sync is important. How accurate were you when you configured the manual time in the previous step? Were you accurate to the second? To the millesecond? Accurate time for computers is important for a lot of applications.
So now that I've convinced you that we need a little help to keep our router's clock accurate, let us finally dive into NTP and use it to keep our router in sync.
> In the following steps, use the best NTP server for your particular lab environment. If a public NTP server is reachable, use that. If you have a private NTP server address that works, leverage that one. And if neither the public or private NTP servers are an option, then you can use `ntpserver.example.com`.
1. Back on the console for `rtr01` check the current status of NTP with the following commands.
```
show ntp status
# Output
%NTP is not enabled.
```
```
show ntp associations
# No output
```
> Okay, NTP is not running.
1. Now enter configuration mode and configure the `ntp server` for your router.
```
ntp server ntpserver.example.com
```
1. Return to enable mode and check the status of NTP.
```
show ntp status
# Example Output
Clock is unsynchronized, stratum 2, reference is 192.168.100.100
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
ntp uptime is 74900 (1/100 of seconds), resolution is 4000
reference time is EB8AE8C3.CC49BC90 (20:08:35.798 UTC Sun Mar 23 2025)
clock offset is 18494.9973 msec, root delay is 1.95 msec
root dispersion is 18499.91 msec, peer dispersion is 3.88 msec
loopfilter state is 'FREQ' (Drift being measured), drift is 0.000000000 s/s
system poll interval is 64, last update was 5 sec ago.
```
* There is a lot of detail in the output above, much of it beyond the scope for the CCNA candidate.
* The first line indicates that the router is currently `unsynchronized` with the server (ie `reference`)
* `clock offset is 18494.9973 msec` indicates that there is an 18 second difference between the router's clock and the server. In this case our router is 18 seconds behind. If it was ahead, the value would be negative. This "offset" is why we are currently `unsynchronized`
1. NTP does NOT make large changes to a systems time, this could be disruptive to services. Rather it makes small adjustment with the goal being to bring the client into sync overtime. This process can take several minutes to hours depending on network conditions and the amount of offset involved.
* You can speed up the process of synchronization by manually updating a devices clock to be closer to the NTP server.
1. Another handy show command is `show ntp associations`.
```
show ntp associations
# Output
address ref clock st when poll reach delay offset disp
*~192.168.100.100 . 1 65 64 1 0.945 18495.1 7938.9
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
```
* The output from this command will show the NTP status in a table format. Key details to note are:
* The `*` indicating the currently selected reference clock
* The `~` indicating that this is a "configured" server. Which most of your NTP servers will be.
* The `offset` to indicate how far apart the client and server are from a time perspective
While NTP brings this router into sync with the server, we'll move onto enable the router to act as an NTP server for other network clients.
## Enabling an IOS router to act as an NTP server
Now that we've got our edge router setup to keep its own clock in sync with a trusted NTP server, we want to set it up to provide time to other network devices. You might wonder, why not just have each and every device ask the same trusted server? Well, there are a few different reasons...
* Efficient use of bandwidth. NTP isn't a big drain on network resources, but even small packets add up if you have hundreds or thousands of devices asking "what time is it" every minute. So having a "local" NTP server for other devices to query for time is a great solution for effeciency.
* What happens if the public server can't be reached, or needs to be changed? It's much easier to have just a single device to update than every device on the network
* Distributing the load on the NTP servers themselves. NTP is designed to be setup in a distributed "tree" hierarchy. Where the initial reference time source is passed from tier to tier of NTP servers and eventually to clients. Distributing the load like this is better for the network overall
Speaking of the "tiers" of NTP servers, NTP has the concept of the "stratum" of the NTP server. Stratum is an integer from 1 - 15 that indicates how close to the reference clock this particular source is. A stratum of `1` is the base reference. A stratum of `2` is a server that directly learned the time from the `stratum 1` server. NTP clients can be configured with multiple NTP servers for redundancy. The client will prefer a lower stratum source over a higher stratum source.
Now that we've got some background information laid out, let's get the configuring!
1. Open the console for `rtr01` and enter configuration mode.
1. Enable the router to act as an NTP server with a stratum of 5 with this command.
```
ntp master 5
```
1. Let's test that the NTP server is working, open the console for `netadmin` and send an NTP query to the router.
```
ntpd -dw -p rtr01
```
* The goal is that you'll get output that looks like this where we get a good reply from the server.
```
ntpd: reply from 10.0.0.1: offset:-18.652104 delay:0.001246 status:0x24 strat:5 refid:0x01017f7f rootdelay:0.000000 reach:0x01
```
* If you get output that looks like this that indicates the "peer is unsynced", this is an indication that `rtr01` hasn't fully synchronized it's own time with its configured NTP server.
```
ntpd: reply from 10.0.0.1: peer is unsynced
```
* If you are seeing the above in your test, remove the configured NTP server on `rtr01` and repeat the query.
```
no ntp server ntpserver.example.com
```
> In a "real network", the best solution would be to wait for the router to complete its synchronization. But with virtualized and simulated network devices like in this lab, the added overhead of simulation might prevent NTP from getting "fully healthy" and synchronized.
Once you've got a healthy result from the `ntpd` query test, your new NTP server is ready to go!
## Using NTP to synchronize `sw01` from `rtr01`
We've setup the site router to act as an NTP server, let's use it to keep the switch's clock accurate!
1. Opening the console for `sw01` and check the current time. If it is "close" to the accurate time you can leave it alone. If it is wildly different from accurate, go ahead and manually fix it.
1. Now configure the switch to use `rtr01` as its NTP server. You can use the IP address for the router, or the DNS name.
```
ntp server rtr01.example.com
```
1. Give it a few seconds for the initial NTP query to be sent and processed and check the status.
```
show ntp status
# Output
Clock is unsynchronized, stratum 6, reference is 10.0.0.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
ntp uptime is 2900 (1/100 of seconds), resolution is 4000
reference time is EB8C338C.B3B64790 (19:39:56.702 UTC Mon Mar 24 2025)
clock offset is -18902.4981 msec, root delay is 1.00 msec
root dispersion is 19097.90 msec, peer dispersion is 189.44 msec
loopfilter state is 'FREQ' (Drift being measured), drift is 0.000000000 s/s
system poll interval is 64, last update was 15 sec ago.
```
* Although the clock is indicated as unsynchronized, the synchronization process has started.
* The switch reports a `stratum 6` with a reference of `10.0.0.1`. `10.0.0.1` is `rtr01`, and remember we configured it for `stratum 5`. The switch adds `1` to the stratrum value for its own clock.
* Check the current clock offset for your network, how off is your time?
If you'd like to see the network get "in-sync", give it some time and check the status. You should see the offset shrink until it disappears and the status goes to `Clock is synchronized`. For example:
```
sw01#show ntp status
Clock is synchronized, stratum 6, reference is 10.0.0.1
nominal freq is 250.0000 Hz, actual freq is 250.1250 Hz, precision is 2**10
ntp uptime is 249000 (1/100 of seconds), resolution is 4000
reference time is EB8C3EB1.3541469D (20:27:29.208 UTC Mon Mar 24 2025)
clock offset is -91.5236 msec, root delay is 1.00 msec
root dispersion is 200.51 msec, peer dispersion is 64.49 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.000499999 s/s
system poll interval is 64, last update was 49 sec ago.
```
## Great Job!
That's all there is to the basic setup for NTP on network devices. It isn't a complicated protocol, but it is an important one.
As with many topics in networking, there are more topic areas you could explore. Accurate time is very important in network operations, and one way to disrupt a network is to inject incorrect time from unauthorized NTP servers. NTP supports authentication between servers and clients to make sure only "trusted" servers are used.
So for now, have a great ***time*** in your CCNA preparation studies!
title: CCNA Prep 2025 S2E5 NTP Basics
version: 0.2.2

5
lab-topologies/ccna-prep/s2e5/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Syncing Success: The Role of NTP in Network Operations
*Abstract:* Delve into the importance of Network Time Protocol (NTP) in maintaining synchronized time across network devices. In this session, review the steps to configure NTP for both client and server modes. Discover why synchronized time is crucial for accurate event logging, seamless coordination of network operations, and effective security measures. Master this important topic in “time” to take your exam.
![](s2e5-ntp.jpg)

BIN
lab-topologies/ccna-prep/s2e5/s2e5-ntp.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 121 KiB

1094
lab-topologies/ccna-prep/s2e6/CCNA_Prep_2025_S2E6_Syslog.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
lab-topologies/ccna-prep/s2e6/CCNA_Prep_S02E06_Syslog_Guide.pdf Normal file
View File

Binary file not shown.

5
lab-topologies/ccna-prep/s2e6/README.md Normal file
View File

@@ -0,0 +1,5 @@
# The Syslog Detective: Unraveling Network Mysteries
*Abstract:* Step into the shoes of a network detective in this engaging live event, where Syslog serves as your investigative tool. Learn how to configure Syslog to capture and analyze crucial network events, uncovering the hidden clues within your infrastructure. Through hands-on exercises, well master syslogs role in solving network mysteries by piecing together performance insights, troubleshooting issues, and enhancing security monitoring. Join us to become a Syslog sleuth and complete your CCNA Preparation.
![](s2e6-syslog.jpg)

BIN
lab-topologies/ccna-prep/s2e6/s2e6-syslog.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

934
lab-topologies/ccna-prep/s2e7/CCNA_Prep_2025_S2E7_SNMP.yaml Normal file
View File

@@ -0,0 +1,934 @@
annotations:
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'CCNA Exam Prep: Back to Networking Basics with Hank Preston and
Patrick Gargano'
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -471.6817382409052
y1: -26.525460120105087
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'Simplifying SNMP: Delivering Data for Network Operation Dashboards'
text_font: monospace
text_italic: false
text_size: 18
text_unit: pt
thickness: 1
type: text
x1: -478.8116768915578
y1: 17.039509205221208
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: |-
CCNA 1.1 Exam Topic
4.4 Explain the function of SNMP in network operations
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -483.68829366711856
y1: 211.52777439162983
z_index: 2
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: |2-
host user/pass: cisco / cisco
network enable password: enablepass
telnet password: telnetpass
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: 'Credentials:
'
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: true
text_content: ____________
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -480.0
y1: 440.0
z_index: 3
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#7FF0FA'
thickness: 2
type: rectangle
x1: -483.21004499370474
y1: 310.36986501888595
x2: 763.2100449937047
y2: 260.47255474961986
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: |-
Network Monitoring is critical to security and troubleshooting tasks. As your network grows and evolves,
centralized monitoring becomes even more important. SNMP is a protocol that allows you to remotely monitor
a wide range of settings and counters, be alerted when there are changes, and even remotely make configuration changes.
In this lab you will explore how SNMP works and how to configure and verify SNMP on Cisco devices.
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -481.93824659111294
y1: 62.64675567294343
z_index: 4
- border_color: '#00000000'
border_style: ''
color: '#808080FF'
rotation: 0
text_bold: false
text_content: ''
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 400.19267871188174
y1: 190.55284132635407
z_index: 6
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: false
text_content: |-
Concepts:
- SNMP Manager or NMS
- SNMP Agent
- MIB and OID
- SNMP Set, Get, Trap, Inform
- SNMP versions
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 337.4106520219703
y1: 316.30633613768475
z_index: 7
nodes:
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n0
image_definition: null
label: internet
node_definition: external_connector
parameters: {}
ram: null
tags: []
x: 240
y: 360
interfaces:
- id: i0
label: port
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname rtr01
!
! In order to avoid entering a configuration dialog
! on boot, please ensure that all ethernet interfaces
! have some ip configuration present here such as the
! example below:
!
interface range Ethernet 0/0 - 3
no ip address
shutdown
!
ip host rtr01.example.com 10.0.0.1
ip host sw01.example.com 192.168.0.2
ip host ntpserver.example.com 192.168.100.100
ip name-server 192.168.255.1
ip domain name example.com
ip dns server
ip dns primary example.com soa 192.168.0.1 admin@example.com 21600 900 7776000 86400
ntp server 192.168.100.100
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp pool inside
network 192.168.0.0 /24
default-router 192.168.0.1
dns-server 10.0.0.1
domain-name example.com
exit
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
permit 192.168.100.0 0.0.0.255
!
ip nat inside source list NAT interface e0/0 overload
!
interface e0/1
description Link to Inside Hosts
ip address 192.168.0.1 255.255.255.0
ip nat inside
no shut
!
interface e0/0
description Link to Internet
ip address dhcp
ip nat outside
no shut
!
interface e0/2
description Link to Lab NTP Server
ip address 192.168.100.1 255.255.255.0
ip nat inside
no shut
!
interface loopback0
ip address 10.0.0.1 255.255.255.255
!
enable secret enablepass
!
line vty 0 4
transport input telnet
login
password telnetpass
!
do clock set 00:00:00 01 Jan 1993
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n1
image_definition: null
label: rtr01
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: 0
y: 360
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname sw01
ip domain name example.com
!
vtp version 2
vtp mode transparent
!
vlan 10
name inside-network
!
interface e0/0
description Link to rtr01
switchport mode access
spanning-tree portfast
switchport access vlan 10
!
interface e0/1
description Link to netadmin
switchport mode access
spanning-tree portfast
switchport access vlan 10
!
interface loopback0
ip address 1.1.1.1 255.255.255.255
!
interface vlan 10
description Switch Management Interface
ip address 192.168.0.2 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip name-server 10.0.0.1
!
line vty 0 4
no login
transport input none
!
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: sw01
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: -200
y: 360
interfaces:
- id: i0
label: Loopback0
type: loopback
- id: i1
label: Ethernet0/0
slot: 0
type: physical
- id: i2
label: Ethernet0/1
slot: 1
type: physical
- id: i3
label: Ethernet0/2
slot: 2
type: physical
- id: i4
label: Ethernet0/3
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname netadmin
# configurable user account
USERNAME=cisco
PASSWORD=cisco
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: netadmin
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -440
y: 360
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname snmp_nms
# configurable user account
USERNAME=cisco
PASSWORD=cisco
# Static IP address
ip address add 192.168.100.100/24 dev eth0
ip route add default via 192.168.100.1
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: SNMP-NMS
node_definition: desktop
parameters: {}
ram: null
tags: []
x: -1
y: 500
interfaces:
- id: i0
label: eth0
slot: 0
type: physical
links:
- id: l0
n1: n2
n2: n1
i1: i1
i2: i2
conditioning: {}
label: sw01-Ethernet0/0<->rtr01-Ethernet0/1
- id: l1
n1: n3
n2: n2
i1: i0
i2: i2
conditioning: {}
label: netadmin-eth0<->sw01-Ethernet0/1
- id: l2
n1: n1
n2: n0
i1: i1
i2: i0
conditioning: {}
label: rtr01-Ethernet0/0<->internet-port
- id: l3
n1: n1
n2: n4
i1: i3
i2: i0
conditioning: {}
label: rtr01-Ethernet0/2<->desktop-0-eth0
lab:
description: 'Discover the essential role of Simple Network Management Protocol
(SNMP) in network operations during this interactive live event. Review why SNMP
is a fundamental tool for monitoring and managing network performance, and how
it provides critical insights into device status and operational health. Through
practical exercises, you''ll see SNMP''s capabilities in action, enabling efficient
network management and proactive troubleshooting. '
notes: |-
**CCNA Exam Prep: Back to Networking Basics with Hank Preston and Patrick Gargano -- Season 2**
# Simplifying SNMP: Delivering Data for Network Operation Dashboards
Network Monitoring is critical to security and troubleshooting tasks. As your network grows and evolves,
centralized monitoring becomes even more important. SNMP is a protocol that allows you to remotely monitor
a wide range of settings and counters, be alerted when there are changes, and even remotely make configuration changes.
In this lab you will explore how SNMP works and how to configure and verify SNMP on Cisco devices.
Related CCNA v1.1 exam topic:
* 4.4 Explain the function of SNMP in network operations
In this lab, we will:
* Explore SNMP and its different versions
* Configure and verify SNMPv2c
* Configure and verify SNMPv3
* Explore the SNMP message format and MIB using the snmpwalk command
## Setup and Scenario
In this set of lab-based demonstrations, you are a network engineer tasked with configuring SNMPv2c on a Cisco switch and SNMPv3 on a Cisco router.
You've been asked to:
* Configure the sw01 switch to send SNMPv2c traps to the NMS server.
* Configure the rtr01 router to send SNMPv3 traps to the NMS server.
*Be sure to **START** the lab before continuing to the demo lab.*
> Note: The credentials for all devices are shown in the CML topology.
## Part 1: Explore SNMP and its different versions
Before we jump into configuring SNMP, let's explore how SNMP operates and how it evolved over time.
SNMP has become the standard for network management. It is a simple, easy-to-implement protocol and is supported by nearly all vendors. SNMP defines how management information is exchanged between SNMP managers and SNMP agents. It uses the UDP transport mechanism on ports 162 and 162 to retrieve and send management information, such as MIB variables.
SNMP is typically used to gather environment and performance data such as device CPU usage, memory usage, interface traffic, interface error rate, and so on.
The SNMP manager periodically polls the SNMP agents on managed devices by querying the device for data. Agents can generate SNMP traps, which are unsolicited notifications that are sent from agent to manager. SNMP traps are event-based and provide almost real-time event notifications.
There are three important concepts when it comes to SNMP:
* The SNMP manager or network management system (NMS) collects management data from managed devices via polling or trap messages.
* The SNMP agent is found on a managed network device, it locally organizes data and sends it to the manager.
* The Management Information Base (MIB) represents a virtual information storage location that contains collections of managed objects. Within the MIB, there are objects that relate to different defined MIB modules (for example, the interface module). Objects in the MIB are referenced by their object ID (OID), which specifies the path from the tree root to the object. For example, system identification data is located under 1.3.6.1.2.1.1. Some examples of system data include the system name (OID 1.3.6.1.2.1.1.5), system location (OID 1.3.6.1.2.1.1.6), and system uptime (OID 1.3.6.1.2.1.1.3).
You can use the [Cisco SNMP SNMP Object Navigator](
https://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseOID.do?local=en) to locate and identify different OID values
There are three different versions of SNMP:
* SNMP version 1: SNMPv1 is the initial version of SNMP. SNMPv1 security is based on communities that are nothing more than passwords: plaintext strings that allow any SNMP-based application that knows the strings to gain access to the management information of a device. There are typically three communities in SNMPv1: read-only, read-write, and trap.
* SNMP version 2c: SNMPv2 was the first attempt to fix SNMPv1 security flaws. However, SNMPv2 never really took off. The only prevalent version of SNMPv2 today is SNMPv2c, which contains SNMPv2 protocol enhancements but leaves out the security features that no one could agree on. The letter "c" designates v2c as being "community-based," which means that it uses the same authentication mechanism as v1: community strings.
* SNMP version 3: SNMPv3 is the latest version. It adds support for strong authentication and private communication between managed entities. You can define a secure policy for each group, and optionally you can limit the IP addresses to which its members can belong. You have to define encryption and hashing algorithms and passwords for each user. SNMPv3 introduces three levels of security:
* Security level ``noAuthNoPriv``: No authentication is required, and no privacy (encryption) is provided.
* Security level ``authNoPriv``: Authentication is required, but no encryption is provided.
* Security level ``authPriv``: In addition to authentication, encryption is also used.
## Part 2: Configure and verify SNMPv2c on sw01
Let's deploy SNMPv2c on the sw01 switch to send traps to the SNMP_NMS device.
### Step 1
Configure an access-list for SNMPv2 use on sw01.
<pre>
sw01(config)# <b>ip access-list standard SNMP-NMS</b>
sw01(config-std-nacl)# <b>permit host 192.168.100.100</b>
sw01(config-std-nacl)# <b>exit</b>
</pre>
This ACL will be used to specify exactly where SNMP **get** and **set** messages should be coming from. In this lab, the 192.168.100.0/24 network is the management network, and the SNMP manager is located at 192.168.100.100
Note that the Alpine Linux server in this lab is not yet configured as a NMS.
### Step 2
Configure general SNMP information. Specify a location for the device, some contact information, and a chassis value.
<pre>
sw01(config)# <b>snmp-server location RCD</b>
sw01(config)# <b>snmp-server contact ccnaprep@example.com</b>
sw01(config)# <b>snmp-server chassis-id Cisco IOL-L2 Switch sw01</b>
</pre>
### Step 3
SNMPv2c using a community string-based authentication. Access can be limited further by using an access list. Create a read-only community named CCNAPREP that is limited by the SNMP-NMS ACL
<pre>
sw01(config)# <b>snmp-server community CCNAPREP ro SNMP-NMS</b>
</pre>
### Step 4
Configure 192.168.100.100 as a trap receiver using SNMPv2c and the community CCNAPREP.
<pre>
sw01(config)# <b>snmp-server host 192.168.100.100 version 2c CCNAPREP</b>
</pre>
### Step 5
Configure interface index persistence.
<pre>
sw01(config)# <b>snmp-server ifindex persist</b>
</pre>
Network monitoring systems record throughput and other interface statistics using SNMP polling. Each interface is referenced by its unique index number, which is dynamically assigned by the IOS during bootup. The index of each interface can be determined with the command ``show snmp mib ifmib ifindex``. The dynamic assignment aspect of this can be problematic for documentation. Therefore, it is a good idea to instruct the system to keep a persistent list of interfaces, rather than a dynamic one. The use of this command creates a file stored in NVRAM.
Use the ``show snmp mib ifmib ifindex`` command to verify the current interface indexes.
<pre>
sw01# <b>show snmp mib ifmib ifindex </b>
Ethernet0/1: Ifindex = 2
Ethernet0/3: Ifindex = 4
<mark>Loopback0: Ifindex = 8</mark>
Ethernet0/0: Ifindex = 1
Null0: Ifindex = 6
Vlan10: Ifindex = 7
Ethernet0/2: Ifindex = 3
SR0: Ifindex = 5
</pre>
Notice that the Loopback 0 interface in the output above has an index value of 8. Your actual values might differ.
### Step 6
Enable SNMP to send a trap to the NMS server when an interface on the switch goes down or up.
<pre>
sw01(config)# <b>snmp-server enable traps snmp linkdown linkup </b>
</pre>
This final SNMP configuration command actually enables the forwarding of traps to the configured trap receiver. As a part of this command, traps can be limited (as they can be in the ``snmp-server host`` command). For this lab, you will send a trap to the NMS anytime an interface goes down or up.
### Step 7
Start a Packet Capture on the link between rtr01 and the NMS server and filter the capture to UDP port 162.
### Step 8
Verify SNMP configuration
To verify that traps are being sent, issue the command ``debug snmp packets`` and then shutdown the Loopback 0 interface. You should see debug output indicating that an SNMP packet was sent. It might take a few moments for the switch to start sending traps and for them to appear in the packet capture.
<pre>
sw01# <b>debug snmp packets</b>
sw01# config t
sw01(config)# <b>interface loopback 0</b>
sw01(config-if)# <b>shut</b>
sw01(config-if)#
*Apr 26 01:10:18.534: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down
*Apr 26 01:10:18.534: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
sw01(config-if)#
*Apr 26 01:10:18.534: SNMP: Queuing packet to 192.168.100.100
*Apr 26 01:10:18.534: SNMP: V2 Trap, reqid 10, errstat 0, erridx 0
sysUpTime.0 = 2047407
snmpTrapOID.0 = snmpTraps.3
ifIndex.8 = 8
ifDescr.8 = Loopback0
ifType.8 = 24
lifEntry.20.8 = administratively down
<mark>*Apr 26 01:10:18.784: SNMP: Packet sent via UDP to 192.168.100.100</mark>
</pre>
Notice in the output that a packet was sent to 192.168.100.100 using UDP, and that the message references the Loopback0 interface and shows that the interface was manually shutdown.
### Step 9
Verify the SNMP packet in the Packet Capture.
Click the captured packet and open the SNMP line in the packet details. Expand all the available lines. You will see that CML does not interpret or convert the ASCII values for the individual OID entries in the SNMP packet. You will need Wireshark to help you with that. Wireshark is a free and open-source network protocol analyzer used for troubleshooting, analyzing, and debugging network problems. It captures and displays network traffic, allowing users to examine data at the packet level. This tool is valuable for network administrators, security professionals, and developers to understand how applications communicate and identify potential security issues. Although CML's Packet Capture tool is very powerful, for advanced packet analysis, Wireshark is invaluable.
> You can download Wireshark [here](https://www.wireshark.org/download.html).
In CML, click the ``Download`` button in the Packet Capture window to save the PCAP to your PC. Open the PCAP file using Wireshark. Expand the SNMP line and all its entries. This time you will be able to read in clear text the information contained in the SNMP packet. You should see the index value of the interface (8), the name of the interface (Loopback0), and the status of the interface (administratively down).
### Step 10
Verify general SNMP settings using the ``show snmp`` command.
<pre>
sw01# <b>show snmp</b>
<mark>Chassis: Cisco IOL-L2 Switch sw01
Contact: ccnaprep@example.com
Location: RCD</mark>
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
0 Dispatcher queue packet drops (Maximum queue size 75)
1 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
<mark>1 Trap PDUs</mark>
Packets currently in SNMP process input queue: 0, max 1000
Packets currently in SNMP PDU dispatcher queue: 0, max 75
SNMP global trap: enabled
<mark>SNMP logging: enabled
Logging to 192.168.100.100.162, 0/10, 1 sent, 0 dropped.</mark>
</pre>
The output confirms the basic SNMP settings and how many trap messages were sent to the NMS.
### Step 11
Verify the SNMP configuration found in the running-config on sw01.
<pre>
sw01# <b>show run | section snmp</b>
snmp-server community CCNAPREP RO SNMP-NMS
snmp-server location RCD
snmp-server contact ccnaprep@example.com
snmp-server chassis-id Cisco IOL-L2 Switch sw01
snmp-server enable traps snmp linkdown linkup
snmp-server host 192.168.100.100 version 2c CCNAPREP
snmp ifmib ifindex persist
</pre>
## Part 3: Configure and verify SNMPv3 on rtr01
Let's deploy SNMPv3 on the rtr01 router to send traps to the SNMP-NMS device. The configuration for SNMPv3 is quite different to what you did on sw01 for SNMPv2c. For SNMPv3, instead of a community string, you need to configure the following:
* SNMP view: Views specify which MIB objects are visible to a particular group.
* SNMP group: Groups are used to combine users and assign them to specific views and security levels.
* SNMP user: Once groups and views are defined, users are assigned to a specific group.
In summary, views define what information is visible, groups define who can access that information, and users are assigned to groups to inherit the access permissions. This layered approach provides flexibility and granular control over SNMPv3 access on Cisco devices.
### Step 1
Configure an access-list for SNMPv3 use on rtr01.
<pre>
rtr01(config)# <b>ip access-list standard SNMP-NMS</b>
rtr01(config-std-nacl)# <b>permit host 192.168.100.100</b>
rtr01(config-std-nacl)# <b>exit</b>
</pre>
This ACL is identical to the ACL you configured on sw01 and limits access to the router's MIB .
### Step 2
Configure a SNMPv3 view called SNMP-RO that includes the entire ``iso`` tree from the MIB.
<pre>
rtr01(config)# <b>snmp-server view SNMP-RO iso included</b>
</pre>
In a production network, you would want to restrict the view to a smaller subset of MIBs.
### Step 3
Configure a read-only SNMPv3 group with the highest level of security supported and assigned the ACL defined in Step 1.
<pre>
rtr01(config)# <b>snmp-server group ADMIN v3 priv read SNMP-RO access SNMP-NMS</b>
</pre>
A read-only SNMP group is configured with the name ADMIN, it is set to SNMPv3 with authentication and encryption required, and only allows access to the host permitted in the SNMP-NMS ACL.
### Step 4
Configure a SNMPv3 user, assign it to the ADMIN group, and use SHA-1 and AES-128 for authentication and encryption.
<pre>
rtr01(config)# <b>snmp-server user USER1 ADMIN v3 auth sha cisco12345 priv aes 128
cisco54321</b>
rtr01(config)#
Jan 1 01:52:49.896: Configuring snmpv3 USM user, persisting snmpEngineBoots. Please Wait...
</pre>
Once the user is created, you should get a message at the console indicating that the internal SNMP process is starting up.
### Step 5
Configure a SNMPv3 trap receiver at 192.168.100.100 and assign the user created in Step 4.
<pre>
rtr01(config)# <b>snmp-server host 192.168.100.100 version 3 priv USER1</b>
</pre>
### Step 6
Enable SNMP trap sending to send a trap to the NMS server when an interface on the router goes down or up.
<pre>
rtr01(config)# <b>snmp-server enable traps snmp linkdown linkup </b>
</pre>
### Step 7
Configure interface index persistence.
<pre>
rtr01(config)# <b>snmp-server ifindex persist</b>
</pre>
### Step 8
Save your configuration to NVRAM and reload the rtr01 router.
<pre>
rtr01# <b>copy run start</b>
Destination filename [startup-config]?
Building configuration...
[OK]
rtr01# <b>reload</b>
Proceed with reload? [confirm]
</pre>
> Note: Because of a bug in the Cisco IOL image in CML, you need to reboot the router after starting the SNMPv3 process to ensure that the next steps work correctly. Configuration of SNMPv3 in a production network does NOT require a device reboot.
### Step 8
After the router reboots and you can log back into Privileged EXEC mode, start a Packet Capture on the link between rtr01 and the NMS server and filter the capture to UDP port 162.
### Step 9
Verify SNMP configuration
To verify that traps are being sent, issue the command ``debug snmp packets`` and shutdown the E0/0 interface and then re-enable it. You should see debug output indicating that two SNMP packets were sent. It might take a few moments for the router to start sending traps and for them to appear in the packet capture.
<pre>
rtr01# <b>debug snmp packets</b>
SNMP packet debugging is on
rtr01# <b>conf t</b>
Enter configuration commands, one per line. End with CNTL/Z.
rtr01(config)# <b>interface e0/0</b>
rtr01(config-if)# <b>shutdown</b>
rtr01(config-if)#
Apr 26 01:10:18.534: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
Apr 26 01:10:19.534: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
rtr01(config-if)# <b>no shutdown</b>
rtr01(config-if)#
Apr 26 01:10:20.534: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
rtr01(config-if)#
Apr 26 01:10:21.534: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
rtr01(config-if)#
Apr 26 01:10:22.534: %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 192.168.255.184, mask 255.255.255.0, hostname rtr01
rtr01(config-if)#
Apr 26 01:10:23.534: SNMP: Queuing packet to 192.168.100.100
Apr 26 01:10:23.534: SNMP: V2 Trap, reqid 1, errstat 0, erridx 0
sysUpTime.0 = 754478
snmpTrapOID.0 = snmpTraps.3
ifIndex.1 = 1
ifDescr.1 = Ethernet0/0
ifType.1 = 6
lifEntry.20.1 = administratively down
Apr 26 01:10:24.534: SNMP: Queuing packet to 192.168.100.100
Apr 26 01:10:24.534: SNMP: V2 Trap, reqid 2, errstat 0, erridx 0
sysUpTime.0 = 754479
snmpTrapOID.0 = snmpTraps.4
ifIndex.1 = 1
ifDescr.1 = Ethernet0/0
ifType.1 = 6
lifEntry.20.1 = up
<mark>Apr 26 01:10:25.534: SNMP: Packet sent via UDP to 192.168.100.100
Apr 26 01:10:25.534: SNMP: Packet sent via UDP to 192.168.100.100</mark>
</pre>
Notice that in the output above, two traps were sent after the interface was brought back up. Your results might differ but you should still get two traps captures in the Packet Capture window.
Disable debugging with the ``do undebug all`` command.
### Step 10
Decrypt the SNMPv3 PCAP using Wireshark.
Notice that the ``Info`` column of the Packet Capture window shows that the PDU is encrypted and that the private key is unknown. You will need to download the PCAP from CML and use Wireshark to decrypt the SNMPv3 packet.
Click the ``Download`` button in the Packet Capture window and open the PCAP in Wireshark on your PC.
Right-click one of the SNMPv3 packets displayed in the top window in Wireshark, select ``Protocol Preferences`` from the menu, select ``Simple Network Management Protocol`` and then select ``Users Table``.
Click the ``+`` button to create a new user entry. Enter the following values:
User: USER1
Authentication Model: SHA-1
Password: cisco12345
Privacy Protocol: AES
Privacy password: cisco54321
Click ``Ok`` to save the USER1 table entry.
Fully expand the ``msgData: encryptedPDU`` entry. In the last expanded field, you will see information relating to the Ethernet 0/0 interface ("administratively down" or "up" depending on the SNMPv3 packet you have selected.
# Step 11
Verify the SNMPv3 configuration on rtr01.
<pre>
rtr01# <b>show snmp</b>
Chassis: 131184943
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
0 Dispatcher queue packet drops (Maximum queue size 75)
2 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
2 Trap PDUs
Packets currently in SNMP process input queue: 0, max 1000
Packets currently in SNMP PDU dispatcher queue: 0, max 75
SNMP global trap: disabled
SNMP logging: enabled
Logging to 192.168.100.100.162, 0/10, 2 sent, 0 dropped.
rtr01# <b>show snmp group</b>
groupname: ADMIN security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : SNMP-RO writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active access-list: SNMP-NMS
rtr01# <b>show snmp user </b>
User name: USER1
Engine ID: 800000090300AABBCC012F00
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: ADMIN
</pre>
### Step 12
Install SNMP and SNMP tools on the SNMP-NMS device and perform a SNMP walk on the rtr01 device.
``snmpwalk`` is a command-line utility used to retrieve a subtree of management values from a network device using SNMP GETNEXT requests. It's essentially a tool that automates the process of querying multiple SNMP-enabled devices for information, instead of having to query each device individually. This allows you to gather a wide range of data from devices like routers, switches, and other network infrastructure.
<pre>
snmp_nms:~$ <b>sudo apk add net-snmp</b>
fetch http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
(1/4) Installing net-snmp-libs (5.9.3-r1)
(2/4) Installing net-snmp-agent-libs (5.9.3-r1)
(3/4) Installing net-snmp (5.9.3-r1)
(4/4) Installing net-snmp-openrc (5.9.3-r1)
Executing busybox-1.33.1-r8.trigger
OK: 1215 MiB in 334 packages
snmp_nms:~$ <b>sudo apk add net-snmp-tools</b>
(1/1) Installing net-snmp-tools (5.9.3-r1)
Executing busybox-1.33.1-r8.trigger
OK: 1216 MiB in 335 packages
snmp_nms:~$ <b>snmpwalk -v3 -u USER1 -l authPriv -a SHA -A "cisco12345" -x AES -X "cisco54321" 192.168.100.1 1.3.6.1.2.1.1</b>
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software [Dublin], Linux Software (X86_64BI_LINUX-ADVENTERPRISEK9-M), Version 17.12.1, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Thu 27-Jul-23 22:33 by m
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.1
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1072907) 2:58:49.07
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: rtr01.example.com
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 78
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
</pre>
In the ``snmpwalk`` command above, you must specify the following parameters:
* SNMP version
* the user name
* the level of securty (auth and priv)
* the level of SHA authentication and the password
* the level of AES encryption and the password
* the IP address of the device to check (rtr01)
* the OID your want to view (in this case, the router's system information)
In the example above, the OID specified pulls system and IOS version information from a device.
Use the ``snmpwalk`` command and explore other OID values, like 1.3.6.1.2.1.4.24 (routing table) or 1.3.6.1.2.1.2.2.1.8 (operational status of the devices interfaces.)
Congratulations! You have completed the lab. You learned how to configure and verify SNMPv2c and SNMPv3, as well as use Wireshark and ``snmpwalk`` to analyze and gather OIDs from Cisco routers and switches.
title: CCNA Prep 2025 S2E7 SNMP
version: 0.2.2

BIN
lab-topologies/ccna-prep/s2e7/CCNA_Prep_S02E07_SNMP_Guide.pdf Normal file
View File

Binary file not shown.

5
lab-topologies/ccna-prep/s2e7/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Simplifying SNMP: Delivering Data for Network Operation Dashboards
*Abstract:* Discover the essential role of Simple Network Management Protocol (SNMP) in network operations during this interactive live event. Review why SNMP is a fundamental tool for monitoring and managing network performance, and how it provides critical insights into device status and operational health. Through practical exercises, you'll see SNMP's capabilities in action, enabling efficient network management and proactive troubleshooting.
![](s2e7-snmp.jpg)

BIN
lab-topologies/ccna-prep/s2e7/s2e7-snmp.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

2
lab-topologies/ciscolive-brkcrt-2059

Submodule lab-topologies/ciscolive-brkcrt-2059 updated: 780011fe2a...d13fd45574

23
lab-topologies/cml-free/vlan-tasks/README.md Normal file
View File

@@ -0,0 +1,23 @@
# VLAN Tasks
## Introduction
These topologies are designed to work with CML Free and give the learner VLAN-centric configuration
and verification tasks to perform. The tasks themselves align with the CCNA exam blueprint's tasks
2.1 and 2.2.
![VLAN Tasks Topology](screenshot.png "VLAN Tasks Topology")
## Getting Started
The `topology.yaml` file is the initial starting point. Import it into CML using the **Import** button
from the CML Dashboard.
Within the lab, click the **GUIDE** button to view the instructions.
## Using the Solution
If you get stuck or just want to check your work, import the `topology-solution.yaml` file in the same
way you imported `topology.yaml`. This provides you with the nodes configured correctly and a sample
`traceroute` output verifying the correct path is taken.

BIN
lab-topologies/cml-free/vlan-tasks/screenshot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 234 KiB

822
lab-topologies/cml-free/vlan-tasks/topology-solution.yaml Normal file
View File

@@ -0,0 +1,822 @@
annotations:
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#F8EFBB'
rotation: 0
thickness: 1
type: rectangle
x1: 440.0
y1: 40.0
x2: 440.0
y2: 120.0
z_index: 0
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#C4D9F0'
rotation: 0
thickness: 1
type: rectangle
x1: 440.0
y1: 387.0
x2: 436.0
y2: 120.0
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#000000FF'
rotation: 0
text_bold: true
text_content: VLAN 10
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 800.0
y1: 56.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#000000FF'
rotation: 0
text_bold: true
text_content: VLAN 20
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 798.0
y1: 485.0
z_index: 4
- border_color: '#808080FF'
border_style: ''
color: '#5FD34A'
rotation: 0
thickness: 1
type: ellipse
x1: 649.1808510638298
y1: 261.84574468085106
x2: 26.10638297872339
y2: 39.93794326241135
z_index: 5
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: VLANs 10 and 20 ONLY trunked here.
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -15.497049430398334
y1: 188.37721292720124
z_index: 6
- border_color: '#808080FF'
border_style: ''
color: '#000000'
line_end: arrow
line_start: null
thickness: 1
type: line
x1: 320.0
y1: 200.0
x2: 609.8262411347517
y2: 222.16312056737587
z_index: 7
- border_color: '#808080FF'
border_style: ''
color: '#5FD34A'
rotation: 0
thickness: 1
type: ellipse
x1: 836.3120567375887
y1: 261.78014184397153
x2: 26.10638297872339
y2: 41.52836879432627
z_index: 5
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: VLANs 10 and 20 ONLY trunked here.
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 990.8754995421232
y1: 171.1980648504783
z_index: 6
- border_color: '#808080FF'
border_style: ''
color: '#000000'
line_end: arrow
line_start: null
thickness: 1
type: line
x1: 1060.2659574468087
y1: 198.9787234042553
x2: 876.4468085106384
y2: 222.16312056737587
z_index: 8
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: |-
Use 192.168.10.1/24 for VLAN 10
Use 192.168.20.1/24 for VLAN 20
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 920.0
y1: 320.0
z_index: 9
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: |-
IP address 192.168.10.2
Login:
cisco / cisco
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 480.0
y1: 80.0
z_index: 10
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: |-
IP address 192.168.20.2
Login:
cisco / cisco
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 587.0857921413347
y1: 419.83431685653386
z_index: 10
smart_annotations: []
nodes:
- boot_disk_size: 16
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname PC
# configurable user account
ip addr add 192.168.10.2/24 dev eth0
ip route add default via 192.168.10.1
USERNAME=cisco
PASSWORD=cisco
cpu_limit: 100
cpus: 1
data_volume: 0
hide_links: false
id: n0
image_definition: null
label: PC
node_definition: desktop
parameters: {}
ram: 512
tags: []
x: 742
y: 91
interfaces:
- id: i0
label: eth0
mac_address: null
slot: 0
type: physical
- boot_disk_size: 16
configuration:
- name: iosxe_config.txt
content: |-
# this is a shell script which will be sourced at boot
hostname server
# configurable user account
USERNAME=cisco
PASSWORD=cisco
ifconfig eth0 inet 192.168.20.2 netmask 255.255.255.0
route add default gw 192.168.20.1
# no password for tc user by default
TC_PASSWORD=
cpu_limit: 100
cpus: 1
data_volume: 0
hide_links: false
id: n1
image_definition: server-tcl-11-1
label: server
node_definition: server
parameters: {}
ram: 128
tags: []
x: 552
y: 440
interfaces:
- id: i0
label: eth0
mac_address: null
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname RTR
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
login on-success log
no ipv6 cef
!
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
memory free low-watermark processor 81225
!
!
spanning-tree mode rapid-pvst
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip ssh bulk-mode 131072
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: RTR
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: 941
y: 260
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
slot: 0
type: physical
- id: i2
label: Ethernet0/1
mac_address: null
slot: 1
type: physical
- id: i3
label: Ethernet0/2
mac_address: null
slot: 2
type: physical
- id: i4
label: Ethernet0/3
mac_address: null
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
service timestamps debug datetime msec
service timestamps log datetime msec
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
ip audit notify log
ip audit po max-events 100
ip cef
login on-success log
no ipv6 cef
!
!
!
!
!
!
!
vtp mode transparent
vtp version 1
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-131184641
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-131184641
revocation-check none
rsakeypair TP-self-signed-131184641
hash sha256
!
!
crypto pki certificate chain TP-self-signed-131184641
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333131 38343634 31301E17 0D323530 32323331 34343933
345A170D 33353032 32333134 34393334 5A303031 2E302C06 03550403 0C25494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3133 31313834
36343130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 97F955E7 550CEB36 937AD820 21DD1ED4 A1CC9477 7367A640 BEA04847
8B5AB68E C47DDF62 21F19260 2574A025 EDEA4F96 453E0BF7 B6C2DF09 7D1D74F3
91575A00 ADE1F99B 0E2075BB 3F620FCF 00CC6436 CBC80C99 2B426098 FF480AAE
33B67914 851BBDF2 320BBA3F 1D36FCF0 115AA0C4 5D58E385 D9B6F736 0E592909
1A63FDE5 FF2A4BD1 F34BDE50 B07B5270 DAC09EAA EB9C75AE 3E980FD3 35CB9663
60198D19 327915A8 358A2A84 BE33A78C 626F1AB4 20D1C06C 848A55F6 FC05BA75
DE6A61D0 07380927 E9DC8329 61365E78 B6744D4F 3C4BE570 703808AB 96BE5E95
0660814D 59747251 8D38756E 3F48706D CFDB3C9E F5A67AB5 3B14E416 9515A44B
93BD71A9 02030100 01A35330 51301D06 03551D0E 04160414 8A026A3B 1C7C62DB
323FC051 12FEED9F BAB36CA8 301F0603 551D2304 18301680 148A026A 3B1C7C62
DB323FC0 5112FEED 9FBAB36C A8300F06 03551D13 0101FF04 05300301 01FF300D
06092A86 4886F70D 01010B05 00038201 010065F3 CE4548DF 6CD09CF8 8EE03FB0
EFD0F2F1 8FCC274A 16684E91 7918FA7C A14911D2 D1E2FDFC B9387841 9B5FDFBA
7B3CA330 8EE304DA 8F7AB174 20CD050F 5DFE51A5 29FA236C 4616BB18 9F91D9BF
5883E2E8 FF444E31 9D47291C 1BDE4C1D 1AF1B9EB B55A3F6A 01FCC107 EA65CFC5
7A458842 B4D765BF 3825B21B 4E973BE1 578D09E8 FD96E752 F5051703 EA50D1DB
21A04A24 C9B993D5 964379CE F4EE20E8 70855783 AD366AEE D2B83412 E5713542
55064B43 CBE43CE6 D267B60A EFD76F93 6E980FDC 721A56A8 E48E06DD C996C9E5
2200D4E5 39D05D5A 69770F2E 33964A27 D31350FB E1A44BFA 983273C4 0CEEDDC4
9055D03A 35B7100F 73C7741F A4EA546B 746C
quit
!
!
memory free low-watermark processor 80589
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 10
name PCs
!
vlan 20
name SERVERs
!
!
!
!
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface Ethernet0/1
switchport access vlan 10
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface Ethernet0/3
!
ip forward-protocol nd
!
!
ip http server
ip http secure-server
ip ssh bulk-mode 131072
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input ssh
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: SW1
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: 740
y: 263
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
slot: 0
type: physical
- id: i2
label: Ethernet0/1
mac_address: null
slot: 1
type: physical
- id: i3
label: Ethernet0/2
mac_address: null
slot: 2
type: physical
- id: i4
label: Ethernet0/3
mac_address: null
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
service timestamps debug datetime msec
service timestamps log datetime msec
service compress-config
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
ip audit notify log
ip audit po max-events 100
ip cef
login on-success log
no ipv6 cef
!
!
!
!
!
!
!
vtp mode transparent
vtp version 1
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-131184643
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-131184643
revocation-check none
rsakeypair TP-self-signed-131184643
hash sha256
!
!
crypto pki certificate chain TP-self-signed-131184643
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
30312E30 2C060355 04030C25 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333131 38343634 33301E17 0D323530 32323331 34343933
375A170D 33353032 32333134 34393337 5A303031 2E302C06 03550403 0C25494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3133 31313834
36343330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 CF90789C 82BAC8C4 7415DD3D 50A3585C 1DA872DB 6A5D7AED EC39BA0D
C264E3F4 14A4A7B1 CA13155E 806DB41D EF43F041 672053EB CDE6B54A 80F5FA64
F5564647 03E1038B 5C6AE1FE B3D31A18 E542C7ED C8550553 9B5C27FC BF943A96
57E50792 C3FBCC79 265E2011 043E5796 55BA5CB8 61A28B8B A11E0CF9 FDE5C63A
04F20604 9E076B08 92AF67D5 D796AEDA B3BFD526 657BE2E5 59956F36 F2F9B667
7E3BF299 B6C0CB6F 8FE8FA6C 41AE9970 C14F3390 C044AAAE 30AA3204 CB9B0534
93064AE5 6D7836DB DEDD5668 828D035B 6807EF38 ECE035B6 A18401CA 39162EA3
87D247A3 E7D9121C 7FB777C8 66CC7208 618D71A8 C64A6D98 A6F4C47D 5F0FCBA2
78CE6A4D 02030100 01A35330 51301D06 03551D0E 04160414 9D23C421 B20479C0
3859F14B D632B6F2 C9EFE989 301F0603 551D2304 18301680 149D23C4 21B20479
C03859F1 4BD632B6 F2C9EFE9 89300F06 03551D13 0101FF04 05300301 01FF300D
06092A86 4886F70D 01010B05 00038201 01006D6C A797D963 FFD56DF9 AC76FD0A
46A1589B 6725478D C67CEAB2 535FDB14 729D5908 4A84ED28 D6C52A2A 5E36647A
29854FDA 0355B011 F7AD59C9 DD5EB0AC A24ADE7A C54E86EF DC44F3DB DDE1A56A
06063D62 3928131D A3858542 641B6086 6D6D5D1C D5B3DE7D D17F9993 397AA85C
1E0C8938 AED3F88A 3440BA61 F3B791DE BFD4E61A E6494E0E F671BDE1 A14F779F
DE374560 A039A550 1906D3BA A3705333 66C4E1EA E3637BA4 2B130BDE 735441F3
F70E8182 7C2FAF28 9DA8D764 31037F40 BE0CEF7F 41EE59F7 AF57057B 7522E470
13DA08DF 3E75B6BA A749C4F2 3F51D1BE 9F8584C0 FC6985CC 2F28D95A 6B5E0DE1
306580FE C08012D1 94952A78 EA64C795 7A9A
quit
!
!
memory free low-watermark processor 80589
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 10
name PCs
!
vlan 20
name SERVERs
!
!
!
!
!
interface Ethernet0/0
switchport access vlan 20
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface Ethernet0/2
!
interface Ethernet0/3
!
ip forward-protocol nd
!
!
ip http server
ip http secure-server
ip ssh bulk-mode 131072
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input ssh
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: SW2
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: 552
y: 265
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
slot: 0
type: physical
- id: i2
label: Ethernet0/1
mac_address: null
slot: 1
type: physical
- id: i3
label: Ethernet0/2
mac_address: null
slot: 2
type: physical
- id: i4
label: Ethernet0/3
mac_address: null
slot: 3
type: physical
links:
- id: l0
n1: n3
n2: n2
i1: i1
i2: i1
conditioning: {}
label: SW1-Ethernet0/0<->RTR-Ethernet0/0
- id: l1
n1: n3
n2: n0
i1: i2
i2: i0
conditioning: {}
label: SW1-Ethernet0/1<->PC-eth0
- id: l2
n1: n4
n2: n1
i1: i1
i2: i0
conditioning: {}
label: SW2-Ethernet0/0<->server-eth0
- id: l3
n1: n4
n2: n3
i1: i2
i2: i3
conditioning: {}
label: SW2-Ethernet0/1<->SW1-Ethernet0/2
lab:
description: ''
notes: |-
# CCNA: Implement Multiple VLANs and Basic Routing Between the VLANs
In this lab you need to do the following:
- Implement VLAN assignments on two switches
- Configure a dot1q trunk between those switches
- Configure a dot1q trunk between one switch and a router that will handle the routing for the VLANs
- Configure VLAN trunking on that router to act as a gateway between VLANs
- Verify that connectivity exists between hosts in the lab on each VLAN, and that the connectivity goes through the router
All nodes have been pre-configured. Login to `PC` and run `traceroute -n 192.168.20.2`. That will trace the path between the PC and the server. Your output
should look like the following. Note: the `-n` argument skips DNS lookups to make the `traceroute` run faster.
```
PC:~$ traceroute -n 192.168.20.2
traceroute to 192.168.20.2 (192.168.20.2), 30 hops max, 46 byte packets
1 192.168.10.1 1.036 ms 0.803 ms 0.805 ms
2 192.168.20.2 3.595 ms 1.691 ms 1.708 ms
```
In the output above, **192.168.10.1** is `RTR`, which is performing the routing between the VLANs.
title: Sample Lab 1 FREE (VLAN Configuration) Solution
version: 0.3.0

682
lab-topologies/cml-free/vlan-tasks/topology.yaml Normal file
View File

@@ -0,0 +1,682 @@
annotations:
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#F8EFBB'
rotation: 0
thickness: 1
type: rectangle
x1: 440.0
y1: 40.0
x2: 440.0
y2: 120.0
z_index: 0
- border_color: '#808080FF'
border_radius: 2
border_style: ''
color: '#C4D9F0'
rotation: 0
thickness: 1
type: rectangle
x1: 440.0
y1: 387.0
x2: 436.0
y2: 120.0
z_index: 1
- border_color: '#00000000'
border_style: ''
color: '#000000FF'
rotation: 0
text_bold: true
text_content: VLAN 10
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 800.0
y1: 56.0
z_index: 3
- border_color: '#00000000'
border_style: ''
color: '#000000FF'
rotation: 0
text_bold: true
text_content: VLAN 20
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 798.0
y1: 485.0
z_index: 4
- border_color: '#808080FF'
border_style: ''
color: '#5FD34A'
rotation: 0
thickness: 1
type: ellipse
x1: 649.1808510638298
y1: 261.84574468085106
x2: 26.10638297872339
y2: 39.93794326241135
z_index: 5
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: VLANs 10 and 20 ONLY trunked here.
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -15.497049430398334
y1: 188.37721292720124
z_index: 6
- border_color: '#808080FF'
border_style: ''
color: '#000000'
line_end: arrow
line_start: null
thickness: 1
type: line
x1: 320.0
y1: 200.0
x2: 609.8262411347517
y2: 222.16312056737587
z_index: 7
- border_color: '#808080FF'
border_style: ''
color: '#5FD34A'
rotation: 0
thickness: 1
type: ellipse
x1: 836.3120567375887
y1: 261.78014184397153
x2: 26.10638297872339
y2: 41.52836879432627
z_index: 5
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: VLANs 10 and 20 ONLY trunked here.
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 990.8754995421232
y1: 171.1980648504783
z_index: 6
- border_color: '#808080FF'
border_style: ''
color: '#000000'
line_end: arrow
line_start: null
thickness: 1
type: line
x1: 1060.2659574468087
y1: 198.9787234042553
x2: 876.4468085106384
y2: 222.16312056737587
z_index: 8
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: |-
Use 192.168.10.1/24 for VLAN 10
Use 192.168.20.1/24 for VLAN 20
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 920.0
y1: 320.0
z_index: 9
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: |-
IP address 192.168.10.2
Login:
cisco / cisco
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 480.0
y1: 80.0
z_index: 10
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: |-
IP address 192.168.20.2
Login:
cisco / cisco
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: 587.0857921413347
y1: 421.2179892684938
z_index: 10
smart_annotations: []
nodes:
- boot_disk_size: 16
configuration:
- name: node.cfg
content: |-
# this is a shell script which will be sourced at boot
hostname PC
# configurable user account
ip addr add 192.168.10.2/24 dev eth0
ip route add default via 192.168.10.1
USERNAME=cisco
PASSWORD=cisco
cpu_limit: 100
cpus: 1
data_volume: 0
hide_links: false
id: n0
image_definition: null
label: PC
node_definition: desktop
parameters: {}
ram: 512
tags: []
x: 742
y: 91
interfaces:
- id: i0
label: eth0
mac_address: null
slot: 0
type: physical
- boot_disk_size: 16
configuration:
- name: iosxe_config.txt
content: |-
# this is a shell script which will be sourced at boot
hostname server
# configurable user account
USERNAME=cisco
PASSWORD=cisco
ifconfig eth0 inet 192.168.20.2 netmask 255.255.255.0
route add default gw 192.168.20.1
# no password for tc user by default
TC_PASSWORD=
cpu_limit: 100
cpus: 1
data_volume: 0
hide_links: false
id: n1
image_definition: server-tcl-11-1
label: server
node_definition: server
parameters: {}
ram: 128
tags: []
x: 552
y: 440
interfaces:
- id: i0
label: eth0
mac_address: null
slot: 0
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname RTR
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
login on-success log
no ipv6 cef
!
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
memory free low-watermark processor 81225
!
!
spanning-tree mode rapid-pvst
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
no shutdown
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip ssh bulk-mode 131072
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: RTR
node_definition: iol-xe
parameters: {}
ram: null
tags: []
x: 941
y: 260
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
slot: 0
type: physical
- id: i2
label: Ethernet0/1
mac_address: null
slot: 1
type: physical
- id: i3
label: Ethernet0/2
mac_address: null
slot: 2
type: physical
- id: i4
label: Ethernet0/3
mac_address: null
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
vtp mode transparent
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
negotiation auto
!
interface GigabitEthernet0/1
negotiation auto
!
interface GigabitEthernet0/2
negotiation auto
!
interface GigabitEthernet0/3
negotiation auto
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
!
control-plane
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: SW1
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: 740
y: 263
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
slot: 0
type: physical
- id: i2
label: Ethernet0/1
mac_address: null
slot: 1
type: physical
- id: i3
label: Ethernet0/2
mac_address: null
slot: 2
type: physical
- id: i4
label: Ethernet0/3
mac_address: null
slot: 3
type: physical
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
vtp mode transparent
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
negotiation auto
!
interface GigabitEthernet0/1
negotiation auto
!
interface GigabitEthernet0/2
negotiation auto
!
interface GigabitEthernet0/3
negotiation auto
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: SW2
node_definition: ioll2-xe
parameters: {}
ram: null
tags: []
x: 552
y: 265
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
slot: 0
type: physical
- id: i2
label: Ethernet0/1
mac_address: null
slot: 1
type: physical
- id: i3
label: Ethernet0/2
mac_address: null
slot: 2
type: physical
- id: i4
label: Ethernet0/3
mac_address: null
slot: 3
type: physical
links:
- id: l0
n1: n3
n2: n2
i1: i1
i2: i1
conditioning: {}
label: SW1-Ethernet0/0<->RTR-Ethernet0/0
- id: l1
n1: n3
n2: n0
i1: i2
i2: i0
conditioning: {}
label: SW1-Ethernet0/1<->PC-eth0
- id: l2
n1: n4
n2: n1
i1: i1
i2: i0
conditioning: {}
label: iol-l2-0-Ethernet0/0<->server-eth0
- id: l3
n1: n4
n2: n3
i1: i2
i2: i3
conditioning: {}
label: iol-l2-0-Ethernet0/1<->SW1-Ethernet0/2
lab:
description: ''
notes: |-
# CCNA: Implement Multiple VLANs and Basic Routing Between the VLANs
In this lab you need to do the following:
- Implement VLAN assignments on two switches
- Configure a dot1q trunk between those switches
- Configure a dot1q trunk between one switch and a router that will handle the routing for the VLANs
- Configure VLAN trunking on that router to act as a gateway between VLANs
- Verify that connectivity exists between hosts in the lab on each VLAN, and that the connectivity goes through the router
title: Sample Lab 1 FREE (VLAN Configuration)
version: 0.3.0

31
node-definitions/arista/veos/README.md
View File

@@ -10,8 +10,37 @@ A valid vEOS image can be downloaded the through Arista support portal. https://
### Notes
This node definition uses recommended values for vEOS instances. However, lowering the DRAM to 1.5GB should theoritically work but YMMV.
This node definition uses recommended values for vEOS instances. However, lowering the DRAM to 1.5GB should theoritically work but YMMV.
> [!IMPORTANT]
> For day0 configuration (`veos_usr.dat` file on ISO drive labeled `ARISTA_CONFIG_DRIVE`) to work, you must boot the QCOW2 image from Arista, allow it to install the full `vEOS-lab.swi` image, touch the file `/mnt/flash/kickstart-config`, then shut the system down. This image will become your base QCOW2 image to load into CML.
* First boot the raw image:
```
...
Data in /mnt/flash/vEOS-lab.swi differs from previous boot image on /mnt/flash.
Saving new boot image to /mnt/flash...
...
localhost login: admin
localhost>en
localhost#bash
Arista Networks EOS shell
[admin@localhost ~]$ sudo cat /mnt/flash/.CloudInitLogs
Execute sudo mount /dev/disk/by-label/ARISTA_CONFIG_DRIVE /tmp/userdata8c9kqk8e
Output:
Erorr : b'mount: /tmp/userdata8c9kqk8e: WARNING: source write-protected, mounted read-only.\n'
Caught exception [Errno 2] No such file or directory: '/mnt/flash/kickstart-config'. Ignoring KVM CloudInit
Execute sudo umount /tmp/userdata8c9kqk8e
Output:
Erorr : b''
CloudInit done !
[admin@localhost ~]$ sudo touch /mnt/flash/kickstart-config
[admin@localhost ~]$ sudo shutdown -h now
```
* [Collapse/Flatten](https://blog.programster.org/qemu-img-cheatsheet#collapse-all-images) image as normal and copy to a new image definition.

60
node-definitions/arista/veos/vEOS.yaml
View File

@@ -1,24 +1,28 @@
id: vEOS
general:
description: Arista vEOS
description: |-
Arista vEOS.
Username: admin Password: <no-password> / admin
nature: switch
read_only: false
device:
interfaces:
has_loopback_zero: true
physical:
- eth0
- eth2
- eth3
- eth4
- eth5
- eth6
- eth7
- eth9
- eth10
- eth11
- eth12
- eth13
- Ma1
- Et1
- Et2
- Et3
- Et4
- Et5
- Et6
- Et7
- Et8
- Et9
- Et10
- Et11
- Et12
serial_ports: 1
default_count: 5
loopback:
@@ -45,6 +49,7 @@ sim:
nic_driver: virtio
boot:
timeout: 180
uses_regex: false
inherited:
image:
ram: true
@@ -61,4 +66,33 @@ inherited:
configuration:
generator:
driver: null
provisioning:
volume_name: ARISTA_CONFIG_DRIVE
media_type: iso
files:
- name: veos_usr.dat
editable: true
content: |-
%EOS-STARTUP-CONFIG-START%
!
no aaa root
!
username admin privilege 15 role network-admin secret 0 admin
!
switchport default mode access
!
logging console debugging
!
hostname inserthostname-here
!
interface Ethernet1
!
interface Management1
!
ip routing
!
end
%EOS-STARTUP-CONFIG-END%
%CLOUDHA-CONFIG-START%
%CLOUDHA-CONFIG-END%
schema_version: 0.0.1

49
node-definitions/cisco/ise/ise.yaml
View File

@@ -32,7 +32,7 @@ sim:
memory: 1
efi_boot: false
boot:
timeout: 1200
timeout: 3600
uses_regex: false
inherited:
image:
@@ -50,4 +50,51 @@ inherited:
configuration:
generator:
driver: null
provisioning:
files:
- editable: true
name: ise-ztp.conf
content: |-
hostname=inserthostname-here
ipv4_addr=<IPv4 address>
ipv4_mask=<IPv4 subnet>
ipv4_default_gw=<IPv4 gateway address>
# IPv6 is optional
#ipv6_addr=<IPv6 address>
#ipv6_default_gw=<IPv6 gateway address>
domain=cisco.com
primary_nameserver=<IPv4 address> <--example-8.8.8.8
# secondary and tertiary are optional
#secondary_nameserver=<IPv4 address>
#tertiary_nameserver=<IPv4 address>
primary_ntpserver=<IPv4 address or FQDN of the NTP server> <--example-time.google.com
#secondary and tertiary are optional
#secondary_ntpserver=<IPv4 address or FQDN of the NTP server>
#tertiary_ntpserver=<IPv4 address or FQDN of the NTP server>
#timezone=<timezone>
#ssh=<true/false>
username=admin
password=Cisc@123
# Public Key Authentication configuration is optional
#public_key=<Public Key>
# Repository Configuration are optional
#repository_name=<repository name>
#repository_protocol=<repository protocol>
#repository_server_name=<IPv4 address>
#repository_path=<repository path>
# Patch Information - optional
#patch=<patch filename>
# HotPatches Information - optional
#hotpatches=<hotpatch filename,comma separated list>
# services - optional
#ers=<true/false>
#openapi=<true/false>
#pxgrid=<true/false>
#pxGrid_Cloud=<true/false>
# Skipping specific checks
#SkipIcmpChecks=<true/false>
#SkipDnsChecks=<true/false>
#SkipNtpChecks=<true/false>
media_type: ext4
volume_name: ISE-ZTP
schema_version: 0.0.1

23
node-definitions/cisco/wireless/cat9800.yaml
View File

@@ -3,15 +3,20 @@ configuration:
generator:
driver: csr1000v
provisioning:
volume_name: disk
volume_name: CDROM
media_type: iso
files:
- name: iosxe_config.txt
content: hostname inserthostname_here
content: |-
platform console serial
hostname C9800-CL
!
end
editable: true
device:
interfaces:
has_loopback_zero: true
min_count: 4
default_count: 4
loopback:
- Loopback0
@@ -29,17 +34,19 @@ inherited:
image:
ram: true
cpus: true
cpu_limit: true
data_volume: false
boot_disk_size: false
node:
ram: true
cpus: true
cpu_limit: true
data_volume: false
boot_disk_size: false
general:
description: Cisco Catalyst 9800 Wireless Controller for Cloud
nature: switch
read_only: true
read_only: false
schema_version: 0.0.1
boot:
timeout: 300
@@ -47,6 +54,7 @@ boot:
- 'Would you like to enter the initial configuration dialog? [yes/no]:'
- '%SYS-5-RESTART: System restarted'
- 'INFO: Press RETURN to get started!'
uses_regex: false
sim:
linux_native:
cpus: 2
@@ -54,18 +62,21 @@ sim:
driver: server
libvirt_domain_driver: kvm
nic_driver: virtio
ram: 8192
ram: 6144
cpu_limit: 100
video:
memory: 16
model: vga
memory: 1
pyats:
os: iosxe
series: csr1000v
config_extract_command: show run
use_in_testbed: true
ui:
description: |-
Cisco Catalyst 9800 Wireless Controller for Cloud
8 GB DRAM, 2 vCPU
6 GB DRAM, 2 vCPU
[CCO Link](https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-wireless-controllers-cloud/tsd-products-support-series-home.html)
group: Others

11
node-definitions/juniper/vJunos-Router/README.MD Normal file
View File

@@ -0,0 +1,11 @@
# vJUNOS ROUTER
This directory contains the following node definition:
*`vjunos-router.yaml` - vJUNOS ROUTER
### Image Availability
Image can be downloaded from https://support.juniper.net/support/downloads/?p=vjunos-router
### Notes
Minimum CML version 2.8.0
Tested with vJUNOS ROUTER image version 23.2

154
node-definitions/juniper/vJunos-Router/vjunos-router.yaml Normal file
View File

@@ -0,0 +1,154 @@
id: vjunos-router
general:
nature: router
description: vJunos Router
read_only: false
device:
interfaces:
has_loopback_zero: true
loopback:
- lo
management:
- fxp0
physical:
- fxp0
- ge-0/0/0
- ge-0/0/1
- ge-0/0/2
- ge-0/0/3
- ge-0/0/4
- ge-0/0/5
- ge-0/0/6
- ge-0/0/7
- ge-0/0/8
- ge-0/0/9
- ge-0/0/10
- ge-0/0/11
- ge-0/0/12
- ge-0/0/13
- ge-0/0/14
- ge-0/0/15
- ge-0/0/16
- ge-0/0/17
- ge-0/0/18
- ge-0/0/19
- ge-0/0/20
- ge-0/0/21
- ge-0/0/22
- ge-0/0/23
- ge-0/0/24
- ge-0/0/25
- ge-0/0/26
- ge-0/0/27
- ge-0/0/28
- ge-0/0/29
- ge-0/0/30
- ge-0/0/31
- ge-0/0/32
serial_ports: 1
default_count: 4
min_count: 3
ui:
description: |-
Juniper vJunos Router
6 GB RAM (min 5 GB), 4 vCPU
Works only on bare metal CML instance, or VM with enabled performance counters
visible: true
label_prefix: vjunos-router-
icon: router
label: vJunos Router
sim:
linux_native:
libvirt_domain_driver: kvm
driver: server
ram: 6144
cpus: 4
cpu_limit: 100
disk_driver: virtio
nic_driver: virtio
parameters:
smbios.system.product: VM-VMX
smbios.system.family: lab
boot:
timeout: 600
uses_regex: true
completed:
- 'login:'
inherited:
image:
ram: true
cpus: true
cpu_limit: true
data_volume: true
boot_disk_size: true
node:
ram: true
cpus: true
cpu_limit: true
data_volume: true
boot_disk_size: true
configuration:
generator:
driver: null
provisioning:
volume_name: vmm-data
media_type: fat
files:
- name: config/juniper.conf
editable: true
content: |-
system {
host-name inserhostname-here;
root-authentication {
## ciscoCML
encrypted-password "$6$vhzKhjZL$wSDZ2NB0oyRfnnCz7B.4iyWzNFxy4NBeEm3vtMA5fy5EVCTLTgqRAc.cXz1H9UZ.dtynRzO/HRtO7KW1nwfE8/"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
processes {
dhcp-service {
traceoptions {
file dhcp_logfile size 10m;
level all;
flag packet;
}
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
dhcp {
}
}
}
}
}
- name: cml-customizer.sh
editable: false
content: |-
#!/bin/bash
tar czf vmm-config.tgz config/juniper.conf
rm -rf config
- name: cml-partition.cfg
editable: false
content: 'off'
pyats:
os: junos
use_in_testbed: true
config_extract_command: show configuration
username: root
password: ciscoCML
schema_version: 0.0.1

11
node-definitions/juniper/vJunos-Switch/README.MD Normal file
View File

@@ -0,0 +1,11 @@
# vJUNOS SWITCH
This directory contains the following node definition:
*`vjunos-switch.yaml` - vJUNOS SWITCH
### Image Availability
Image can be downloaded from https://support.juniper.net/support/downloads/?p=vjunos-switch
### Notes
Minimum CML version 2.8.
Tested with vJUNOS SWITCH image version 23.2

154
node-definitions/juniper/vJunos-Switch/vjunos-switch.yaml Normal file
View File

@@ -0,0 +1,154 @@
id: vjunos-switch
general:
nature: switch
description: vJunos Switch
read_only: false
device:
interfaces:
has_loopback_zero: true
loopback:
- lo
management:
- fxp0
physical:
- fxp0
- ge-0/0/0
- ge-0/0/1
- ge-0/0/2
- ge-0/0/3
- ge-0/0/4
- ge-0/0/5
- ge-0/0/6
- ge-0/0/7
- ge-0/0/8
- ge-0/0/9
- ge-0/0/10
- ge-0/0/11
- ge-0/0/12
- ge-0/0/13
- ge-0/0/14
- ge-0/0/15
- ge-0/0/16
- ge-0/0/17
- ge-0/0/18
- ge-0/0/19
- ge-0/0/20
- ge-0/0/21
- ge-0/0/22
- ge-0/0/23
- ge-0/0/24
- ge-0/0/25
- ge-0/0/26
- ge-0/0/27
- ge-0/0/28
- ge-0/0/29
- ge-0/0/30
- ge-0/0/31
- ge-0/0/32
serial_ports: 1
default_count: 4
min_count: 3
ui:
description: |-
Juniper vJunos Switch
6 GB RAM (min 5 GB), 4 vCPU
Works only on bare metal CML instance, or VM with enabled performance counters
visible: true
label_prefix: vjunos-switch-
icon: switch
label: vJunos Switch
sim:
linux_native:
libvirt_domain_driver: kvm
driver: server
ram: 6144
cpus: 4
cpu_limit: 100
disk_driver: virtio
nic_driver: virtio
parameters:
smbios.system.product: VM-VEX
smbios.system.family: lab
boot:
timeout: 600
uses_regex: true
completed:
- 'login:'
inherited:
image:
ram: true
cpus: true
cpu_limit: true
data_volume: true
boot_disk_size: true
node:
ram: true
cpus: true
cpu_limit: true
data_volume: true
boot_disk_size: true
configuration:
generator:
driver: null
provisioning:
volume_name: vmm-data
media_type: fat
files:
- name: config/juniper.conf
editable: true
content: |-
system {
host-name inserhostname-here;
root-authentication {
## ciscoCML
encrypted-password "$6$vhzKhjZL$wSDZ2NB0oyRfnnCz7B.4iyWzNFxy4NBeEm3vtMA5fy5EVCTLTgqRAc.cXz1H9UZ.dtynRzO/HRtO7KW1nwfE8/"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
processes {
dhcp-service {
traceoptions {
file dhcp_logfile size 10m;
level all;
flag packet;
}
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
dhcp {
}
}
}
}
}
- name: cml-customizer.sh
editable: false
content: |-
#!/bin/bash
tar czf vmm-config.tgz config/juniper.conf
rm -rf config
- name: cml-partition.cfg
editable: false
content: 'off'
pyats:
os: junos
use_in_testbed: true
config_extract_command: show configuration
username: root
password: ciscoCML
schema_version: 0.0.1

2
node-definitions/microsoft/Windows10/Readme.md
View File

@@ -6,7 +6,7 @@ This directory contains the following node definition:
### Image Availability
VHD images can be downloaded from microsoft on a trial basis here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise Then the VHD image will have to be converted to a .qcow2 format. Linux qumu-img makes it easy. Documentation: https://docs.openstack.org/image-guide/convert-images.html
VHD images can be downloaded from microsoft on a trial basis here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise Then the VHD image will have to be converted to a .qcow2 format. Linux `qemu-img` makes it easy. Documentation: https://docs.openstack.org/image-guide/convert-images.html
### Notes

13
node-definitions/microsoft/Windows11/Readme.md Normal file
View File

@@ -0,0 +1,13 @@
# Microsoft Windows 11
This directory contains the following node definition:
* `win11.yaml` - Microsoft Windows 11 node definition
### Image Availability
VHD images can be downloaded from Microsoft on a trial basis here: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-11-enterprise. Then the VHD image will have to be converted to a .qcow2 format. Linux `qemu-img` makes it easy. Documentation: https://docs.openstack.org/image-guide/convert-images.html
### Notes
This node definition uses 2 VCPUS and 6 GB RAM.

71
node-definitions/microsoft/Windows11/win11.yaml Normal file
View File

@@ -0,0 +1,71 @@
id: win11
general:
nature: server
read_only: false
description: Windows 11
device:
interfaces:
has_loopback_zero: false
physical:
- eth0
- eth1
- eth2
- eth3
- eth4
- eth5
- eth6
- eth7
serial_ports: 1
default_count: 2
ui:
visible: true
label_prefix: win11-
icon: host
label: Windows 11
description: |-
2 vCPUs 6 GB RAM
Username/Password:
IEUser/Passw0rd! (or whichever is set on installation)
##### Note
**EXPERIMENTAL**
The -waitpkg flag is required for boot with hyperv compatibility,
which speeds up the node; the model setting then required disabling
the other features (hle,rtm,mpx) on the machine used to test this.
sim:
linux_native:
libvirt_domain_driver: kvm
driver: server
disk_driver: sata
ram: 6144
cpus: 2
nic_driver: e1000
video:
model: cirrus
memory: 16
cpu_limit: 20
cpu_model: 'Skylake-Server,-waitpkg,-hle,-rtm,-mpx'
machine_type: q35
enable_tpm: true
efi_boot: true
boot:
timeout: 300
inherited:
image:
ram: true
cpus: true
data_volume: true
boot_disk_size: true
cpu_limit: true
node:
ram: true
cpus: true
data_volume: true
boot_disk_size: true
cpu_limit: true
configuration:
generator:
driver: server
schema_version: 0.0.1

429
node-definitions/opensource/code-server-custom-4.102/Example_-_Code_Server_Custom.yaml Normal file
View File

@@ -0,0 +1,429 @@
annotations:
- border_color: '#00000000'
border_style: ''
color: '#050505'
rotation: 0
text_bold: false
text_content: |-
Code Server Addresses:
- From Chrome Node: http://10.0.0.11:8443
- PATty Configured: http://{CML IP}:7001
(requires PATty enabled on CML server)
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: 40.0
y1: -280.0
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#050505'
rotation: 0
text_bold: false
text_content: |-
Code Server Addresses:
- From Chrome Node: http://10.0.0.11:8443
- PATty Configured: http://{CML IP}:7001
(requires PATty enabled on CML server)
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -240.0
y1: 0.0
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#050505'
rotation: 0
text_bold: false
text_content: |-
Code Server Addresses:
- From Chrome Node: http://10.0.0.11:8443
- PATty Configured: http://{CML IP}:7001
(requires PATty enabled on CML server)
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -240.0
y1: 0.0
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#050505'
rotation: 0
text_bold: false
text_content: 'ip: 10.0.0.1'
text_font: monospace
text_italic: false
text_size: 10
text_unit: pt
thickness: 1
type: text
x1: -120.0
y1: -320.0
z_index: 0
- border_color: '#00000000'
border_style: ''
color: '#000000'
rotation: 0
text_bold: true
text_content: 'Example: Using Code Server For Network Automation Testing'
text_font: monospace
text_italic: false
text_size: 12
text_unit: pt
thickness: 1
type: text
x1: -280.0
y1: -400.0
z_index: 1
smart_annotations:
- tag: pat:tcp:7001:8443
is_on: true
padding: 35
label: pat:tcp:7001:8443
tag_offset_x: 0
tag_offset_y: 0
tag_size: 14
group_distance: 400
thickness: 1
border_style: ''
fill_color: '#005C9980'
border_color: '#00000080'
z_index: 1
nodes:
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n0
image_definition: null
label: internet
node_definition: external_connector
parameters: {}
ram: null
tags: []
x: -240
y: -280
interfaces:
- id: i0
label: port
mac_address: null
type: physical
slot: 0
- boot_disk_size: null
configuration:
- name: boot.sh
content: |-
# The following commands will run at boot.
# Note: Suggested that eth0 be connected to ext-conn for
# internet access to reach locations such as GitHub
# and PyPi. Leave eth0 gaining IP from DHCP. Add
# second interface (eth1) for reachability to
# "lab networks"
# Examples :
# - Static IP address, routes, and DNS server
ip address add dev eth1 10.0.0.11/24
ip route add 10.0.0.0/16 via 10.0.0.1
ip link set dev eth1 up
# echo "nameserver 192.168.10.11" >> /etc/resolv.conf
# - Clone something from Source Control
# If the container is getting its IP via DHCP, uncomment
# this sleep to ensure the DHCP process completes before
# attempting to clone the repo
sleep 10
# Recommend placing code in the /app/code directory for default workspace
cd /app/code
# Do the clone as the user "abc", which is the code-server user
sudo -u abc git clone https://github.com/hpreston/net-hello-world.git
# Install Python requirements file into the container virtual environment
sudo -u abc /app/code/.venv/bin/python -m pip install -r net-hello-world/requirements.txt
# End the script cleanly
exit 0
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n1
image_definition: null
label: codeserver-0
node_definition: code-server-custom-4.102
parameters: {}
ram: null
tags:
- pat:tcp:7001:8443
x: -240
y: -120
interfaces:
- id: i0
label: eth0
mac_address: null
type: physical
slot: 0
- id: i1
label: eth1
mac_address: null
type: physical
slot: 1
- boot_disk_size: null
configuration:
- name: ios_config.txt
content: |-
hostname router01
ip domain name net.internal
ip domain list net.internal
!
! EEM Applet to add SSH Key Automatically
event manager applet do-ssh authorization bypass
event timer cron cron-entry "@reboot" maxrun 130
action 01 wait 10
action 02 cli command "enable"
action 11 cli command "crypto key generate rsa modulus 2048"
action 20 cli command "config t"
action 21 cli command "no event manager applet do-ssh"
action 22 cli command "end"
action 23 cli command "write mem"
!
enable secret cisco
username cisco privilege 15 secret cisco
!
line vty 0 4
transport input ssh
login local
exit
!
!
! In order to avoid entering a configuration dialog on boot, please
! ensure that all interfaces have some IP configuration present here
! such as the example below:
!
interface range Ethernet0/0-3
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Ethernet0/0
no shut
ip address 10.0.0.1 255.255.255.0
!
end
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n2
image_definition: null
label: router01
node_definition: iol-xe-serial-4eth
parameters: {}
ram: null
tags: []
x: -80
y: -280
interfaces:
- id: i0
label: Loopback0
mac_address: null
type: loopback
- id: i1
label: Ethernet0/0
mac_address: null
type: physical
slot: 0
- id: i2
label: Ethernet0/1
mac_address: null
type: physical
slot: 1
- id: i3
label: Ethernet0/2
mac_address: null
type: physical
slot: 2
- id: i4
label: Ethernet0/3
mac_address: null
type: physical
slot: 3
- id: i5
label: Serial1/0
mac_address: null
type: physical
slot: 4
- id: i6
label: Serial1/1
mac_address: null
type: physical
slot: 5
- id: i7
label: Serial1/2
mac_address: null
type: physical
slot: 6
- id: i8
label: Serial1/3
mac_address: null
type: physical
slot: 7
- boot_disk_size: null
configuration:
- name: boot.sh
content: |-
# insert commands here, e.g. a static IP address
ip address add dev eth0 10.0.0.12/24
ip link set dev eth0 up
exit 0
- name: environment
content: |-
# NOTE 2025-08-01:
# The current (CML 2.9.0) Chrome and Firefox containers
# do NOT support setting the HOME_URL for code-server due
# to code-server returning a 405 error to HEAD requests
# A future CML node update will enable more flexible checks
# to enable using HOME_URL for code-server
# -- These are understood by the start script
# -- Homepage to open at start (needs network!)
# HOME_URL=https://www.cisco.com/go/cml
# -- Wait additional time for network before starting Chrome
# WAIT=2
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n3
image_definition: null
label: chrome-0
node_definition: chrome
parameters: {}
ram: null
tags: []
x: 80
y: -120
interfaces:
- id: i0
label: eth0
mac_address: null
type: physical
slot: 0
- boot_disk_size: null
configuration: []
cpu_limit: null
cpus: null
data_volume: null
hide_links: false
id: n4
image_definition: null
label: switch
node_definition: unmanaged_switch
parameters: {}
ram: null
tags: []
x: -80
y: -120
interfaces:
- id: i0
label: port0
mac_address: null
type: physical
slot: 0
- id: i1
label: port1
mac_address: null
type: physical
slot: 1
- id: i2
label: port2
mac_address: null
type: physical
slot: 2
- id: i3
label: port3
mac_address: null
type: physical
slot: 3
- id: i4
label: port4
mac_address: null
type: physical
slot: 4
- id: i5
label: port5
mac_address: null
type: physical
slot: 5
- id: i6
label: port6
mac_address: null
type: physical
slot: 6
- id: i7
label: port7
mac_address: null
type: physical
slot: 7
links:
- id: l0
n1: n1
n2: n0
i1: i0
i2: i0
conditioning: {}
label: codeserver-0-eth0<->internet-port
- id: l1
n1: n1
n2: n4
i1: i1
i2: i0
conditioning: {}
label: codeserver-0-eth1<->unmanaged-switch-0-port0
- id: l2
n1: n4
n2: n2
i1: i1
i2: i1
conditioning: {}
label: unmanaged-switch-0-port1<->router01-Ethernet0/0
- id: l3
n1: n3
n2: n4
i1: i0
i2: i2
conditioning: {}
label: chrome-0-eth0<->unmanaged-switch-0-port2
lab:
description: 'This is an example topology that shows how the Code Server Custom
Node can be used in a topology to provide a developer experience for Network Automation
use cases. '
notes: ''
title: Example - Code Server Custom
version: 0.3.0

77
node-definitions/opensource/code-server-custom-4.102/README.md Normal file
View File

@@ -0,0 +1,77 @@
# Code Server Custom
Looking to easily add a network automation workspace to your CML topologies? Well this node definition is for you.
![](cml-code-server-01.png)
Built from the [Linux Servers Container Image for "Code Server"](https://hub.docker.com/r/linuxserver/code-server), this node provides a web based VS Code interface that can be added into your CML topologies like any other node.
You can then use a Chrome/Firefox container within the topology to begin your automation work. Or setup a PATty connection, and directly access the Code Server from your local workstation.
## Node Details
* Requires CML version 2.9+
* Code Server Version 4.102.2 used
* Automation Tools Included:
* Python 3.12.3
* Terraform v1.12.2
* Default Workspace Configured:
* Path: `/app/code`
* Python VENV: `/app/code/.venv` (No Packages Installed)
* Requires matching image definition and container image
* Image Definition File: [`code-server.custom.01.4.102.yaml`](../../../virl-base-images/opensource/code-server.custom.01.4.102/code-server.custom.01.4.102.yaml).
* Container Image: [`code-server-custom.01.4.102.tar`](https://cml-images.nerdops.io/code-server-custom.01.4.102.tar.gz)
> Note: CML container node definition, image definition, and container image file are tightly coupled. The image "name" (ex: `code-server-custom:01_04.102.2`), and the SHA Hash (ex: `6525a3a31...`) must match exactly. Changing to a different container image with your own customizations, will require updating the node and image definitions.
* Container SHA value: `6525a3a31b1b18cf01f64425e96b080aeac86f87c0f02fc041792358bc599dd1` (Required for Image Definition Creation)
## Adding the node to your CML instance
> Container support was added in CML 2.9.0.
> Adding a container image to CML is slightly different than adding a typical VM based node. As with many things in the world, there are multiple ways to accomplish the same task. These instructions present one method, but feel free to adjust for your own environment and preferences as you see fit.
1. Import the node definition file to CML from the CML GUI.
2. Download the container image file to your local workstation.
```
# Example:
wget https://cml-images.nerdops.io/code-server-custom.01.4.102.tar.gz
Saving to: code-server-custom.01.4.102.tar.gz
code-server-custom.01.4.102.tar.gz 100%[=======>] 666.61M 47.1MB/s in 14s
2025-08-01 16:17:27 (47.9 MB/s) - code-server-custom.01.4.102.tar.gz saved [698992808/698992808]
```
1. Upload the container image to the CML server. Here I use SCP to do the upload.
```
scp code-server-custom.01.4.102.tar.gz admin@{CML_SERVER_ADDRESS}:
code-server-custom.01.4.102.tar.gz 100% 667MB 315.1MB/s 00:02
```
1. If the container image is compressed into a `.tar.gz` file like this example, you'll need to uncompress it into just a `.tar` file to continue. You can do this before you upload it to CML, but you can also do it on the CML server after the upload as the `sysadmin` account.
```
sudo -u virl2 gunzip /var/local/virl2/dropfolder/code-server-custom.01.4.102.tar.gz
```
* Access the `sysadmin` terminal through the Cockpit interface, or by SSHing to the CML server (if enabled) on port 1122
* Use `sudo -u virl2` to run the unzip as the CML service account
1. Create the Image Definition using the CML GUI. Be sure to select the correct Node and Disk Image. You'll need to provide ID, Label, Description, and Disk Hash (SHA value).
> There isn't an "Import" ability for Image Definitions, but you can use the details from the [image definition file here](../../../virl-base-images/opensource/code-server.custom.01.4.102/code-server.custom.01.4.102.yaml) in the CML Community to fill in the blanks.
## Testing the Node Definition
If you'd like to test the new node definition, a simple CML topology file is included in this repo: [Example - Code Server Custom](Example_-_Code_Server_Custom.yaml)
![](example-cml-topology-01.png)
This example includes the Code Server node with a configuraiton that automatically will clone down [https://github.com/hpreston/net-hello-world](https://github.com/hpreston/net-hello-world#) and install the Python requirements from the project automatically. There is also an IOL router, that the [`hello_world.py`](https://github.com/hpreston/net-hello-world/blob/main/hello_world.py) will use pyATS to query and print the device version.
You can access the Code-Server using the Chrome node in the topology by navigating to the code-server address of `http://10.0.0.11:8443`. If your CML server is configured for PATty, you can also access the code-server at `http://{CML_IP}:7001`.

BIN
node-definitions/opensource/code-server-custom-4.102/cml-code-server-01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 168 KiB

125
node-definitions/opensource/code-server-custom-4.102/code-server-custom-4.102.yaml Normal file
View File

@@ -0,0 +1,125 @@
id: code-server-custom-4.102
boot:
timeout: 30
completed:
- READY
uses_regex: false
sim:
linux_native:
libvirt_domain_driver: docker
driver: ubuntu
ram: 4096
cpus: 1
cpu_limit: 100
video:
memory: 1
general:
nature: host
description: Code-Server Customized 4.102.2 (Docker)
read_only: false
configuration:
generator:
driver: null
provisioning:
files:
- editable: false
name: config.json
content: |-
{
"docker": {
"image": "code-server-custom:01_04.102.2",
"mounts": [
"type=bind,source=cfg/boot.sh,target=/boot.sh"
],
"misc_args": [
"--security-opt","seccomp=unconfined"
],
"env": [
"DOCKER_MODS=code-server-python3|linuxserver/mods:code-server-terraform",
"TZ=Etc/UTC",
"DEFAULT_WORKSPACE=/app/code/code.code-workspace"
]
},
"shell": "/bin/sh",
"day0cmd": [ "/bin/sh", "/boot.sh" ],
"busybox": true
}
- editable: true
name: boot.sh
content: |-
# The following commands will run at boot.
# Note: Suggested that eth0 be connected to ext-conn for
# internet access to reach locations such as GitHub
# and PyPi. Leave eth0 gaining IP from DHCP. Add
# second interface (eth1) for reachability to
# "lab networks"
# Examples :
# - Static IP address, routes, and DNS server
# ip address add dev eth1 192.168.10.11/24
# ip route add 192.168.11.0/24 via 192.168.10.1
# ip link set dev eth1 up
# echo "nameserver 192.168.10.11" >> /etc/resolv.conf
# - Clone something from Source Control
# If the container is getting its IP via DHCP, uncomment
# this sleep to ensure the DHCP process completes before
# attempting to clone the repo
# sleep 10
# Recommend placing code in the /app/code directory for default workspace
# cd /app/code
# Do the clone as the user "abc", which is the code-server user
# sudo -u abc git clone {REPO_ADDRESS}
# Install Python requirements file into the container virtual environment
# Note: Depending on internet speed and number of requirements, the
# installation can take significant time to complete.
# sudo -u abc /app/code/.venv/bin/python -m pip install -r {PROJECT_FOLDER}/requirements.txt
# End the script cleanly
exit 0
- editable: true
name: environment
content: |-
# Create any additional Environment Variables for the Server
# Example:
# ROUTER_ADDRESS=10.0.0.1
media_type: raw
volume_name: cfg
device:
interfaces:
serial_ports: 2
physical:
- eth0
- eth1
- eth2
- eth3
has_loopback_zero: false
default_count: 1
ui:
label_prefix: codeserver-
icon: host
label: Code-Server (Python/Terraform)
visible: true
group: Others
description: |-
Code Server 4.102.2 (Docker) Based on linuxserver/code-server
* Python and Terraform Installed
* Code workspace created at `/app/code`
* Workspace Python venv: `/app/code/.venv`
* Access Code Server at: http://{CONTAINER_IP}:8443
* PATty support: `pat:tcp:{PATty Port}:8443`
inherited:
image:
ram: true
cpus: false
data_volume: false
boot_disk_size: false
cpu_limit: false
node:
ram: true
cpus: false
data_volume: false
boot_disk_size: false
cpu_limit: false
schema_version: 0.0.1

BIN
node-definitions/opensource/code-server-custom-4.102/example-cml-topology-01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
readme_images/cml-lab.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 331 KiB

BIN
readme_images/sandbox-catalog-cml.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 78 KiB

BIN
readme_images/sandbox-catalog-cml.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

14
scripts/README.md Normal file
View File

@@ -0,0 +1,14 @@
# Cisco Modeling Labs (CML) Scripts
This directory contains various scripts designed to assist with using Cisco Modeling Labs (CML). These scripts can help automate tasks, manage labs, and streamline your workflow with CML.
Feel free to explore the scripts and refer to their individual documentation or comments for usage instructions.
## Other Useful Scripts Hosted Elsewhere
In addition to the scripts in this directory, you may find the following external resources helpful:
- [eve2cml](https://github.com/CiscoDevNet/eve2cml) - An EVE-NG to CML lab topology conversion tool written in Python
- [cml-exporter](https://github.com/xorrkaz/cml-exporter) - A Prometheus exporter for CML written in Python
These repositories contain additional scripts and examples for automating and managing CML environments.

131
scripts/brk2iterm/Pipfile.lock generated
View File

@@ -18,78 +18,79 @@
"default": {
"jinja2": {
"hashes": [
"sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369",
"sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
"sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d",
"sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67"
],
"index": "pypi",
"markers": "python_version >= '3.7'",
"version": "==3.1.4"
"version": "==3.1.6"
},
"markupsafe": {
"hashes": [
"sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf",
"sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff",
"sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f",
"sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3",
"sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532",
"sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f",
"sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617",
"sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df",
"sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4",
"sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906",
"sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f",
"sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4",
"sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8",
"sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371",
"sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2",
"sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465",
"sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52",
"sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6",
"sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169",
"sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad",
"sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2",
"sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0",
"sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029",
"sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f",
"sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a",
"sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced",
"sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5",
"sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c",
"sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf",
"sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9",
"sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb",
"sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad",
"sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3",
"sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1",
"sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46",
"sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc",
"sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a",
"sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee",
"sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900",
"sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5",
"sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea",
"sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f",
"sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5",
"sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e",
"sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a",
"sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f",
"sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50",
"sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a",
"sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b",
"sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4",
"sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff",
"sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2",
"sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46",
"sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b",
"sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf",
"sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5",
"sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5",
"sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab",
"sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd",
"sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68"
"sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4",
"sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30",
"sha256:1225beacc926f536dc82e45f8a4d68502949dc67eea90eab715dea3a21c1b5f0",
"sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9",
"sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396",
"sha256:1a9d3f5f0901fdec14d8d2f66ef7d035f2157240a433441719ac9a3fba440b13",
"sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028",
"sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca",
"sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557",
"sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832",
"sha256:3169b1eefae027567d1ce6ee7cae382c57fe26e82775f460f0b2778beaad66c0",
"sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b",
"sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579",
"sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a",
"sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c",
"sha256:48032821bbdf20f5799ff537c7ac3d1fba0ba032cfc06194faffa8cda8b560ff",
"sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c",
"sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22",
"sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094",
"sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb",
"sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e",
"sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5",
"sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a",
"sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d",
"sha256:6e296a513ca3d94054c2c881cc913116e90fd030ad1c656b3869762b754f5f8a",
"sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b",
"sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8",
"sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225",
"sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c",
"sha256:88b49a3b9ff31e19998750c38e030fc7bb937398b1f78cfa599aaef92d693144",
"sha256:8c4e8c3ce11e1f92f6536ff07154f9d49677ebaaafc32db9db4620bc11ed480f",
"sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87",
"sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d",
"sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93",
"sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf",
"sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158",
"sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84",
"sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb",
"sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48",
"sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171",
"sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c",
"sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6",
"sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd",
"sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d",
"sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1",
"sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d",
"sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca",
"sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a",
"sha256:cfad01eed2c2e0c01fd0ecd2ef42c492f7f93902e39a42fc9ee1692961443a29",
"sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe",
"sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798",
"sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c",
"sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8",
"sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f",
"sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f",
"sha256:eaa0a10b7f72326f1372a713e73c3f739b524b3af41feb43e4921cb529f5929a",
"sha256:eb7972a85c54febfb25b5c4b4f3af4dcc731994c7da0d8a0b4a6eb0640e1d178",
"sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0",
"sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79",
"sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430",
"sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50"
],
"markers": "python_version >= '3.7'",
"version": "==2.1.5"
"markers": "python_version >= '3.9'",
"version": "==3.0.2"
},
"pyyaml": {
"hashes": [

87
scripts/cml-autostart/README.md Normal file
View File

@@ -0,0 +1,87 @@
# README
This script adds lab autostart capability to CML. It's implemented in a very
simple way without any additional dependencies to install.
> [!WARNING]
>
> It's important to understand that this mechanism is very simple and also very
> insecure. You need to provide a password for a user of the system in clear
> text as part of the configuration. If you are not comfortable to provide a
> password that is stored in clear text on the server, then this solution is not
> for you. Also, if the system uses external authentication via LDAP, then this
> solution is likely not for you.
## Installation
Simply copy the `autostart.sh` script to the CML server. Either via scp or
simply copying/pasting it into a file on the CML server (for example, via the
Cockpit terminal). From there, run the script which then installs it:
```plain
$ sudo bash ./autostart.sh
installing defaults ✅
installing script ✅
installing service unit ✅
*****************************************************
* ⚠️ IMPORTANT! ⚠️ *
* you need to ensure that you change the username *
* and password for a user of the system that can *
* start the labs in /etc/default/cml-autostart *
* *
* Add the string "(autostart)" to the description *
* of each lab that you wish to start automatically. *
*****************************************************
$
```
Then configure the defaults (e.g. change the password) as outlined in the next
section.
## Configuration
The autostart script basically looks at all labs that the user has access to
(users with admin rights will see all labs, the script passes the "show_all"
flag so if a non-admin user runs this, they will see all labs they have access
to).
A lab that has `(autostart)` in the lab description will be started when the
system comes up and is ready.
The string that triggers the autostart is configured in the `TITLE_REGEX`
variable. It is treated as a regular expression.
Configuration (with defaults) is done in `/etc/default/cml-autostart`:
```bash
USERNAME="admin"
PASSWORD="password-that-needs-to-be-changed"
TITLE_REGEX="\(autostart\)"
```
After installation, at least the password needs to be changed.
> [!NOTE]
>
> The user configured should be a general admin user that has visibility to all
> potential labs that might need to be auto-started.
## Troubleshooting
If labs do not start as expected, check the service unit output:
```bash
sudo systemctl status cml-autostart.service
```
More details are available in the journal:
```bash
sudo journalctl -u cml-autostart.service
```
If that's not sufficient to pin-point the issue, enable debugging in the script
by removing the comment in `/usr/local/bin/cml-autostart.sh` from the line that
says `# set -x`. If the script has been changed and debugging is enabled then
the service can be triggered again by `systemctl start cml-autostart.service`.
Then show the status and / or look at the journal output again.

124
scripts/cml-autostart/autostart.sh Normal file
View File

@@ -0,0 +1,124 @@
#!/bin/bash
set -e
ensure_dir() {
local install_dir="$1"
if ! test -d "$install_dir"; then
echo "Error: $install_dir isn't there"
exit 1
fi
}
install_default() {
local install_dir="/etc/default"
ensure_dir $install_dir
cat >"$install_dir/cml-autostart" <<EOF
USERNAME="admin"
PASSWORD="password-that-needs-to-be-changed"
TITLE_REGEX="\(autostart\)"
EOF
chown root:root "$install_dir/cml-autostart"
chmod 0600 "$install_dir/cml-autostart"
}
install_script() {
local install_dir="/usr/local/bin"
ensure_dir $install_dir
cat >"$install_dir/cml-autostart.sh" <<EOF
#!/bin/bash
# set variables
HOST="ip6-localhost"
# the /etc/default/cml-autostart needs to define and these need to be present
# in the environment!
# - USERNAME
# - PASSWORD
# - TITLE_REGEX
# set -x
API="https://\${HOST}/api/v0"
# wait until the system is ready
until [ "true" = "\$(curl -skX GET \$API/system_information | jq -r .ready)" ]; do
echo "Waiting for controller to be ready..."
sleep 5
done
# get authentication token
TOKEN=\$(curl -skX POST "\${API}/authenticate" \\
-H "Content-Type: application/json" \\
-d '{"username":"'\${USERNAME}'","password":"'\${PASSWORD}'"}' |
jq -r .)
# get all labs
LABS=\$(curl -skX GET "\${API}/labs?show_all=true" \\
-H "Authorization: Bearer \${TOKEN}")
while read -r lab; do
labinfo=\$(curl -skX GET "\${API}/labs/\${lab}" \\
-H "Authorization: Bearer \${TOKEN}")
description=\$(echo \$labinfo | jq -r '.lab_description')
title=\$(echo \$labinfo | jq -r '.lab_title')
if [[ "\${description}" =~ \${TITLE_REGEX} ]]; then
curl -skX PUT "\${API}/labs/\${lab}/start" \\
-H "Authorization: Bearer \${TOKEN}"
echo "Lab '\${title}' (ID: \${lab}) start initiated"
fi
done <<<\$(echo \$LABS | jq -r '. | join("\n")')
exit
EOF
chown root:root "$install_dir/cml-autostart.sh"
chmod a+x "$install_dir/cml-autostart.sh"
}
install_service_unit() {
local install_dir="/etc/systemd/system"
ensure_dir $install_dir
cat >"$install_dir/cml-autostart.service" <<EOF
[Unit]
Description=Autostart CML Labs based on description text
After=network.target
After=virl2.target
[Service]
Type=oneshot
EnvironmentFile=/etc/default/cml-autostart
ExecStart=/usr/local/bin/cml-autostart.sh
User=virl2
[Install]
WantedBy=multi-user.target
EOF
chown root:root "$install_dir/cml-autostart.service"
systemctl daemon-reload
systemctl &>/dev/null enable cml-autostart.service
}
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root." >&2
exit 1
fi
echo -n "installing defaults"
install_default
echo -e "\t✅"
echo -n "installing script"
install_script
echo -e "\t✅"
echo -n "installing service unit"
install_service_unit
echo -e "\t✅"
cat <<EOF
*****************************************************
* ⚠️ IMPORTANT! ⚠️ *
* you need to ensure that you change the username *
* and password for a user of the system that can *
* start the labs in /etc/default/cml-autostart *
* *
* Add the string "(autostart)" to the description *
* of each lab that you wish to start automatically. *
*****************************************************
EOF

1
scripts/eve2cml

Submodule scripts/eve2cml deleted from 8bfe14c42c

35
use-cases/README.md
View File

@@ -1,26 +1,27 @@
# CML Use Cases
# Cisco Modeling Labs (CML) Use Cases
This directory consists of Git submodules for other repositories that contain uses cases for CML and build off of
CML's powerful REST API (and Python Client Library).
This directory contains curated use cases for Cisco Modeling Labs (CML). Each use case demonstrates practical scenarios, workflows, or solutions that can be implemented using CML.
## Using
## Use Cases in This Repository
By default, git doesn't pull down the submodules content. You can cause it to clone all of the submodules by doing the
following:
- Explore the subdirectories for available use cases hosted here.
```sh
git submodule init
git submodule update
```
## External Use Cases
If you haven't yet cloned the `cml-community` repo, you can use the following command to clone it and pull down all the
submodules:
The following use cases are not hosted in this repository but may be useful:
```sh
git clone --recuse-submodules https://github.com/CiscoDevNet/cml-community
```
- [cml-class-automation](https://github.com/CiscoDevNet/cml-class-automation) - Proof of concept on how one can automate Cisco Modeling Labs in order to deliver networking courses using virtual labs.
- [cml-cicd](https://github.com/CiscoDevNet/cml-cicd) - Example on using CML within a CI/CD pipeline.
- [dst-automation](https://github.com/CiscoDevNet/dst-automation) - Automate the deployment and testing of Dynamic Split Tunneling on a Cisco ASA firewall within CML.
- [cmlutils](https://github.com/CiscoDevNet/virlutils) - A collection of utilities for interacting with Cisco Modeling Labs (CML).
- [ansible-cml](https://github.com/CiscoDevNet/ansible-cml) - Ansible Modules for CML.
- [sdwan-devops](https://github.com/CiscoDevNet/sdwan-devops) - SD-WAN DevOps Tools built around CML.
- [ciscolive-brkcrt-2059](https://github.com/CiscoLearning/ciscolive-brkcrt-2059) - Lab Up For Success With Cisco Modeling Labs.
- [cloud-cml](https://github.com/CiscoDevNet/cloud-cml) - Run Cisco Modeling Labs on cloud infrastructure.
## Contributing
If you have a Git repo (doesn't even have to be on GitHub) that contains a use case for CML, submit a pull request or
issue to get it added. We'd love to see how you're using CML.
If you wish to submit a use case, you can either create a pull request to host it here in this repository, or you can submit a pull request
for this `README.md` alone that points to your CML use cases hosted elsewhere.
Feel free to contribute new use cases or suggest additional resources!

1
use-cases/ansible-cml

Submodule use-cases/ansible-cml deleted from 2406a0d8bf

1
use-cases/cloud-cml

Submodule use-cases/cloud-cml deleted from 15c8e5b21e

1
use-cases/cml-cicd

Submodule use-cases/cml-cicd deleted from 1a7083901c

1
use-cases/cml-class-automation

Submodule use-cases/cml-class-automation deleted from 56ef511b80

1
use-cases/cml-nxos-l3-edge-fabric

Submodule use-cases/cml-nxos-l3-edge-fabric deleted from 430a1ad721

1
use-cases/dst-automation

Submodule use-cases/dst-automation deleted from dffcde76f1

1
use-cases/sdwan-devops

Submodule use-cases/sdwan-devops deleted from aa17ca0f5c

1
use-cases/virlutils

Submodule use-cases/virlutils deleted from 41fe98e2d8

51
validation_schemas/node_definition.json
View File

@@ -51,7 +51,10 @@
"properties": {
"linux_native": {
"$ref": "#/schemas/LinuxNativeSimulation"
}
},
"parameters": {
"$ref": "#/schemas/NodeParameters"
}
},
"required": [
"linux_native"
@@ -179,7 +182,8 @@
"description": "The type of the configuration media.",
"enum": [
"iso",
"fat"
"fat",
"ext4"
]
},
"volume_name": {
@@ -435,7 +439,8 @@
"cpu_model": {
"type": "string",
"minLength": 1,
"maxLength": 32
"maxLength": 64,
"pattern": "^[a-zA-Z\\d-]{1,32}(,[+!?^-][a-z\\d._]{1,16})*(?![\\n\\t])$"
},
"nic_driver": {
"type": "string",
@@ -487,16 +492,13 @@
"type": "string",
"description": "Video Model.",
"enum": [
"std",
"cirrus",
"vmware",
"qxl",
"xenfb",
"tcx",
"cg3",
"xen",
"virtio",
"none",
"vga"
"vga",
"vmvga"
]
},
"memory": {
@@ -506,14 +508,26 @@
"description": "Video Memory."
}
}
}
},
"enable_rng": {
"type": "boolean",
"description": "If set, use a random number generator."
},
"enable_tpm": {
"type": "boolean",
"description": "If set, enable an emulated TPM 2.0."
}
},
"oneOf": [
{
"properties": {
"libvirt_domain_driver": {
"enum": [
"kvm"
"kvm",
"docker",
"iol",
"lxc",
"none"
]
}
},
@@ -547,6 +561,15 @@
}
]
},
"NodeParameters": {
"type": "object",
"additionalProperties": {
"type": "string",
"nullable": true
},
"description": "Key-value pairs of custom node SMBIOS parameters.",
"example": {"smbios.bios.vendor": "Lenovo"}
},
"Interfaces": {
"type": "object",
"additionalProperties": false,
@@ -845,7 +868,9 @@
"description": "The type of the configuration media.",
"enum": [
"iso",
"fat"
"fat",
"raw",
"ext4"
]
},
"volume_name": {
@@ -914,7 +939,7 @@
"cloud",
"firewall",
"access_point",
"wlc"
"wl"
]
},
"label": {

Some files were not shown because too many files have changed in this diff Show More