7200emu.hacki.at Forum Index 7200emu.hacki.at
Dynamips, Dynagen and all that stuff
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
7200emu.hacki.at Forum Index

hackibr>

CCIE #18683 (Security)

 
Post new topic   Reply to topic    7200emu.hacki.at Forum Index -> CCIE thanks to dynamips
View previous topic :: View next topic  
Author Message
vex



Joined: 17 Feb 2007
Posts: 61
Location: Boston, MA

PostPosted: Mon Aug 27, 2007 7:02 pm    Post subject: CCIE #18683 (Security) Reply with quote

Thanks to Dynamips I passed the security lab on Friday.

I can't thank Greg and team enough as I ran my entire topology on dynamips/dynagen apart from the security devices. I accessed the real devices via dot1q trunk breakout.

I've waited more than 9 months to post this. Thanks you guys.

_________________
CCIE (Security)
Back to top
View user's profile Send private message Visit poster's website
hacki
Site Admin


Joined: 16 Jul 2006
Posts: 502
Location: Austria

PostPosted: Mon Aug 27, 2007 7:41 pm    Post subject: Reply with quote

Congratulations.

One question: you wrote that you accessed the real devices via a trunk. How exactly did you do that?

h.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
vex



Joined: 17 Feb 2007
Posts: 61
Location: Boston, MA

PostPosted: Mon Aug 27, 2007 7:55 pm    Post subject: Reply with quote

I enabled dot1q on the Linux server, I had to use Intel NICs as the Broadcom NICs did not forward the vlan tags.
Code:

#3550 switch port setup
#f0/1 = dynamips breakout trunk
#f0/2 = pix inside vlan 11
#f0/3 = pix outside vlan 12
#f0/4 = ASA1 inside vlan 50
#f0/5 = ASA1 outside vlan 49
#f0/6 = VPN Conc priv vlan 11
#f0/7 = VPN Conc public vlan 12
#f0/8 = IPS 4215 CC vlan 10
#f0/9 = IPS 4215 sniffing vlan 12
#f0/10 = ASA2 inside vlan 55
#f0/11 = ASA2 outside vlan 5
#f0/12 = Cat 3550 vlan 6


Then I configured a trunk port on a 3550 switch and connected the dynamips box to it. This is my dynamips breakout.
Code:

interface FastEthernet0/1
 description dynamips breakout
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex full
 speed 100


I used the Dynagen internal switch and assigned my routers dot1q vlans. These VLAN also have to exist on the 3550

Code:

        [[ETHSW S1]]
        1 = dot1q 1 NIO_linux_eth:eth2 #trunk to 3550
        2 = access 11 #R1 f0/0
        3 = access 10 #R1 f0/1
        4 = access 12 #R2 f0/0 on diag f1/0
        5 = access 49 #R4 f0/0
        6 = access 5 #R5 f0/0
        7 = access 6 #R6 f0/0
        8 = access 5 #BB2 f0/0 on diag e0/0 NO ASA2 so the vlan changed from 55 to 5
        9 = access 49 #R9 f0/0 NO ASA1 so the vlan changed from 50 to 49

_________________
CCIE (Security)
Back to top
View user's profile Send private message Visit poster's website
hacki
Site Admin


Joined: 16 Jul 2006
Posts: 502
Location: Austria

PostPosted: Mon Aug 27, 2007 8:53 pm    Post subject: Reply with quote

Quote:
I enabled dot1q on the Linux server, I had to use Intel NICs as the Broadcom NICs did not forward the vlan tags.


That is exactly the answer I was looking for. Thanks a lot. Which specific NIC did you use?

h.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
vex



Joined: 17 Feb 2007
Posts: 61
Location: Boston, MA

PostPosted: Mon Aug 27, 2007 9:29 pm    Post subject: Reply with quote

My bad, I must be using the Intel quad card in the VMWare host.

On this host I installed a Linksys for the trunk port and the Broadcom for the host port.

Code:

[root@dynamips ~]# lspci | grep Ether
02:02.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10)
0a:01.0 Ethernet controller: Linksys NC100 Network Everywhere Fast Ethernet 10/100 (rev 11)
[root@dynamips ~]#

_________________
CCIE (Security)
Back to top
View user's profile Send private message Visit poster's website
conspathas



Joined: 28 Mar 2007
Posts: 1217
Location: CCIE

PostPosted: Tue Aug 28, 2007 10:55 am    Post subject: Reply with quote

Congrats on the digits vex!
Back to top
View user's profile Send private message Visit poster's website
qamar00



Joined: 23 Aug 2007
Posts: 2

PostPosted: Wed Aug 29, 2007 7:01 am    Post subject: Reply with quote

Can we run complete lab for ccie security using vmware for IDS , dynagen for both sw & routers and pemu for PIX . is there any missing device?
Back to top
View user's profile Send private message
conspathas



Joined: 28 Mar 2007
Posts: 1217
Location: CCIE

PostPosted: Wed Aug 29, 2007 10:42 am    Post subject: Reply with quote

qamar00 wrote:
Can we run complete lab for ccie security using vmware for IDS , dynagen for both sw & routers and pemu for PIX . is there any missing device?


Just my 2cents worth but how about giving vex a pat on the back seeing as you posted in this thread and then perhaps asking your question? Rolling Eyes
Back to top
View user's profile Send private message Visit poster's website
vex



Joined: 17 Feb 2007
Posts: 61
Location: Boston, MA

PostPosted: Wed Aug 29, 2007 11:11 am    Post subject: Reply with quote

LOL @ Conspathas

The lab requires:
2 x ASAs
1 x VPN Concentrator
2 x 3550 switches

These are devices that cannot be emulated as far as I know. You can always just use Pixes instead of ASAs, but make sure you practive WebVPN on an ASA since it is not supported on the Pix

The 3550's you'll need for SPAN and RSPAN and to get a feel for the IOS on ther switch. Setting up trunks etc etc.

the VPNC is end of life, but is still in the exam.

Apart from the VPNC and the 3550s you should be all set doing this virtually.

_________________
CCIE (Security)
Back to top
View user's profile Send private message Visit poster's website
jumaroyu



Joined: 16 Apr 2007
Posts: 3

PostPosted: Fri Aug 31, 2007 11:30 pm    Post subject: Reply with quote

congrats on your passing, I think that the next update to the lab will include asa/pix v8 and remove vpnc, you can do all the vpn stuff with the asa vpn enhanced boxes.

great info thanks a lot
Back to top
View user's profile Send private message
cyphur



Joined: 25 Jul 2007
Posts: 64
Location: DFW, Tx

PostPosted: Sun Sep 02, 2007 1:25 am    Post subject: Reply with quote

Congrats! I hear it's no walk in the park.
Back to top
View user's profile Send private message
greg
Site Admin


Joined: 17 Jul 2006
Posts: 704
Location: USA

PostPosted: Sun Sep 02, 2007 11:36 am    Post subject: Reply with quote

Congratulations vex!
Back to top
View user's profile Send private message Visit poster's website
parish4512



Joined: 20 May 2011
Posts: 133

PostPosted: Fri Jun 17, 2011 8:10 am    Post subject: Reply with quote

Can we run complete lab for ccie security using vmware for IDS , dynagen for both sw & routers and pemu for PIX . is there any missing device?
_____________________________
Link Building
Link Building Services
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    7200emu.hacki.at Forum Index -> CCIE thanks to dynamips All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


 


Powered by phpBB © 2001, 2005 phpBB Group