Building a CCIE home lab using breakout switch and GNS3 - Part 1

I am starting to get myself ready for the Narbik course in a few months time. I have brought all my routers and switches home from work and now the routers are sitting in the garage and the switches are racked and ready. I am using a 12u desktop rack which was a good price at just over £30 from Amazon.co.uk, you can get the same rack in the USA for just under $50.

I did realise though that now the v5 has replaced the v4 all my routers are redundant. I will still be able to find a use for the 1841s, but as far as the others go, they are just space fillers in the garage. But it also means that I need to use GNS3 and a breakout switch to connect to the real switches.

This also meant having to buy another switch, so there is a space to fill in between the 3560 and the cable management bit. I am also still waiting for the rack ears for the top 3550 to arrive. The rack ears for the 3550 arrived a few moments ago and now the switch is sitting properly in the rack.  The ASA is just for fun, and I need a couple of crossover cables for the 3550s.

So now comes the fun part, making the GNS3 topology and connecting it from my iMac to the real switches.

Narbik's foundation guides are designed to start bridging the gap between the CCNP and CCIE, so that when you go to his class you are ready to hit the ground running. The foundation guides (there are two parts) run to around 800+ pages, and are based around a singular topology. And this is what I have come up with so far:

The routers are all connected to SW1, which is just there to carry the vlan traffic, and will pass it through to the 3750 breakout switch, which in turn will pass it down to the 3560, which will be switch 1 on Narbik's topology. There are other switches as well, which will also connect to the real switches (SW2, SW3 and SW4).

Connecting GNS3 to a breakout switch

Connecting to a switch is pretty easy in GNS3, just drag over a cloud icon, right click and select configure. Once you are there select the first tab and connect it to the relevant ethernet interface.I changed the icon on mine to a nice layer 3 switch icon

With that all done and the first couple of routers fired up we can check for basic connectivity:

R1#sh int fa 0/0 | i line|address
FastEthernet0/0 is up, line protocol is up
  Hardware is i82543 (Livengood), address is ca09.0443.0008 (bia ca09.0443.0008)
R1#

R2#sh int fa 0/0 | i line|address
FastEthernet0/0 is up, line protocol is up
  Hardware is i82543 (Livengood), address is ca06.0442.0008 (bia ca06.0442.0008)
R2#

So we have both lines up that connect us to the real network, let's see if we can see them on the breakout switch:

Breakout#sh mac-address-table int fa1/0/48
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    10dd.b1b3.6ba6    DYNAMIC     Fa1/0/48
   1    ca06.0442.0008    DYNAMIC     Fa1/0/48
   1    ca09.0443.0008    DYNAMIC     Fa1/0/48
Total Mac Addresses for this criterion: 3
Breakout#sh cdp neigh fa 1/0/48
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
R2                  Fas 1/0/48            135             R       7206VXR   Fas 0/0
R1                  Fas 1/0/48            157             R       7206VXR   Fas 0/0
Breakout#

No problems there! But what we actually need is for them to be connected to SW1.

The first (proper) task on the Narbik workbook is to put both R1 and R2 in VLAN 12 and make sure that they can ping each other.

SW1(config)#vlan 12
SW1(config-vlan)#exit
SW1(config)#int ra f0/1-2
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 12
SW1(config-if-range)#no shut

R1(config)#int fa 0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#end
R1#

R2(config)#int fa 0/0
R2(config-if)#ip add 12.1.1.2 255.255.255.0
R2(config-if)#

R1#ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#

We know that the interfaces are up because they are in the MAC address table on the breakout switch. There is a great article over at gns3.net about how to set this up, and the original article from which it is based is also well worth a look. Following these guides I got a bit further:

Breakout(config)#int fa 1/0/1
Breakout(config-if)#desc Down to SW1 f0/1
Breakout(config-if)#switchport access vlan 12
Breakout(config-if)#switchport mode dot1q-tunnel
Breakout(config-if)#l2protocol-tunnel cdp
Breakout(config-if)#l2protocol-tunnel stp
Breakout(config-if)#l2protocol-tunnel vtp
Breakout(config-if)#no cdp enable
Breakout(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast has been configured on FastEthernet1/0/1 but will only
 have effect when the interface is in a non-trunking mode.
Breakout(config-if)#int fa 1/0/2
Breakout(config-if)#desc Down to SW1 f0/2
Breakout(config-if)#switchport access vlan 12
Breakout(config-if)#switchport mode dot1q-tunnel
Breakout(config-if)#l2protocol-tunnel cdp
Breakout(config-if)#l2protocol-tunnel stp
Breakout(config-if)#l2protocol-tunnel vtp
Breakout(config-if)#no cdp enable
Breakout(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast has been configured on FastEthernet1/0/2 but will only
 have effect when the interface is in a non-trunking mode.
Breakout(config-if)#int fa 1/0/48
Breakout(config-if)#desc Uplink to iMac
Breakout(config-if)#switchport trunk encap dot1q
Breakout(config-if)#l2protocol-tunnel cdp
Breakout(config-if)#l2protocol-tunnel stp
Breakout(config-if)#l2protocol-tunnel vtp
Breakout(config-if)#no cdp enable
Breakout(config-if)#spanning-tree portfast

Now things look a bit better:

R1#sh cdp neigh | beg Device
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW1              Fas 0/0            176             S I   WS-C3560- Fas 0/2
SW1              Fas 0/0            163             S I   WS-C3560- Fas 0/1
R2               Fas 0/0            169              R    7206VXR   Fas 0/0
R1               Fas 0/0            159              R    7206VXR   Fas 0/0
R1#

R2#sh cdp neigh | beg Device
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW1              Fas 0/0            150             S I   WS-C3560- Fas 0/2
SW1              Fas 0/0            138             S I   WS-C3560- Fas 0/1
R2               Fas 0/0            143              R    7206VXR   Fas 0/0
R1               Fas 0/0            133              R    7206VXR   Fas 0/0
R2#

We are getting double entries though, and a ping from R1 to R2 still does not work. Hmmm.... Well let's double check our configuration, starting with our virtual switch:

 

That's all fine, we have the correct ports in the correct vlan. Let's check the physical switch:

SW1#sh run int fa0/1
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/1
 switchport access vlan 12
 switchport mode access
end

SW1#sh run int fa0/2
Building configuration...

Current configuration : 122 bytes
!
interface FastEthernet0/2
 switchport access vlan 12
 switchport trunk encapsulation dot1q
 switchport mode access
end

Looks like we have a lingering remnant from previous work... Let's get rid of that and see what happens:

SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#int fa 0/2
SW1(config-if)#no switchport trunk encapsulation dot1q
SW1(config-if)#end
SW1#

R1#ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/18/24 ms
R1#

R2#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/27/44 ms
R2#

Hurrah!

So far so good. I still need to get the second switch racked and cabled, it's waiting for me back at the office, I also need to sort out the USB NICs, or re-do part of the topology. Switches 2, 3 and 4 on the GNS3 topology either need to connect to SW1, and then to the breakout switch, or have separate USB connections to separate "clouds". I have the USB nics (Dynamode USB-NIC-1427-100) but my iMac doesn't seem to want to play ball with them, the lights all flash and look impressive blinking away as they do, but I cant seem to get them recognized as an ethernet interface yet.

Nevertheless it's all off to a good start, and we can save the rest for part two, when I figure out how to finish it off!

If you have any suggestions then please do comment.

Author : Unknown

CCIE #49337, author of CCNA and Beyond, BGP for Cisco Networks, MPLS for Cisco Networks, VPNs and NAT for Cisco Networks.

Related Posts