More fun with UnetLab today!
I am back to running it on the ESXi server, so have plenty of memory and CPU cores. It should be nice and fast!
Yesterday was fun, I added IOL images and XRv, so today let's add vIOS, and, if I can, an ASA!
vIOS on UnetLab
I am going to try and get the vIOS images from the OnePK (all in one image) running. Andrea already has a guide to this, so it shouldn't be too hard. The original documentation is here.
Firstly you can see the amount of space I have free, I then copy (using FileZilla) the OVA file onto the VM, and again you can see the space taken up. I then follow Andrea's steps (though I did play with the folder name...)
Following the documentation through (or so I thought), I then created a lab, added a network, and tried to add a vIOS node.
But the list was empty.
So, I read through the doc again, and some of the comments. Andrea tells us what the image name should be, so I created a folder to match the version, and moved the HDA file into there:
Now we are good!
The topology looks like this:
So let's try configuring the routers!
Router(config)#ho vIOS-1
vIOS-1(config)#int gi 0/0
vIOS-1(config-if)#ip add 10.1.1.1 255.255.255.0
vIOS-1(config-if)#no shut
vIOS-1(config-if)#cdp enable
vIOS-1(config-if)#exit
vIOS-1(config)#cdp run
vIOS-1(config)#exit
vIOS-1#sh ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.1.1.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
vIOS-1#
Router(config)#ho vIOS-2
vIOS-2(config)#int gi 0/0
vIOS-2(config-if)#ip add 10.1.1.2 255.255.255.0
vIOS-2(config-if)#no shut
vIOS-2(config-if)#cdp en
vIOS-2(config-if)#exit
vIOS-2(config)#cdp run
vIOS-2(config)#exit
vIOS-2#s
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.1.1.2 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
vIOS-2#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
vIOS-1 Gig 0/0 150 R B IOSv Gig 0/0
Total cdp entries displayed : 1
vIOS-2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/5/12 ms
vIOS-2#
Easy.
I took the first screen shot at 13:22, its now 13:58, and I have written this whilst setting it all up. 30 minutes or less!
ASA on Unetlab
Not sure how this will go. There isn't a guide for it, so It's going to be a lot of guess work!I start by copying the two VMDK files I have to the /tmp directory:
root@iou:/# ls /tmp ASA-8.42-1.vmdk ASA-8.42.vmdk root@iou:/#Then I convert them:
root@iou:/tmp# qemu-img convert -f vmdk -O qcow2 ASA-8.42.vmdk hda.qcow2 root@iou:/tmp# qemu-img convert -f vmdk -O qcow2 ASA-8.42-1.vmdk hdb.qcow2 root@iou:/tmp#I then move to the right directory, and move the files there:
root@iou:/opt/unetlab/addons/qemu# mkdir ASA-8.42 root@iou:/opt/unetlab/addons/qemu# mv /tmp/hda.qcow2 ASA-8.42/ root@iou:/opt/unetlab/addons/qemu# mv /tmp/hdb.qcow2 ASA-8.42/ root@iou:/opt/unetlab/addons/qemu# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions root@iou:/opt/unetlab/addons/qemu#Surprisingly... There is nothing there when I try and add a node:
At this point I started reading some of the other documents. I went through all of them until I got to the F5 BIG-IP document. Here we have another example of a 2 part system. I was happy that I had named the files hda and hdb, but then I thought - let's just try making the folder name lower case. So I edited it in FileZilla:
root@iou:~# ls /opt/unetlab/addons/qemu/ asa-8.42 vios-adventerprisek9-m15.4-1.2.0-173 xrv-k9-5.2.2 root@iou:~#
And all of a sudden.. I have the option for ASAs!
So. let's create a new lab and connect everything up!
This has all been a bit of a shot in the dark. Not knowing if I could get them running, I thought I would give it a go. But here is the thing.... are they usable?
There is a moment of wonder, as I sit staring at a blank telnet session, then suddenly...
ciscoasa(config)# hostname ASA1 ASA1(config)# int gi 0 ASA1(config-if)# ip add 10.1.1.1 255.255.255.0 ASA1(config-if)# nameif Outside INFO: Security level for "Outside" set to 0 by default. ASA1(config-if)# ASA1(config-if)# no shut ASA1(config-if)# ciscoasa(config)# hostname ASA2 ASA2(config)# int gi 0 ASA2(config-if)# ip add 10.1.1.2 255.255.255.0 ASA2(config-if)# no shut ASA2(config-if)# nameif Outside INFO: Security level for "Outside" set to 0 by default. ASA2(config-if)# ASA1# ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms ASA1# ASA2# ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms ASA2#Wow!
So, in two days, with a total of about three hours, I now have one environment that will run IOL routers, XRv routers, vIOS routers and ASAs.
Now that is impressive!
I might even try and add Titanium as well! But not today.
35 comments
commentsHello Stuart,
ReplyI follow your post about the ASAs, but when the ASA boot, show me some errors abot the NICs. I had running the ASA with VMWare Workstation, and I use the vmdk files from there. Do you can give us what settings do you have in the workstation to boot the ASA.
Thanks a lot.
Hi, I am not using workstation, I am using ESXi, I have never tried running the ASA on workstation. Because you have used the version that was already running on vmware, that probably where the problem with the NICs is coming from. I would suggest starting from the original media you used to create the ASA. Try starting from scratch and it'll probably work :)
ReplyHi, Stuart
ReplyI tried for VIos-L3 and got it working but L2 is not even showing in image option what can be the exact foldername for Vios-L2.
thanks
Check this post: http://www.802101.com/2015/02/unetlab-image-folder-naming.html
Replyhave you tested switching with unetlab
Replyhow much of switching can you do using arista switch for ccie security
Hi
ReplyI have not tested switching yet, I will do soon.
I have no idea about the Aristas for CCIE security, I havnt looked at that exam at all yet.
Hello Thanks for the post.
ReplyI follow your step but my node does not have firewall and CiscoASA which of the version UNL version did you use?
Thanks,
Hi, have you ever had the log message:%PLATFORM-2-SIGNATURE_FAILED: Image 'flash0:/vios_l2-adventerprisek9-m' failed code signing checks, error 'Invalid key storage handle'. Ethernet switching has been disabled to protect against attack.
Replyknow what it can be about?
Thanks
Dear.
ReplyI follow your step.
When I drag and drop the node ...nothing..
What did you do to let asa show up in node
Did you run the fixpermissions script?
ReplyNice post, especially ASA part. The only mistery for me is how to create those.vmdk files, cause I've got only .bin image of ASA. Anyway, finally I found ASA for ESXi.
ReplyYou can google ASA image:
asa 8.4.2 ESXi rutracker.org
Hello, does it run on Xenserver? has anyone tried?
ReplyHi Stuart,
ReplyAll my vIOS and ASAv started successfully on UnetLab web interface and I could telnet to these devices. However, the telnet window was blank. Hitting return key didn't make any difference.
how long did you wait? It can take some time for them to start showing on the console. You could always check the UNL logs to see if there are any problems, but I'd probably just wait longer...
ReplyHi,
ReplyI followed the steps on vmware. but I am getting Connected
to 192.168.213.130.
Escape character is '^]'.
Any solution. Thanks
How long are you waiting? It can take some time to see anything on the console. have you checked the logs of UNetLab? if you SSH into UNetlab and type in "top" can you see the processes working?
ReplyStuart i keep getting this message, any idea?
Reply"Undefined message, check if the UNetLab VM is powered on. If it is, see logs."
Hi Stuart,
ReplyThank you for the post. I would like to ask whether you encounter the following too:
When starting the ASA (8.4.2), it took ages and there is the following message at the beginning:
main-loop: WARNING: I/O thread spun for 1000 iterations
Then it finally boots. What i noticed also is that sometimes it boots with all interfaces configured for that node in Unetlab, sometimes just with few of them :(
Also, I would like to ask if you know how to setup the ASA in ESXi or Workstation. I made ASA ISO, but when booting for the first time it just get stuck with Booting the kernel. I tried it with Linux 2.6.
Thank you.
Thanks for the post. I am using a qemu image for 8.4(2) and while it works, it completely pegs my Unetlab cpu usage to 100%. I am running it on an ESXi host with an allocated 4 sockets, 1 core each. Do I need to allocate more? I have a lot of other things running and was wondering if you could chime in on this.
ReplyThanks
Hi Stuart, i followed step by step to simulate vIOS, It works very well, but once I reboot the VM, i loose http access to VM. I am not able to access the VM via http on IP address, It was working nicely before I simulated vIOS. If you can across this issue, please advise any solution.
ReplyMany Thanks.
Abdul.
does the VM have an IP address? Should show it on the console, or login and do ifconfig...
ReplyHi, I followed your awesome post and now I have ASA 8.4 and IPS 7 running.Thanks alot. Please could you also kindly guide us on how to load ASA 8.02 in UnetLab. I need it for my ccie security studies. Thanks again.
ReplyHey Zed,
ReplyCheck this link, its got a lot of useful stuff: https://nbctcp.wordpress.com/2015/07/02/unetlab-installation-on-esxi/
Good luck with the studies, let me know how it goes as I am doing the same :)
Hello Stuart,
ReplyThis is probably coming in late, but it helped me with the ASA 8.02 issue:
http://certcollection.org/forum/topic/286661-unl-networking-issue/
Thanks a million for the above site. Has been extremely useful
Cheers
It Looks like a bug. sometimes i lost HTTP access to the VM, and after doing some research I noted that port 80 is not open, the apache2 server is not working... even when i restart the service it won't work.
ReplyWhy don't you do all of us a favor and give the step by step procedure for this saves a lot of time. Thanks
ReplyAnd how would you learn anything for yourself? The key is reading, learning and doing.
ReplyWhy don't you do yourself a favour and be a little more polite?
dear guys,
Replyi have an issue while run asav in unetlab..asav started message shown on notification, but its goes to offline.. i am using asa 941-200. please help me.
please send the instruction by email suneer.kadooran@gmail.com
with regards
suneer ku
Suneer
ReplyAnything in the logs? If you need help then you might want to post in the forum, then you can include screenshots, etc
Hi Stuart
ReplyThanks for all the posts on UnetLAB, it seems that you have been working with it for a while now and the information is very informative.
Any chance that you might have loaded newer versions of ASA like 9.4.1 or 9.5 perhaps.
Reason I ask is that I am fairly new to UNL and have tried everything I could find so far. Followed the guide on UNL Docs for ASAv but my ASAv does not even start then tried your guide as well where I convert the VMDK files to hda.cqow2 and hdb.cqow2.
But with ver 9.4.2 one gets a boot.vmdk and disk0.vmdk.
I first tried boot.vmdk as hda0.qcow2 and disk0.vmdk as hdb.qcow2, got some errors when opening the terminal with wrong emulation and something about ee100.
I then thought perhaps I have it the wrong way around on the disks and changed boot to hdb0 and disk0 to hda0. The ASA starts and uses 100CPU but I never get the terlnet session to show anything.
also the 8.4.2 image you use seem to be dated and no longer available when I check under ASAv on Cisco.
Any advise or guidance would be much appreciated here.
Got my ASAv up and running, was a bit of a mission but I am on course now.
Reply