No aspecto mercadológico, sabemos que "cisco" é bastante usado por aí, e certificações deles são um diferencial, e o que vamos fazer aqui é um bom primeiro passo para quem quer tirar a primeira certificação do mundo cisco CCNA, já que podemos montar vários tipos de ambiente para estudar os quesitos requisitados pelo exame.
No aspecto técnico, Vlans são bacanas, pois confinam os domínios de broadcast dando performance para a rede, e para a administraçãoé uma mão na roda, pois segmenta a rede e organiza nomeando cada Vlan, sem contar nasegurança, pois poderá gerenciar seus usuários, departamentos ou servidores em cada Vlan.
Agora, sabendo disso, vamos começar?
O que vamos precisar
Muitos sabem que o Dynamips/Dynagen roda em Linux, Unix, Windows etc, mas nesse artigo usaremos o Linux, distro Ubuntu versão 9.04, Dynamips versão 0.2.8-RC2-x86, Dynagen versão 0.11.0, uma imagem de ios que suporte o módulo NM-16ESW (usei a c3620-is-mz.123-15.bin), criar uma interface virtual tap0, e (neste caso) duas subinterfaces, pois teremos apenas duas VLANs.Já temos todos os ingredientes, vamos agora colocar a mão na massa!
1° passo - Instalando o Dynamips e Dynagen
No Ubuntu 9.04 tive um pequeno problema na instalação do Dynagen, que na verdade parece ser um problema na versão do repositório, então fiz um pequeno work around, mas o Dynamips instalou bonitinho.Para instalar o Dynamips:
# apt-get install dynamips
Já para instalar o Dynagen tive que baixar o tarball, mas não precisei compilar, apenas precisaremos executá-lo com o interpretador Python, que veremos mais à frente. Então vamos baixar o pacote do Dynagen:
# wget http://sourceforge.net/projects/dyna-gen/files/dynagen%20source%20_%20Linux/dynagen%200.11.0/dynagen-0.11.0.tar.gz/download
Depois de baixado, mova-o para um diretório à sua escolha, utilizarei aqui o /opt:
# mv dynagen-0.11.0.tar.gz /opt
Vá para o /opt e descompacte o pacote:
# cd /opt
# tar -zxvf dynagen-0.11.0.tar.gz
Tendo descompactado, entre no diretório que foi criado e dê permissões de execução ao Dynagen:
# cd /opt/dynagen-0.11.0/
# chmod +x dynagen
Pronto, simples assim, só para entender, porque não usar o Dynagen que é instalado pelo apt?
Se você tentar executar o Dynagen que é instalado pelo apt, dá esse erro:
$ dynagen /home/rodrigo/dynamips/lab1/lab1.net
Traceback (most recent call last):
File "/usr/bin/dynagen", line 28, in
from console import Console
File "/var/lib/python-support/python2.6/console.py", line 34, in
from confConsole import AbstractConsole, confHypervisorConsole, confConsole
ImportError: No module named confConsole
Pesquisei pelo Google afora e não encontrei nenhuma solução, por isso fiz dessa forma, mas se alguém conseguir fazer o Dynagen do apt funcionar, acrescente nos comments! =)
Bom, estamos com o Dynamips e Dynagen prontos, agora vamos fazer a interface "tap" funcionar e vamos habilitar o 802.1q nela.
2 ° passo - Criando a interface tap0 e fazendo ela funcionar como trunk
Para criar uma interface tap e criar vlans dentro dela, precisaremos instalar dois programas que já estão nos repositórios oficiais do Ubuntu, que são o uml-utilities e vlan, então vamos lá:# apt-get install uml-utilities vlan
Pronto, simples assim. Tendo instalado esses pacotes, vamos subir os módulos, criar a interface tap0 e suas sub-interfaces tap0.10 e tap0.20 e ingressar as sub-interfaces em suas respectivas vlans.
Subindo módulos:
# modprobe tun
# modprobe 8021q
Criando e subindo a interface tap0:
# tunctl
# ifconfig tap0 up
Criando as Vlans e subindo as sub-interfaces:
# vconfig add tap0 10
# vconfig add tap0 20
# ifconfig tap0.20 192.168.20.254 netmask 255.255.255.0 up
# ifconfig tap0.30 192.168.30.254 netmask 255.255.255.0 up
Pronto, esta parte está pronta, agora vamos dar uma estudada em nossa topologia e iniciar nosso ambiente virtual.
3° passo - Estudando a topologia e criando o arquivo lab1.net
A topologia que vamos usar é semelhante à esta, lembrando que é interessante personalizar seu ambiente:
[localhost]
[[3620]]
#Aqui deverá ser apontada esta determinada imagem de IOS, ou alguma outra imagem de IOS que suporte o módulo NM-16ESW
image = /media/Storage3/Cisco-IOS/IOS/c3620-is-mz.123-15.bin
ram = 64
[[ROUTER SW1]]
autostart = False
model = 3620
slot0 = NM-16ESW
F0/1 = RT1 F0/0
F0/2 = RT2 F0/0
F0/10 = NIO_tap:tap0
F0/12 = S2 F0/12
#O melhor idlepc deverá ser calculado em cada máquina para evitar o uso de 100% de CPU Não entrarei nesse detalhe
idlepc = 0x604c7a4c
[[ROUTER SW2]]
autostart = False
model = 3620
slot0 = NM-16ESW
F0/1 = RT3 F0/0
F0/2 = RT4 F0/0
idlepc = 0x604c7a4c
[[router RT1]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[router RT2]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[router RT3]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[router RT4]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[3620]]
#Aqui deverá ser apontada esta determinada imagem de IOS, ou alguma outra imagem de IOS que suporte o módulo NM-16ESW
image = /media/Storage3/Cisco-IOS/IOS/c3620-is-mz.123-15.bin
ram = 64
[[ROUTER SW1]]
autostart = False
model = 3620
slot0 = NM-16ESW
F0/1 = RT1 F0/0
F0/2 = RT2 F0/0
F0/10 = NIO_tap:tap0
F0/12 = S2 F0/12
#O melhor idlepc deverá ser calculado em cada máquina para evitar o uso de 100% de CPU Não entrarei nesse detalhe
idlepc = 0x604c7a4c
[[ROUTER SW2]]
autostart = False
model = 3620
slot0 = NM-16ESW
F0/1 = RT3 F0/0
F0/2 = RT4 F0/0
idlepc = 0x604c7a4c
[[router RT1]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[router RT2]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[router RT3]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
[[router RT4]]
autostart = False
model = 3620
idlepc = 0x604c7a4c
4° passo - Configurando os ativos e as vlans não se falam, habilitando o roteamento e todos se falam
Primeiro devemos subir o servidor do Dynamips.Estou utilizando a porta padrão 7200, se esta for mudada, também deverá ser mudada no arquivo .net.
# dynamips -H 7200
E deveremos iniciar nossa topologia com o Dynagen.
Como instalamos o Dynagen com seu tarball, pois pelo apt não funcionou, então devemos apontar o arquivo manualmente:
# python /opt/dynagen-0.11.0/dynagen /home/rodrigo/dynamips/lab1/lab1.net
Como eu não especifiquei no arquivo .net anteriormente, a porta console de cada equipamento abriu uma porta em seu localhost da forma padrão, segue a lista.
Agora seguem as configurações já prontas para todo o ambiente se falar, mas esse é só um exemplo, todos poderão personalizar seu ambiente, ativar protocolos etc.
Neste momento as Vlans não se falam, vamos habilitar o roteamento na nossa máquina Linux.
Habilite o roteamento no kernel e todos passam a se falar:
# echo 1 > /proc/sys/net/ipv4/ip_forward
- SW1 = $ telnet localhost 2000
- SW2 = $ telnet localhost 2001
- RT1 = $ telnet localhost 2002
- RT2 = $ telnet localhost 2003
- RT3 = $ telnet localhost 2004
- RT4 = $ telnet localhost 2005
Agora seguem as configurações já prontas para todo o ambiente se falar, mas esse é só um exemplo, todos poderão personalizar seu ambiente, ativar protocolos etc.
SW1#sh run
Building configuration...
Current configuration : 2488 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SW1
boot-start-marker
boot-end-marker
enable secret 5 $1$ZIgp$B4w0lvzqbTeF2t6IWwNor0
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
no ip address
shutdown
interface FastEthernet0/1
description vlan 10 go to RT1
switchport access vlan 10
no ip address
duplex full
speed 100
interface FastEthernet0/2
description vlan 20 go to RT2
switchport access vlan 20
no ip address
duplex full
speed 100
interface FastEthernet0/3
no ip address
shutdown
interface FastEthernet0/4
no ip address
shutdown
interface FastEthernet0/5
no ip address
shutdown
interface FastEthernet0/6
no ip address
shutdown
interface FastEthernet0/7
no ip address
shutdown
interface FastEthernet0/8
no ip address
shutdown
interface FastEthernet0/9
no ip address
shutdown
interface FastEthernet0/10
description Porta Trunk Router on stick Linux
switchport mode trunk
no ip address
interface FastEthernet0/11
no ip address
shutdown
interface FastEthernet0/12
description Porta trunk
switchport mode trunk
no ip address
duplex full
speed 100
interface FastEthernet0/13
no ip address
shutdown
interface FastEthernet0/14
no ip address
shutdown
interface FastEthernet0/15
no ip address
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan10
description Vlan10 RT1 e RT3
ip address 192.168.10.100 255.255.255.0
lan-name Vlan10
interface Vlan20
description Vlan20 RT2 e RT4
ip address 192.168.20.100 255.255.255.0
lan-name Vlan20
ip http server
ip classless
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
SW1#
SW2#sh run
Building configuration...
Current configuration : 2414 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SW2
boot-start-marker
boot-end-marker
enable secret 5 $1$Ee9s$AFbrTN5bLqpblkULAV92c/
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
no ip address
shutdown
interface FastEthernet0/1
description Vlan 10 go to RT3
switchport access vlan 10
no ip address
duplex full
speed 100
interface FastEthernet0/2
description Vlan 20 go to RT4
switchport access vlan 20
no ip address
duplex full
speed 100
interface FastEthernet0/3
no ip address
shutdown
interface FastEthernet0/4
no ip address
shutdown
interface FastEthernet0/5
no ip address
shutdown
interface FastEthernet0/6
no ip address
shutdown
interface FastEthernet0/7
no ip address
shutdown
interface FastEthernet0/8
no ip address
shutdown
interface FastEthernet0/9
no ip address
shutdown
interface FastEthernet0/10
no ip address
shutdown
interface FastEthernet0/11
no ip address
shutdown
interface FastEthernet0/12
description Porta Trunk
switchport mode trunk
no ip address
duplex full
speed 100
interface FastEthernet0/13
no ip address
shutdown
interface FastEthernet0/14
no ip address
shutdown
interface FastEthernet0/15
no ip address
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan10
description Vlan 10
ip address 192.168.10.101 255.255.255.0
lan-name Vlan10
interface Vlan20
description Vlan 20
ip address 192.168.20.101 255.255.255.0
lan-name Vlan20
ip http server
ip classless
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
SW2#
RT1#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT1
boot-start-marker
boot-end-marker
enable secret 5 $1$oH2g$3Z2gdf0Vkn./w0OfgUoFR1
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 10 go to SW1
ip address 192.168.10.1 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.20.0 255.255.255.0 192.168.10.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT1#
RT2#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT2
boot-start-marker
boot-end-marker
enable secret 5 $1$/x.q$tEjWEahasLjxp0G2aTFUT.
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 20 go to SW1
ip address 192.168.20.2 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.10.0 255.255.255.0 192.168.20.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT2#
RT3#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT3
boot-start-marker
boot-end-marker
enable secret 5 $1$Z50x$itE38bSPV.ObBKZBKBd3h.
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 10 go to SW2
ip address 192.168.10.3 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.20.0 255.255.255.0 192.168.10.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT3#
RT4#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT4
boot-start-marker
boot-end-marker
enable secret 5 $1$ye/.$r19lOHRw9zOOEuHcSif530
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 20 go to SW2
ip address 192.168.20.4 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.10.0 255.255.255.0 192.168.20.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT4#
Building configuration...
Current configuration : 2488 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SW1
boot-start-marker
boot-end-marker
enable secret 5 $1$ZIgp$B4w0lvzqbTeF2t6IWwNor0
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
no ip address
shutdown
interface FastEthernet0/1
description vlan 10 go to RT1
switchport access vlan 10
no ip address
duplex full
speed 100
interface FastEthernet0/2
description vlan 20 go to RT2
switchport access vlan 20
no ip address
duplex full
speed 100
interface FastEthernet0/3
no ip address
shutdown
interface FastEthernet0/4
no ip address
shutdown
interface FastEthernet0/5
no ip address
shutdown
interface FastEthernet0/6
no ip address
shutdown
interface FastEthernet0/7
no ip address
shutdown
interface FastEthernet0/8
no ip address
shutdown
interface FastEthernet0/9
no ip address
shutdown
interface FastEthernet0/10
description Porta Trunk Router on stick Linux
switchport mode trunk
no ip address
interface FastEthernet0/11
no ip address
shutdown
interface FastEthernet0/12
description Porta trunk
switchport mode trunk
no ip address
duplex full
speed 100
interface FastEthernet0/13
no ip address
shutdown
interface FastEthernet0/14
no ip address
shutdown
interface FastEthernet0/15
no ip address
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan10
description Vlan10 RT1 e RT3
ip address 192.168.10.100 255.255.255.0
lan-name Vlan10
interface Vlan20
description Vlan20 RT2 e RT4
ip address 192.168.20.100 255.255.255.0
lan-name Vlan20
ip http server
ip classless
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
SW1#
SW2#sh run
Building configuration...
Current configuration : 2414 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SW2
boot-start-marker
boot-end-marker
enable secret 5 $1$Ee9s$AFbrTN5bLqpblkULAV92c/
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
no ip address
shutdown
interface FastEthernet0/1
description Vlan 10 go to RT3
switchport access vlan 10
no ip address
duplex full
speed 100
interface FastEthernet0/2
description Vlan 20 go to RT4
switchport access vlan 20
no ip address
duplex full
speed 100
interface FastEthernet0/3
no ip address
shutdown
interface FastEthernet0/4
no ip address
shutdown
interface FastEthernet0/5
no ip address
shutdown
interface FastEthernet0/6
no ip address
shutdown
interface FastEthernet0/7
no ip address
shutdown
interface FastEthernet0/8
no ip address
shutdown
interface FastEthernet0/9
no ip address
shutdown
interface FastEthernet0/10
no ip address
shutdown
interface FastEthernet0/11
no ip address
shutdown
interface FastEthernet0/12
description Porta Trunk
switchport mode trunk
no ip address
duplex full
speed 100
interface FastEthernet0/13
no ip address
shutdown
interface FastEthernet0/14
no ip address
shutdown
interface FastEthernet0/15
no ip address
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan10
description Vlan 10
ip address 192.168.10.101 255.255.255.0
lan-name Vlan10
interface Vlan20
description Vlan 20
ip address 192.168.20.101 255.255.255.0
lan-name Vlan20
ip http server
ip classless
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
SW2#
RT1#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT1
boot-start-marker
boot-end-marker
enable secret 5 $1$oH2g$3Z2gdf0Vkn./w0OfgUoFR1
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 10 go to SW1
ip address 192.168.10.1 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.20.0 255.255.255.0 192.168.10.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT1#
RT2#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT2
boot-start-marker
boot-end-marker
enable secret 5 $1$/x.q$tEjWEahasLjxp0G2aTFUT.
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 20 go to SW1
ip address 192.168.20.2 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.10.0 255.255.255.0 192.168.20.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT2#
RT3#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT3
boot-start-marker
boot-end-marker
enable secret 5 $1$Z50x$itE38bSPV.ObBKZBKBd3h.
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 10 go to SW2
ip address 192.168.10.3 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.20.0 255.255.255.0 192.168.10.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT3#
RT4#sh run
Building configuration...
Current configuration : 1289 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RT4
boot-start-marker
boot-end-marker
enable secret 5 $1$ye/.$r19lOHRw9zOOEuHcSif530
no aaa new-model
ip subnet-zero
interface FastEthernet0/0
description Vlan 20 go to SW2
ip address 192.168.20.4 255.255.255.0
speed 100
full-duplex
ip http server
ip classless
ip route 192.168.10.0 255.255.255.0 192.168.20.254
line con 0
password cisco
login
line aux 0
line vty 0 1
password cisco
login
line vty 2 4
login
end
RT4#
Neste momento as Vlans não se falam, vamos habilitar o roteamento na nossa máquina Linux.
Habilite o roteamento no kernel e todos passam a se falar:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Assinar:
Postar comentários (Atom)
0 comentários:
Postar um comentário