Cisco APIC-EM Lab

I finally got the Cisco APIC-EM controller running and intergrated into a GNS-3 VM:

  1. Screenshot_2018-03-10_20-56-58

The setup is quite complicated. I have a IBM x3650 M2 server with two X5570 Xeons and 64GB of ECC 10600 RAM.

On the server I run:

  1. A desktop environments
  2. gns3-server
  3. VirtualBox machine – APIC-EM

On my FreeBSD machine I run the gns3 gui and use SSH to connect to the Ubuntu server. My server and my FreeBSD machine are connected via a 1GB switch.

To create the Cisco APIC-EM VirtualBox machine:

  1. Open VirtualBox and choose create
  2. Create a machine with a minimum:
    1. 12 CPU cores
    2. 32 GB RAM
    3. 100GB Hard Drive
  3. Modify the APIC-EM Virtual machine to use a bridged network adapter (choose the one with an internet connection)
  4. Power on the machine and follow the steps
  5. After the APIC-EM has installed power off the machine – this will take up to 1.5hrs to complete

In GNS3 add a new device and select the VirtualBox machine option. After selecting the APIC-EM you created before re-enter the config and check the box that says “Alloy GNS3 to use any network card”.

Add the APIC-EM machine to the topology and connect the first ethernet port to a cloud device – this should be the local ethernet port on the computer running GNS3 that accesses your network.

Create the rest of the topology and be sure to create a DHCP server on the router connected to APIC-EM so that the interfaces on the APIC-EM can be auto-configured:

#IOU1
ip dhcp pool local
 network 10.0.0.0 255.255.255.0
 domain-name local.net
 default-router 10.0.0.100 #ip address of this router
 lease 31

If you have connectivy issues login to the APIC-EM in VirtualBox as root – use the password you configured in the setup.
Run the command to configure DHCP on the network cards:

root@grapevine-root-1:~# dhclient eth1
RTNETLINK answers: File exists
root@grapevine-root-1:~# ip addr flush dev eth1 #this will remove old address
root@grapevine-root-1:~# dhclient eth1
root@grapevine-root-1:~# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 08:00:27:da:a0:3f 
 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:247 errors:0 dropped:3 overruns:0 frame:0
 TX packets:906 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:31180 (31.1 KB) TX bytes:47184 (47.1 KB)

Test connectivity. Please note that for your APIC-EM to work it needs to be able to reach the rest of the network. To do this I configured OSPF on each device.

Here is a list of the minimum config:

  1. Enable password
  2. ssh enabled
  3. routing protocol
  4. snmp configuration

Lets go through each:

1.)

muhrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
muhrouter(config)#en
muhrouter(config)#ena
muhrouter(config)#enable ?
algorithm-type Algorithm to use for hashing the plaintext ‘enable’ secret
password Assign the privileged level password (MAX of 25 characters)
secret Assign the privileged level secret (MAX of 25 characters)

muhrouter(config)#enable se
muhrouter(config)#enable secret cisco
muhrouter(config)#

2.)

muhrouter(config)#ip domain-name clinetworking.net
muhrouter(config)#crypto key generate rsa 
% You already have RSA keys defined named muhrouter.clinetworking.net.
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 4096 for your
 General Purpose Keys. Choosing a key modulus greater than 512 may take
 a few minutes.

How many bits in the modulus [512]: 20
*Mar 10 11:49:25.639: %SSH-5-DISABLED: SSH 1.99 has been disabled
2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 3 seconds)

muhrouter(config)#
*Mar 10 11:49:30.479: %SSH-5-ENABLED: SSH 1.99 has been enabled
muhrouter(config)#line vty 0 4
muhrouter(config-line)#login local
muhrouter(config-line)#transport input ssh
muhrouter(config-line)#username admin secret cisco
muhrouter(config)#^Z
muhrouter#
*Mar 10 11:49:59.410: %SYS-5-CONFIG_I: Configured from console by console
muhrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
muhrouter(config)#hostname propah
propah(config)#^Z

3.)

router ospf 1
 network 10.0.1.0 0.0.0.255 area 0
 network 10.0.2.0 0.0.0.255 area 0
 network 10.0.3.0 0.0.0.255 area 0
 network 10.0.4.0 0.0.0.255 area 0
 network 10.0.10.0 0.0.0.255 area 0
 network 10.0.100.0 0.0.0.255 area 0

propah#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
10.0.10.6 1 FULL/DROTHER 00:00:35 10.0.10.6 Ethernet0/2
10.0.100.1 1 FULL/DR 00:00:33 10.0.10.5 Ethernet0/2
10.0.100.1 1 FULL/DR 00:00:34 10.0.100.1 Ethernet0/2.100
10.0.2.2 1 FULL/DR 00:00:39 10.0.1.2 Ethernet0/1

After all this you should be able to login into the Cisco APIC-EM controller webpage with your preconfigured credentials:

https://192.168.0.15:14141

Ignore certificate warning.
Screenshot_2018-03-10_21-25-07

Wait for all services to start (takes about 45min):

Screenshot_2018-03-10_21-25-32

That’s it! Now you can start doing some stuff.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s