Hello networkers,
We need to put together a guide on how to set up a home lab. I'll edit the OP until we've got something that we feel is ready to post in the Guides section, which makes it a somewhat formal document. I'm starting it and I'll incorporate comments into the OP as they are offered here.
***
BUILDING OUT A HOME LAB
First word of advice to aspiring networkers is that your first home lab really is GNS3. It will do so much for you, all for free. Look up that fine product and how to use it, and you will soon be creating interesting and clever topologies to test out your routing and switching expertise.
That should be all you need for entry-level certifications.
For professional-level certifications and above, however, you will want to handle real equipment, since real equipment can fail in ways that simulated/emulated equipment can't. Those real equipment failures are also things you can experience in real life.
When building out your home lab, avoid purchasing pre-assembled lab kits. That deserves to be in all caps, in fact: AVOID PURCHASING PRE-ASSEMBLED LAB KITS. Often, the equipment is outdated and won't give you the OS versions you need to know for your testing.
For best results, look to online single-piece sales, or ask around your networking friends for good deals. Bearing in mind that there are a number of switches you can get for around $20 and routers for $100 or so, your total outlay will be in the area of $260-$300 for a pair of routers and a few switches. You might get lucky and find more for less. An entry-level firewall, the Cisco ASA 5505, will be around $150-$200 and is well worth the expense if you plan to look into security.
I'd also recommend a small VM box. NUC's are cheap and you can even repurpose many <5yr old PCs for this. Use your favorite hypervisor and get a server running with your fave tftp, snmb and whatever else you want. Great to offload GNS3 dynamips on as well from older laptops like mine. Pfsense for firewall and VPN. Add in a eBay ip switched PDU (got mine for $40) and you even have a remote lab.
Big plus here, you get exposure to VMs and in most cases you learn some Linux. Who in networking couldn't use a little Linux?
Quote from: hizzo3 on January 06, 2015, 11:33:37 AM
I'd also recommend a small VM box. NUC's are cheap
NUCs are fantastic. I've been running three of them in an ESX cluster for a couple years. I also use the smaller ones as XBMC boxes. I'm probably moving to a couple Shuttles in the future though. The SH87R6 can do 32GB of RAM versus the NUC's max of 16, which means I can run only two boxes and be pretty happy.
Quote from: deanwebb on January 06, 2015, 10:45:40 AM
Hello networkers,
We need to put together a guide on how to set up a home lab. I'll edit the OP until we've got something that we feel is ready to post in the Guides section, which makes it a somewhat formal document. I'm starting it and I'll incorporate comments into the OP as they are offered here.
***
BUILDING OUT A HOME LAB
First word of advice to aspiring networkers is that your first home lab really is GNS3. It will do so much for you, all for free. Look up that fine product and how to use it, and you will soon be creating interesting and clever topologies to test out your routing and switching expertise.
That should be all you need for entry-level certifications.
Dean,
One of my goals this year is to get my CCNA certification. After reading your post, I started reading GNS3 Getting Started Guide 1.0[1]. In the guide it says,
"However, due to licensing restrictions, you will have to provide your own Cisco IOS's and IOU, to use with GNS3."My question is, how is one to legally obtain a valid copy of an IOS image? Also, for the new CCNA, the IOS version is 15.
I was looking at the Hardware Emulated by GNS3[2].
Would you suggest me buying one of the routers, say for example 3725, running IOS v15 on eBay[3] as this is one of the routers listed on [2]?
Edit: And use this image to run on GNS3.
/EditThanks
[1]. https://community.gns3.com/servlet/JiveServlet/previewBody/1791-102-1-2066/GNS3%20Getting%20Started%20Guide%201.0%20(1).pdf
[2]. https://community.gns3.com/docs/DOC-1708
[3]. http://www.ebay.com/
Last I heard, GNS3 only supports IOS v15 on the 7200 routers. Might want to look to see if it specifically supports v15 before making the purchase.
I confirm above, have labbed 15 on 7200 many times, it is slightly dodgy though
Hizzo and Vito: can you guys expand on the VM stuff you're talking about? Assume someone has never done a VM box and go from there. Not total step-by-step, but say where to get the steps. That would be good.
RTFM: That is correct, you have to provide your own Cisco IOSes for GNS3. If you own a router that GNS3 emulates, you can use that IOS on GNS3. Site policy will not allow anyone to discuss black market methods of acquiring IOS code on this site. Having said that, the Cisco Learning Forums won't discuss it, either, but they will heartily recommend GNS3.
For legal reasons, we're not going to address the hypocrisy of enthusiastically recommending GNS3 while remaining silent on how to make it useful.
I will say this, though: don't use GNS3 to run production routers, don't try to purchase support for a device you set up in GNS3, and don't sell a device you cooked up in GNS3 on eBay or anything like that. When I worked on putting my home lab together, I had a friend at Cisco help me with stuff that was end-of-life (EOL) and on its way to a dumpster. I had the same three rules when he handed that over to me. I never ran production on them, I never bought support, and I never sold them on eBay, even though some of that stuff would still fetch a big price. Cisco does want to see people get certified, but it's not going to recommend that people find their software for free somewhere, because that's against their business model of selling the stuff.
Has Cisco ever done a swoop on all the people that used their IOS code in GNS3 and sued them, RIAA-style? To my knowledge, no. Will they ever swoop down on someone? If that guy starts selling IOS code out of the back of his car to shady network admins, you betcha, but not because he loaded into a GNS3 for his home lab. Does this mean that NOW I'll tell you where to get the IOS images? No. Site policy is to not post links or information on how to get software through means other than official distribution channels or similarly legal means.
Quote from: wintermute000 on January 06, 2015, 03:10:15 PM
I confirm above, have labbed 15 on 7200 many times, it is slightly dodgy though
Yes, 15 on the 7200 in GNS3 gave me some headaches. I preferred late 12 code.
I love my 1841s - cheap (€ 40), silent and more than fast enough for lab use. Just checked and they should be able to run IOS 15, I'm still running 12.4 though...
Quote from: SimonV on January 06, 2015, 03:16:48 PM
I love my 1841s - cheap (€ 40), silent and more than fast enough for lab use. Just checked and they should be able to run IOS 15, I'm still running 12.4 though...
1841 is my real router of choice.
1.) re: 1841s, see attached ;D Runs fine on 15.1M and does full MPLS/MP-BGP.
2.) A vm host is pretty much mandatory in this day and age. To be honest I spent way more time in Cisco CSRs and Juniper Fireflies than my real rack. You can also lab a whole bunch of multi-discipline, multi-vendor stuff ranging from IP PBXs to virtual WAN accelerators to even virtual SBCs nowadays, host a management server for tacacs/syslog/rancid/etc, Active Directory, the list goes on. If I had to do it again, I would not have bought the 1841s and built a breakout rack only with 4 switches going back to my ESXis. But I built this setup 2 years ago, so at least I got some good use out of it.
I run with 2x Dell Optiplex 990s (i5-2400, 16Gb, 2x LP dual NIC cards) as the main vsphere hosting cluster, 1x repurposed whitebox (i3-2120, 16Gb, dual NIC) as management (AD/vcenter), and a separate iSCSI target running off physical FreeNAS on its own isolated LAN.
I run all the test hosts off dvswitch VLANs so it doesn't matter if they are on host 1 or host 2. Management hosts (vsphere, AD, linux) are on a separate whitebox so I can easily break and rebuild the cluster at will without worrying about screwing up my management. I've also kept all management traffic on dedicated standalone vswitches to eliminate any reliance on dvswitching and the vcenter.
Note I have modelled off a typical textbook enterprise deployment as I wanted to do Vmware labbing not just networking. If you just want to run up virtual hosts then one big ESXi of doom would be easier and cheaper. You can get some insane bang for the buck if you can live with loud power hungry ex-data centre rack monsters (i.e. old servers). Running one mega host also lets you lab vmware via nesting ESXi within ESXi but that obviously brings about its own brand of headaches, caveats and performance issues. I actually sold a mega server that was running such a nested setup and rebuilt the current one outlined below
skaffen.planetexpress.com.au/virtual-lab.pdf (http://www.networking-forums.com/skaffen.planetexpress.com.au/virtual-lab.pdf)
The only caveat I'd say re: NUCs are great but you can't lab vmware properly on them as you simply cannot install more NICs, and you're going to need extra NICs for things like iSCSI, FT, HA and all the other vmware features. If you don't care about that then its all gravy.
3.) GNS3 is still good for quick/scenario specific labbing, esp with the convenience of importing someone else's pre-baked topology. A lot of core R&S hasn't changed a lot even if you stick with 12.4T - I can't see much on the RIP, OSPF, EIGRP or BGP topics for IEv5 that specifically requires v15 for example (is there even any?).
4.) If VIRL ever gets Titanium (NX-OS) fully featured and/or switching then it would trump all, but right now, its basically a fancier version of GNS3 with up to date IOS, or an easier to use version of an ESXi loaded with CSRs (that you don't have to blow away every 90 days once the evaluation for advanced services expires).
I'll expand on the VM stuff tonight.
For the IOS stuff, sometimes you can catch EOL stuff on eBay that will still have an IOS loaded. Legally, the only way to get it is through service contracts. Is it part of the service contract that at EOL the company should be wiping the equipment?
seriously, for labbing who cares about legalities.
do they want techs to know and evangelise their gear or not? zero guilt for non-prod usage IMO
Good point. Also just remembered for civil and criminal, damage has to be done - no what ifs. It would be an expensive court case over educational use ;)
Luckily my company is overhauling a good deal of its infrastructure and there is a ton of stuff to be had. I got a few 2821s and some 3560s (POE). I'm also using a 2621XM which are fairly cheap for the BGP PeerX Project.
This is what I found on eBay, a Cisco 2621XM 128D/32F [1] running Advanced Enterprise IOS image, c2600-adventerprisek9-mz.124-10a.bin for 75 USD.
Is this a good purchase where I can use the IOS image on GNS3 for educational purposes?
If not, is anyone willing to donate any of their old hardware? Please let me know.
Thanks
[1]. http://www.ebay.com/itm/Cisco-2621XM-128D-32F-CCNA-CCNP-CCIE-6xAvailable-Warranty-/311240796181#rwid
It's a good price but I would prefer a more "reputable" seller. Check this site out:
http://www.cablesandkits.com/cisco-2600xm-series-routers-c-50_84_878.html
Don't buy 26xx era stuff. 18/28xx is cheap and runs ios15
Quote from: wintermute000 on January 06, 2015, 06:04:08 PM
seriously, for labbing who cares about legalities.
do they want techs to know and evangelise their gear or not? zero guilt for non-prod usage IMO
We can't require that you feel any guilt, only that nobody posts links to where this stuff can be had. While it's hard to go after a zillion students, it's easy to take a whack out of a website owner's backside. C:-)
We now return to our discussion of what gear to get. :matrix:
Quote from: deanwebb on January 06, 2015, 10:45:40 AM
For professional-level certifications and above, however, you will want to handle real equipment, since real equipment can fail in ways that simulated/emulated equipment can't. Those real equipment failures are also things you can experience in real life.
This is something I came across when I picked up a 3560 off eBay that had 2 DOA SFP modules installed. I had a handful of spares laying around so no harm done, and it added a little something to the experience of getting it up and prepped to lab.
Most of the equipment I've bought from there still comes configured from wherever they pulled it, and I enjoy getting in and seeing how it was setup and seeing what they use for their type 7 passwords, lol.
Getting equipment from a former owner that hasn't been cleaned off gives one an opportunity to find out all about using physical access to a network device to gain root access, courtesy of ROMMON mode. That is one of the most fun things to do, ever, for a networking guy. If you don't have fun going to ROMMON, you need to consider a different career direction.
Quote from: deanwebb on January 06, 2015, 09:20:44 PM
Getting equipment from a former owner that hasn't been cleaned off gives one an opportunity to find out all about using physical access to a network device to gain root access, courtesy of ROMMON mode. That is one of the most fun things to do, ever, for a networking guy. If you don't have fun going to ROMMON, you need to consider a different career direction.
My second 3550 booted in ROMMON... and it wouldn't take a new BAUD rate, so I was stuck loading an IOS using speed closer to smoke signals... then my laptop shut down because of the Power Options... Note to the wise... always check your Power Options before doing any long file transfers.
Feel free to move if you think this is too much for this thread. Also, any feedback is welcome.
Quick primer on Virtualization.
Problem: I have one box (computer consisting of a motherboard, hard disk drive (hdd), cpu, ram, ect), but you need to run multiple operating systems, simultaneously. Good example would be a Windows server, a firewall appliance (like pfsense) and Fedora desktop as a testbed.
Solution: Enter the world of Virtualization.
With Virtualization, you can run multiple operating systems (OS) on a single box, simultaneously. This can decrease the number of physical servers needed, decrease energy consumed, allow greater flexibility, and potentially increase security. Enter the hypervisor. :banana:
A hypervisor is what you run your virtual machines (VM) in. In the example above, the Windows server is one VM, while pfsense would be your other VM. You would need a hypervisor to create the environment in which both could coexist simultaneously without killing each other. There are two types of hypervisors: Type 1 – bare metal (Citrix XenServer, VMware ESXi, Microsoft Hyper-V) and Type 2 – hosted (VMware Workstation and VirtualBox). Type 1 runs as an OS on the hardware while Type 2 runs like an application within an installed OS like Windows 7. It is like running programs inside a program, sometimes installed in another program. Crazy, huh?
The hardware needs of Virtualization depend greatly on what you intend to do with it. While not required in all cases, a good start is a box that supports Intel VT-x or AMD-V. Most hardware built in the last 4-5 years will support this, but your mileage will vary, so check manufacture documentation. For instance, I have a laptop with an upgraded T9300 processor and PM965 Express chipset. Both support VT-x, but the bios needs to be hacked to allow the function to be turned on. :angry: Other hardware needs will be a decent processor and most importantly, ram. There are other things that are application and hypervisor specific, but that is beyond the scope of this. I still can use VMware Workstation, and do, but with limited performance.
Another great perk of VM's is they are more fluid. You can have a Golden Image (image template, before you deleted messed with your registry). If you have multiple hosts (type 1), you can create a pool and create fail-over/High Availability. Depending on your hypervisor, you can even migrate a VM incase the box it resides on need maintenance (without shutting it down). If you're practicing for an install and configure certification, you can delete it then recreate it until you can do it in your sleep. :not_worthy:
In my scenario, my laptop was out of the question as a host machine for the hypervisor (I needed a dedicated solution), so I cannibalized an old HTPC (home theater PC) I had lying around. It has an i5-2405s Intel processor (launched in 2011), some hard drives, a Z68 motherboard and 8GB ram (32GB max). It was/is hardly anything hardcore. My hypervisor of choice was XenServer. It comes (freely) fully featured, including management software, and has rather strong support community. Linux skills will help, but your Google-fu with be more important. Aside from running a few Linux VMs like Backtrack and RedNectar's GNS3 Workbench, all I knew about Linux was that they have an obsession with penguins. A few hours later of practicing my Google-fu I learned some basic XenServer and related XenServer commands, I had my first VM up and running. Just be patient - if you get frustrated, take a break. They say it is 7 minutes to Xen, which is true, but then its about 30-45 mins to config the remainder.
Currently, I have running:
Windows Server 2012 (DreamSpark-for college students) acting as a file share (iSCSI initiator for a target I have). Future plans include RADIUS for 802.1x (might use pfsense, but I like the separation for security), SNMP, Plex Media Server, Backup for all my devices, among other duties.
Fedora testbed for my Linux practice
pfsense is next in the list (my asus router is great and all, but it can handle only so much). This will be my firewall for my home network, VPN (Asus only does PPTP efficiently), and local DNS.
I still have room for any of the VM needs of future certs.
Quote from: wintermute000 on January 06, 2015, 07:33:35 PM
Don't buy 26xx era stuff. 18/28xx is cheap and runs ios15
Quick question. I am reading, Understanding Cisco IOS Naming Conventions[1] document. It says, the name of a Cisco IOS image represents the
Platform,
Feature set,
Format, and other information about the image file.
If you look at the example in the document, c3725-entbase-mz.123-2.T.bin,
where c3725 = Platform, entbase = Feature set and etc.
My question is, if I want to use an IOS image in GNS3, shouldn't I buy a router whose Platform is one of the hardware emulated by GNS3? I ask this question because 18/28xx is not listed as one of the hardware emulated by GNS3. Am I mistaken or are you suggesting to buy a 2 or 3 18/28xx routers running IOS v15 and practice on the actual hardware instead of GNS3?
Thanks
[1]. http://www.cisco.com/web/learning/le21/le34/downloads/689/academy/2005/BRK-101.pdf
I'm merely making the point that a 1800 or 2800 or 3800 series device is capable of running IOS15 code (however you get it). This is the code that you should be labbing against as its much more current - even then you will only run up to 15.1M or 15.2T.
Even without the code issue the 2600 / 3600 era platforms are ancient. You are also going to be getting a machine thats a good 6+ years newer than a 2600 for example (with power supplies that are years newer lol).
I can't comment if you're specifically buying a device just to get an IOS but I will just say there are many, many easier ways.....
OK, so how many routers and what kind? How many switches and what kind? Let's consider a minimal home lab config.
I have a few 3550 switches. All of my routers are GNS3 using USB adapters.
Quote from: hizzo3 on January 08, 2015, 05:13:44 PM
I have a few 3560 switches. All of my routers are GNS3 using USB adapters.
Why a 3560 instead of a 2600?
Quote from: deanwebb on January 08, 2015, 06:04:55 PM
Quote from: hizzo3 on January 08, 2015, 05:13:44 PM
I have a few 3560 switches. All of my routers are GNS3 using USB adapters.
Why a 3560 instead of a 2600?
Sorry. Typo... 3550's. 2600 can be emulated in gns3
... and what is it the 3550s get you that the 2600s don't?
Mind if I ask you to post what IOS images you are running in your GNS3?
This is what I use
Stability -
c3725-adventerprisek9-mz.124-15.T14.bin
c3640-jk9s-mz.124-16.image
Need IOS15 features (NHRP over mGRE etc.)
c7200-adventerprisek9-mz.152-4.M2.image
I can't remember specifically why I use those versions or even if there is a reason, but works for me.
If I was starting out now, I would just buy multilayer switches and a vmware box with lots of extra NICs.
There is no reason for using old 3550s when 3560s are available for a hundred a pop (AUD) on ebay. IOS15, can even run BGP if you want.
If you are an absolute beginner and/or totally confused on virtual and want to get your feet wet, get a few 1841s.
I have:
2x2651XM Routers
2x2851 Routers
2xPIX 505
3x2950
1x3560 (POE)
Running a DMVPN between 2 locations right now. Running BGP and EIGRP. Looking for a small rack/cabinet to set the rest up.
:matrix:
Quote from: deanwebb on January 08, 2015, 07:10:56 PM
... and what is it the 3550s get you that the 2600s don't?
switching capabilities
Quote from: ristau5741 on January 09, 2015, 07:20:00 AM
Quote from: deanwebb on January 08, 2015, 07:10:56 PM
... and what is it the 3550s get you that the 2600s don't?
switching capabilities
^ This. For a moment I thought I missed something, so last night I spent time googling and couldn't see the relation.
I got the 3550's a yr ago. The 3650 were still higher in price and the only significant difference I could find was IPv6. I got one with the SMI image and flashed it to EMI. The 3550 with EMI is what you want. You can either buy with EMI or flash it with the proper IOS
Quote from: ristau5741 on January 09, 2015, 07:20:00 AM
Quote from: deanwebb on January 08, 2015, 07:10:56 PM
... and what is it the 3550s get you that the 2600s don't?
switching capabilities
Yup, the 3550 is a switch, the 2600 is a router.
Quote from: hizzo3 on January 09, 2015, 11:04:50 AM
The 3650 were still higher in price and the only significant difference I could find was IPv6.
That, and PVLANS
PVLANS are a topic in the guides, but I learned of them without needing to actually touch them. Would have been nice to lab up, though.
PVLANS are for CCNP though, right? I didn't see it on the list for CCNA/CCENT.
Which brings up another point... So this guide is for which certification(s)?
You can always rent rack space.
Quote from: hizzo3 on January 09, 2015, 02:19:01 PM
PVLANS are for CCNP though, right? I didn't see it on the list for CCNA/CCENT.
Which brings up another point... So this guide is for which certification(s)?
You can always rent rack space.
CCNP certs, basic starter lab that would be good for any P-level.
In that case, 3-4 3560's and a NUC, a USB hub and a few Ethernet dongles that support vlan tagging with a Linux install should cover all your routers. If you want to be fancy, you could use 1 Ethernet dongle and configure one of the switches to break out the connections.
Not sure what GNS3 will run for firewalls and voice. Haven't gotten that far yet.
Build your own whitebox. You want real, extra nics. Mobo with 4 RAM slots. Cheaper.
Good luck using your USB NICs with VMs (google VT-d). Then seeing if they support VLAN tagging.
I cannot stress this enough, if you want to do any real vmware labbing, you're going to need more NICs, Intel addon ones that ESXi natively recognises.
Quote from: wintermute000 on January 09, 2015, 05:45:50 PM
Build your own whitebox. You want real, extra nics. Mobo with 4 RAM slots. Cheaper.
Good luck using your USB NICs with VMs (google VT-d). Then seeing if they support VLAN tagging.
I cannot stress this enough, if you want to do any real vmware labbing, you're going to need more NICs, Intel addon ones that ESXi natively recognises.
I would agree if you go the VM route. I'm fighting through this with Xen now. You can get away with USB adapters though if you don't go VM. The new GNS is supposed to be better on ram too.
"Build your own VM" is crazy talk to someone that doesn't build VMs. One of you would like to write up a step-by-step on getting the stuff on GNS3 to talk to the live network?
Quote from: deanwebb on January 08, 2015, 01:47:58 PM
OK, so how many routers and what kind? How many switches and what kind? Let's consider a minimal home lab config.
I used this link to learn what hardware would be good to have for which lab. I think they sell lab kits but I found the items piecemeal on ebay for way less. It helped me see what features work with what hardware, IOS 15, how much memory is needed, etc. It seemed like one of the only comprehensive guides I found at the time. Thoughts?
http://www.certificationkits.com/cisco-lab-suggestions/
Quote from: deanwebb on January 10, 2015, 08:16:02 AM
"Build your own VM" is crazy talk to someone that doesn't build VMs. One of you would like to write up a step-by-step on getting the stuff on GNS3 to talk to the live network?
There are quite a few guides out there... Maybe we can improve on it somehow... Videos maybe?
That's a brilliant idea... so now I need to figure out how to set up a channel with multiple contributors.
Quote from: deanwebb on January 13, 2015, 10:31:30 AM
That's a brilliant idea... so now I need to figure out how to set up a channel with multiple contributors.
LET'S SHARE A GMAIL ACCOUNT!
kidding, someone will leak the credentials to ISIS
Quote from: Seittit on January 13, 2015, 12:28:45 PM
Quote from: deanwebb on January 13, 2015, 10:31:30 AM
That's a brilliant idea... so now I need to figure out how to set up a channel with multiple contributors.
LET'S SHARE A GMAIL ACCOUNT!
kidding, someone will leak the credentials to ISIS
Then they will post top secret info, like a link to this thread or our user names.
I would suggest that a single person be in charge of that project. simply for quality control.
good content can be allowed, crappy content dropped
Well, it's a 3-day weekend coming up and my wife will be out of town. Perfect opportunity for me to set up a YouTube channel.
Quote from: deanwebb on January 15, 2015, 08:25:13 AM
Well, it's a 3-day weekend coming up and my wife will be out of town. Perfect opportunity for me to set up a YouTube channel.
Well I'll be down the street from you in Killeen at a falconry convention, let me know if you want some videos of killer raptors
I'd also suggest setting up a minor set of standards that cover format of material. I can't assume everyone on here has done formal training. Plus it will help us piece it together.
Im currently running 3x 3560 POE Switch, 1x 2524 Router (Access Server) for physical equipment. All of my physical equipment was given to me fo free, but the all have IOS 12.x on em. I wasn't trying to go out into the void to get 15 series IOS, but I need to get the practice on em. I have access to packet tracer in which I can use 18 and 19 series routers w/ IOS 15, but im a sucker for lights and I want physical stuffs, just broke until I start work next monf.
Quote from: jofas88 on January 15, 2015, 12:44:11 PM
Im currently running 3x 3560 POE Switch, 1x 2524 Router (Access Server) for physical equipment. All of my physical equipment was given to me fo free, but the all have IOS 12.x on em. I wasn't trying to go out into the void to get 15 series IOS, but I need to get the practice on em.
I discovered that my 24 port 3560 POE doesn't have enough mem to run IOS 15.
Thankfully my non-POE does!
You are correct, the 3560 POE cant run the 15, bummer. Packet tracer it is.
Quote from: jofas88 on January 16, 2015, 07:03:14 PM
You are correct, the 3560 POE cant run the 15, bummer. Packet tracer it is.
why anyone would want to run 15.x code on a switch is beyond me. the only added feature, to my understanding, is a call home feature. if i had a nickel for every time i ran into bugs on a switch running 15.x code, i'd have almost a dollar.
Quote from: Seittit on January 17, 2015, 04:19:02 AM
Quote from: jofas88 on January 16, 2015, 07:03:14 PM
You are correct, the 3560 POE cant run the 15, bummer. Packet tracer it is.
why anyone would want to run 15.x code on a switch is beyond me. the only added feature, to my understanding, is a call home feature. if i had a nickel for every time i ran into bugs on a switch running 15.x code, i'd have almost a dollar.
Add ten cents to your total. I know of two switches that flipped their shiz when they went to 15.x code last year...
Im a newb, and its showing lol.
Quote from: Seittit on January 17, 2015, 04:19:02 AM
Quote from: jofas88 on January 16, 2015, 07:03:14 PM
You are correct, the 3560 POE cant run the 15, bummer. Packet tracer it is.
why anyone would want to run 15.x code on a switch is beyond me. the only added feature, to my understanding, is a call home feature. if i had a nickel for every time i ran into bugs on a switch running 15.x code, i'd have almost a dollar.
Drifting OT I realise but the best one I ever seen was I think 15.0.2SE4 (whatever lol) on a 3750X, its fairly new IIRC, anyway it was, I quote, 'may run high CPU if ten-gigabit modules are inserted'. And by high CPU it means the switch is basically dropping frames left and right and will even screw up any attempt to tftp/ftp a new image for rollback. Of course this is for a customer who slavishly follows ITIL prescriptions and doesn't understand 'if it ain't broke'. Boy that was a fun evening, talking the onsite hands and feet through rommon.
Sheesh, that must of be painful.
Quote from: wintermute000 on January 18, 2015, 02:06:00 AM
Drifting OT I realise but the best one I ever seen was I think 15.0.2SE4 (whatever lol) on a 3750X, its fairly new IIRC, anyway it was, I quote, 'may run high CPU if ten-gigabit modules are inserted'. And by high CPU it means the switch is basically dropping frames left and right and will even screw up any attempt to tftp/ftp a new image for rollback. Of course this is for a customer who slavishly follows ITIL prescriptions and doesn't understand 'if it ain't broke'. Boy that was a fun evening, talking the onsite hands and feet through rommon.
That's the exact issue i've run into, HULC process annihilating the CPU on 3750s. It's a well-known bug with the switch running 15.x, where the process that controls the LED lights goes down the rabbit hole, never to return without a reboot. Best practice is to admin-shut all ports not in use, and reload when the CPU creeps over 70%. What a pain in the behind.
15.x code is required to mitigate the Cisco OpenSSL vulnerability, not really required for a home lab
Quote from: Seittit on January 17, 2015, 04:19:02 AM
why anyone would want to run 15.x code on a switch is beyond me. the only added feature, to my understanding, is a call home feature. if i had a nickel for every time i ran into bugs on a switch running 15.x code, i'd have almost a dollar.
We're running 15.x on our 3750X's and 2960S's. So far we haven't had any network-breaking issues but there has been a bug or two show up. Nothing worth scheduling downtime to upgrade, though. I have noticed the more 3750X's you put in a stack the slower the entire thing seems to get. We limit our stack sizes to 5 switches because of that.
To dredge up an old thread...
I'm tossing around the idea of upgrading my home server to an ESXi box running CSR's. My current server that I used for my CCNP is a pretty moderate linux box dedicated to dynamips. I can run 15 or so 3750's pretty comfortably, or 5 7200's. There's 12 break out ports connecting to my switches.
To start, my questions regarding the ESX/CSR solution are:
- How does the ESX solution connect to external switches? Can I map router interfaces to NIC's or will I need to trunk them to a dedicated breakout switch?
- I'll either have to buy an ESX license or reload after the evaluation period. Is there an experation on the CSR images as well?
- With dynamips, I can load topologies/configurations from the dynamips command line without running a seperate tftp server, and I can do packet captures on any interface including serial. Can I get that in ESX?
Thanks for your opinions!
1.) Your VMs map their vNICs to vswitches. You then break it out to pNICs (physical i.e. real). Theoretically you could dedicate one pNIC to one vNIC but how many physical NICs does your ESXi have? Hence everyone uses VLANS... which entails a breakout switch.
2.) Not if you don't activate the advanced features and/or throughput licensing. If you do I think IIRC its 90 days. Anyway they're only routers, easy to paste show runs back in
3.) Not sure
Re: running 7200s.... er.... Have you looked @ IOU in dynamips/GNS3? I can get ridiculous amounts of stuff running in IOU at what feels like 10x the speed of emulated IOS routers. INCLUDING MULTILAYER SWITCHES
http://www.networking-forums.com/index.php?topic=47.0
Quote from: wintermute000 on March 06, 2015, 04:44:54 PM
Re: running 7200s.... er.... Have you looked @ IOU in dynamips/GNS3? I can get ridiculous amounts of stuff running in IOU at what feels like 10x the speed of emulated IOS routers. INCLUDING MULTILAYER SWITCHES
http://www.networking-forums.com/index.php?topic=47.0
Thank you for this, I thought IOU was only available to cisco employees. Are you running it in GCE or on your own hardware?
Quote from: Splat on March 07, 2015, 09:09:16 PM
Quote from: wintermute000 on March 06, 2015, 04:44:54 PM
Re: running 7200s.... er.... Have you looked @ IOU in dynamips/GNS3? I can get ridiculous amounts of stuff running in IOU at what feels like 10x the speed of emulated IOS routers. INCLUDING MULTILAYER SWITCHES
http://www.networking-forums.com/index.php?topic=47.0 (http://www.networking-forums.com/index.php?topic=47.0)
Thank you for this, I thought IOU was only available to cisco employees. Are you running it in GCE or on your own hardware?
It is possible in GCE, its possible on your own ESXi and/or vmware workstation, and I'm sure its possible on anything that will let you spin up a VM.
I've got a DL380G6 with 72gb of RAM, luckily my old employer decommissioned 10 of these servers that were being used as ESXi hosts. Couple this up with 4 x 3560G and bobs your uncle!
I probably do 95% within ESXi, it's great! CSR1000V, ISE, ASAv, vWLC, AD Services etc. I have an Ubuntu VM running Ser2Net that maps my USB serial cables into the switch console ports.
Only downside is that it's pretty power hungry.
Just wanted to give a shout out to UNETLAB. All those on GNS3/IOU should look into it - its multi vendor and client-less.
http://www.unetlab.com/documentation/supported-images/index.html
I have it happily running IOS, Arista vEOS and Juniper vSRX in the same VM/lab :) It really is the dream networker's lab playground
I've been building out my home lab for a year and a half and documenting my progress here:
http://technerdlap.blogspot.com/
My original build and initial pains are here:
http://technerdlap.blogspot.com/2014/11/home-lab.html
Have since upgraded cards, ios, as well as spent countless hours troubleshooting what wound up being mostly layer 1 issues (ugh).
I'm happy to share my home lab experiences on this forum, as I've spent WAY too much time trying to get it all working, partly because I could not find a comprehensive guide online.
Just got a handful of 2811's from work that were going in the trash, so they are great upgrades from my original 2620xms.
Now have the capability to run IPsec tunneling across my home lab network, which makes me more excited than I'd care to admit.
I'll throw some pending updates on here, as well as my blog soon.
If anyone has any specific questions about a home networking lab, just ask. I'm up to 13 routers and an access server on a skeletek rack that could support 3 guerrillas:) Also have remote power management, so I only run the gear when I need to lab. Have everything going through a power meter and have calculated I'm spending about 38 cents an hour running my current rig (6 2811s, a 2620 and a term server).
Alright, gotta get back to failing miserably at configuring BGP on this beast...
Lap
Pssst... would you like your blog linked up here?
How are you supplying power to that rig? two separate circuits? I can only get about 7 or 8 devices on a single 15 AMP circuit before the breaker trips. Got a few other things plugged in as well. Gotta keep an eye on that so you don't fry your circuits, solution is not really a DIY fix, installing breakers in the master panel always gave me the willies. prefer to have a professional do it.
My current configuration (6 2811's, a 2620 and a cyclades term server) pulls about 5 amps (250 Watts), as measured by a Kill A Watt power meter. That 5 amp draw also includes an EZ Outlet (for remote power management), Netgear 8 port switch and an old Dell (Plex).
5 amp draw on a 20 amp circuit, with a spike during post/boot.
Think I'm paying 15 cents /killowatt hour. Math was never my strong suit, but I think this rig costs 38 cents an hour to run (250 Watts/hr X .15 Kw/hr).