Connecting a gns3 virtual network to the real world networks !!

eeeehaaaaa, that was my first reaction after i was able to bridge my gns3 virtual lab to the real world networks and even set up a vpn to a remote vyatta firewall somewhere in the galaxies. This is just way up there, my fellow networking geeks know how it feels, especially Symo!! This is something we have been working on for the past few days with limited progress but today i made it, yeah am a genius (i know) !!!!!! Ok let me kill the blubbering and lay it out. First and foremost i wish to express my deepest appreciation to Josh at joshatterbury.com. My success was based on your procedures and infact i will borrow much from your website.

step 1. I installed all the necessary utilities to make this work (apt-get install uml-utilities
for tap interfaces and apt-get install Bridge-utils for the bridge interface)
step 2. I created the tap interface with the cmd tunctl (this comes with the uml-utilities).I brought the interface up using ip link set dev tap0 up
step 3. I created the bridge interface with the cmd brctl addbr br0 then brought up the interface using ip link set dev br0 up
I verified that both tap and bridge interfaces were created by issuing the cmd ip a and the output looked like
root@jerry-laptop:/home/jerry# ip a
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:1b:38:2f:0c:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.31/25 brd 192.168.1.127 scope global eth0
inet6 fe80::21b:38ff:fe2f:c24/64 scope link
valid_lft forever preferred_lft forever
3: wmaster0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ieee802.11 00:1b:77:25:a9:1d brd ff:ff:ff:ff:ff:ff
4: wlan0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:1b:77:25:a9:1d brd ff:ff:ff:ff:ff:ff
inet 192.168.11.100/24 brd 192.168.11.255 scope global wlan0
inet6 fe80::21b:77ff:fe25:a91d/64 scope link
valid_lft forever preferred_lft forever
5: pan0: mtu 1500 qdisc noop state DOWN
link/ether 9e:9d:40:35:0e:d3 brd ff:ff:ff:ff:ff:ff
6: tap0: mtu 1500 qdisc noop state DOWN qlen 500
link/ether 92:33:9b:ce:6d:af brd ff:ff:ff:ff:ff:ff
7: br0: mtu 1500 qdisc noop state DOWN
link/ether ca:79:4d:db:9a:59 brd ff:ff:ff:ff:ff:ff

so thats much for the tap and bridge interfaces.
step 4. With all the necessary interfaces created, my next hop (oh am thinking of nhrp in
dmvpn)was to associate my tap0 and eth0 interfaces with the br0 interface (i used my
laptops wired connection for this and maintained my wireless connection for internet
connectivity).
To bridge my eth0 with tap0, i used brctl addif br0 tap0 and brctl addif br0 eth0
for verification i invoked brctl show br0 and the
output was
jerry@jerry-laptop:~$ brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.001b382f0c24 no eth0
tap0
pan0 8000.000000000000 no


step 5. Here i changed my eth0 (wired int) to promiscous mode and removed the ip address on it.
ifconfig eth0 0.0.0.0 promisc then put the ip
address on the br0 ip address add 192.168.1.31 dev br0
Note that i didnt want to tamper with my wireless conection so i maintained my default
route to be via wlan0 but if i wanted to i would have put my default to go through my
br0 by invoking ip route add default via x.x.x.x
(thats whatever gateway you want to use via that interface)
step 6. With the above steps done the rest was Cerelac (Nestles' yummy yummy). I started my gns3
via cmd line as root and drag dropped my 3600 rtr and a cloud.On the cloud i configured
NIO_TAP and added the tap0 interface. Finally i connected my 3600rtr's wan interface to
the cloud's nio_tap:tap0 interface and configured an ip within the same subnet as the br0.
step 7. I went all out on it, built a more complex topology and did hsrp,dmvpn...blah blah i even
went ahead and configured my virtual lab devices to do AAA using a windows radius server
that i have set up for our office lan. I know this sounds crazy but am sooooo excited
doing all these complex stuff from the comfort of my laptop.

VIRTUALIZATION IN UBUNTU

Its been along way in my quest to change from windows operating system to linux. My favourite being ubuntu.

The switch over is never that easy and alot of research is involved to be able to do all that you were used to doing while using windows operating system. Since i am well known for experiments, i could not be that comfortable without virtualization, so i have been experimenting with various virtual machines but hitting a snag somewhere on the way due to some bugs.

Today i had a breakthrough and am glad to share with u how you will be able to run a vitual server on ubuntu.

using sun's virtual box, am now running a virtual machine in my ubuntu and i feel priviledged to share this to let u avoid all the hurstles of research. All the information u need is here.

http://www.howtoforge.com/installing-virtualbox-2.0.0-on-ubuntu-8.10-desktop



If after installation the virtual machine fails to start and produce the following error message.
"VirtualBox can't operate in VMX root mode. Please disable the KVM kernel extension, recompile your kernel and reboot (VERR_VMX_IN_VMX_ROOT_MODE)."

then perform the following

To disable KVM:

1. Install "bum" (Boot-up Manager): sudo apt-get install bum
2. Start Boot-up Manager (in systems menu) and untick "Full virtualization on i386 and amd64 hardware - kvm"
3. Click Apply

Answer yes to make the change effective right away.

OpenSource NAC solutions

ok, so am busy scoping through the ocean of opensource networking solutions and i came across something ive really been looking for, a network admission control utility (that dnt make me reach out to my pocket,a broke nigga!!!) that is scalable in a multivendor environment. something that can control my wired n wireless access connections. So i came across two solutions namely Packetfence
http://www.packetfence.org

and ZoneCD

www.publicip.net

I downloaded the ZoneCD iso but got stuck on the part of saving the configs to my flash device. I just dont seem to understand why it doesnt mount my flashdrive, i get some error. Oh and by the way, it runs on Knoppix. Next time i try it i will get the error message n post for guys out there to share ideas, am just starting with Linux administration, so for now am a bit green.
With packetfence, i managed to build it up in Ubuntu but then got some errors during install and havent gone back there due to time and other responsibilities (studying for my CCSP exams).
Hopefully within no time i will go back and do a thorough research on them.
For now though, have your mind wide open and try out all these beauty techonology has to offer.

OpenSource Network monitoring with Zenoss

Zenoss is an award-winning open source IT monitoring product that effectively manages the configuration, health and performance of networks, servers and applications through a single, integrated software package.

Check it out on http://www.zenoss.com/

With OpenSource y'all is definitely spoilt for choice, please dont nobody ask me how it works coz i just bumped into this gem today, so am yet to download and try it out. The system requirements are a bit crazy though, 4gig ram core 2 duo processor...blah blah but am sure for the Zenoss Core u can run on a low end pc, but a good P4. Anyway am gonna try it out and hit y'all on its wonders, so Networks and Systems admins be on the look out.