alphahpg.com

F1, Networking, Coding, Photography & Minitatures

Network Musings March 13, 2019

I’ve been building a robust small network to do my CCNA ICND1 & 2 studies, using my ESXI server to run 4 IOS XRV’s connected to my servers PFsense firewall and virtual tacacs server.

I’ve come up against a bunch of things which have made this not necessarily as straight forward as it should be.

Getting the IOS XRV’s to run took a bit of manhandling, but we got there in the end (hint you need a console connection to them which you need to either have the full Licence for ESXI or configure them somewhere else and import them into ESXI (which I did).

Using IOS XRV for CCNA studies means you need to do things a little differently, as the default doesnt really exist, you need to either use IPV4 or IPV6 when using the appropriate commands.
Good example: assigning an IP address to an interface, in normal IOS you’d use the following:
conf t
int gi0/0
ip add 192.168.0.1 255.255.255.0
no shut

In IOS XRv you’d do the following:

conf t
int gi0/0/0/0
ipv4 add 192.168.0.1/24
no shut
commit

Also with IOS XRv is follows the trail of JUNOS in that you need to commit your config changes, to prevent issues occurring cause of a bad config change (which we all know is super easy in normal IOS).

In my current network, I have 4 IOS XRvs, each with an interface going to another IOS XRv, a loop back on 1, 2 , and 3, in the 192.168.255.0/28 netwroks, RIP provides connectivity, this is mostly because ICND1 only really looks at RIP v2. When I progress to ICND2 I’ll activate OSPF.

I installed Open NMS, and a Tacacs server to allow single point of authorisation and authentication, meaning I dont need to set up multiple users on each network element.

I also found because the internal 192.168.0.0/24 networks live in a different space (network) than the 172.16.0.0/24 net, we had some issues with TACACs workig correctly. in the end this was found to be the TACACs server not being able to send information back to the routers that sent the request initially even though you could ping and trace route the tacacs server. I added a static route to the 192.168.0.0 nets to the tacacs server and low and behold all the IOS XRv’s can now be authenticated via TACACs.

I’ll have more info coming soon!

No Comments on Network Musings
Categories: networking