I finally got the Cisco APIC-EM controller running and intergrated into a GNS-3 VM:
The setup is quite complicated. I have a IBM x3650 M2 server with two X5570 Xeons and 64GB of ECC 10600 RAM.
On the server I run:
- A desktop environments
- VirtualBox machine – APIC-EM
On my FreeBSD machine I run the gns3 gui and use SSH to connect to the Ubuntu server. My server and my FreeBSD machine are connected via a 1GB switch.
To create the Cisco APIC-EM VirtualBox machine:
- Open VirtualBox and choose create
- Create a machine with a minimum:
- 12 CPU cores
- 32 GB RAM
- 100GB Hard Drive
- Modify the APIC-EM Virtual machine to use a bridged network adapter (choose the one with an internet connection)
- Power on the machine and follow the steps
- After the APIC-EM has installed power off the machine – this will take up to 1.5hrs to complete
In GNS3 add a new device and select the VirtualBox machine option. After selecting the APIC-EM you created before re-enter the config and check the box that says “Alloy GNS3 to use any network card”.
Add the APIC-EM machine to the topology and connect the first ethernet port to a cloud device – this should be the local ethernet port on the computer running GNS3 that accesses your network.
Create the rest of the topology and be sure to create a DHCP server on the router connected to APIC-EM so that the interfaces on the APIC-EM can be auto-configured:
#IOU1 ip dhcp pool local network 10.0.0.0 255.255.255.0 domain-name local.net default-router 10.0.0.100 #ip address of this router lease 31
If you have connectivy issues login to the APIC-EM in VirtualBox as root – use the password you configured in the setup.
Run the command to configure DHCP on the network cards:
root@grapevine-root-1:~# dhclient eth1 RTNETLINK answers: File exists root@grapevine-root-1:~# ip addr flush dev eth1 #this will remove old address root@grapevine-root-1:~# dhclient eth1 root@grapevine-root-1:~# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 08:00:27:da:a0:3f inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:247 errors:0 dropped:3 overruns:0 frame:0 TX packets:906 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:31180 (31.1 KB) TX bytes:47184 (47.1 KB)
Test connectivity. Please note that for your APIC-EM to work it needs to be able to reach the rest of the network. To do this I configured OSPF on each device.
Here is a list of the minimum config:
- Enable password
- ssh enabled
- routing protocol
- snmp configuration
Lets go through each:
Enter configuration commands, one per line. End with CNTL/Z.
algorithm-type Algorithm to use for hashing the plaintext ‘enable’ secret
password Assign the privileged level password (MAX of 25 characters)
secret Assign the privileged level secret (MAX of 25 characters)
muhrouter(config)#enable secret cisco
muhrouter(config)#ip domain-name clinetworking.net muhrouter(config)#crypto key generate rsa % You already have RSA keys defined named muhrouter.clinetworking.net. % Do you really want to replace them? [yes/no]: yes Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus : 20 *Mar 10 11:49:25.639: %SSH-5-DISABLED: SSH 1.99 has been disabled 2048 % Generating 2048 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 3 seconds) muhrouter(config)# *Mar 10 11:49:30.479: %SSH-5-ENABLED: SSH 1.99 has been enabled muhrouter(config)#line vty 0 4 muhrouter(config-line)#login local muhrouter(config-line)#transport input ssh muhrouter(config-line)#username admin secret cisco muhrouter(config)#^Z muhrouter# *Mar 10 11:49:59.410: %SYS-5-CONFIG_I: Configured from console by console muhrouter#conf t Enter configuration commands, one per line. End with CNTL/Z. muhrouter(config)#hostname propah propah(config)#^Z
router ospf 1 network 10.0.1.0 0.0.0.255 area 0 network 10.0.2.0 0.0.0.255 area 0 network 10.0.3.0 0.0.0.255 area 0 network 10.0.4.0 0.0.0.255 area 0 network 10.0.10.0 0.0.0.255 area 0 network 10.0.100.0 0.0.0.255 area 0 propah#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.0.10.6 1 FULL/DROTHER 00:00:35 10.0.10.6 Ethernet0/2 10.0.100.1 1 FULL/DR 00:00:33 10.0.10.5 Ethernet0/2 10.0.100.1 1 FULL/DR 00:00:34 10.0.100.1 Ethernet0/2.100 10.0.2.2 1 FULL/DR 00:00:39 10.0.1.2 Ethernet0/1
After all this you should be able to login into the Cisco APIC-EM controller webpage with your preconfigured credentials:
Ignore certificate warning.
Wait for all services to start (takes about 45min):
That’s it! Now you can start doing some stuff.