Cisco APIC-EM Lab

I finally got the Cisco APIC-EM controller running and intergrated into a GNS-3 VM:

  1. Screenshot_2018-03-10_20-56-58

The setup is quite complicated. I have a IBM x3650 M2 server with two X5570 Xeons and 64GB of ECC 10600 RAM.
On the server I run:

  1. A desktop environments
  2. gns3-server
  3. VirtualBox machine – APIC-EM

On my FreeBSD machine I run the gns3 gui and use SSH to connect to the Ubuntu server. My server and my FreeBSD machine are connected via a 1GB switch.
To create the Cisco APIC-EM VirtualBox machine:

  1. Open VirtualBox and choose create
  2. Create a machine with a minimum:
    1. 12 CPU cores
    2. 32 GB RAM
    3. 100GB Hard Drive
  3. Modify the APIC-EM Virtual machine to use a bridged network adapter (choose the one with an internet connection)
  4. Power on the machine and follow the steps
  5. After the APIC-EM has installed power off the machine – this will take up to 1.5hrs to complete

In GNS3 add a new device and select the VirtualBox machine option. After selecting the APIC-EM you created before re-enter the config and check the box that says “Alloy GNS3 to use any network card”.
Add the APIC-EM machine to the topology and connect the first ethernet port to a cloud device – this should be the local ethernet port on the computer running GNS3 that accesses your network.
Create the rest of the topology and be sure to create a DHCP server on the router connected to APIC-EM so that the interfaces on the APIC-EM can be auto-configured:

ip dhcp pool local
 default-router #ip address of this router
 lease 31

If you have connectivy issues login to the APIC-EM in VirtualBox as root – use the password you configured in the setup.
Run the command to configure DHCP on the network cards:

root@grapevine-root-1:~# dhclient eth1
RTNETLINK answers: File exists
root@grapevine-root-1:~# ip addr flush dev eth1 #this will remove old address
root@grapevine-root-1:~# dhclient eth1
root@grapevine-root-1:~# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 08:00:27:da:a0:3f
 inet addr: Bcast: Mask:
 RX packets:247 errors:0 dropped:3 overruns:0 frame:0
 TX packets:906 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:31180 (31.1 KB) TX bytes:47184 (47.1 KB)

Test connectivity. Please note that for your APIC-EM to work it needs to be able to reach the rest of the network. To do this I configured OSPF on each device.
Here is a list of the minimum config:

  1. Enable password
  2. ssh enabled
  3. routing protocol
  4. snmp configuration

Lets go through each:
muhrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
muhrouter(config)#enable ?
algorithm-type Algorithm to use for hashing the plaintext ‘enable’ secret
password Assign the privileged level password (MAX of 25 characters)
secret Assign the privileged level secret (MAX of 25 characters)
muhrouter(config)#enable se
muhrouter(config)#enable secret cisco

muhrouter(config)#ip domain-name
muhrouter(config)#crypto key generate rsa
% You already have RSA keys defined named
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 4096 for your
 General Purpose Keys. Choosing a key modulus greater than 512 may take
 a few minutes.
How many bits in the modulus [512]: 20
*Mar 10 11:49:25.639: %SSH-5-DISABLED: SSH 1.99 has been disabled
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 3 seconds)
*Mar 10 11:49:30.479: %SSH-5-ENABLED: SSH 1.99 has been enabled
muhrouter(config)#line vty 0 4
muhrouter(config-line)#login local
muhrouter(config-line)#transport input ssh
muhrouter(config-line)#username admin secret cisco
*Mar 10 11:49:59.410: %SYS-5-CONFIG_I: Configured from console by console
muhrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
muhrouter(config)#hostname propah


router ospf 1
 network area 0
 network area 0
 network area 0
 network area 0
 network area 0
 network area 0
propah#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface 1 FULL/DROTHER 00:00:35 Ethernet0/2 1 FULL/DR 00:00:33 Ethernet0/2 1 FULL/DR 00:00:34 Ethernet0/2.100 1 FULL/DR 00:00:39 Ethernet0/1

After all this you should be able to login into the Cisco APIC-EM controller webpage with your preconfigured credentials:
Ignore certificate warning.
Wait for all services to start (takes about 45min):
That’s it! Now you can start doing some stuff.

Leave a comment

Your email address will not be published. Required fields are marked *