Oh GNS3! What would I do without you baby?
Ha, GNS3 is like the poor network engineers friend. It’s also a boon to anyone studying for their Cisco certifications such as the CCNA or CCNP. I’ve been a CCNP for several years now and I wish I knew about GNS3. You can actually download a complete GNS3 workbench with built in labs specifically designed to help you earn your CCNA certification.
How crazy is that? There’s literally no need to purchase the physical Cisco hardware.
Back in my day, I used Dynanips (the hardware emulation engine that drives GNS3) but it was an arcane command line interface and no one really knew how to use it.
Today it’s all changed and man – I can tell you – it’s so much easier to setup.
GNS3 is the de-facto tool for testing and learning how network devices interact. You can setup a complete virtual lab using real Cisco IOS images all on virtual hardware.
And do you know what’s the best part?
The devices have no idea that they’re playing in your little sandbox. It’s 100% transparent. In other words, if you configure a layer 3 IP address on a link, the virtual appliance thinks you’re physically setting in a real server room with a physical console cable plugged into its console port.
But it gets even better.
You can actually add real operating systems like Windows XP, Windows 7 or Windows 8.1 and connect them to your virtual routers. Heck, you can even make your Host machine (the machine that GNS3 is installed on) join the party. Then you can setup DHCP servers and hand out IP addresses, you can setup ASA firewalls and play with access lists and even setup an FTP server and sign in a from a client PC while capturing the traffic.
The password will be in plaintext which will make you look like a super genius when you show it to your boss and explain how the organization should scrap the FTP server for SFTP.
Today I just want to show you how to download and install GNS3. In future tutorials we’ll dive into the delicious details but for now let’s start with the basics:
In this guide you’re going to:
- Install GNS3 in Mac OS X Yosemite
- Configure two Cisco routers
- Create a simple point to point link to confirm connectivity
You can use GNS3 to create an isolated network or you can even bridge it to your real physical network using your edge router as NAT/PAT translation device to the real world. It’s so cool because several years ago this wasn’t even possible.
But let me not get ahead of myself. First let’s grab and install GNS3.
GNS3 used to be gns3.net but it recently received a huge infusion of cash which it funneled into making a better product. If you’ve used GNS3 before, you’ll notice the new GNS3 (version 1.x) is faster and generally more pleasant to look at.
The first thing you need to do is signup.
Don’t worry – the guys at GNS3 won’t push you through a bunch of pervasive forms asking for your social security number, the name of your cat and why you broke up with your last girlfriend.
The signup form takes less than a minute to fill out even for slow typers.
Once you join, click Download and slurp down the DMG to your thirsty download folder.
Then just double click the DMG and drop it in your Applications list. (Command + Shift + a)
When you double click GNS3, the File Quarantine feature in your Mac will jump to the foreground, raise his hand and bark at you:
Are you sure you want to run this program? You grabbed it from the turbid waters of the internet! I’m going to compare it against a list of known Malware and then I’ll let you decided.
If you grabbed the installer from mediafire.com or some other sketchy file host like that I would click Cancel; otherwise, click Open. We yanked it directly from GNS3 so we don’t have anything to worry about.
Let’s start a new project and call it “My First Network”
Click OK and get ready to dance.
The first thing we need to do is get the real Cisco IOS images into GNS3. I suggest you setup a TFTP server on your Mac and then console into a real physical router. Then you can use:
to get the IOS flash version and
copy tftp flash <filename>
to upload the image to your Mac. Technically you need a valid Cisco SmartNET contract to download IOS images so you can talk to your boss and tell him what you’re trying to do or just grab a supported Cisco router and get started that way. I’m going to use my favorite: the 3725. (the image name is c3725-adventerprisek9-mz.124-15.T14.bin)
Once you have the file, in GNS3, press Command + , (that’s a comma) and go to IOS routers under Dynanips in the left pane and click the New button in the right pane.
Back in the day, Cisco compressed all the images because flash memory was costly. This made sense but it also means you’ll need to wait for the image to deflate every time you fire up your router. Who has that kind of time? That’s why it’s prudent to click decompress now so you don’t have to wait later.
Click Next through the windows to pick your appliance name, platform, RAM allocations, network adapters and IDLE PC values. You can always change all this stuff later but Control clicking the router and choosing Configure.
Drag out two routers to the main area and then click the Add a link tool in the bottom left corner of the GNS3 window. The button looks like the profile view of a flat console cable with the plastic lip sticking up.
Let’s choose FastEthernet 0/0 for both routers. When you’re done connecting the dots, click the Add a link tool again to deselect it.
The red dots indicate that both interfaces are off. Click the Play button near the top of the window to startup both routers but then right click one and choose Idle-PC from the context menu.
This step is critical.
If you don’t set the Idle-PC value, your routers will eat your CPU down to the very last crumb.
Once you have that, double click each router to open the console windows and press Enter. If you fail to do that your CPU will go through the roof as the emulator waits around for your input.
Once you set the Idle-PC you don’t need to set it again and you don’t need to set it on each router you drag out. It’s a one time thing; however, you’ll need to press Enter in the console window of each connected device every time you start them up.
Double click the router to open the console window and then keep hitting enter until the router prompt appears.
Now we’re ready to rock. By the way, forgetting this mundane “Press enter” step can beat up your CPU.
Now let’s setup a simple point to point link and see if we can ping the other directly connected router. This is the simplest network I could think of. I just want you to get comfortable setting up GN3 so you can use it for bigger projects.
Let’s start with Router 1 (R1):
In the right pane of the window is your Topology Summary.
Before we configure an IP address on each directly connected interface we need to know which interface we’re connected to! That’s where the topology summary pane comes in handy. Expand each router and you’ll see the interface name and its connected peer.
So we can see R1 is connected to R2 via its FastEthernet 0/0 interface.
Alright so let’s dive in the console and configure an IP address on the 10.0.0.1 subnet using a slash 24 mask. In other words, each dotted decimal number in an IP address is actually 8 bits, so the slash 24 bit mask says, “Turn on the first 24 bits so we know the first 3 numbers in the IP Address belongs to the network ID and the last 8 bits belong to the host”.
So R1 is the first host with the name .1 on the 10.0.0 network.
Let’s do it.
config t int fa0/0 ip add 10.0.0.1 255.255.255.0 no shut end
Once we get there, we can type “int fa0/0” which means “Get me into interface fa0/0”.
Then we set the IP address and mask and type “no shut” (short for no shutdown) to bring the interface up.
Now do the same thing for R2 except change the IP to 10.0.0.2.
After you have both interfaces turned up with IP addresses, type:
This will let you see all the layer 2 goodness that happens when we ping the other router.
Alright, are you ready for this?
Oh by the way, if you have Wireshark installed on your Mac, you can right click the interface in the topology summary view and choose Capture. Then you can really see what’s going on.
From R2 ping R1:
And lookie here!
You can actually see ARP going to work. You can see the ARP frame is sourced from 10.0.0.2 with MAC address c202.1e04.000 and the destination is 10.0.0.1 with MAC address 0000.0000.0000.
Why all the zeros?
Because ARP (the Address Resolution Protocol) is saying
Yo! Everyone in the 10.0.0 network listen up. I’ve got to get something to some device with IP address 10.0.0.1. What’s his MAC address?
The 0000.0000.0000 is just the broadcast address; meaning, the ARP request is sent to every host in on the local subnet.
10.0.0.1 sees the ARP request and replies with his MAC c201.1dfe.0000 and the the ping request passes.
It’s kind of hard to see in the output but you may notice a dot followed by four exclamation points near the end of the last ARP debug output. That first dot (.) the period, means the ICMP request failed for the first time.
Because TCP/IP was using ARP to figure out how to find 10.0.0.1. If you’re a little confused about why we need both IP addresses and MAC addresses you should check out the article I published on that.
Anyway, I hope this helped you!