Deploy Cisco virtual devices on an on-premise ESXi

Who might be interested?

People creating their own on-premise network lab for educational purpose, either to prepare a certification or to develop a specific skill for your on-job experience.

GNS3 and EVE-NG offers very simple and flexible solutions. However, those products are not covered in this document. The lab will rely on the famous Type 1 hypervisor: VMWare ESXi. By doing so, you will be able to run a production like environment.

Note that some Cisco images are not tested on a Type 2 hypervisor such as VMWare Workstation Player or Oracle VM VirtualBox

Below is the system architecture of the lab:

Logical management diagram

Where to find the Cisco devices images?

Cisco Software Central is a repository where you can download images of Cisco devices such as Cisco Service Router (CSR). You can get “.ova”, “.iso” or “.qcow2” images according to your needs.

This document does not cover how to get access to the images

Bill of Material

To do this lab you will need:

  • A workstation compliant with ESXi OS (compatibility guide)
  • A WiFi network, required to administrate remotely the ESXi vSphere GUI
  • A web client to connect to the ESXi vSphere
  • Cisco CSR images in OVA or ISO format
  • Boot device (USB stick, HDD, …)

Below is a physical diagram:

Physical diagram

ESXi

The first thing to do is to download the ESXi ISO image from the VMWare website. Next create a bootable drive (USB stick, HDD, …) using a formatting utility such as Rufus and the downloaded image.

Then plug the boot device into your workstation and install the ESXi. Follow the installation steps using a keyboard and a screen.

Installation stucks to the “Initializing VMKernel”

Check the RAM disposition, especially if it has been upgraded.

Installation stucks to the “Initializing ACPI” step

Disable the UEFI of your workstation

CSR

Connect to the GUI of the ESXi: http://{ESXi_IP}.

I am using DHCP to dynamically assign the ESXi IP. To get the allocated IP address, here are several techniques:

  • Use a screen connected to the ESXi machine → the IP address will be prompted
  • Use a PING all and the ARP protocol → the IP address will be the one associated with the MAC address of your workstation
  • Connect to your ISP router → the IP address will be the one associated with the MAC address of your workstation
Login: root, Password: {your_password}

Select the “Deploy VM from an OVA file” option:

Create VM within the ESXi GUI

To then connect to your freshly installed CSR, you will need to enable SSH server.

To do so, here are the commands:

!--- Step 1: Configure the hostname if you have not previously done so.
hostname CSR

!--- The aaa new-model command causes the local username and password on the router !--- to be used in the absence of other AAA statements.
aaa new-model OR login local
username cisco secret cisco

!--- Step 2: Configure the DNS domain of the router.
ip domain-name rtp.cisco.com

!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2


!--- Step 4: By default the vtys' transport is Telnet. In this case, !--- Telnet is disabled and only SSH is supported.
line vty 0 4
transport input ssh

https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html

Then the CSR and the management laptop need connectivity, so let us configure the interface of the CSR:

CSR> enable
Password:
CSR# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CSR(config)# interface gigabitEthernet 1
CSR(config-if)# ip address 192.168.1.125 255.255.255.0

Check the interface status:

CSR# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1
192.168.1.125 YES NVRAM up up

Try to ping the default gateway:

CSR# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Use an SSH client to connect to your CSR. I am using MobaXTerm which allows to automate tasks at login.

--

--

--

As a spontaneous and passionate engineer, I bring creative people together, in a safe and entertaining environment, to break down the complexity of our IT world

Love podcasts or audiobooks? Learn on the go with our new app.

Useful Git commands that might save your life

Facebook Graph API

Demystifying concurrency using Actors, Let there be Implementation (Part 2)

8 Game-Changing PyCharm Plugins You Absolutely Need

AWS Serverless Progressive Web Apps

How to get the IANA/Olsen time zones for a country in C# .NET Framework

Installing the Components of a Kubernetes Cluster

How to link accounts to your Alexa App?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Xavier VALETTE

Xavier VALETTE

As a spontaneous and passionate engineer, I bring creative people together, in a safe and entertaining environment, to break down the complexity of our IT world

More from Medium

TDengine’s Implementation Across KYE Group: Reduced The Number of Servers From 21 to 3

HTTP Network Request Logging with HTTP Library in FLutter

Logging network request in flutter app.

Pwning the Pwnkit with Confluera

Installing Postgresql In a Ubuntu Server