Jan 31
Deploy Cisco virtual devices on an on-premise ESXi
Who might be interested?
People creating their own on-premise network lab for educational purpose, either to prepare a certification or to develop a specific skill for your on-job experience.
GNS3 and EVE-NG offers very simple and flexible solutions. However, those products are not covered in this document. The lab will rely on the famous Type 1 hypervisor: VMWare ESXi. By doing so, you will be able to run a production like environment.
Note that some Cisco images are not tested on a Type 2 hypervisor such as VMWare Workstation Player or Oracle VM VirtualBox
Below is the system architecture of the lab:
Where to find the Cisco devices images?
Cisco Software Central is a repository where you can download images of Cisco devices such as Cisco Service Router (CSR). You can get “.ova”, “.iso” or “.qcow2” images according to your needs.
⚠ This document does not cover how to get access to the images ⚠
Bill of Material
To do this lab you will need:
- A workstation compliant with ESXi OS (compatibility guide)
- A WiFi network, required to administrate remotely the ESXi vSphere GUI
- A web client to connect to the ESXi vSphere
- Cisco CSR images in OVA or ISO format
- Boot device (USB stick, HDD, …)
Below is a physical diagram:
ESXi
Installation
The first thing to do is to download the ESXi ISO image from the VMWare website. Next create a bootable drive (USB stick, HDD, …) using a formatting utility such as Rufus and the downloaded image.
Then plug the boot device into your workstation and install the ESXi. Follow the installation steps using a keyboard and a screen.
Known issues
Installation stucks to the “Initializing VMKernel”
Check the RAM disposition, especially if it has been upgraded.
Installation stucks to the “Initializing ACPI” step
Disable the UEFI of your workstation
CSR
Installation
Connect to the GUI of the ESXi: http://{ESXi_IP}.
I am using DHCP to dynamically assign the ESXi IP. To get the allocated IP address, here are several techniques:
- Use a screen connected to the ESXi machine → the IP address will be prompted
- Use a PING all and the ARP protocol → the IP address will be the one associated with the MAC address of your workstation
- Connect to your ISP router → the IP address will be the one associated with the MAC address of your workstation
Select the “Deploy VM from an OVA file” option:
Configuration
To then connect to your freshly installed CSR, you will need to enable SSH server.
To do so, here are the commands:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname CSR
!--- The aaa new-model command causes the local username and password on the router !--- to be used in the absence of other AAA statements.
aaa new-model OR login local
username cisco secret cisco
!--- Step 2: Configure the DNS domain of the router.
ip domain-name rtp.cisco.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
!--- Step 4: By default the vtys' transport is Telnet. In this case, !--- Telnet is disabled and only SSH is supported.
line vty 0 4
transport input sshhttps://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html
Then the CSR and the management laptop need connectivity, so let us configure the interface of the CSR:
CSR> enable
Password:
CSR# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CSR(config)# interface gigabitEthernet 1
CSR(config-if)# ip address 192.168.1.125 255.255.255.0Check the interface status:
CSR# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 192.168.1.125 YES NVRAM up upTry to ping the default gateway:
CSR# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msUse an SSH client to connect to your CSR. I am using MobaXTerm which allows to automate tasks at login.
