Download pdf - Using GNS3 With VMs on MacOSX Lion

8/10/2019 Using GNS3 With VMs on MacOSX Lion

1/26

Getting GNS3 to work on Mac OS X 10.7 Lion withParallels Desktop 7 or VirtualBox 4.1.2 Johan HavermansSeptember 22 2011 (version 201110oct24 _22 DRAFT )

Getting GNS 3 to work at on your Mac is pretty straightforward. Down-load the GNS 3 package for OS X and run. But if you want to connecta GNS3 virtual network to one or more Virtual Machine(s) running ei-ther in Parallels Desktop, VirtualBox of VMware 1 things get a bit uglier 1 I only tested my solution with Paral-

lels Desktop 7 and VirtualBox 4.1.2and complicated, but it is possible. Since I prefer to document whatI do and my current document system is Mac only, I really wantedGNS3 to work on Mac OS X.In this note I try to give a brief description of what I did to make thishappen on Mac OS X 10.7 Lion. You will see how to: ...it took me about three weeks to gure

it all out and I did not nd informationon the web about how to run GNS 3 onMac OS X 10.7 Lion, hence I made thisnote.

. install a (tap)driver that allows the creation of virtual network cardson OS X Lion,

. run GNS 3 on Mac OS X Lion so it can dynamically create virtualnetwork cards,

. connect virtual machines running in Parallels Desktop 7 or Virtual-Box 4 to your virtualized network,

. install a protocol analyzer called Wireshark that you can use on yourMac and in your virtualized GNS 3 network,

. connect your virtualized network to a real network including theinternet and make your virtualized network accessible from yourMac and vice versa.

Who am I and why do I need this stuff?

I am a second year Telecom student at ACE Group T University Col-lege at Leuven, Belgium. We use GNS 3 to sniff with a protocol ana-

lyzer what is going over the line and what is not from a security andnetwork design point of view. Next to this we use it 2 also for the Cisco 2 along with Ciscos Packet TracerCCNA track that is partly embedded in this program.

Copyright notice

You may freely distribute, use and modify this note as long as youmention my name when you refer or use this note in one piece or useparts of this note.

You may freely distribute, use and modify my scripts that are men-tioned in this note as long as you mention my name when you refer oruse it as a whole or use parts of it.

If you modify the scripts and you think others can also be helpedwith your modications, please notify me so I can update the scripts.

Can you please give me your MS Word copy of this document?

No. This is article is created in TeXShop- 64 and typeset in LATEX usingthe Tufte handout style from the MacTeX 2011 LATEX distribution forMac.


2/26

getting gns3 to work on mac os x 10 .7 lion with parallels desktop 7 or virtualbox 4 .1 .2 2

For the impatient

GNS3 for Mac can be downloaded at http://www.gns3.net/downloadand runs just ne on itself.If however you want to connect your virtualized network in GNS 3 toone or more virtual machines you need to:

Run GNS3 with root privileges To let GNS3 communicate with thingsoutside its virtual network, we have to nd a way to run GNS 3with root privileges.

Use TAP nic driver that comes with Tunnelblick We will use virtualnetwork cards that emulate a nic 3 at OSI layer 3 (IP) and allows 3 nic = network interface card or net-

work adaptorus to connect the GNS 3 network to a foreign object say a VirtualMachine running in Parallels Desktop or VirtualBox.

Bridge the nic of your VM with the TAP nic We then bridge the nic of the VM 4 with our TAP nic and are able to connect our VM to the 4 VM = virtual machine

GNS3 network.

If you want to connect the GNS 3 virtual network to your real net-work you need to:

Setup up and congure IP forwarding on your Mac To let our virtualnetwork be able to communicate with the internet, we need to turnour Mac into a router by enabling IP forwarding in OS X.

Let the TAP nic tap0 be the gateway between the real network and thevirtual GNS 3 network and give tap0 an IP address.

If you want to be able to sniff with a protocol analyzer what is goingover your real of virtualized network:

Install Wireshark, an open source protocol analyzer,

Make sure GNS 3 knows where to nd Wireshark and start snifng.

Be sure to check out:

how to save a GNS 3 project with router congurations (if any),

how my three scripts might help you getting things mentioned onthis page up and running.
http://www.gns3.net/downloadhttp://www.gns3.net/download


3/26


Contents

Who am I and why do I need this stuff? 1Copyright notice 1Can you please give me your MS Word copy of this document? 1

For the impatient 2Step 1: Install the tun-tap drivers 5

Why use Tunnelblick? 5

Step 2: Install GNS3 for Mac OS X 5Step 3: Download my scripts to launch GNS3 5

Make the scripts executable 6

Step 4: Install Wireshark 7Step 5: Make sure the preferences are set right in GNS3 7

Activate the Cisco IOS images 8Step 6: Make a project in GNS3 - Launch GNS3 via the 1gns.sh script 9

Picking the right components 10Conguring the PCs 11Do I have to create the tap nics /dev/tap1 or 2 rst? 12Congure the router(hardware) 12Connect the nodes to each other 13

Step 7: Congure the router: dening the subnets 13Step 8: Connecting the VMs to the virtualized network 14Step 9: tap0 up - Connecting the virtualized network to your LAN 16

Check your conguration 19

Starting and shutting down GNS 3 with VMs 19In general: when to use what script? 20

The "GNS3 didnt save my router cong" issue... 21Be smart and verify 21 How to open and save next time? 21

Setting the IDLE PC parameter 21

Why Parallels Desktop for Mac? 22Optional: Your Windows Guest OS - some tricks 23

Use Coherence (Parallels) Seamless Mode (VirtualBox) 23To whom belongs this command line window? - t.bat 23Logging on and shutting down windows guest OSes 23


4/26


My batch le suite - simple batch les to do simple repetitive things 24

Do I have to turn off my rewall in Lion to run GNS3? 24

Help! some of my labels disappear in GNS 24

HOWTO snifng on your virtual network with Wireshark 25

Used sources 26

Software 26


5/26


Step 1: Install the tun-tap drivers

We use the tap kernel extension driver that comes with Tunnel- blick. Download Tunnelblick from http://code.google.com/p/tunnelblick/ . Drag the application to your /Applications folderand double click on it to launch it so it will install some stuff. Thetuntap drivers are provided as a kernel extension that we will loadvia a bash script ( 1gns.sh ) later.

Why use Tunnelblick?

Tun-tap consists of two separate drivers (kernel extensions) thatprovide two types of virtual network interface cards:

a tun driver - emulates a nic on OSI layer 2 (ethernet),

a tap driver - emulates a nic on OSI layer 3 (IP).

OS X does not come with tuntap drivers as LINUX does, so we haveto install them ourselves. If you Google a bit, you probably ndhttp://tuntaposx.sourceforge.net/ . The only problem is that thisdriver does not seem to work well on Mac OS X 10 .7 Lion.

Tunnelblick, an openVPN GUI client for Mac uses tun-tap too, and Q How many tap nics can you create?A 10: tap0 to tap9 .at the time of writing, it uses its own Lion compatible tun-tap driver.

In this note, we will only use the tap driver.

Step 2: Install GNS3 for Mac OS X

Download GNS 3 from http://www.gns3.net/download . Luckily, we

can download a binary package that will work on Mac OS X Lion.I downloaded the GNS3 v0.7.4 DMG package . Although the folks atGNS.net mention that this 0.7.4 version is an experimental version forMac, it does run stable enough to be useful on Mac OS X Lion.

Step 3: Download my scripts to launch GNS3

Download my scripts from http://dl.dropbox.com/u/9671505/GNSonMacOSXLion/GNS3onMacOSXLionScrips.zip . When you unzip I rst used the bridge.sh script from

the guy behind DefaultrouteUK who isa CCIE but decided later to split it up inthree parts and change a few things.

the package, you will nd three les:

1 gns.sh to load the tap kernel extension driver, modify some permis-sions to let DynaMIPS run with root privileges and launch GNS 3with root privileges 5. 5 GNS3 needs to run with root privi-

leges to be able to create the virtual tapnics dynamically in Mac OS X.2 tapup.sh to bring the tap nics 0 true 2 up.

A few notes I have to make here:
http://code.google.com/p/tunnelblick/http://code.google.com/p/tunnelblick/http://code.google.com/p/tunnelblick/http://tuntaposx.sourceforge.net/http://tuntaposx.sourceforge.net/http://www.gns3.net/downloadhttp://www.gns3.net/downloadhttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/GNS3onMacOSXLionScrips.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/GNS3onMacOSXLionScrips.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/GNS3onMacOSXLionScrips.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/GNS3onMacOSXLionScrips.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/GNS3onMacOSXLionScrips.ziphttp://www.gns3.net/downloadhttp://tuntaposx.sourceforge.net/http://code.google.com/p/tunnelblick/http://code.google.com/p/tunnelblick/


6/26


1. This script is only needed for those who use Parallels Desktop.VirtualBox automatically ups a tap nic that is connected to aVirtualBox VM . Parallels Desktop doesnt. I dont know whatVMware Fusion 4 does.

2. Only if you use tap nics in your project, GNS 3 will create them.

When you close your project, your dynamically created tap nicswill also be gone in OS X, hence I made a separate script to bring them up.

3ConnectV 2 R.sh This6 is an optional script that makes your virtual- 6 It might be worth mentioning herethat this script turns your Mac into arouter by enabling IP forwarding.

Every modication to this script doeswill be gone when you reboot yourMac.

ized network accessible from your real network (LAN) and viceversa. Your virtualized network runs just ne in itself without thisscript.

It might be important to know that the script assumes that youconnect your virtualized network to a real network via a tap0 nicand that this tap0 interface has an IP address of 10 .1.1.1/ 24 . Thisscript will setup IP forwarding between this tap0 nic and yourcabled ethernet nic ( en0 )7 of your Mac to reach your LAN. If you 7 en0 has in my case a xed IP address:

10.10.10.10are using your wireless nic ( en1 ) and use DHCP instead (withoutpermanent reservation) or a xed IP address, you have to modifythis script.

Please allow me to mention a few things about my scripts.

. My scripts are "stupid" scripts. They dont do error checking. Asa result you really need to understand what they do and foremostwhat to expect and what not.

. Although the scripts work, they depend on the design of yourvirtualized network. If you choose not to use tap0 to connect toyour real network, dont want to use 10 .1.1.1, use something elsethan two virtual machines that connect to your virtualized network,you rst have to edit the scripts.

. The order in which you launch the scripts is important as you willsee in a few moments, but please feel free to rename the scripts asyou like. Especially script 2 and 3 depend on the design of yournetwork, so you might need to create one based of the design of each of your virtualized network projects. Just dont change thedigit each script starts with, since the order in which you start them

does count.

Make the scripts executable

Open Terminal.app and go to the directory where the three scriptsreside. Execute the commands below in Terminal.app line by line:


7/26


sudo chmod u+x 1gns.sh

sudo chmod u+x 2tapup.sh

sudo chmod u+x 3connectv2r.sh

For more information on when to use what script, go to sectionStarting and shutting down GNS 3 with VMs on page 19 applied to theexample used in this article or section In general: when to use whatscript? on page 20 on when to use them in general.

Step 4: Install Wireshark

If you want to sniff what is going over the lines in your virtual net-work and beyond, you need a protocol analyzer. I use Wiresharkhere since it also runs on Mac OS X Lion and also can be called fromwithin GNS 3. Go to http://www.wireshark.org and download Wire- To start snifng using Wireshark in

GNS3, just right click on a wire in yourvirtualized network and select capture.

shark for Mac. At the time of writing the latest version of Wiresharkis 1.6.2. The version for Mac is mentioned as "OS X 10 .6 (Snow Leop-ard) Intel 64-bit.dmg". Dont worry and continue downloading. Thisversion runs just ne on Mac OS X 10 .7 Lion.

We need to check a few settings in GNS 3 to make sure GNS 3 cannd Wireshark. We will check these settings in the next step.

Step 5: Make sure the preferences are set right in GNS3

Go to the /Applications folder and start GNS 3.

Figure 1: When GNS 3 is launched, itwill display the new project window bydefault.

Click on Cancel in the New Project Window to dismiss it. Beforewe can build networks with GNS 3, we need to change a few pref-erences in GNS 3. Click in menu [ GNS3] on [Preferences ] to open the
http://www.wireshark.org/http://www.wireshark.org/


8/26


9/26


Figure 2: You need to tell GNS 3 whatIOS image it must use on a per routerseries base.

Image le Enter the path and le name of the IOS image you want touse. Click on the [. . .] if you want to use the Finder to pinpoint thele.

IDLE PC You set this parameter later on a per router series base.See section Setting the IDLE PC parameter at page 21 .

(Optionally) Base cong If you are tired of each time setting the pass-words, no dns-lookup and that sort of things, you can provide atext le here where this is lled in already for this router series.

Other parameters will be lled in automatically.

Step 6: Make a project in GNS3 - Launch GNS3 via the 1gns.shscript

Open Terminal.app , go to the directory where the 1gns.sh scriptresides and type at the prompt:

sudo ./1gns.sh

It is a prerequisite to run this script with sudo in order to let thescript run with root privileges. GNS 3 will be launched with a NewProject window popping up. As an example I will use the networkscheme that is given in gure 3 on page 10. In this lab, I use a series3600 router 11 . 11 ...because it is the only IOS image I

have.


10/26


Figure 3: Our Lab setup. Two VMs areconnected to the GNS 3 virtual networkthat optionally can connect to the LAN(a real network).

The GNS3 virtual network is con-nected to a real network by setting upIP forwarding between your real net-work adaptor en0 and the virtual TAPnetwork adaptor tap0 .

Picking the right components

To make this lab, just drag a 3600 series router to the workbench andthree clouds (the two PCs are also clouds).


11/26


Figure 4: The main components in ourlab setup: three cloud objects and aseries 3600 router.

Conguring the PCs

Changing the cloud symbol

1. Right click on a cloud that will act as a PC and select from thesubmenu [ Change Symbol ].

2. From the symbol list that pops up choose the Server icon.

3. Click on [Apply ] and then [ OK].

Figure 5: Change the symbol of a cloudobject.

Assign a virtual nic to the cloud

1. Right click on the server C 2 and select from the submenu [ Configure ].

2. In de Node Congurator window, select C 2 under Clouds, go totab [NIO TAP].

3. Type the line below/dev/tap1

so what you have is identical to what is shown in gure 6.

4. Click on [Add], [Apply ] and [OK] to close this window.

Repeat this for the other cloud C 1.

changing the hostname

1. Change the hostname by selecting server C 2 and then right clickon it.


12/26


Figure 6: Assign a virtual TAP nic to acloud object.

2. Select from the submenu [ Change hostname ] to whatever you

choose, but for this example Leuven .3. Click on [OK] when you are done.

Do repeat this for cloud C 1 and use a tap nic /dev/tap2 and host-name Gent . For cloud C 3 you use a tap nic /dev/tap0 . Cloud C 3 will be our connection to a real network.

Do I have to create the tap nics /dev/tap1 or 2 rst?

No 12 , you dont. 12 Attention: Your current assigned tapinterfaces will change when you adda new tap nic. Be warned and check

the assigned nic to your virtual PCs inParallels Desktop of VirtualBox.

It is very important here to understand that if you do an ifconfig

on your Mac right now, the tap nics does not exists.It is up to GNS 3 to create the tap nics when you start connectingthe nodes or when you load an existing project with connectednodes in GNS3. If you see an error 206 in the console section of GNS3, this means that GNS 3 was unable to create the tap nics. Thecause of this can be:

typos, or

you didnt launch GNS 3 with our script 1gns.sh , or

you didnt launch our script with root privileges ( sudo 1gns.sh ).

Congure the router(hardware)

1. Right click on the router and select [ Configure ] from the sub-menu.

2. Select R1 in the left column and click on tab [ Slots ].


13/26


3. For slot 1, choose [NM- 4E] which is a 4 port ethernet slot.

4. Click on [Add], [Apply ] and [OK] to close this window.

Connect the nodes to each other

Figure 7: Change the symbol of a cloudobject.

Look at gure 7 on the right. It might be a good habit to alwaysenable the rst two buttons. They show the hostnames on yourGNS3 workbench along the objects and also the wiring points.The third button allows us to wire the nodes. Choose [ Manual ] or[FastEthernet ] from this menu. When wiring mode is active, thesymbol will change into a white x-sign with a red background. Clickon this x-symbol to exit wiring mode.

Connecting the nodes Just click on a cloud or router object todisplay the possible connection point of your choice as shown ingure 8. In the same way, connect Leuven, Gent and cloud C 3 to

router R 1. If you get the Error 206 unable to create TAP NIO, seesection Do I have to create the tap nics /dev/tap1 or 2 rst? on page 12 .

When you open Terminal.app and do an ifconfig in OS X, you willsee the tap nics 0, 1 and 2 listed among the known nics in OS X.

Figure 8: Start wiring a node by click-ing on a node.

Step 7: Congure the router: dening the subnets

So lets start our virtualized network now by clicking on the green[Play] button in the menu bar of GNS 3 or by right clicking on therouter and click on the same icon in the submenu.

To show the console, right click on the router and select [console]from the submenu.Enter global conguration mode of the router:

>ena

R1#conf t

Give interface e 1/ 0 an IP address and bring it up:

>ena

R1#conf t

R1(config)#int e1/0

R1(config)#ip address 10.1.1.254 255.255.255.0

R1(config)#no shut

Ditto for interface e 1/ 1:

R1(config)#int e1/1


R1(config)#no shut


14/26


Ditto for interface e 1/ 2:

R1(config)#int e1/2


R1(config)#no shut

Exit the global conguration mode, write conguration to ash andlast, exit privileged mode.

R1(config)#end

R1#wr mem

R1#exit

R1>

Step 8: Connecting the VMs to the virtualized network

Now that our virtualized network is running, it is time to connect

our virtual machines to it. In this article, I use Parallels Desktop 7, but you can also use VirtualBox or VMwares Fusion if that is whatyou prefer. The basic idea is that you let the VM use a tap nic that iscreated 13 by GNS3. 13 So if you wonder how to start your

virtualized network and VMs, here isyour answer.

rst start the virtualized network inGNS3 so GNS3 will create the tap nics,then start the virtual machines.

Refer to gure 9 on page 15 .

1. If you are using Parallels Desktop, you rst have to bring the tapnics up by running my second script with root privileges.

Open Terminal.app , go to the directory where the 2tapup.shscript resides and type at the prompt:

sudo ./2tapup.sh

It is a prerequisite to run this script with sudo in order to let thescript run with root privileges.

2. Go to the Virtual Machines list in Parallels Desktop,

3. Right click on the VM that you want to connect to the GNS 3 net-work and choose [ Configure ].

4. Click on the tab [ Hardware ] and then [ Network 1 ] and choose theappropriate tap nic under Bridged Network .

5. Close the conguration panel.

According to our topology as shown in gure 3 on page 10 we useuse tap1 to connect VM Leuven and tap2 to connect VM Gent to theGNS3 virtual network.

G ive the VM an IP address Look at the network topology in gure3 on page 10 to clarify the assigned IPnumbers.


15/26


Figure 9: Assign a virtual tap nic to aVirtual Machine. Here we used a VM inParallels Desktop 7.

1. Start the network and the virtual machine. We use here twoMicrosoft Windows 2008 R2 servers. Look at section Starting andshutting down GNS 3 with VMs on page 19 how to do this prop-erly.

2. Be sure you rst install:

Parallels Tools in your guest OS when you use Parallels Desk-top, or

VirtualBox additions in your guest OS when you use Virtual-Box.

3. Login as administrator

4. In the guest operating system we will assign an IP address to thedefault network card. Here I do this via the command prompt butyou can also do this the GUI-way via Control Panel.

5. Open the command prompt [ Start/cmd ]

6. For Server Leuven, copy and paste this line in the commandprompt and execute.

netsh interface ip set address name="Local Area Connection" static 10.20.20.100 255.255.255.0 10.20.20.254 1

Where 10 .20 .20 .100 is the assigned IP address, 255 .255 .255 .0 thesubnet mask and 10 .20.20 .254 the gateway of the 10 .20 .20 .0/ 24network.

7. For Server Leuven, copy and paste this line in the commandprompt and execute.

netsh interface ip set address name="Local Area Connection" static 10.40.40.100 255.255.255.0 10.40.40.254 1


16/26


Test IP connectivity To test if the virtual machine is connected,ping from within the virtual machine to the default nic, the defaultgateway, the other server. If this does not work, restart your virtualmachine and try again 14 . Do the same tests from the router: ping 14 If it still does not work and you use

Parallels Desktop, check if you up-edyour tap nics via my script 2tapup.sh .

See for more information the beginningof this section Step 8: Connecting theVMs to the virtualized network on page14.

an interface and ping the IP address of the virtual machine on that

subnet.

Step 9: tap0 up - Connecting the virtualized network to your LAN

So far we have our virtual network up and running and have twovirtual machines connected to it. What if we want to connect thisvirtual network to our LAN or beyond that: the internet? Of course,this can be done, but it is optional. Our virtualized network runs just ne in itself with the two virtual machines connected to it. Forreasons of convenience, lets put our topology map here.

Figure 10: Our network topologyends at tap0 that has an IP address10.1.1.1/ 24 where it will meet our realnetwork that resides on the en0 ethernetnetwork interface ( 10.10.10.10/ 24) of our Mac.

Talking from en0 to the real networkis default behaviour of a properlycongured TCP/IP client.

Talking from en0 and the virtualizednetwork behind tap0 and vice versawill be made possible by enabling IPforwarding in OS X. In other words: by enabling IP forwarding in OS X, weturn our Mac into a router.


17/26


To connect our virtualized network to a real network we need to dotwo things:

turn our Mac into a router by enabling IP forwarding in OS X,

add some parameters to our virtual router R 1 in GNS3.

Lets start with enabling IP forwarding in OS X.

Enabling IP forwarding on OS X: turn OS X into a routerEnabling IP forwarding in OS X and add a routing rule to forwardpackets between our real network interface card en0 and our virtualnetwork interface tap0 and vice versa is exactly what my third script3connectV2R.sh does with a few assumptions:

Applicable variable(s) in 3connectV2R.sh

1. You use you ethernet nic en0 and not something else such as yourWi nic en1 to connect to your LAN (read: your real network).

MY_REAL_IF

2. en0 has a xed IP address or permanently reserved IP address

10 .10.10.10/ 24 .MY_REAL_NIC_IP

3. The tap nic that will act as a gateway for your virtualized network is

tap0 .MY_VIRTUAL_TO_REAL_GW_TAP_NIC

4.Your tap0 will be assigned (by this script) the IP address 10 .1.1.1/ 24. MY_VIRTUAL_TO_REAL_GW_TAP_NIC_IP,

MY_VIRTUAL_TO_REAL_GW_TAP_NIC_SM

If your situation is different, you need to edit the appropriate vari-ables of my script via vi, textedit.app or whatever you prefer.


18/26


When you nished editing the 3connectV2R.sh script

Open Terminal.app , go to the directory where the 3connectV2R.shscript resides and type at the prompt:

sudo ./3connectV2R.sh

It is a prerequisite to run this script with sudo in order to let thescript run with root privileges.

It is important to note here that everything script 3connectV2R.shchanges on your Mac is not permanent. In other words: Lion forgets itwas congured as a router each time you reboot your Mac.

Thus, you have to run this script again after each reboot when youneed it for a virtualized network.

For the correct order in which you have to do this, refer to sectionStarting and shutting down GNS3 with VMs on page 19.

Add some parameters to our virtual router R1 in GNS 3Now that OS X act as a router for routing packets between our LANand our virtualized network (and vice versa), we need to modify theconguration of our virtualized router R 1 to make use of this and usetap0 (10 .1.1.1) as a gateway for packets unknown to our virtualizedrouter R 1.

R1>ena

R1#conf t

R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

R1(config)#end

R1#wr mem

If you also want to make use of a DNS server on the internet on Be sure to also change your DNS serversettings in each of your VM Guest OS.For your Leuven server, the DNS serverwould be 10.20.20.254 and for yourGent server this would be 10.40.40.254.

your virtualized network, you can add this to the conguration of R 1.

R1>ena

R1#conf t

R1(config)#ip dns server

R1(config)#ip name-server 10.10.10.254

R1(config)#end

R1#wr mem

where IP address 10 .10 .10 .254 is the network interface of my real

router on the 10 .10 .10 .0/ 24 network (my LAN) that connects meto the internet. Of course, you can also change this value to the IPaddress of the DNS server of your ISP.


19/26


Check your conguration

Can R1 reach tap0 and en0?From router R 1 do a ping to 10 .1.1.1 (your tap0 nic) and 10 .10.10.10(your real en0 nic). If both are successful you can reach the real nic of your Mac.

Can R1 reach your gateway on your real network ?Now try to ping your real router on the 10 .10 .10 .0/ 24 network, in mycase 10.10.10.254 . If successful, you can reach your real network.

Check dns resolving from R1From R1, try to do a ping to www.google.com.

Check if you can reach R1 from OS XOpen Terminal.app and do a ping to 10 .1.1.254 . If successful, you canreach your virtual network from your Mac. This might be useful if you decide to put a RAS server in your virtual network for authoriz-ing clients that want access to your virtualized network. The client(s)who want to access your virtual network simply run in ParallelsDesktop of VirtualBox that uses a nic bridged to your real networkcard of your Mac. From this client point of view, they are outsideyour virtualized network.

Where all checks successful ?If so your virtualized network is accessible from your Mac and toother clients on your LAN your Mac is connected to and vice versa.

Starting and shutting down GNS 3 with VMs

Starting up a virtualized network with VMs

1. Start GNS3 with our script sudo 1gns.sh ,

2. Open your created topology.net project in GNS 3,

3. Start the virtualized network,

4. Bring the tap network interfaces up with our script sudo 2tapup.sh5. Start the virtual machines who are connected to this virtual net-

work.

6. If you want to connect your virtualized network to your LANmake it happen by executing our third script sudo 3connectv2r.sh .


20/26


Shutting down a virtualized network with VMs

1. Shutdown the virtual machines who are connected to this virtualnetwork one by one.

2. For each router in the virtualized network

(a) Open the console

(b) ena

(c) wr mem

(d) exit

3. Stop the virtualized network,

4. Save the network topology in GNS 3 via [File]/[Save] .

5. Close your project or GNS 3. As a result your dynamically createdtap network interfaces will also be discarded.

In general: when to use what script?

Always start each of my three scripts with sudo .A standard workow is:

1. Open Terminal.app and go to the directory where the scriptsreside.

2. sudo 1gns.sh for starting GNS 3 in the proper way.

3. In GNS3 open an existing network or start designing a new one.

If you want to connect your virtualized network to a real net-work use a cloud object in GNS 3 with nio_tap nic /dev/tap0 .This tap0 nic will be given IP address 10 .1.1.1/ 24 so give yourGNS3 router interface an IP address also in this 10 .1.1.0/ 24range for instance 10 .1.1.254 / 24 . If you want to do differently,modify script number 3 accordingly.

If you want to connect a virtual machine to your virtual net-work, use nic tap1 or nic tap2 for this. If you need more virtualmachines connected to your network, you have to modify scriptnumber 2 accordingly.

4. Each time you load a project in GNS 3 that is using tap nics, youneed to execute script number 2 AFTER you loaded the project.

5. If this project also need to be connected to a real network, you alsoneed to execute script number 3 AFTER you loaded the project.


21/26


The "GNS3 didnt save my router cong" issue...

GNS3 seems not always do what you expect it to do when it comesto saving your created project and router congurations. Follow thesteps below for saving your project with the conguration of yourrouter(s).

Start GNS 3 with the 1gns.sh script (sudo 1gns.sh) .

At the New Project window, click [ Cancel ].

Make your network and add your routers.

Start your routers (by clicking on the green triangle (Play) buttonin the GNS 3 menu bar) and congure them. Save each routerconguration with wr mem. When you are done conguring,

Stop your routers (by clicking on the red square (stop) button inthe GNS 3 menu bar).

In GNS 3 click on File/Save project as

Project Name: projects/YourProject

Save nvrams and virtual hard drives =

Save IOS startup congurations =

Done!15 15 One important note here might bethat nodes that are not connectedwill be saved in your topology butinformation about unconnected nics of your nodes will be discarded.

Be smart and verify

As a check you can go to the projects folder and see if a folder withyour project name exists. It should at least contain:

a subfolder called configs - it should contain the conguration of eachrouter in your virtualized network.

a le called topology.net - your virtualized network (without therouter conguration).

How to open and save next time?

Next time, you can just open the project in a regular way and save itall by clicking in the GNS 3 menu on [File]/[Save] .

Setting the IDLE PC parameter

Each emulated Cisco router consumes about 100% CPU power. Set-ting the IDLE PC parameter helps us to lower this signicantly. Todetermine the IDLE PC parameter, you need to follow a few simplesteps.


22/26


1. In GNS3, Start a new project,

2. Drag a router on the white surface,

3. Start the router by clicking of the green triangle (Play) button inthe GNS 3 button bar.

4. Right click on the router and select [ console ]. You will see some-thing as shown in gure 11 .

Click no to leave the initial setup and

Press ENTER to get started until you see the Router> prompt andleave the router console open.

Figure 11 : Text (or something similar)shown in terminal window.

Go back to your GNS 3 workbench and right click on the routerand select [ Idle PC ] in the submenu. A window with the GNS logopops up with the OS X beach ball circling. No worries. Just wait.Open Activity monitor.app and make sure you see the CPU usagein activity monitor (Activity monitor menu bar [Window]/[CPU usage] ).

In the IDLE PC values window click on a value an click on [ Apply ].Now watch closely if your CPU usage drops signicantly. If not, pickanother value and click again on [ Apply ]. If you are satised, click on

OK to close the Idle PC window. As a result, this value is lled in inthe IDLE PC eld for this router in the IOS images and Hypervisorwindow discussed in section Activate the Cisco IOS images on page 8.

Why Parallels Desktop for Mac?

I guess the answer on this one is personal. At the time of writing,Parallels Desktop 7 is the fastest virtual machine software for theMac compared with VMwares Fusion 4.0, and VirtualBox 4.1.2.VirtualBox comes very close to the speed of Parallels.

Next to speed, Parallels has a feature that I use a lot: Undo Disks 16 . 16 ...but you have to enable this featureon a per VM base. Just right click ona VM, choose [ Configure ] and in the[Security ] tab you see Undo Disks (askme what to do)

It basically gives me the freedom to do whatever I want in a VM andwhen I shut it down Parallels, asks me if I want to save the latest ad- justments or if I want to get rid of it. This feature is great for testingsoftware or features!

Next to this feature and my being a bit lazy, I like the feature todrag n drop les from my Mac to my VM in Parallels 17 . I dont use a 17 Works great with Windows, dont

know about LINUX.)


23/26


mouse but use a Wacom tablet instead. Using a Wacom tablet seems just to work more natural in Parallels than in VirtualBox and doesnot work at al in VMwares Fusion 418 . 18 This was tested in Fusion 4.0 on the

day it came out.

Optional: Your Windows Guest OS - some tricks

Use Coherence (Parallels) Seamless Mode (VirtualBox)

When you have more than one virtual OS running on your Mac,things can become a bit crowd. A simple trick might be to run yourGuest OS in Seamless mode (VirtualBox) or Coherence (Parallels).In this mode, you dont see the background and desktop of yourguest OS but only the windows of the applications that run on top of the desktop. Most of the time I have a command line window openand and mmc window. To enable this mode when the guest OS isrunning, click in the VirtualBox menu on View and then SeamlessMode. In Parallels, click on Enter Coherence in the View menu of Parallels when the guest OS is running.

To whom belongs this command line window? - t.bat

If your running in Coherence mode or Seamless Mode, and you have I added the command prompt shortcutto the startup items so the commandprompt is opened automatically atlogin.

To distinguish client and servercommand prompt, I gave each categoryits own color Servers:

front R:200 G:100 B:0

back R:40 G:0 B:0

Clients:

front R:85 G:36 B:34

back R:221 G:218 B:196

more than one command line window open, how do you know towhich guest OS it belongs to? I made a small and simple batch le(for English Windows 7 and Windows 2008 R2 Server) to customizethe title of a command line window with the name of the host, itsIPv4 and IPv 6 address. Look at section My batch le suite - simple batch les to do simple repetitive things on page 24 where to obtain.

Logging on and shutting down windows guest OSes

Autologon For Windows systems that run on my virtual net-work, it annoys me that I have to press ctrl-alt-delete each time tologon. There is a simple utility from sysinternals to enable autolo-gon. You can download at http://technet.microsoft.com/en-us/sysinternals/bb963905 .

A faster way to shutdown - s .bat For my test machines, I dont

need to have a detailed shutdown eventlog, they just need to shut-down when I want them to and do it fast. I wrote a simple batch lefor it called s.bat 19 . Put it in your home directory (you need admin 19 Look at section My batch le suite -

simple batch les to do simple repetitivethings on page 24 where to download.

privileges to run this script). Run it when you want to shutdownyour windows guest OS. It runs on Windows 7 and Windows 2008R2. ...and other widows avors probably

too.
http://technet.microsoft.com/en-us/sysinternals/bb963905http://technet.microsoft.com/en-us/sysinternals/bb963905http://technet.microsoft.com/en-us/sysinternals/bb963905http://technet.microsoft.com/en-us/sysinternals/bb963905http://technet.microsoft.com/en-us/sysinternals/bb963905


24/26


My batch le suite - simple batch les to do simple repetitive things

When testing things in a virtual environment with virtual machines,you propbaly do a lot of shutdowns, restarts and other kind of stuff.I made a few batch that might make your your (windows) live a biteasier. This is what they do.

t.bat Show to what machine a command prompt window belong to(Vista, 7, 2008 R2)

sm.bat start server manager ( 2008 R2)

r.bat reboot windows computer (Vista, 7, 2008 R2)

s.bat shutdown windows computer (Vista, 7, 2008 R2)

You can obtain them from http://dl.dropbox.com/u/9671505/GNSonMacOSXLion/MyMatchFiles.zip . Just put them in a directorywhere windows can reach them such as in your directory when youopen a command prompt.

Do I have to turn off my rewall in Lion to run GNS3?

Answer is: it depends. For GNS 3 and the virtualized network that isruns within, you dont need to turn off your rewall. You can evenleave it on if you start snifng with Wireshark on your tap interfaces.

However, if you start snifng on your LAN interface ( en0 of yourMac) or Wi interface ( en1 of your Mac), you might want to turn itoff but only then.

Help! some of my labels disappear in GNS

Dont worry. It happens. Here is what to do.

1. hide your hostnames (In View menu of GNS 3 select: hide host-names)

2. hide your interface labels (In View menu of GNS 3 select: hideinterface labels)

3. reset interface labels (In View menu of GNS 3 select: reset interfacelabels)

Done!
http://dl.dropbox.com/u/9671505/GNSonMacOSXLion/MyMatchFiles.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/MyMatchFiles.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/MyMatchFiles.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/MyMatchFiles.ziphttp://dl.dropbox.com/u/9671505/GNSonMacOSXLion/MyMatchFiles.zip


25/26


HOWTO snifng on your virtual network with Wireshark

Snifng your network is easy when installed Wireshark: In GNS 3,right click on a wire and select Capture from the submenu. Howeverthere might be times GNS 3 gives you a message:

No device available for trafc capture

Dont worry. you can still use your protocol analyzer here, but in-stead of selecting wires in your GNS 3 network, select the appropriatenic in Wireshark directly. So if you want to sniff on a line betweena PC and a switch, go to Wireshark and select the nic of the PC andstart snifng. Problem solved!

Oh, and you can run several Wireshark instances the same time soit is no problem if you sniff at three places at the same time.


26/26


Used sources

Bitsontheline (http://www.bitsontheline.net ) - GNS3 and Virtual-Box Integration Under OS X part 1 , part 2 and part 3 usedas a proof of concept but is a bit outdated on Lion.

defaultrouteUK (http://www.defaultrouteuk.com Watched hisvideo and inspired my scripts on his script to let GNS 3 runwith root privileges, a necessity get rid of the pesky GNS 3 error206 unable to create NIO_TAP device.

Software

Apple Mac OS X 10.7 Lion Of course.

GNS3 for Mac OSX http://www.gns3.net/download GNS3 networkvirtualizer that has the DynaMIPS Cisco hardware emulator embedded

Tunnelblick http://code.google.com/p/tunnelblick/ used for itLion compatible TAP-driver (open source)

Wireshark http://www.wireshark.org/ network protocol analyser(open source)

Oracles VirtualBox http://www.virtualbox.org a very good Opensource Virtualization software for Mac, Windows and LINUX thatas of Version 4.1.2 is compatible with Mac OS X Lion.

Parallels Desktop 7 for Mac http://www.parallels.com 20a commer- 20 Parallels is commercial software. If you are a student, you can buy thissoftware with an educational discountin the Apple store of your country.

cial VM virtualization software for Mac OS X that as of version 7 iscompatible with Lion.
http://www.bitsontheline.net/http://www.bitsontheline.net/certifications/gns3-virtualbox-osx-1/http://www.bitsontheline.net/certifications/gns3-virtualbox-osx-1/http://www.bitsontheline.net/certifications/gns3-virtualbox-osx-2/http://www.bitsontheline.net/http://www.defaultrouteuk.com/http://www.youtube.com/watch?v=hVJ55TVcCdEhttp://www.defaultrouteuk.com/technical/downloads/files/bridge.shhttp://www.gns3.net/downloadhttp://code.google.com/p/tunnelblick/http://www.wireshark.org/http://www.virtualbox.org/http://www.parallels.com/http://www.parallels.com/http://www.virtualbox.org/http://www.wireshark.org/http://code.google.com/p/tunnelblick/http://www.gns3.net/downloadhttp://www.defaultrouteuk.com/technical/downloads/files/bridge.shhttp://www.youtube.com/watch?v=hVJ55TVcCdEhttp://www.defaultrouteuk.com/http://www.bitsontheline.net/http://www.bitsontheline.net/certifications/gns3-virtualbox-osx-2/http://www.bitsontheline.net/certifications/gns3-virtualbox-osx-1/http://www.bitsontheline.net/