Mac OSX – GNS3 Connecting To the Internet

KB ID 0001170 

Problem

I have a love hate relationship with GNS3, I appreciate it’s brilliant, (when it works). I also appreciate that it’s free, and people put a lot of effort into its development for very little reward. But when I try to do simple things, like connect my projects/labs to the internet and it’s massively overcomplicated I get pretty exasperated.

With Windows this is easy, (I’ve probably blogged about it before), drag a cloud onto the workbench and connect it to a network card, job done! On a Mac however it’s a whole different ball game, as I found out last year when I swapped from Windows to Mac. The documented method of doing this, is to use tun tap interfaces and run GNS3 as root and connect things together. But I cannot get this to work at all.

Kudos and credit for this solution goes to my colleague Steve. When I swapped to Mac he was my ‘go-to-guy’ for ‘how does this work’ and ‘what’s the Mac equivalent of {insert name of software}’ questions. I could not connect my new mac GNS3 labs to the internet, so he gave me a VM that did the hard work for me. Despite my efforts to find a better way of doing this, it remains the easiest, simplest, solution, and works over wireless/wired connections etc.

Solution

Requirements:

  • GNS3 (obviously). I’m using version 1.4.4
  • Virtualbox (This wont work with VMware Fusion unfortunately, I’ve tried). I’m using Version 5.0.16 r105871
  • M0n0firewall (download GW1)

Procedure;

Download the GW1 appliance (link above) and extract the files, then from within Virtualbox >  Machine > Add > Locate the extracted GW1 appliance > Open.

Now in GNS3 > Preferences > Virtualbox > Virtualbox VMs > Add > Add in the GW1 appliance > Edit > Give it TWO network cards > Ensure ‘All GNS3 to use any configured Virtualbox adapter’ is NOT ticked > OK.

Now drag the GW appliance onto your GNS3 work area, and connect to a router (or anything you can configure an IP on). Make sure the appliance is started.

Now back in Virtualbox > Look at the NIC settings for the GW1 appliance, the one connected to GNS3 should say ‘Generic  Driver’ and UDP Tunnel
Now manually set the other NIC to be connected to your NAT Network, this network will nat the VM’s NIC out to the the internet connection being used by the Mac (either wired or wireless). Make sure you tick ‘Cable Connected’

Note: This is why I still use Virtualbox for this, in VMware Fusion any changes you make to the NICs are hijacked by GNS3 when you add and start the VM, with Virtualbox they are not.

You will know when you have the network cards right, as the ‘WAN’ will get an IP from your NAT Network.

Use option ‘6’ and make sire the virtual machine has a good connection to the internet.

Above you can see the appliance has a LAN IP of 192.168.1.1. Back in GNS3 give an IP address on the same range to the device you connected to the virtual appliance.

The network is directly connected, so you should not need to add a static route, I just do this out of habit.

First make sure you can ping the appliance, then make sure you can ping a public IP address.

Troubleshooting

While setting this up, you may have to ‘reset the appliance to factory settings’ (options 4), this should re-detect all the interfaces. You may also get the interfaces the wrong way round, ensure the right NIC is presented into GNS3.

Related Articles, References, Credits, or External Links

NA

Cisco ISE – Basic 802.1x With WindowsPart Four – Configuring The Windows Clients (Supplicants)

KB ID 0001083 

Problem

Back in Part Three we setup the switches ready to plug in our clients. I’m going to configure the Windows clients by Group Policy. But I suggest you carry out tests using single Windows clients and LOCAL policy until you know you have everything setup correctly.

WARNING: Rolling this out without adequate testing, can resolve in all your Windows clients falling off the network

Solution

1. On a DC or a machine with the AD management tools installed, open the group management console. Either edit an existing policy or create and link a policy to the OU that contains your client computers.

2. Navigate to;

[box]Computer Configuration > Policies > Windows Settings > Security Settings > Wired Network (IEEE 802.1x) Policies[/box]

Create A New Wired Network Policy for Windows Vista and Later Releases.

3. Configure the following;

General Tab

  • Policy Name: Give the policy a name
  • Description: Optional
  • Use Windows Wired Auto Config service for clients. (Ticked)

Security Tab

  • Enable use of IEEE 802.1X authentication for network access. (Ticked)
  • Select a network authentication method: Microsoft Protected EAP (PEAP)
  • Authentication Mode: User or computer authentication
  • Properties (optional in case you ever use TLS) Add in your Root CA Cert

4. Navigate to;

[box]Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Wired AutoConfig[/box]

Define the policy and set the startup type to ‘Automatic’.

5. Now when you connect a client to a properley configured switch port it will authenticate before if is allowed to join the network. If the machine is not a domain PC, or 802.1x fails then it will get an authentication failed remark on its network card.

6. OPTIONAL: We have setup 802.1x now, but it is also worth adding RADIUS to the ISE profiling configuration.

Related Articles, References, Credits, or External Links

NA