cisco expert-level training (formerly cisco 360) for ccie ... · rs access guide cisco expert-level...

RS ACCESS GUIDE

Cisco Expert-Level Training (Formerly Cisco 360) for CCIE Routing and Switching

Lab Front End Remote Access Guide

Table of Contents Cisco Expert-Level Training (Formerly Cisco 360) for CCIE Routing and Switching .... 1

Lab Front End Remote Access Guide ................................................................................ 1

Table of Contents ..................................................................................................................................... 2 Establishing a VPN Connection ............................................................................................................... 3

Method 1: Cisco AnyConnect VPN Client setup ............................................................................... 3 Method 2: Cisco IPSec VPN Client setup ......................................................................................... 6 VPN Troubleshooting FAQ ................................................................................................................ 7

GUI Front End Lab Access ...................................................................................................................... 9 Recommended PC Software and desktop setup .............................................................................. 9 Authentication Screen ....................................................................................................................... 9 Lab Navigation................................................................................................................................. 10

Router-Telnet Association ........................................................................................................................ 12 Incidents Panel......................................................................................................................................... 13

Firefox configuration to prevent opening an empty tab ................................................................... 15 POD Management ........................................................................................................................... 16 Ability to Extend, to End the Lab Early and to Save Configurations ............................................... 16

2 Cisco Expert-Level Training - Front End Remote Access Guide © 2015 Cisco Systems, Inc.

Establishing a VPN Connection The Cisco Expert-Level Training (formerly Cisco 360) Routing and Switching virtual pods are accessible using a VPN client. You may use any VPN client supported by Cisco routers. Instructions below provide two methods for setting up secured VPN connection. One method provides overview of automated installation of Cisco AnyConnect VPN client. Another method uses manual installation of standalone Cisco IPSec VPN Client software package.

Your registration email includes the access instructions for your reservation. This information should look similar to:

VPN Router IP Address 128.107.247.252 or https://cisco360-labs.cisco.com

VPN Group Name CIERSV5

VPN Group Password cisco360

VPN Username RS-POD#

VPN Password FOR EXAMPLE ONLY The same lab access information is visible in the portal under RSv5 -> Workbook, Assessment Labs or Lessons pages shortly after you have scheduled the lab.

Method 1: Cisco AnyConnect VPN Client setup The AnyConnect client supports Windows Vista, Windows XP and Windows 2000, Mac OS X (Version 10.4 or later) on either Intel or PowerPC, and Red Hat Linux (Version 9 or later).

To connect to the pod, navigate your browser to the VPN Router IP address: http://128.107.247.252/

You can get “Untrusted Connection” or “Security certificate problems” warning message. Accept the warning and safely continue to the website. For the Firefox browser, Add and confirm security exception.

© 2015 Cisco Systems, Inc. Cisco Expert-Level Training - Front End Remote Access Guide 3

https://cisco360-labs.cisco.com/

http://128.107.247.252/

Once the browser connects to the VPN web interface the logon screen will display.

Enter VPN Username and VPN Password in the provided fields and click on Logon button. If credentials are accepted, and the security appliance identifies your workstation as requiring the client, it loads the client that matches the operating system of your PC.

In order to properly download and install the plug-in, be sure to click Yes on the Java security pop-up message:


Answer Yes on another Certificated Issuer related Security Alert message:

After loading, the client installs and configures itself, establishing a secured SSL VPN connection.


Method 2: Cisco IPSec VPN Client setup The Cisco IPSec VPN client supports the majority of production versions of Windows and Mac OS X.

Download Cisco VPN client version for your operating system from your Learning portal (System: Profile->Downloads). Install the package and reload the workstation.

To connect to the pod, create a new VPN client entry:

Initiate the VPN connection by double-clicking on the CIERSV5 connection entry and authenticate the VPN tunnel with provided credentials:

Verify the VPN tunnel communication by pinging IP address 10.10.N.100, where N is the number of the server from the HTML file attachment in the lab instructions email:

C:\Users\test>ipconfig Ethernet adapter Cisco VPN: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 10.10.1.101 Subnet Mask . . . . . . . . . . . : 255.255.224.0 Default Gateway . . . . . . . . . : C:\Users\test>ping 10.10.1.10 Pinging 10.10.1.10 with 32 bytes of data: Reply from 10.10.1.10: bytes=32 time=99ms TTL=64 Reply from 10.10.1.10: bytes=32 time=87ms TTL=64 C:\Users\test>ping 10.10.1.100 Pinging 10.10.1.100 with 32 bytes of data: Reply from 10.10.1.100: bytes=32 time=92ms TTL=64 Reply from 10.10.1.100: bytes=32 time=89ms TTL=64


VPN Troubleshooting FAQ

What level of rights is required for the AnyConnect VPN Client?

For the first installation, you need administrative privileges. However, subsequent upgrades do not require the admin level privilege.

Is a reboot required after AnyConnect is installed or upgraded?

No. Unlike the IPSec VPN Client, a reboot is not required after an AnyConnect installation or upgrade.

Does AnyConnect require Java and permissions?

The AnyConnect VPN Client requires either ActiveX or Java to use the web-based connection/install. For ActiveX, the user needs to have permission to install into their web browser (or it can be pre-installed). If ActiveX is not supported or used, Java is attempted. The version can be 1.4.x or 1.5. The Java implementation is an applet and is browser-based: http://java.com.

On the first connection, the ActiveX/Java is used to install the AnyConnect VPN Client software. This initial connection requires admin rights. Subsequent connections do not require admin rights (even for client upgrades).

What is Cisco official AnyConnect VPN Client FAQ page?

http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml

I do not have IPSec VPN client software. Where can I download a VPN client supported by Cisco routers?

Cisco VPN client can be downloaded from Cisco 360 Learning portal (System: Profile->Downloads).


http://java.com/

http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml

I see the VPN Authentication screen, but my credentials are rejected.

Why can I not login?

If you see the authentication screen, it means your PC is able to communicate with the Pod.

User credentials are activated 6-8 minutes prior to the scheduled lab time.

If you are trying to login during scheduled lab session and your credentials are rejected, please review the scheduling email or check the portal under RSv5 -> Workbook, Assessment Labs or Lessons pages to verify you are accessing the correct pod and are using the correct credentials. Username and Password values are case-sensitive.

When trying to establish the IPSec VPN session, I receive this error message:

Why can I not connect using IPSec VPN client?

This message indicates that your PC is not able to communicate with the Pod. The most common cause of this issue is a firewall or ACL that is blocking IPSec from your network.

Authentication Headers (AH) and Encapsulating Security Payloads (ESP) protocols along with UDP 500 and UDP 4500 ports must be open for outbound traffic. Verify that your network security policy allows VPN sessions through firewall to the outside world.

After you have verified that you are able to establish outbound VPN sessions, please reboot your PC.

If you continue to have issues, please send an email to [email protected]. Please include the RS-POD# you were assigned and the start time for your scheduled lab. Also include screen captures showing your VPN configuration.


mailto:[email protected]

GUI Front End Lab Access Recommended PC Software and desktop setup

It is your responsibility to create an environment for GUI Front End. Cisco Expert-Level Training support team does not provide technical support for it. If you have difficulties with graphical front end interface, please use the lab PDF document and telnet access instructions provided in the e-mail to connect to equipment.

Links to the recommended software are located in your Learning portal (System: Profile->Downloads)

Note Install Adobe Flash Player from Mozilla Firefox browser. It will automatically detect the right version.

Authentication Screen

Navigate to http://10.10.1.10/ webpage, where N is the number of the server from the HTML file attachment in the lab instructions email. Use Session Authentication dialog to log into the lab delivery portal.


Enter POD name and Password as per access instructions (same as VPN username and VPN password).

Lab Navigation

Only the main diagram “Lab IP Addressing and IGP Topology” provides clickable router-telnet associations.

The dashboard will be loaded and present the navigation bar on the left and workspace with the lab diagram on the right. The top line of the dashboard has the information about the candidate, the lab and the time left until the end of session.

The navigation bar consists of three sections: 1) enumerated incidents, 2) lab objectives, instructions and rules, 3) lab diagrams.


Note All question and diagram windows are moveable, resizable and could be minimized and closed. Main network diagram could not be closed. To move the window - drag it by the title.

Note If the full diagram does not fit in the provided window, it can be dragged by mouse. With the left mouse button down, use gesture action to shift the document naturally in any direction.

Note If the size of the window with network diagram is smaller than provided browser window, it can be resized by mouse. Click on the bottom-right corner of the diagram window and move the mouse.

Interactive Help in different places gives you the tips to enhance your learning experience and helps navigate the page.


Router-Telnet Association

Hover the mouse cursor over the device on the main diagram. The context help will indicate telnet IP address and port.

Configure Firefox browser to start telnet application when telnet:// URL is called. Make association with your preferred telnet client (PuTTY).

Note Do not associate telnet application with Windows Command Prompt utility. Its terminal emulation incorrectly handles some of the router special commands (like, ---More---) which results in partial show command output. Issue “terminal length 0” command in the router enable mode to force full show command output on the console without breaks.


When Firefox is configured to launch telnet application on telnet:// URLs, clicking on the router will automatically open telnet session to it.

Telnet session can also be opened from the right click menu for each router (see POD Management section).

Incidents Panel

Select an incident and click on Incident details to see full description of the question. A full description of the incident will open in a separate window on the workspace.

Question can be marked to keep track of completed issues. Marking will not close the question and is just for information. It will not trigger any process. Question can be unmarked at any moment as needed.

The diagram for each incident highlights the area of the troubleshooting interest to help identify the area of the problem.


Pay particular attention to Restriction and Goals section of the lab. The list of restrictions creates a certain environment that guides toward problem solving solution.

The lab diagrams are located under last section of the menu. Click on the diagram details to open diagram in a separate window.


Firefox configuration to prevent opening an empty tab

Default configuration of the Firefox browser has such behavior that when telnet session is initiated from the diagram by mouse click, new empty tab is created in the browser window.

To prevent opening an empty tab, change the default setting of your Firefox browser using the following procedure:

1. Open Firefox browser. 2. Type about:config in the web site address area and press Enter.

3. Ignore the message about the warranty by pressing “I’ll be careful, I promise”.

4. Find browser.link.open_newwindow and change a value to 1 (use Modify option).

5. The change should take effect immediately.


POD Management

Click POD Management button to show all devices of the lab and its status.

Administrative management of each device also can be shown by hovering over router on the main diagram and clicking right-button of the mouse:

The provided menu allows to Telnet to device, Clear line, Power Cycle and Reinitialize device.

Note Exercise caution when operating with power control functions. Not saved configuration might be lost!

Clear Line process clears telnet all session to specific device.

Power cycle process is designed to restore access to the system lost due to excessive debugging output or lack of any console output on the router. Not saved configuration will be lost!

Reinitialize process restores device configuration to its initial configuration state designed by a lab author. Any additional configuration will be lost!

Ability to Extend, to End the Lab Early and to Save Configurations

Please refer to the Roadmap and FAQ page for additional description of lab functionality. Depending on the lab, you can extend the duration, end the lab early and use saved configurations options during scheduling.


cisco expert-level training (formerly cisco 360) for ccie ... · rs access guide cisco expert-level...

Documents