CCNP Equipment Remote Access

How to get access

  1. You need to be a student enrolled in the CCNP course.
  2. You will need to generate an SSH public key and send it to mark@. Do not send your private key.
  3. You will be assigned a username that starts with “authpf-” followed by your full name.

Rules

  1. don’t set console nor enable passwords
  2. don’t change the console speed.

Hostname

The hostname used to connect equipment in the CCNP Pod is: ccnp-pod.yycnetlab.org.

This may change periodically, so please use the DNS record rather than the IP address.

AuthPF

The only authentication you need to do is key-based authentication to AuthPF. You will need to stay connected to the AuthPF session for the entire time you are using the equipment.

Upon initial connection to AuthPF, the “Podbot” chat bot in the CCNP channel will detect that you have connected and turn on all the required equipment.

Connect to SSH (port 22) using your “authpf-” username and the hostname ccnp-pod.yycnetlab.org.

When you connect you should see a message like this:

$ ssh authpf-joeexample@ccnp-pod.yycnetlab.org -i ~/.ssh/authpf-joeexample
Last login: Thu Jul 9 18:02:05 2020 from <your IP address>
Hello authpf-joeexample. You are authenticated from host "<your IP address>"

If that’s not working for you, reach out to the instructor.

Once you disconnect from the AuthPF session, the equipment will be turned off by the Podbot (after a grace period).

Topology

This is a diagram of the CCNP Pod topology:

The same topology is used for both ENCOR and ENARSI.

Ports

The routers and switches are all connected to a serial console server operating at 38,400 baud. It’s more responsive than the usual 9600 baud, but it’s still reasonably slow. Each serial console port is assigned a unique TCP port for Telnet access.

Each of the PCs is actually a VM. These are also accessible through unique TCP ports using the Remote Desktop Protocol.

TCP PortDeviceProtocol
2201R1Telnet
2202R2Telnet
2203R3Telnet
2204D1Telnet
2205D2Telnet
2206A1Telnet
2221PC-1RDP
2222PC-2RDP
2223PC-3RDP
2224PC-4RDP
2225PC-5RDP
2226PC-6RDP
Ports and protocols

If your RDP client asks for a username or password, just click on “ok” or type in any random values if it needs something. Authentication to those is wide open. It’s a lab; it’s not secure.

Lab PCs

The login password is “Passw0rd!” (without the quotes) for each of the Lab PCs.

The Lab PCs are all VMs. They are created and destroyed when the lab is turned on or off. Here are a couple useful tidbits:

  • Turn off the Windows Firewall – it will cause you grief. This command might speed up the process:
    NetSh Advfirewall set allprofiles state off
  • There is a CD-ROM mounted with a bunch of installable tools on it (Wireshark, tftp, etc). If you want a tool but it’s not yet on the CD image, let the instructor know.

Here are a few useful commands for quickly setting IP information on the PCs:
netsh interface ipv4 set address name=15 source=static address=10.3.85.50 mask=255.255.255.0 gateway=10.3.85.1

Set IPv6 address:
netsh interface ipv6 set address interface=15 type=unicast address=2001:db8:acad:3085::50/64

Set IPv6 gateway:
netsh interface ipv6 add route ::/0 interface=15 2001:db8:acad:3075::1

Routers and Switches

If you would like to store your configuration on these devices, please store it in a folder:

copy run flash0:/yyc_stuconfig/name/file
will copy your running-config to a file in that folder.

more flash0:/yyc_stuconfig/name/file
will allow you to view that file.

copy flash0:/yyc_stuconfig/name/file run
will allow you to merge your configurations into the running-config.

config replace flash0:/yyc_stuconfig/name/file
will allow you to overwrite your running-config with the contents of the file.

The command to make your folder is just a standard Unix-style mkdir. The command to list the folder you’re in/contents of that folder is a good Windows-style dir. The command to change directories is a good ol’ cd.