I’ve been using Cisco VIRL for over two years for both learning technologies and testing new solutions as PoC. Accessing devices in simulation via embedded console link is easy but not efficient. I always wanted to manage simulation in VIRL from my laptop not desktop PC. Also in many scenarios you  may want to connect external servers like netflow collector or IPAM software you wanna test. Also it’s quite handy to have access to running simulation form Internet, isn’t it?

Let me show you how I connect Cisco VIRL running simulation to other devices in my network and to Internet. In this tutorial I assume that you didn’t change default VIRL networking configuration.

Topology

Here is simplified diagram of my home network

There are 4 segments: LAN which contain my all computers, smart TVs etc, VIRL Flat1 Lan, VPN VLAN  and Restricted VLAN that have no access to anything but Internet (limited access) for security. Core component is my router that provide Internet connection and segmentation for VLANs in LAN network.

I run Cisco VIRL on my home PC using VMware Workstation. My PC has 2 NICs which makes all configuration much easier. Pretty much all new PCs have at least one NIC built-in into motherboard, it’s not uncommon to see motherboard with two NICs. If you have only one just go to local computer show and buy second one. NIC adapters are very cheap now but I suggest buying low end model that support VLANs so it’s more flexible to use. I use one with RTL8168E chipset.

Configuration

Router configuration is easy – it provides routing and switching capabilities as well as firewalling and NAT services.

Cisco VIRL requires 5 interfaces assigned to virtual machine. First one (eth0) is connected in Bridging mode to LAN interface of host PC. VIRL use it to contact license servers, fetch software as well as provide access to console lines of simulation.

Rest of interfaces are configured as Host-only by default. That means traffic will never leave the virtual machine. So what we need to do is changing the eth1 interface, described by Cisco as Flat1 Network interface, from Host-Only to Bridged and bridge it to second NIC. You need to open Virtual Network Editor and assign bridging manually to interfaces VMNet0 and VMNet1 or as I did you can use unused interface like VMNet10.

If you use new interface you need to assign them to your VM with Cisco VIRL

Don’t forget to configure new VLAN on any other network devices you have up to your edge router. I recommend simplifying the configuration by using IP address of 172.16.1.1/24 for this interface on edge router. This is default value set as default gateway in VIRL configuration. Also you need to assign IP address to this interface on Host PC.

VIRL configuration

VIRL use Flat1 Network as it’s out-of-band management network. It’s always assigned to management interfaces (or first interface if particular device does not have dedicated management interface) of virtual devices. VIRL use name Shared Flat Network for it and we need to assign it manually to simulation. To do this click anywhere on background and in Topology tab in Properties window select it from drop-down list

Remember that you are not only bridging this network to your LAN but also sharing it between multiple simulations so you can make them talk to each other!

VIRL assign IP addresses to devices automatically when virtual devices boots up. But you can override this and set Flat1 network IP addresses manually for each device. This is really helpful is you use same simulation frequently or you need external acccess outside your LAN network. To do this you need to click on each device and in Properties tab manually enter it in Management interface static IPv4 address field

The last thing you need to do after you start your configuration is adding proper routing interfaces. Depending of what you want to achieve you either will add default route or specific subnet routes of your LAN network pointing to 172.16.1.1 as next-hop address.

Testing the connectivity

If we try to connect to simulated router or switch using it’s management IP, that we set up in previous steps, from your Hots PC it will always succeed. Remember – this interface is bridged and you assigned IP address on your Host PC on this interface so there always will be connectivity.

We should test if bridging to simulation and routing to Flat1 network is working properly . Depending on your firewall and routing configuration of your LAN network try any other device that is allowed to access simulation to establish SSH or just ping the simulated device.

This isn’t of course the only approach but I found it flexible. It gives me control of what devices can talk to virtual devices in simulation and vice versa. But now you able to  manage simulation in VIRL from anywhere.