Increasing allocated RAM for UNL in VMware Fusion

SOURCE:
  1. import unl ova and keep it off
  2. change hardware compatibility to 12
    – In the Apple menu bar, select Virtual Machine > Settings.
    – Select Compatibility
    – Select the hardware version to 12
  3. change “memsize” in unl vmx
    – right click unl vm and select ” Show Package Contents”
    – search for the ‘VMX’ file, right click and select open with ‘Text Edit’
    – change the memsize there and save
    – power on unl vm. If it complain about unsupported main memory size then just click OK

What didn’t work yet in Unetlab

NOTE:
These limitation is not because of Unetlab but because of limitation of the image
Base on input from UD. These didn’t work in UNL
-QinQ  (didn’t run in Cisco but run in Arista)
-SPAN, RSPAN
SPAN doesn’t work on any cisco switch
SPAN is ok on Arista, but RSPAN is not supportet on any switch
https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan
-WCCP
-MAB (MAC Authentication Bypass)
for best results on L2 IRON image, need turn off ip cef
(config)#no ip cef
if turn off ip cef then:
-L3 Etherchannel ok
-PVLAN ok
-VACL, PACL ok
-dhcp snooping ok
-dot1x supported

Exporting/Importing Unetlab lab steps

Exporting Steps
1. click More actions/Start all nodes
2. click More actions/Export all CFGs
3. click More actions/Set all startup-cfg to exported
4. click More actions/Stop all nodes
5. click Close lab
6. click the lab and click ACTIONS/Export selected objects

Importing Steps
1. click ACTIONS/Import external labs
2. select target lab but don’t unzip it then import
3. click More actions/Start all nodes

How to export/import all labs
  1. Proper way
    Shift click your target lab and click menu ACTIONS/Export selected objects
  2. Unsupported but work
    copy your labs inside /opt/unetlab/labs/ and put into the same location in your target UNL

Importing IOU lab into Unetlab

  1. create simple IOU lab
    Image.png
  2. edit new lab
    Image.png

    Netmap: 1:0/0 2:0/0
    Image.png
    click Save

  3. configure both router
    Image.png

    R1#sh run
    hostname R1
    interface Ethernet0/0
     ip address 12.12.12.1 255.255.255.0
    R1#copy run unix:
    Destination filename [running-config]?
    R1#wr
    R2#sh run
    hostname R2
    interface Ethernet0/0
     ip address 12.12.12.2 255.255.255.0
    R2#copy run unix:
    Destination filename [running-config]?
    R2#wr
  4. copy all running config to database
    if you found error, then click each router and choose “Copy unix://running-config to database”
    sometime this happen because the router lost its config
    Image.png
  5. edit this lab again
    Image.png

    set both router initial config
    Image.png

  6. export the lab
    Image.png
    Select labs you want to export: tick labname
    Select initial config packs you want to export: tick labname
    click Export
  7. click Download
    Image.png
    rename the file name according to your lab name
  8. open Unetlab and import external lab
    Image.png
    Browse and click Import
    Image.png
  9. open the lab
    Image.png
  10. click More actions/Set all startup-cfg to exported
    click More actions/Wipe all nodes
    click More actions/Start all nodes

    Now all IOU config still intact in Unetlab

CheckPoint GAIA Installation on Unetlab

Image.png

-download CheckPoint R77.30 iso
-prepare VMware Workstation vm with Other Linux 64bit, 30GB HD, 2GB RAM and 4 nics
16-Jul 10.56.26.jpg

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

-open Chrome and go to https://10.0.10.61

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

Image.png

-shutdown vm and go to VMware Workstation
-click CheckPoint vm
-click File/Export to OVF
export as cpsg-r7730.ova
# mkdir -p /opt/unetlab/addons/qemu/cpsg-r7730
scp cpsg-r7730.ova into /opt/unetlab/addons/qemu/cpsg-r7730
# tar xf cpsg-r7730.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cpsg-r7730-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create CheckPoint unetlab lab above and start cp1
-open SmartDashboard and login as admin
-right click Edit Network Objects/CheckPoint/cp1
Image.png
Image.png
Image.png
-create Network Objects/Networks/LAN
Image.png
-create Firewall policy
Image.png
-create Application & URL Filtering policy
Image.png

 

 

 

 

 

 

Time zone resetted on every reboot

Mikrotik doesn’t have battery, so it won’t keep time zone upon reboot.

SOLUTION
/system scheduler
add name=startup on-event=ntp policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=startup
/system script
add name=ntp owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=”:delay 15\r\
\n/system clock set time-zone-name=Asia/Jakarta\r\
\n/system ntp client set enabled=yes primary-ntp=203.89.31.13\r\
\n”

Mikrotik Hotspot

HW INFO:
-Mikrotik SXTG-2HNd
WAN IP: 10.0.10.229/24
WIFI IP: 192.168.88.1/24
> ip address print
Flags: X – disabled, I – invalid, D – dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   10.0.10.229/24     10.0.10.0       ether1
 1   192.168.88.1/24    192.168.88.0    wlan1
/ip route
add distance=1 gateway=10.0.10.1
/system ntp client
set enabled=yes primary-ntp=203.160.128.59
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.
/ip firewall nat

add action=masquerade chain=srcnat out-interface=ether1

click IP/Hotspot/Servers
click Hotspot Setup
Image.png
Image.png
Image.png
Image.png
Image.png
Image.png
Image.png

Image.png

click IP/Hotspot/Servers/hotspot1

Image.png

click IP/Hotspot/Server Profiles/hsprof1/
Image.png

Image.png

click + on IP/Hotspot/User Profiles

Image.png

create hotspot user
click + on IP/Hotspot/Users

Image.png

To enable self-signed certificate
> ip service print
Flags: X – disabled, I – invalid
 #   NAME        PORT ADDRESS                                          CERTIFICATE
 0 XI telnet        23
 1   ftp           21
 2   www           80
 3   ssh           22
 4 XI www-ssl      443                                                  none
 5   api         8728
 6   winbox      8291
 7   api-ssl     8729                                                  none
> ip service disable 0
> ip service disable 1

> ip service enable 4

create self-signed
# openssl genrsa -des3 -out hotspot.key 1024
Enter pass phrase for hotspot.key: password

Verifying – Enter pass phrase for hotspot.key: password

# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key: password
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:JKT
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NGTrain
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:hs.ngtrain.com
Email Address []:support@ngtrain.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:password

An optional company name []:

# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=JKT/L=Jakarta/O=NGTrain/OU=IT/CN=hs.ngtrain.com/emailAddress=support@ngtrain.com
Getting Private key

Enter pass phrase for hotspot.key: password

-scp hotspot.crt hotspot.key into mikrotik /hotspot
> /certificate import file-name=hotspot/hotspot.crt
passphrase: ********
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0
> /certificate import file-name=hotspot/hotspot.key
passphrase: ********
     certificates-imported: 0
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0

  keys-with-no-certificate: 0

/ip service set www-ssl certificate=hotspot.crt_0

-if you don’t have your own dns server, you can add static dns address for hs.ngtrain.com into your mikrotik
> ip dns static add name=hs.ngtrain.com address=192.168.88.1
verify using this command

> ip dns cache print

-modify IP/Hotspot/Server Profiles/hsprof1/
13-May 19.12.46.jpg