VIRL for home practice lab

mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
I was thinking of getting VIRL and using it as a solution for a CCIE Sec home lab.
Are there any good resources that discuss this?
- How complete a solution would it be? I could either get the "Pro" version of VMWare to let me connect other external components. Or, I could just rent rack time from somebody, if there are pieces of gear not implemented in VIRL.

Comments

  • KrekenKreken Member Posts: 284
    VIRL is for R&S ans SP. It is fairly limited for security. I am almost done setting up my home lab and the only physical devices I have are Cisco AP 1602i, Cisco 3560 and HP server running esx. The rest can be setup as virtual appliances. WSA, WLC, ISE, ACS either come as ovf or iso files. The ASA can be setup in GNS3 with routers and can be connected to external network by using a breakout switch method. The only thing that's missing is IPS 4200 but I worked so much with it, I could configure it in my sleep. I keep Cisco IME-Demo on my desktop as a memory refresher on the interface.
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    It looks like VIRL can support imported VMs, and most of the items in the Sec v5 lab have virtual versions you can obtain with an evaluation license.
    The only parts of the v5 lab that are physical are a single switch, an ASA, a WLC, a wireless AP and a phone. Some of those can probably be virtualized too for home lab purposes. The only part I'm not 100% sure of is if I'm running the current version of Vsphere 6.0 with ESXi (which is free), can you bring physical pieces of gear into the same environment with the virtual stuff? I was looking at a CBT Nugget that discussed this, but it sounded like you had to upgrade to the "Pro" version of ESXi to be able to control physical stuff, and I'm not sure there's a difference in the current version. (Is it always free?)
  • EricsLearningEricsLearning Member Posts: 15 ■□□□□□□□□□
    You can connect the virtual environment with a physical. I use a second NIC in the ESXi server which supports VLAN tagging and set a trunk port up on the switch. If the virtual device supports vlan tagging this works fine. I think the virtual switch has to be setup to support all vlans.

    You could also setup specific switches for each vlan. Then connect them to the physical NIC which connects to the trunk port on the switch. That way you can allow the virtual machine to send untagged traffic which ends up getting tagged when it gets sent from the virtual switch to the physical one. More than one virtual switch can be connected to the same physical NIC.

    All of this can be done with the free version of ESXi. Let me know if I was clear as mud on this post. I can probably get something with screen shots put up.
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    You can connect the virtual environment with a physical.
    Nice write-up on this is here, hopefully it hasn't changed much since this article.
  • rtidrtid Member Posts: 18 ■□□□□□□□□□
    I can't speak to the Security lab requirements, given that I'm on the R&S track, but personally I've found myself utilizing VIRL so infrequently that I have the VM turned off on my ESXi server. I likely won't re-subscribe to VIRL, given that I don't have a particular requirement that isn't more efficiently met by Unetlab or a straight VM image (having much experience with VIRL to reach this conclusion).

    When I move to the SP track, I'll re-evaluate the landscape.
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    If you have access to licensed, updated versions of all the devices supported by VIRL, then I would agree than GNS3 or the other free solution are better options. That is my main motivation for VIRL, without a support contract I have easy access to the latest copy of many images I need for my lab, and the fact that there are no issues with licensing means I don't have to go to "grey" areas of the internet to find what I need.
Sign In or Register to comment.