Gig a Velocity Lab Access Guide

****** KEEP THIS DOCUMENT FOR FUTURE SESSIONS ******

Please log into your www.gigavelocity.com account and review the Rack Access

Details section.

You will find your Rack Username and Password using the link below.

https://www.gigavelocity.com/account.html

Thanks for signing up with GigaVelocity.com! Our goal is to provide high quality lab access at reasonable

pricing. Your satisfaction is guaranteed. If you have any problems during the lab, please don't hesitate to

send email to [email protected]. If you do not get a quick response, please send an emergency page

via the following link:

http://www.gigavelocity.com/contact_us.html

All lab times are listed on our website via the following timezone information:

(Central US Time-Chicago, Current Time: http://www.timeanddate.com/worldclock/city.html?n=64)

Download our rack diagrams (you may have to use the zoom feature of pdf viewer for some text):

Rack1 = http://www.gigavelocity.com/download/rackpak1.pdf

Rack2 = http://www.gigavelocity.com/download/rackpak2.pdf

Rack3 = http://www.gigavelocity.com/download/rackpak3.pdf

Rack4 = http://www.gigavelocity.com/download/rackpak4.pdf

Rack5 = http://www.gigavelocity.com/download/rackpak5.pdf

Rack6 = http://www.gigavelocity.com/download/rackpak6.zip

Rack7 = http://www.gigavelocity.com/download/rackpak7.zip

Your login procedure and credentials are as follows:

1. VERY IMPORTANT… You must authenticate to our site via standard telnet for access through

our firewall for ALL rack access including security server access. Please follow these steps:

IMPORTANT NOTE: If you are not able to access devices on the rack after successfully logging in,

repeat this step. We have timers set that detect inactivity and will require you to reauthenticate.

Telnet to: gigavelocity.tzo.com (telnet using standard port 23)

Here is a screen shot of what you should see after a successful authentication:

If you receive this screen, your source IP address is authenticated and now you are ready to access our lab.

2. The next step is to access our rack access server. Our access server ports are numbered by the rack

number you are accessing. For instance, if you are using RACK1 you telnet to port 2301, for RACK2

you would telnet to port 2302. Here is a quick reference:

Telnet to: gigavelocity.tzo.com 2301 (RACK1 – Use same login ID/Password)

Telnet to: gigavelocity.tzo.com 2302 (RACK2 – Use same login ID/Password)

Telnet to: gigavelocity.tzo.com 2303 (RACK3 – Use same login ID/Password)

Telnet to: gigavelocity.tzo.com 2304 (RACK4 – Use same login ID/Password)

Telnet to: gigavelocity.tzo.com 2305 (RACK5 – Use same login ID/Password)

Telnet to: gigavelocity.tzo.com 2306 (RACK6 – Use same login ID/Password)

Telnet to: gigavelocity.tzo.com 2307 (RACK7 – Use same login ID/Password)

Here is a screen shot of what you will see for access to rack 1:

Upon successful login, you will be connected to a 2511 or 2509 terminal server for rack access. You will be

notified 30 minutes prior to your lab ending with a warning that your lab session will end in 15 minutes. You

will receive another warning 1 minute prior to your session ending. 15 minutes after your original warning

message and 15 minutes prior to your scheduled lab end time the lab will shutdown automatically without

further warning.

Access Server Tips & Tricks

Here are some important notes for you to make sure your experience is more productive:

1. When you telnet in to the rack you will be connected to a 2511/2509 that has console access to all

devices.

2. You can use the "show ho" to see the devices and then type "r1" for example to reach router 1. 3. To disconnect from the device you will need to do "CTRL-SHIFT-6" then press "x". This will get

you back to the 2511.

4. You can then issue a "disc" command to disconnect the session or you can start a new one.

5. If you run multiple sessions you will then access them by number. For example, "1" will get you

back to connection 1, "2" will get you to connection 2 and so on.

6. You can also use the "disc" command to disconnect specific sessions for example "disc 1" will close

connection

7. You can use the “send” command to chat back with the lab facilitator if the facilitator sends you a

message. You can use the “send” command to send configurations to the routers. Be careful when

using the “send *” command when you don’t want to send commands to all devices. I like to use a

“!” in front of each line so the router will ignore any command you send. This is useful when chatting to the lab facilitator.

If you are getting disconnects and are using multiple telnet sessions try to use a single telnet session

and use the CTRL-SHIFT-6 X method of switching sessions.

Some ISP’s may implement aggressive TCP session timeout limits. If you continue to get session

timeouts with a single telnet session you may want to try a different Telnet Client, PC, or ISP

connection.

Hotels are the worst for issuing aggressive TCP timeouts and will continue to timeout your telnet

sessions making your session practically unuseable. Please be aware that GigaVelocity is not

responsible for these issues and makes certain that your session is not being terminated on our local end.

If you are using multiple sessions you can use the SecureCRT “anti-idle” feature by allowing

SecureCRT to issue a character of your choice to the terminal session to allow for session idle

timeouts possibly being policed by hotels and ISP’s.

If you are unable to reverse telnet to a device, you can clear the line connected to the device console

with the commamd:

Translating "r1"

Trying r1 (1.1.1.1, 2041)... % Connection refused by remote host

2511> clear line 41 (X = line number of device from chart)

For example: clear line 41 clears the line for R1

clear line 51 clears the line for CAT1

clear line 56 clears the line for ASA1

SECURITY / Wireless LAB INSTRUCTIONS This document provides you the necessary information for using the security components of our lab. Please remember, DO NOT modify, change, or delete any of the passwords configured on the security equipment. It is very important due honor this rule as it is very difficult to perform password recovery or system restores in time for the next Customer using the rack. Violation of this policy will result in early termination of your lab time and loss of any remaining labs and lab time without refund. Rack1

Server1 connects to Switch 1, interface See rack diagram VM1 connects to Switch1, interface See rack diagram VM2 connects to Switch2, interface See rack diagram

Rack4 Server1 connects to Switch1, interface See rack diagram

VM1 connects to Switch1, interface See rack diagram VM2 connects to Switch2, interface See rack diagram

Rack6 Server1 connects to Switch1, interface See rack diagram VM1 connects to Switch1, interface See rack diagram

VM2 connects to Switch2, interface See rack diagram

Rack7 Server1 connects to Switch1, interface See rack diagram VM1 connects to Switch1, interface See rack diagram

Console/CLI Access to Security Equipment

PIX/ASA: no login or password DO NOT SET PASSWORDS OR REMOVE ALL PASSWORDS

IPS/IDS: login=cisco password=gigavelocity DO NOT attempt to reimage sensor – erase config only

Rack6 IPS: login=cisco password=cisco@123 DO NOT attempt to reimage sensor – erase config only

Rack7 WCS: WCS Username: root

Passowrd: Gigavelocity!

WCS-FTP

Username: ftp

Passowrd: gigaftp!

Service Provider IOS-XR LAB INSTRUCTIONS The 4 – IOS-XR router in the Rack 5 Service Provider rack requires a username and password to connect. Routers R1, R2, R3 and R4 are all IOS-XR routers. Please use the login information below to connect. Rack5 IOS-XR: Username: xruser

Passowrd: gigav

Server Access via Microsoft Remote Desktop

All of our Security now use VMWare virtual machines for the two lab PC’s. The main Server has a connection to the lab topology so you can use it as well. You just need to configure static routes on the main PC so you have access to the lab environment.

For the VM virtual machines, they have a dedicated physical interface to the lab topology. For connectivity configure the network interface INSIDE of the VM.

To start the VMWare Virtual machines, there are three VMWare icon on the desktop that Start, Stops and Suspends the Virtual Machine. Just double click and VMWare will launch.

Rack1: Server1 gigavelocity.tzo.com:3391 login=administrator, pwd=gigav VM1 / VM2 login=administrator, pwd=gigav

*****For Rack 4 Please use the correct username – admin – NOT Administrator****

Rack4: Server1 gigavelocity.tzo.com:4491 login=admin, pwd=gigav VM1 / VM2 login=admin, pwd=gigav

Rack6: Server1 gigavelocity.tzo.com:6691 login=administrator, pwd=gigav VM1 / VM2 login=administrator, pwd=gigav

Rack7: Server1 gigavelocity.tzo.com:7791 login=administrator, pwd=gigav

RESETTING THE SERVERS

If you reload or reset the power to the servers you will erase/remove all configurations you have made. This is very useful in the event you need a to have a clean installation of ACS. In order to reset the power to the servers please be sure to use the instructions for the RPC power switch.

AAA Configuration Tips

Please be very cautious of how you configure AAA on your devices. It's possible to lock yourself out of a box very easily. A couple of strategies for helping you out with this could be:

do not write your configuration and bounce the device via the RPC if you become locked out use a delayed reload command. "reload in 15" will reload the device in 15 minutes if you

become locked out. have a backup for AAA to local and shut down the interface to the AAA server on the switch it

is connected to.

Accessing the IPS sensor via web browser (refer to section 7 for routing and connectivity issues)

IDS Sensor: https://x.x.x.x will connect you to the command and control interface of the VPN

concentrator

login id and password: cisco/gigavelocity

login id and password: cisco/cisco@123

Wireless Lab INSTRUCTIONS

Wireless Control System - WCS This is the login information for the WCS server.

Rack7 WCS Username: root

Passowrd: Gigavelocity!

WCS-FTP

Username: ftp

Passowrd: gigaftp!

Microsoft Remote Desktop - RDP This is the login information for the server.

Rack7 Server1 gigavelocity.tzo.com:7791 login=administrator, pwd=gigav

Rack7 Server1 connects to Switch1, interface See rack diagram VM1 connects to Switch1, interface See rack diagram

Routing and Connectivity to the Rack

1. Since windows only allows one default gateway, you can only have a default gateway on the server that allows you to communicate to the server via the internet. Because of this issue, you will need to be creative with your rack programming in order to allow the server to communicate to the rack. Some methods of connectivity could include:

keep server rack IP address in same subnet as VPN and IDS configuration interfaces

add static routes to the GUI server in order to access the rack via L3

use a combination of static routes with NAT

2. You can change the IP address of the Rack interface of the server to whatever you like. In order to add a static router to the server, you need to perform the following:

activate command or DOS window

enter command "route add x.x.x.x mask y.y.y.y z.z.z.z"

o x.x.x.x is the route you are adding to access equipment in the rack

o y.y.y.y is the subnet mask of the route you are adding

o z.z.z.z is the next hop address in order to reach x.x.x.x

o z.z.z.z must be on the same network as the interface of your server that points to the rack.

Here are some important notes for you to make sure your experience is more productive: 1. When you telnet in to the rack you will be connected to a 2511 that has console access to all devices. You can use the "show ho" to see the devices and then type "r1" for example to reach router 1. To disconnect from the device you will need to do "CTRL-SHIFT-6" then press "x". This will get you back to the 2511. You can then issue a "disc" command to disconnect the session or you can start a new one. If you run multiple sessions you will then access them by number. For example, "1" will get you back to connection 1, "2" will get you to connection 2 and so on. You can also use the "disc" command to disconnect specific sessions for example "disc 1" will close connection 1. 2. When using GUI access to the servers, you need to pay close attention to how you make configuration changes. DO NOT change anything on the public interface of the servers. On the rack interfaces you can change the IP and SUBNET mask. Don't worry about setting gateway information as Windows only allows one gateway and if you delete the one that's already running on the system you will lose your connection to the server. 3. When using GUI access from the servers to devices in the rack you can either use an IP address on the same network as the device your you can enter a manual route via command line on the server. For example, if your rack interface on the server is "10.1.1.1" and the IDS sensor is "11.1.1.1" you would need to perform a static route such as "route add 11.0.0.0 mask 255.0.0.0 10.0.0.2". This will point the server to your static next hop of 10.0.0.2 for access to the sensor on the 11.0.0.0 network. If you don't do this you won't be able to access devices on different networks. 4. All devices with Ethernet connections connect to the 3550 switches. You may have to set up vlans on the switches for devices to talk to each other. If everything is on the same network, default vlan 1 will work just fine. 5. When testing VPN connections, please make sure to understand that you need to implement split tunneling in order to use the VPN dialer client to connect to a device. If you don't you will be locked out of the server and the only way to get a connection back would be via the console of the host device and disconnect the session or establish a GUI session with the second server to the host device to drop the connection. 6. When using the VPN dialer, DO NOT check the integrated firewall option of the VPN dialer. This will keep you from connecting to the server period. If this happens you will need to reset the power to the server to access it again. 7. Keep in mind that when testing VPN connections, if you lose connectivity to the server, you have either checked the integrated firewall option or forgot to use split tunneling 8. Another indicator that if you lose GUI server access is if you've changed or deleted the default gateway or modified the public IP address. This situation will cause you lost rack time. 9. DO NOT change any passwords, remove any services or programs, or modify anything with the server. You should only need to set IP addresses and add static routes. The rest of the programs are available from the desktop. 10. DO NOT change any passwords on the IDS sensor or VPN concentrator. 11. DO NOT set any passwords on the switches. If you need to do so for testing, please write erase and reload them before your lab time expires.