Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
5
Replies

Risk or Need to Bridge CML to production network? - Prefer Isolated Sandbox

michaelc0n
Level 1
Level 1

‎10-22-2015 11:40 AM

My question is when I deploy CML within my production network, on a production ESXi host how much risk is there when spinning up lab networks within CML to bridge into my production network via the ESXi host?  I of course want to be able to take full utilization from a CML client/server perspective but I don't want to introduce any unnecessary risk to my underlining production network where the ESXi host will be residing...

 

Please let me know the best way to deploy CML on ESXi to avoid bridging to "underlay" production(real) network into the simulations provided atop of CML...

 

Thanks!

Labels:
0 Helpful
5 Replies 5

rkochery
Cisco Employee
Cisco Employee

‎10-28-2015 07:59 AM

Hi Micheal,

 Unless External Connectivity is not configured on the CML Server, it will not communicate with outside world. its absolutely safe. 

Thanks,

Romal

0 Helpful

michaelc0n
Level 1
Level 1
In response to rkochery

‎10-28-2015 08:09 AM

Thank you for your feedback! How can I ensure I do not enable external connectivity? Is there a config. guide that references external connectivity

0 Helpful

rkochery
Cisco Employee
Cisco Employee
In response to michaelc0n

‎10-28-2015 08:21 AM

you have all the installation instructions in 

http://virl-dev-innovate.cisco.com/client.php

you should leave all the ip address to default values. 

Thanks,

Romal

0 Helpful

michaelc0n
Level 1
Level 1
In response to rkochery

‎10-29-2015 03:35 AM

Hi Romal,  appreciate the help and the link! The below is a snippet from the link you provided...my question is if I don't want to bridge the CMLenvironment (I  don't have VIRL, probably easier to install) into my real L2 or L3 network do I still need all those port-groups?  I would prefer to just have a single IP tied to CML-server which by my CML-client connects to and just have a sandbox to do testing within CML. What are your thoughts on this?  Thanks again for all the help.

Step 3:  Create the VIRL Network Port-Groups

See it done.
The VIRL virtual machine requires connections to five unique virtual network port-groups, the first of which ('VM Network' by default) is used for management and connectivity to the Internet.

The other four port-groups used by VIRL for external layer-2 and layer-3 connectivity ('Flat', 'Flat1', 'SNAT', and 'INT') must be created using the steps below:

0 Helpful

rkochery
Cisco Employee
Cisco Employee
In response to michaelc0n

‎10-30-2015 09:29 AM

Hi Micheal,

 All the simulations running in the CML Stays inside the CML. it does not communicate with anything outside the Virtualized CML Server. Even though you create the port groups, the ip addresses assigned to them by default are private ip addresses and they are not routable.

In the settings.ini file you can leave all the port group ip addresses to default values. 

0 Helpful
Customers Also Viewed These Support Documents