Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
5
Helpful
1
Replies

Catalyst 9400 guestshel and Network Access

Go to solution
Ditter
Level 3
Level 3

‎10-10-2018 05:26 AM - edited ‎03-08-2019 05:27 PM

Hi to All,

 

just recently installed a Cat9k (9400) and enabled iox.

 

When in guestshell i noticed that the container has already an IP address :

 

[root@guestshell guestshell]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.30.2 netmask 255.255.255.248 broadcast 192.168.30.7
inet6 fe80::5054:ddff:feef:96fe prefixlen 64 scopeid 0x20<link>
ether 52:54:dd:ef:96:fe txqueuelen 1000 (Ethernet)
RX packets 20 bytes 1684 (1.6 KiB)

...

 

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
...

 Also noticed that there is also a gateway configured that is :

[root@guestshell guestshell]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.30.1    0.0.0.0         UG        0 0          0 eth0
192.168.30.0    0.0.0.0         255.255.255.248 U         0 0          0 eth0

 

However, i can not see how these IP addresses could help me to get out of the container and get access in our enterprise network.

 

From some documents i noticed that you enable VirtualPortGroup and enable by hand gws as well as local ip addressing.

 

In our guestshell it seems that IP addressing is pre configured, we run 16.6.4.

 

Any ideas?

 

Thank you,

 

Ditter.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jayesh Singh
Cisco Employee
Cisco Employee

‎10-12-2018 11:48 AM

Hi Ditter,

Seems like you have installed guestshell with just 'guestshell enable' command, which according to me sets up the guestshell with default/preset private ip address range.

 

Bydefault, applications in guestshell have access to mgmt network (i.e. network connected to mgmt port).

 

Virtualportgroup is required when you don't have mgmt connectivity and need to use front panel ports for external connectivity. Please note that Guestshell application is behind the NAT in this setup. Reference command for guestshell installation with VPG:

 

guestshell enable [VirtualPortGroup port-number guest-ip ip-address gateway gateway-ip netmask netmask [name-server ip-address]]

 

Please refer below doc for VPG config required to provide external connectivity:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/166/b_166_programmability_cg/guest_shell.html

 

Hope it helps!

 

Thanks,

Jayesh

 

 

View solution in original post

1 Reply 1

Go to solution
Jayesh Singh
Cisco Employee
Cisco Employee

‎10-12-2018 11:48 AM

Hi Ditter,

Seems like you have installed guestshell with just 'guestshell enable' command, which according to me sets up the guestshell with default/preset private ip address range.

 

Bydefault, applications in guestshell have access to mgmt network (i.e. network connected to mgmt port).

 

Virtualportgroup is required when you don't have mgmt connectivity and need to use front panel ports for external connectivity. Please note that Guestshell application is behind the NAT in this setup. Reference command for guestshell installation with VPG:

 

guestshell enable [VirtualPortGroup port-number guest-ip ip-address gateway gateway-ip netmask netmask [name-server ip-address]]

 

Please refer below doc for VPG config required to provide external connectivity:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/166/b_166_programmability_cg/guest_shell.html

 

Hope it helps!

 

Thanks,

Jayesh

 

 

Customers Also Viewed These Support Documents