12-06-2020 09:40 PM
Hi Boss,
I am learning this Lab --IOS XE on CSR Recommended Code
I follow lab guide do it step by step. But when I run sudo yum update -y in the guest shell. it doesn't work.
I suppose internet is unreachable. I go back to IOS XE and do ping 8.8.8.8 but it is still unreachable.
May I know how can I could reach internet in guest shell environment which Cisco DevNet lab provide to me.?
Without internet, I couldn't install third-part software. I couldn't complete rest of lab.
thanks a lot
Solved! Go to Solution.
12-07-2020 12:17 AM
post the configuration you should have routing or bridge or NAT in place for the guest shell to reach internet.
12-07-2020 01:50 AM
cisco security policy - internet access is blocked from the sandboxes
12-07-2020 02:02 AM
is this sanbox or your equiment, if sandbox i do not have any visibility.
12-07-2020 08:53 AM
The devnet sandbox's do not have open internet access due to security posture and design.
Hope this helps!
12-07-2020 12:17 AM
post the configuration you should have routing or bridge or NAT in place for the guest shell to reach internet.
12-07-2020 12:48 AM
Hi BB,
Please see the configuration.
Thanks for your help.
csr1000v-1#show run
Building configuration...
Current configuration : 5128 bytes
!
! Last configuration change at 06:28:23 UTC Mon Dec 7 2020
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname csr1000v-1
!
boot-start-marker
boot-end-marker
!
!
no logging console
enable secret 5 $1$20ue$uC.uSGo6nvfWs63EjjzRP.
!
no aaa new-model
!
!
!
!
!
!
!
ip domain name abc.inc
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki trustpoint TP-self-signed-65385644
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-65385644
revocation-check none
rsakeypair TP-self-signed-65385644
!
!
license udi pid CSR1000V sn 9XWNNCFRE7U
license boot level ax
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
netconf-yang
!
restconf
!
username developer privilege 15 secret 5 $1$apX9$osH3JUIsEok.XVu5bKG0D0
username cisco privilege 15 secret 5 $1$3PeY$CBmJ7lqSYLpLn6uImSoMD0
username root privilege 15 secret 5 $1$F2Ov$Ax5.47hkCDThKbWt1.M4U0
!
redundancy
interface Loopback1000
description DevNet
no ip address
shutdown
!
interface Loopback1001
ip address 2.2.2.2 255.255.255.255
!
interface VirtualPortGroup0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no mop enabled
no mop sysid
!
interface GigabitEthernet1
description MANAGEMENT INTERFACE - DON'T TOUCH ME
ip address 10.10.20.48 255.255.255.0
ip nat outside
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
description Network Interface
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
description Network Interface
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
iox
ip nat inside source list NAT-ACL interface GigabitEthernet1 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.10.20.254
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip scp server enable
!
!
ip access-list extended NAT-ACL
permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
!
!
!
banner motd ^C
Welcome to the DevNet Sandbox for CSR1000v and IOS XE
The following programmability features are already enabled:
- NETCONF
- RESTCONF
Thanks for stopping by.
^C
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
!
!
!
!
event manager applet loopback0shut
event syslog pattern "Loopback1000, changed state to down"
action 1.0 cli command "enable"
action 2.0 cli command "config ter"
action 3.0 cli command "interface loop1001"
action 4.0 cli command "ip address 2.2.2.2 255.255.255.255"
action 5.0 cli command "shut"
action 6.0 cli command "no shut"
action 7.0 cli command "end"
!
!
app-hosting appid guestshell
app-vnic gateway0 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.1.2 netmask 255.255.255.0
name-server0 8.8.8.8
end
csr1000v-1#
csr1000v-1#show ip inter brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.10.20.48 YES NVRAM up up
GigabitEthernet2 unassigned YES NVRAM administratively down down
GigabitEthernet3 unassigned YES NVRAM administratively down down
Loopback1000 unassigned YES unset administratively down down
Loopback1001 2.2.2.2 YES manual up up
VirtualPortGroup0 192.168.1.1 YES manual up up
csr1000v-1#
csr1000v-1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 10.10.20.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.10.20.254, GigabitEthernet1
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback1001
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.20.0/24 is directly connected, GigabitEthernet1
L 10.10.20.48/32 is directly connected, GigabitEthernet1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, VirtualPortGroup0
L 192.168.1.1/32 is directly connected, VirtualPortGroup0
csr1000v-1#
12-07-2020 02:02 AM
is this sanbox or your equiment, if sandbox i do not have any visibility.
12-07-2020 01:50 AM
cisco security policy - internet access is blocked from the sandboxes
12-07-2020 08:53 AM
The devnet sandbox's do not have open internet access due to security posture and design.
Hope this helps!
12-07-2020 06:28 PM
I would like to say thank you all your help.
I will consider to build up my own lab for testing Python-onbox (access internet to install 3 party software)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide