- Overview
- Product Documentation
- CML 2.8 Release Notes
- CML 2.8 Installation Guide
- CML 2.8 User Guide
- CML 2.8 Admin Guide
- CML Administrator's Guide
- Cisco Modeling Labs System Overview
- System Defaults
- Creating a New Node Definition
- Node Definition SMBIOS Parameters Specification
- Custom VM Images
- Clustering
- CML Admin Tools
- System Settings
- Networking
- Resources
Configuration of External Connector Bridges¶
After you created a new bridge of any kind, and before you can use it as a target for an external connector lab node, you need to further configure it to help lab users identify the correct bridge, and to control some details of CML’s behavior with respect to this bridge.
This chapter explains the configuration options and how to control them.
Configuring a new External Connector Bridge¶
New External Connectors need to be registered with the CML server. This happens whenever the CML services start, or when the CML UI External Connectors subpage of Administration Tools is visited. The latter option will also remove entries for bridges which no longer exist on the host, even if they are only missing temporarily.
A label is generated for each new device, and default configurations are assigned based on its name. You can then change these defaults as you want.
Procedure
Log into the CML UI as a user with administrator privileges.
Click the menu item.
On the System Administration page, click External Connectors.
The External Connectors page is shown with a table of all current entries.
Any new bridges detected while loading the page will be listed with default settings.
Any bridges which are not currently present on the system for any reason will be removed from the list, even if lab nodes are configured to use the bridge.
Find the row for each of the managed bridges by the bridge’s Device Name.
Click on the Label column entry for the found row, and edit the label to give the bridge a distinctive human-readable name. Click Save to apply.
(Optional) Click on the Snooped and Protected toggles to put them in the desired position of enabled or disabled.
Repeat these steps for all External Connector entries you wish to configure.
IP Snooping¶
The IP addresses received by lab nodes from externally-managed DHCP servers, or those configured manually, are not generally knowable beforehand. Users may log into the nodes to find the assigned addresses, but this is cumbersome for automated scripting.
For each External Connector bridge, there exists an option, enabled by default, where traffic is monitored on the bridge for all DHCPv4, ARP and ICMPv6 packets. Whenever a packet is sent through the bridge where a MAC address can be directly mapped to an IPv4 or IPv6 address, the MAC address and all associated addresses are recorded.
In the Lab Nodes API, there exists a call to retrieve Node Layer 3 Addresses. This matches the snooped addresses against those MAC addresses which have been assigned to the node’s interfaces when that node is first started. Wiping a lab node will remove all snooped entries which match any of its interfaces’ MAC addresses, as the assignment is no longer valid and may be reassigned at any time. Next time the lab node starts, a new set of MAC addresses is assigned to it.
The node interface need not be directly connected to the External Connector node. It may be connected through an Unmanaged Switch, or any other nodes which place the interface on the same L2 segment as the External Connector bridge. In fact, any MAC address from address blocks that CML assigns to lab node is recorded, even if the address does not belong to any current node.
However, the API will only report the addresses which are assigned to the requested node by the CML software. It does not return addresses for an arbitrary MAC address. If a lab node’s OS configuration chooses to override burn-in MAC addresses of its interfaces, or uses MAC addresses of its virtual interfaces, then no match can occur and the resulting list is empty.
The assigned IP address entries are subject to expiration, and are provided as lists containing all recently-associated IP addresses. Typically, if there are multiple entries, then the last item is current, and previous addresses are invalid.
Snooping has no effect on traffic forwarding on the bridge, whether it is enabled or not. If you do not want this service to be enabled for any given bridge for any reason, turn off the Snooped attribute of the respective External Connector entry.
Note
This functionality is currently only available through API and not exposed in UI.
Bridge Protection¶
As mentioned in the External Connectivity section of the User’s Guide, some nodes’ default configuration can severely interfere with the network segment of an L2 bridge External Connector. For this reason, all bridge and vlan External Connectors enable bridge protection mode for them by default, while other bridges can be set to also be protected in this manner.
When enabled, all traffic except IPv4, IPv6 and ARP is blocked at the CML server’s bridge. We recommend that you preserve bridge protection, especially for the System Bridge device bridge0.
In case your use case has an L2 bridge External connector which needs to forward L2 traffic including vlans from and to lab nodes, you need to disable bridge protection on that bridge. We recommend that you create a dedicated L2 bridge for this purpose and then turn off the Protected attribute of the respective External Connector entry.