BSides Buffalo 2025: Building a Virtual Homelab with Cisco Modeling Labs

Okay, let's get started. Our next talk is called Building a Virtual Home Lab with Cisco Modeling Labs by Mel Pini Dudes. She is a network engineer with a passion for understanding how the internet communicates with devices. During graduate school, she focused on establishing secure infrastructure connections building on a foundation of hands-on experience from her previous role at McDonald's. Mel Pellini is excited to share her knowledge at her first conference and hopes to inspire others and explore networking through creative accessibility lab setups. Thank you so much. All right, she got the most part about me. Um, but yeah, Cisco Mining Labs is a virtual simulation. So, yeah, I'm a networking engineer. I just graduated with a masters in digital

forensics and security and I just want you guys to um understand instead of just learning all theoretical stuff kind of just apply it onto hands-on. Um that's the best way I learn. So hopefully there's others like you out here. Okay. Um, so yeah, I feel like CML is a cleaner version than GNS3. Um, you can just use Cisco images directly. Um, the package. Um, there's a free version and but there's some things to it. But little uh the gist of CML is that you can drag and drop uh nodes like switches, routers, um can simulate them, firewalls and Linux systems. Uh it's to me it's an efficient way to test big ideas. Um getting ready for

your cert certain exams like CCNA and CCNB. Um, I'm still working on it. It's It's a lot. Uh, it's a lot in there, but this is something that has helped me kind of like continue to pursue it. Um, so yeah, CML is cleaner. Uh, I feel like it's more modern and I feel it just works great to test designs before you uh before you deploy it on the mobile. So, so it's very portable and it's very scalable because I'm just using my laptop. Um, my laptop is like 16 GB of RAM. Um, I forgot how much CPU, but yeah, it's not not a big special laptop. Um

uh it supports wide shot captures. Uh I've heard it let you explore automation. Network automation is a new upcoming thing. Um you can spin an entire environment in minutes. Test BGP. Simulate firewalls. validate net vlan configs. Um there's also a free version for like personal use. Uh but it's also like um you can do like five nodes. Um I paid for the paid version because I wanted to explore all the capabilities of it which I I still am. Um um I don't think they have the ability to like create your own image and put like pfsense on it with the free version, but with the paid version you're able to do that.

Um so setting up CML uh I had some hiccups. I had to uh like the bridge network wasn't working in the beginning. So I tried using like a bunch of virtual machine on MI station. Um that didn't work out. So I continue to explore it. I had to I had to go into my settings on my desk desktop, look at like IP config on the command prompt, um kind of coordinate VM adapter with uh my desk my desktop. Uh you also need to enable virtualizations in BIOS um and and certain settings to allow the bridge connections. Uh so today's goal is to kind of mirror a small enterprise network uh internal user a DMZ web server N translations

route on a stick for uh VLAN routing and end to end testing with PN the curl command and Yep. So this is my topology. Uh you have a router, two routers, but the main router is like the edge between like an external um external network and internal network. Um and build uses a lot of resources on computer while Alpine kind of use less than less resources. Um so yeah uh so R2 handles that and connects to DMC network which is VLAN 110 where we drop in the Linux box which is running a simple HTTP server. Um, NAT overloads gets internal clients out to the DMZ. VLAN 10 host the built-in client. R1 uses sub instance basis for VLAN routing

and forwards traffic to R2 which again is like the like the middleman between the external and the internal network. uh in a way it mimics uh a real world um scenario like smaller networks. So yeah, so the first things I did was set up VLAN 10 for internal and VLAN 110 for DMZ. Switch one connects to two. Uh switch two connects to Alpine. Both switches trunks the routers which means like everything just kind of flows to the routers. Um any any of the like um it's just it's routed it's routed um the IP is uh forward. Um yeah. So the connect number two the switches are connect to the routers using trunk links access ports for the

hosts. Um and then I use VLAN tag. Um yeah uh I kind of hit some hiccups uh skipping from certain things like VLANs and trunks but um

The we assign internal and external IPs uh overload using ACL like permit 192 dot dot and then 10 um yeah that's how that works. Um then I set a static route point to R2 for any DMC traffic. Um

that's pretty much how Boomu in Alpine was statically IP. Um I installed HTTP on Alpine and mainly add the default web sudu. Uh, anybody have a networking experience? Well, kind of. Yeah. Okay. Anybody's like, "What is she talking about? Why is your network so small?" Um, -30 only gives you four presets. Yeah. So, what's on that small network?

Which one? Oh, right there. Oh, cuz it's it's for addresses. So, it's just a switch in the and the in the Yeah, the switch. Explain. Yeah. What is that? Cider. You want to explain the cider what the slash30 means? Slash. Anybody know what SL30 means? Kind of. Kind of. That's your net mask, right? It's like it's the amount of IPs that that subnet can give out. So the way a router is like you have to so routers have interfaces ports, right? And then so then the the ports have to get assigned an IP in order to forward traffic. Um, so that's why we have like subnets on interfaces. Can I help? I don't want to take Can I help with

what you're doing? Showing up. Okay. When you subnet a network, what you're doing is instructing your equipment as to how many spaces into the address it will check to see whether it is on the same subnet or not. 30 spaces on a 32-bit address leaves you with four um addressable network uh spaces in your network. Okay? So, in a 32-bit address, it's going to go, okay, everything here is in this subn network to up to 30 spaces in the address. These are ones and zeros. So a network slash30 only has four addresses that you can use. It's a very small network and you're using it for a switch. A switch and a PC. A switch and a PC. Okay. So it's a very

small network. And that was my question. You answered it adequately. I'm gearing for I know I know I some people have different levels of network experience. like what personally when I got into networking like I had to take a network class at Hudson Valley and it was tough for me like it was so tough. I don't know how I got into it now but just because it was so challenging and because um because I wanted to get in cyber security and you need some type of networking knowledge to actually understand cyber security at a bigger level. So that's why I kind of had built a foundation in like the physical uh part of it like troubleshooting like

your ports um you know and then I took the step up to networking. Doing great. Thank you. Um yeah, I'm going to show you a little demo of the um CNL. So bear with me. Or do you want to see it right now? We got instead. Okay, I'll show the video.

So yeah, so you'll see all the different network devices and uh how much memory and CPU CPU usage has it it taken off. So this is based off of what I set on the uh uh VMware. So if I put 8 GB of memory, it will show you that's how much usage you are using based off that, not based off my desktop. Oh yeah.

So, I'm opening the uh the console. Just so you know, we can only see step three. Really? Yeah. Damn. Thanks for letting me know. For everybody else, why you didn't tell me sooner? It's okay. No hard feelings. How do I do you know how to move it over? Close the power. What is it? Did you have to close the PowerPoint then? It is closed. I wonder if it's set to just it could be set to one screen. Let me see. Here we go. Fisto

man like presentation note for your applications and justification. Maybe I think you got it. So, alt tab switch.

There we go. Oh, yeah. Thank you. All right. Uh, yeah. So, let me start over. All right. So, what I was saying before that you could see all the CPU and memory usage. Mhm. based off of what I set on the workstation. So, I'm getting into the Embutu console

and then I'm going to ping this down. I I don't remember IP addresses too, but So I'm pinging R1 the default gateway um from two and then um pinging R2 from R1. Uh ping is you really is your best friend. I'm not kidding. But now I am pinging the internal link back to R1. success. And then next is to see if I can reach the DMZ which is Alpine the external network. Success. You're pinging just to verify you have communication to these links. Right. Right.

I'm hanging back to R2. success

and then basically I'm paying from to uh the website which is to um

Is this recording it? Then I'm starting my uh I started my start. I use Alpine as a HTTP server. I ran ran it and then it it used a curl command and it came out to welcome uh to the sides. Um just to show you the basic communication. Does that make more sense to you guys? Yeah. Okay. Um

any questions? anything you're like confused on or want to know more of? You said there's a free Is there a free tier for this? You said you have the paid version. I have the paid version um which is like 250 a year. I'm a I'm network engineer dedicated. So to just learn the basic part of it, um if you have no knowledge of networking, I would suggest you to go to uh uh Cisco NetiCAD. They got a bunch of courses and they they helped me get a a great understanding of it. Um they have a bunch of labs for themselves too. But this was me of like exploring multi- vendors because if you do go into

networking engineer job or whatever job you may go to be dealing with a lot of different um companies like Aruba, Juniper and that's why I got into this cuz I wanted to know more about that like Palo Alto. Um, I want to I I want to I'm going to trying to look for a way to maybe install Palto or Forigate. Um, but it's it's certain like you can't take just a OB file of like pfsense. It's a different it's a different file format which I'm still getting into. Why if I were I I teach if I wanted to use this resource for my classes. Yeah. Could I Is there a free version that I can get my students to do an exercise?

That's really Yeah. Yeah, there's a free version that it's up to five notes though. So, but I feel like you could do a lot with five notes. Like you can make it. But sorry. When you say five notes, are we looking at like six notes right here? Cuz I'm just counting dots on the screen, right? Is that Does that count as six notes? Yeah, that counts as five nodes is like almost there. Yeah. Yeah. All right, Sash was curious are do you uh with this particular tool uh does it come integrated with Cisco Packet Tracer or does it have capability to integrate both if you're aware of it? Honestly, this is like 10 times better than Packet

Tracer. But I suggest Packet Tracer to people that just want to know the little fundamentals of it. Uh this is for like more maybe intermediate people. Um but yeah, is it possible to use this tool to simulate things like denial of service attacks and stuff and then like we could like test how to mitigate that or I I didn't have the last part. I'm sorry. It's okay. Um can can we simulate like denial of service like Yeah, like attacks like in the in the simulated network or Yeah. um or like or like a feel like to an extent because you're dealing with like um Cisco licenses so you don't want to do too much craziness but I feel like to an

extent not um I haven't I haven't tried anything so I can't give you like a solid answer right now. I'm sorry. That's okay. Thank you. You're welcome. But that was my like um in the back of my mind like can I do that? Like I just wanted to get like the little fundamentals of things for now. Yes. Um how persistent are your nodes and layouts? Like for example, does this stuff say you brought it into perpetuity or does it shut down automatically every so often? Does it tweet itself? Oh, you know that's that's I I'm glad you brought that up. So um

so uh so this is the server right cml this is how I I had to set up before I can access it through like uh the web UI. So once I close this, if I put like pause on this, right, I I pause this and I leave

and I go back to the dashboard, it will stay on for you. Oh, gotcha. So So to be fair, this is also something running locally on your laptop with a server through what looks like VMware. Yeah, it's compatible with VMware. Okay. And then you're just web UI to your own laptop. Okay. Gotcha. Now, so does Cisco offer a cloud hosted version of this or is it strictly a client side self-rolling solution on your own laptop? A cloud solution like like implementing like Azure or something like that. Well, um, not as explicitly, but you know, for example, if I have, you know, I teach on the side, um, Alice's fulltime, I'm part-time, but if I had students who

just said, you know, I only have a Chromebook or I have some laptop with very limited resources, like is there a cloud version of modeling labs or is it strictly have to run your own equipment? Um if I'm getting your question correctly, there is labs um through Cisco website where you can access that. Okay. But it's um there's a wait time to access that uh like certain labs sometimes. Gotcha. Uh last time I access it, it was like 15 minute wait. Um, so you don't have to have it implemented on your um implemented on the on your desktop. Um, for those who want to like actually just have CML on your laptop, you could do that too. Um, I

forgot the word for it, but just like just CML, that's all. You can do that, too. Thank you. Okay. Any more questions? No. Want to know anything more about? You said it's like 200 bucks a year, so every year you have to buy it or Yeah, it's like a a subscription. I know. I know. I know. Um it I I I felt like it's better than just like buying two routers, installing it as a house. Oh yeah, that's true. Save Save electricity. Yeah, that's true, too. Save electricity. Yeah, save electricity, right? Yeah. Yeah. Yeah. This mom. Yes, my mom's in the building.

Um, yeah. Anything else? If you guys want to check it out, come here. you can um I don't know. I'm I mean I'm going with the flow over here cuz I don't want to just talk and you guys zone out and walk out the door. Oh,

but yeah, sub interfaces I uh dealt with that uh to make the VLANs with the routers. Um so if you have a sub interface 00.1 uh I mean 00 I mean 0/z 1.10 10. Um, you also have to have the parent interface up which is 001. That has to be up. Can't be done. Yeah.

Yeah. I mean, I feel like I covered most of what I wanted. I hope the expectations was satisfied. Um, I'm good. If you guys are good, I'm good. [Applause]

Is is the Ubuntu box outside the software too or is it it's all centralized? It's okay. That's the best part of it because when I was doing my grad grad school, I had to deal with a bunch of different VMs running in the background and it kind of ate up my resources a lot just having it run and I had to like constantly um constantly reip things and I had to constantly go back, oh, what did I reip this? What did I re that? It just felt more um like more clean just a habit on that. But I know someone asked if I think you asked if you can attack it in a way. Yeah. Oh yeah. Or

maybe floods or something. You know some machines having ice um like routed correctly. You could do that but that takes a lot of resources too. So for people that just kind of want to get into networking a little bit more but not to attack it yet, I recommend you know for the paid version. There's a limit. Cisco man. Um my what I paid for was 15 notes. Yeah. Uh there's a a next level up like premium I think and I think you could get like 30 25 um that that's good for like if you want to get to like data center kind of uh workload worlds I feel like that would be great cuz can implement service to on

to the CML um yeah um there's like business option too, which is like unlimited. I don't know how much that cost. Maybe if you want it for like your school, maybe you could um that could be good for you if anybody's pictures. So, who's their market for like the the business? Like is are they they're marketing to the people who are like setting up networks for businesses and like they want to plan it out first and then implement it because they get paid a lot of money to do this. Is that is that their market? Um, not me. Uh, you know, who is it? I feel like it's a mix of both. Um, they probably just want to

push it out to people. Um, so I feel like in the beginning when they did set this up, they had it just a paid version. They didn't have a free version. And I guess a lot of people didn't know about it or didn't hear about it. So then they pushed the free version out to people to get more familiar with it. kind of like uh um I forgot to call it like just a concept thing for people to get familiar with and maybe they'll push it more to like businesses to have their own um to create their own network on it. Um but there's there's limitations, you know, like uh like an act having an

actual router, you have to upgrade the code from time to time. I don't have to upgrade the code on this, you know. Um, Cisco ASA firewall is one of the nodes, but that has been discon discontinued in 2022. So, some things like that, like the next generation firewall that they have, uh, you need certain licenses for that. Um, I wasn't able to get it. Um, maybe you can, I don't know. But yeah. Oh, that would be a fun. You kind of just answered it, but how current is the nodes that are in there? You just touched on that, but how current are the available devices? I mean, compared to what's they're pretty decent, you know. Um, they, you know,

you can do your configs on the routers on the switches. You still have those commands. They don't go nowhere. Um, but on the ASA firewall, certain things you couldn't do compared to like a next generation.

Yeah, I am not a talker, so I didn't want to spend talking up here for an hour. It's okay. Without any engagement, you know. You're doing great. [Applause]