---

Answers to Frequently Asked Questions - General Topics

How do I get help?

Please review these FAQs and documentation before contacting technical support.

I am having login problems.

The leading causes are:

• TCP port 80 and/or TCP port 23 is being blocked by personal firewall software, or other firewalls between you and the NETLAB_AE server
• Cookies are disabled
• Javascript is disabled

Modern browsers and firewall software allow you enable these features for an individual site; in this case, the NETLAB_AE server address.

What are the user, client, and browser requirements?

Please refer to the requirements page.

What is an IFRAME ERROR?

NETLAB uses HTML inline frames. You will receive this error if your personal firewall/security software blocks IFRAMES, or your browser has disabled them. Please refer to the IFRAMES help page.

During lab access, I hear a clicking sound every few seconds. How can I make it go away?

If you have a Windows PC, remove your "Start Navigation" sound.

• Start > Control Panel > Sounds
• Scroll down in the "Events" box to "Windows Explorer/Start Navigation"
• In the Sound/Name field, select "(None)"

I cannot connect to a router, switch, firewall, or PC!

If you are able to access the NETLAB_AE server with a web browser, but cannot make a connection to a lab device or PC, a firewall is probably blocking TCP port 23. TCP port 23 must be "open" between your workstation (point A) and the NETLAB_AE server (point D).

1. Make sure Java is installed and enabled on your workstation.
   
2. Make sure personal firewall software on your workstation (point A) is not blocking TCP port 23.
3. Is a local firewall (point B) blocking TCP port 23 outbound? Check with your local network administrator.
4. Is TCP port 23 open inbound at the NETLAB_AE site firewall (point C)? Check with your instructor or NETLAB_AE administrator.

What can the NETLAB_AE administrator do to troubleshoot lab device connections?

Examine the NETLAB_AE system log file.

1. When a user clicks on a lab device, the following message will be logged:
   [date time UTC] <user_id> opening connection to <device> from <IP address> using <Telnet or VNC>
2. When NETLAB_AE receives an inbound connection, this message will be logged:
   [date time UTC] received connection from <IP address>
3. When the user logs in successfully, this message will be logged:
   [date time UTC] Telnet authorized for <user_id> into <device> during reservation <id>

If you see the message #1, but not message #2, NETLAB_AE is not seeing the corresponding TCP port 23 connection following the request to connect. The following conditions may cause this:

• Telnet (TCP port 23) is being blocked somewhere; personal firewall, user site firewall, NETLAB_AE site firewall, or router ACL.
• The user is using a local Telnet client application which is not configured correctly.
• The user is using the Java Telnet Applet and Java is not enabled in the client browser, or Java is being blocked by a firewall.

I do not get a keyboard response after I establish a connection with a router, switch, or firewall. What is wrong?

Client issues:

• The Telnet client does not have focus. Click inside the Telnet area if you are using the NETLAB_AE Telnet Applet and retry.

Hardware issues:

• The device has been unplugged from the switched outlet, or the power switch is in the off position.
• The console cable between the access server and the router is loose, unplugged, or the console cable is physically damaged.
• The router has a hardware problem. For example, the router will not boot.
• There is a problem with the Access Server or the port(s) on the Access Server.
• A control switch may be down.

Possible hardware issues should be referred to the local NETLAB_AE system administrator.

My serial link does not stay up (interface up, line protocol down). Why?

• Have you set a clockrate on the DCE interface?
• Have you issued the no shutdown command on both interfaces?
• Issue the show controllers command on both interfaces and examine the first few lines:
  • Is a serial cable attached on both sides?
  • Are the DTE and DCE cables attached to the correct routers as shown in the diagram?

Please refer cabling issues to your local NETLAB_AE administrator.

What Telnet clients can I use to access routers, switches, and firewalls?

Choose one of the following options in your NETLAB_AE user profile:

• NETLAB_AE Telnet Applet: this is the default Java based client designed for NETLAB_AE. When you click on a lab device, the applet provides automatic, transparent login.
• Java Telnet Applet: this is the older Java based client. It may be removed in a future version.
• Local Telnet Application: you can use you own Telnet application, as long as your web browser is configured to handle the telnet:// URL prefix.

To use a specific Telnet application loaded on a Windows PC, follow these steps and refer to the picture below:

1. Select Local Telnet Application in your NETLAB_AE profile.
2. Start Windows Explorer or click on My Computer
3. Select Tools > Folder Options or View > Folder Options
4. Select the File Types tab
5. Select URL:Telnet Protocol
6. Select Edit or Advanced > Edit
7. Highlight Open in the Actions box and click on Edit
8. Type in the full path to the Telnet client executable. Here are a few examples. The paths may be different on your machine.

What applications can I use to access PCs in the lab?

NETLAB_AE provides a built-in Java client to connect to PCs in topologies that support them. The client is based on the non-proprietary VNC protocol.

Does NETLAB_AE support Windows Terminal Services or VMRC (the Microsoft Virtual Server client)?

Microsoft has not publicly licensed or published the protocol specifications needed to support these remote access technologies.

When I try to connect to a device, NETLAB_AE says I am already connected. How can I get back in?

If your machine or Telnet client has hung, the NETLAB_AE server may not have received an indication that the client side of a connection has closed. You can force your connections to be dropped using either of these two methods:

• Click the "Drop My Connections" button on the lab/connections panel
• Log out of the NETLAB_AE web page, then log in again

How does NETLAB_AE save my work at the end of a lab reservation?

Check out the flow chart.

Can you directly cut and paste configs into a router, switch, or firewall?

There are currently two ways to load configs without typing them in the routers:

1. You can use the File Manager.
2. You can use a Local Telnet Client. The built-in Telnet applets do not currently support cut and paste due security issues inherent to Java. NDG is actively working to resolve this issue.

How can I create a configuration file, then load it into a router, firewall, or switch?

1. Go to "File" from MyNETLAB.
2. Create a new "configuration file".
3. Select "Edit This File".
4. Type or paste in a config.
5. Save changes.
6. Enter an active lab reservation from MyNETLAB.
7. Load the file into the desired device from the "Load" tab.

When NETLAB_AE loads a configuration file, the Ethernet, FastEthernet, or Serial interface commands are rejected?

NETLAB_AE allows different router types in each equipment pod. When a configuration is saved on one pod, then loaded onto another pod, it is possible that the source router interface names (e.g. Ethernet0, Serial0) are different than the destination router (e.g. FastEthernet0/0, Serial0/0). This situation would normally be handled by manually editing the interface names before loading the configurations on the destination routers. To avoid this time consuming task, NETLAB_AE automatically performs this translation if:

1. The configuration files were created using NETLAB_AE automates save option, or
2. They are NETLAB_AE's default configuration files for a lab exercise.

For this to work properly:

• The router types configured in NETLAB_AE must match the actual router types. Otherwise configurations may not load properly since NETLAB_AE is translating interface names based on the wrong router type.
• Interface names on the actual router must match the interface names that are expected by NETLAB_AE.

To determine the configured router types, click on the "Status" tab during a lab session. To determine the actual router types, use the IOS show version command. If these do not match, the NETLAB_AE administrator should correct this using the pod management interface.

How can I easily assess a student's work?

Instructors can use the archive feature (MyNETLAB > Archive) to rapidly assess how a student or team arrived at a solution. NETLAB_AE records the commands issued on all routers, switches, and firewalls. All activity is analyzed and sorted into a "who", "what", "when" and "where" table format. Each entry is hyperlinked so that output of each command can be easily viewed. Configuration files and device output are also saved with each lab session. The instructor may view this data online, or receive it automatically by e-mail.

How can I cancel a lab reservation?

Instructors can cancel future reservations or reservations in progress. Currently, instructors who seek immediate access can "bump" someone else off the pod. This feature will be partially limited in a future version. If possible, you should ask the user to terminate his reservation gracefully by having them click the "I'm Done" button on the Lab Access page. This will cause configuration files to be saved, log files to be retained, and the pod to be scrubbed. Any unused 30 minute blocks will be returned to the scheduler after cleanup tasks are completed.

1. Select "Scheduler"
2. Select "View or cancel reservations"
3. Select the reservation you wish to delete
4. Select "Delete"

Students can delete future reservations or reservation in progress, as long as they scheduled the lab event. Students cannot delete reservations made by other users.

1. Locate the reservation on the main page (MyNETLAB > Lab Access)
2. Click on the session ID hyperlink for the reservation you want to delete
3. From the reservation display select "Delete"

How can I change a lab reservation?

At this time, you must delete the reservation and make a new one.

I ended my reservation by clicking "I'm Done". Why did NETLAB_AE not return the unused time back to the scheduler?

1. There were less than 30 minutes remaining, OR
   
2. NETLAB_AE is still in the process of saving configuration files and cleaning up the lab, so the unused time has not been returned yet.

Can I purchase NETLAB_AE software and load it on my own PC?

No. NETLAB_AE is a turn-key server appliance that integrates NDG custom software and over 200 other software packages. The device drivers are specific to the hardware platform.

Does NETLAB_AE support the CCNA Discovery curriculum?

NDG has worked with Cisco to provide support for the majority of the labs in the CCNA Discovery curriculum. Support for CCNA Discovery was implemented in NETLAB+ version 4.0.25. NETLAB_AE supports 22 of the 29 labs included in the CCNA Discovery 2: Working at a Small to Medium Business or ISP course. Please refer to CCNA Discovery 2: Working at a Small to Medium Business or ISP for details on supported lab exercises. NETLAB_AE supports 44 of the 48 labs included in the CCNA Discovery 3: Introducing Routing and Switching in the Enterprise course. Please refer to CCNA Discovery 3: Introducing Routing and Switching in the Enterprise for details on supported lab exercises. NETLAB_AE supports 29 of the 36 equipment-based labs included in the CCNA Discovery 4: Designing and Supporting Computer Networks course. Please refer to CCNA Discovery 4: Designing and Supporting Computer Networks for details on supported lab exercises.

---

Answers to Frequently Asked Questions - Equipment and Pods

What is a pod?

A pod is an instance of a supported lab topology, which can be reserved by a user.

How many equipment pods can I host on a single NETLAB_AE system?

A maximum of 12, but this also depends on the topologies you wish to host.

What lab topologies are supported?

Please see the topologies page.

Can I create a custom lab configuration?

NETLAB Academy Edition currently supports topologies designed for Cisco Networking Academy labs. Customized lab configurations are offered in NETLAB Professional Edition.

What kind of lab equipment can I use?

Please review the supported lab equipment page.

What is a control device?

A piece of equipment that is required for NETLAB_AE to function, but is not accessible to students and instructors.

• Control switches provide NETLAB_AE internal connections
• Access servers provide console access to lab devices
• APC Switched Rack PDU, automated power management units

Please review the supported control devices page.

I have checked over the cabling and configuration numerous times, but the pod test still produces errors. What can I do?

Please see the pod test help page.

I want to delete an image from the "IOS and PIX Images" inventory. However, NETLAB_AE says the image is "in use" and will not allow me to delete it. How can I remove this image?

An image that is marked "in use" has been assigned to one or more devices in a pod. To delete the image, you must first eliminate the dependency by assigning a different image to the devices using it. This is accomplished through the pod management interface.

I just completed a new equipment configuration and NETLAB_AE told me my pod(s) passed successfully, however, my users can no longer login. What might be the problem?

Make sure logins are not disabled. Administrator > Enable / Disable User Logins.

One or more pods are not showing up in the scheduler.

Make sure the pods are online. Administrator > Equipment Pods.

NETLAB_AE usually powers off the lab equipment when it is not scheduled. However, I noticed that my lab routers and switches were powered on when no lab time was scheduled. What might be happening?

There are two likely scenarios where this might happen:

1. The APC lost power but the NETLAB_AE server did not. In this case, NETLAB_AE powered off the outlets prior to the APC losing power. When power was restored to the APC, the outlets returned to the factory default state of ON.

2. Both the NETLAB_AE server and the lab APC lost power (i.e. power outage). The NETLAB_AE server came up before the APC initialized. When NETLAB_AE comes up, it will try to power off lab equipment that is not scheduled. However, if the APC has not fully initialized when NETLAB_AE tries to power off the outlets, they may remain in the factory default state of ON.

In both cases, the outlets will remain ON until the end of the next lab reservation. To prevent this behavior, power on all control devices and lab equipment, then wait several minutes before powering on the NETLAB_AE server.

I noticed the Cisco 1900, 2500, 1700, or XYZ device is not on the recommended list for certain pod types. However, they are listed on the supported device web page. Are these supported or not?

Since the labs are authored and revised by Cisco, NDG can only make "recommendations". When NDG releases a new pod type, our recommendations are based on the Academy bundles available at the time and known issues pertaining to certain labs. These will change over time as curriculum changes and older equipment is phased out.

When NDG authors new pod documentation, we typically do not recommend any device that is well beyond end-of-life. Unless explicitly stated, such a device may actually work in the context of the current labs. However it is the responsibility of the customer to verify this if they choose to implement. We therefore recommend you study the labs for the curriculum you are teaching prior to finalizing the equipment you host.

Items listed on the supported device page have driver support in NETLAB, but are not be appropriate for all pods and labs. The recommendations in the pod-specific documentation guides attempt to narrow this list down to an appropriate subset. Therefore, the pod guides should be considered the primary source for equipment recommendations.

Why does Basic Router Pod Version 2 require two Ethernet ports on each router? This is more expensive!

Both ports are required for several labs that could not be done on Basic Router Pod Version 1. All entry level routers in the current bundles (Cisco 1841, 2801) support this requirement. NDG will continue to support a mix of both Basic Router Pod version 1 and Basic Router Pod version 2 on the same system to balance greater functionality with lower price points.

Why are Direct/Standalone PCs not supported on several pod types? This is disapointing!

The Academy labs serviced by these pod types require administrative rights to the PCs, which is problematic under the Direct/Standalone model. In particular, a user with administrative rights can accidently or intentionally disable the control NIC and isolate the PC from the equipment pod. VMware GSX is not subject to this problem.

For further explanation, please refer to chapter 2 of the Remote PC Guide for VMware Implementation.

What is the difference between Basic Router Pod Version 2 and Basic Router Pod Version 1?

Version 2 does not replace version 1. Rather, a mix of Version 1 and Version 2 will continue to be supported on the same system to provide a balance between functionality and cost.

Basic Router Pod Version 2 is designed to support more labs (both CCNA and CCNP) and provide greater functionality. This comes with the added expense of VMware GSX and dual-Ethernet routers.

Basic Router Pod Version 1 supports fewer lab activities and is somewhat limited to CCNA. There are fewer requirements so the cost of implementation may be less.

How much should I expect to pay for the hardware required to run the VMware Server product?

Based on NDG’s purchasing experience, the typical price for server hardware to support VMware Server virtual machines is in the range of $1250-$1500 (US). NDG has used both Dell and IBM servers. It is important to verify that the server you select meets VMware Server requirements:

• The CPU must meet VMware Server’s minimum recommendation.
• The server must have sufficient memory to run the virtual machines implemented.

How much should I expect to pay for the software required to run VMware Server?

NETLAB+ is compatible with VMware Server versions 1.0.1 to 1.0.7. You may obtain a free download of VMware Server from VMware, Inc..

Do not purchase VMware ESX, VMware Virtual Center or VMware Workstation products; these products do not currently work with NETLAB+.

You will need a Windows Server operating system to host the VMware Server application. NDG recommends Windows Server 2003, which typically costs $600 - $900 (US). Virtual Machines can run either Windows or Linux operating systems. Some Networking Academy curriculums utilize various Microsoft Windows operating systems, which typically require one license per virtual machine. The MSDN Academic Alliance program (where available) can provide Academic discounts for these products for qualifying institutions.

---

Answers to Frequently Asked Questions - Security and Firewall

How do I access the system shell, root, and/or manage system accounts?

NETLAB_AE is an appliance. All administrative functions are performed through the console menu or web interfaces.

Please note: accessing or modifying the underlying operating system is not permitted under the license agreement. All internal access and modifications to the NETLAB_AE server should only be performed by NDG technical support and official software upgrades.

Where can I get information for my network or firewall administrator?

Please see the Connectivity and Firewall whitepaper.

Where should my NETLAB_AE server be located?

Ideally, the server should be placed in a rack behind a DMZ. NDG has taken many steps to make the product both secure and firewall friendly. However, a "remote lab" product inherently requires inbound connections. Some customers have opted to establish a separate low cost Internet connection for NETLAB.

My administrator won't allow "XYZ". Can you do something on the server to work around this?

NDG keeps Academy pricing low by maintaining a standard environment and software version across all systems. Therefore, we typically do not modify individual systems. Occasional exceptions are made if the requested change is feasible, can be easily maintained, and/or incorporated into the core product.

How much bandwidth is required?

A T1 connection is recommended. Bandwidth usage varies based on the number of simultaneous connections and connection types. Use caution with Cable and DSL solutions. Keep in mind that:

• A fixed IP address is required for the server. DHCP is not supported.
• Many service offerings do not provide the same bandwidth in both directions; they are usually optimized for downloads from the Internet (inbound). For NETLAB_AE, it is desirable to have more bandwidth from server towards the Internet (outbound).

Does NETLAB_AE support Network Address Translation (NAT)?

Yes. A unique external IP address must be assigned to the NETLAB+ server. A static mapping (or conduit) between the external and internal NETLAB_AE IP addresses must be defined. Port Address Translation (PAT) is not supported.

What protocols and ports numbers does NETLAB_AE use?

Protocol	Port	Direction	Open In Firewall...
HTTP	tcp 80	inbound	to provide external access to NETLAB
Telnet and VNC	tcp 23	inbound	to provide external lab access and NDG technical support
SSH	tcp 22	inbound	to provide secure NDG technical support access
HTTP	tcp 80	outbound	required, provides access to CSS and support services
DNS	udp 53	outbound	only if DNS name server is outside the firewall
SMTP	tcp 25	outbound	required, allows NETLABAE to send e-mail
Ping	icmp echo	outbound	used for diagnostics only

Does NETLAB_AE route between the user network and interfaces attached to equipment pods?

NETLAB_AE is a proxy server. There is no routing between interfaces.

Will NETLAB_AE work with an HTTP proxy and/or internal mail server.

Although not supported by NDG, the following settings are provided:

• Alternate mail server.
• HTTP proxy server (IP address and port). The proxy must be completely transparent.

A supported configuration requires direct outbound access from the NETLAB_AE server to the Internet:

• HTTP, port 80 TCP
• SMTP, port 25 TCP

Can I turn block access to Central Support Services?

No. Access to CSS is required. NETLAB_AE uses the Internet based CSS model to make the product easy to maintain at a reasonable cost. For more information, please refer to the CSS whitepaper.

What is Telnet used for? Isn't Telnet insecure?

Normally, yes... because user ID and password information is sent across the network in clear text.

However, NETLAB_AE only uses Telnet to provide proxy access to the equipment pods. No operating system account names or passwords cross the network. In addition, users must be logged into the NETLAB_AE web interface and must select a specific device from the lab access panel each time they wish to establish a lab connection through the Telnet proxy.

IMPORTANT: As of version 2.21.0, Telnet can provide a console login for sole the purpose of support by NDG. The option must be explicitly enabled by both the local NETLAB_AE administrator and by NDG. Telnet can be used where firewalls and/or policy prohibit the use of SSH. Although SSH is not a requirement, it is still the preferred method of NDG support access because SSH provides encryption.

Can SSH be used instead of Telnet to access lab equipment?

Not at this time. A wide variety of international laws restrict the export and use of encryption software. SSH is only used for technical support access by NDG, and only in countries that permit it.

Does NETLAB_AE use the (insecure) TFTP protocol?

NETLAB_AE provides a read-only TFTP server listening on the inside (private) interface. TFTP is disabled on the outside (public) interface. When NETLAB_AE needs to recover a system image on a lab device, control switch port is moved into VLAN 1. After the image is TFTP'd to the device, the port is removed from VLAN 1.

Can the NETLAB_AE server act as a TFTP server for lab exercises that require one?

This is not supported for security and technical reasons. You can use a NETLAB_AE remote PC to provide this capability if supported by the lab topology.

---

Answers to Frequently Asked Questions - Required Annual Maintenance

Why does NDG require an annual maintenance fee for NETLAB_AE?

NETLAB_AE must keep pace with new curriculum, labs, hardware, IOS images, PC operating systems and system security patches. NDG is firmly committed to keeping pace with the dynamic nature of Academy curriculum requirements, which requires a continuous investment by NDG in both labor and equipment.

NETLAB_AE is a specialized product, with a relatively small market. If annual maintenance were optional, we would not generate enough revenue to support the product and keep your system current.

NDG's high level of customer satisfaction and customer retention illustrate that we are providing an excellent service well worth what we recognize is a significant investment by our Academy customers.

What do Academies get for the annual fee?

• Software upgrades, feature enhancements, and bug fixes.
• Updates to keep pace with curriculum and lab changes.
• New hardware support including IOS automation patches.
• New technology, for example, remote personal computer operability.
• Unlimited technical support.

How can we recoup 100% of the NETLAB_AE costs?

The NETLAB_AE software license allows you to share access with Cisco Networking Academies^® around the world. You can charge a reasonable cost recovery fee as long as you follow the guidelines of the license and the Cisco Networking Academy Program^®.

With version 3.7 (May, 2005 software release) you can host up to 10 lab pods for up to 87,600 lab hours. This allows your Academy to 1) help others that need equipment access and 2) to recover 100% of your costs.

What steps is NDG taking to promote shared access?

NETLAB_AE version 3.9 will support "communities". Specific blocks of time on an equipment pod can be reserved for a community. Each community will support separate classes, instructors, and user accounts. Instructors in community A cannot alter the accounts and classes of community B, and vice-versa. The administrator can assign one or more Academies to a community.

Version 3.9 will also feature a "sharing portal". Academies with NETLAB_AE can advertise their system availability and sharing model to other Academies via the NDG website.

How does NDG decide what new features to implement?

• We listen to your feedback.
• We regularly meet with Cisco Networking Academy Program Managers and Technical Managers.
• We plan upgrades based on curriculum requirements, customer demand, and implementation feasibility.