Frequently Asked Questions - General Topics

• How do I get help?
• I am having login problems.
• What are the user/client/browser requirements?
• If the remote access port test fails during login, what are the probable causes and what can I do to resolve this issue?
• If the remote access port test fails during login and indicates a ***port test applet timed out before completion*** error, what is the likely cause?
• What is an IFRAME ERROR?
• During lab access, I hear a clicking sound every few seconds. How can I make it go away?
• I can't connect to a router, switch, firewall, or PC!
• What can the NETLAB_AE administrator do to troubleshoot connection problems?
• I don't get a keyboard response after I establish a connection with a device's console. What is wrong?
• My serial link does not stay up. Why?
• What Telnet clients can I use to access routers, switches, and firewalls?
• What applications can I use to access PCs in the lab?
• Does NETLAB_AE support Windows Terminal Services or VMRC (the Microsoft Virtual Server client)?
• When I try to connect to a device, NETLAB_AE says I am already connected. How can I get back in?
• How does NETLAB_AE save my work at the end of a lab reservation?
• Can you directly cut and paste configs into a router, switch, or firewall?
• How can I create a configuration file, then load it into a router, firewall, or switch?
• When NETLAB_AE loads a configuration file, why are Ethernet, FastEthernet, or Serial interface commands rejected?
• How can I easily assess my student's work?
• How can I cancel a lab reservation?
• How can I change a lab reservation?
• I ended my reservation by clicking "I'm Done". Why did NETLAB_AE not return the unused time back to the scheduler?
• Can I purchase NETLAB_AE software and load it on my own PC?
• Does NETLAB_AE support the CCNA Discovery curriculum?

Frequently Asked Questions - NETLAB+ Support of CCNP 6.0

• Will NETLAB Academy Edition^® support the new CCNP v6 curriculum?
• What is the support status of the CCNP 6.0 - TSHOOT v1.0 - Troubleshooting and Maintaining Cisco IP Networks course?
• What is the support status of the CCNP 6.0 - SWITCH v1.0 - Implementing Cisco Switched Networks and ROUTE v1.0 - Implementing Cisco IP Routing courses?

Frequently Asked Questions - NETLAB+ Product Line

• What is the difference between NETLAB Academy Edition^®, NETLAB Professional Edition^® and NETLAB Enterprise Edition^™?
• Why are NETLAB_AE, NETLAB_PE and NETLAB_EE priced differently?
• What products can be hosted and automated with NETLAB+?
• Can I buy NETLAB PE and host any equipment?

Frequently Asked Questions - Equipment and Pods

• What is a pod?
• How many pods of equipment can I host on a single NETLAB_AE system?
• What lab topologies are supported?
• Can I create a custom lab configuration?
• What kind of lab equipment can I use?
• What is a "control" device?
• I have checked over the cabling and configuration numerous times, but the pod test keeps failing. What can I do?
• I want to delete an image from "IOS and Pix Image" inventory, but the image is marked "in use". How can I remove this image?
• I just changed my equipment configuration, however users can no longer login. What might be the problem?
• NETLAB_AE usually powers off the lab equipment when it is not scheduled. However, I noticed that my lab routers and switches were powered on when no lab time scheduled. What might be happening?
• I noticed the Cisco 1900, 2500, 1700, or XYZ device is not on the recommended list for certain pod types. However, they are listed on the supported device web page. Are these supported or not?
• Why does Basic Router Pod Version 2 require two Ethernet ports on each router? This is more expensive!
• Why are Direct/Standalone PCs not supported on several pod types? This is disappointing!
• What is the difference between Basic Router Pod Version 2 and Basic Router Pod Version 1?
• How much should I expect to pay for the hardware required to run the VMware Server product?
• How much should I expect to pay for the software required to run VMware Server?

Frequently Asked Questions - Security and Firewall

• How do I access the system shell, root account, or manage system accounts?
• Where can I get information for my network or firewall administrator?
• Where should my NETLAB_AE server be located?
• How much bandwidth is required?
• My administrator won't allow "XYZ". Can you do something on the server to work around this?
• Does NETLAB_AE support Network Address Translation (NAT)?
• What protocols and ports numbers does NETLAB_AE use?
• Can I block access to Central Support Services?
• Is Network Address Translation (NAT) supported?
• Does NETLAB_AE route between the user network and interfaces attached to equipment pods?
• Will NETLAB_AE work with an HTTP proxy server?
• What is Telnet used for? Isn't Telnet insecure?
• What is SSH used for? Can SSH be used to access equipment pods?
• Does NETLAB_AE use the (insecure) TFTP protocol?
• Can the NETLAB_AE server act as a TFTP server for lab exercises that require one?

Frequently Asked Questions - Required Annual Maintenance

• Why does NDG require an annual maintenance fee for NETLAB_AE?
• What do Academies get for the annual fee?
• How can we recoup 100% of the NETLAB_AE costs?
• What steps is NDG taking to promote shared access?
• How does NDG decide what new features to implement?

Answers to Frequently Asked Questions - General Topics

How do I get help?

Please review these FAQs and documentation before contacting technical support.

I am having login problems.

The leading causes are:

• The assigned remote access port is being blocked by personal firewall software, or other firewalls between you and the NETLAB_AE server
• Cookies are disabled
• Javascript is disabled

Modern browsers and firewall software allow you enable these features for an individual site; in this case, the NETLAB_AE server address.

What are the user, client, and browser requirements?

Please refer to the requirements page.

If the remote access port test fails during login, what are the probable causes and what can I do to resolve this issue?

A Remote Access Test is performed during each user login. The purpose of the test is to attempt to establish an outbound TCP connection. This connection is necessary for remote device access, and remote PC access and access to chat functions (chat functions will be available in a future software release).

This test will fail if a connection using the TCP port(s) defined by the NETLAB+ administrator cannot be established. There are several reasons why the Remote Access Test may fail:

1. Personal Firewall settings on your computer: The personal firewall software on your computer may be set by default to prohibit the port connection. This issue is routinely resolved by selecting to allow the connection when prompted by a pop-up window from your personal firewall software.
2. Security policy at your current location: It is possible that local security policy does not allow outbound access using the port(s) chosen by the NETLAB+ administrator. This is the most likely diagnosis if you are able to successfully access the system from another location.
3. Ports have not been opened in the site firewall: As part of the installation process, you must be certain to open the ports in the site firewall that have been designated available for outbound client connections. This is only likely to be the problem if all users are unable to establish a connection.

If the remote access port test fails during login and indicates a ***port test applet timed out before completion*** error, what is the likely cause?

The port test uses Java, as do other components in NETLAB+. It is likely that the timeout within NETLAB+ is related to the Java plug-in. The latest version of Java must be installed and properly configured within your web browser.

Installing the latest version of Java on your machine does not always ensure that it gets properly configured to work in your browser. You can confirm you are running the latest version of Java and that Java is properly configured within your browser by using Sun’s test program.

Examine the results of the test. If the Dancing Duke (as shown in the picture below) animation is not dancing, the latest version of Java is not properly configured within your browser and NETLAB+ will not function.

What is an IFRAME ERROR?

NETLAB+ uses HTML inline frames. You will receive this error if your personal firewall/security software blocks IFRAMES, or your browser has disabled them.

Please refer to the IFRAMES help page.

During lab access, I hear a clicking sound every few seconds. How can I make it go away?

If you have a Windows PC, remove your "Start Navigation" sound.

• Start > Control Panel > Sounds
• Scroll down in the "Events" box to "Windows Explorer/Start Navigation"
• In the Sound/Name field, select "(None)"

I cannot connect to a router, switch, firewall, or PC!

If you are able to access the NETLAB_AE server with a web browser, but cannot make a connection to a lab device or PC, a firewall is probably blocking the remote access port. The remote access port must be "open" between your workstation and the NETLAB_AE server. The default remote access port is now 2201 (existing systems prior to 2009.R1.beta.2 have a default of 23) The remote access port may be reassigned to a new port or list of port numbers (supported in NETLAB+ software versions 2009.R1 or later). Please see the NETLAB+ Installation Guide for details

1. Make sure Java is installed and enabled on your workstation.
2. Make sure personal firewall software on your workstation (point A) is not blocking the remote access port
3. Is a local firewall blocking the remote access port outbound? Check with your local network administrator.
4. Is the remote access port open inbound at the NETLAB_AE site firewall? Check with your instructor or NETLAB_AE administrator.

What can the NETLAB_AE administrator do to troubleshoot lab device connections?

Examine the NETLAB_AE system log file.

1. When a user clicks on a lab device, the following message will be logged:
   [date time UTC] <user_id> opening connection to <device> from <IP address> using <Telnet or VNC>
2. When NETLAB_AE receives an inbound connection, this message will be logged:
   [date time UTC] received connection from <IP address>
3. When the user logs in successfully, this message will be logged:
   [date time UTC] remote access authorized for <user_id> into <device> during reservation <id>

If you see the message #1, but not message #2, NETLAB_AE is not seeing the corresponding remote access port connection following the request to connect. The following conditions may cause this:

• The remote access port is being blocked somewhere; personal firewall, user site firewall, NETLAB_AE site firewall, or router ACL.
• The user is using a Third Party Telnet Application which is not configured correctly.
• The user is using the NETLAB+ VT100 Terminal and Java is not enabled in the client browser, or Java is being blocked by a firewall.

I do not get a keyboard response after I establish a connection with a router, switch, or firewall. What is wrong?

Client issues:

• The third party Telnet application does not have focus. Click inside the window if you are using the NETLAB_AE NETLAB+ CLI Terminal and retry.

Hardware issues:

• The device has been unplugged from the switched outlet, or the power switch is in the off position.
• The console cable between the access server and the router is loose, unplugged, or the console cable is physically damaged.
• The router has a hardware problem. For example, the router will not boot.
• There is a problem with the Access Server or the port(s) on the Access Server.
• A control switch may be down.

Possible hardware issues should be referred to the local NETLAB_AE system administrator.

My serial link does not stay up (interface up, line protocol down). Why?

• Have you set a clockrate on the DCE interface?
• Have you issued the no shutdown command on both interfaces?
• Issue the show controllers command on both interfaces and examine the first few lines:
  • Is a serial cable attached on both sides?
  • Are the DTE and DCE cables attached to the correct routers as shown in the diagram?

Please refer cabling issues to your local NETLAB_AE administrator.

What clients can I use to access routers, switches, and firewalls?

Choose one of the following options in your NETLAB_AE user profile:

• NETLAB+ CLI Terminal: this is the default Java based client designed for NETLAB_AE. When you click on a lab device, the applet provides automatic, transparent login.
• NETLAB+ VT100 Terminal: this is the older Java based client. It may be removed in a future version.
• Third Party Telnet Application: you can use you own Telnet application, as long as your web browser is configured to handle the telnet:// URL prefix.

To use a specific Telnet application loaded on a Windows PC, follow these steps and refer to the picture below:

1. Select Local Telnet Application in your NETLAB_AE profile.
2. Start Windows Explorer or click on My Computer
3. Select Tools > Folder Options or View > Folder Options
4. Select the File Types tab
5. Select URL:Telnet Protocol
6. Select Edit or Advanced > Edit
7. Highlight Open in the Actions box and click on Edit
8. Type in the full path to the Telnet client executable. Here are a few examples. The paths may be different on your machine.

Default Windows Telnet:

rundll32.exe url.dll,TelnetProtocolHandler %1

HyperTerminal:

"C:\PROGRAM FILES\ACCESSORIES\HYPERTERMINAL\HYPERTRM.EXE" /t %1

Note: HyperTerminal will not allow multiple windows to be opened, whereas the default client will. Therefore, the default Windows client is preferred.

What applications can I use to access PCs in the lab?

NETLAB_AE provides a built-in terminal to connect to PCs in topologies that support them.

Does NETLAB_AE support Windows Terminal Services or VMRC (the Microsoft Virtual Server client)?

Microsoft has not publicly licensed or published the protocol specifications needed to support these remote access technologies.

When I try to connect to a device, NETLAB_AE says I am already connected. How can I get back in?

If your machine or client has hung, the NETLAB_AE server may not have received an indication that the client side of a connection has closed. You can force your connections to be dropped using either of these two methods:

• Click the "Drop My Connections" button on the lab/connections panel
• Log out of the NETLAB_AE web page, then log in again

How does NETLAB_AE save my work at the end of a lab reservation?

Check out the flow chart.

Can you directly cut and paste configs into a router, switch, or firewall?

There are currently two ways to load configs without typing them in the routers:

1. You can use the File Manager.
2. You can use a Third Party Telnet Application. The built-in Telnet applets do not currently support cut and paste due security issues inherent to Java. NDG is actively working to resolve this issue.

How can I create a configuration file, then load it into a router, firewall, or switch?

1. Go to "File" from MyNETLAB.
2. Create a new "configuration file".
3. Select "Edit This File".
4. Type or paste in a config.
5. Save changes.
6. Enter an active lab reservation from MyNETLAB.
7. Load the file into the desired device from the "Load" tab.

When NETLAB_AE loads a configuration file, the Ethernet, FastEthernet, or Serial interface commands are rejected?

NETLAB_AE allows different router types in each equipment pod. When a configuration is saved on one pod, then loaded onto another pod, it is possible that the source router interface names (e.g. Ethernet0, Serial0) are different than the destination router (e.g. FastEthernet0/0, Serial0/0). This situation would normally be handled by manually editing the interface names before loading the configurations on the destination routers. To avoid this time consuming task, NETLAB_AE automatically performs this translation if:

1. The configuration files were created using NETLAB_AE automates save option, or
2. They are NETLAB_AE default configuration files for a lab exercise

For this to work properly:

• The router types configured in NETLAB_AE must match the actual router types. Otherwise configurations may not load properly since NETLAB_AE is translating interface names based on the wrong router type.
• Interface names on the actual router must match the interface names that are expected by NETLAB_AE.

To determine the configured router types, click on the "Status" tab during a lab session. To determine the actual router types, use the IOS show version command. If these do not match, the NETLAB_AE administrator should correct this using the pod management interface.

How can I easily assess a student's work?

Instructors can use the archive feature (MyNETLAB > Archive) to rapidly assess how a student or team arrived at a solution. NETLAB_AE records the commands issued on all routers, switches, and firewalls. All activity is analyzed and sorted into a "who", "what", "when" and "where" table format. Each entry is hyperlinked so that output of each command can be easily viewed. Configuration files and device output are also saved with each lab session. The instructor may view this data online, or receive it automatically by e-mail.

How can I cancel a lab reservation?

Instructors can cancel future reservations or reservations in progress. Currently, instructors who seek immediate access can "bump" someone else off the pod. This feature will be partially limited in a future version. If possible, you should ask the user to terminate his reservation gracefully by having them click the "I'm Done" button on the Lab Access page. This will cause configuration files to be saved, log files to be retained, and the pod to be scrubbed. Any unused 30 minute blocks will be returned to the scheduler after cleanup tasks are completed.

1. Select "Scheduler"
2. Select "View or cancel reservations"
3. Select the reservation you wish to delete
4. Select "Delete"

Students can delete future reservations or reservation in progress, as long as they scheduled the lab event. Students cannot delete reservations made by other users.

1. Locate the reservation on the main page (MyNETLAB > Lab Access)
2. Click on the session ID hyperlink for the reservation you want to delete
3. From the reservation display select "Delete"

How can I change a lab reservation?

At this time, you must delete the reservation and make a new one.

I ended my reservation by clicking "I'm Done". Why did NETLAB_AE not return the unused time back to the scheduler?

1. There were less than 30 minutes remaining, OR
2. NETLAB_AE is still in the process of saving configuration files and cleaning up the lab, so the unused time has not been returned yet.

Can I purchase NETLAB_AE software and load it on my own PC?

No. NETLAB_AE is a turn-key server appliance that integrates NDG custom software and over 200 other software packages. The device drivers are specific to the hardware platform.

Does NETLAB_AE support the CCNA Discovery curriculum?

NDG has worked with Cisco to provide support for the majority of the labs in the CCNA Discovery curriculum. Support for CCNA Discovery was implemented in NETLAB+ version 4.0.25. NETLAB_AE supports 22 of the 29 labs included in the CCNA Discovery 2: Working at a Small to Medium Business or ISP course. Please refer to CCNA Discovery 2: Working at a Small to Medium Business or ISP for details on supported lab exercises. NETLAB_AE supports 44 of the 48 labs included in the CCNA Discovery 3: Introducing Routing and Switching in the Enterprise course. Please refer to CCNA Discovery 3: Introducing Routing and Switching in the Enterprise for details on supported lab exercises. NETLAB_AE supports 29 of the 36 equipment-based labs included in the CCNA Discovery 4: Designing and Supporting Computer Networks course. Please refer to CCNA Discovery 4: Designing and Supporting Computer Networks for details on supported lab exercises.

Does NETLAB_AE support the CCNA Security curriculum?

NDG has worked closely with the Cisco CCNA Security lab team to develop the labs Please see the CCNA Security labs page for details.

Answers to Frequently Asked Questions - NETLAB+ Support of CCNP V6.0

Will NETLAB Academy Edition^® support the new CCNP 6.0 curriculum?

Thank you for your interest in using NETLAB_AE to teach the CCNP 6.0 curriculum. Please be assured that NDG recognizes the importance of supporting this curriculum and we intend to make NETLAB_AE support of these courses available as quickly as possible, following their release by Cisco. The status of support of the three CCNP 6.0 courses is in progress as noted below.

What is the support status of the CCNP 6.0 - TSHOOT v1.0 – Troubleshooting and Maintaining Cisco IP Networks course?

NDG is working closely with the Cisco CCNP lab team to develop labs for the TSHOOT course and to ensure compatibility with NETLAB_AE topologies. It is expected that the Multi-Purpose Academy Pod (MAP) will be highly compatible with the TSHOOT course labs.

Equipment required for the MAP to support a high level of compatibility with the TSHOOT course:

• Two of the three switches must be L3 (3560s).
• R1, R2 and R3 must be minimum 1841s with 192 DRAM and the Advanced IOS Services.

Please consult your Cisco academy contact for more details as to what equipment is required.

What is the support status of the CCNP 6.0 - SWITCH v1.0 - Implementing Cisco Switched Networks and ROUTE v1.0 - Implementing Cisco IP Routing courses?

NDG is strongly optimistic that the labs for the SWITCH and ROUTE courses will be highly compatible with the Cuatro Router Pod (CRP), Cuatro Switch Pod (CSP) and the Multi-Purpose Academy Pod. More details will be available once Cisco starts the development of these labs.

Answers to Frequently Asked Questions - NETLAB+ Product Line

What is the difference between NETLAB Academy Edition^®, NETLAB Professional Edition^® and NETLAB Enterprise Edition?^™

NETLAB Academy Edition (NETLAB_AE) is available exclusively to Cisco Networking Academies as part of Network Development Group’s partnership with Cisco to service educational institutions participating in the Cisco Networking Academy program. The terms of the NETLAB_AE license restrict the use of NETLAB_AE to be used solely to teach the Cisco Networking Academy curriculum. NETLAB_AE allows the use of two custom pods for the purpose of case studies within the Cisco Networking Academy and for Academies to test (not implement) teaching additional curriculums.

NETLAB Professional Edition (NETLAB_PE) was created to meet the needs of the many academic institutions who asked for the ability to use NETLAB+ to teach outside of the Cisco Networking Academy curriculum. NETLAB_PE is licensed to teach any curriculum that the academic institution has acquired the right to host. NETLAB_PE is an off-the-shelf product designed for the following:

• Host equipment and virtual machines.
• Allow your organization to design equipment pods to host.
• Allow your organization to a design library of lab content.
• Automate pre-load of configurations and clean-up of lab.

NETLAB Enterprise Edition (NETLAB_EE) is a customized product, built to meet the specific requirements of your organization. NETLAB_EE provides an enterprise-level solution that can be designed to meet the needs of large-scale organizations, research and development projects, or to meet requirements unique to a specific organization.

See the NETLAB+ Product Comparison Table >

Why are NETLAB_AE, NETLAB_PE and NETLAB_EE priced differently?

NETLAB_AE is priced based on the size of the market. NETLAB_AE is discounted heavily because 1) each Academy pays a lease review the required annual fee to cover development costs to keep the system current, 2) amortizes the cost of ownership over several years to assure affordability, and 3) may only use the system for Cisco Networking Academy training. The annual support fee is required for continued usage.

NETLAB_PE is priced as a one-time purchase, off-the-shelf solution. An annual maintenance fee is not required with the purchase of a NETLAB_PE system, nor required for continued usage. However, the purchase of a support agreement is required in order to continue receiving software updates, including those needed to support the Cisco Networking Academy curriculum.

NETLAB_EE is priced to accommodate organizations with unique requirements or the need to host a large amount of equipment sets behind one large server deployment. Pricing and support plans are based on specific system configuration and requirements. Our team works closely with you during each stage to ensure a quick and successful deployment.

What products can be hosted and automated with NETLAB+?

Many products can be hosted behind a NETLAB+ system for the purpose of remote access via the Internet. What can be automated depends on the base functionality of the equipment. Some devices can be fully automated. Some devices have design limitations that allow for partial automation. Some devices have design limitations that allow no device automation. If the device can be managed via a console port and command line interface (CLI), full or partial automation may be possible. For complete automation, the manufacturer’s design must allow for remote password recovery and image recovery (if desired).

NDG supports a large array of Cisco equipment because 1) of our partnership with the Cisco Networking Academy and 2) the market for Cisco equipment justifies the labor to design automation around remote labs for many devices. NDG will consider automating other devices when an opportunity justifies the labor to automate required devices or when a customer is willing to fund the automation cost with the understanding that the automation driver will be used as a generic driver as needed and deployed by NDG.

Can I buy NETLAB Professional Edition and host any equipment?

You may host any device that is listed as a supported device. If the equipment you wish to use is not listed there are a couple of options:

• You can submit a request for NDG to develop the automation. If the device is a high-need device by existing customers, NDG will develop automation.
• If the device is not in high demand you can fund the development of automation. The development can be funded by covering the costs or by business development efforts that assure cost recovery plus profit.

NETLAB Professional Edition is an off-the-shelf product. If your organization wants to pursue the development of equipment drivers and software tools not built into the NETLAB+ product line, NDG will propose the NETLAB Enterprise Edition as a starting point. If the business opportunity will allow a specialized appliance or multiple NETLAB+ servers, we will do our best to lower the cost of ownership on subsequent systems.

Answers to Frequently Asked Questions - Equipment and Pods

What is a pod?

A pod is an instance of a supported lab topology, which can be reserved by a user.

How many equipment pods can I host on a single NETLAB_AE system?

A maximum of 12, but this also depends on the topologies you wish to host

What lab topologies are supported?

Please see the topologies page.

Can I create a custom lab configuration?

NETLAB Academy Edition currently supports topologies designed for Cisco Networking Academy labs. Customized lab configurations are offered in NETLAB Professional Edition.

What kind of lab equipment can I use?

Please review the supported lab equipment page.

What is a control device?

A piece of equipment that is required for NETLAB_AE to function, but is not accessible to students and instructors.

• Control switches provide NETLAB_AE internal connections
• Access servers provide console access to lab devices
• APC Switched Rack PDU, automated power management units

Please review the supported control devices page

I have checked over the cabling and configuration numerous times, but the pod test still produces errors. What can I do?

Please see the pod test help page.

I want to delete an image from the "IOS and PIX Images" inventory. However, NETLAB_AE says the image is "in use" and will not allow me to delete it. How can I remove this image?

An image that is marked "in use" has been assigned to one or more devices in a pod. To delete the image, you must first eliminate the dependency by assigning a different image to the devices using it. This is accomplished through the pod management interface.

I just completed a new equipment configuration and NETLAB_AE told me my pod(s) passed successfully, however, my users can no longer login. What might be the problem?

Make sure logins are not disabled. Administrator > Enable / Disable User Logins.

One or more pods are not showing up in the scheduler.

Make sure the pods are online. Administrator > Equipment Pods.

NETLAB_AE usually powers off the lab equipment when it is not scheduled. However, I noticed that my lab routers and switches were powered on when no lab time was scheduled. What might be happening?

There are two likely scenarios where this might happen:

1. The APC lost power but the NETLAB_AE server did not. In this case, NETLAB_AE powered off the outlets prior to the APC losing power. When power was restored to the APC, the outlets returned to the factory default state of ON.
2. Both the NETLAB_AE server and the lab APC lost power (i.e. power outage). The NETLAB_AE server came up before the APC initialized. When NETLAB_AE comes up, it will try to power off lab equipment that is not scheduled. However, if the APC has not fully initialized when NETLAB_AE tries to power off the outlets, they may remain in the factory default state of ON.

In both cases, the outlets will remain ON until the end of the next lab reservation. To prevent this behavior, power on all control devices and lab equipment, then wait several minutes before powering on the NETLAB_AE server.

I noticed the Cisco 1900, 2500, 1700, or XYZ device is not on the recommended list for certain pod types. However, they are listed on the supported device web page. Are these supported or not?

Since the labs are authored and revised by Cisco, NDG can only make "recommendations". When NDG releases a new pod type, our recommendations are based on the Academy bundles available at the time and known issues pertaining to certain labs. These will change over time as curriculum changes and older equipment is phased out.

When NDG authors new pod documentation, we typically do not recommend any device that is well beyond end-of-life. Unless explicitly stated, such a device may actually work in the context of the current labs. However, it is the responsibility of the customer to verify this if they choose to implement. We therefore recommend you study the labs for the curriculum you are teaching prior to finalizing the equipment you host.

Items listed on the supported device page have driver support in NETLAB, but are not be appropriate for all pods and labs. The recommendations in the pod-specific documentation guides attempt to narrow this list down to an appropriate subset. Therefore, the pod guides should be considered the primary source for equipment recommendations.

Why does Basic Router Pod Version 2 require two Ethernet ports on each router? This is more expensive!

Both ports are required for several labs that could not be done on Basic Router Pod Version 1. All entry level routers in the current bundles (Cisco 1841, 2801) support this requirement. NDG will continue to support a mix of both Basic Router Pod version 1 and Basic Router Pod version 2 on the same system to balance greater functionality with lower price points.

Why are Direct/Standalone PCs not supported on several pod types? This is disappointing!

The Academy labs serviced by these pod types require administrative rights to the PCs, which is problematic under the Direct/Standalone model. In particular, a user with administrative rights can accidently or intentionally disable the control NIC and isolate the PC from the equipment pod. third party virtualization products are not subject to this problem.

For further explanation, please refer to a Remote PC Guide in the documentation library.

What is the difference between Basic Router Pod Version 2 and Basic Router Pod Version 1?

Version 2 does not replace version 1. Rather, a mix of Version 1 and Version 2 will continue to be supported on the same system to provide a balance between functionality and cost.

Basic Router Pod Version 2 is designed to support more labs (both CCNA and CCNP) and provide greater functionality. This comes with the added expense of third party virtualization software and dual-Ethernet routers.

Basic Router Pod Version 1 supports fewer lab activities and is somewhat limited to CCNA. There are fewer requirements so the cost of implementation may be less.

How much should I expect to pay for the hardware required to run the VMware Server product?

Based on NDG’s purchasing experience, the typical price for server hardware to support VMware Server virtual machines is in the range of $1250-$1500 (US). NDG has used both Dell and IBM servers.

It is important to verify that the server you select meets requirements:

• The CPU must meet minimum recommendations
• The server must have sufficient memory to run the virtual machines implemented.

How much should I expect to pay for the software required to run VMware Server?

Please refer to the Remote PC Support page for details on supported virtualization software.

You may obtain a free download of VMware Server from VMware, Inc..

Do not purchase VMware ESX, VMware Virtual Center or VMware Workstation products; these products do not currently work with NETLAB+.

You will need a Windows Server operating system to host the VMware Server application. NDG recommends Windows Server 2003, which typically costs $600 - $900 (US). Virtual Machines can run either Windows or Linux operating systems. Some Networking Academy curriculums utilize various Microsoft Windows operating systems, which typically require one license per virtual machine. The MSDN Academic Alliance program (where available) can provide Academic discounts for these products for qualifying institutions.

Answers to Frequently Asked Questions - Security and Firewall

How do I access the system shell, root, and/or manage system accounts?

NETLAB_AE is an appliance. All administrative functions are performed through the console menu or web interfaces.

Please note: accessing or modifying the underlying operating system is not permitted under the license agreement. All internal access and modifications to the NETLAB_AE server should only be performed by NDG technical support and official software upgrades.

Where can I get information for my network or firewall administrator?

Please see the Connectivity and Firewall whitepaper.

Where should my NETLAB_AE server be located?

Ideally, the server should be placed in a rack behind a DMZ. NDG has taken many steps to make the product both secure and firewall friendly. However, a "remote lab" product inherently requires inbound connections. Some customers have opted to establish a separate low cost Internet connection for NETLAB+.

My administrator won't allow "XYZ". Can you do something on the server to work around this?

NDG keeps Academy pricing low by maintaining a standard environment and software version across all systems. Therefore, we typically do not modify individual systems. Occasional exceptions are made if the requested change is feasible, can be easily maintained, and/or incorporated into the core product.

How much bandwidth is required?

A T1 connection is recommended. Bandwidth usage varies based on the number of simultaneous connections and connection types. Use caution with Cable and DSL solutions. Keep in mind that:

• A fixed IP address is required for the server. DHCP is not supported.
• Many service offerings do not provide the same bandwidth in both directions; they are usually optimized for downloads from the Internet (inbound). For NETLAB_AE, it is desirable to have more bandwidth from server towards the Internet (outbound).

Does NETLAB_AE support Network Address Translation (NAT)?

Yes. A unique external IP address must be assigned to the NETLAB+ server. A static mapping (or conduit) between the external and internal NETLAB_AE IP addresses must be defined. Port Address Translation (PAT) is not supported.

What protocols and ports numbers does NETLAB_AE use?

Inbound Port Requirements

Port	Usage
TCP 80	Provides HTTP access to the NETLAB+ web interface
TCP 2201 (default)	Remote Access Port for lab equipment access and remote PC access. The Remote Access Port does not provide login/shell access to the NETLAB+ server. The default port is TCP port 2201. The administrator may change this port and/or add additional ports for remote users/sites that block port 2201 outbound. To provide offsite access without a VPN, at least one Remote Access Port must be open in the site firewall.
TCP 22 (recommended)	Provides SSH for NDG technical support only. In lieu of SSH, this function can also be performed over the TCP port(s) defined for remote access, by special arrangement.

Outbound Port Requirements

Port	Usage
TCP 25	Allows NETLAB+ to send e-mail to users. This is optional.
TCP 80	Allows the NETLAB+ server to connect to the NDG Central Support Server. This server provides software updates.
UDP 53	The NETLAB+ server makes DNS queries to resolve the address of the support server (nss.netdevgroup.com).

Does NETLAB_AE route between the user network and interfaces attached to equipment pods?

NETLAB_AE is a proxy server. There is no routing between interfaces.

Will NETLAB_AE work with an HTTP proxy and/or internal mail server.

Although not supported by NDG, the following settings are provided:

• Alternate mail server.
• HTTP proxy server (IP address and port). The proxy must be completely transparent.

A supported configuration requires direct outbound access from the NETLAB_AE server to the Internet:

• HTTP, port 80 TCP
• SMTP, port 25 TCP

Can I turn block access to Central Support Services?

No. Access to CSS is required. NETLAB_AE uses the Internet based CSS model to make the product easy to maintain at a reasonable cost. For more information, please refer to the CSS whitepaper.

What is Telnet used for? Isn't Telnet insecure?

TCP Port 23 (often associated/mistaken with Telnet), is no longer the default port for Terminal and Remote PC Viewer access. The default “Remote Access Port” is now 2201. New systems will use port 2201 out of the box. Existing systems with software prior to 2009.R1.beta.2 will remain 23, but can be changed from the console. The administrator has the capability to change the remote access port, or define more than one remote access port.

IMPORTANT:

As of version 2.21.0, Telnet can provide a console login for sole the purpose of support by NDG. The option must be explicitly enabled by both the local NETLAB_AE administrator and by NDG. Telnet can be used where firewalls and/or policy prohibit the use of SSH. Although SSH is not a requirement, it is still the preferred method of NDG support access because SSH provides encryption.

Can SSH be used instead of Telnet to access lab equipment?

Not at this time. A wide variety of international laws restrict the export and use of encryption software. SSH is only used for technical support access by NDG, and only in countries that permit it.

Does NETLAB_AE use the (insecure) TFTP protocol?

NETLAB_AE provides a read-only TFTP server listening on the inside (private) interface. TFTP is disabled on the outside (public) interface. When NETLAB_AE needs to recover a system image on a lab device, control switch port is moved into VLAN 1. After the image is TFTP'd to the device, the port is removed from VLAN 1.

Can the NETLAB_AE server act as a TFTP server for lab exercises that require one?

This is not supported for security and technical reasons. You can use a NETLAB_AE remote PC to provide this capability if supported by the lab topology.

Answers to Frequently Asked Questions - Required Annual Maintenance

Why does NDG require an annual maintenance fee for NETLAB_AE?

NETLAB_AE must keep pace with new curriculum, labs, hardware, IOS images, PC operating systems and system security patches. NDG is firmly committed to keeping pace with the dynamic nature of Academy curriculum requirements, which requires a continuous investment by NDG in both labor and equipment.

NETLAB_AE is a specialized product, with a relatively small market. If annual maintenance were optional, we would not generate enough revenue to support the product and keep your system current.

NDG's high level of customer satisfaction and customer retention illustrate that we are providing an excellent service well worth what we recognize is a significant investment by our Academy customers.

View a video to learn more>.

What do Academies get for the annual fee?

• Software upgrades, feature enhancements, and bug fixes
• Updates to keep pace with curriculum and lab changes
• New hardware support including IOS automation patches
• New technology, for example, remote personal computer operability
• Unlimited technical support

How can we recoup 100% of the NETLAB_AE costs?

The NETLAB_AE software license allows you to share access with Cisco Networking Academies^® around the world. You can charge a reasonable cost recovery fee as long as you follow the guidelines of the license and the Cisco Networking Academy Program^®.

With version 3.7 (May, 2005 software release) you can host up to 10 lab pods for up to 87,600 lab hours. This allows your Academy to 1) help others that need equipment access and 2) to recover 100% of your costs.

What steps is NDG taking to promote shared access?

NETLAB_AE version 3.9 will support "communities". Specific blocks of time on an equipment pod can be reserved for a community. Each community will support separate classes, instructors, and user accounts. Instructors in community A cannot alter the accounts and classes of community B, and vice-versa. The administrator can assign one or more Academies to a community.

Version 3.9 will also feature a "sharing portal". Academies with NETLAB_AE can advertise their system availability and sharing model to other Academies via the NDG website.

How does NDG decide what new features to implement?

• We listen to your feedback.
• We regularly meet with Cisco Networking Academy Program Managers and Technical Managers.
• We plan upgrades based on curriculum requirements, customer demand, and implementation feasibility.