Frequently Asked Questions - Getting Started with NETLAB+

Frequently Asked Questions - NETLAB+ Support of CCNP 6.0

Frequently Asked Questions - NETLAB+ Product Line

Frequently Asked Questions - Equipment and Pods

Frequently Asked Questions - Console Enable Break Problem with WS-C3560V2-24PS switches ("V2" models)


Frequently Asked Questions - Security and Firewall


Frequently Asked Questions - Required Annual Maintenance

Answers to Frequently Asked Questions - General Topics


How do I get help?

Please review these FAQs and documentation before contacting technical support.


I am having login problems.

The leading causes are:

  • The assigned remote access port is being blocked by personal firewall software, or other firewalls between you and the NETLAB+ server
  • Cookies are disabled
  • Javascript is disabled

Modern browsers and firewall software allow you to enable these features for an individual site; in this case, the NETLAB+ server address.


What are the user, client, and browser requirements?

Please refer to the requirements page.


If the remote access port test fails during login, what are the probable causes and what can I do to resolve this issue?

A Remote Access Test is performed during each user login. The purpose of the test is to attempt to establish an outbound TCP connection. This connection is necessary for remote device access, and remote PC access and access to chat functions.

This test will fail if a connection using the TCP port(s) defined by the NETLAB+ administrator cannot be established. There are several reasons why the Remote Access Test may fail:

  1. Personal Firewall settings on your computer: The personal firewall software on your computer may be set by default to prohibit the port connection. This issue is routinely resolved by selecting to allow the connection when prompted by a pop-up window from your personal firewall software.
  2. Security policy at your current location: It is possible that local security policy does not allow outbound access using the port(s) chosen by the NETLAB+ administrator. This is the most likely diagnosis if you are able to successfully access the system from another location.
  3. Ports have not been opened in the site firewall: As part of the installation process, you must be certain to open the ports in the site firewall that have been designated available for outbound client connections. This is only likely to be the problem if all users are unable to establish a connection.

If the remote access port test fails during login and indicates a ***port test applet timed out before completion*** error, what is the likely cause?

The port test uses Java, as do other components in NETLAB+. It is likely that the timeout within NETLAB+ is related to the Java plug-in. The latest version of Java must be installed and properly configured within your web browser.

Installing the latest version of Java on your machine does not always ensure that it gets properly configured to work in your browser. You can confirm you are running the latest version of Java and that Java is properly configured within your browser by using Sun’s test program.

Examine the results of the test. If the Dancing Duke (as shown in the picture below) animation is not dancing, the latest version of Java is not properly configured within your browser and NETLAB+ will not function.

Java Test  

What is an IFRAME ERROR?

NETLAB+ uses HTML inline frames. You will receive this error if your personal firewall/security software blocks IFRAMES, or your browser has disabled them.

Please refer to the IFRAMES help page.


During lab access, I hear a clicking sound every few seconds. How can I make it go away?

If you have a Windows PC, remove your "Start Navigation" sound.

  • Start > Control Panel > Sounds
  • Scroll down in the "Events" box to "Windows Explorer/Start Navigation"
  • In the Sound/Name field, select "(None)"

I cannot connect to a router, switch, firewall, or PC!

If you are able to access the NETLAB+ server with a web browser, but cannot make a connection to a lab device or PC, a firewall is probably blocking the remote access port. The remote access port must be "open" between your workstation and the NETLAB+ server. The default remote access port is now 2201 (existing systems prior to 2009.R1.beta.2 have a default of 23) The remote access port may be reassigned to a new port or list of port numbers (supported in NETLAB+ software versions 2009.R1 or later). Please see the NETLAB+ Installation Guide for details

  1. Make sure Java is installed and enabled on your workstation.
  2. Make sure personal firewall software on your workstation is not blocking the remote access port
  3. Is a local firewall blocking the remote access port outbound? Check with your local network administrator.
  4. Is the remote access port open inbound at the NETLAB+ site firewall? Check with your instructor or NETLAB+ administrator.

What can the NETLAB+ administrator do to troubleshoot lab device connections?

Examine the NETLAB+ system log file.

  1. When a user clicks on a lab device, the following message will be logged:
    [date time UTC] <user_id> opening connection to <device> from <IP address> using <Telnet or VNC>
  2. When NETLAB+ receives an inbound connection, this message will be logged:
    [date time UTC] received connection from <IP address>
  3. When the user logs in successfully, this message will be logged:
    [date time UTC] remote access authorized for <user_id> into <device> during reservation <id>

If you see the message #1, but not message #2, NETLAB+ is not seeing the corresponding remote access port connection following the request to connect. The following conditions may cause this:

  • The remote access port is being blocked somewhere; personal firewall, user site firewall, NETLAB+ site firewall, or router ACL.
  • The user is using a Third Party Telnet Application which is not configured correctly.
  • The user is using the NETLAB+ VT100 Terminal and Java is not enabled in the client browser, or Java is being blocked by a firewall.

I do not get a keyboard response after I establish a connection with a router, switch, or firewall. What is wrong?

Client issues:
  • The third party Telnet application does not have focus. Click inside the window if you are using the NETLAB+ NETLAB+ CLI Terminal and retry.

Hardware issues:
  • The device has been unplugged from the switched outlet, or the power switch is in the off position.
  • The console cable between the access server and the router is loose, unplugged, or the console cable is physically damaged.
  • The router has a hardware problem. For example, the router will not boot.
  • There is a problem with the Access Server or the port(s) on the Access Server.
  • A control switch may be down.

Possible hardware issues should be referred to the local NETLAB+ system administrator.


My serial link does not stay up (interface up, line protocol down). Why?

  • Have you set a clockrate on the DCE interface?
  • Have you issued the no shutdown command on both interfaces?
  • Issue the show controllers command on both interfaces and examine the first few lines:
    • Is a serial cable attached on both sides?
    • Are the DTE and DCE cables attached to the correct routers as shown in the diagram?

Please refer cabling issues to your local NETLAB+ administrator.


What clients can I use to access routers, switches, and firewalls?

Choose one of the following options in your NETLAB+ user profile:

  • NETLAB+ CLI Terminal: this is the default Java based client designed for NETLAB+. When you click on a lab device, the applet provides automatic, transparent login.
  • NETLAB+ VT100 Terminal: this is the older Java based client. It may be removed in a future version.
  • Third Party Telnet Application: you can use your own Telnet application, as long as your web browser is configured to handle the telnet:// URL prefix.

To use a specific Telnet application loaded on a Windows PC, follow these steps and refer to the picture below:

  1. Select Local Telnet Application in your NETLAB+ profile.
  2. Start Windows Explorer or click on My Computer
  3. Select Tools > Folder Options or View > Folder Options
  4. Select the File Types tab
  5. Select URL:Telnet Protocol
  6. Select Edit or Advanced > Edit
  7. Highlight Open in the Actions box and click on Edit
  8. Type in the full path to the Telnet client executable. Here are a few examples. The paths may be different on your machine.
Default Windows Telnet:

rundll32.exe url.dll,TelnetProtocolHandler %1



Note: HyperTerminal will not allow multiple windows to be opened, whereas the default client will. Therefore, the default Windows client is preferred.


What applications can I use to access PCs in the lab?

NETLAB+ provides a built-in client to connect to PCs in topologies that support them.


Does NETLAB+ support Windows Terminal Services or VMRC (the Microsoft Virtual Server client)?

Microsoft has not publicly licensed or published the protocol specifications needed to support these remote access technologies.


When I try to connect to a device, NETLAB+ says I am already connected. How can I get back in?

If your machine or client has hung, the NETLAB+ server may not have received an indication that the client side of a connection has closed. You can force your connections to be dropped using either of these two methods:

  • Click the "Drop My Connections" button on the lab/connections panel
  • Log out of the NETLAB+ web page, then log in again

How does NETLAB+ save my work at the end of a lab reservation?

Check out the flow chart.


Can you directly cut and paste configs into a router, switch, or firewall?

There are currently two ways to load configs without typing them in the routers:

  1. You can use the File Manager.
  2. Configs can be pasted directly into the CLI terminal.

How can I create a configuration file, then load it into a router, firewall, or switch?

  1. Go to "File" from MyNETLAB.
  2. Create a new "configuration file".
  3. Select "Edit This File".
  4. Type or paste in a config.
  5. Save changes.
  6. Enter an active lab reservation from MyNETLAB.
  7. Load the file into the desired device from the "Load" tab.

When NETLAB+ loads a configuration file, the Ethernet, FastEthernet, or Serial interface commands are rejected?

NETLAB+ allows different router types in each equipment pod. When a configuration is saved on one pod, then loaded onto another pod, it is possible that the source router interface names (e.g. Ethernet0, Serial0) are different than the destination router (e.g. FastEthernet0/0, Serial0/0). This situation would normally be handled by manually editing the interface names before loading the configurations on the destination routers. To avoid this time consuming task, NETLAB+ automatically performs this translation if:

  1. The configuration files were created using NETLAB+ automates save option, or
  2. They are NETLAB+ default configuration files for a lab exercise.
    For this to work properly:
    • The router types configured in NETLAB+ must match the actual router types. Otherwise configurations may not load properly since NETLAB+ is translating interface names based on the wrong router type.
    • Interface names on the actual router must match the interface names that are expected by NETLAB+.

To determine the configured router types, click on the "Status" tab during a lab session. To determine the actual router types, use the IOS show version command. If these do not match, the NETLAB+ administrator should correct this using the pod management interface.


How can I easily assess a student's work?

Instructors can use the archive feature (MyNETLAB > Archive) to rapidly assess how a student or team arrived at a solution. NETLAB+ records the commands issued on all routers, switches, and firewalls. All activity is analyzed and sorted into a "who", "what", "when" and "where" table format. Each entry is hyperlinked so that output of each command can be easily viewed. Configuration files and device output are also saved with each lab session. The instructor may view this data online, or receive it automatically by e-mail.

How can I cancel a lab reservation?

Instructors can cancel future reservations or reservations in progress. Currently, instructors who seek immediate access can "bump" someone else off the pod. This feature will be partially limited in a future version. If possible, you should ask the user to terminate his reservation gracefully by having them click the "I'm Done" button on the Lab Access page. This will cause configuration files to be saved, log files to be retained, and the pod to be scrubbed. Any unused 30 minute blocks will be returned to the scheduler after cleanup tasks are completed.

  1. Select "Scheduler"
  2. Select "View or cancel reservations"
  3. Select the reservation you wish to delete
  4. Select "Delete"

Students can delete future reservations or reservation in progress, as long as they scheduled the lab event. Students cannot delete reservations made by other users.

  1. Locate the reservation on the main page (MyNETLAB > Lab Access)
  2. Click on the session ID hyperlink for the reservation you want to delete
  3. From the reservation display select "Delete"

How can I change a lab reservation?

At this time, you must delete the reservation and make a new one.


I ended my reservation by clicking "I'm Done". Why did NETLAB+ not return the unused time back to the scheduler?

  1. NETLAB+ is still in the process of saving configuration files and cleaning up the lab, so the unused time has not been returned yet.

Can I purchase NETLAB+ software and load it on my own PC?

No. NETLAB+ is a turn-key server appliance that integrates NDG custom software and over 200 other software packages. The device drivers are specific to the hardware platform.


Does NETLAB+ support the CCNA Discovery curriculum?

NDG has worked with Cisco to provide support for the majority of the labs in the CCNA Discovery curriculum. Support for CCNA Discovery was implemented in NETLAB+ version 4.0.25. NETLAB+ supports 22 of the 29 labs included in the CCNA Discovery 2: Working at a Small to Medium Business or ISP course. Please refer to CCNA Discovery 2: Working at a Small to Medium Business or ISP for details on supported lab exercises. NETLAB+ supports 44 of the 48 labs included in the CCNA Discovery 3: Introducing Routing and Switching in the Enterprise course. Please refer to CCNA Discovery 3: Introducing Routing and Switching in the Enterprise for details on supported lab exercises. NETLAB+ supports 29 of the 36 equipment-based labs included in the CCNA Discovery 4: Designing and Supporting Computer Networks course. Please refer to CCNA Discovery 4: Designing and Supporting Computer Networks for details on supported lab exercises.


Does NETLAB+ support the CCNA Security curriculum?

NDG has worked closely with the Cisco CCNA Security lab team to develop the labs Please see the CCNA Security labs page for details.


I am experiencing problems running SDM. What is the likely cause and how can it be resolved?

Most of the issues that have been reported with SDM have been due to the Java plug-in. Another problem has been reported regarding IE browser security. You must enable "Allow programs to run active content off my Computer" from the Advanced tab.

NDG hosts a demo MAP topology in which the VMs are running Java 1.6.0_01-b06 (Runtime Environment 6, Update 6). We recommend that you do not install any version higher than Update 7 (to be safe). Update 7 seems to be the last safe version.

You may refer to the following links for additional information:

Answers to Frequently Asked Questions - Getting Started with NETLAB+


How do I select the appropriate lab equipment for using Cisco Networking Academy content on my NETLAB+ system?

Please review the lab equipment requirements for guidance on selecting courses, topologies, and equipment for your system.

You may find it helpful to bookmark these pages for reference as you choose your lab equipment, install and administer your NETLAB+ system:

  • Lists of supported Cisco Networking Academy labs.
  • A summary of all lab topologies.
  • Documentation including installation, administration and pod guides
  • A variety of support resources are available.

How is a typical NETLAB+ system racked?

NETLAB+ Racking Example

Here is an example diagram of how a typical system may be racked. This example contains three (3) Multi-Purpose Academy Pod (MAP) pods and one (1) Network Fundamentals Pod (NFP).

This example shows one of many ways the gear may be racked. There are other ways to rack the gear, as it is a matter of preference. Your setup will vary, depending on the number of control and lab devices you have available.


I need to learn more about implementing virtual PCs in my lab topologies, where should I begin?

NETLAB+ integrates with 3rd party virtualization products to provide powerful and cost effective PC support for lab topologies. Our Remote PC Support page includes details and links to pages where downloads of VMware vistualization software are available.

Please refer also to the Remote PC Guide for VMware Implementation Using ESXi versions 4.01 and 4.1 with vCenter

Answers to Frequently Asked Questions - NETLAB+ Support of CCNP V6.0


Does NETLAB+ support Ciso Networking Academy CCNP 6.0 curriculum?

Thank you for your interest in using NETLAB+ to teach the CCNP 6.0 curriculum. Please be assured that NDG recognizes the importance of supporting this curriculum. Beta support of CCNP TSHOOT is available beginning with NETLAB+ version 2010.R2. Beta support of CCNP ROUTE and SWITCH is available beginning with NETLAB+ version 2010.R5.


What is the support status of the CCNP 6.0 - TSHOOT v1.0 – Troubleshooting and Maintaining Cisco IP Networks course?

Beginning with NETLAB+ software version 2010.R2, NETLAB+ provides beta support for the recently released first course of the CCNP v6.0 curriculum, CCNP TSHOOT using the Multi-Purpose Academy Pod (MAP).

There are additional equipment requirements for the MAP pod when using it for CCNP TSHOOT:

  • Two of the three switches must be L3 (3560s).
  • R1, R2 and R3 must be minimum 1841s with 192 DRAM and the Advanced IOS Services.

Details on the additional equipment requirements for using MAP pod for CCNP TSHOOT.


What is the support status of the CCNP 6.0 - ROUTE v1.0 - Implementing Cisco IP Routing course?

Beginning with NETLAB+ software version 2010.R5, NETLAB+ provides beta support for the CCNP v6.0 ROUTE course. 100% of the ROUTE labs are supported using the Cuatro Router Pod (CRP) and many of the labs are also supported using the Multi-Purpose Academy Pod (MAP).


What is the support status of the CCNP 6.0 - SWITCH v1.0 - Implementing Cisco Switched Networks course?

Beginning with NETLAB+ software version 2010.R5, NETLAB+ provides beta support for the CCNP v6.0 SWITCH course SWITCH labs are supported using the Cuatro Switch Pod (CSP) with the exception of one lab, which uses the Multi-Purpose Academy Pod (MAP).

Answers to Frequently Asked Questions - NETLAB+ Product Line


What is the difference between NETLAB Academy Edition® and NETLAB Professional Edition®

Please review the NETLAB+ Product Comparison Table for details on the each product version. Both product versions can be used to deliver a wide range of curriculum content.


Why are NETLAB Academy Edition and NETLAB Professional Edition priced differently?

NETLAB Academy Edition is discounted upfront with the right to use tied to a required annual software upgrade fee. This model provides a lower cost of ownership and keeps your system current as technology changes. The annual support fee is required for continued usage.

NETLAB Professional Edition is a perpetual license for customers that want the software upgrade service to be optional. NETLAB PE is designed to scale to a higher volume of students and allows custom setups. This model is favorable for organizations that want to capitalize costs upfront.


What products can be hosted and automated with NETLAB+?

Many products can be hosted behind a NETLAB+ system for the purpose of remote access via the Internet. What can be automated depends on the base functionality of the equipment. Some devices can be fully automated. Some devices have design limitations that allow for partial automation. Some devices have design limitations that allow no device automation. If the device can be managed via a console port and command line interface (CLI), full or partial automation may be possible. For complete automation, the manufacturer’s design must allow for remote password recovery and image recovery (if desired).

NDG supports a large array of Cisco equipment because 1) of our partnership with the Cisco Networking Academy and 2) the market for Cisco equipment justifies the labor to design automation around remote labs for many devices. NDG will consider automating other devices when an opportunity justifies the labor to automate required devices or when a customer is willing to fund the automation cost with the understanding that the automation driver will be used as a generic driver as needed and deployed by NDG.


Can I buy NETLAB+ and host any equipment?

You may host any device that is listed as a supported device. If the equipment you wish to use is not listed, there are a couple of options:

  • You can submit a request for NDG to develop the automation. If the device is a high-need device by existing customers, NDG will develop automation.
  • If the device is not in high demand, you can fund the development of automation. The development can be funded by covering the costs or by business development efforts that assure cost recovery plus profit.

Answers to Frequently Asked Questions - Equipment and Pods


What is a pod?

A pod is an instance of a supported lab topology, which can be reserved by a user.


How many total active pods can I host on a single NETLAB+ system?

Please review the details provided on the product comparison table


What lab topologies are supported?

A wide variety of topologies are available for your NETLAB+ system including topologies for Cisco Networking Academy courses, the VMware ICM pod for the VMware vsphere ICM course and a selection of general IT topologies. You may also build your own custom topologies.


What kind of lab equipment can I use?

Please review the supported lab equipment page.


What is a control device?

Control Devices are required in order to provide internal connectivity, console access, and managed power to lab devices. Control devices are dynamically managed by NETLAB+ and are not accessible or configurable by end users. Lab devices and control devices are required in order to support Cisco Networking Academy lab content.

  • Control switches provide NETLAB+ internal connections
  • Access servers provide console access to lab devices
  • APC Switched Rack PDU, automated power management units

Please review the supported control devices page


I have checked over the cabling and configuration numerous times, but the pod test still produces errors. What can I do?

Please see the pod test help page.


I want to delete an image from the "IOS and PIX Images" inventory. However, NETLAB+ says the image is "in use" and will not allow me to delete it. How can I remove this image?

An image that is marked "in use" has been assigned to one or more devices in a pod. To delete the image, you must first eliminate the dependency by assigning a different image to the devices using it. This is accomplished through the pod management interface.


I just completed a new equipment configuration and NETLAB+ told me my pod(s) passed successfully, however, my users can no longer login. What might be the problem?

Make sure logins are not disabled. Administrator > Enable / Disable User Logins.


One or more pods are not showing up in the scheduler.

Make sure the pods are online. Administrator > Equipment Pods.


NETLAB+ usually powers off the lab equipment when it is not scheduled. However, I noticed that my lab routers and switches were powered on when no lab time was scheduled. What might be happening?

There are two likely scenarios where this might happen:
  1. The APC lost power but the NETLAB+ server did not. In this case, NETLAB+ powered off the outlets prior to the APC losing power. When power was restored to the APC, the outlets returned to the factory default state of ON.
  2. Both the NETLAB+ server and the lab APC lost power (i.e. power outage). The NETLAB+ server came up before the APC initialized. When NETLAB+ comes up, it will try to power off lab equipment that is not scheduled. However, if the APC has not fully initialized when NETLAB+ tries to power off the outlets, they may remain in the factory default state of ON.

In both cases, the outlets will remain ON until the end of the next lab reservation. To prevent this behavior, power on all control devices and lab equipment, then wait several minutes before powering on the NETLAB+ server.


I noticed the Cisco 1900, 2500, 1700, or XYZ device is not on the recommended list for certain pod types. However, they are listed on the supported device web page. Are these supported or not?

Since the labs are authored and revised by Cisco, NDG can only make "recommendations". When NDG releases a new pod type, our recommendations are based on the Academy bundles available at the time and known issues pertaining to certain labs. These will change over time as curriculum changes and older equipment is phased out.

When NDG authors new pod documentation, we typically do not recommend any device that is well beyond end-of-life. Unless explicitly stated, such a device may actually work in the context of the current labs. However, it is the responsibility of the customer to verify this if they choose to implement. We therefore recommend you study the labs for the curriculum you are teaching prior to finalizing the equipment you host.

Items listed on the supported device page have driver support in NETLAB, but are not be appropriate for all pods and labs. The recommendations in the pod-specific documentation guides attempt to narrow this list down to an appropriate subset. Therefore, the pod guides should be considered the primary source for equipment recommendations.


Why does Basic Router Pod Version 2 require two Ethernet ports on each router? This is more expensive!

Both ports are required for several labs that could not be done on Basic Router Pod Version 1. All entry level routers in the current bundles (Cisco 1841, 2801) support this requirement. NDG will continue to support a mix of both Basic Router Pod version 1 and Basic Router Pod version 2 on the same system to balance greater functionality with lower price points.


Why are Direct/Standalone PCs not supported on several pod types? This is disappointing!

The Academy labs serviced by these pod types require administrative rights to the PCs, which is problematic under the Direct/Standalone model. In particular, a user with administrative rights can accidentally or intentionally disable the control NIC and isolate the PC from the equipment pod. third party virtualization products are not subject to this problem.

For further explanation, please refer to a Remote PC Guide in the documentation library.


What is the difference between Basic Router Pod Version 2 and Basic Router Pod Version 1?

Version 2 does not replace version 1. Rather, a mix of Version 1 and Version 2 will continue to be supported on the same system to provide a balance between functionality and cost.

Basic Router Pod Version 2 is designed to support more labs (both CCNA and CCNP) and provide greater functionality. This comes with the added expense of third party virtualization software and dual-Ethernet routers.

Basic Router Pod Version 1 supports fewer lab activities and is somewhat limited to CCNA. There are fewer requirements so the cost of implementation may be less.


How much should I expect to pay for the hardware required to run VMware virtualization products?

Based on NDG’s purchasing experience, the typical price for server hardware to support VMware virtual machines is in the range of $1250-$1500 (US). NDG has used both Dell and IBM servers.

It is important to verify that the server you select meets requirements:

  • The CPU must meet minimum recommendations
  • The server must have sufficient memory to run the virtual machines implemented.

How much should I expect to pay for the software required to run VMware virtualization products?

Please refer to the Remote PC Support page for details on supported virtualization software.

Please be aware that there is no need to purchase VMware products to implement remote PCs on a NETLAB+ server. You may obtain a free download of VMware ESXi.

When downloading ESXi, it is important to select a version that is compatible with NETLAB+. Please refer to the Remote PC Support page for information on the latest supported versions.

Do not purchase VMware ESX or VMware Workstation products; these products do not currently work with NETLAB+.

If you use VMware Server, you will need a Windows Server operating system to host the VMware Server application. NDG recommends Windows Server 2003, which typically costs $600 - $900 (US). Virtual Machines can run either Windows or Linux operating systems. Some Networking Academy curriculums utilize various Microsoft Windows operating systems, which typically require one license per virtual machine. The MSDN Academic Alliance program (where available) can provide Academic discounts for these products for qualifying institutions.

Answers to Frequently Asked Questions - Console Enable Break Problem with WS-C3560V2-24PS switches ("V2" models)


Why are Cisco WS-C3560V2-24PS switches ("V2" models) not recommended for use as NETLAB+ lab devices? Is there a way to work around this issue?

Cisco WS-C3560V2-24PS switches ("V2" models) do not respond to a console break signal, regardless of "enable break" setting, and therefore do not work with NETLAB+ automation (reference Cisco bug CSCsv92241). Although the bug was reported fixed, the problem still persists on the V2 models as of this writing. Workarounds: use WS-C3560-24PS (non-"V2" version) switches if available, or turn off automation by using the Generic Console Device setting.


Answers to Frequently Asked Questions - Security and Firewall


How do I access the system shell, root, and/or manage system accounts?

NETLAB+ is an appliance. All administrative functions are performed through the console menu or web interfaces.

Please note: accessing or modifying the underlying operating system is not permitted under the license agreement. All internal access and modifications to the NETLAB+ server should only be performed by NDG technical support and official software upgrades.


Where can I get information for my network or firewall administrator?

Please see the Connectivity and Firewall whitepaper.


Where should my NETLAB+ server be located?

Ideally, the server should be placed in a rack behind a DMZ. NDG has taken many steps to make the product both secure and firewall friendly. However, a "remote lab" product inherently requires inbound connections. Some customers have opted to establish a separate low cost Internet connection for NETLAB+.


My administrator won't allow "XYZ". Can you do something on the server to work around this?

NDG keeps Academy pricing low by maintaining a standard environment and software version across all systems. Therefore, we typically do not modify individual systems. Occasional exceptions are made if the requested change is feasible, can be easily maintained, and/or incorporated into the core product.


How much bandwidth is required?

A T1 connection is recommended. Bandwidth usage varies based on the number of simultaneous connections and connection types. Use caution with Cable and DSL solutions. Keep in mind that:

  • A fixed IP address is required for the server. DHCP is not supported.
  • Many service offerings do not provide the same bandwidth in both directions; they are usually optimized for downloads from the Internet (inbound). For NETLAB+, it is desirable to have more bandwidth from server towards the Internet (outbound).

Does NETLAB+ support Network Address Translation (NAT)?

Yes. A unique external IP address must be assigned to the NETLAB+ server. A static mapping (or conduit) between the external and internal NETLAB+ IP addresses must be defined. Port Address Translation (PAT) is not supported.


What protocols and port numbers does NETLAB+ use?

Inbound Port Requirements
Port Usage
TCP 80 Provides HTTP access to the NETLAB+ web interface
TCP 2201
Remote Access Port for lab equipment access and remote PC access.
  • The Remote Access Port does not provide login/shell access to the NETLAB+ server.
  • The default port is TCP port 2201. The administrator may change this port and/or add additional ports for remote users/sites that block port 2201 outbound.
  • To provide offsite access without a VPN, at least one Remote Access Port must be open in the site firewall.
TCP 22
Provides SSH for NDG technical support only. In lieu of SSH, this function can also be performed over the TCP port(s) defined for remote access, by special arrangement.

Outbound Port Requirements

Port Usage
TCP 25 Allows NETLAB+ to send e-mail to users. This is optional.
TCP 80 Allows the NETLAB+ server to connect to the NDG Central Support Server. This server provides software updates.
UDP 53 The NETLAB+ server makes DNS queries to resolve the address of the support server (

Does NETLAB+ route between the user network and interfaces attached to equipment pods?

NETLAB+ is a proxy server. There is no routing between interfaces.


Will NETLAB+ work with an HTTP proxy and/or internal mail server.

Although not supported by NDG, the following settings are provided:

  • Alternate mail server.
  • HTTP proxy server (IP address and port). The proxy must be completely transparent.

A supported configuration requires direct outbound access from the NETLAB+ server to the Internet:

  • HTTP, port 80 TCP
  • SMTP, port 25 TCP

Can I block access to Central Support Services?

No. Access to CSS is required. NETLAB+ uses the Internet based CSS model to make the product easy to maintain at a reasonable cost. For more information, please refer to the CSS whitepaper.


What is Telnet used for? Isn't Telnet insecure?

TCP Port 23 (often associated/mistaken with Telnet), is no longer the default port for Terminal and Remote PC Viewer access. The default “Remote Access Port” is now 2201. New systems will use port 2201 out of the box. Existing systems with software prior to 2009.R1.beta.2 will remain 23, but can be changed from the console. The administrator has the capability to change the remote access port, or define more than one remote access port.


As of version 2.21.0, Telnet can provide a console login for sole the purpose of support by NDG. The option must be explicitly enabled by both the local NETLAB+ administrator and by NDG. Telnet can be used where firewalls and/or policy prohibit the use of SSH. Although SSH is not a requirement, it is still the preferred method of NDG support access because SSH provides encryption.


Can SSH be used instead of Telnet to access lab equipment?

Not at this time. A wide variety of international laws restrict the export and use of encryption software. SSH is only used for technical support access by NDG, and only in countries that permit it.


Does NETLAB+ use the (insecure) TFTP protocol?

NETLAB+ provides a read-only TFTP server listening on the inside (private) interface. TFTP is disabled on the outside (public) interface. When NETLAB+ needs to recover a system image on a lab device, control switch port is moved into VLAN 1. After the image is TFTP'd to the device, the port is removed from VLAN 1.


Can the NETLAB+ server act as a TFTP server for lab exercises that require one?

This is not supported for security and technical reasons. You can use a NETLAB+ remote PC to provide this capability if supported by the lab topology.


Answers to Frequently Asked Questions - Required Annual Maintenance


Why does NDG require an annual maintenance fee for NETLAB Academy Edition?

NETLAB Academy Edition is discounted upfront with the right to use tied to a required annual software upgrade fee. This model provides a lower cost of ownership and keeps your system current as technology changes.


How does NDG decide what new features to implement?

  • We listen to your feedback.
  • We regularly meet with Cisco Networking Academy Managers and Technical Managers.
  • We plan upgrades based on curriculum requirements, customer demand, and implementation feasibility.