A project I am currently working on requires me to configure Cisco ACI. I have not previously had the opportunity to work with ACI and I had no access to a lab environment to prove out my changes before implementing them into production. A while ago a heard about a service Cisco is offering called dCloud that allows you to spin up resources free of charge for testing, training and demoing purposes. I had a poke around and they have a couple of ACI labs that looked promising so I decided to give it a whirl.
This post will cover using the OpenConnect VPN client to connect to a Cisco dCloud lab environment. For reference the following software was used in this post.
At the time of writing, the only pre-requisite to use the dCloud labs is a CCO account, you don't require a support contract.
The dCloud labs can be accessed over a HTML5 web browser, this works kind of OK but its not ideal. There is also the option to access the LAB via the Cisco Anyconnect VPN client but I did not want to install it just to access the dCloud labs. I am using Linux Ubuntu and there is an alternative VPN client that I use which is compatible with multiple VPN concentrators called OpenConnect.
Installation is pretty straight forward using the
apt package management
sudo apt install -y network-manager-openconnect
Once installed a VPN session can be initiated with the
sudo/root privileges are required to activate a VPN connection.
Once you have scheduled a lab and the start time for the lab has begun you will be able to get the VPN details for the lab. First select the session you would like to connect to.
Then from the info link you can access the VPN details. Below you can see the VPN host is dcloud-sng-anyconnect.cisco.com and the username | password is v308user1 | 643d7b.
Once you have the VPN details from the dCloud lab info section use the host as the VPN endpoint parameter for OpenConnect and enter the username | password when prompted.
sudo openconnect dcloud-sng-anyconnect.cisco.com [sudo] password for bradmin: POST https://dcloud-sng-anyconnect.cisco.com/ Connected to 220.127.116.11:443 SSL negotiation with dcloud-sng-anyconnect.cisco.com Connected to HTTPS on dcloud-sng-anyconnect.cisco.com XML POST enabled Please enter your username and password. GROUP: [Anyconnect-to-dCloud]:Anyconnect-to-dCloud POST https://dcloud-sng-anyconnect.cisco.com/ XML POST enabled Please enter your username and password. Username:v308user1 Password: POST https://dcloud-sng-anyconnect.cisco.com/ Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 10, Keepalive 20 Set up DTLS failed; using SSL instead Connected as 10.16.19.50, using SSL Connect Banner: | " You are now connected to the Cisco dCloud Singapore Platform " |
Once you are connected routes for the lab network are installed in your routing table so you can browse to any web endpoints, remote desktop to the Windows10 VM or ssh to the hosts in the lab using the local tools installed on your machine.
ip route show # Output default via 10.1.1.1 dev wlp2s0 proto dhcp metric 600 <snip> ... <snip> 198.18.0.0/15 dev tun0 scope link 198.18.133.1 dev tun0 scope link
This is great because you can use the tools you are familiar with and likely use in your day to day travels. This is especially helpful if you are using or developing tools to automate Cisco products and don't have physical and or virtual devices to test against.
Cisco dCloud looks like a pretty useful platform for testing/trailing Cisco products, it could also be pretty helpful for testing automation tools if you don't have access to dedicated resources. Using a VPN client like OpenConnect means you can access the dCloud labs using the tools you are familiar with. Kudos to Cisco for offering this service and making it free of charge.