Cisco dCloud Access From Linux Host
published: 29th of September 2018
Intro
A project I am currently working on requires me to configure Cisco ACI. I have not previously had the opportunity to work with ACI and I had no access to a lab environment to prove out my changes before implementing them into production. A while ago a heard about a service Cisco is offering called dCloud that allows you to spin up resources free of charge for testing, training and demoing purposes. I had a poke around and they have a couple of ACI labs that looked promising so I decided to give it a whirl.
This post will cover using the OpenConnect VPN client to connect to a Cisco dCloud lab environment. For reference the following software was used in this post.
- Ubuntu - 1804
- OpenConnect - v7.08-3
Pre-flight Check
At the time of writing, the only pre-requisite to use the dCloud labs is a CCO account, you don't require a support contract.
The dCloud labs can be accessed over a HTML5 web browser, this works kind of OK but its not ideal. There is also the option to access the LAB via the Cisco Anyconnect VPN client but I did not want to install it just to access the dCloud labs. I am using Linux Ubuntu and there is an alternative VPN client that I use which is compatible with multiple VPN concentrators called OpenConnect .
OpenConnect Installation
Installation is pretty straight forward using the apt package management utility.
sudo apt install -y network-manager-openconnectOnce installed a VPN session can be initiated with the openconnect command.
Lab Access
Once you have scheduled a lab and the start time for the lab has begun you will be able to get the VPN details for the lab. First select the session you would like to connect to.
Then from the info link you can access the VPN details. Below you can see the VPN host is dcloud-sng-anyconnect.cisco.com and the username | password is v308user1 | 643d7b .
Once you have the VPN details from the dCloud lab info section use the host as the VPN endpoint parameter for OpenConnect and enter the username | password when prompted.
sudo openconnect dcloud-sng-anyconnect.cisco.com
[sudo] password for bradmin:
POST https://dcloud-sng-anyconnect.cisco.com/
Connected to 173.39.116.9:443
SSL negotiation with dcloud-sng-anyconnect.cisco.com
Connected to HTTPS on dcloud-sng-anyconnect.cisco.com
XML POST enabled
Please enter your username and password.
GROUP: [Anyconnect-to-dCloud]:Anyconnect-to-dCloud
POST https://dcloud-sng-anyconnect.cisco.com/
XML POST enabled
Please enter your username and password.
Username:v308user1
Password:
POST https://dcloud-sng-anyconnect.cisco.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 10, Keepalive 20
Set up DTLS failed; using SSL instead
Connected as 10.16.19.50, using SSL
Connect Banner:
| " You are now connected to the Cisco dCloud Singapore Platform " |Once you are connected routes for the lab network are installed in your routing table so you can browse to any web endpoints, remote desktop to the Windows10 VM or ssh to the hosts in the lab using the local tools installed on your machine.
ip route show
# Output
default via 10.1.1.1 dev wlp2s0 proto dhcp metric 600
<snip>
...
<snip>
198.18.0.0/15 dev tun0 scope link
198.18.133.1 dev tun0 scope link
This is great because you can use the tools you are familiar with and likely use in your day to day travels. This is especially helpful if you are using or developing tools to automate Cisco products and don't have physical and or virtual devices to test against.
Outro
Cisco dCloud looks like a pretty useful platform for testing/trailing Cisco products, it could also be pretty helpful for testing automation tools if you don't have access to dedicated resources. Using a VPN client like OpenConnect means you can access the dCloud labs using the tools you are familiar with. Kudos to Cisco for offering this service and making it free of charge.