Thursday, 6 May 2021

Home Lab Step-by-Step Part-4-virtual router


In my previous post HomeLab Step-by-Step Part-3-Networking, we have completed configuration of required port groups, datastore etc. Now we are ready to start deployment of virtual router.

We will be creating a network topology shown in this image.

In any datacenter (physical/virtual) we always keep management network separate from data network. For management of our nested SDDC we have kept vlan 1611 with network range 172.16.11.x mask address and gateway

Hence, we will start the deployment of the CSR1000v router on the management network.

We have renamed default PG “VM network” to “External-192.168.1.x” on vSwitch0, to achieve the network topology shown in the above Image.

Let's start, Login to ESXi with root credentials, navigate to Virtual machines and select the option “Create/Register VM”.

It will open “New virtual machine” wizard, here we decide if we want to use ISO for deployment or OVA/OVF file. We will use the OVA file we downloaded in our post HomeLab Step-by-Step Part-2-Hostconfig. If you have not you can download from this link.

Name the virtual machine, select OVA file and click next.

Select storage to host virtual router, and click next.

Select the network mapping, at the moment we will keep all the network cards attached to 1611 management vlan, we will update this once we will start configuring the router. We will keep the disk provisioning as thin and we want this to power on automatically upon completion. Click next.

Review the settings and click on finish.

Once Virtual router is deployed and powered on, wait for 10 minutes before starting next step. Open VM console and once you get system configuration dialog, answer no and hit enter, let the router complete its boot process.

Once the boot process is complete, just click inside the console and hit enter once, you will be getting the screen as shown in below image. This is User EXEC mode. 

Now we will start the configuration of the router, to start we need to enter into Globalconfiguration, which can entered from PrivilegedEXEC mode, first we need to enter command enable followed by config t, now we can start putting the configuration. I would recommend running “wr mem” command after every configuration to save it.

Enter command “hostname csr01-a”, press enter.

Once hostname is configured, we will secure the router console with the password, in order to set the password for access we need to enter in to console line mode.

  • line console 0
  • password password (you can choose password of your choice)
  • login
  • Exit
  • exit
  • exit (Last exit will take you to console screen)

Press enter and you will be presented with login screen, enter the console password

Let’s disable the dns lookup for each word which is not a command, we will use the command “no ip domain-lookup”

In Lab environment I prefer to disable auto log off from console, using the commands

  • Line console 0
  • Exec-timeout 0 0
  • exit

When we deployed this appliance, we had 3 NIC cards, now we will disconnect 2 of them and we will configure management range gateway.

Now check the status of all the attached interfaces, run command “sh ip int brief”

By default, all the interfaces are admin down, hence we will run the command “no shut” for the range of interfaces. Now you will see one interface has status “up” and remain are “down”.

Let’s assign the management range gateway IP on the first interface, mask address

Int gigabitethernet 1

Ip address


Now go to the edit settings of the virtual machine and connect second adaptor to vmotion port group. And assign vMotion range gateway address to the second adaptor following the same process we used for management address. IP address mask

Add additional adaptors and follow above steps for rest of the gateways, once completed edit setting screen and interface summary inside the router console would look something like this.

Now we have all the interfaces configured for Layer 3 of our nested SDDC, however in order to reach to the Nested networks from external network we need to create a default route in our virtual router pointing to the physical router gateway address, and create return routes on our physical router for nested networks. You need to check on your home router, how to put a return route for these networks.

Command to enter route in virtual router is "ip route"

Enter command "copy running-config startup-config" at the end of the configuration and successful testing.

Below image shows, routes I have added in my physical router (Home Router).

Routes added on physical router

After this we are ready to route traffic between these networks as well as connectivity to external world is also established, that too we are not using any physical uplink connected to our NESTED virtual switch, everything is routed thru CSR1000v router we deployed, and topology which I have shown in the beginning is achieved. Let’s do few ping tests from my base machine connected to 192.168.1.x network and validate gateway reachability.

Test 1 for vlans 1611,1612,1613,1614

Test 2 for vlans 2711, 2712, 2713

As all tests are successful, now we are good to move to the next part of the lab where we need to deploy services such as AD, DNS, DHCP and iSCSi server for shared storage of our nested environment.

You can run some additional commands on your virtual router to enable access thru SSH, I have not enabled it as I am ok accessing it thru console.

I am listing down the commands for your reference.

  • ip domain-name yourdomainname (ex. ip domain-name
  • crypto key generate rsa

enter the bits value as 1024

Create a user for SSH access, using command

  • User “username” privilege 15 password “password”

Run below command to enable password encryption

  • service password-encryption
  • line vty 0 4
  • transport input ssh
  • login local
  • exit
  • exit
  • copy run start

Now you should be able to SSH to your virtual router as well.


In our next post Home Lab Step-by-Step Part-5-Infrastructure Services we will deploy a windows server which will provide services such as,

  • Active Directory
  • DNS
  • DHCP
  • iSCSi server.

I hope I was able to add value, if your answer is yes, then don't forget to share and subscribe. 😊

If you want me to write on specific content or you have any feedback on this post, kindly comment below.

If you want, you can connect with me on Linkedin, and please like and subscribe my youtube channel VMwareNSXCloud for step by step technical videos.


  1. Awesome .. Thanks a lot for taking time for this ....

  2. I cannot thank you enough Paddy. It means a lot for putting the lab layout. I'm pleased this is the first blog series I have seen where you have clearly described how to do nested lab with "Single PNIC". I look forward to reading your blog. Likewise, I would be glad to share this over LinkedIn. You might be surprised, that I saw this blog via Facebook...
    If you are also on linkedin, let me know I will tag you.....Preetam Zare

    1. Dear Preetam,

      Thank you for your kind words, I am glad to know that it is helping. :)

  3. Hello,

    As per the above screenshot where we are binding the CIDR gateway address to the router interface. There is a IP address, is it interface IP of the physical NIC or the Gateway address of the external CIDR ( 192.x.x.x)

    Also in the below you have mention as a gateway address for the 192 CIDR..

    kindly clarify

    1. Dear, is my physical router, is the interface ip of the Virtual CSR1000v router.

      Now the static routes I have created on my physical router are pointing to interface IP of the csr and .254 is the gateway for any traffic which needs to go out of our network (eg internet).

      Hope this helps!

  4. Hello,

    Do we have any kind of dependency on exposing the vmotion traffic to the external network ?

    1. There is no such dependency, in real environments vmotion networks should only be Layer 2.

  5. Hi Bro.

    I am stuck at the step below.

    Enter command "copy running-config startup-config" at the end of the configuration and successful testing.

    alos how do you have opened the router console which is shown the blogs?

    1. Hi Abhijit,

      I have opened the console of the virtual machine we have deployed, Login to Physical ESXi, navigate to virtual machines, select the Router VM and click on the console, or right click on the VM>>console and select console.
      VMware Article for reference :

      About copy running-config startup-config command, please share the error which you are getting, so that I can help with that. This is the command used in cisco IOS to save running config (stored in RAM) to start up config (which is stored in NVRAM)

    2. Sorry to say I am not taking about the router vm Access I was saying that the console of connectivity view and change the router settings option ..

    3. I understand what you are referring, I hope it should be clear now.

  6. I cannot download the OVA image of the router you are using, I don't have CSR1000v image and I cannot download it because my account in Cisco is limited can you uploaded it on Google Drive and share the link please or share any downloadable link as I need to follow all your series and this will help me a lot ?.

  7. you have to add one important command (login local) after the configuration of the SSH because my virtual router didn't work until I added this command

    1. Dear Mosab, Thank you for catching the missed entry, updated the commands.

  8. Hi you really did great on this posts series, thanks man!

  9. hello. Thanks for your lab instruction. However, im confused by your screenshots in this post. First you tell us to config CSR gi1 as ( vm network adaptor 1)
    Then your next screenshot shows gi1 now having a address, and you have moved the address to vm network adaptor 2. Can you confirm that these screenshots and your accompanying text is out of sync ?

    1. When I did the configuration on my router I assigned first interface to external port group which is visible in the screenshots I shared. however you can do that with the 8th adaptor when you follow the post from start. This shouldn't confuse you as interface IP should match the port group that interface is connected. Hope it helps.


Popular posts