Over the years I’ve had to showcase many technologies in live testing / lab demo scenarios. To avoid risk of dealing with unknown elements, I try to own responsibility for as much of the testing environment as possible. A simple way to remove the unknown network out of the equation is using a router or firewall to mimic a standard user using PAT (port address translation) and handling everything on the inside test network.
The concept for the lab network is pretty simple and can scale to many technology categories since most demos need a network. For example, it’s a lot sexier security demo showcasing a user accessing the web rather than permitting and denying pings. The configuration concepts are found below with explanation.
Demo Diagram
On a router or firewall, request DHCP like any standard user
interface FastEthernet0/0
description CONNECTION TO OUTSIDE
ip address dhcp
ip nat outside
!
On the inside interface, NAT
interface FastEthernet0/1
ip address 10.1.1.254 255.255.255.0
ip nat inside
!
Route all traffic to the NAT interface
ip route 10.1.0.0 255.255.0.0 10.1.1.1
Overload the NAT
ip nat inside source list 1 interface FastEthernet0/0 overload
access list to overload traffic through
access-list 1 permit 10.1.0.0 0.0.255.255
On the Switch, create a vlan for your technology you are testing
interface Vlan2
description Whatever you are testing
ip address 10.1.1.1 255.255.255.0
Make everything default and route it to the firewall/router
ip default-gateway 10.1.1.1
ip route 0.0.0.0 0.0.0.0 10.1.1.254
One trick from my demo playbook. Enjoy
