Run Cisco CML 2.9.x on KVM (virt-manager)
Cisco Modeling Labs (CML) is an awesome way to practice routing/switching labs without owning physical gear. The catch: Cisco primarily distributes CML as an OVA (Open Virtual Appliance), which is most commonly used with VMware products.
If you’re on Linux and prefer KVM/libvirt (or you just don’t want to use VMware), you’re not stuck. This guide walks through the full process of running Cisco CML 2.9.x on KVM using virt-manager, including importing the refplat image bundle so you can actually add routers and switches in your labs.
What you’ll achieve
By the end, you’ll have:
A working CML controller VM running on KVM
Access to:
CML Web UI (where you build labs)
Cockpit (system admin/maintenance)
refplat imported, so you can add router/switch nodes like IOSv and IOSvL2
About the CML Free Version (the one I’m using)
For this setup I’m using the CML free/personal release. It’s perfect for learning and building small labs, but it has limits compared to a paid license.
The biggest one:
Maximum 5 running nodes at a time
That’s still great for lots of CCNA/CCNP practice, like:
2 routers + 1 switch + 2 endpoints = 5 nodes
Larger enterprise topologies = you’ll hit the cap (upgrade later if you need)
Tip: With a 5-node limit, build labs around one concept at a time (routing-only, switching-only, etc.) and keep topologies tight.
Requirements
Hardware (recommended)
4+ CPU cores
8–16 GB RAM (16 GB makes labs smoother)
Virtualization enabled in BIOS/UEFI (Intel VT-x / AMD-V)
Host packages
You need KVM + libvirt + virt-manager + qemu tools.
Fedora:
sudo dnf install -y @virtualization virt-manager qemu-img
sudo systemctl enable --now libvirtdUbuntu/Debian:
sudo apt update
sudo apt install -y qemu-kvm libvirt-daemon-system virt-manager qemu-utils
sudo systemctl enable --now libvirtd(Optional but recommended)
sudo usermod -aG libvirt,kvm $USER
# log out and log back inFiles you need
CML Controller OVA (example:
cml2_f_2.9.1-7_amd64-7.ova)refplat ISO (example:
refplat-20250616-free.iso)Enough disk space (CML + images can be large)
Note: Use images you’re entitled to download and run.
Step 1 — Extract the OVA
The OVA is basically a tar archive. Extract it like this:
cd ~/Downloads
tar -xvf cml2_f_2.9.1-7_amd64-7.ovaAfter extracting, you should see files like:
... .ovf... -disk1.vmdk... .nvram
Step 2 — Convert the VMDK to QCOW2
KVM works best with QCOW2, so convert the VMware disk:
cd ~/Downloads
qemu-img convert -O qcow2 \
cml2_2.9.1-7_amd64-7_SHA256-disk1.vmdk \
cml2-controller.qcow2Move it into libvirt’s images directory:
sudo mv cml2-controller.qcow2 /var/lib/libvirt/images/Step 3 — Create the VM in virt-manager
Open virt-manager → New VM:
Choose: Import existing disk image
Disk:
/var/lib/libvirt/images/cml2-controller.qcow2
Recommended VM settings:
Chipset / Machine type: Q35
Firmware: UEFI (Secure Boot OFF if you have that option)
Disk bus: VirtIO
NIC model: VirtIO
CPU/RAM: at least 4 vCPU / 8 GB RAM
Step 4 — Attach refplat ISO as a SATA CD-ROM
The refplat bundle is what provides the images/templates for routers and switches.
In virt-manager:
VM settings → Add Hardware
Storage → CDROM
Select your refplat ISO
Set Bus to: SATA
Enable: Connect at power on
Boot order (important)
Go to Boot Options and set:
VirtIO Disk
SATA CDROM
Step 5 — Boot and find the CML IP address
Start the VM.
If the VM console doesn’t clearly show the IP, run this on the host:
sudo virsh net-dhcp-leases default
You’ll get an IP like:
192.168.122.xx
Step 6 — admin vs sysadmin (important)
CML has two “worlds” and people often mix these up:
CML Web UI (build labs)
URL:
https://<CML-IP>/Login: admin (CML UI account)
Cockpit (system maintenance)
URL:
https://<CML-IP>:9090/Login: sysadmin (system account)
Also:
The VM console login (
cml-controller login:) uses sysadmin credentials.
Step 7 — Import/copy refplat images into CML
Newer CML versions copy the refplat content from the ISO into local disk.
If it copies automatically
Sometimes you’ll see a message like:
“refplat has been copied and can be removed.”
If you see that, you’re likely done.
If you need to copy it manually
Open Cockpit:
https://<CML-IP>:9090/
→ login sysadmin
Then run:
Copy Refplat ISO to Disk
If Cockpit times out
From console/SSH:
sudo /usr/share/cockpit/virl2/copy-refplat-iso-to-disk.sh &Step 8 — Verify router/switch nodes are available
In CML Web UI:
Create a new lab → Add node
You should see options like:
IOSv (router)
IOSvL2 (switch)
If you can add them and start them, you’re ready to build labs.
Step 9 — Remove the refplat ISO (cleanup)
Once refplat is imported:
virt-manager → CDROM → Disconnect / Remove media
Keep boot order with the disk first
Quick mapping: which image is router vs switch vs firewall?
Router
IOSv → general routing practice (OSPF/EIGRP/BGP labs)
Switch
IOSvL2 → VLANs, trunking, STP, EtherChannel
Firewall
Firewalls may not be included in your free refplat bundle. If you have access:
ASAv → simplest firewall to start with
FTDv → NGFW (more complex, often managed with FMC)
Common issues / troubleshooting
No IP / can’t access UI
Ensure VM NIC is connected to libvirt “default” network
Check DHCP leases:
sudo virsh net-dhcp-leases defaultNodes won’t start / unstable performance
Increase RAM/CPU
In virt-manager, set CPU model to host-passthrough if available
Confirm virtualization is enabled in BIOS
UEFI option missing / firmware issues
If your distro doesn’t have UEFI firmware packages installed:
Fedora:
sudo dnf install -y edk2-ovmf
sudo systemctl restart libvirtdUbuntu:
sudo apt install -y ovmf
sudo systemctl restart libvirtdDone!
Now you can build small-but-realistic labs (perfect for the CML free 5-node limit), like:
Router-to-router OSPF
VLAN + trunking + STP
Routing + ACL basics
If you’re studying CCNP, you can still do a lot with 5 nodes—just keep your topology tight and focus on one concept per lab.
Comments
Post a Comment