How To – Create Cisco Switch with IOU [IOS On Unix] Loaded on CentOS

Posted by Ahsan Tasneem | 10:36 AM | , , , , , | 1 comments »

The tutorial describes steps required for creating Cisco switch based on IOUl2. The Qemu image with installed CentOS Linux is loaded with IOU image. The IOU (IOS on UNIX) instances are attached to the network using iou2net.pl script written by Jeremy L. Gaddis. The script forwards frames between a IOU instance and a Qemu network adapters. The script is started using tap mode when Qemu interfaces are bridged with virtual tap interfaces.

1. Create Qemu image

/usr/local/bin/qemu-img create -f qcow2 ./centos6.0-ioul2.img 2000M

2. Download CentOS 6.0 minimal install CD

wget http://centos.arcticnetwork.ca/6/isos/i386/CentOS-6.0-i386-minimal.iso

Start Qemu image with attached CentOS minimal CD.

qemu-kvm -no-acpi -boot d -hda centos6.0-ioul2.img -cdrom ./Download/CentOS-6.0-i386-minimal.iso -m 1G

3. Install CentOS 6.0

I am not going to describe all the necessary steps required for CentOS installation.

Configure following settings during installation:

- hostname – centos

- root password – centos

- /dev/sda1 – ext4 – 1500 MB

- swap – 499 MB

After installation, shutdown CentOS and update it using yum.

qemu-kvm -no-acpi -boot c -hda centos6.0-ioul2.img -m 1G

dhclient eth0

yum update

4. Console support and autologin configuration on tty0 and ttyS0

We want to redirect console output to serial port and allow autologin on both tty0 and ttyS0.

a) Add line to /etc/inittab

S0:12345:respawn:/sbin/agetty ttyS0 9600 vt100

b) Modify in /etc/init/tty.conf

exec /sbin/mingetty –autologin root $TTY

c) Modify line "exec /sbin/agetty /dev/$DEV $SPEED vt100-nav" in /etc/init/serial.conf

exec /sbin/mingetty –autologin root /dev/$DEV $SPEED vt100-nav

d) Allow root login on serial port

echo "ttyS0" >> /etc/securetty

e) Edit /etc/sysconfig/init and prevent graphical startup to blow up a terminal

Substitute BOOTUP=color with BOOTUP=serial. Use the command below or edit /etc/sysconfig/init manually.

sed -i `s/BOOTUP=color/BOOTUP=serial/g` /etc/sysconfig/init

f) Edit /etc/grub.conf to redirect console output to the serial port – /dev/ttyS0

- Comment out these 2 lines by putting # at the beginning of the line:

#splashimage=(hd0,0)/grub/splash.xpm.gz

#hiddenmenu

- Set timeout to 0 seconds

timeout=0

- Add this line end at the end of line starting with "kernel"

console=ttyS0,9600n8

- Shutdown Centos

halt

5. Disable Firewall and SElinux

qemu-kvm -no-acpi -boot c -hda centos6.0-ioul2.img -serial telnet:0.0.0.0:3000,server,nowait

telnet localhost 3000

a) Disable ipv4 and ipv6 firewall

/etc/init.d/iptables stop

/etc/init.d/ip6tables stop

chkconfig –level 2345 iptables off

chkconfig –level 2345 ip6tables off

b) Disable SElinux

Change parameter SELINUX=enforcing to SELINUX=disabled in /etc/selinux/config

6. Change default behaviour of presented Ethernet cards

if the MAC address of Ethernet interface changes, system keeps the pair – the name of interface and its MAC address unchanged. It means that it creates the new interface with the new MAC address. As the script in GNS3 responsible for staring Qemu – qemuwrapper always starts the Qemu Ethernet interfaces with completely new MAC addresses, the names of interfaces are always changed. This behaviour is not desired and we have to changed to avoid confusion.

Add following line to /lib/udev/rules.d/75-persistent-net-generator.rules, right after line ENV{MATCHIFTYPE}="$attr{type}"

ENV{MATCHADDR}=="*", ENV{MATCHADDR}=""

Edit /etc/sysconfig/network-scripts/ifcfg-eth0 and delete line starting with HWADDR

7. Additional CentOS configuration

a) Pair hostname with loopback ip address

echo "127.0.0.1 centos" >> /etc/hosts

b) load 8021q module

modprobe 8021q

c) Allow forwarding between interfaces

sysctl -w net.ipv4.ip_forward=1

sysctl -w net.ipv6.conf.all.forwarding=1

To keep enabled forwarding after next boot of CentOS, you need to edit /etc/sysctl.conf and change/add the following line.

net.ipv4.ip_forward = 1

net.ipv6.conf.default.forwarding = 1

8. IOU L2 installation

a) Create symbolic link which points libcrypto.so.4 to libcrypto.so.10

ln -s /usr/lib/libcrypto.so.10 /usr/lib/libcrypto.so.4

b) Create license file

echo -e "[license]\n$(uname -n) = 0000000000000000" > iourc

c) Create NETMAP file

The NETMAP file is generated by perl script.

d) Copy cracked IOU L2, wrapper, perl script – iou2net.pl to CentOS image

Please, don’t ask me to provide any IOU images.

As for cracking IOUl2 on Linux Fedora, you might read this tutorial:

http://brezular.wordpress.com/2011/04/30/hacking-cisco-iou-on-fedora-linux-for-educational-purpose-only/

Perl script connecting IOU to the real network is available here:

http://inetpro.org/wiki/Connect_IOU_with_real_networks_or_dynamips

e) Install necessary packages

yum install telnet wget tunectl

9. Install perl and dependencies

dhclient eth0

a) Install perl, libpcap

yum install perl perl-Time-HiRes libpcap libpcap-devel

b) Add rpmforge repository – needed for package perl-net-pcap

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

rpm -ihv rpmforge-release-0.5.2-2.el6.rf.i686.rpm

rm /root/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

c) Install perl-net-pcap

yum install perl-Net-Pcap.i686 perl-Net-PcapUtils.noarch

10. IOU L2 configuration

a) Perl script for creating IOU topology file – NETMAP

Script "check_netmap.pl" creates NETMAP file if it doesn’t exist. Every time a script is started, it generates unique local ID for IUOl2 instance and unique pseudo ID for each instance of iou2net.pl. IDs are generated in range from 10 to 1010.

If NETMAP file exists, nothing is done.

Note: All IDs in your topology must be unique numbers otherwise problem with duplicate MAC can occur. You can find more about it in part "Interface MAC addresses", here:

http://inetpro.org/wiki/Connect_IOU_with_realnetworksordynamipsTAPmode

/root/check_netmap.pl

#!/usr/bin/perl

my $range = 1000;

my $minimum = 10;

my $i = 0;

my $j = 0;

my $count = 0;

unless (-e "/root/NETMAP") {

print "NETMAP doesn’t exists, so we are going to create it \n";

$local_id= int(rand($range)) + $minimum;

$pseudo_id= int(rand($range)) + $minimum;

opendir (DIR,’/sys/class/net/’) or die "open failed : $!\n";

while (defined($dir = readdir(DIR))) {

if ($dir =~ m/eth/) {

print "Found valid interface $dir in /sys/class/net \n";

open NETMAP, ">>/root/NETMAP";

if ($count <= 3) {

$i = 0;

}

elsif (($count >= 4) && ($count <= 7)) {

$i = 1;

}

elsif (($count >=8) && ($count <= 11)) {

$i = 2;

}

print NETMAP "$local_id:$i/$j",’@centos’," $pseudo_id:0/0",’@centos’," \n";

close NETMAP;

$count++; $j++; $pseudo_id++;

if (($count == 4) || ($count == 8) || ($count == 12)) {

$j = 0;

}

}

}

close (DIR)

}

Assign privilegies to script.

chmod +x check_netmap.pl

NETMAP file could possibly looks like this

10:0/0@centos 20:0/0@centos

10:0/1@centos 21:0/0@centos

10:0/2@centos 22:0/0@centos

10:0/3@centos 23:0/0@centos

10:1/0@centos 24:0/0@centos

10:1/1@centos 25:0/0@centos

10:1/2@centos 26:0/0@centos

10:1/3@centos 27:0/0@centos

Explanation

10:0/0@centos 20:0/0@centos

local instance IOUl2 with ID 10 is running on PC with hostname centos and it is connected with its interface Ethernet0/0 to pseudo interface 0/0 of pseudo IOUl2 instance with ID 20. Pseudo IOUl2 instance with ID 200 is a script iou2net.pl running on the same PC with hostname centos.

The number of rows in NETMAP file matches the number of ethernet interfaces found in /sys/class/net/ directory. For example if there is only one interface eth0 presented in Qemu image, NETMAP file contains only one row.

This table matches IOU interfaces with corresponding CentOS interfaces:

IOU – CentOS

Eth 0/0 – eth0

Eth 0/1 – eth1

Eth 0/2 – eth2

Eth 0/3 – eth3

Eth 1/0 – eth4

Eth 1/1 – eth5

Eth 1/2 – eth6

Eth 1/3 – eth7

b) Bash script for starting IOU

This script is responsible for these jobs:

- starting script check_netmap.pl

- starting IOU image on port – i86bi_linuxl2-upk9-ms.M with local IOU ID on port 6000

- bringing up ethernet interfaces in /sys/class/net directory

- creating as many tap interfaces and bridges br as they are ethernet interfaces

- adding a particular ethernet interface e.g eth0 and tap interface e.g tap0 to the particular bridge e.g br0

- starting iou2net.pl script for particular tap ineterface e.g tap0 with particular unique pseudo ID

/root/iou_start.sh

#!/bin/sh

#export NETIO_NETMAP=/root/NETMAP

/root/check_netmap.pl

local_id=$(echo `head -n 1 /root/NETMAP` | cut -d ":" -f1)

remote_id=$(echo `head -n 1 /root/NETMAP` | cut -d ":" -f2 | cut -d " " -f2)

cd /root/

/root/wrapper -m /root/i86bi_linuxl2-upk9-ms.M -p 6000 — -s 0 $local_id &

sleep 5

for dir in /sys/class/net/*

do

interface=$(echo $dir | cut -d "/" -f5)

if [[ $interface == eth* ]]; then

lastchr=${interface#${interface%?}}

/usr/sbin/tunctl -t tap$lastchr

/sbin/ifconfig $interface 0.0.0.0 promisc up

/sbin/ifconfig tap$lastchr 0.0.0.0 promisc up

/usr/sbin/brctl addbr br$lastchr

/usr/sbin/brctl stp br$lastchr off

/usr/sbin/brctl setfd br$lastchr 1

/usr/sbin/brctl sethello br$lastchr 1

/usr/sbin/brctl addif br$lastchr $interface

/usr/sbin/brctl addif br$lastchr tap$lastchr

/sbin/ifconfig br$lastchr up

/root/iou2net.pl -t tap$lastchr -n /root/NETMAP -p $remote_id &

((remote_id++))

fi

done

Assign privilegies to script and start the script.

chmod +x /root/iou_start.sh

/root/iou_start.sh

Allow script to by automatically started during the boot of CentOS.

echo "/root/iou_start.sh" >> /etc/rc.local

If you wish to start IOUL2 after boot, put this line to /etc/rc.local

echo "telnet localhost 6000" >> /etc/rc.local

Telnet to switch.

telnet localhost 6000

Note

Always delete NETMAP file before shutdown, if you start your base centos6.0-iuol2.img image outside of GNS3. Otherwise script check_netmap.pl doesn’t create a valid NETMAP file.

11. Optional steps – cleaning CentOS

a) Remove .ssh/known_hosts

rm /root/.ssh/known_hosts

b) Delete temporary files

rm -rf /tmp/*

c) Clean content of files in directory /var/log/

for file in /var/log/*; do echo "" > $file; done

d) Delete bash history

echo "" > /root/.bash_history





Article Source: http://brezular.wordpress.com

1 comments

  1. Al // December 10, 2013 at 6:27 AM  

    I just have a quick question about IOU. I just started using it a couple of days ago. I'm assuming that I should use the L3 image for routers and the L2 image for layer 2 (2950) switching. What should I use for layer 3 (3560) switching? Should I use the L3 image, or should I use the L2 image and just turn on "ip routing"? Sorry to ask such a basic question, but I want to start off on the right track. Thanks for any help that you can give.

Related Posts Plugin for WordPress, Blogger...