How To – Create Cisco Switch with IOU [IOS On Unix] Loaded on CentOS
Posted by Ahsan Tasneem | 10:36 AM | CentOS, cisco, GNS3, How To, Linux, Qemu | 3 comments »
The tutorial describes steps
required for creating Cisco switch based on IOUl2. The Qemu image with
installed CentOS Linux is loaded with IOU image. The IOU (IOS on UNIX) instances are attached
to the network using iou2net.pl script written by Jeremy L. Gaddis. The script
forwards frames between a IOU instance and a Qemu network adapters. The script
is started using tap mode when Qemu interfaces are bridged with virtual tap
interfaces.
1. Create Qemu image
/usr/local/bin/qemu-img create -f qcow2 ./centos6.0-ioul2.img 2000M
2. Download CentOS 6.0 minimal install CD
wget http://centos.arcticnetwork.ca/6/isos/i386/CentOS-6.0-i386-minimal.iso
Start Qemu image with attached CentOS minimal CD.
qemu-kvm -no-acpi -boot d -hda centos6.0-ioul2.img -cdrom ./Download/CentOS-6.0-i386-minimal.iso -m 1G
3. Install CentOS 6.0
I am not going to describe all the necessary steps required for CentOS installation.
Configure following settings during installation:
- hostname – centos
- root password – centos
- /dev/sda1 – ext4 – 1500 MB
- swap – 499 MB
After installation, shutdown CentOS and update it using yum.
qemu-kvm -no-acpi -boot c -hda centos6.0-ioul2.img -m 1G
dhclient eth0
yum update
4. Console support and autologin configuration on tty0 and ttyS0
We want to redirect console output to serial port and allow autologin on both tty0 and ttyS0.
a) Add line to /etc/inittab
S0:12345:respawn:/sbin/agetty ttyS0 9600 vt100
b) Modify in /etc/init/tty.conf
exec /sbin/mingetty –autologin root $TTY
c) Modify line "exec /sbin/agetty /dev/$DEV $SPEED vt100-nav" in /etc/init/serial.conf
exec /sbin/mingetty –autologin root /dev/$DEV $SPEED vt100-nav
d) Allow root login on serial port
echo "ttyS0" >> /etc/securetty
e) Edit /etc/sysconfig/init and prevent graphical startup to blow up a terminal
Substitute BOOTUP=color with BOOTUP=serial. Use the command below or edit /etc/sysconfig/init manually.
sed -i `s/BOOTUP=color/BOOTUP=serial/g` /etc/sysconfig/init
f) Edit /etc/grub.conf to redirect console output to the serial port – /dev/ttyS0
- Comment out these 2 lines by putting # at the beginning of the line:
#splashimage=(hd0,0)/grub/splash.xpm.gz
#hiddenmenu
- Set timeout to 0 seconds
timeout=0
- Add this line end at the end of line starting with "kernel"
console=ttyS0,9600n8
- Shutdown Centos
halt
5. Disable Firewall and SElinux
qemu-kvm -no-acpi -boot c -hda centos6.0-ioul2.img -serial telnet:0.0.0.0:3000,server,nowait
telnet localhost 3000
a) Disable ipv4 and ipv6 firewall
/etc/init.d/iptables stop
/etc/init.d/ip6tables stop
chkconfig –level 2345 iptables off
chkconfig –level 2345 ip6tables off
b) Disable SElinux
Change parameter SELINUX=enforcing to SELINUX=disabled in /etc/selinux/config
6. Change default behaviour of presented Ethernet cards
if the MAC address of Ethernet interface changes, system keeps the pair – the name of interface and its MAC address unchanged. It means that it creates the new interface with the new MAC address. As the script in GNS3 responsible for staring Qemu – qemuwrapper always starts the Qemu Ethernet interfaces with completely new MAC addresses, the names of interfaces are always changed. This behaviour is not desired and we have to changed to avoid confusion.
Add following line to /lib/udev/rules.d/75-persistent-net-generator.rules, right after line ENV{MATCHIFTYPE}="$attr{type}"
ENV{MATCHADDR}=="*", ENV{MATCHADDR}=""
Edit /etc/sysconfig/network-scripts/ifcfg-eth0 and delete line starting with HWADDR
7. Additional CentOS configuration
a) Pair hostname with loopback ip address
echo "127.0.0.1 centos" >> /etc/hosts
b) load 8021q module
modprobe 8021q
c) Allow forwarding between interfaces
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
To keep enabled forwarding after next boot of CentOS, you need to edit /etc/sysctl.conf and change/add the following line.
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
8. IOU L2 installation
a) Create symbolic link which points libcrypto.so.4 to libcrypto.so.10
ln -s /usr/lib/libcrypto.so.10 /usr/lib/libcrypto.so.4
b) Create license file
echo -e "[license]\n$(uname -n) = 0000000000000000" > iourc
c) Create NETMAP file
The NETMAP file is generated by perl script.
d) Copy cracked IOU L2, wrapper, perl script – iou2net.pl to CentOS image
Please, don’t ask me to provide any IOU images.
As for cracking IOUl2 on Linux Fedora, you might read this tutorial:
http://brezular.wordpress.com/2011/04/30/hacking-cisco-iou-on-fedora-linux-for-educational-purpose-only/
Perl script connecting IOU to the real network is available here:
http://inetpro.org/wiki/Connect_IOU_with_real_networks_or_dynamips
e) Install necessary packages
yum install telnet wget tunectl
9. Install perl and dependencies
dhclient eth0
a) Install perl, libpcap
yum install perl perl-Time-HiRes libpcap libpcap-devel
b) Add rpmforge repository – needed for package perl-net-pcap
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rpm -ihv rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rm /root/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
c) Install perl-net-pcap
yum install perl-Net-Pcap.i686 perl-Net-PcapUtils.noarch
10. IOU L2 configuration
a) Perl script for creating IOU topology file – NETMAP
Script "check_netmap.pl" creates NETMAP file if it doesn’t exist. Every time a script is started, it generates unique local ID for IUOl2 instance and unique pseudo ID for each instance of iou2net.pl. IDs are generated in range from 10 to 1010.
If NETMAP file exists, nothing is done.
Note: All IDs in your topology must be unique numbers otherwise problem with duplicate MAC can occur. You can find more about it in part "Interface MAC addresses", here:
http://inetpro.org/wiki/Connect_IOU_with_realnetworksordynamipsTAPmode
/root/check_netmap.pl
#!/usr/bin/perl
my $range = 1000;
my $minimum = 10;
my $i = 0;
my $j = 0;
my $count = 0;
unless (-e "/root/NETMAP") {
print "NETMAP doesn’t exists, so we are going to create it \n";
$local_id= int(rand($range)) + $minimum;
$pseudo_id= int(rand($range)) + $minimum;
opendir (DIR,’/sys/class/net/’) or die "open failed : $!\n";
while (defined($dir = readdir(DIR))) {
if ($dir =~ m/eth/) {
print "Found valid interface $dir in /sys/class/net \n";
open NETMAP, ">>/root/NETMAP";
if ($count <= 3) {
$i = 0;
}
elsif (($count >= 4) && ($count <= 7)) {
$i = 1;
}
elsif (($count >=8) && ($count <= 11)) {
$i = 2;
}
print NETMAP "$local_id:$i/$j",’@centos’," $pseudo_id:0/0",’@centos’," \n";
close NETMAP;
$count++; $j++; $pseudo_id++;
if (($count == 4) || ($count ==
$j = 0;
}
}
}
close (DIR)
}
Assign privilegies to script.
chmod +x check_netmap.pl
NETMAP file could possibly looks like this
10:0/0@centos 20:0/0@centos
10:0/1@centos 21:0/0@centos
10:0/2@centos 22:0/0@centos
10:0/3@centos 23:0/0@centos
10:1/0@centos 24:0/0@centos
10:1/1@centos 25:0/0@centos
10:1/2@centos 26:0/0@centos
10:1/3@centos 27:0/0@centos
Explanation
10:0/0@centos 20:0/0@centos
local instance IOUl2 with ID 10 is running on PC with hostname centos and it is connected with its interface Ethernet0/0 to pseudo interface 0/0 of pseudo IOUl2 instance with ID 20. Pseudo IOUl2 instance with ID 200 is a script iou2net.pl running on the same PC with hostname centos.
The number of rows in NETMAP file matches the number of ethernet interfaces found in /sys/class/net/ directory. For example if there is only one interface eth0 presented in Qemu image, NETMAP file contains only one row.
This table matches IOU interfaces with corresponding CentOS interfaces:
IOU – CentOS
Eth 0/0 – eth0
Eth 0/1 – eth1
Eth 0/2 – eth2
Eth 0/3 – eth3
Eth 1/0 – eth4
Eth 1/1 – eth5
Eth 1/2 – eth6
Eth 1/3 – eth7
b) Bash script for starting IOU
This script is responsible for these jobs:
- starting script check_netmap.pl
- starting IOU image on port – i86bi_linuxl2-upk9-ms.M with local IOU ID on port 6000
- bringing up ethernet interfaces in /sys/class/net directory
- creating as many tap interfaces and bridges br as they are ethernet interfaces
- adding a particular ethernet interface e.g eth0 and tap interface e.g tap0 to the particular bridge e.g br0
- starting iou2net.pl script for particular tap ineterface e.g tap0 with particular unique pseudo ID
/root/iou_start.sh
#!/bin/sh
#export NETIO_NETMAP=/root/NETMAP
/root/check_netmap.pl
local_id=$(echo `head -n 1 /root/NETMAP` | cut -d ":" -f1)
remote_id=$(echo `head -n 1 /root/NETMAP` | cut -d ":" -f2 | cut -d " " -f2)
cd /root/
/root/wrapper -m /root/i86bi_linuxl2-upk9-ms.M -p 6000 — -s 0 $local_id &
sleep 5
for dir in /sys/class/net/*
do
interface=$(echo $dir | cut -d "/" -f5)
if [[ $interface == eth* ]]; then
lastchr=${interface#${interface%?}}
/usr/sbin/tunctl -t tap$lastchr
/sbin/ifconfig $interface 0.0.0.0 promisc up
/sbin/ifconfig tap$lastchr 0.0.0.0 promisc up
/usr/sbin/brctl addbr br$lastchr
/usr/sbin/brctl stp br$lastchr off
/usr/sbin/brctl setfd br$lastchr 1
/usr/sbin/brctl sethello br$lastchr 1
/usr/sbin/brctl addif br$lastchr $interface
/usr/sbin/brctl addif br$lastchr tap$lastchr
/sbin/ifconfig br$lastchr up
/root/iou2net.pl -t tap$lastchr -n /root/NETMAP -p $remote_id &
((remote_id++))
fi
done
Assign privilegies to script and start the script.
chmod +x /root/iou_start.sh
/root/iou_start.sh
Allow script to by automatically started during the boot of CentOS.
echo "/root/iou_start.sh" >> /etc/rc.local
If you wish to start IOUL2 after boot, put this line to /etc/rc.local
echo "telnet localhost 6000" >> /etc/rc.local
Telnet to switch.
telnet localhost 6000
Note
Always delete NETMAP file before shutdown, if you start your base centos6.0-iuol2.img image outside of GNS3. Otherwise script check_netmap.pl doesn’t create a valid NETMAP file.
11. Optional steps – cleaning CentOS
a) Remove .ssh/known_hosts
rm /root/.ssh/known_hosts
b) Delete temporary files
rm -rf /tmp/*
c) Clean content of files in directory /var/log/
for file in /var/log/*; do echo "" > $file; done
d) Delete bash history
echo "" > /root/.bash_history
Article Source: http://brezular.wordpress.com
1. Create Qemu image
/usr/local/bin/qemu-img create -f qcow2 ./centos6.0-ioul2.img 2000M
2. Download CentOS 6.0 minimal install CD
wget http://centos.arcticnetwork.ca/6/isos/i386/CentOS-6.0-i386-minimal.iso
Start Qemu image with attached CentOS minimal CD.
qemu-kvm -no-acpi -boot d -hda centos6.0-ioul2.img -cdrom ./Download/CentOS-6.0-i386-minimal.iso -m 1G
3. Install CentOS 6.0
I am not going to describe all the necessary steps required for CentOS installation.
Configure following settings during installation:
- hostname – centos
- root password – centos
- /dev/sda1 – ext4 – 1500 MB
- swap – 499 MB
After installation, shutdown CentOS and update it using yum.
qemu-kvm -no-acpi -boot c -hda centos6.0-ioul2.img -m 1G
dhclient eth0
yum update
4. Console support and autologin configuration on tty0 and ttyS0
We want to redirect console output to serial port and allow autologin on both tty0 and ttyS0.
a) Add line to /etc/inittab
S0:12345:respawn:/sbin/agetty ttyS0 9600 vt100
b) Modify in /etc/init/tty.conf
exec /sbin/mingetty –autologin root $TTY
c) Modify line "exec /sbin/agetty /dev/$DEV $SPEED vt100-nav" in /etc/init/serial.conf
exec /sbin/mingetty –autologin root /dev/$DEV $SPEED vt100-nav
d) Allow root login on serial port
echo "ttyS0" >> /etc/securetty
e) Edit /etc/sysconfig/init and prevent graphical startup to blow up a terminal
Substitute BOOTUP=color with BOOTUP=serial. Use the command below or edit /etc/sysconfig/init manually.
sed -i `s/BOOTUP=color/BOOTUP=serial/g` /etc/sysconfig/init
f) Edit /etc/grub.conf to redirect console output to the serial port – /dev/ttyS0
- Comment out these 2 lines by putting # at the beginning of the line:
#splashimage=(hd0,0)/grub/splash.xpm.gz
#hiddenmenu
- Set timeout to 0 seconds
timeout=0
- Add this line end at the end of line starting with "kernel"
console=ttyS0,9600n8
- Shutdown Centos
halt
5. Disable Firewall and SElinux
qemu-kvm -no-acpi -boot c -hda centos6.0-ioul2.img -serial telnet:0.0.0.0:3000,server,nowait
telnet localhost 3000
a) Disable ipv4 and ipv6 firewall
/etc/init.d/iptables stop
/etc/init.d/ip6tables stop
chkconfig –level 2345 iptables off
chkconfig –level 2345 ip6tables off
b) Disable SElinux
Change parameter SELINUX=enforcing to SELINUX=disabled in /etc/selinux/config
6. Change default behaviour of presented Ethernet cards
if the MAC address of Ethernet interface changes, system keeps the pair – the name of interface and its MAC address unchanged. It means that it creates the new interface with the new MAC address. As the script in GNS3 responsible for staring Qemu – qemuwrapper always starts the Qemu Ethernet interfaces with completely new MAC addresses, the names of interfaces are always changed. This behaviour is not desired and we have to changed to avoid confusion.
Add following line to /lib/udev/rules.d/75-persistent-net-generator.rules, right after line ENV{MATCHIFTYPE}="$attr{type}"
ENV{MATCHADDR}=="*", ENV{MATCHADDR}=""
Edit /etc/sysconfig/network-scripts/ifcfg-eth0 and delete line starting with HWADDR
7. Additional CentOS configuration
a) Pair hostname with loopback ip address
echo "127.0.0.1 centos" >> /etc/hosts
b) load 8021q module
modprobe 8021q
c) Allow forwarding between interfaces
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
To keep enabled forwarding after next boot of CentOS, you need to edit /etc/sysctl.conf and change/add the following line.
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
8. IOU L2 installation
a) Create symbolic link which points libcrypto.so.4 to libcrypto.so.10
ln -s /usr/lib/libcrypto.so.10 /usr/lib/libcrypto.so.4
b) Create license file
echo -e "[license]\n$(uname -n) = 0000000000000000" > iourc
c) Create NETMAP file
The NETMAP file is generated by perl script.
d) Copy cracked IOU L2, wrapper, perl script – iou2net.pl to CentOS image
Please, don’t ask me to provide any IOU images.
As for cracking IOUl2 on Linux Fedora, you might read this tutorial:
http://brezular.wordpress.com/2011/04/30/hacking-cisco-iou-on-fedora-linux-for-educational-purpose-only/
Perl script connecting IOU to the real network is available here:
http://inetpro.org/wiki/Connect_IOU_with_real_networks_or_dynamips
e) Install necessary packages
yum install telnet wget tunectl
9. Install perl and dependencies
dhclient eth0
a) Install perl, libpcap
yum install perl perl-Time-HiRes libpcap libpcap-devel
b) Add rpmforge repository – needed for package perl-net-pcap
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rpm -ihv rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rm /root/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
c) Install perl-net-pcap
yum install perl-Net-Pcap.i686 perl-Net-PcapUtils.noarch
10. IOU L2 configuration
a) Perl script for creating IOU topology file – NETMAP
Script "check_netmap.pl" creates NETMAP file if it doesn’t exist. Every time a script is started, it generates unique local ID for IUOl2 instance and unique pseudo ID for each instance of iou2net.pl. IDs are generated in range from 10 to 1010.
If NETMAP file exists, nothing is done.
Note: All IDs in your topology must be unique numbers otherwise problem with duplicate MAC can occur. You can find more about it in part "Interface MAC addresses", here:
http://inetpro.org/wiki/Connect_IOU_with_realnetworksordynamipsTAPmode
/root/check_netmap.pl
#!/usr/bin/perl
my $range = 1000;
my $minimum = 10;
my $i = 0;
my $j = 0;
my $count = 0;
unless (-e "/root/NETMAP") {
print "NETMAP doesn’t exists, so we are going to create it \n";
$local_id= int(rand($range)) + $minimum;
$pseudo_id= int(rand($range)) + $minimum;
opendir (DIR,’/sys/class/net/’) or die "open failed : $!\n";
while (defined($dir = readdir(DIR))) {
if ($dir =~ m/eth/) {
print "Found valid interface $dir in /sys/class/net \n";
open NETMAP, ">>/root/NETMAP";
if ($count <= 3) {
$i = 0;
}
elsif (($count >= 4) && ($count <= 7)) {
$i = 1;
}
elsif (($count >=8) && ($count <= 11)) {
$i = 2;
}
print NETMAP "$local_id:$i/$j",’@centos’," $pseudo_id:0/0",’@centos’," \n";
close NETMAP;
$count++; $j++; $pseudo_id++;
if (($count == 4) || ($count ==
8
) || ($count == 12)) {$j = 0;
}
}
}
close (DIR)
}
Assign privilegies to script.
chmod +x check_netmap.pl
NETMAP file could possibly looks like this
10:0/0@centos 20:0/0@centos
10:0/1@centos 21:0/0@centos
10:0/2@centos 22:0/0@centos
10:0/3@centos 23:0/0@centos
10:1/0@centos 24:0/0@centos
10:1/1@centos 25:0/0@centos
10:1/2@centos 26:0/0@centos
10:1/3@centos 27:0/0@centos
Explanation
10:0/0@centos 20:0/0@centos
local instance IOUl2 with ID 10 is running on PC with hostname centos and it is connected with its interface Ethernet0/0 to pseudo interface 0/0 of pseudo IOUl2 instance with ID 20. Pseudo IOUl2 instance with ID 200 is a script iou2net.pl running on the same PC with hostname centos.
The number of rows in NETMAP file matches the number of ethernet interfaces found in /sys/class/net/ directory. For example if there is only one interface eth0 presented in Qemu image, NETMAP file contains only one row.
This table matches IOU interfaces with corresponding CentOS interfaces:
IOU – CentOS
Eth 0/0 – eth0
Eth 0/1 – eth1
Eth 0/2 – eth2
Eth 0/3 – eth3
Eth 1/0 – eth4
Eth 1/1 – eth5
Eth 1/2 – eth6
Eth 1/3 – eth7
b) Bash script for starting IOU
This script is responsible for these jobs:
- starting script check_netmap.pl
- starting IOU image on port – i86bi_linuxl2-upk9-ms.M with local IOU ID on port 6000
- bringing up ethernet interfaces in /sys/class/net directory
- creating as many tap interfaces and bridges br as they are ethernet interfaces
- adding a particular ethernet interface e.g eth0 and tap interface e.g tap0 to the particular bridge e.g br0
- starting iou2net.pl script for particular tap ineterface e.g tap0 with particular unique pseudo ID
/root/iou_start.sh
#!/bin/sh
#export NETIO_NETMAP=/root/NETMAP
/root/check_netmap.pl
local_id=$(echo `head -n 1 /root/NETMAP` | cut -d ":" -f1)
remote_id=$(echo `head -n 1 /root/NETMAP` | cut -d ":" -f2 | cut -d " " -f2)
cd /root/
/root/wrapper -m /root/i86bi_linuxl2-upk9-ms.M -p 6000 — -s 0 $local_id &
sleep 5
for dir in /sys/class/net/*
do
interface=$(echo $dir | cut -d "/" -f5)
if [[ $interface == eth* ]]; then
lastchr=${interface#${interface%?}}
/usr/sbin/tunctl -t tap$lastchr
/sbin/ifconfig $interface 0.0.0.0 promisc up
/sbin/ifconfig tap$lastchr 0.0.0.0 promisc up
/usr/sbin/brctl addbr br$lastchr
/usr/sbin/brctl stp br$lastchr off
/usr/sbin/brctl setfd br$lastchr 1
/usr/sbin/brctl sethello br$lastchr 1
/usr/sbin/brctl addif br$lastchr $interface
/usr/sbin/brctl addif br$lastchr tap$lastchr
/sbin/ifconfig br$lastchr up
/root/iou2net.pl -t tap$lastchr -n /root/NETMAP -p $remote_id &
((remote_id++))
fi
done
Assign privilegies to script and start the script.
chmod +x /root/iou_start.sh
/root/iou_start.sh
Allow script to by automatically started during the boot of CentOS.
echo "/root/iou_start.sh" >> /etc/rc.local
If you wish to start IOUL2 after boot, put this line to /etc/rc.local
echo "telnet localhost 6000" >> /etc/rc.local
Telnet to switch.
telnet localhost 6000
Note
Always delete NETMAP file before shutdown, if you start your base centos6.0-iuol2.img image outside of GNS3. Otherwise script check_netmap.pl doesn’t create a valid NETMAP file.
11. Optional steps – cleaning CentOS
a) Remove .ssh/known_hosts
rm /root/.ssh/known_hosts
b) Delete temporary files
rm -rf /tmp/*
c) Clean content of files in directory /var/log/
for file in /var/log/*; do echo "" > $file; done
d) Delete bash history
echo "" > /root/.bash_history
Article Source: http://brezular.wordpress.com
Subscribe to:
Post Comments (Atom)
I just have a quick question about IOU. I just started using it a couple of days ago. I'm assuming that I should use the L3 image for routers and the L2 image for layer 2 (2950) switching. What should I use for layer 3 (3560) switching? Should I use the L3 image, or should I use the L2 image and just turn on "ip routing"? Sorry to ask such a basic question, but I want to start off on the right track. Thanks for any help that you can give.
However, if tthe original URL doesn't quite fit your
needs, why not develop your own tailored SEO course and have it added asap!
Key phrases are very important in brining your content higher in the search engine about abc a page.
My recommendation to marketers in 2007 is to pursue traffic alternatives to search
engines will display ellipses.
Feel free to visit my blog post AdWords
Good to know about How to create CISCO Switch with iOS on Unix. We are Dublin CA based iPhone APP Development Company.