Router connection to LAN
We are going to get dynamips up so we can have a single cisco router up and reachable from the class network. You should already have dynamps installed if you run the ansible worksheets earlier. In the case you are working with a(n Ubuntu) machine that does not have dynamips installed you'd need to do the following:
We do not need to run this on our infrastructure.
$ sudo apt-get install dynamips dynagenOne of you needs to download pre-requiste files to the server that you all will use, so that person should open an SSH session to your workshop server and run the following.
$ cd
$ mkdir -p binary-images dynamips/work
$ cd binary-images
$ wget http://wsnoc.nsrc.org/downloads/c3725-12415T14.bin
$ wget http://wsnoc.nsrc.org/downloads/c7200-1514M4.bin
$ cd ~/workshop-kit
$ git pullNote that CISCO does not allow distribution of IOS images - so technically the way someone gets IOS images is say off a router they are running. There are some license issues as far as running IOS on dynamips goes - officially CISCO does not recognise/officially support this so this is something to keep in mind when running your classes.
You will all run dynamips for this session so we need to create a directory structure that will have us avoid stomping on each other. For the exercise bellow, assign yourselves within your group a number from 1 to 3 (which we'll reffer to as X) and pick a name (say your first name) that you will use for a directory (which we'll reffer to as NAME)
With that in mind, each one of you needs to open two ssh sessions to the mac mini (in different windows) and do the following:
In the first SSH session/window to the server (s1.ws.nsrc.org):
$ cd
$ mkdir -p dynamips/NAME/work dynamips/NAME/tmp
$ cd dynamips/NAME/tmp
$ dynamips -H 720XIn a second SSH session/window to the server (s1.ws.nsrc.org):
$ cd $HOME/dynamips/NAME
$ vi routers.netCreate a routers.net looks like the following: substutute NAME and X respectively.
# Using c7200-advipservicesk9-mz.151-4.M4
model = 7200
[s1.ws.nsrc.org:720X]
workingdir = /home/nsrc/dynamips/NAME/work
udp = 1XX00
[[7200]]
image = /home/nsrc/binary-images/c7200-1514M4.bin
ram = 176
npe = npe-400
ghostios = True
idlepc=0x60608f64
slot1 = PA-GE
slot2 = PA-GE
slot3 = PA-GE
slot4 = PA-GE
slot5 = PA-GE
slot6 = PA-GE
##########################################
# single router tapped into network
[[router rX]]
model = 7200
console = 201X
aux = 301X
gi1/0 = NIO_tap:tap1XSave this and use dynagen to load your routers.net
$ dynagen routers.netYou should now be able to see your router listed in dynagen using the list command. You can get more details about a router using the show device rX command. You can reload a router using the reload rX command. You can see what your .net looks like using the show run command. You can also use the ? to see some other dynagen commands or completions to the current command. In this case we've substitued the relevant number with X and the chosen name with NAME. What you type is at the => prompt.
Reading configuration file...
Network successfully loaded
Dynagen management console for Dynamips and Pemuwrapper 0.11.0
Copyright (c) 2005-2007 Greg Anuzelli, contributions Pavel Skovajsa
=> list
Name Type State Server Console
rX 7200 running s1.ws.nsrc.org:720X 201X
=> show run
[s1.ws.nsrc.org:720X]
workingdir = /home/nsrc/dynamips/NAME/work
udp = 1XX00
[[7200]]
image = /home/nsrc/binary-images/c7200-1514M4.bin
ram = 176
idlepc = 0x60608f64
[[ROUTER rX]]
slot1 = PA-GE
g1/0 = nio_tap:tap1X
slot2 = PA-GE
slot3 = PA-GE
slot4 = PA-GE
slot5 = PA-GE
slot6 = PA-GE
=> show device rX
Router rX is running
Hardware is dynamips emulated Cisco 7206VXR NPE-400 with 176 MB RAM
Router's hypervisor runs on s1.ws.nsrc.org:7211, console is on port 201X
Image is /home/nsrc/binary-images/c7200-1514M4.bin with idle-pc value of 0x60608f64
Idle-max value is 1500, idlesleep is 30 ms
128 KB NVRAM, 64 MB disk0 size, 0 MB disk1 size
slot 1 hardware is PA-GE with 1 interface
GigabitEthernet1/0 is connected to real TAP tap1X interface
slot 2 hardware is PA-GE with 1 interface
GigabitEthernet2/0 is empty
slot 3 hardware is PA-GE with 1 interface
GigabitEthernet3/0 is empty
slot 4 hardware is PA-GE with 1 interface
GigabitEthernet4/0 is empty
slot 5 hardware is PA-GE with 1 interface
GigabitEthernet5/0 is empty
slot 6 hardware is PA-GE with 1 interface
GigabitEthernet6/0 is empty
=> ?
Documented commands (type help <topic>):
========================================
capture confreg cpuinfo export hist list py save show suspend
clear console end filter idlepc no reload send start telnet
conf copy exit help import push resume shell stop ver
You should now be able to telnet to the console port that you defined earlier using s1 as the host in another terminal. So if you're on windows open putty and make sure that the protocol is telnet and the port is 201X. On a UNIX terminal (OS X or Linux)
$ telnet s1.ws.nsrc.org 201XPress enter to get the "Would you like to enter the initial configuration dialog? [yes/no]: " prompt and just hit control+c. Next up is a basic cisco configuration that should look like the following:
Substitute YYYYYYYY with the secret password distributed in class.
Hint: you can use a text editor to prepare this then paste it in a config session.
service password-encryption
hostname rX
enable secret YYYYYYYY
!
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
username nsrc secret YYYYYYYY
!
interface GigabitEthernet1/0
description link to outside
ip address 10.10.0.21X 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.10.0.254
!
ip domain-name ws.nsrc.org
no ip domain-lookup
crypto key generate rsa modulus 2048
ip ssh version 2From the router
rX# ping 10.10.0.254
rX# ping 8.8.8.8From a pc connected to your wifi
ping 10.10.0.21XYou should be able to login to your router using SSH
Remember the ansible scripts created two "bridges" and connected "tap" interfaces to the bridges. To see the bridges you have you can use the brctl show command
nsrc@s1:~$ brctl show br-wan
bridge name bridge id STP enabled interfaces
br-wan 8000.b88d12562ec1 no eth1
nsrc@s1:~$ brctl show br-lan
bridge name bridge id STP enabled interfaces
br-lan 8000.06998e50dc16 no eth0
tap11
tap12
tap13
tap14
tap15
tap16
tap17
tap18
tap19
nsrc@s1:~$ So each of these routers live in a separate dynamips cloud but connect to the br-lan bridge through interfaces tap11, tap12 or tap13 depending on what you put in your routers.net file.
The ip address you set as your default gateway sits on the bridge itself.
nsrc@s1:~$ ip addr show br-lan
4: br-lan: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 06:99:8e:50:dc:16 brd ff:ff:ff:ff:ff:ff
inet 10.10.0.241/24 brd 10.10.0.255 scope global br-lan
inet 10.10.0.254/24 brd 10.10.0.255 scope global secondary br-lan:0
nsrc@s1:~$ The following diagram illustrates this:
Router connection to LAN
In the second window where you run dynagen ..
=> exitIn the first window where you run Dynamips, use control+c to quit it.
You can safely clean out the tmp and work directories
cd
rm dynamips/NAME/work/* dynamips/NAME/tmp/*