Continuing, or rather completing the overview of various emulators of Cisco Systems equipment, I will dwell on Cisco IOU (Cisco IOS on UNIX).
It is this emulator that contains the maximum number of features and the minimum number of functional restrictions (I remind you that it does not apply and only Cisco employees are allowed to use it).
Its main advantages are that it is fast enough and works well with the data link layer.
To be as precise as possible, IOU works only under Solaris, and under Linux IOL is launched, but everyone is used to using one common name, therefore I will stick to the common name in the article.

We will consider it from beginning to end, from installation to configuration, and at the end we will release it into a real network.

Those who are only interested in configuring IOUs can skip the installation step and go straight to configuring IOUs .

Installation

So, at the beginning of the installation.
We will not consider options with pre-installed IOU, there are many different assemblies, but it is much more interesting to assemble everything with your own hands.
So let's go from scratch.
In order to independently build IOUs, basic knowledge of Unix-like systems is required.
Take Linux, for example, rpm-based CentOS (although a variant using Debian is also possible). And the virtualization tool - VMware or VirtualBox to taste. Although the Cloud will not work when using VirtualBox (that is, it will not be possible to release IOUs into a real network).
First you need to create a virtual machine and install CentOS (this process is beyond the scope of the article and is not particularly difficult, but you can read about the installation, for example, here orhere .
After that, make sure that there are two virtual network interfaces in the virtual machine.
One of the interfaces will go to the real network ( bridge mode ), and the second to control IOU ( host-only ).



And configure them accordingly:

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

and

# vi /etc/sysconfig/network-scripts/ifcfg-eth1

Key lines will consist of

DEVICE="eth0"
BOOTPROTO=static
ONBOOT=yes
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.255.0

in case of a static address and

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
в случае получения адреса по DHCP.

As you can see, you need to specify a static IP address, mask or DHCP, and restart the network subsystem for the changes to take effect:

# service network restart

For IOU to work correctly, and in particular for simplification, SELinux and iptables can be disabled.

You can view the current SELinux mode by doing:

# sestatus

To turn it off before the first reboot, just do:

# echo 0 >/selinux/enforce

For constant changes, you can edit its configuration file to this type:

# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

And disabling the firewall:

# service iptables stop
# chkconfig iptables off

After that we proceed to the installation of the web frontend.
Most recently, it was updated to version 1.2.2-21
From the new:

• The new OVF format: it is smaller and easier to install;
• It became faster: the code was rewritten, the database was optimized;
• Instead of ioulive86, now iou2net.pl: The cloud can be launched before the start of the IOU;
• More than one Cloud is now supported;
• iousniffer: it became possible to analyze traffic;
• Selective import: you can choose what you want to import;
• Added html image maps: now images can become active links;
• Added countdown: useful for those who work out tasks for CCIE;
• Delayed loading: device loading may be delayed;
• Web console: the web console is working, but the work requires the availability of unprivileged ports (32768-61000);
• Reset console: you can reset on all or one terminal connection;
• We recommend using the Google Chrome browser;
• Many bugs fixed;

First you need to create the file /etc/yum.repos.d/iou-web.repo with the following contents:

# /etc/yum.repos.d/iou-web.repo
[iou-web]
name=IOU Web Interface
baseurl=http://public.routereflector.com/iou-web/yum
enabled=1
gpgcheck=1
gpgkey=http://public.routereflector.com/iou-web/yum/RPM-GPG-KEY-iou-web

This will add a new repository to the system from which iou-web will be installed and updated.

Then actually install iou-web:

# yum install iou-web

And create a symlink on libcrypto.so.4 without which neither l2 nor l3 will start:

# ln -s /usr/lib/libcrypto.so.10 /usr/lib/libcrypto.so.4

All necessary missing dependencies (like apache and php) will be tightened during the installation of iou-web.
The files will appear in the / opt / iou directory , moreover, the necessary configs for the web server will also appear.
An entry will also appear at the end of the / etc / hosts file:

# tail -n 1 /etc/hosts
127.0.0.127 xml.cisco.com

This line is likely to block the ability to send information to the Cisco server.

The apache config will also appear (in which xml.cisco.com is also found):



There is no need to make changes, everything will work right away.
It can be seen that Andrea Dainese (iou-web developer) tried to simplify the life of users as much as possible and reduce the number of additional actions to a minimum.

It remains to start the web server

# service httpd start

and indicate the launch at each system boot:

# chkconfig httpd on

This completes the installation of the web frontend.

Customization

To log in to iou-web, you just need to find out the IP address of the interface, which works in host-only mode.

# ifconfig eth1
eth1      
Link encap:Ethernet  HWaddr 00:0C:29:19:D8:CD
          inet addr:192.168.xxx.xxx  Bcast:192.168.xxx.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0

After that, just open the browser (Google Chrome is recommended) and specify this IP address there.
A web frontend will appear before your eyes, quite minimalistic, but at the same time with a nice design.

There is no direct installation of IOU as such, you just need to copy the files (using Upload IOS) that were compiled under Linux.
Two parts are needed - l2 and l3.
Cisco keeps pace with the times, and these two layers are not clearly divided into channel and network. At the moment, L3 more or less corresponds to an ISR level router, and L2 is a multi-player to a 3560 level switch.

The latest version for today is IOS 15.2 for routers and IOS 15.1 for switches.

After you get l2 and l3, you can open the web interface and download these files.

To do this, go to Manage - Manage IOS , specify the full name of the file, an alias (alias) which will then be displayed during the creation of the topology, for example L3 15.2, by pressing open we select the file and finally the upload button will load the IOU into the virtual machine, into the / opt / directory iou / bin .



You can proceed to use.
But if you try to start any topology, we get the error message “you must fill license file (/ opt / iou / bin / iourc) before starting devices” .
As the author of the web interface writes, contact your head in the Cisco department for a license.
The IOU looks at the iourc file every time it starts for a license key.

In a nutshell about licensing.
The license consists of a key that uses information about the current host, when you try to move or copy to another host, the use of IOU becomes impossible.
But in reality, things are somewhat different.

Note: The author of the article ( sinist3r ) is not the author of the license generator, and does not urge to use it in any way. Information is provided for informational purposes only.

The script for generating licenses was written by Kel in 2011. He ported to Python the original code written in C in 2006.

The script itself is not provided for obvious reasons.

To use it, you need to add a bit to execute:

#chmod 0755  CiscoIOUKeygen.py

And actually the launch:

./CiscoIOUKeygen.py

View inference

[license]
hostname = key;

You will need to copy and paste in the Manage - Manage license section .

And completing the setup, the final touch.
By default, a click on devices will launch the standard telnet client.



This is not very convenient, especially when you consider that in the latest versions of Windows it is no longer preinstalled. It is much more common to use PuTTY.
In order for PuTTY to open in a browser, you need to create a file for the registry of the form:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\telnet]
@="URL:Telnet Protocol"
"EditFlags"=dword:00000002
"URL Protocol"=""
"FriendlyTypeName"="@C:\\WINDOWS\\system32\\ieframe.dll.mui,-907"
[HKEY_CLASSES_ROOT\telnet\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
  6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\telnet\shell]
[HKEY_CLASSES_ROOT\telnet\shell\open]
[HKEY_CLASSES_ROOT\telnet\shell\open\command]
@="\"C:\\Program Files\\PuTTY\\putty.exe\" %1"

Naturally, do not forget to specify the correct PuTTY location.
In the case of a 64-bit system, the last line will look like:

@="\"C:\\Program Files (x86)\\PuTTY\\putty.exe\" %1"

After that, save the file with the extension reg, run it and accept the changes.

And now we pass to the most interesting - we create our topology.

Create your own topology in IOU

In order to create a new stand / laboratory, go to the Laboratories section and click on Add new Lab .



A page will open on which you will need to fill in the following fields:
Name, Description - the name and description play a purely informational role.
Time - a reverse report that can be set, probably makes sense when preparing for CCIE.
Display diagram? - if enabled, then the topology with all devices (which can be dragged by the cursor) will be shown, if disabled, only “active images” will remain - these are fixed circuits with clickable devices (with drawn areas, port numbers, etc.)
Additional Info- here you can write questions, or some other
Netmap text - this is where the connections between devices

are set. Here it is worth taking a brief digression and considering several features of IOU.
IOU L3 supports two network modules NM-4E and NM-4T - for Ethernet and Serial, respectively.
When choosing both modules, Ethernet is always the first.
IOU L2 - only supports Ethernet.
For example, one NM-4E and one NM-4T looks like: e0 / 0-0 / 3, s1 / 0-1 / 3

Suppose we want to create the following stand:

R1 e0 / 0 which is connected to R2 e0 / 0
R1 s1 / 0 is connected to R3 s0 / 0
R1 e0 / 1 - SW1 e0 / 0
R2 e0 / 1 - SW1 e0 / 1

Then the syntax for netmap will be as follows:

1:0/0 2:0/0 
1:1/0 3:0/0 
1:0/1 4:0/0 
2:0/1 4:0/1

The first digit is the device ID (an arbitrary value, which plays an informational role rather, it’s a good idea to match the device number in the name) and then the colon number / port number is indicated through a colon. As you can see, this is almost standard Cisco interface naming.

After that, click the Add button . As a result, there will be many more settings.



Apply an Initial Config Pack to all device will be considered later.
At this point, just specify the names and select the appropriate IOS.
Next, you need to fill in the RAM and NVRAM fields , for the 15th IOS at least 256RAM and 64 NVRAM are recommended.
And now the most important thing is the interfaces.

It is important not to leave Eth fieldsand Ser are empty - otherwise 8 NM modules will be added.
It turns out that for R1 we have 1 NM-4E and 1 NM-4T, for R2 - 1 NM-4E and 0 NM-4T, for R3 - only Serial, which means 0 NM-4E and 1 NM-4T and for SW1 - 1 NM-4E and 0 NM-4T.
Next we see check L2 keepalive - this technology corrects the situation when the interface is up, even if everything is turned off at the other end. It works only in purely switch labs, in mixed topologies it is recommended not to include it.
Watchdog - the author of iou-web highly recommends leaving it always on.

Cisco processors have timers that protect the system from certain types of hangs. The CPU periodically resets the watchdog timer. The watchdog timer basically controls the time of each process. If the duration of the process is longer than it should be, the watchdog timer is used to terminate the process.

Then comes the drop-down list allowing you to select the type of device and the corresponding image.
The option - Boot delay - allows you to set the delay in seconds before starting, for example, you can set so that all devices start to start immediately, and some routers after 20 seconds.
And the last option, Initial Config - directly depends on the Initial Config Pack - and so far will remain unchanged.

In addition, at the bottom there is also the Images section , which allows you to upload your images in png format.
For example, you can draw diagrams in Dia / Visio and then load them into stands.
Click save and go to the freshly created stand by clicking on it.



On the Diagram tab - you can place the device to your taste and save the location.
And on the Devices tab , the main control takes place.



By clicking on the Start all devices button , you can actually start the stand.
Now, after clicking on the open console button, a terminal window will open next to each device (putty if changes to the registry have been added).
By clicking on the Wireshark icon, you can start traffic sniffing.
You can collect saved pcap files in the Downloads - Sniffer section .

Returning to the missing Initial Config Pack option .
If desired, you can configure all devices, save the settings with the wr command , and then type copy running-config unix: on each device in order to save the configs to disk.
Then click the Copy all unix: // running-config files to database button in order to export all the configs.
And now you can go to the Laboratories section and see the freshly created config pack.
This file will be called the same as the stand itself, but only without a description.



Now you can enter the stand editing mode and select the freshly created config pack in the Apply an Initial Config Pack to all device menu and save the changes.



In order for them to take effect, in the tabDevices click "stop all devices and wipe all configurations" button . And now you can run the stand with the config pack.

IOU in a real network

Now let's try to bring all this to a real network.
To do this, the IOU uses the concept of the Cloud (up to 8 pieces).
Let's go into the editing mode of the laboratory.
Take R1, an Ethernet module.
For the Cloud, you can visually use large ID values, for example 800.
Let's add one line in the NETMAP field:

1:0/2 800:0/0

Save and go to the already familiar advanced editing mode.
The name is arbitrary, the IOS field must be left empty.
In the ethernet field, type eth1, if eth1 is a virtual network adapter that looks into an existing network in bridge mode.
Then select Picture - Cloud (this is important enough).



And, in fact, we save the result and run all the devices.





We see that the goal has been achieved.

Summary

With the advent of the version for linux and the web frontend, working with IOU is not particularly difficult, everything is implemented quite logically.
In many cases, this emulator leaves far behind GNS / Dynamips, especially when it comes to link layer and switches.
IOU is still the best tool for preparing for CCNP / CCIE, and for Troubleshoot.

The writing process mainly used materials from the Route Reflector site .

The user netvolart got ahead of me by releasing an article with partially overlapping material.

As always, all articles in the series can be found on linkmeup.ru.
All releases of the first podcast for linkmeup signalmen are also located there.