Cisco L3 and L2 IOUs running on Fedora Linux

These steps are based on tutorial "Cisco IOU’s License Protection" and adapted for Fedora Linux. For further information about IOU licensing, please visit the site. http://evilrouters.net/2011/01/18/cisco-iou-faq/

1. Download bbe - hex editor

wget http://sourceforge.net/projects/bbe-/files/bbe/0.1.8/bbe-0.1.8-2.i386.rpm/download

2. Install rpm package

sudo rpm -ihv ./bbe-0.1.8-2.i386.rpm

3. Install openssl-devel packages and create symbolic link

The shared library libcrypto.so4 must presented either in /usr/lib/ or in /lib/. It is provided by  openssl-devel package.

sudo yum install openssl-devel

Now check the list of shared libcrypto libraries presented in your system.

$ ls -l /usr/lib/libcrypto*

lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.0.9.8 -> /lib/libcrypto.so.1.0.0d
lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.10 -> /lib/libcrypto.so.1.0.0d

$ ls -l /lib/libcrypto*

lrwxrwxrwx. 1 root root 19 Jul 9 20:24 /lib/libcrypto.so.10 -> libcrypto.so.1.0.0d
-rwxr-xr-x. 1 root root 1589068 Feb 10 2011 /lib/libcrypto.so.1.0.0d

There is only one shared libcrypto library - /lib/libcrypto.so.1.0.0d presented. All other files are symbolic links pointing to the library.

Now create a symbolic link and check the list again:

$ sudo ln -s /lib/libcrypto.so.1.0.0d /usr/lib/libcrypto.so.4

$ ls -l /usr/lib/libcrypto*

lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.0.9.8 -> /lib//libcrypto.so.1.0.0d
lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.10 -> /lib//libcrypto.so.1.0.0d
lrwxrwxrwx. 1 root root 24 Jul 18 23:21 /usr/lib/libcrypto.so.4 -> /lib/libcrypto.so.1.0.0d

4. Create a license file

$ echo -e "[license]n$(uname -n) = 0000000000000000" > iourc

5. Create NETMAP file

$ touch ./NETMAP

6. Edit L3 IOU image

for F in i86bi_linux-*;do bbe -b "/xfcxffx83xc4x0cx85xc0x75x14x8b/:10" -e  "r 7 x90x90" -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*

7. Edit L2 IOU image

$ for F in i86bi_linuxl2*;do bbe -b "/xa1xffx83xc4x0cx85xc0x75x17x8b/:10" -e "r 7 x74" -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linuxl2*

Parameter r 7 replaces bytes starting at position 7 - string 75, with string 74 (counts from zero), in the block of ten bytes - a1 ff 83 c4 0c 85 c0 75 17 8b.

8. Redirect data sent to Cisco to the localhost

When IOU image is started, IOU image sends data to xml.cisco.com. You need to make "fake" DNS entry for xml.cisco.com to avoid this behaviour.

echo "127.0.0.1 xml.cisco.com" >> /etc/hosts

9. Run IOU image

$ ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200

2222 - TCP port on which is wrapper listening 200 - application ID

In this case, none of the group of the interfaces are  specified. They are two group of Ethernet interfaces created in IOU image by default. Each group always consists from four interfaces . The same is true for Serial interfaces.

File nvram_00200 is created and consists of saved configuration.

Examples

a) ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 -- -e 1 -s 1 200

-e 1  Ethernet0/0, Ethernet0/1, Ethernet0/2, Ethernet0/3

-s 1  Serial1/0, Serial1/1, Serial1/2, Serial1/3

b) ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 -- -e 0 -s 0 200

In this example no interface is created  for IOU image.

10. Telnet to IOU image

telnet localhost 2222

Hit key enter.

11. Stopping wrapper

Ctrl-C or if wrapper is running on the background kill the process.

ps -aux | grep wrapper-linux | grep 200 | kill `echo $(cut -d " " -f2)`

54 thoughts on “Cisco L3 and L2 IOUs running on Fedora Linux

  1. Hey,

    I've installed Cisco IOU 2.0 - do you know if you can save your configs and after you reload your VMware instance the configs will be backed up and loaded on boot?

    Thanks,

    Thomas.

  2. Step 5 gives me this output :

    # for F in i86bi_linux-*;do bbe -b ./xfcxffx83xc4x0cx85xc0x75x14x8b/:10. -e .r 7 x90x90. -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*
    bbe: Error in block definition: ./xfcxffx83xc4x0cx85xc0x75x14x8b/:10.
    mv: cannot stat `i86bi_linux-adventerprisek9-ms.x': No such file or directory

    • Hi,
      there is a problem with incorrect displaying double quotes on page. The character left double quotation mark and right double quotation mark - “ ″ is being displayed everywhere on page where two double quotes should separate content.
      The command below should work in case you substitute left and right quote with double quote.

      for F in i86bi_linux-*;do bbe -b /xfcxffx83xc4x0cx85xc0x75x14x8b/:10 -e “r 7 x90x90" -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*

  3. I followed steps upto 8 without any problem. I am using fedora 15 kde. When I am executing setp 9, I am getting the error "UNIX ERR: tcgetattr: invalid argument". I thnik I have to configure the NETMAP file. But I dont know how to do that? All the steps in this tutorial is very clear. If you could write something like this for this NETMAP file and the execution, it would be very nice.

  4. Hi,

    Finally it worked with a blank NETMAP file and ignoring that error message. Thanks.

    I want to build a custom network topology. How can I do that? Is there any graphical tool for that?

  5. for F in i86bi_linux-*;do bbe -b /xfcxffx83xc4x0cx85xc0x75x14x8b/:10 -e “r 7 x90x90″ -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*

    Kindly help me where will i point this command on Fedora? please advise. Thanks.

  6. for F in i86bi_linux-*;do bbe -b /xfcxffx83xc4x0cx85xc0x75x14x8b/:10 -e “r 7 x90x90″ -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*

    Kindly help me where will i point this command on Fedora? please advise. Thanks

  7. here is my config, kindly help me so that i can make a netmap because i really need to simulate our network routing we are indeed lack of physical equipment to use so i need this IOU. thanks.

    here is my config and got an error

    [root@fedora ~]# ls
    anaconda-ks.cfg i86bi_linuxl2*.x.x install.log NETMAP
    bbe-0.1.8-2.i386.rpm i86bi_linux-*.x install.log.syslog
    i86bi_linuxl2*.x i86bi_linux-*.x.x iourc
    [root@fedora ~]# ./wrapper-linux -m ./i86bi_linux* -p 2222 200bash: ./wrapper-linux: No such file or directory
    [root@fedora ~]# ./wrapper-linux -m ./i86bi_linux* -p 2222 200
    bash: ./wrapper-linux: No such file or directory
    [root@fedora ~]#

  8. please help to solve below error

    [root@fedora Downloads]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    ./wrapper-linux: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory

  9. Hi,

    I want to create a switching lab. How can I the L2 image? I tried to run with the command "./wrapper-linux -m ./i86bi_linuxl2*.x -p 2222 500". But I got an error "IOU 1750 exit". What should I do?

    Regards
    Arefin

  10. See below error when i tried to do it again, hope you can help me build an IOU i need this for my simulation. Thanks.

    [root@fedora lib]# find / -name libcrypto.so.1.0.0d
    /usr/lib/libcrypto.so.1.0.0d
    [root@fedora lib]# echo -e "[license]n$(uname -n) = 0000000000000000" > iourc
    [root@fedora lib]# for F in i86bi_linux-*;do bbe -b "/xfcxffx83xc4x0cx85xc0x75x14x8b/:10" -e "r 7 x90x90" -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*
    bbe: Cannot open file for reading: i86bi_linux-*; No such file or directory
    mv: `i86bi_linux-*.x' and `i86bi_linux-*.x' are the same file
    [root@fedora lib]#

  11. See below error when i tried to do it again, hope you can help me build an IOU i need this for my simulation. Thanks.

    [root@fedora lib]# find / -name libcrypto.so.1.0.0d
    /usr/lib/libcrypto.so.1.0.0d
    [root@fedora lib]# echo -e “[license]n$(uname -n) = 0000000000000000″ > iourc
    [root@fedora lib]# for F in i86bi_linux-*;do bbe -b “/xfcxffx83xc4x0cx85xc0x75x14x8b/:10″ -e “r 7 x90x90″ -o $F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*
    bbe: Cannot open file for reading: i86bi_linux-*; No such file or directory
    mv: `i86bi_linux-*.x’ and `i86bi_linux-*.x’ are the same file
    [root@fedora lib]#

  12. See below already encountered again

    [root@fedora Downloads]# sudo ln -s /lib//libcrypto.so.1.0.0d /lib/libcrypto.so.4
    [root@fedora Downloads]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    ./wrapper-linux: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory
    [root@fedora Downloads]#

    please help
    thanks.

  13. [root@fedora Downloads]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    ./wrapper-linux: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory
    [root@fedora Downloads]# find / -name libcrypto.so.4
    /lib/libcrypto.so.4
    /usr/lib/libcrypto.so.4
    [root@fedora Downloads]#

  14. Hi,

    Sorry for the previous comment. I made a mistake for the L2 file name. But still I could not figure out how to prepare the complete switching lab. Could anyone please help me?

    Regards

    Arefin

  15. [root@fedora Downloads]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    ./wrapper-linux: error while loading shared libraries: /lib/libcrypto.so.4: file too short
    [root@fedora Downloads]#

    got this error please help me again. Thanks.

    • Hi,

      as root, post the ouput form these commads:

      ls -l /usr/lib/libcrypto*

      ls -l /lib/libcrypto*

      It should look like this:

      [root@COM-8510p brezular]# ls -l /usr/lib/libcrypto*
      lrwxrwxrwx. 1 root root 17 Aug 20 22:38 /usr/lib/libcrypto.so.0.9.8 -> ./libcrypto.so.10
      lrwxrwxrwx. 1 root root 14 Aug 12 20:12 /usr/lib/libcrypto.so.10 -> libcrypto.so.4
      lrwxrwxrwx. 1 root root 24 Jul 18 23:21 /usr/lib/libcrypto.so.4 -> /lib/libcrypto.so.1.0.0d
      [root@COM-8510p brezular]#

      [root@COM-8510p brezular]# ls -l /lib/libcrypto*
      lrwxrwxrwx. 1 root root 19 Jul 9 20:24 /lib/libcrypto.so.10 -> libcrypto.so.1.0.0d
      -rwxr-xr-x. 1 root root 1589068 Feb 10 2011 /lib/libcrypto.so.1.0.0d
      [root@COM-8510p brezular]#

      Bye,

  16. Hello,

    See below, I already enter the command but still encountered error sudo ln -s /lib/libcrypto.so.1.0.0d /usr/lib/libcrypto.so.4. Hope you can still help me.

    Thanks in advance.

    [root@fedora ~]# ls -l /usr/lib/libcrypto*
    lrwxrwxrwx. 1 root root 19 2011-08-27 06:47 /usr/lib/libcrypto.so -> libcrypto.so.1.0.0b
    lrwxrwxrwx. 1 root root 19 2011-08-27 06:47 /usr/lib/libcrypto.so.10 -> libcrypto.so.1.0.0b
    -rwxr-xr-x. 1 root root 1598412 2010-11-24 03:53 /usr/lib/libcrypto.so.1.0.0b
    lrwxrwxrwx. 1 root root 27 2011-08-28 04:30 /usr/lib/libcrypto.so.4 -> /usr/lib/libcrypto.so.0.9.8
    [root@fedora ~]# ls -l /lib/libcrypto*
    ls: cannot access /lib/libcrypto*: No such file or directory
    [root@fedora ~]# sudo ln -s /lib/libcrypto.so.1.0.0d /usr/lib/libcrypto.so.4
    ln: creating symbolic link `/usr/lib/libcrypto.so.4': File exists
    [root@fedora ~]# ls -l /usr/lib/libcrypto*
    lrwxrwxrwx. 1 root root 19 2011-08-27 06:47 /usr/lib/libcrypto.so -> libcrypto.so.1.0.0b
    lrwxrwxrwx. 1 root root 19 2011-08-27 06:47 /usr/lib/libcrypto.so.10 -> libcrypto.so.1.0.0b
    -rwxr-xr-x. 1 root root 1598412 2010-11-24 03:53 /usr/lib/libcrypto.so.1.0.0b
    lrwxrwxrwx. 1 root root 27 2011-08-28 04:30 /usr/lib/libcrypto.so.4 -> /usr/lib/libcrypto.so.0.9.8
    [root@fedora ~]# ls -l /lib/libcrypto*
    ls: cannot access /lib/libcrypto*: No such file or directory
    [root@fedora ~]#

    • Hi,
      I've changed the "libcrypto" part of tutorial to make it more clear. Please, read it again. From what I see, your problem is nonfunctional symbolic link:

      rwxrwxrwx. 1 root root 27 2011-08-28 04:30 /usr/lib/libcrypto.so.4 -> /usr/lib/libcrypto.so.0.9.8

      Delete and recreate again:
      rm /usr/lib/libcrypto.so.4

      ln -s /usr/lib/libcrypto.so.1.0.0b /usr/lib/libcrypto.so.4

  17. Hello,

    Please advise if this is the desire state. If it is ok is my NETMAP configuration is already ok so that I can start simulating network. Need your help again, Im new in linux but Im eager to learn linux.

    Thanks.

    [root@fedora ~]# ln -s /usr/lib/libcrypto.so.1.0.0b /usr/lib/libcrypto.so.4
    [root@fedora ~]# ls -l /usr/lib/libcrypto*lrwxrwxrwx. 1 root root 19 2011-08-27 06:47 /usr/lib/libcrypto.so -> libcrypto.so.1.0.0b
    lrwxrwxrwx. 1 root root 19 2011-08-27 06:47 /usr/lib/libcrypto.so.10 -> libcrypto.so.1.0.0b
    -rwxr-xr-x. 1 root root 1598412 2010-11-24 03:53 /usr/lib/libcrypto.so.1.0.0b
    lrwxrwxrwx. 1 root root 28 2011-10-05 23:35 /usr/lib/libcrypto.so.4 -> /usr/lib/libcrypto.so.1.0.0b
    [root@fedora ~]# ls -l /lib/libcrypto*ls: cannot access /lib/libcrypto*: No such file or directory
    [root@fedora ~]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    Waiting on port 2222 ...
    Process Id for child is 1949, parent is 1948
    UNIX ERR:tcgetattr:Invalid argument
    [root@fedora ~]# nano NETMAP
    1:0/0 2:0/0
    2:0/1 3:0/1

  18. Hello,

    I already emptied my NETMAP file then run below command, am I right to run this command after I emptied the NETMAP file?

    [root@fedora ~]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200

    After I run this command, I get this prompt then hanging up.

    Waiting on port 2222 ...
    Process Id for child is 1879, parent is 1878
    UNIX ERR:tcgetattr:Invalid argument

    Please help me again on what to do next so that I can run this properly.

    Thanks.

  19. Hello,

    I got this error when I edit the iourc

    [root@fedora ~]# nano iourc
    -e[license]nfedora = 0000000000000000

    [root@fedora ~]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    Waiting on port 2222 ...
    Process Id for child is 1905, parent is 1904

    IOU License Error: host not found in iourc file
    License for key 7f0371 required on host "fedora".
    Obtain a license for this key and host from the following location:

    http://wwwin-enged.cisco.com/ios/iou/license/index.html

    Place in your iourc file as follows (see also the web page
    for further details on iourc file format and location)

    [license]
    fedora = ;
    IOU 1905 exit

    • Hi,
      I do not use nano. Open terminal, navigate to directory when you want to create iourc file and type this command:

      echo -e "[license]n$(uname -n) = 0000000000000000" > iourc
      then check a content of iourc with:

      cat iourc

      Post the output, please.

  20. Hi Brezular,

    see below for your reference, kindly help me again...
    thanks.

    [root@fedora ~]# nano iourc
    [root@fedora ~]# rm -rf iourc
    [root@fedora ~]# ls
    anaconda-ks.cfg i86bi_linux-*.x NETMAP
    bbe-0.1.8-2.i386.rpm install.log wrapper-linux
    i86bi_linux-adventerprisek9-ms install.log.syslog
    i86bi_linuxl2*.x IOU
    [root@fedora ~]# echo -e “[license]n$(uname -n) = 0000000000000000″ > iourc
    [root@fedora ~]# cat iourc
    “[license]nfedora = 0000000000000000″
    [root@fedora ~]# ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200
    Waiting on port 2222 ...
    Process Id for child is 1889, parent is 1888

    IOU License Error: host not found in iourc file
    License for key 7f0371 required on host "fedora".
    Obtain a license for this key and host from the following location:

    http://wwwin-enged.cisco.com/ios/iou/license/index.html

    Place in your iourc file as follows (see also the web page
    for further details on iourc file format and location)

    [license]
    fedora = ;
    IOU 1889 exit
    [root@fedora ~]#

  21. Hi,

    here's my list for your reference also.

    [root@fedora ~]# ls
    anaconda-ks.cfg i86bi_linux-*.x iourc
    bbe-0.1.8-2.i386.rpm install.log NETMAP
    i86bi_linux-adventerprisek9-ms install.log.syslog wrapper-linux
    i86bi_linuxl2*.x IOU

  22. any one knows why i am getthing that erro in when i start to run web iou

    web-iou.cgi: connect to localhost failed
    [Sat Sep 17 16:51:30 2011] web-iou.cgi: connect to localhost failed (Connection refused) no (more) retries!
    Compilation failed in require at /home/webiou/WebIOL/web-iou.cgi line 2.

  23. I must be stupid or still missing something.... Could't get the symbolic link to work...

    localhost@ubunki:~/lab/lab1$ ./startrouter
    ../wrapper-linux: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory

    localhost@ubunki:/usr/bin$ ls -l /usr/lib/libcrypto*
    lrwxrwxrwx 1 root root 23 2011-05-10 19:09 /usr/lib/libcrypto.so.0.9.8 -> /lib/libcrypto.so.0.9.8
    lrwxrwxrwx 1 root root 27 2011-10-16 11:47 /usr/lib/libcrypto.so.4 -> /usr/lib/libcrypto.so.0.9.8

    localhost@ubunki:/usr/bin$ ls -l /lib/libcrypto*
    -rw-r--r-- 1 root root 1622304 2011-02-09 17:50 /lib/libcrypto.so.0.9.8

    localthos@ubunki:~/$ uname -a
    Linux ubunki 2.6.32-31-server #61-Ubuntu SMP Fri Apr 8 19:44:42 UTC 2011 x86_64 GNU/Linux

    Any advice would be appreciated.

  24. Hi!

    I am a Kubuntu user. I have converted bbe rpm package to deb package using Alien and completed the above mentioned steps. But when I run the command "./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200", I get the error that there is no router. What should I have to do?

    Thanks and Regards

    Arefin

  25. Hi!

    I did it too. But still I am getting the error "Unable to run router: No such file or directory
    IOU 2030 exit".

    I just copy and paste your command. One thing was different and that is the libcrypto version. Mine one is libcrypto.so.0.9.8. But during installation I didnt get any error.

    What did I do wrong?

    Arefin

  26. Hi!

    Regarding the above post, could anyone please help me? Have anyone tested this IOU on Ubuntu?

    Regards

    Arefin

  27. Hi Brezular,

    Thanks for the tutorial, but I can telnet to the router only from local host.
    What should I do, so I can telnet to the router from remote computer ?

    Regards
    Rian

Leave a comment

Your email address will not be published. Required fields are marked *