How to Connect IOU to a Real Cisco Gear Using iou2net.pl

Several utilities exist that can connect IOS on Unix - IOU instances to a real world.  One of them is a perl script iou2net.pl that is licensed under GNU GPL v2. The tutorial shows example of using the script together with IOU configuration in order to achieve intra VLAN communication between IOU and Cisco 3550 switch over  8021q trunk port .

Note IOU is a Cisco proprietary product dedicated for internal use only. It is not allowed to use without  permission from Cisco.

The picture below shows our testing topology. IOU is running inside Fedora 17 x86-64 Linux.

Picture 1 - Testing topology

1. Download iou2net.pl and install dependencies

You can download iou2net.pl here.

sudo yum install perl-Net-Pcap.x86_64

2. Create a symbolic link

sudo ln -s /usr/lib/libcrypto.so.1.0.0k  /usr/lib/libcrypto.so.4

3. Create iourc license file and load it with the correct licence key

In order to run IOU we have to obtain a valid license key from Cisco. The license key consists of 16 hexadecimal number and it is tied with a hostid and a hostname of our OS. Every time either the host id or the hostname is changed you have to obtain a new license key.

a) Change a system hostid 

We can check our actual host id with the following command.

hostid
007f0155

In case, it is required to change the actual hostid here is the c program that does it for us.

Reference
https://calomel.org/hostid_fake.html

 

#include <stdio.h>
#include <unistd.h>

int main(int argc, char *argv[])
{
if(argc < 2)
{
fprintf(stderr,"Single argument: Target hostidn",argv[0]);
return 1;
}
sethostid(
strtoul(argv[1],NULL,16) );
return 0;
}

Now we can compile the code.

gcc change_hostid.c -o change_hostid

Change the actual hostid if necessary.

sudo ./change_hostid 007f0100

b) Change a system hostname

We can check our actual system hostname with the following command.

hostname
k55vm

Use the command hostname with an argument to change it.

sudo hostname box

c) Create iourc licence file

echo "[license]" >> ./iourc
echo "`hostname` = 16_hexa_numbers;" >> ./iourc

Note Place a license file in the same directory where IOU binary is located.

4. Create a static DNS entry

Do not allow Cisco to be bothered with your IOU installation.

sudo su
echo "127.0.0.127 xml.cisco.com" >> /etc/hosts

As an IOU topology file - NETMAP requires to specify hostname instead of IP address add a following entry  to the local DNS file /etc/host. It maps a system hostname with the IP address 127.0.0.1.

echo "127.0.0.1 box" >> /etc/hosts

5. Create NETMAP file

echo "10:0/0@box 20:0/0@box" >> NETMAP

10   - IOU router number 10
0/0  - Interface Ethernet 0/0 of IOU router 10
box - the hostname of system on which IOU is running

20  - pseudo IOU router 20
0/0 - pseudo Ethernet interface 0/0.

6. Create an interface tap0 and  a bridge virbr0

We will create a virtual interface tap0 and bridge it with an Ethernet interface p3p1. Use tunctl utility to create an interface tap0. If no tunctl utility is installed on your system, install it using yum.

sudo yum install tunctl

Create a virtual interface tap0 owned by your username. Mine is brezular.

sudo tunctl -u brezular -t tap0

A bridge virbr0 has to be created in order to add interfaces tap0 and p3p1 to the bridge.

sudo brctl addbr virbr0

Bring particular interfaces up.

sudo ifconfig virbr0 up
sudo ifconfig tap0 up
sudo ifconfig p3p1 0.0.0.0 up

Add interfaces tap0 and p3p1 to the bridge virbr0.

sudo brctl addif virbr0 tap0
sudo brctl addif virbr0 p3p1

Check if the interfaces were added to the bridge.

Picture 2 - Bridged interfaces p3p1 and tap0

7. Start IOU

./i86bi_linux_l2-ipbasek9-ms.jan24-2013-B -m 512 -s 0 -e 1 10

-m    - 512 MB amount of RAM dedicated for IOU
-s 0  - no serial interface is created
-e 1  - IOU is started with the Ethernet interfaces e0/0, e0/1,e0/2 and e0/3.
10     - IOU router instance 10

8. Start iou2net.pl script

sudo ./iou2net.pl -t tap0 -p 20

20  -  Pseudo ID instance

9. Cisco 3550 and IOU router instance 10 configuration

a) Cisco 3550 Multilayer switch configuration

3550-I#conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550-I(config)#vlan 10
3550-I(config-vlan)#name test
3550-I(config-vlan)#exit

3550-I(config)#interface fastEthernet 0/1
3550-I(config-if)#switchport trunk encapsulation dot1q
3550-I(config-if)#switchport mode trunk
3550-I(config-if)#switchport trunk allowed vlan all
3550-I(config-if)#no shutdown
3550-I(config-if)#exit

3550-I(config)#interface vlan 10
3550-I(config-if)#ip address 192.168.10.2 255.255.255.0
3550-I(config-if)#no shutdown
3550-I(config-if)#do write
Building configuration...
[OK]

b) Cisco IOU router instance 10 configuration

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname IOU

IOU(config)#vlan 10
IOU(config-vlan)#name TEST
IOU(config-vlan)#exit

IOU(config)#interface ethernet 0/0
IOU(config-if)#switchport trunk encapsulation dot1q
IOU(config-if)#switchport mode trunk
IOU(config-if)#switchport trunk allowed vlan all
IOU(config-if)#no shutdown
IOU(config-if)#exit

IOU(config)#interface vlan 10
IOU(config-if)#ip address 192.168.10.1 255.255.255.0
IOU(config-if)#no shutdown
IOU(config-if)#do write
Building configuration...
Compressed configuration from 1170 bytes to 806 bytes[OK]

10. Testing if  VLAN traffic from vlan 10 is transferred correctly between IOU and 3550

They are following error messages presented on Cisco 3550 switch and port FastEthernet 0/1 is brought to error disable state by switch.

Picture 3 - Error on switch 3550

To avoid of shutdown of an interface FastEthernet 0/1 disable keepalives on the interface.

3550-I(config)#interface fastEthernet 0/1
3550-I(config-if)#no keepalive

The following error messages are presented on the IOU.

Picture 4 -  IOU error

As I do not know how to solve an internal port manager error displayed on IOU console, I am going to ignore it. Decrease console logging severity to 2 in order to avoid display error messages with severity 3 and above.

IOU(config)#logging console 2

Of course, ignoring error messages does not solve a problem but at least we have proved that tagged traffic is transferred between IOU and Cisco 3550 switch.

Note Seems that problems are not presented when IOU binary i86bi_linux_l2-ipbasek9-ms.may8-2013-team_track is used. Use this particular IOU binary  whenever trunk connection between IOU and a real gear is required.