Professional Documents
Culture Documents
Cisco IOU FAQ-Evil Routers
Cisco IOU FAQ-Evil Routers
About
Achievement Unlocked
Bookshelf
Cisco IOU FAQ
Free CCNA Labs
Videos
in Networking
I’ve received a lot of blog comments and e-mails since I first posted about Cisco IOU, so I have put together this comprehensive list of frequently asked questions to help alleviate
some of that.
This list of frequently asked questions has been compiled in response to an overwhelming number of requests for information about Cisco IOS-on-UNIX (IOU). It is not intended
to be comprehensive or complete and will be updated from time to time.
If you wish to share or link to the FAQ, please use this permanent URL: http://evilrouters.net/cisco-iou-faq.
Most of the information in this FAQ has been gathered from documentation that is several years old. Some of it has been discovered on my own or contributed by other users of
IOU (thank you!). I make no assurances as to the accuracy of any of the information herein. Your mileage may vary, void where prohibited, for a limited time only. All sales are
final.
An Introduction to IOU
Legal Warnings
Supported Features
Downloading IOU
Installing IOU
IOU Licensing
Using Cisco IOU
Connecting IOU to Physical Networks
Error Messages
How to Help
What is IOU?
From the Cisco Engineering Education Web Site (a long time ago):
Cisco IOS on UNIX (IOU) is a fully working version of IOS that runs as a user mode UNIX (Solaris) process. IOU is built as a native Solaris image and run just like
any other program. IOU supports all platform independent protocols and features.
With regard to functionality, it is very similar to GNS3 but it does not require nearly the resources that several virtual routers running under dynamips does.
IOU allows you to build out a network topology on a single PC without the need for physical routers. This is useful for validating network designs, proof-of-concept testing, and
certification self-study.
The versions of IOU that have been available via BitTorrent are all Linux only, I believe.
While the images should run on any 32- or 64-bit (x86/amd64) Linux host, I highly recommend using Debian GNU/Linux. Any examples that I provide in this FAQ will be based
upon Cisco IOU running on Debian.
This is not the case with IOU. To successfully install and run Cisco IOU, you will need to be familiar with the UNIX command line. Knowledge of vi (or other UNIX text editors)
and basic shell scripting would be useful.
If you have never used a UNIX CLI before, you probably want GNS3 instead.
Cisco IOS on Unix is a tool intended for internal use only. Distribution of IOU images to customers or external persons, or discussion of IOU with customers or
external persons, is prohibited. Don’t do it or we’ll have to come and kill you.
Cisco IOU, just like IOS, is copyrighted software that belongs to cisco Systems, Inc. Distribution of copyrighted software is a federal crime in the United States. I cannot speak
regarding the laws of other countries.
In addition, any requests for Cisco IOU images in the comments section of this blog will be deleted, regardless if distribution is legal in your country.
At startup, Cisco IOU attempts to make an HTTP POST of some XML data to a host at xml.cisco.com. The data includes your (short) hostname (e.g. not the FQDN), the (UNIX)
username of the user running IOU, the version of IOU in use, etc.
At the time of this writing, port 80/TCP on xml.cisco.com is not reachable from the Internet, however, so the connection (and submission of identifying data) will not be
successful. That could change at any time in the future, however, so you may want to do run the following command (as root) on the host running IOU:
This will redirect any traffic for the host xml.cisco.com to localhost.
I am told that the software is available via BitTorrent, however you will have to find those torrents on your own.
I have been told that these are available via BitTorrent as well.
I recommend creating a new directory just to contain the IOU images and related files, for example a directory named “iou” inside your home directory:
$ cd $HOME
$ mkdir iou
$ cd iou
Older IOU images apparently do not need a license key to work, such as the older Solaris images that I have.
Newer images, however, including the ones I’ve seen that are available via BitTorrent, do require a valid license key in order to run them.
While I was teaching higher-ed networking courses, I made a video showing why these basic checks are often not enough to adequately “protect” software. This video is available
on the Cisco IOU Licensing page on Free CCNA Labs, another website of mine.
Someone else has posted a quick way to patch the IOU binaries to bypass the license key check from the Linux command-line, however.
Various third parties, however, have reverse engineered the Cisco IOU software and created their own license generators, such as iougen.
Cisco IOU is not CPU-intensive like GNS3 is. A several-years-old PC will run Cisco IOU just fine.
Because I use different topologies and often switch back and forth between them, I prefer to create a separate directory for each topology and store the IOURC file and NETMAP
file (see below) in each topology’s directory.
[license]
hostname = 4242424242424242;
In this example, replace “hostname” with the actual hostname of your machine and the rest with your actual license key.
If you are unsure of the proper value to use for the hostname, simply run the following command on the command-line and use the value that it returns:
# hostname -s
Because I use different topologies and often switch back and forth between them, I prefer to create a separate directory for each topology and store the IOURC file (see above) and
NETMAP file in each topology’s directory.
You may also wish to refer to the Free CCNA Labs Topology that I use on that website. That article shows the network diagram being used for the topology and also has links to
the NETMAP file being used (with lots of frame-relay, serial, and Ethernet connections) as well as the configuration for the frame-relay switch.
Between these two, you should be able to discern how to create NETMAP files corresponding to network topologies of your own design.
The usage and available parameters you can pass to the IOU binaries are shown here:
The wrapper program can be used to redirect a TCP port to the “console” of the router so that you can do exactly this.
For example, instead of just running ./imagename <application id>, you would use something like this:
$ ./wrapper -m ./imagename -p 2000 -- -e0 -s1 -m 64 100
This would instruct the wrapper to startup the IOU image named ./imagename and listen on TCP port 2000. Any options after the double-hyphen (“–”) are passed off to the IOU
image so, in this case, our IOU instance would start up with zero Ethernet interfaces (“-e0″), one serial interface (“-s1″) — which actually means four serial interfaces in newer
images, due to a feature called “Wide Port Adapters” — and 64 MB of RAM (“-m 64″). The “application ID”, which we’ll use to refer to this instance in the NETMAP file (see
above), is 100.
The wrapper is most useful in a shell script to start up and background a number of IOU instances at once. For a complete example showing a NETMAP file and a corresponding
shell script to startup all IOU instances, see my article “iou2net.pl, an IOUlive replacement”.
Find the instance you want to stop and pass the corresponding process IDs to the kill command.
To stop all running IOU instances in a single fell swoop, use the following:
What is IOUlive?
IOUlive is a separate application that allows one to bridge an IOU instance to a physical network, similar to what can be done with dynamips and GNS3 using dynagen’s
NIO_linux_eth descriptor.
By connecting an IOU instance to IOUlive, your virtual routers can talk to devices on your physical network, as shown in this example Cisco IOU topology.
The first application, iou2net.pl, is a Perl script written by “einval” that bridges an IOU instance with the physical network. The scripts itself as well as instructions for using it are
available on the Internetworkpro wiki. In addition, my example Cisco IOU topology includes a NETMAP file and a shell script showing how to use iou2net.pl.
Another application, an x86 binary named “ioulive86″, was written by a CCIE whose identify I will not reveal. He claims that it offers greater performance and higher forwarding
throughput than iou2net.pl. He was going to publish the source code to the application but, unfortunately, that was lost when he deleted a virtual machine without backing up the
code first! Because it requires root privileges, run it at your own risk.
Download link: ioulive86.
./i86bi_linux_adventerprisek9-ms: error while loading shared libraries: libcrypto.so.4: cannot open shared
object file: No such file or directory
You either do not have libssl installed or your version is much newer than what Cisco has linked against when building the IOU images.
Next, you’ll need to make a symbolic link pointing to the libcrypto.so.4 file that IOU is looking for.
On 32-bit hosts:
$ sudo ln -s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.4
On 64-bit hosts:
Oh, come on! There must be some way to add ATM or NM-16ESW modules!
Nope.
When running “./wrapper-linux -m i86bi_linux-adventerprisek9-ms …”, I get a “No such file or directory”
error message.
Provide the correct path to the IOU image as the “-m” option. If it is in the current directory, refer to it as “./i86bi_linux-adventerprisek9-ms”, for example.
I’ve tried everything and I can’t get it to work. What should I do?
instead.
If you have corrections, additional information, tips or tricks, topologies that you’d like to share, etc., please shoot me an e-mail. I’ll be happy to add your contributions to the
FAQ. Thanks!
Related posts:
1. Defeating Cisco IOU’s License Protection
2. Example Cisco IOU Topology
3. Video Demo of DHCP on Cisco Router
4. Configuring a DHCP Server on a Cisco Router Running IOS
5. HP/Cisco LACP and STP gotcha
I've digged a little bit topic about connection to real network. May be someone is interested.
http://crypt47.blogspot.com/20...
2 • Reply • Share ›
You can always install VirtualBox (free) and run a Linux VM inside VirtualBox so that you can run IOU.
0 • Reply • Share ›
Managed to get the linux version of IOU running via Linux binary compatibility mode using emulators/linux_base-f10 under FreeBSD 9.0-current AMD64 without a hitch :)
1 • Reply • Share ›
<ol>
<li>If you get this error: "-bash: ./i86bi_linux-adventerprisek9-ms: No such file or directory"</li>
</ol>
solution:
sudo apt-get install ia32-libs
<ol>
<li>Then you get error: "./i86bi_linux-adventerprisek9-ms: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory"</li>
</ol>
Solution:
sudo ln -s /usr/lib32/libcrypto.so.0.9.8 /usr/lib32/libcrypto.so.4
• Reply • Share ›
I am simulating a full table with exabgp, which is running on a Linux host (Virtualbox), and connected to the IOU host via a iou2net tap interface. When the BGP session comes
up, the SYS-2-CHUNKBADREFCOUNT error appears few seconds.
0 1 • Reply • Share ›
Evil Routers
Me gusta 598
Popular Articles
Achievement Unlocked
Cisco IOU FAQ
Why You Should Be Blogging
Using BGP’s local preference to influence outbound routing
Hidden ProCurve commands
10 Things Your IT Guy Wants You To Know
Port forwarding a range of ports on Cisco IOS
How to Upgrade the License on a Cisco ASA
Configuring FreeRADIUS to support Cisco AAA Clients
You know you’re a computer security guy when…
Latest Comments
Kaspersky™ México
www.Kaspersky.com
Antivirus y Seguridad en Internet. ¡Descargue hoy la versión 2013!