The work that the author made is truly impressive : blog, cheat sheets, gentle forum and even a lab (I haven’t test because I don’t need it, but if you are a student, it is great for students and so far I have never seen any other website offering it), all integrated with a quality level that is rare to find even on professional website.

This is one the best website I have never seen in all categories and certainly the best about Cisco networking. If you are interested in this topic, visit there right now.

Complete changelog :

2010-02-10  (0.73) Jean-Christophe Baptiste <jc@phocean.net>

* remove useless options
* fix various bugs

Check there (tools page) for more details and a download link.

Complete changelog :

2010-01-14  (0.72) Jean-Christophe Baptiste <jc@phocean.net>

* ciscoclass.py : forgot to remove a debug print
* ciscoclass.py : finish and fix a bunch of bugs in the show run function, format the config file properly
* ciscoclass.py : fix the prompt regex

Check there (tools page) for more details and a download link.

There are a lot of changes, starting with cosmetics, but the biggest one is the support of multiprocessing.

It is now able to process several routers at the same time, so using it on a large list of machines results in a big speed up.

A downside is that it now requires at least Python 2.6, as multiprocessing started to be supported with this version only. Most Linux distributions now include Python 2.6, but still not all. Anyway it will be more and more the case. If you can’t uprade your distribution, you can stick with 0.60 which still do most of the work fine.

It is also now able to fetch a configuration file remotly, but it requires more testing before I feel confident in the way it works.

The complete changelog :

2009-12-20  (0.71) Jean-Christophe Baptiste ;

* ciscoclass.py : handle correctly the cisco pager — More — so that “show run” mode should work even with large config files
* sshclass.py : allow to override terminal size system settings (make use of the cisco pager to avoid filling the buffer)

2009-11-16  (0.70) Jean-Christophe Baptiste (private release)

* implement multiprocessing
* improve code documentation
* clean up UI
* reduce useless logging
* netios.py : bug : missing startTime parameter in f_skip_error and f_command functions

I cross my fingers so that there are not too many bugs, but if so, please don’t forget to report it to me.

Check there (tools page) for more details and a download link.

Netios is a little tool aimed to help network administrators to administrate a large number of Cisco network devices.
Providing it with a list of equipments, it connects within SSH to remotly apply IOS commands.

It can automatically :

• retrieve and export in a CSV file the list of local users
• update the local user, the enable password
• change NTP settings
• execute a file of customed IOS commands
• retrieve configuration files

It can read the targets from the command line or from a text file.

Its primary goal is to improve the security by making it easier to renew regularly the local password of these equipments, but it can do more convenient things (and I will continue to work to add more of them).

Check there (tools page) for more details and a download link.

#wr mem
Building configuration...
% Warning: Saving this config to nvram may corrupt any network management or security files stored at the end of nvram.
Continue? [no]: no
% Configuration buffer full, can't add command:
************************************************************************

Looks scary at first, but normally it should be solved with a single command :

# configure terminal
(config-ter)# service compress-config
(config-ter)# end
# write mem

I guess that there are little chances the issue remains after that, but if so, well, you may be in trouble…

The Nfsen collector was working well for our routers, but I came to realize there were something definitely wrong with the traffic going through a Cisco 6500 switch.

The traffic reported was way below the real one.

After some research, what I suspected was confirmed by this documentation from Cisco.

Some more steps are required to make Netflow report flow processed by the switching module.

Otherwise, as only the first packet is routed and the following ones are switched by CEF, Netflow will only see the first packet at layer 3.

That explains why the reported traffic was ridicoulously small.

So, where on routers the following commands are enough :

(config)# ip cef
(config)# ip flow-export version 5
(config)# ip flow-export destination 192.168.1.1 1234
(config)# interface fa 1
(config-if)# ip route-cache flow

On MLS switches (like 6500 or 7200), add :

(config)# mls netflow
(config)# mls nde sender
(config)# mls aging long 64
(config)# mls flow ip full

The commands are described there. Unfortunately, as often with Cisco, they may vary depending on the IOS version your are running.

service compress-config allowed me to workaround this buffer problem :

router#wr mem
Building configuration...

% Warning: Saving this config to nvram may corrupt any network management or security files stored at the end of nvram.
Continue? [no]: no
% Configuration buffer full, can't add command:
************************************************************************

%Aborting Save. Compress the config.[OK]
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#service compress-config
router(config)#exit
router#wr mem
Building configuration...
Compressed configuration from 21787 bytes to 7991 bytes[OK]

However, it requires you to use a real network card with a fixed IP for doing that. This is not really handy if, llike me, you use GNS3 on a laptop whose connectivity is frequently switching between cable and wireless, and on different subnets.

I started to look for something more convenient like a virtual interface.

I first thought about declaring a virtual IP on eth0, but no way : briding is layer 2 (based on MAC address), you can’t add eth0:0 to a bridge.

Then I found the very handy dummy interface.

Load the module :

% sudo modprobe dummy
% lsmod | grep dummy
dummy                   3192  0
% ifconfig dummy0
dummy0    Link encap:Ethernet  HWaddr AE:89:91:BD:61:87
BROADCAST NOARP  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

To have the module loaded at boot time, do :

In debian :

% echo dummy >> /etc/modules

In openSUSE, edit this line in /etc/sysconfig/kernel :

MODULES_LOADED_ON_BOOT="dummy"

Then, you could go on with the tutorial linked above, replacing eth0 with dummy0, or use the script I made :

#!/bin/sh

/bin/tunctl -t tap0
/sbin/ifconfig tap0 0.0.0.0 promisc up
/sbin/ifconfig dummy0 0.0.0.0 promisc up
/sbin/brctl addbr br0
/sbin/brctl addif br0 tap0
/sbin/brctl addif br0 dummy0
/sbin/ifconfig br0 10.10.10.99/24 up
/path/to/GNS3-0.6-src/gns3

You may also insert this line if you want to interconnect your lab network with your other networks (it activates kernel’s IP forwarding) :

echo 1 > /proc/sys/net/ipv4/ip_forward

I saved it /usr/local/bin/gns and created a pretty shortcut for the application browser of Gnome :

% cat /usr/share/applications/gns3.desktop
[Desktop Entry]
X-SuSE-translate=true
Encoding=UTF-8
Name=gns3
GenericName=Cisco routers emulator
Exec=/usr/local/bin/gns-start
Terminal=false
Type=Application
X-KDE-SubstituteUID=true
Icon=gnome-window-manager
Categories=GNOME;Network;

This shortcut will prompt you for the root password (unfortunately, when dealing with tap interface, GNS3 requires root access – security could be tighten with SELinux or AppArmor) and launch GNS3 with most of the network stuff prepared.

Just in case you want to clear that all quickly, there is the gns-stop script :

#!/bin/sh
ifconfig br0 down
brctl delif br0 tap0
brctl delif br0 eth0
brctl delbr br0
tunctl -d tap0

I sometimes use Boson Netsim, which is not only non-free but not so reliable.

However, as I just started to use GNS3 and Dynamips, I don’t know it so well yet and won’t compare any further the two solutions.

On this page, I am just summarizing the few steps to set it up on your Linux system.

First, set up the prerequisite :

$ aptitude install python-qt4

Now, go to gns3.net and download the source code for Linux (direct link).

You may extract the archive in your local application folder :

$ wget http://pfe.epitech.net/frs/download.php/819/GNS3-0.5-src.tar.gz
$ tar -xzvf GNS3-0.5-src.tar.gz -C /opt

Then, you need the dynamips binary from the dynamips blog (direct links for x86 or amd64 platforms).
The file must be executable.

$ wget http://www.ipflow.utc.fr/dynamips/dynamips-0.2.8-RC2-amd64.bin
$ chmod u+x dynamips*.bin
$ mv dynamips-0.2.8-RC2-amd64.bin /opt

Now, start GNS3 :

$ /opt/GNS3-0.5-src/gns3

In the edit menu, select preferences and go the dynamips section.

Just browse to the dynamips binary you dowloaded, to fill the value of the executable path field.

Still from the edit menu, select IOS images and hypervisors. There, you have to add all the IOS images you want to use, one after another. Normally, the default settings for each file loaded are suitable.

Back to the main window, you can drag and drop routers and link them, creating the topology you wish.

For now, just add one router. Right click on it and select start to start it up. Right click again and select console.

Enjoy ! Of course, I strongly recommand that you start reading further from this page.

Resources :

http://www.ipflow.utc.fr/blog/
http://www.gns3.net/
http://www.blindhog.net/tutorials/gns3-linux-install/gns3-linux-install.html