From 07c8590d772cb7c27d2af01b4887b36d993e8c70 Mon Sep 17 00:00:00 2001 From: Chris McCoy Date: Thu, 18 Jan 2018 17:41:38 -0500 Subject: [PATCH] Renumber VIRL topology files as reflected in the actual lesson numbers --- virl_topologies/{8.4-1.virl => 8.10-1.virl} | 0 virl_topologies/{8.4-2.virl => 8.10-2.virl} | 0 virl_topologies/8.13.virl | 1407 +++++++++++++++++++ virl_topologies/8.2-1.virl | 560 -------- virl_topologies/{8.1.virl => 8.4.virl} | 0 virl_topologies/8.6.virl | 929 +----------- virl_topologies/{8.2-2.virl => 8.7.virl} | 0 virl_topologies/{8.3-1.virl => 8.9.virl} | 0 8 files changed, 1448 insertions(+), 1448 deletions(-) rename virl_topologies/{8.4-1.virl => 8.10-1.virl} (100%) rename virl_topologies/{8.4-2.virl => 8.10-2.virl} (100%) create mode 100644 virl_topologies/8.13.virl delete mode 100644 virl_topologies/8.2-1.virl rename virl_topologies/{8.1.virl => 8.4.virl} (100%) rename virl_topologies/{8.2-2.virl => 8.7.virl} (100%) rename virl_topologies/{8.3-1.virl => 8.9.virl} (100%) diff --git a/virl_topologies/8.4-1.virl b/virl_topologies/8.10-1.virl similarity index 100% rename from virl_topologies/8.4-1.virl rename to virl_topologies/8.10-1.virl diff --git a/virl_topologies/8.4-2.virl b/virl_topologies/8.10-2.virl similarity index 100% rename from virl_topologies/8.4-2.virl rename to virl_topologies/8.10-2.virl diff --git a/virl_topologies/8.13.virl b/virl_topologies/8.13.virl new file mode 100644 index 0000000..5092323 --- /dev/null +++ b/virl_topologies/8.13.virl @@ -0,0 +1,1407 @@ + + + + false + flat + true + ospf + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to iosv-2 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +package_update: true +packages: +- quagga +bootcmd: +- ip route del default via 172.16.1.1 +- ip route add default via 172.16.1.2 +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- systemctl enable zebra ospfd +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/network/interfaces + owner: root:root + permissions: '0644' + content: |- + source-directory /etc/network/interfaces.d + auto eth0 + iface eth0 inet dhcp + gateway 172.16.1.2 +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ip link set eth1 up + ip addr add 10.0.0.1/17 dev eth1 + # Use routes from Quagga instead + #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 +- path: /etc/network/interfaces.d/eth1 + owner: root:root + permissions: '0644' + content: |- + iface eth1 inet manual +- path: /etc/quagga/zebra.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + enable password cisco + interface eth0 + interface eth1 + line vty +- path: /etc/quagga/ospfd.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + log stdout + interface eth1 + ip ospf cost 1 + router ospf + ospf router-id 10.0.0.1 + network 10.0.0.1/17 area 0.0.0.0 + network 192.168.0.4/32 area 0.0.0.0 + network 10.0.128.2/32 area 0 + line vty +- path: /root/get-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to download IOS config from %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=4)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=1)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /root/merge-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to upload IOS config to %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=1)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=4)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /etc/default/atftpd + owner: root:root + permissions: '0644' + content: |- + USE_INETD=false + # OPTIONS below are used only with init script + OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp" +- path: /srv/tftp/router.cfg + owner: nobody:nogroup + permissions: '0644' + content: |- + ! + ! Last configuration change at 23:19:07 UTC Tue Aug 29 2017 by cisco + ! + version 15.6 + service timestamps debug datetime msec + service timestamps log datetime msec + service password-encryption + ! + hostname iosv-2 + ! + boot-start-marker + boot-end-marker + ! + ! + vrf definition Mgmt-intf + ! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! + enable password 7 060506324F41 + ! + aaa new-model + ! + ! + aaa authentication login default group radius local line + aaa authorization exec default group radius if-authenticated + ! + ! + ! + ! + ! + aaa session-id common + ethernet lmi ce + ! + ! + ! + mmi polling-interval 60 + no mmi auto-configure + no mmi pvc + mmi snmp-timeout 180 + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + no ip domain lookup + ip domain name virl.info + ip cef + ipv6 unicast-routing + ipv6 cef + ! + multilink bundle-name authenticated + ! + ! + ! + ! + username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. + ! + redundancy + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 + ! + interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ip address 172.16.1.191 255.255.255.0 + duplex full + speed auto + media-type rj45 + ! + interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + media-type rj45 + ! + router ospf 1 + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 192.168.0.4 0.0.0.0 area 0 + ! + router bgp 1 + bgp router-id 192.168.0.4 + bgp log-neighbor-changes + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family + ! + ip forward-protocol nd + ! + ! + no ip http server + no ip http secure-server + ip ssh server algorithm authentication password + ! + ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 + ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 + ! + ip radius source-interface Loopback0 + ! + snmp-server community supersecret RW SNMP-RW + snmp-server chassis-id + ! + ! + ! + radius server RADIUS + address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 + key 7 13061E0108030723382727 + ! + ! + control-plane + ! + banner exec ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + banner incoming ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + banner login ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + ! + line con 0 + password 7 0822455D0A16 + line aux 0 + line vty 0 4 + exec-timeout 720 0 + password 7 1511021F0725 + transport input telnet ssh + ! + no scheduler allocate + ! + end + + + + + 2 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +snmp-server community supersecret rw SNMP-RW +line vty 0 4 + transport input ssh telnet + access-class IN-VTY in vrf-also + exec-timeout 720 0 + password cisco + login local + line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.1 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.2 255.255.128.0 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description to admin-1 + ip address 10.0.128.5 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.1 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 10.0.128.0 0.0.0.3 area 0 + network 10.0.128.4 0.0.0.3 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.1 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.1 mask 255.255.255.255 + neighbor 192.168.0.4 activate + exit-address-family +! +! +! +end + + + + 2 + + + + + 3 + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +package_update: true +packages: +- snmp +- freeradius +- tshark +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +- cp /tmp/clients.conf.new /etc/freeradius/clients.conf +- cp /tmp/users.new /etc/freeradius/users +- systemctl enable freeradius +- systemctl start freeradius +- chown -R cisco:cisco /home/cisco +- sudo -u cisco /home/cisco/http-chatter.sh & +- sudo -u cisco /home/cisco/snmp-chatter.sh & +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 +- path: /tmp/clients.conf.new + content: | + client 192.168.0.0/24 { + secret = ciscocisco + nastype = cisco + shortname = virl + } + owner: "root:root" + permissions: '0640' +- path: /tmp/users.new + content: | + admin Cleartext-Password := "secret123" + Service-Type = NAS-Prompt-User, + Cisco-AVPair = "shell:priv-lvl=15" + owner: "root:root" + permissions: '0640' +- path: /home/cisco/http-chatter.sh + content: | + #!/bin/bash + while true; do + curl -u admin:secret123 http://192.168.0.4 + sleep 15 + done + owner: "root:root" + permissions: '0755' +- path: /home/cisco/snmp-chatter.sh + content: | + #!/bin/bash + while true; do + snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 + sleep 15 + done + owner: "root:root" + permissions: '0755' + + + + + + 3 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.6 +service timestamps debug datetime msec +service timestamps log datetime msec +service password-encryption +! +hostname iosv-2 +! +boot-start-marker +boot-end-marker +! +! +vrf definition Mgmt-intf + ! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +enable password 7 060506324F41 +! +aaa new-model +! +! +aaa authentication login default group radius local line +aaa authorization exec default group radius if-authenticated +! +! +! +! +! +aaa session-id common +ethernet lmi ce +! +! +! +mmi polling-interval 60 +no mmi auto-configure +no mmi pvc +mmi snmp-timeout 180 +! +! +! +! +! +! +! +! +! +! +! +no ip domain lookup +ip domain name virl.info +ip cef +ipv6 unicast-routing +ipv6 cef +! +multilink bundle-name authenticated +! +! +! +! +username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. +! +redundancy +! +! +! +! +! +! +! +! +! +! +! +! +! +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ip address 172.16.1.182 255.255.255.0 + duplex full + speed auto + media-type rj45 +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + media-type rj45 +! +router ospf 1 + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 192.168.0.4 0.0.0.0 area 0 +! +router bgp 1 + bgp router-id 192.168.0.4 + bgp log-neighbor-changes + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family +! +ip forward-protocol nd +! +! +ip http server +ip http authentication aaa login-authentication default +no ip http secure-server +ip ssh server algorithm authentication password +! +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +! +ip radius source-interface Loopback0 +! +snmp-server community supersecret RW SNMP-RW +snmp-server chassis-id +! +! +! +radius server RADIUS + address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 + key 7 13061E0108030723382727 +! +! +control-plane +! +banner exec ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +banner incoming ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +banner login ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +! +line con 0 + password 7 0822455D0A16 +line aux 0 +line vty 0 4 + exec-timeout 720 0 + password 7 1511021F0725 + transport input telnet ssh +! +no scheduler allocate +! +end + + + + 2 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: admin-1 +manage_etc_hosts: true +runcmd: +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.128.6 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + route add -net 10.0.0.0/16 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + exit 0 + + + + + + + + + + + + + diff --git a/virl_topologies/8.2-1.virl b/virl_topologies/8.2-1.virl deleted file mode 100644 index 8a49f0c..0000000 --- a/virl_topologies/8.2-1.virl +++ /dev/null @@ -1,560 +0,0 @@ - - - - false - flat - true - - - - ! IOSvL2 Config generated on 2017-08-13 13:49 -! by autonetkit_0.23.5 -! -version 15.2 -service timestamps debug datetime msec -service timestamps log datetime msec -no service password-encryption -service compress-config -no service config -enable password cisco -ip classless -ip subnet-zero -no ip domain lookup -! -line vty 0 4 -transport input ssh telnet -exec-timeout 720 0 -password cisco -login -! -line con 0 -password cisco -! -hostname iosvl2-1 -! -boot-start-marker -boot-end-marker -! -! -! -no aaa new-model -! -vtp domain virl.lab -vtp mode transparent -! -vlan 2 - name ank_vlan2 -vlan 3 - name ank_vlan3 -! -! -! -! -no cdp run -! -! -! -ip cef -no ipv6 cef -! -! -spanning-tree mode pvst -spanning-tree extend system-id -! -vlan internal allocation policy ascending -! -! -! -! -vrf definition Mgmt-intf -! - address-family ipv4 - exit-address-family - ! - address-family ipv6 - exit-address-family -! -! -! -! -! -interface Loopback0 - description Loopback -! -interface GigabitEthernet0/0 - description OOB management - ! Configured on launch - no switchport - vrf forwarding Mgmt-intf - no ip address - no shutdown -! -interface GigabitEthernet0/1 - description to iosvl2-2 - switchport trunk encapsulation dot1q - switchport mode trunk - no shutdown -! -interface GigabitEthernet0/2 - description to iosv-1 - switchport access vlan 2 - switchport mode access - no shutdown -! -interface GigabitEthernet0/3 - description to kali-1 - switchport access vlan 2 - switchport mode access - no shutdown -! -interface GigabitEthernet1/0 - description to victim-1 - switchport access vlan 2 - switchport mode access - no shutdown -! -! -ip forward-protocol nd -! -no ip http server -no ip http secure-server -! -! -! -! -! -! -control-plane -! -! -! -end - - - - - - - - - - - ! IOSvL2 Config generated on 2017-08-13 13:49 -! by autonetkit_0.23.5 -! -version 15.2 -service timestamps debug datetime msec -service timestamps log datetime msec -no service password-encryption -service compress-config -no service config -enable password cisco -ip classless -ip subnet-zero -no ip domain lookup -! -line vty 0 4 -transport input ssh telnet -exec-timeout 720 0 -password cisco -login -! -line con 0 -password cisco -! -hostname iosvl2-2 -! -boot-start-marker -boot-end-marker -! -! -! -no aaa new-model -! -vtp domain virl.lab -vtp mode transparent -! -vlan 2 - name ank_vlan2 -vlan 3 - name ank_vlan3 -! -! -! -! -no cdp run -! -! -! -ip cef -no ipv6 cef -! -! -spanning-tree mode pvst -spanning-tree extend system-id -! -vlan internal allocation policy ascending -! -! -! -! -vrf definition Mgmt-intf -! - address-family ipv4 - exit-address-family - ! - address-family ipv6 - exit-address-family -! -! -! -! -! -interface Loopback0 - description Loopback -! -interface GigabitEthernet0/0 - description OOB management - ! Configured on launch - no switchport - vrf forwarding Mgmt-intf - no ip address - no shutdown -! -interface GigabitEthernet0/1 - description to iosvl2-1 - switchport trunk encapsulation dot1q - switchport mode trunk - no shutdown -! -interface GigabitEthernet0/2 - description to iosv-1 - switchport access vlan 3 - switchport mode access - no shutdown -! -interface GigabitEthernet0/3 - description to server-1 - switchport access vlan 3 - switchport mode access - no shutdown -! -! -ip forward-protocol nd -! -no ip http server -no ip http secure-server -! -! -! -! -! -! -control-plane -! -! -! -end - - - - - - - - - - #cloud-config -bootcmd: -- ln -s -t /etc/rc.d /etc/rc.local -hostname: kali-1 -manage_etc_hosts: true -runcmd: -- start ttyS0 -- systemctl start getty@ttyS0.service -- systemctl start rc-local -- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config -- echo "UseDNS no" >> /etc/ssh/sshd_config -- service ssh restart -- service sshd restart -users: -- default -- gecos: User configured by VIRL Configuration Engine 0.23.10 - lock-passwd: false - name: cisco - plain-text-passwd: cisco - shell: /bin/bash - ssh-authorized-keys: - - VIRL-USER-SSH-PUBLIC-KEY - sudo: ALL=(ALL) ALL -write_files: -- path: /etc/init/ttyS0.conf - owner: root:root - content: | - # ttyS0 - getty - # This service maintains a getty on ttyS0 from the point the system is - # started until it is shut down again. - start on stopped rc or RUNLEVEL=[12345] - stop on runlevel [!12345] - respawn - exec /sbin/getty -L 115200 ttyS0 vt102 - permissions: '0644' -- path: /etc/systemd/system/dhclient@.service - content: | - [Unit] - Description=Run dhclient on %i interface - After=network.target - [Service] - Type=oneshot - ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease - RemainAfterExit=yes - owner: root:root - permissions: '0644' -- path: /etc/rc.local - owner: root:root - permissions: '0755' - content: |- - #!/bin/sh - ifconfig eth1 up 10.0.0.2 netmask 255.255.128.0 - route add -host 192.168.0.2 gw 10.0.0.3 dev eth1 - route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 - route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 - exit 0 - - - - - 2 - - - - - - ! IOS Config generated on 2017-08-13 13:49 -! by autonetkit_0.23.5 -! -hostname iosv-1 -boot-start-marker -boot-end-marker -! -vrf definition Mgmt-intf -! - address-family ipv4 - exit-address-family - ! - address-family ipv6 - exit-address-family -! -! -! -no aaa new-model -! -! -ip cef -ipv6 unicast-routing -ipv6 cef -! -! -service timestamps debug datetime msec -service timestamps log datetime msec -no service password-encryption -no service config -enable password cisco -ip classless -ip subnet-zero -no ip domain lookup -ip domain name virl.info -crypto key generate rsa modulus 768 -ip ssh server algorithm authentication password -username cisco privilege 15 secret cisco -line vty 0 4 - transport input ssh telnet - exec-timeout 720 0 - password cisco - login local -line con 0 - password cisco -! -no cdp run -! -! -interface Loopback0 - description Loopback - ip address 192.168.0.2 255.255.255.255 -! -interface GigabitEthernet0/0 - description OOB Management - vrf forwarding Mgmt-intf - ! Configured on launch - no ip address - duplex full - speed auto - no shutdown -! -interface GigabitEthernet0/1 - description to iosvl2-1 - ip address 10.0.0.3 255.255.128.0 - ip ospf cost 1 - duplex full - speed auto - no shutdown -! -interface GigabitEthernet0/2 - description to iosvl2-2 - ip address 10.0.128.1 255.255.255.252 - ip ospf cost 1 - duplex full - speed auto - no shutdown -! -! -! -router ospf 1 - network 192.168.0.2 0.0.0.0 area 0 - log-adjacency-changes - passive-interface Loopback0 - network 10.0.0.0 0.0.127.255 area 0 - network 10.0.128.0 0.0.0.3 area 0 -! -! -end - - - - - 2 - - - - - 3 - - - - - - #cloud-config -bootcmd: -- ln -s -t /etc/rc.d /etc/rc.local -hostname: server-1 -manage_etc_hosts: true -runcmd: -- start ttyS0 -- systemctl start getty@ttyS0.service -- systemctl start rc-local -- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config -- echo "UseDNS no" >> /etc/ssh/sshd_config -- service ssh restart -- service sshd restart -users: -- default -- gecos: User configured by VIRL Configuration Engine 0.23.10 - lock-passwd: false - name: cisco - plain-text-passwd: cisco - shell: /bin/bash - ssh-authorized-keys: - - VIRL-USER-SSH-PUBLIC-KEY - sudo: ALL=(ALL) ALL -write_files: -- path: /etc/init/ttyS0.conf - owner: root:root - content: | - # ttyS0 - getty - # This service maintains a getty on ttyS0 from the point the system is - # started until it is shut down again. - start on stopped rc or RUNLEVEL=[12345] - stop on runlevel [!12345] - respawn - exec /sbin/getty -L 115200 ttyS0 vt102 - permissions: '0644' -- path: /etc/systemd/system/dhclient@.service - content: | - [Unit] - Description=Run dhclient on %i interface - After=network.target - [Service] - Type=oneshot - ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease - RemainAfterExit=yes - owner: root:root - permissions: '0644' -- path: /etc/rc.local - owner: root:root - permissions: '0755' - content: |- - #!/bin/sh - ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 - route add -host 192.168.0.2 gw 10.0.128.1 dev eth1 - route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 - route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 - exit 0 - - - - - 3 - - - - - - #cloud-config -bootcmd: -- ln -s -t /etc/rc.d /etc/rc.local -hostname: victim-1 -manage_etc_hosts: true -runcmd: -- systemctl start rc-local -- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config -- echo "UseDNS no" >> /etc/ssh/sshd_config -- service ssh restart -- service sshd restart -users: -- default -- gecos: User configured by VIRL Configuration Engine 0.23.10 - lock-passwd: false - name: cisco - plain-text-passwd: cisco - shell: /bin/bash - ssh-authorized-keys: - - VIRL-USER-SSH-PUBLIC-KEY - sudo: ALL=(ALL) ALL -write_files: -- path: /etc/systemd/system/dhclient@.service - content: | - [Unit] - Description=Run dhclient on %i interface - After=network.target - [Service] - Type=oneshot - ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease - RemainAfterExit=yes - owner: root:root - permissions: '0644' -- path: /etc/rc.local - owner: root:root - permissions: '0755' - content: |- - #!/bin/sh - ifconfig eth1 up 10.0.0.1 netmask 255.255.128.0 - route add -host 192.168.0.2 gw 10.0.0.3 dev eth1 - route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 - route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 - exit 0 - - - - - 2 - - - - - - - - - - - diff --git a/virl_topologies/8.1.virl b/virl_topologies/8.4.virl similarity index 100% rename from virl_topologies/8.1.virl rename to virl_topologies/8.4.virl diff --git a/virl_topologies/8.6.virl b/virl_topologies/8.6.virl index 5092323..8a49f0c 100644 --- a/virl_topologies/8.6.virl +++ b/virl_topologies/8.6.virl @@ -3,12 +3,11 @@ false flat - true - ospf + true - ! IOSvL2 Config generated on 2017-08-27 23:10 + ! IOSvL2 Config generated on 2017-08-13 13:49 ! by autonetkit_0.23.5 ! version 15.2 @@ -51,7 +50,7 @@ vlan 3 ! ! ! -cdp run +no cdp run ! ! ! @@ -109,7 +108,7 @@ interface GigabitEthernet0/3 no shutdown ! interface GigabitEthernet1/0 - description to iosv-2 + description to victim-1 switchport access vlan 2 switchport mode access no shutdown @@ -137,11 +136,10 @@ end - - ! IOSvL2 Config generated on 2017-08-27 23:10 + ! IOSvL2 Config generated on 2017-08-13 13:49 ! by autonetkit_0.23.5 ! version 15.2 @@ -184,7 +182,7 @@ vlan 3 ! ! ! -cdp run +no cdp run ! ! ! @@ -266,17 +264,11 @@ end - #cloud-config + #cloud-config bootcmd: - ln -s -t /etc/rc.d /etc/rc.local hostname: kali-1 manage_etc_hosts: true -package_update: true -packages: -- quagga -bootcmd: -- ip route del default via 172.16.1.1 -- ip route add default via 172.16.1.2 runcmd: - start ttyS0 - systemctl start getty@ttyS0.service @@ -284,7 +276,7 @@ runcmd: - sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config - echo "UseDNS no" >> /etc/ssh/sshd_config - service ssh restart -- systemctl enable zebra ospfd +- service sshd restart users: - default - gecos: User configured by VIRL Configuration Engine 0.23.10 @@ -318,549 +310,27 @@ write_files: RemainAfterExit=yes owner: root:root permissions: '0644' -- path: /etc/network/interfaces - owner: root:root - permissions: '0644' - content: |- - source-directory /etc/network/interfaces.d - auto eth0 - iface eth0 inet dhcp - gateway 172.16.1.2 - path: /etc/rc.local owner: root:root permissions: '0755' content: |- #!/bin/sh - ip route del default - ip route add default via 172.16.1.2 - ip link set eth1 up - ip addr add 10.0.0.1/17 dev eth1 - # Use routes from Quagga instead - #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 - #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 - #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 - #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 - #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 - #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 - #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 - #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + ifconfig eth1 up 10.0.0.2 netmask 255.255.128.0 + route add -host 192.168.0.2 gw 10.0.0.3 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 exit 0 -- path: /etc/network/interfaces.d/eth1 - owner: root:root - permissions: '0644' - content: |- - iface eth1 inet manual -- path: /etc/quagga/zebra.conf - owner: root:root - permissions: '0644' - content: |- - hostname kali-1 - password cisco - enable password cisco - interface eth0 - interface eth1 - line vty -- path: /etc/quagga/ospfd.conf - owner: root:root - permissions: '0644' - content: |- - hostname kali-1 - password cisco - log stdout - interface eth1 - ip ospf cost 1 - router ospf - ospf router-id 10.0.0.1 - network 10.0.0.1/17 area 0.0.0.0 - network 192.168.0.4/32 area 0.0.0.0 - network 10.0.128.2/32 area 0 - line vty -- path: /root/get-cisco-config.py - owner: root:root - permissions: '0755' - content: |- - #!/usr/bin/env python - - # See - # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html - # and - # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB - # for details - - from optparse import OptionParser - from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send - - parser = OptionParser() - parser.add_option("-i", "--iface", dest="iface", help="Interface", - default="eth1") - parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", - default="192.168.1.2") - parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", - default="192.168.1.1") - parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", - default="192.168.1.2") - parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") - parser.add_option("-c", "--community", dest="snmpstring", - help="SNMP Community Set String", default="secret") - - (options, args) = parser.parse_args() - - if options.cfg_file is None: - options.cfg_file = "%s-config" % (options.dstip) - - print "Attempting to download IOS config from %s" % (options.dstip) - - conf.iface = options.iface - - i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) - s1=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyEntryRowStatus(14) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] - ) - ) - - s2=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyProtocol(2) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] - ) - ) - - s3=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopySourceFileType(3) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=4)] - ) - ) - - s4=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyDestFileType(4) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=1)] - ) - ) - - s5=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyServerAddress(5) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] - ) - ) - - s6=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyFileName(6) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] - ) - ) - - s7=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyEntryRowStatus(14) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] - ) - ) - - send(i/s1) - send(i/s2) - send(i/s3) - send(i/s4) - send(i/s5) - send(i/s6) - send(i/s7) -- path: /root/merge-cisco-config.py - owner: root:root - permissions: '0755' - content: |- - #!/usr/bin/env python - - # See - # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html - # and - # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB - # for details - - from optparse import OptionParser - from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send - - parser = OptionParser() - parser.add_option("-i", "--iface", dest="iface", help="Interface", - default="eth1") - parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", - default="192.168.1.2") - parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", - default="192.168.1.1") - parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", - default="192.168.1.2") - parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") - parser.add_option("-c", "--community", dest="snmpstring", - help="SNMP Community Set String", default="secret") - - (options, args) = parser.parse_args() - - if options.cfg_file is None: - options.cfg_file = "%s-config" % (options.dstip) - - print "Attempting to upload IOS config to %s" % (options.dstip) - - conf.iface = options.iface - - i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) - s1=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyEntryRowStatus(14) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] - ) - ) - - s2=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyProtocol(2) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] - ) - ) - - s3=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopySourceFileType(3) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=1)] - ) - ) - - s4=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyDestFileType(4) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=4)] - ) - ) - - s5=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyServerAddress(5) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] - ) - ) - - s6=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyFileName(6) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] - ) - ) - - s7=SNMP( - community=options.snmpstring, - PDU=SNMPset( - # iso(1) identified-organization(3) dod(6) internet(1) private(4) - # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) - # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) - # ccCopyEntryRowStatus(14) RANDOM(112) - varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] - ) - ) - - send(i/s1) - send(i/s2) - send(i/s3) - send(i/s4) - send(i/s5) - send(i/s6) - send(i/s7) -- path: /etc/default/atftpd - owner: root:root - permissions: '0644' - content: |- - USE_INETD=false - # OPTIONS below are used only with init script - OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp" -- path: /srv/tftp/router.cfg - owner: nobody:nogroup - permissions: '0644' - content: |- - ! - ! Last configuration change at 23:19:07 UTC Tue Aug 29 2017 by cisco - ! - version 15.6 - service timestamps debug datetime msec - service timestamps log datetime msec - service password-encryption - ! - hostname iosv-2 - ! - boot-start-marker - boot-end-marker - ! - ! - vrf definition Mgmt-intf - ! - address-family ipv4 - exit-address-family - ! - address-family ipv6 - exit-address-family - ! - enable password 7 060506324F41 - ! - aaa new-model - ! - ! - aaa authentication login default group radius local line - aaa authorization exec default group radius if-authenticated - ! - ! - ! - ! - ! - aaa session-id common - ethernet lmi ce - ! - ! - ! - mmi polling-interval 60 - no mmi auto-configure - no mmi pvc - mmi snmp-timeout 180 - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - no ip domain lookup - ip domain name virl.info - ip cef - ipv6 unicast-routing - ipv6 cef - ! - multilink bundle-name authenticated - ! - ! - ! - ! - username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. - ! - redundancy - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - interface Loopback0 - description Loopback - ip address 192.168.0.4 255.255.255.255 - ! - interface GigabitEthernet0/0 - description OOB Management - vrf forwarding Mgmt-intf - ip address 172.16.1.191 255.255.255.0 - duplex full - speed auto - media-type rj45 - ! - interface GigabitEthernet0/1 - description to iosvl2-1 - ip address 10.0.0.3 255.255.128.0 - ip ospf cost 1 - duplex full - speed auto - media-type rj45 - ! - router ospf 1 - passive-interface Loopback0 - network 10.0.0.0 0.0.127.255 area 0 - network 192.168.0.4 0.0.0.0 area 0 - ! - router bgp 1 - bgp router-id 192.168.0.4 - bgp log-neighbor-changes - neighbor 192.168.0.1 remote-as 1 - neighbor 192.168.0.1 description iBGP peer iosv-1 - neighbor 192.168.0.1 update-source Loopback0 - ! - address-family ipv4 - network 192.168.0.4 mask 255.255.255.255 - neighbor 192.168.0.1 activate - exit-address-family - ! - ip forward-protocol nd - ! - ! - no ip http server - no ip http secure-server - ip ssh server algorithm authentication password - ! - ip access-list standard IN-VTY - permit 172.16.1.0 0.0.0.255 - permit 192.168.0.0 0.0.0.255 - permit 10.0.128.0 0.0.0.255 - ip access-list standard SNMP-RW - permit 172.16.1.0 0.0.0.255 - permit 192.168.0.0 0.0.0.255 - permit 10.0.128.0 0.0.0.3 - ! - ip radius source-interface Loopback0 - ! - snmp-server community supersecret RW SNMP-RW - snmp-server chassis-id - ! - ! - ! - radius server RADIUS - address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 - key 7 13061E0108030723382727 - ! - ! - control-plane - ! - banner exec ^ - ************************************************************************** - * IOSv - Cisco Systems Confidential * - * * - * Supplemental End User License Restrictions * - * * - * This IOSv software is provided AS-IS without warranty of any kind. * - * Under no circumstances may this software be used separate from * - * the Cisco Modeling Labs Software that this software was provided * - * with, or deployed or used as part of a production environment. * - * * - * By using the software, you agree to abide by the terms and * - * conditions of the Cisco End User License Agreement at * - * http://www.cisco.com/go/eula. * - * * - * Unauthorized use or distribution of this software is expressly * - * prohibited. * - ************************************************************************** - ^ - banner incoming ^ - ************************************************************************** - * IOSv - Cisco Systems Confidential * - * * - * Supplemental End User License Restrictions * - * * - * This IOSv software is provided AS-IS without warranty of any kind. * - * Under no circumstances may this software be used separate from * - * the Cisco Modeling Labs Software that this software was provided * - * with, or deployed or used as part of a production environment. * - * * - * By using the software, you agree to abide by the terms and * - * conditions of the Cisco End User License Agreement at * - * http://www.cisco.com/go/eula. * - * * - * Unauthorized use or distribution of this software is expressly * - * prohibited. * - ************************************************************************** - ^ - banner login ^ - ************************************************************************** - * IOSv - Cisco Systems Confidential * - * * - * Supplemental End User License Restrictions * - * * - * This IOSv software is provided AS-IS without warranty of any kind. * - * Under no circumstances may this software be used separate from * - * the Cisco Modeling Labs Software that this software was provided * - * with, or deployed or used as part of a production environment. * - * * - * By using the software, you agree to abide by the terms and * - * conditions of the Cisco End User License Agreement at * - * http://www.cisco.com/go/eula. * - * * - * Unauthorized use or distribution of this software is expressly * - * prohibited. * - ************************************************************************** - ^ - ! - line con 0 - password 7 0822455D0A16 - line aux 0 - line vty 0 4 - exec-timeout 720 0 - password 7 1511021F0725 - transport input telnet ssh - ! - no scheduler allocate - ! - end - + 2 - + - - ! IOS Config generated on 2017-08-27 23:10 + ! IOS Config generated on 2017-08-13 13:49 ! by autonetkit_0.23.5 ! hostname iosv-1 @@ -897,45 +367,33 @@ ip domain name virl.info crypto key generate rsa modulus 768 ip ssh server algorithm authentication password username cisco privilege 15 secret cisco -ip access-list standard IN-VTY - permit 172.16.1.0 0.0.0.255 - permit 192.168.0.0 0.0.0.255 - permit 10.0.128.0 0.0.0.255 -ip access-list standard SNMP-RW - permit 172.16.1.0 0.0.0.255 - permit 192.168.0.0 0.0.0.255 - permit 10.0.128.0 0.0.0.3 -snmp-server community supersecret rw SNMP-RW line vty 0 4 - transport input ssh telnet - access-class IN-VTY in vrf-also - exec-timeout 720 0 - password cisco - login local - line con 0 - password cisco + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco ! -cdp run +no cdp run ! ! interface Loopback0 description Loopback - ip address 192.168.0.1 255.255.255.255 + ip address 192.168.0.2 255.255.255.255 ! interface GigabitEthernet0/0 description OOB Management vrf forwarding Mgmt-intf ! Configured on launch no ip address - cdp enable duplex full speed auto no shutdown ! interface GigabitEthernet0/1 description to iosvl2-1 - ip address 10.0.0.2 255.255.128.0 - cdp enable + ip address 10.0.0.3 255.255.128.0 ip ospf cost 1 duplex full speed auto @@ -944,16 +402,6 @@ interface GigabitEthernet0/1 interface GigabitEthernet0/2 description to iosvl2-2 ip address 10.0.128.1 255.255.255.252 - cdp enable - ip ospf cost 1 - duplex full - speed auto - no shutdown -! -interface GigabitEthernet0/3 - description to admin-1 - ip address 10.0.128.5 255.255.255.252 - cdp enable ip ospf cost 1 duplex full speed auto @@ -962,36 +410,17 @@ interface GigabitEthernet0/3 ! ! router ospf 1 - network 192.168.0.1 0.0.0.0 area 0 + network 192.168.0.2 0.0.0.0 area 0 log-adjacency-changes passive-interface Loopback0 network 10.0.0.0 0.0.127.255 area 0 network 10.0.128.0 0.0.0.3 area 0 - network 10.0.128.4 0.0.0.3 area 0 -! -! -router bgp 1 - bgp router-id 192.168.0.1 - no synchronization -! ibgp - ! ibgp peers - ! - neighbor 192.168.0.4 remote-as 1 - neighbor 192.168.0.4 description iBGP peer iosv-2 - neighbor 192.168.0.4 update-source Loopback0 -! -! - ! - address-family ipv4 - network 192.168.0.1 mask 255.255.255.255 - neighbor 192.168.0.4 activate - exit-address-family -! ! ! end + - + 2 @@ -1001,20 +430,14 @@ end 3 - - #cloud-config + #cloud-config bootcmd: - ln -s -t /etc/rc.d /etc/rc.local hostname: server-1 manage_etc_hosts: true -package_update: true -packages: -- snmp -- freeradius -- tshark runcmd: - start ttyS0 - systemctl start getty@ttyS0.service @@ -1023,13 +446,6 @@ runcmd: - echo "UseDNS no" >> /etc/ssh/sshd_config - service ssh restart - service sshd restart -- cp /tmp/clients.conf.new /etc/freeradius/clients.conf -- cp /tmp/users.new /etc/freeradius/users -- systemctl enable freeradius -- systemctl start freeradius -- chown -R cisco:cisco /home/cisco -- sudo -u cisco /home/cisco/http-chatter.sh & -- sudo -u cisco /home/cisco/snmp-chatter.sh & users: - default - gecos: User configured by VIRL Configuration Engine 0.23.10 @@ -1068,49 +484,11 @@ write_files: permissions: '0755' content: |- #!/bin/sh - ip route del default - ip route add default via 172.16.1.2 ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 - route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 - route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.2 gw 10.0.128.1 dev eth1 route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 exit 0 -- path: /tmp/clients.conf.new - content: | - client 192.168.0.0/24 { - secret = ciscocisco - nastype = cisco - shortname = virl - } - owner: "root:root" - permissions: '0640' -- path: /tmp/users.new - content: | - admin Cleartext-Password := "secret123" - Service-Type = NAS-Prompt-User, - Cisco-AVPair = "shell:priv-lvl=15" - owner: "root:root" - permissions: '0640' -- path: /home/cisco/http-chatter.sh - content: | - #!/bin/bash - while true; do - curl -u admin:secret123 http://192.168.0.4 - sleep 15 - done - owner: "root:root" - permissions: '0755' -- path: /home/cisco/snmp-chatter.sh - content: | - #!/bin/bash - while true; do - snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 - sleep 15 - done - owner: "root:root" - permissions: '0755' - @@ -1119,238 +497,12 @@ write_files: - + - - ! IOS Config generated on 2017-08-27 23:10 -! by autonetkit_0.23.5 -! -version 15.6 -service timestamps debug datetime msec -service timestamps log datetime msec -service password-encryption -! -hostname iosv-2 -! -boot-start-marker -boot-end-marker -! -! -vrf definition Mgmt-intf - ! - address-family ipv4 - exit-address-family - ! - address-family ipv6 - exit-address-family -! -enable password 7 060506324F41 -! -aaa new-model -! -! -aaa authentication login default group radius local line -aaa authorization exec default group radius if-authenticated -! -! -! -! -! -aaa session-id common -ethernet lmi ce -! -! -! -mmi polling-interval 60 -no mmi auto-configure -no mmi pvc -mmi snmp-timeout 180 -! -! -! -! -! -! -! -! -! -! -! -no ip domain lookup -ip domain name virl.info -ip cef -ipv6 unicast-routing -ipv6 cef -! -multilink bundle-name authenticated -! -! -! -! -username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. -! -redundancy -! -! -! -! -! -! -! -! -! -! -! -! -! -! -! -interface Loopback0 - description Loopback - ip address 192.168.0.4 255.255.255.255 -! -interface GigabitEthernet0/0 - description OOB Management - vrf forwarding Mgmt-intf - ip address 172.16.1.182 255.255.255.0 - duplex full - speed auto - media-type rj45 -! -interface GigabitEthernet0/1 - description to iosvl2-1 - ip address 10.0.0.3 255.255.128.0 - ip ospf cost 1 - duplex full - speed auto - media-type rj45 -! -router ospf 1 - passive-interface Loopback0 - network 10.0.0.0 0.0.127.255 area 0 - network 192.168.0.4 0.0.0.0 area 0 -! -router bgp 1 - bgp router-id 192.168.0.4 - bgp log-neighbor-changes - neighbor 192.168.0.1 remote-as 1 - neighbor 192.168.0.1 description iBGP peer iosv-1 - neighbor 192.168.0.1 update-source Loopback0 - ! - address-family ipv4 - network 192.168.0.4 mask 255.255.255.255 - neighbor 192.168.0.1 activate - exit-address-family -! -ip forward-protocol nd -! -! -ip http server -ip http authentication aaa login-authentication default -no ip http secure-server -ip ssh server algorithm authentication password -! -ip access-list standard SNMP-RW - permit 172.16.1.0 0.0.0.255 - permit 192.168.0.0 0.0.0.255 - permit 10.0.128.0 0.0.0.3 -! -ip radius source-interface Loopback0 -! -snmp-server community supersecret RW SNMP-RW -snmp-server chassis-id -! -! -! -radius server RADIUS - address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 - key 7 13061E0108030723382727 -! -! -control-plane -! -banner exec ^ -************************************************************************** -* IOSv - Cisco Systems Confidential * -* * -* Supplemental End User License Restrictions * -* * -* This IOSv software is provided AS-IS without warranty of any kind. * -* Under no circumstances may this software be used separate from * -* the Cisco Modeling Labs Software that this software was provided * -* with, or deployed or used as part of a production environment. * -* * -* By using the software, you agree to abide by the terms and * -* conditions of the Cisco End User License Agreement at * -* http://www.cisco.com/go/eula. * -* * -* Unauthorized use or distribution of this software is expressly * -* prohibited. * -************************************************************************** -^ -banner incoming ^ -************************************************************************** -* IOSv - Cisco Systems Confidential * -* * -* Supplemental End User License Restrictions * -* * -* This IOSv software is provided AS-IS without warranty of any kind. * -* Under no circumstances may this software be used separate from * -* the Cisco Modeling Labs Software that this software was provided * -* with, or deployed or used as part of a production environment. * -* * -* By using the software, you agree to abide by the terms and * -* conditions of the Cisco End User License Agreement at * -* http://www.cisco.com/go/eula. * -* * -* Unauthorized use or distribution of this software is expressly * -* prohibited. * -************************************************************************** -^ -banner login ^ -************************************************************************** -* IOSv - Cisco Systems Confidential * -* * -* Supplemental End User License Restrictions * -* * -* This IOSv software is provided AS-IS without warranty of any kind. * -* Under no circumstances may this software be used separate from * -* the Cisco Modeling Labs Software that this software was provided * -* with, or deployed or used as part of a production environment. * -* * -* By using the software, you agree to abide by the terms and * -* conditions of the Cisco End User License Agreement at * -* http://www.cisco.com/go/eula. * -* * -* Unauthorized use or distribution of this software is expressly * -* prohibited. * -************************************************************************** -^ -! -line con 0 - password 7 0822455D0A16 -line aux 0 -line vty 0 4 - exec-timeout 720 0 - password 7 1511021F0725 - transport input telnet ssh -! -no scheduler allocate -! -end - - - - 2 - - - - - - #cloud-config + #cloud-config bootcmd: - ln -s -t /etc/rc.d /etc/rc.local -hostname: admin-1 +hostname: victim-1 manage_etc_hosts: true runcmd: - systemctl start rc-local @@ -1385,16 +537,18 @@ write_files: permissions: '0755' content: |- #!/bin/sh - ifconfig eth1 up 10.0.128.6 netmask 255.255.255.252 - route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 - route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 - route add -net 10.0.0.0/16 gw 10.0.128.5 dev eth1 - route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 - route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + ifconfig eth1 up 10.0.0.1 netmask 255.255.128.0 + route add -host 192.168.0.2 gw 10.0.0.3 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 exit 0 - + + + 2 + + @@ -1403,5 +557,4 @@ write_files: - diff --git a/virl_topologies/8.2-2.virl b/virl_topologies/8.7.virl similarity index 100% rename from virl_topologies/8.2-2.virl rename to virl_topologies/8.7.virl diff --git a/virl_topologies/8.3-1.virl b/virl_topologies/8.9.virl similarity index 100% rename from virl_topologies/8.3-1.virl rename to virl_topologies/8.9.virl