From 15664016cc2d039d16de1fb0fef257860b61da80 Mon Sep 17 00:00:00 2001 From: Chris McCoy Date: Fri, 8 Sep 2017 14:42:42 -0400 Subject: [PATCH] Add VIRL topologies for Lesson 8 --- virl_topologies/8.1.virl | 1045 ++++++++++++++++++++++++++ virl_topologies/8.2-1.virl | 560 ++++++++++++++ virl_topologies/8.2-2.virl | 665 +++++++++++++++++ virl_topologies/8.3-1.virl | 677 +++++++++++++++++ virl_topologies/8.4-1.virl | 1042 ++++++++++++++++++++++++++ virl_topologies/8.4-2.virl | 1407 ++++++++++++++++++++++++++++++++++++ virl_topologies/8.6.virl | 1407 ++++++++++++++++++++++++++++++++++++ 7 files changed, 6803 insertions(+) create mode 100644 virl_topologies/8.1.virl create mode 100644 virl_topologies/8.2-1.virl create mode 100644 virl_topologies/8.2-2.virl create mode 100644 virl_topologies/8.3-1.virl create mode 100644 virl_topologies/8.4-1.virl create mode 100644 virl_topologies/8.4-2.virl create mode 100644 virl_topologies/8.6.virl diff --git a/virl_topologies/8.1.virl b/virl_topologies/8.1.virl new file mode 100644 index 0000000..a930385 --- /dev/null +++ b/virl_topologies/8.1.virl @@ -0,0 +1,1045 @@ + + + + exclusive + true + dual_stack + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.0.6 netmask 255.255.255.252 + route add -net 10.0.0.0/8 gw 10.0.0.5 dev eth1 + route add -net 192.168.0.0/29 gw 10.0.0.5 dev eth1 + ifconfig eth1 add 2001:db8:a:0:1:1:0:7/126 + route -A inet6 add 2001:db8:a:0:1::/80 gw 2001:db8:a:0:1:1:0:6 dev eth1 + route -A inet6 add 2001:db8:b:0:1::/80 gw 2001:db8:a:0:1:1:0:6 dev eth1 + exit 0 + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.0.10 netmask 255.255.255.252 + route add -net 10.0.0.0/8 gw 10.0.0.9 dev eth1 + route add -net 192.168.0.0/29 gw 10.0.0.9 dev eth1 + ifconfig eth1 add 2001:db8:a:0:1:1:0:a/126 + route -A inet6 add 2001:db8:a:0:1::/80 gw 2001:db8:a:0:1:1:0:b dev eth1 + route -A inet6 add 2001:db8:b:0:1::/80 gw 2001:db8:a:0:1:1:0:b dev eth1 + exit 0 + + + + + + + ! IOSvL2 Config generated on 2017-08-12 17:43 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + ! IOSvL2 Config generated on 2017-08-12 17:43 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to server-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-4 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + ! IOS Config generated on 2017-08-12 17:43 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.3 255.255.255.255 + ipv6 address 2001:db8:b:0:1::2/128 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.5 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:6/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-2 + ip address 10.0.0.13 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:e/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description to iosv-3 + ip address 10.0.0.17 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:12/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.3 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.4 0.0.0.3 area 0 + network 10.0.0.12 0.0.0.3 area 0 + network 10.0.0.16 0.0.0.3 area 0 +router ospfv3 1 + router-id 192.168.0.3 + ! + address-family ipv6 unicast + exit-address-family +! +! +router bgp 1 + bgp router-id 192.168.0.3 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 + ! + neighbor 192.168.0.5 remote-as 1 + neighbor 192.168.0.5 description iBGP peer iosv-3 + neighbor 192.168.0.5 update-source Loopback0 + ! + neighbor 192.168.0.6 remote-as 1 + neighbor 192.168.0.6 description iBGP peer iosv-4 + neighbor 192.168.0.6 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::3 remote-as 1 + neighbor 2001:db8:b:0:1::3 description iBGP peer iosv-2 + neighbor 2001:db8:b:0:1::3 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::4 remote-as 1 + neighbor 2001:db8:b:0:1::4 description iBGP peer iosv-3 + neighbor 2001:db8:b:0:1::4 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::5 remote-as 1 + neighbor 2001:db8:b:0:1::5 description iBGP peer iosv-4 + neighbor 2001:db8:b:0:1::5 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.3 mask 255.255.255.255 + neighbor 192.168.0.4 activate + neighbor 192.168.0.5 activate + neighbor 192.168.0.6 activate + exit-address-family + ! + address-family ipv6 + network 2001:db8:b:0:1::2/128 + neighbor 2001:db8:b:0:1::3 activate + neighbor 2001:db8:b:0:1::4 activate + neighbor 2001:db8:b:0:1::5 activate + exit-address-family +! +! +! +end + + + + + + + + + ! IOS Config generated on 2017-08-12 17:43 +! by autonetkit_0.23.5 +! +hostname iosv-2 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 + ipv6 address 2001:db8:b:0:1::3/128 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosv-1 + ip address 10.0.0.14 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:f/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-4 + ip address 10.0.0.21 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:16/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.4 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.12 0.0.0.3 area 0 + network 10.0.0.20 0.0.0.3 area 0 +router ospfv3 1 + router-id 192.168.0.4 + ! + address-family ipv6 unicast + exit-address-family +! +! +router bgp 1 + bgp router-id 192.168.0.4 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.3 remote-as 1 + neighbor 192.168.0.3 description iBGP peer iosv-1 + neighbor 192.168.0.3 update-source Loopback0 + ! + neighbor 192.168.0.5 remote-as 1 + neighbor 192.168.0.5 description iBGP peer iosv-3 + neighbor 192.168.0.5 update-source Loopback0 + ! + neighbor 192.168.0.6 remote-as 1 + neighbor 192.168.0.6 description iBGP peer iosv-4 + neighbor 192.168.0.6 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::2 remote-as 1 + neighbor 2001:db8:b:0:1::2 description iBGP peer iosv-1 + neighbor 2001:db8:b:0:1::2 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::4 remote-as 1 + neighbor 2001:db8:b:0:1::4 description iBGP peer iosv-3 + neighbor 2001:db8:b:0:1::4 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::5 remote-as 1 + neighbor 2001:db8:b:0:1::5 description iBGP peer iosv-4 + neighbor 2001:db8:b:0:1::5 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.3 activate + neighbor 192.168.0.5 activate + neighbor 192.168.0.6 activate + exit-address-family + ! + address-family ipv6 + network 2001:db8:b:0:1::3/128 + neighbor 2001:db8:b:0:1::2 activate + neighbor 2001:db8:b:0:1::4 activate + neighbor 2001:db8:b:0:1::5 activate + exit-address-family +! +! +! +end + + + + + + + + ! IOS Config generated on 2017-08-12 17:43 +! by autonetkit_0.23.5 +! +hostname iosv-3 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.5 255.255.255.255 + ipv6 address 2001:db8:b:0:1::4/128 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosv-1 + ip address 10.0.0.18 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:13/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-4 + ip address 10.0.0.25 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:1a/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.5 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.16 0.0.0.3 area 0 + network 10.0.0.24 0.0.0.3 area 0 +router ospfv3 1 + router-id 192.168.0.5 + ! + address-family ipv6 unicast + exit-address-family +! +! +router bgp 1 + bgp router-id 192.168.0.5 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.3 remote-as 1 + neighbor 192.168.0.3 description iBGP peer iosv-1 + neighbor 192.168.0.3 update-source Loopback0 + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 + ! + neighbor 192.168.0.6 remote-as 1 + neighbor 192.168.0.6 description iBGP peer iosv-4 + neighbor 192.168.0.6 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::2 remote-as 1 + neighbor 2001:db8:b:0:1::2 description iBGP peer iosv-1 + neighbor 2001:db8:b:0:1::2 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::3 remote-as 1 + neighbor 2001:db8:b:0:1::3 description iBGP peer iosv-2 + neighbor 2001:db8:b:0:1::3 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::5 remote-as 1 + neighbor 2001:db8:b:0:1::5 description iBGP peer iosv-4 + neighbor 2001:db8:b:0:1::5 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.5 mask 255.255.255.255 + neighbor 192.168.0.3 activate + neighbor 192.168.0.4 activate + neighbor 192.168.0.6 activate + exit-address-family + ! + address-family ipv6 + network 2001:db8:b:0:1::4/128 + neighbor 2001:db8:b:0:1::2 activate + neighbor 2001:db8:b:0:1::3 activate + neighbor 2001:db8:b:0:1::5 activate + exit-address-family +! +! +! +end + + + + + + + + ! IOS Config generated on 2017-08-12 17:43 +! by autonetkit_0.23.5 +! +hostname iosv-4 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.6 255.255.255.255 + ipv6 address 2001:db8:b:0:1::5/128 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + ip address 10.0.0.9 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:b/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-2 + ip address 10.0.0.22 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:17/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description to iosv-3 + ip address 10.0.0.26 255.255.255.252 + ipv6 address 2001:db8:a:0:1:1:0:1b/126 + cdp enable + ip ospf cost 1 + ipv6 ospf cost 1 + ipv6 ospf 1 area 0 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.6 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.8 0.0.0.3 area 0 + network 10.0.0.20 0.0.0.3 area 0 + network 10.0.0.24 0.0.0.3 area 0 +router ospfv3 1 + router-id 192.168.0.6 + ! + address-family ipv6 unicast + exit-address-family +! +! +router bgp 1 + bgp router-id 192.168.0.6 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.3 remote-as 1 + neighbor 192.168.0.3 description iBGP peer iosv-1 + neighbor 192.168.0.3 update-source Loopback0 + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 + ! + neighbor 192.168.0.5 remote-as 1 + neighbor 192.168.0.5 description iBGP peer iosv-3 + neighbor 192.168.0.5 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::2 remote-as 1 + neighbor 2001:db8:b:0:1::2 description iBGP peer iosv-1 + neighbor 2001:db8:b:0:1::2 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::3 remote-as 1 + neighbor 2001:db8:b:0:1::3 description iBGP peer iosv-2 + neighbor 2001:db8:b:0:1::3 update-source Loopback0 + ! + neighbor 2001:db8:b:0:1::4 remote-as 1 + neighbor 2001:db8:b:0:1::4 description iBGP peer iosv-3 + neighbor 2001:db8:b:0:1::4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.6 mask 255.255.255.255 + neighbor 192.168.0.3 activate + neighbor 192.168.0.4 activate + neighbor 192.168.0.5 activate + exit-address-family + ! + address-family ipv6 + network 2001:db8:b:0:1::5/128 + neighbor 2001:db8:b:0:1::2 activate + neighbor 2001:db8:b:0:1::3 activate + neighbor 2001:db8:b:0:1::4 activate + exit-address-family +! +! +! +end + + + + + + + + + + + + + + + + diff --git a/virl_topologies/8.2-1.virl b/virl_topologies/8.2-1.virl new file mode 100644 index 0000000..8a49f0c --- /dev/null +++ b/virl_topologies/8.2-1.virl @@ -0,0 +1,560 @@ + + + + false + flat + true + + + + ! IOSvL2 Config generated on 2017-08-13 13:49 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +no cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to victim-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-13 13:49 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +no cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.0.2 netmask 255.255.128.0 + route add -host 192.168.0.2 gw 10.0.0.3 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 + + + + + 2 + + + + + + ! IOS Config generated on 2017-08-13 13:49 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +no cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.2 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.2 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 10.0.128.0 0.0.0.3 area 0 +! +! +end + + + + + 2 + + + + + 3 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.2 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 + + + + + 3 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: victim-1 +manage_etc_hosts: true +runcmd: +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.0.1 netmask 255.255.128.0 + route add -host 192.168.0.2 gw 10.0.0.3 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 + + + + + 2 + + + + + + + + + + + diff --git a/virl_topologies/8.2-2.virl b/virl_topologies/8.2-2.virl new file mode 100644 index 0000000..fd6bf06 --- /dev/null +++ b/virl_topologies/8.2-2.virl @@ -0,0 +1,665 @@ + + + + false + flat + + + + ! IOSvL2 Config generated on 2017-08-13 22:06 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +no cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to iosv-2 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-13 22:06 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +no cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.0.1 netmask 255.255.128.0 + route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 + route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 + route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 + route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 + + + + + 2 + + + + + + ! IOS Config generated on 2017-08-13 22:06 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +no cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.1 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.2 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description GigabitEthernet0/3 + no ip address + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.1 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 10.0.128.0 0.0.0.3 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.1 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.1 mask 255.255.255.255 + neighbor 192.168.0.4 activate + exit-address-family +! +! +! +end + + + + + 2 + + + + + 3 + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +package_update: true +packages: +- snmp +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 +- path: /home/cisco/snmp-chatter.sh + content: | + #!/bin/bash + while true; do + snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 + sleep 15 + done + owner: "cisco:cisco" + permissions: '0755' + + + + + + 3 + + + + + + + ! IOS Config generated on 2017-08-13 22:06 +! by autonetkit_0.23.5 +! +hostname iosv-2 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +no cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.4 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.4 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family +! +! +ip access-list standard snmp-managers + permit 10.0.128.2 +! +! +snmp-server community supersecret RW snmp-managers +snmp-server chassis-id +! +! +end + + + + + + + + + + + diff --git a/virl_topologies/8.3-1.virl b/virl_topologies/8.3-1.virl new file mode 100644 index 0000000..77f101e --- /dev/null +++ b/virl_topologies/8.3-1.virl @@ -0,0 +1,677 @@ + + + + false + flat + true + rip-v2 + + + + ! IOSvL2 Config generated on 2017-08-27 14:56 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to iosv-2 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-27 14:56 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +package_update: true +packages: +- quagga +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ip link set eth1 up + ip addr add 10.0.0.1/17 dev eth1 + # Use routes from Quagga instead + #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 +- path: /etc/quagga/zebra.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + enable password cisco + interface eth0 + interface eth1 + line vty +- path: /etc/quagga/ripd.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + log stdout + router rip + network eth1 + line vty + + + + + 2 + + + + + + ! IOS Config generated on 2017-08-27 14:56 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.1 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.2 255.255.128.0 + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + cdp enable + duplex full + speed auto + no shutdown +! +! +! +router rip + version 2 + no auto-summary + network 10.0.0.0 + network 10.0.128.0 + network 192.168.0.1 + passive-interface GigabitEthernet0/0 +! +! +router bgp 1 + bgp router-id 192.168.0.1 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.1 mask 255.255.255.255 + neighbor 192.168.0.4 activate + exit-address-family +! +! +! +end + + + + + 2 + + + + + 3 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 + + + + + 3 + + + + + + + ! IOS Config generated on 2017-08-27 14:56 +! by autonetkit_0.23.5 +! +hostname iosv-2 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +line vty 0 4 + transport input ssh telnet + access-class IN-VTY in vrf-also + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + cdp enable + duplex full + speed auto + no shutdown +! +! +! +router rip + version 2 + no auto-summary + network 10.0.0.0 + network 192.168.0.4 + passive-interface GigabitEthernet0/0 +! +! +router bgp 1 + bgp router-id 192.168.0.4 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family +! +! +! +end + + + + 2 + + + + + + + + + + + diff --git a/virl_topologies/8.4-1.virl b/virl_topologies/8.4-1.virl new file mode 100644 index 0000000..72c7e23 --- /dev/null +++ b/virl_topologies/8.4-1.virl @@ -0,0 +1,1042 @@ + + + + false + flat + true + ospf + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to iosv-2 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +package_update: true +packages: +- quagga +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/network/interfaces + owner: root:root + permissions: '0644' + content: |- + source-directory /etc/network/interfaces.d + auto eth0 + iface eth0 inet dhcp + gateway 172.16.1.2 +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ip link set eth1 up + ip addr add 10.0.0.1/17 dev eth1 + # Use routes from Quagga instead + #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 +- path: /etc/network/interfaces.d/eth1 + owner: root:root + permissions: '0644' + content: |- + iface eth1 inet manual +- path: /etc/quagga/zebra.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + enable password cisco + interface eth0 + interface eth1 + line vty +- path: /etc/quagga/ospfd.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + log stdout + interface eth1 + ip ospf cost 1 + router ospf + ospf router-id 10.0.0.1 + network 10.0.0.1/17 area 0.0.0.0 + network 192.168.0.4/32 area 0.0.0.0 + line vty +- path: /root/get-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to download IOS config from %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=4)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=1)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /root/merge-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to upload IOS config to %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=1)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=4)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /etc/default/atftpd + owner: root:root + permissions: '0644' + content: |- + USE_INETD=false + # OPTIONS below are used only with init script + OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp" + + + + 2 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +snmp-server community supersecret rw SNMP-RW +line vty 0 4 + transport input ssh telnet + access-class IN-VTY in vrf-also + exec-timeout 720 0 + password cisco + login local + line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.1 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.2 255.255.128.0 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description to admin-1 + ip address 10.0.128.5 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.1 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 10.0.128.0 0.0.0.3 area 0 + network 10.0.128.4 0.0.0.3 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.1 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.1 mask 255.255.255.255 + neighbor 192.168.0.4 activate + exit-address-family +! +! +! +end + + + + 2 + + + + + 3 + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +package_update: true +packages: +- snmp +- freeradius +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 +- path: /home/cisco/snmp-chatter.sh + content: | + #!/bin/bash + while true; do + snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 + sleep 15 + done + owner: "cisco:cisco" + permissions: '0755' + + + + + 3 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +hostname iosv-2 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +username admin privilege 15 password 12345 +ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +snmp-server community supersecret rw SNMP-RW +line vty 0 4 + transport input ssh telnet + access-class IN-VTY in vrf-also +line vty 0 4 + transport input ssh telnet + exec-timeout 720 0 + password cisco + login local +line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.4 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.4 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family +! +! +! +end + + + + 2 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: admin-1 +manage_etc_hosts: true +runcmd: +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.128.6 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + route add -net 10.0.0.0/16 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + exit 0 + + + + + + + + + + + + + diff --git a/virl_topologies/8.4-2.virl b/virl_topologies/8.4-2.virl new file mode 100644 index 0000000..51988f9 --- /dev/null +++ b/virl_topologies/8.4-2.virl @@ -0,0 +1,1407 @@ + + + + false + flat + true + ospf + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to iosv-2 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +package_update: true +packages: +- quagga +bootcmd: +- ip route del default via 172.16.1.1 +- ip route add default via 172.16.1.2 +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +- systemctl enable zebra ospfd + +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/network/interfaces + owner: root:root + permissions: '0644' + content: |- + source-directory /etc/network/interfaces.d + auto eth0 + iface eth0 inet dhcp + gateway 172.16.1.2 +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ip link set eth1 up + ip addr add 10.0.0.1/17 dev eth1 + # Use routes from Quagga instead + #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 +- path: /etc/network/interfaces.d/eth1 + owner: root:root + permissions: '0644' + content: |- + iface eth1 inet manual +- path: /etc/quagga/zebra.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + enable password cisco + interface eth0 + interface eth1 + line vty +- path: /etc/quagga/ospfd.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + log stdout + interface eth1 + ip ospf cost 1 + router ospf + ospf router-id 10.0.0.1 + network 10.0.0.1/17 area 0.0.0.0 + network 192.168.0.4/32 area 0.0.0.0 + network 10.0.128.2/32 area 0 + line vty +- path: /root/get-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to download IOS config from %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=4)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=1)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /root/merge-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to upload IOS config to %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=1)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=4)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /etc/default/atftpd + owner: root:root + permissions: '0644' + content: |- + USE_INETD=false + # OPTIONS below are used only with init script + OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp" +- path: /srv/tftp/router.cfg + owner: nobody:nogroup + permissions: '0644' + content: |- + ! + ! Last configuration change at 23:19:07 UTC Tue Aug 29 2017 by cisco + ! + version 15.6 + service timestamps debug datetime msec + service timestamps log datetime msec + service password-encryption + ! + hostname iosv-2 + ! + boot-start-marker + boot-end-marker + ! + ! + vrf definition Mgmt-intf + ! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! + enable password 7 060506324F41 + ! + aaa new-model + ! + ! + aaa authentication login default group radius local line + aaa authorization exec default group radius if-authenticated + ! + ! + ! + ! + ! + aaa session-id common + ethernet lmi ce + ! + ! + ! + mmi polling-interval 60 + no mmi auto-configure + no mmi pvc + mmi snmp-timeout 180 + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + no ip domain lookup + ip domain name virl.info + ip cef + ipv6 unicast-routing + ipv6 cef + ! + multilink bundle-name authenticated + ! + ! + ! + ! + username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. + ! + redundancy + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 + ! + interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ip address 172.16.1.191 255.255.255.0 + duplex full + speed auto + media-type rj45 + ! + interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + media-type rj45 + ! + router ospf 1 + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 192.168.0.4 0.0.0.0 area 0 + ! + router bgp 1 + bgp router-id 192.168.0.4 + bgp log-neighbor-changes + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family + ! + ip forward-protocol nd + ! + ! + no ip http server + no ip http secure-server + ip ssh server algorithm authentication password + ! + ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 + ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 + ! + ip radius source-interface Loopback0 + ! + snmp-server community supersecret RW SNMP-RW + snmp-server chassis-id + ! + ! + ! + radius server RADIUS + address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 + key 7 13061E0108030723382727 + ! + ! + control-plane + ! + banner exec ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + banner incoming ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + banner login ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + ! + line con 0 + password 7 0822455D0A16 + line aux 0 + line vty 0 4 + exec-timeout 720 0 + password 7 1511021F0725 + transport input telnet ssh + ! + no scheduler allocate + ! + end + + + + + 2 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +snmp-server community supersecret rw SNMP-RW +line vty 0 4 + transport input ssh telnet + access-class IN-VTY in vrf-also + exec-timeout 720 0 + password cisco + login local + line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.1 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.2 255.255.128.0 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description to admin-1 + ip address 10.0.128.5 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.1 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 10.0.128.0 0.0.0.3 area 0 + network 10.0.128.4 0.0.0.3 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.1 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.1 mask 255.255.255.255 + neighbor 192.168.0.4 activate + exit-address-family +! +! +! +end + + + + 2 + + + + + 3 + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +package_update: true +packages: +- snmp +- freeradius +- tshark +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +- cp /tmp/clients.conf.new /etc/freeradius/clients.conf +- cp /tmp/users.new /etc/freeradius/users +- systemctl enable freeradius +- systemctl start freeradius +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 +- path: /tmp/clients.conf.new + content: | + client 192.168.0.0/24 { + secret = ciscocisco + nastype = cisco + shortname = virl + } + owner: "root:root" + permissions: '0640' +- path: /tmp/users.new + content: | + admin Cleartext-Password := "secret123" + Service-Type = NAS-Prompt-User, + Cisco-AVPair = "shell:priv-lvl=15" + owner: "root:root" + permissions: '0640' +- path: /home/cisco/snmp-chatter.sh + content: | + #!/bin/bash + while true; do + snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 + sleep 15 + done + owner: "cisco:cisco" + permissions: '0755' +- path: /home/cisco/http-chatter.sh + content: | + #!/bin/bash + while true; do + curl -u admin:secret123 http://192.168.0.4 + sleep 15 + done + owner: "cisco:cisco" + permissions: '0755' + + + + + + + 3 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.6 +service timestamps debug datetime msec +service timestamps log datetime msec +service password-encryption +! +hostname iosv-2 +! +boot-start-marker +boot-end-marker +! +! +vrf definition Mgmt-intf + ! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +enable password 7 060506324F41 +! +aaa new-model +! +! +aaa authentication login default group radius local line +aaa authorization exec default group radius if-authenticated +! +! +! +! +! +aaa session-id common +ethernet lmi ce +! +! +! +mmi polling-interval 60 +no mmi auto-configure +no mmi pvc +mmi snmp-timeout 180 +! +! +! +! +! +! +! +! +! +! +! +no ip domain lookup +ip domain name virl.info +ip cef +ipv6 unicast-routing +ipv6 cef +! +multilink bundle-name authenticated +! +! +! +! +username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. +! +redundancy +! +! +! +! +! +! +! +! +! +! +! +! +! +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ip address 172.16.1.182 255.255.255.0 + duplex full + speed auto + media-type rj45 +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + media-type rj45 +! +router ospf 1 + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 192.168.0.4 0.0.0.0 area 0 +! +router bgp 1 + bgp router-id 192.168.0.4 + bgp log-neighbor-changes + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family +! +ip forward-protocol nd +! +! +ip http server +ip http authentication aaa login-authentication default +no ip http secure-server +ip ssh server algorithm authentication password +! +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +! +ip radius source-interface Loopback0 +! +snmp-server community supersecret RW SNMP-RW +snmp-server chassis-id +! +! +! +radius server RADIUS + address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 + key 7 13061E0108030723382727 +! +! +control-plane +! +banner exec ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +banner incoming ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +banner login ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +! +line con 0 + password 7 0822455D0A16 +line aux 0 +line vty 0 4 + exec-timeout 720 0 + password 7 1511021F0725 + transport input telnet ssh +! +no scheduler allocate +! +end + + + + 2 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: admin-1 +manage_etc_hosts: true +runcmd: +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.128.6 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + route add -net 10.0.0.0/16 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + exit 0 + + + + + + + + + + + + + diff --git a/virl_topologies/8.6.virl b/virl_topologies/8.6.virl new file mode 100644 index 0000000..5092323 --- /dev/null +++ b/virl_topologies/8.6.virl @@ -0,0 +1,1407 @@ + + + + false + flat + true + ospf + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-1 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-2 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to kali-1 + switchport access vlan 2 + switchport mode access + no shutdown +! +interface GigabitEthernet1/0 + description to iosv-2 + switchport access vlan 2 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + + + ! IOSvL2 Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.2 +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service compress-config +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +! +line vty 0 4 +transport input ssh telnet +exec-timeout 720 0 +password cisco +login +! +line con 0 +password cisco +! +hostname iosvl2-2 +! +boot-start-marker +boot-end-marker +! +! +! +no aaa new-model +! +vtp domain virl.lab +vtp mode transparent +! +vlan 2 + name ank_vlan2 +vlan 3 + name ank_vlan3 +! +! +! +! +cdp run +! +! +! +ip cef +no ipv6 cef +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +! +! +interface Loopback0 + description Loopback +! +interface GigabitEthernet0/0 + description OOB management + ! Configured on launch + no switchport + vrf forwarding Mgmt-intf + no ip address + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + switchport trunk encapsulation dot1q + switchport mode trunk + no shutdown +! +interface GigabitEthernet0/2 + description to iosv-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +interface GigabitEthernet0/3 + description to server-1 + switchport access vlan 3 + switchport mode access + no shutdown +! +! +ip forward-protocol nd +! +no ip http server +no ip http secure-server +! +! +! +! +! +! +control-plane +! +! +! +end + + + + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: kali-1 +manage_etc_hosts: true +package_update: true +packages: +- quagga +bootcmd: +- ip route del default via 172.16.1.1 +- ip route add default via 172.16.1.2 +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- systemctl enable zebra ospfd +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/network/interfaces + owner: root:root + permissions: '0644' + content: |- + source-directory /etc/network/interfaces.d + auto eth0 + iface eth0 inet dhcp + gateway 172.16.1.2 +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ip link set eth1 up + ip addr add 10.0.0.1/17 dev eth1 + # Use routes from Quagga instead + #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 + #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 + #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 + #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 + #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 + exit 0 +- path: /etc/network/interfaces.d/eth1 + owner: root:root + permissions: '0644' + content: |- + iface eth1 inet manual +- path: /etc/quagga/zebra.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + enable password cisco + interface eth0 + interface eth1 + line vty +- path: /etc/quagga/ospfd.conf + owner: root:root + permissions: '0644' + content: |- + hostname kali-1 + password cisco + log stdout + interface eth1 + ip ospf cost 1 + router ospf + ospf router-id 10.0.0.1 + network 10.0.0.1/17 area 0.0.0.0 + network 192.168.0.4/32 area 0.0.0.0 + network 10.0.128.2/32 area 0 + line vty +- path: /root/get-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to download IOS config from %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=4)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=1)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /root/merge-cisco-config.py + owner: root:root + permissions: '0755' + content: |- + #!/usr/bin/env python + + # See + # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html + # and + # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB + # for details + + from optparse import OptionParser + from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send + + parser = OptionParser() + parser.add_option("-i", "--iface", dest="iface", help="Interface", + default="eth1") + parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", + default="192.168.1.2") + parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", + default="192.168.1.1") + parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", + default="192.168.1.2") + parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") + parser.add_option("-c", "--community", dest="snmpstring", + help="SNMP Community Set String", default="secret") + + (options, args) = parser.parse_args() + + if options.cfg_file is None: + options.cfg_file = "%s-config" % (options.dstip) + + print "Attempting to upload IOS config to %s" % (options.dstip) + + conf.iface = options.iface + + i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) + s1=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] + ) + ) + + s2=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyProtocol(2) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] + ) + ) + + s3=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopySourceFileType(3) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=1)] + ) + ) + + s4=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyDestFileType(4) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=4)] + ) + ) + + s5=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyServerAddress(5) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] + ) + ) + + s6=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyFileName(6) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] + ) + ) + + s7=SNMP( + community=options.snmpstring, + PDU=SNMPset( + # iso(1) identified-organization(3) dod(6) internet(1) private(4) + # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) + # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) + # ccCopyEntryRowStatus(14) RANDOM(112) + varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] + ) + ) + + send(i/s1) + send(i/s2) + send(i/s3) + send(i/s4) + send(i/s5) + send(i/s6) + send(i/s7) +- path: /etc/default/atftpd + owner: root:root + permissions: '0644' + content: |- + USE_INETD=false + # OPTIONS below are used only with init script + OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp" +- path: /srv/tftp/router.cfg + owner: nobody:nogroup + permissions: '0644' + content: |- + ! + ! Last configuration change at 23:19:07 UTC Tue Aug 29 2017 by cisco + ! + version 15.6 + service timestamps debug datetime msec + service timestamps log datetime msec + service password-encryption + ! + hostname iosv-2 + ! + boot-start-marker + boot-end-marker + ! + ! + vrf definition Mgmt-intf + ! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! + enable password 7 060506324F41 + ! + aaa new-model + ! + ! + aaa authentication login default group radius local line + aaa authorization exec default group radius if-authenticated + ! + ! + ! + ! + ! + aaa session-id common + ethernet lmi ce + ! + ! + ! + mmi polling-interval 60 + no mmi auto-configure + no mmi pvc + mmi snmp-timeout 180 + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + no ip domain lookup + ip domain name virl.info + ip cef + ipv6 unicast-routing + ipv6 cef + ! + multilink bundle-name authenticated + ! + ! + ! + ! + username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. + ! + redundancy + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + ! + interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 + ! + interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ip address 172.16.1.191 255.255.255.0 + duplex full + speed auto + media-type rj45 + ! + interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + media-type rj45 + ! + router ospf 1 + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 192.168.0.4 0.0.0.0 area 0 + ! + router bgp 1 + bgp router-id 192.168.0.4 + bgp log-neighbor-changes + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family + ! + ip forward-protocol nd + ! + ! + no ip http server + no ip http secure-server + ip ssh server algorithm authentication password + ! + ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 + ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 + ! + ip radius source-interface Loopback0 + ! + snmp-server community supersecret RW SNMP-RW + snmp-server chassis-id + ! + ! + ! + radius server RADIUS + address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 + key 7 13061E0108030723382727 + ! + ! + control-plane + ! + banner exec ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + banner incoming ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + banner login ^ + ************************************************************************** + * IOSv - Cisco Systems Confidential * + * * + * Supplemental End User License Restrictions * + * * + * This IOSv software is provided AS-IS without warranty of any kind. * + * Under no circumstances may this software be used separate from * + * the Cisco Modeling Labs Software that this software was provided * + * with, or deployed or used as part of a production environment. * + * * + * By using the software, you agree to abide by the terms and * + * conditions of the Cisco End User License Agreement at * + * http://www.cisco.com/go/eula. * + * * + * Unauthorized use or distribution of this software is expressly * + * prohibited. * + ************************************************************************** + ^ + ! + line con 0 + password 7 0822455D0A16 + line aux 0 + line vty 0 4 + exec-timeout 720 0 + password 7 1511021F0725 + transport input telnet ssh + ! + no scheduler allocate + ! + end + + + + + 2 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +hostname iosv-1 +boot-start-marker +boot-end-marker +! +vrf definition Mgmt-intf +! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +! +! +no aaa new-model +! +! +ip cef +ipv6 unicast-routing +ipv6 cef +! +! +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +no service config +enable password cisco +ip classless +ip subnet-zero +no ip domain lookup +ip domain name virl.info +crypto key generate rsa modulus 768 +ip ssh server algorithm authentication password +username cisco privilege 15 secret cisco +ip access-list standard IN-VTY + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.255 +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +snmp-server community supersecret rw SNMP-RW +line vty 0 4 + transport input ssh telnet + access-class IN-VTY in vrf-also + exec-timeout 720 0 + password cisco + login local + line con 0 + password cisco +! +cdp run +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.1 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ! Configured on launch + no ip address + cdp enable + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.2 255.255.128.0 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/2 + description to iosvl2-2 + ip address 10.0.128.1 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +interface GigabitEthernet0/3 + description to admin-1 + ip address 10.0.128.5 255.255.255.252 + cdp enable + ip ospf cost 1 + duplex full + speed auto + no shutdown +! +! +! +router ospf 1 + network 192.168.0.1 0.0.0.0 area 0 + log-adjacency-changes + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 10.0.128.0 0.0.0.3 area 0 + network 10.0.128.4 0.0.0.3 area 0 +! +! +router bgp 1 + bgp router-id 192.168.0.1 + no synchronization +! ibgp + ! ibgp peers + ! + neighbor 192.168.0.4 remote-as 1 + neighbor 192.168.0.4 description iBGP peer iosv-2 + neighbor 192.168.0.4 update-source Loopback0 +! +! + ! + address-family ipv4 + network 192.168.0.1 mask 255.255.255.255 + neighbor 192.168.0.4 activate + exit-address-family +! +! +! +end + + + + 2 + + + + + 3 + + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: server-1 +manage_etc_hosts: true +package_update: true +packages: +- snmp +- freeradius +- tshark +runcmd: +- start ttyS0 +- systemctl start getty@ttyS0.service +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +- cp /tmp/clients.conf.new /etc/freeradius/clients.conf +- cp /tmp/users.new /etc/freeradius/users +- systemctl enable freeradius +- systemctl start freeradius +- chown -R cisco:cisco /home/cisco +- sudo -u cisco /home/cisco/http-chatter.sh & +- sudo -u cisco /home/cisco/snmp-chatter.sh & +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/init/ttyS0.conf + owner: root:root + content: | + # ttyS0 - getty + # This service maintains a getty on ttyS0 from the point the system is + # started until it is shut down again. + start on stopped rc or RUNLEVEL=[12345] + stop on runlevel [!12345] + respawn + exec /sbin/getty -L 115200 ttyS0 vt102 + permissions: '0644' +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ip route del default + ip route add default via 172.16.1.2 + ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 + route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 + route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 + exit 0 +- path: /tmp/clients.conf.new + content: | + client 192.168.0.0/24 { + secret = ciscocisco + nastype = cisco + shortname = virl + } + owner: "root:root" + permissions: '0640' +- path: /tmp/users.new + content: | + admin Cleartext-Password := "secret123" + Service-Type = NAS-Prompt-User, + Cisco-AVPair = "shell:priv-lvl=15" + owner: "root:root" + permissions: '0640' +- path: /home/cisco/http-chatter.sh + content: | + #!/bin/bash + while true; do + curl -u admin:secret123 http://192.168.0.4 + sleep 15 + done + owner: "root:root" + permissions: '0755' +- path: /home/cisco/snmp-chatter.sh + content: | + #!/bin/bash + while true; do + snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 + sleep 15 + done + owner: "root:root" + permissions: '0755' + + + + + + 3 + + + + + + + ! IOS Config generated on 2017-08-27 23:10 +! by autonetkit_0.23.5 +! +version 15.6 +service timestamps debug datetime msec +service timestamps log datetime msec +service password-encryption +! +hostname iosv-2 +! +boot-start-marker +boot-end-marker +! +! +vrf definition Mgmt-intf + ! + address-family ipv4 + exit-address-family + ! + address-family ipv6 + exit-address-family +! +enable password 7 060506324F41 +! +aaa new-model +! +! +aaa authentication login default group radius local line +aaa authorization exec default group radius if-authenticated +! +! +! +! +! +aaa session-id common +ethernet lmi ce +! +! +! +mmi polling-interval 60 +no mmi auto-configure +no mmi pvc +mmi snmp-timeout 180 +! +! +! +! +! +! +! +! +! +! +! +no ip domain lookup +ip domain name virl.info +ip cef +ipv6 unicast-routing +ipv6 cef +! +multilink bundle-name authenticated +! +! +! +! +username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. +! +redundancy +! +! +! +! +! +! +! +! +! +! +! +! +! +! +! +interface Loopback0 + description Loopback + ip address 192.168.0.4 255.255.255.255 +! +interface GigabitEthernet0/0 + description OOB Management + vrf forwarding Mgmt-intf + ip address 172.16.1.182 255.255.255.0 + duplex full + speed auto + media-type rj45 +! +interface GigabitEthernet0/1 + description to iosvl2-1 + ip address 10.0.0.3 255.255.128.0 + ip ospf cost 1 + duplex full + speed auto + media-type rj45 +! +router ospf 1 + passive-interface Loopback0 + network 10.0.0.0 0.0.127.255 area 0 + network 192.168.0.4 0.0.0.0 area 0 +! +router bgp 1 + bgp router-id 192.168.0.4 + bgp log-neighbor-changes + neighbor 192.168.0.1 remote-as 1 + neighbor 192.168.0.1 description iBGP peer iosv-1 + neighbor 192.168.0.1 update-source Loopback0 + ! + address-family ipv4 + network 192.168.0.4 mask 255.255.255.255 + neighbor 192.168.0.1 activate + exit-address-family +! +ip forward-protocol nd +! +! +ip http server +ip http authentication aaa login-authentication default +no ip http secure-server +ip ssh server algorithm authentication password +! +ip access-list standard SNMP-RW + permit 172.16.1.0 0.0.0.255 + permit 192.168.0.0 0.0.0.255 + permit 10.0.128.0 0.0.0.3 +! +ip radius source-interface Loopback0 +! +snmp-server community supersecret RW SNMP-RW +snmp-server chassis-id +! +! +! +radius server RADIUS + address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 + key 7 13061E0108030723382727 +! +! +control-plane +! +banner exec ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +banner incoming ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +banner login ^ +************************************************************************** +* IOSv - Cisco Systems Confidential * +* * +* Supplemental End User License Restrictions * +* * +* This IOSv software is provided AS-IS without warranty of any kind. * +* Under no circumstances may this software be used separate from * +* the Cisco Modeling Labs Software that this software was provided * +* with, or deployed or used as part of a production environment. * +* * +* By using the software, you agree to abide by the terms and * +* conditions of the Cisco End User License Agreement at * +* http://www.cisco.com/go/eula. * +* * +* Unauthorized use or distribution of this software is expressly * +* prohibited. * +************************************************************************** +^ +! +line con 0 + password 7 0822455D0A16 +line aux 0 +line vty 0 4 + exec-timeout 720 0 + password 7 1511021F0725 + transport input telnet ssh +! +no scheduler allocate +! +end + + + + 2 + + + + + + #cloud-config +bootcmd: +- ln -s -t /etc/rc.d /etc/rc.local +hostname: admin-1 +manage_etc_hosts: true +runcmd: +- systemctl start rc-local +- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config +- echo "UseDNS no" >> /etc/ssh/sshd_config +- service ssh restart +- service sshd restart +users: +- default +- gecos: User configured by VIRL Configuration Engine 0.23.10 + lock-passwd: false + name: cisco + plain-text-passwd: cisco + shell: /bin/bash + ssh-authorized-keys: + - VIRL-USER-SSH-PUBLIC-KEY + sudo: ALL=(ALL) ALL +write_files: +- path: /etc/systemd/system/dhclient@.service + content: | + [Unit] + Description=Run dhclient on %i interface + After=network.target + [Service] + Type=oneshot + ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease + RemainAfterExit=yes + owner: root:root + permissions: '0644' +- path: /etc/rc.local + owner: root:root + permissions: '0755' + content: |- + #!/bin/sh + ifconfig eth1 up 10.0.128.6 netmask 255.255.255.252 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + route add -net 10.0.0.0/16 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 + route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 + exit 0 + + + + + + + + + + + + +