false flat true ospf ! IOSvL2 Config generated on 2017-08-27 23:10 ! by autonetkit_0.23.5 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config no service config enable password cisco ip classless ip subnet-zero no ip domain lookup ! line vty 0 4 transport input ssh telnet exec-timeout 720 0 password cisco login ! line con 0 password cisco ! hostname iosvl2-1 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! vtp domain virl.lab vtp mode transparent ! vlan 2 name ank_vlan2 vlan 3 name ank_vlan3 ! ! ! ! cdp run ! ! ! ip cef no ipv6 cef ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! ! ! ! interface Loopback0 description Loopback ! interface GigabitEthernet0/0 description OOB management ! Configured on launch no switchport vrf forwarding Mgmt-intf no ip address no shutdown ! interface GigabitEthernet0/1 description to iosvl2-2 switchport trunk encapsulation dot1q switchport mode trunk no shutdown ! interface GigabitEthernet0/2 description to iosv-1 switchport access vlan 2 switchport mode access no shutdown ! interface GigabitEthernet0/3 description to kali-1 switchport access vlan 2 switchport mode access no shutdown ! interface GigabitEthernet1/0 description to iosv-2 switchport access vlan 2 switchport mode access no shutdown ! ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! ! control-plane ! ! ! end ! IOSvL2 Config generated on 2017-08-27 23:10 ! by autonetkit_0.23.5 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config no service config enable password cisco ip classless ip subnet-zero no ip domain lookup ! line vty 0 4 transport input ssh telnet exec-timeout 720 0 password cisco login ! line con 0 password cisco ! hostname iosvl2-2 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! vtp domain virl.lab vtp mode transparent ! vlan 2 name ank_vlan2 vlan 3 name ank_vlan3 ! ! ! ! cdp run ! ! ! ip cef no ipv6 cef ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! ! ! ! interface Loopback0 description Loopback ! interface GigabitEthernet0/0 description OOB management ! Configured on launch no switchport vrf forwarding Mgmt-intf no ip address no shutdown ! interface GigabitEthernet0/1 description to iosvl2-1 switchport trunk encapsulation dot1q switchport mode trunk no shutdown ! interface GigabitEthernet0/2 description to iosv-1 switchport access vlan 3 switchport mode access no shutdown ! interface GigabitEthernet0/3 description to server-1 switchport access vlan 3 switchport mode access no shutdown ! ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! ! control-plane ! ! ! end #cloud-config bootcmd: - ln -s -t /etc/rc.d /etc/rc.local hostname: kali-1 manage_etc_hosts: true package_update: true packages: - quagga bootcmd: - ip route del default via 172.16.1.1 - ip route add default via 172.16.1.2 runcmd: - start ttyS0 - systemctl start getty@ttyS0.service - systemctl start rc-local - sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config - echo "UseDNS no" >> /etc/ssh/sshd_config - service ssh restart - systemctl enable zebra ospfd users: - default - gecos: User configured by VIRL Configuration Engine 0.23.10 lock-passwd: false name: cisco plain-text-passwd: cisco shell: /bin/bash ssh-authorized-keys: - VIRL-USER-SSH-PUBLIC-KEY sudo: ALL=(ALL) ALL write_files: - path: /etc/init/ttyS0.conf owner: root:root content: | # ttyS0 - getty # This service maintains a getty on ttyS0 from the point the system is # started until it is shut down again. start on stopped rc or RUNLEVEL=[12345] stop on runlevel [!12345] respawn exec /sbin/getty -L 115200 ttyS0 vt102 permissions: '0644' - path: /etc/systemd/system/dhclient@.service content: | [Unit] Description=Run dhclient on %i interface After=network.target [Service] Type=oneshot ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease RemainAfterExit=yes owner: root:root permissions: '0644' - path: /etc/network/interfaces owner: root:root permissions: '0644' content: |- source-directory /etc/network/interfaces.d auto eth0 iface eth0 inet dhcp gateway 172.16.1.2 - path: /etc/rc.local owner: root:root permissions: '0755' content: |- #!/bin/sh ip route del default ip route add default via 172.16.1.2 ip link set eth1 up ip addr add 10.0.0.1/17 dev eth1 # Use routes from Quagga instead #route add -host 192.168.0.1 gw 10.0.0.2 dev eth1 #route add -host 192.168.0.4 gw 10.0.0.2 dev eth1 #route add -net 10.0.0.0/17 gw 10.0.0.2 dev eth1 #route add -net 10.0.128.0/30 gw 10.0.0.2 dev eth1 #route add -host 192.168.0.1 gw 10.0.0.3 dev eth1 #route add -host 192.168.0.4 gw 10.0.0.3 dev eth1 #route add -net 10.0.0.0/17 gw 10.0.0.3 dev eth1 #route add -net 10.0.128.0/30 gw 10.0.0.3 dev eth1 exit 0 - path: /etc/network/interfaces.d/eth1 owner: root:root permissions: '0644' content: |- iface eth1 inet manual - path: /etc/quagga/zebra.conf owner: root:root permissions: '0644' content: |- hostname kali-1 password cisco enable password cisco interface eth0 interface eth1 line vty - path: /etc/quagga/ospfd.conf owner: root:root permissions: '0644' content: |- hostname kali-1 password cisco log stdout interface eth1 ip ospf cost 1 router ospf ospf router-id 10.0.0.1 network 10.0.0.1/17 area 0.0.0.0 network 192.168.0.4/32 area 0.0.0.0 network 10.0.128.2/32 area 0 line vty - path: /root/get-cisco-config.py owner: root:root permissions: '0755' content: |- #!/usr/bin/env python # See # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html # and # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB # for details from optparse import OptionParser from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send parser = OptionParser() parser.add_option("-i", "--iface", dest="iface", help="Interface", default="eth1") parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", default="192.168.1.2") parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", default="192.168.1.1") parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", default="192.168.1.2") parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") parser.add_option("-c", "--community", dest="snmpstring", help="SNMP Community Set String", default="secret") (options, args) = parser.parse_args() if options.cfg_file is None: options.cfg_file = "%s-config" % (options.dstip) print "Attempting to download IOS config from %s" % (options.dstip) conf.iface = options.iface i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) s1=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyEntryRowStatus(14) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] ) ) s2=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyProtocol(2) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] ) ) s3=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopySourceFileType(3) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=4)] ) ) s4=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyDestFileType(4) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=1)] ) ) s5=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyServerAddress(5) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] ) ) s6=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyFileName(6) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] ) ) s7=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyEntryRowStatus(14) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] ) ) send(i/s1) send(i/s2) send(i/s3) send(i/s4) send(i/s5) send(i/s6) send(i/s7) - path: /root/merge-cisco-config.py owner: root:root permissions: '0755' content: |- #!/usr/bin/env python # See # http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html # and # http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB # for details from optparse import OptionParser from scapy.all import conf,IP,SNMP,SNMPset,ASN1_OID,ASN1_IPADDRESS,UDP,SNMPvarbind,send parser = OptionParser() parser.add_option("-i", "--iface", dest="iface", help="Interface", default="eth1") parser.add_option("-s", "--src", dest="srcip", help="Source IP Address", default="192.168.1.2") parser.add_option("-d", "--dst", dest="dstip", help="Destination IP Address", default="192.168.1.1") parser.add_option("-t", "--tftp", dest="tftpip", help="TFTP Server IP Address", default="192.168.1.2") parser.add_option("-f", "--cfg", dest="cfg_file", help="Configuration Filename") parser.add_option("-c", "--community", dest="snmpstring", help="SNMP Community Set String", default="secret") (options, args) = parser.parse_args() if options.cfg_file is None: options.cfg_file = "%s-config" % (options.dstip) print "Attempting to upload IOS config to %s" % (options.dstip) conf.iface = options.iface i=IP(src=options.srcip,dst=options.dstip)/UDP(sport=161,dport=161) s1=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyEntryRowStatus(14) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=6)] ) ) s2=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyProtocol(2) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.2.112"),value=1)] ) ) s3=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopySourceFileType(3) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.3.112"),value=1)] ) ) s4=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyDestFileType(4) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.4.112"),value=4)] ) ) s5=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyServerAddress(5) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.5.112"),value=ASN1_IPADDRESS(options.tftpip))] ) ) s6=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyFileName(6) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.6.112"),value=options.cfg_file)] ) ) s7=SNMP( community=options.snmpstring, PDU=SNMPset( # iso(1) identified-organization(3) dod(6) internet(1) private(4) # enterprise(1) cisco (9) ciscoMgmt(9) ciscoConfigCopyMIB(96) # ciscoConfigCopyMIBObjects(1) ccCopy(1) ccCopyTable(1) ccCopyEntry(1) # ccCopyEntryRowStatus(14) RANDOM(112) varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4.1.9.9.96.1.1.1.1.14.112"),value=1)] ) ) send(i/s1) send(i/s2) send(i/s3) send(i/s4) send(i/s5) send(i/s6) send(i/s7) - path: /etc/default/atftpd owner: root:root permissions: '0644' content: |- USE_INETD=false # OPTIONS below are used only with init script OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /srv/tftp" - path: /srv/tftp/router.cfg owner: nobody:nogroup permissions: '0644' content: |- ! ! Last configuration change at 23:19:07 UTC Tue Aug 29 2017 by cisco ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname iosv-2 ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable password 7 060506324F41 ! aaa new-model ! ! aaa authentication login default group radius local line aaa authorization exec default group radius if-authenticated ! ! ! ! ! aaa session-id common ethernet lmi ce ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ! ! ! no ip domain lookup ip domain name virl.info ip cef ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! ! username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 description Loopback ip address 192.168.0.4 255.255.255.255 ! interface GigabitEthernet0/0 description OOB Management vrf forwarding Mgmt-intf ip address 172.16.1.191 255.255.255.0 duplex full speed auto media-type rj45 ! interface GigabitEthernet0/1 description to iosvl2-1 ip address 10.0.0.3 255.255.128.0 ip ospf cost 1 duplex full speed auto media-type rj45 ! router ospf 1 passive-interface Loopback0 network 10.0.0.0 0.0.127.255 area 0 network 192.168.0.4 0.0.0.0 area 0 ! router bgp 1 bgp router-id 192.168.0.4 bgp log-neighbor-changes neighbor 192.168.0.1 remote-as 1 neighbor 192.168.0.1 description iBGP peer iosv-1 neighbor 192.168.0.1 update-source Loopback0 ! address-family ipv4 network 192.168.0.4 mask 255.255.255.255 neighbor 192.168.0.1 activate exit-address-family ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip ssh server algorithm authentication password ! ip access-list standard IN-VTY permit 172.16.1.0 0.0.0.255 permit 192.168.0.0 0.0.0.255 permit 10.0.128.0 0.0.0.255 ip access-list standard SNMP-RW permit 172.16.1.0 0.0.0.255 permit 192.168.0.0 0.0.0.255 permit 10.0.128.0 0.0.0.3 ! ip radius source-interface Loopback0 ! snmp-server community supersecret RW SNMP-RW snmp-server chassis-id ! ! ! radius server RADIUS address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 key 7 13061E0108030723382727 ! ! control-plane ! banner exec ^ ************************************************************************** * IOSv - Cisco Systems Confidential * * * * Supplemental End User License Restrictions * * * * This IOSv software is provided AS-IS without warranty of any kind. * * Under no circumstances may this software be used separate from * * the Cisco Modeling Labs Software that this software was provided * * with, or deployed or used as part of a production environment. * * * * By using the software, you agree to abide by the terms and * * conditions of the Cisco End User License Agreement at * * http://www.cisco.com/go/eula. * * * * Unauthorized use or distribution of this software is expressly * * prohibited. * ************************************************************************** ^ banner incoming ^ ************************************************************************** * IOSv - Cisco Systems Confidential * * * * Supplemental End User License Restrictions * * * * This IOSv software is provided AS-IS without warranty of any kind. * * Under no circumstances may this software be used separate from * * the Cisco Modeling Labs Software that this software was provided * * with, or deployed or used as part of a production environment. * * * * By using the software, you agree to abide by the terms and * * conditions of the Cisco End User License Agreement at * * http://www.cisco.com/go/eula. * * * * Unauthorized use or distribution of this software is expressly * * prohibited. * ************************************************************************** ^ banner login ^ ************************************************************************** * IOSv - Cisco Systems Confidential * * * * Supplemental End User License Restrictions * * * * This IOSv software is provided AS-IS without warranty of any kind. * * Under no circumstances may this software be used separate from * * the Cisco Modeling Labs Software that this software was provided * * with, or deployed or used as part of a production environment. * * * * By using the software, you agree to abide by the terms and * * conditions of the Cisco End User License Agreement at * * http://www.cisco.com/go/eula. * * * * Unauthorized use or distribution of this software is expressly * * prohibited. * ************************************************************************** ^ ! line con 0 password 7 0822455D0A16 line aux 0 line vty 0 4 exec-timeout 720 0 password 7 1511021F0725 transport input telnet ssh ! no scheduler allocate ! end 2 ! IOS Config generated on 2017-08-27 23:10 ! by autonetkit_0.23.5 ! hostname iosv-1 boot-start-marker boot-end-marker ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! ! no aaa new-model ! ! ip cef ipv6 unicast-routing ipv6 cef ! ! service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service config enable password cisco ip classless ip subnet-zero no ip domain lookup ip domain name virl.info crypto key generate rsa modulus 768 ip ssh server algorithm authentication password username cisco privilege 15 secret cisco ip access-list standard IN-VTY permit 172.16.1.0 0.0.0.255 permit 192.168.0.0 0.0.0.255 permit 10.0.128.0 0.0.0.255 ip access-list standard SNMP-RW permit 172.16.1.0 0.0.0.255 permit 192.168.0.0 0.0.0.255 permit 10.0.128.0 0.0.0.3 snmp-server community supersecret rw SNMP-RW line vty 0 4 transport input ssh telnet access-class IN-VTY in vrf-also exec-timeout 720 0 password cisco login local line con 0 password cisco ! cdp run ! ! interface Loopback0 description Loopback ip address 192.168.0.1 255.255.255.255 ! interface GigabitEthernet0/0 description OOB Management vrf forwarding Mgmt-intf ! Configured on launch no ip address cdp enable duplex full speed auto no shutdown ! interface GigabitEthernet0/1 description to iosvl2-1 ip address 10.0.0.2 255.255.128.0 cdp enable ip ospf cost 1 duplex full speed auto no shutdown ! interface GigabitEthernet0/2 description to iosvl2-2 ip address 10.0.128.1 255.255.255.252 cdp enable ip ospf cost 1 duplex full speed auto no shutdown ! interface GigabitEthernet0/3 description to admin-1 ip address 10.0.128.5 255.255.255.252 cdp enable ip ospf cost 1 duplex full speed auto no shutdown ! ! ! router ospf 1 network 192.168.0.1 0.0.0.0 area 0 log-adjacency-changes passive-interface Loopback0 network 10.0.0.0 0.0.127.255 area 0 network 10.0.128.0 0.0.0.3 area 0 network 10.0.128.4 0.0.0.3 area 0 ! ! router bgp 1 bgp router-id 192.168.0.1 no synchronization ! ibgp ! ibgp peers ! neighbor 192.168.0.4 remote-as 1 neighbor 192.168.0.4 description iBGP peer iosv-2 neighbor 192.168.0.4 update-source Loopback0 ! ! ! address-family ipv4 network 192.168.0.1 mask 255.255.255.255 neighbor 192.168.0.4 activate exit-address-family ! ! ! end 2 3 #cloud-config bootcmd: - ln -s -t /etc/rc.d /etc/rc.local hostname: server-1 manage_etc_hosts: true package_update: true packages: - snmp - freeradius - tshark runcmd: - start ttyS0 - systemctl start getty@ttyS0.service - systemctl start rc-local - sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config - echo "UseDNS no" >> /etc/ssh/sshd_config - service ssh restart - service sshd restart - cp /tmp/clients.conf.new /etc/freeradius/clients.conf - cp /tmp/users.new /etc/freeradius/users - systemctl enable freeradius - systemctl start freeradius - chown -R cisco:cisco /home/cisco - sudo -u cisco /home/cisco/http-chatter.sh & - sudo -u cisco /home/cisco/snmp-chatter.sh & users: - default - gecos: User configured by VIRL Configuration Engine 0.23.10 lock-passwd: false name: cisco plain-text-passwd: cisco shell: /bin/bash ssh-authorized-keys: - VIRL-USER-SSH-PUBLIC-KEY sudo: ALL=(ALL) ALL write_files: - path: /etc/init/ttyS0.conf owner: root:root content: | # ttyS0 - getty # This service maintains a getty on ttyS0 from the point the system is # started until it is shut down again. start on stopped rc or RUNLEVEL=[12345] stop on runlevel [!12345] respawn exec /sbin/getty -L 115200 ttyS0 vt102 permissions: '0644' - path: /etc/systemd/system/dhclient@.service content: | [Unit] Description=Run dhclient on %i interface After=network.target [Service] Type=oneshot ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease RemainAfterExit=yes owner: root:root permissions: '0644' - path: /etc/rc.local owner: root:root permissions: '0755' content: |- #!/bin/sh ip route del default ip route add default via 172.16.1.2 ifconfig eth1 up 10.0.128.2 netmask 255.255.255.252 route add -host 192.168.0.1 gw 10.0.128.1 dev eth1 route add -host 192.168.0.4 gw 10.0.128.1 dev eth1 route add -net 10.0.0.0/17 gw 10.0.128.1 dev eth1 route add -net 10.0.128.0/30 gw 10.0.128.1 dev eth1 exit 0 - path: /tmp/clients.conf.new content: | client 192.168.0.0/24 { secret = ciscocisco nastype = cisco shortname = virl } owner: "root:root" permissions: '0640' - path: /tmp/users.new content: | admin Cleartext-Password := "secret123" Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=15" owner: "root:root" permissions: '0640' - path: /home/cisco/http-chatter.sh content: | #!/bin/bash while true; do curl -u admin:secret123 http://192.168.0.4 sleep 15 done owner: "root:root" permissions: '0755' - path: /home/cisco/snmp-chatter.sh content: | #!/bin/bash while true; do snmpget -v 2c -c supersecret 192.168.0.4 1.3.6.1.2.1.1.1.0 sleep 15 done owner: "root:root" permissions: '0755' 3 ! IOS Config generated on 2017-08-27 23:10 ! by autonetkit_0.23.5 ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname iosv-2 ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable password 7 060506324F41 ! aaa new-model ! ! aaa authentication login default group radius local line aaa authorization exec default group radius if-authenticated ! ! ! ! ! aaa session-id common ethernet lmi ce ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ! ! ! no ip domain lookup ip domain name virl.info ip cef ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! ! username cisco privilege 15 secret 5 $1$WaUX$blEhl/Fee6CSV8WMIvhv4. ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 description Loopback ip address 192.168.0.4 255.255.255.255 ! interface GigabitEthernet0/0 description OOB Management vrf forwarding Mgmt-intf ip address 172.16.1.182 255.255.255.0 duplex full speed auto media-type rj45 ! interface GigabitEthernet0/1 description to iosvl2-1 ip address 10.0.0.3 255.255.128.0 ip ospf cost 1 duplex full speed auto media-type rj45 ! router ospf 1 passive-interface Loopback0 network 10.0.0.0 0.0.127.255 area 0 network 192.168.0.4 0.0.0.0 area 0 ! router bgp 1 bgp router-id 192.168.0.4 bgp log-neighbor-changes neighbor 192.168.0.1 remote-as 1 neighbor 192.168.0.1 description iBGP peer iosv-1 neighbor 192.168.0.1 update-source Loopback0 ! address-family ipv4 network 192.168.0.4 mask 255.255.255.255 neighbor 192.168.0.1 activate exit-address-family ! ip forward-protocol nd ! ! ip http server ip http authentication aaa login-authentication default no ip http secure-server ip ssh server algorithm authentication password ! ip access-list standard SNMP-RW permit 172.16.1.0 0.0.0.255 permit 192.168.0.0 0.0.0.255 permit 10.0.128.0 0.0.0.3 ! ip radius source-interface Loopback0 ! snmp-server community supersecret RW SNMP-RW snmp-server chassis-id ! ! ! radius server RADIUS address ipv4 10.0.128.2 auth-port 1812 acct-port 1813 key 7 13061E0108030723382727 ! ! control-plane ! banner exec ^ ************************************************************************** * IOSv - Cisco Systems Confidential * * * * Supplemental End User License Restrictions * * * * This IOSv software is provided AS-IS without warranty of any kind. * * Under no circumstances may this software be used separate from * * the Cisco Modeling Labs Software that this software was provided * * with, or deployed or used as part of a production environment. * * * * By using the software, you agree to abide by the terms and * * conditions of the Cisco End User License Agreement at * * http://www.cisco.com/go/eula. * * * * Unauthorized use or distribution of this software is expressly * * prohibited. * ************************************************************************** ^ banner incoming ^ ************************************************************************** * IOSv - Cisco Systems Confidential * * * * Supplemental End User License Restrictions * * * * This IOSv software is provided AS-IS without warranty of any kind. * * Under no circumstances may this software be used separate from * * the Cisco Modeling Labs Software that this software was provided * * with, or deployed or used as part of a production environment. * * * * By using the software, you agree to abide by the terms and * * conditions of the Cisco End User License Agreement at * * http://www.cisco.com/go/eula. * * * * Unauthorized use or distribution of this software is expressly * * prohibited. * ************************************************************************** ^ banner login ^ ************************************************************************** * IOSv - Cisco Systems Confidential * * * * Supplemental End User License Restrictions * * * * This IOSv software is provided AS-IS without warranty of any kind. * * Under no circumstances may this software be used separate from * * the Cisco Modeling Labs Software that this software was provided * * with, or deployed or used as part of a production environment. * * * * By using the software, you agree to abide by the terms and * * conditions of the Cisco End User License Agreement at * * http://www.cisco.com/go/eula. * * * * Unauthorized use or distribution of this software is expressly * * prohibited. * ************************************************************************** ^ ! line con 0 password 7 0822455D0A16 line aux 0 line vty 0 4 exec-timeout 720 0 password 7 1511021F0725 transport input telnet ssh ! no scheduler allocate ! end 2 #cloud-config bootcmd: - ln -s -t /etc/rc.d /etc/rc.local hostname: admin-1 manage_etc_hosts: true runcmd: - systemctl start rc-local - sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config - echo "UseDNS no" >> /etc/ssh/sshd_config - service ssh restart - service sshd restart users: - default - gecos: User configured by VIRL Configuration Engine 0.23.10 lock-passwd: false name: cisco plain-text-passwd: cisco shell: /bin/bash ssh-authorized-keys: - VIRL-USER-SSH-PUBLIC-KEY sudo: ALL=(ALL) ALL write_files: - path: /etc/systemd/system/dhclient@.service content: | [Unit] Description=Run dhclient on %i interface After=network.target [Service] Type=oneshot ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease RemainAfterExit=yes owner: root:root permissions: '0644' - path: /etc/rc.local owner: root:root permissions: '0755' content: |- #!/bin/sh ifconfig eth1 up 10.0.128.6 netmask 255.255.255.252 route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 route add -net 10.0.0.0/16 gw 10.0.128.5 dev eth1 route add -host 192.168.0.1 gw 10.0.128.5 dev eth1 route add -host 192.168.0.4 gw 10.0.128.5 dev eth1 exit 0