Hello! Today I want to talk about one interesting network engineer tool called UNL. This is a whole environment for emulation and visual design of networks, allowing you to use both Cisco images (Dynamips emulator) and Juniper or QEMU components. The list of supported equipment is quite extensive, what I found useful were l2 switches, because I am currently studying STP and its variations, and Cisco Packet Tracer and GNS3, to put it mildly, are not up to the task.

By the way, if anyone else is interested, I found a place where you can wholesale many different technical items, including batteries, batteries, and headsets.

Well, let's start setting up our virtual laboratory step by step:

1. Download the virtual machine image (I selected Google Drive);
2. Download VMWare Player (free);
3. Open the virtual machine image in VMWare Player. In this case, it is better to go into the settings and add (if possible) RAM, processor cores and check the virtualization mode boxes:
4. We will need images of the so-called IOL (IOS on Linux), which can be taken (341 MB). There are both L2 and L3 devices.
5. We will also need a program for downloading files using a secure protocol.
6. Launch the virtual machine, log in root:unl. We see the invitation http://192.168.241.129/ in the console.
   

   Your IP address may be different.

7. Open this IP in the browser and see the web interface. You can log in using your credentials admin:unl
8. Using WinSCP, upload to the server (create a connection via scp with root:unl credentials on the ip)
   

   Connect and go to the directory /opt/unetlab/addons/iol/bin, and upload the bin images of our IOLs there. You need to place the file there iourc the following content:

   If suddenly for some reason the images cannot start, for example the host name has changed or something else, you can use the keygen (in the archive from step 4), ./scripts/keygen.py. Copy it to the virtual machine and run it like this (of course, specifying the correct path):
   # python /path/to/keygen.py
   It is also worth adding the following line to the /etc/hosts file:
   127.0.0.0 xml.cisco.com

9. Let's configure access rights with the command:
   /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
10. Now let's make sure everything works correctly:
    # cd /opt/unetlab/addons/iol/bin
    # touch NETMAP
    # LD_LIBRARY_PATH=/opt/unetlab/addons/iol/lib /opt/unetlab/addons/iol/bin/i86bi-linux-l2-ipbasek9-15.1e.bin 1
    
    

    Stopping the switch and let's move on.

11. Now we will work in the web interface. If we have achieved step 10, then there should be no further difficulties. Log in and select LABS in the top menu. In the Actions section, select Add a new lab
    

    We enter the data, the name of the laboratory work, the version, and if desired, you can indicate the author.

    
    

    Add active devices (Nodes). There is a huge selection of switches and routers from different vendors. We have only downloaded IOL so far.

    
    

    Therefore, we will add IOL. 3 pieces at once, change the icon and remove the Serial interfaces.

    

    To connect we need communication lines. Here it's called Networks. Let's add three networks

    
    

    Now right-click on the node and select Interfaces.

    

    Here we select the appropriate networks for each interface

    
    

    This is the topology we got

    
    

    Let's open a launch lab

    
    

    Let's start all the nodes

    
    

    Let's get into the console of the device. By the way, if there is a triangle icon under a node, it means the node is running, if it is a square, it means it is stopped.

    
    

    To make it easier to connect with devices, you can use editing protocol associations. Registry file:
    Windows Registry Editor Version 5.00

    
    @="URL:Telnet Protocol"
    "EditFlags"=dword:00000002
    "FriendlyTypeName"="@ieframe.dll,-907"
    "URL Protocol"=""
    "BrowserFlags"=dword:00000008

    
    @="c:\\putty.exe,0"

    
    @=""

    
    @="\"c:\\putty.exe\" %1"

    Save the file as 1.reg and import it into the registry.

12. We check the operation of those protocols that are not available in CPT and GNS:
    Ha ha! Works! The top right photo shows all the STP changes. There is no command at all in Cisco Packet Tracer debug spanning-tree events, but in GNS3 it was not possible to start the L2 switch, and etherswitch router I didn’t want to work so that debug messages were displayed

Friends! Join our

Hi all.

At one time I had to deal with Cisco. Not for long, but still. Everything related to Cisco is now mega popular. At one time I was involved in the opening of a local Cisco Academy at a local university. A year ago I attended the "" course. But we don’t always have access to the equipment itself, especially while studying. Emulators come to the rescue. There are also ones for Cisco. I started with Boson NetSim, and almost all students are now using Cisco Packet Tracer. But nevertheless, the set of simulators is not limited to these two types.

Some time ago, in our “Networks for the Little Ones” series, we switched to the GNS3 emulator, which better suited our needs than Cisco Packet Tracer.

But what alternatives do we even have? Alexander aka Sinister, who does not yet have an account on Habré, will tell you about them.

There are quite a large number of simulators and emulators for Cisco Systems equipment. In this short review I will try to show all the existing tools that solve this problem. The information will be useful to those who study network technologies, prepare to take Cisco exams, assemble racks for troubleshooting, or research security issues.

A little terminology.

Simulators- they imitate a certain set of commands, it is built in and if you go beyond the limits, you will immediately receive an error message. A classic example is Cisco Packet Tracer.

Emulators on the contrary, they allow you to play (performing byte translation) images (firmware) of real devices, often without visible restrictions. As an example - GNS3/Dynamips.

Let's look at Cisco Packet Tracer first.

1. Cisco Packet Tracer

This simulator is available for both Windows and Linux and is free for Cisco Networking Academy students.

In version 6, such things appeared as:

• iOS 15
• HWIC-2T and HWIC-8A modules
• 3 new devices (Cisco 1941, Cisco 2901, Cisco 2911)
• HSRP support
• IPv6 in the settings of end devices (desktops).

The feeling is that the new release was timed to coincide with the update of the CCNA exam to version 2.0.

Its advantages are the user-friendliness and consistency of the interface. In addition, it is convenient to check the operation of various network services, such as DHCP/DNS/HTTP/SMTP/POP3 and NTP.

And one of the most interesting features is the ability to switch to simulation mode and see the movement of packets with time dilation.

It reminded me of that same Matrix.

• Almost everything that goes beyond the scope of CCNA cannot be assembled on it. For example, EEM is completely absent.
• Also, sometimes various glitches can appear, which can only be cured by restarting the program. The STP protocol is especially famous for this.

What do we end up with?

A good tool for those who have just begun their acquaintance with Cisco equipment.

The next one is GNS3, which is a GUI (in Qt) for the dynamips emulator.

A free project, available for Linux, Windows and Mac OS X. The GNS project website is www.gns3.net. But most of its functions designed to improve performance work only under Linux (ghost IOS, which works when using many identical firmware), the 64-bit version is also only for Linux. The current version of GNS at the moment is 0.8.5. This is an emulator that works with real iOS firmware. In order to use it, you must have the firmware. Let's say you bought a Cisco router, you can remove them from it. You can connect VirtualBox or VMware Workstation virtual machines to it and create quite complex schemes; if you wish, you can go further and release it into a real network. In addition, Dynamips can emulate both old Cisco PIX and the well-known Cisco ASA, even version 8.4.

But with all this there are a lot of shortcomings.

The number of platforms is strictly limited: only those chassis that are provided by the dynamips developers can be launched. It is possible to run iOS 15 version only on the 7200 platform. It is impossible to fully use Catalyst switches, this is due to the fact that they use a large number of specific integrated circuits, which are therefore extremely difficult to emulate. All that remains is to use network modules (NM) for routers. When using a large number of devices, performance degradation is guaranteed.

What do we have in the bottom line?

A tool in which you can create quite complex topologies and prepare for CCNP level exams, with some reservations.

3. Boson NetSim

A few words about the Boson NetSim simulator, which was recently updated to version 9.

Available only for Windows, the price ranges from $179 for CCNA and up to $349 for CCNP.

It is a kind of collection of laboratory works, grouped by exam topics.

As you can see from the screenshots, the interface consists of several sections: a description of the task, a network map, and on the left side there is a list of all labs. After finishing the work, you can check the result and find out if everything was done. It is possible to create your own topologies, with some restrictions.

Main features of Boson NetSim:

• Supports 42 routers, 6 switches and 3 other devices
• Simulates network traffic using virtual packet technology
• Provides two different browsing styles: Telnet mode or console mode
• Supports up to 200 devices on one topology
• Allows you to create your own laboratories
• Includes labs that support SDM simulation
• Includes non-Cisco devices such as TFTP Server, TACACS+ and Packet Generator (that's probably the same 3 other devices)

It has the same disadvantages as Packet Tracer.

For those who do not mind a certain amount, and at the same time do not want to understand and create their own topologies, but just want to practice before the exam, this will be very useful.

Official website - www.boson.com/netsim-cisco-network-simulator.

4. Cisco CSR

Now let's look at the fairly recent Cisco CSR.

The virtual Cisco Cloud Service Router 1000V appeared relatively recently.

It is available on the official Cisco website.

To download this emulator, you just need to register on the site. For free. No contract with Cisco is required. This is really an event, since previously Cisco fought emulators in every possible way and recommended only renting equipment. You can download, for example, an OVA file, which is a virtual machine, apparently RedHat or its derivatives. Each time the virtual machine starts, it loads an iso image, inside of which you can find CSR1000V.BIN, which is the actual firmware. Well, Linux acts as a wrapper, that is, a call converter. Some requirements that are indicated on the site are DRAM 4096 MB Flash 8192 MB. With today's capacity, this should not cause problems. CSR can be used in GNS3 topologies or in conjunction with a Nexus virtual switch.

The CSR1000v is designed as a virtual router (much like Quagga, but IOS from Cisco), which runs on the hypervisor as a client instance and provides the services of a regular ASR1000 router. This could be something as simple as basic routing or NAT, all the way to things like VPN MPLS or LISP. As a result, we have an almost full-fledged provider Cisco ASR 1000. The operating speed is quite good, it works in real time.

Not without its shortcomings. You can only use a trial license for free, which lasts only 60 days. In addition, in this mode, throughput is limited to 10, 25 or 50 Mbps. After the end of such a license, the speed will drop to 2.5 Mbps. The cost of a 1-year license will cost approximately $1000.

5. Cisco Nexus Titanium

Titanium is an emulator of the Cisco Nexus switch operating system, also called NX-OS. Nexus are positioned as switches for data centers.

This emulator was created directly by Cisco for internal use.

The Titanium 5.1.(2) image, compiled on the basis of VMware some time ago, became publicly available. And after some time, the Cisco Nexus 1000V appeared, which can be legally purchased separately or as part of the vSphere Enterprise Plus edition of Vmware. You can watch it on the website - www.vmware.com/ru/products/cisco-nexus-1000V/

Perfect for anyone preparing to take the Data Center track. It has some peculiarity - after switching on, the boot process begins (as in the case of CSR, we will also see Linux) and stops. It seems like everything is frozen, but that's not the case. Connection to this emulator is made through named pipes.

A named pipe is one of the methods of interprocess communication. They exist both in Unix-like systems and in Windows. To connect, just open putty, for example, select the serial connection type and specify \\.\pipe\vmwaredebug.

Using GNS3 and QEMU (a lightweight OS emulator that comes bundled with GNS3 for Windows), you can assemble topologies that will use Nexus switches. And again, you can release this virtual switch into the real network.

6. Cisco IOU

And finally, the famous Cisco IOU (Cisco IOS on UNIX) is proprietary software that is not officially distributed at all.

It is believed that Cisco can track and identify who is using the IOU.

When launched, an HTTP POST request is attempted to the xml.cisco.com server. The data that is sent includes hostname, login, IOU version, etc.

It is known that Cisco TAC uses IOU. The emulator is very popular among those preparing to take the CCIE. Initially it worked only under Solaris, but over time it was ported to Linux. It consists of two parts - l2iou and l3iou; from the name you can guess that the first emulates the data link layer and switches, and the second emulates the network layer and routers.

The author of the web interface is Andrea Dainese. His website: www.routereflector.com/cisco/cisco-iou-web-interface/. The site itself does not contain IOU or any firmware; moreover, the author states that the web interface was created for people who have the right to use IOU.

And some final conclusions.

As it turned out, at the moment there is a fairly wide range of emulators and simulators of Cisco equipment. This allows you to almost fully prepare for exams of various tracks (classic R/S, Service Provider and even Data Center). With some effort, you can collect and test a wide variety of topologies, conduct vulnerability research, and, if necessary, release emulated equipment onto a real network.

FEDERAL FISHERIES AGENCY

Federal State Budgetary Educational Institution of Higher Professional Education

Astrakhan State Technical University

Institute of Information Technologies and Communications

Department of Information Security

Laboratory workshop on the basics of organizing secure networks based on Cisco equipment using the Cisco Packet Tracer software emulator

Methodological manual for the discipline “Software and hardware for information security”

for students of specialty 090303 “Information security of automated systems”

Astrakhan 2011

Compiled by: Savelyev A.N., Ph.D., Associate Professor of the Department of Information Security

Belov S.V., Ph.D., Associate Professor of the Department of Information Security

Vybornova O.N., student of group DIB-51

Donskoy A.A., student of group DIB-51

Soloviev Yu.Yu., Ph.D., senior lecturer of the Department of Economics and Enterprise Management

Reviewer: Popov G.A., Doctor of Technical Sciences, Professor, Head of the Department of Information Security

The methodological manual is a collection of laboratory works in the discipline “Software and hardware for ensuring information security of automated systems.” The laboratory works contain basic theoretical information regarding the organization of secure IP networks based on Cisco equipment. Case studies are implemented using Cisco Packet Tracer software.

The methodological manual was approved at the meeting of the methodological council of the department “___” _____________ 201_, minutes No.______

© Astrakhan State Technical University

Laboratory work No. 1

Overview of the capabilities of the Cisco Packet Tracer software emulator

Goal of the work: gain basic concepts and knowledge about the functioning of the Cisco Packet Tracer software emulator as a software tool for emulating the Cisco Systems line of hardware and software equipment.

Theoretical description

Cisco Packet Tracer is a powerful software product for modeling data networks based on network equipment from Cisco Systems. The Cisco Packet Tracer software emulator allows you to create models of data transmission networks, administer virtual active network equipment, and use various types of data transmission channels. This software allows you to create complex layouts of data transmission networks and check the performance of their topology. The Packet Tracer software emulator complements the Cisco Networking Academies curriculum to make it easier to learn complex technical concepts and network system design.

Figure 1.1 shows the appearance of the interface window.

Rice. 1.1. Cisco Packet Tracer Emulator Interface

The Cisco Packet Tracer emulator interface contains the following elements:

1. Work area. Area for building and configuring networks;

2. Main menu;

3. Main toolbar;

4. The “Network Information” button allows you to enter a description of the current network;

5. The “Contents (F1)” button opens the help file;

6. General toolbar. Contains tools that are often used in the program workspace:

1) "Select". Used to highlight, move, and select objects, devices, and unconnected cables;

2) "Move Layout". Used to move the workspace within a logical network diagram field;

3) "The Place Note". Used to add notes to the work area;

4) "Delete". Used to remove objects, devices, notes and connections (cables);

5) "The Inspect". Allows you to view tables related to the selected device (ARP table, routing table, etc.);

6) "The Resize". Allows you to change the size of icons of devices and objects in the work area.

7. Buttons for visual modeling of data flows:

7) “The Add Simple PDU”. Performs a simple ping request between two devices;

8) “The Add Complex PDU”. Allows you to create complex data packages.

8. “Realtime” tab. By default, Packet Tracer works in real time. The counter on the left side of this panel shows time in the same way as a regular clock;

9. “Simulation” tab. Serves to switch to simulation mode. This mode is used to monitor network traffic. In this case, the time is controlled by the user. Time can be stopped or slowed down to view network traffic at a rate of 1 packet per unit of time;

10. Window for monitoring visual modeling packages according to a given scenario;

11. Scenario block. Allows users to create and delete device scenarios;

12. Block for selecting a model of network components or connections belonging to a certain class (Figure 1.1 shows devices belonging to the Routers class);

13. Block for selecting a device or connection class;

14. Logic tab, Logic toolbar. The buttons located on this panel function only in the work area of ​​the “Logic” tab;

15. “Physical” tab. Designed to navigate to a physical workspace. Also has its own toolbar. The physical workspace provides a physical representation of the logical network topology, giving a sense of space and the layout of devices and networks.

The construction of a data network model is carried out by dragging the necessary devices into the work area. The Cisco Packet Tracer software emulator implements the following types of connections listed in Figure 1.2, namely:

1. Automatic;

2. Console connection;

3. Direct patch cord (end network device (personal computer, server, network printer), router, access point, etc.);

4. Cross (reverse) patch cord (personal computer, server - personal computer, server, printer; active network device - active network device);

5. Fiber optic data transmission channel;

6. Telephone data transmission channel;

7. Coaxial data link;

8. Serial (serial) data transmission channel.

Rice. 1.2. Connector Types

The Cisco Packet Tracer software emulator allows you to save information about the network topology and settings of network devices in a *.pkt file.

As an example, let's put together a simple network diagram consisting of two personal computers and one router. To do this, select and drag the following devices onto the work area:

· in the Routers class – router model 2811,

· in the End Devices class – Generic (PC-TP).

By default, personal computers are named “PC1” and “PC2”, and the router is named “Router1”. The device name can be changed by left-clicking on it and entering a new device name.

Next, we connect personal computers “PC1” and “PC2” to the “FastEthernet0” ports of the router “Router1”. To do this, select the connection type “Cooper Cross-Over” (cross patch cord), click on the personal computer icon “PC1”, select the “FastEthernet” port, then click on the router icon “Router1” and select one of the free ports on it “ FastEthernet0" (it is recommended to assign network connections in order). We also connect the router “Router1” and the personal computer “PC2”.

The end result should be the diagram shown in Figure 1.3. Initially, interfaces on devices are disabled. Disabled interfaces are shown in red, enabled interfaces are shown in green.

Rice. 1.3. Data network diagram

To assign network details to a personal computer, you need to click on its icon, in the dialog box that appears, select the “Desktop” tab, and in it – “IP configuration” (Fig. 1.4).

Let’s assign the personal computer “PC1” the IP address 192.168.1.2, the default router IP address (default gateway) 192.168.1.1, subnet mask 255.255.255.0. Personal computer “PC2” – IP address 192.168.2.2, gateway 192.168.2.1, subnet mask 255.255.255.0.

Rice. 1.4. Configuring a personal computer

In the Cisco Packet Tracer software emulator, active network devices (routers, switches, hubs, etc.) can be configured by entering the necessary parameters in the appropriate fields of the “Config” tab. It is recommended not to use this method, since in real conditions when configuring network devices there is no such option. When performing the tasks specified in the manual, configuration should be done in the “CLI” tab, using control commands of the Cisco IOS operating system in console mode.

Initially, you need to put the router into privileged mode with the command enable (abbreviated as en ) – in this case, the console prompt changes to the “#” symbol. Then we go to configuration mode from the terminal line with the command configure terminal (conf t ). In router configuration mode, the console prompt ends with “config-terminal”. In the router configuration mode, its basic parameters are administered.

To administer the router's network interfaces, you must switch to the network interface configuration mode. To switch to the network interface configuration mode, you must run the command in the device configuration mode:

interfaceinterface_name.

In this mode, the selected interface is configured. Team ip address address mask the IP address of the network interface is assigned.

The interface is enabled by the command no shutdown (no shutdown ), shutdown - with the command shutdown (shut) . For informational purposes using the interface subcommand description You can add a text comment.

The status of the interfaces can be viewed by exiting the configuration mode (using the command exit or by clicking<Ctrl + Z> ) and running the command show interface (shint ). A brief summary of the status of all interfaces available on the device can be obtained using the command show ip interface brief .

The result of configuring a Cisco device is a configuration command script that is interpreted by the device. The current, or used, device configuration - device configuration script - can be viewed using the command show running-config (sh run ).

Let's look at an example of configuring a router. Let's assign the FastEthernet0/0 port – IP address 192.168.1.1, mask 255.255.255.0; port FastEthernet0/1 – IP address 192.168.2.1, mask 255.255.255.0 (Fig. 1.5).

Rice. 1.5. Router Configuration

As a result, device interfaces are painted green. This is a sign that they are turned on and functioning normally.

You can check the functioning of the network by sending an ICMP request (by running the command " ping ") from personal computer PC1 to personal computer PC2. Team " ping » can also be performed on active network devices, for example, on a router. In the Cisco Packet Tracer software emulator, you can send an ICMP request in two ways:

1. Using a console application (“Command Prompt” in the “Desktop” tab of one of the computers or the “CLI” tab of the router);

2. Using the data flow modeling tool “The Add Simple PDU”: select the “The Add Simple PDU” tool, click on the request source device, click on the request destination device. If the request is successfully completed, the status “Successful” is set in the window for monitoring visual modeling packages (Fig. 1.6).

Rice. 1.6. Data Flow Modeling

The Cisco IOS operating system that controls Cisco devices has a built-in help system that can be accessed from command execution mode. The help system is contextual, which means that the help provided depends on what the user is trying to do in Cisco IOS at a given time. To get a list of available options, simply enter the command in the form of a question mark ( ? ). This command will search for available commands (subcommands) and display a list of them on the screen. The help system is designed in such a way that the left side of the displayed text contains the commands themselves, and the right side contains short explanations for each of them.

It should be remembered that in the Cisco Packet Tracer software emulator, the help system only shows a list of commands that can be simulated by this program. This list may differ slightly from the list of commands available on the actual device.

In addition, the built-in help system allows you to enter commands not completely, but automatically completing the command to the end when you press a key Tab . If you enter part of a command that does not have multiple meanings and press Tab , then IOS itself will complete the command. If you enter an ambiguous command, Cisco IOS will not be able to complete it.

1. In the Cisco Packet Tracer software emulator, assemble a network layout according to the scheme discussed above.

2. Configure devices according to options;

3. Check the availability of active network elements using the command ping .

4. Check the availability of active network elements using the data flow modeling tool “The Add Simple PDU”.

Task options:

Option	Subnets
1	172.16.1.x/24; 172.16.2.x/24
2	192.168.1.x/30; 192.168.2.x/30
3	172.12.1.x/24; 172.12.2.x/24
4	192.168.1.x/24; 172.12.1.x/24
5	192.168.1.x/28; 192.168.5.x/24
6	192.168.1.x/24; 192.168.21.x/28

Control questions:

1. Seven-layer OSI model.

2. Functioning of the physical and data link layers of the OSI model.

3. Functioning of the network and transport levels of the model.

4. Functioning of the session layer, presentation layers and applications.

5. Basic information on the Ethernet 802.3u standard.

6. The concept of IP address, subnet mask.

7. Classes of IP addresses.

8. Dividing networks into subnets, segmenting networks.

Laboratory work No. 2

Overview of Cisco hardware devices implemented in the Cisco Packet Tracer software emulator

Goal of the work: View active network devices implemented in the Cisco Packet Tracer software emulator. Learn how to configure and manage a router via the console port. Familiarize yourself with and configure virtual server network services.

Theoretical information

Network switch (switch from English switch - switch) is an active type network device that connects data network hosts within the same network segment. The switch does not transmit received packets to all ports, as a hub does, but directly to the recipient, thereby establishing a virtual data transmission channel. Compared to a concentrator (hub), an Ethernet network switch has increased efficiency and performance. By using isolated data transmission channels, the level of network security is increased.

Router or router (from the English router) is a specialized network device that transmits network layer packets (layer 3 of the OSI model) between different parts of the network infrastructure based on data about the network topology and certain algorithms and rules.

Each Cisco device has a console port, which is used to access it using a directly connected terminal. The console port is often an RS-232C interface port or an RJ-45 connector and is labeled “Console.”

Once a physical connection has been established between a terminal or personal computer and a device, the terminal must be configured to interact appropriately with the device. To do this, configure the parameters of the terminal (or terminal emulation program on a personal computer) so that the following settings are supported:

· Type of emulated terminal – VT100;

· Data transfer rate – 9600 baud;

· Prohibition of parity control;

· 8 data bits;

· 1 stop bit.

After checking that the settings are correct, apply power to the device. Information about the device will appear on the terminal screen, indicating a successful connection. If there is no message on the screen of the terminal or device emulating it, you need to check the connection and make sure that the terminal settings are correct.

Let's assemble a circuit consisting of 3 personal computers, a server, a router and a switch. To do this, select and drag the following network components onto the work area:

· in the Routers section – router model 2811,

· in the Switches section – switch model 2960-24,

· in the End Devices section – Generic personal computers (PC-TP), Generic server (Server-PT).

Let's connect the devices to each other, as shown in Figure 2.1, and begin configuring the network.

Rice. 2.1. Network model diagram

In this network diagram we use the following subnets:

1. Personal computers PC1, PC2 and the Server0 server connected to the router through Switch0, and the FastEthernet0/0 port of Router0 represent the NetA subnet;

2. Personal computers PC0 and router Router0 (port FastEthernet0/1) represent the NetB subnet.

In laboratory work, the router must be configured through a terminal connection from a personal computer PC1. To do this, connect PC1 and Router0 with a console connection (on PC1 we select the RS 232 port, on Router0 we select the Console port). Then on PC1 go to the “Desktop” tab, select “Terminal” and click “OK”. If everything is done correctly, then we will eventually connect to the router via a terminal connection (Fig. 2.2).

Rice. 2.2. Terminal connection interface

As an example, we will assign the parameters 192.168.1.0/28 to the NetA subnet, and the parameters 192.168.2.0/28 to the NetB subnet.

Let's assign IP addresses to network interfaces, similar to the previous laboratory work.

It is possible to administer active network devices not only through a console connection, but also remotely using the telnet protocol. To do this, you must first configure access for remote (virtual) users on the device (router). In privileged mode, run the following commands:

Line vty 0 4

passwordpassword.

After that, from any computer you can go to the command line and enter the command telnet Router IP_address. If the connection is successful, you are asked for a password that is set to access the router for remote users. If you enter the password correctly, we connect to the router (Fig. 2.3).

Rice. 2.3. Connecting to the router via telnet protocol

Switch0 can also be assigned an IP address. To assign an IP address to the device as a whole, you must assign an IP to the Vlan1 interface. Now the switch has been assigned an IP address, and its availability can be checked with the command ping . Switches can operate both at layer 2 of the OSI network model and at layer 3 of this model. Layer 3 switches have the ability to assign IP addresses to individual ports. Layer 3 switches allow you to segment the data network into separate isolated subnets.

The following virtual server network services are implemented in the Cisco Packet Tracer software emulator.

DNS service(English: Domain Name System) is a system (database) that is capable of reporting its IP address upon request containing the domain name of a host (computer or other network device). Each computer in TCP/IP data networks has its own unique address - this is a series of numbers in the format XXX.XXX.XXX.XXX (where XXX is a number from 0 to 255). Remembering the IP address of a host is quite difficult; it is much easier to remember the symbolic name of a particular network element associated with its IP address, for example, www.mail.ru, www.rambler.ru, etc.

HTTP service(abbreviated from the English HyperText Transfer Protocol - “hypertext transfer protocol”) - an application-level protocol for data transfer (initially in the form of hypertext documents). The basis of HTTP is the client-server technology, that is, it assumes the existence of consumers (clients) who initiate a connection and send a request, and providers (servers) who wait for a connection to receive a request, perform the necessary actions and return a message with the result.

The main object of manipulation in HTTP is the resource pointed to by the URI (Uniform Resource Identifier) ​​in the client request. Typically these resources are files stored on the server, but they can be logical or abstract objects. A feature of the HTTP protocol is the ability to specify in the request and response the way the same resource is represented according to various parameters: format, encoding, language, etc. It is thanks to the ability to specify how a message is encoded that the client and server can exchange binary data, although this protocol is text-based. The default HTTP protocol is implemented on TCP port 80; if necessary, the port number can be changed.

HTTPS service(HyperText Transfer Protocol Secure) is an extension of the HTTP protocol that supports encryption. Data transmitted via the HTTPS protocol is “packed” into the SSL or TLS cryptographic protocol, thereby ensuring data protection. Unlike HTTP, HTTPS uses TCP port 443 by default.

Email(English email, e-mail, from English electronic mail) - technology and the services it provides for sending and receiving electronic messages over a distributed (including global) computer network. The SMTP protocol (TCP port 25) is used to send mail from users to servers and between servers for further forwarding to the recipient. To receive mail, the mail client uses the POP3 (TCP port 110) or IMAP (TCP port 143) protocol.

FTP service(File Transfer Protocol) is a protocol designed for transferring files over data networks. The FTP protocol allows you to connect to FTP servers, view directory contents, and download files from or to a server; In addition, a file transfer mode between servers is possible.

Let's look at the features of configuring these network services in the Cisco Packet Tracer software emulator.

Let's configure the DNS server on the Server0 server. To do this, go to the “Config” tab, select the “Services” ® “DNS” tab in the left panel. Next, select the record type “A Record”, enter the name (symbolic address) of the host in the “Name” field, enter the IP address of the host in the “Address” field and click the “Add” button. The entry will be added to the table (Fig. 2.4).

If necessary, table entries can be edited and deleted. To do this, you need to select the corresponding table entry, make the necessary changes and click the “Save” button to save the changes or the “Remove” button to delete a row from the table.

Rice. 2.4. DNS server setup interface

After setting up the DNS server in the computer configuration, in the “DNS Server” field, you must enter the IP address assigned to Server0.

Let's configure the HTTP service in the same way. On the Server0 server, you need to go to the “Config” tab, select the “Services” ® “HTTP” tab in the left panel, enable “HTTP”.

The text field shows the HTML code of the page that will be displayed in the browser. The page code can be changed using HTTP tags. Figure 2.5 shows the modified HTML code for the index.html page. Here the "Cisco Packet Tracer" text color and title text have been changed.

Rice. 2.5. Setting up an HTTP server

To check the functionality of the DNS server and HTTP server, you need to launch “Web Browser” in the “Desktop” tab of your computer and enter the host name in the address bar. If configured correctly, an HTML page will open (Fig. 2.6).

Rice. 2.6. Web browser emulation window

Let's configure a mail server on Server0. To do this, go to the “Config” tab, select the “Services” ® “EMAIL” tab in the left panel. Enable "SMTP Service" and "POP3 Service". Enter the domain name and click the “Set” button. Add users (Fig. 2.7).

Rice. 2.7. Setting up a mail server

After setting up the server, you need to set up an email client on your PC. In the “Desktop” tab, select “E Mail”. The mail client configuration window will open. Subsequently, it can be called by clicking the “Configure Mail” button in the client window.

In the mail client configuration window, in the “User Information” block, enter the name of the author of the letters and the mailing address of the form user_name@domain_name, in the “Server Information” block the symbolic name or IP address of the mail server is indicated, in the “Logon Information” block the username and password of the user registered on the mail server are indicated (Fig. 2.8). After this, click the “Save” button, which will open the “Mail Browser” - the main window of the mail client.

Rice. 2.8. Setting up an email client

To write a letter, click the “Compose” button, fill in the text fields and send the letter (Fig. 2.9).

Rice. 2.9. Sending an email

To check whether the letter has arrived to the recipient, you need to go to the mail client on the recipient’s PC and click the “Receive” button. We will see if there are letters for this recipient. The text field below the list of incoming letters displays the contents of the selected letter (Fig. 2.10).

To respond to one of the driving letters, you need to select it and click the “Reply” button.

Rice. 2.10. Received email

Let's set up an FTP service on Server0. To do this, go to the “Config” tab, select the “Services” ® “FTP” tab in the left panel. Enable "FTP Service". Add a user to access the FTP resource. To do this, you need to enter the user name and password in the “UserName” and “Password” fields, assign access rights (Write, Read, Delete, Rename, List) and click the “+” button to add (Fig. 2.11). The File table contains a list of files available to users.

Rice . 2.11. Setting up an FTP server

To log into the FTP server, you need to enter the command in the command line of one of the PCs ftp hostname(symbolic name or IP address). We will be prompted for a username. If you entered a username registered on the FTP server, you will be prompted for a password. If the password is entered correctly, then we are connected (Fig. 2.12).

Rice. 2.12. Connecting to an FTP server

Using the command dir You can view a list of files that are stored on the server. You can also download a file from the server using the command get file name. Team put file name allows you to upload a file to an FTP server.

Laboratory assignment:

1. In the Cisco Packet Tracer software emulator, assemble a network model according to the diagram shown in Fig. 2.1;

2. Configure devices via terminal connection from PC1 according to the options;

3. Connect to the router via telnet protocol.

4. Configure network services DNS, HTTP, EMAIL, FTP.

5. Check the availability of network nodes using the utility ping .

6. Check the operation of the installed server services.

Task options:

			Hostname
	NetA	NetB
1	172.16.1.x/24	172.16.2.x/24	myHost.ru
2	192.168.1.x/28	192.168.2.x/30	Cisco.lab
3	172.12.1.x/24	172.12.2.x/24	MySecondLab
4	192.168.1.x/24	172.12.1.x/24	Lab2.ib
5	192.168.1.x/28	192.168.5.x/24	Ib4.astu
6	192.168.1.x/24	192.168.21.x/28	Host.name

Control questions:

1. General information about the Cisco product line.

2. The concept of a switch. What layer of the OSI model does the switch operate at?

3. The concept of a router. What layer of the OSI model does the router operate at?

4. The concept of a gateway, firewall.

5. DNS service, types of DNS records.

6. HTTP service, general concepts.

7. The concept of email, SMTP, POP3 and IMAP protocols.

8. FTP file exchange protocol, basic concepts and FTP commands.

9. Telnet protocol, basic concepts.

Laboratory work No. 3

Gns3 is a graphical network simulator that allows you to simulate complex networks.

To provide full simulation, gns3 is closely linked to:

* Dynamips, a program core that allows you to emulate Cisco IOS.
* Dynagen, a text interface for Dynamips.
* PEM?, a Cisco PIX firewall emulator based on Qemu.

Gns3 is an excellent complementary Cisco lab implementation tool for network engineers, administrators, and people seeking CCNA, CCNP, CCIP, and CCIE certification.

It can also be used to experiment with Cisco IOS or to test settings that should be deployed later on real routers.

It is an open source project, a free program that can be used on many operating systems, including Linux, MacOS X and Windows.

You can get GNS3 by going to the download page www.gns3.net/download
or so sudo aptitude install gns3 (for example).

When you first launch the program, a setup window will appear, consisting of two steps.

The first step, as you can see, will help you select a language (Russian is supported) and configure directories.
The second one is to fill in IOS (ru.wikipedia.org/wiki/IOS). You can find it on tor****sru.
I recommend using IOS 7200 series because... GNS is not buggy with it.
After setting up, testing and other amenities, you can begin to get acquainted with GNS3 itself
Simply drag and drop the picture with the router onto the work surface

Add interfaces to the router by double-clicking on it (PA-GE is gigabit ethernet)

After adding interfaces, routers can be connected to each other by clicking on

By entering the command in the console as in the picture and pressing enter, the red circles will turn green. You can not enter anything in the console, but press the play button in the menu, the result is the same.

Finally, after playing around with GNS3 you can start creating a computer-based router
To do this, the computer must have >1 network card.
If there is only one, then you can configure a loopback
for Windows Start->Control Panel->Install new hardware…
for Linux you don’t need to do anything GNS sees it that way (at least for me)

To link the real computer interface to the router interface, “clouds” are used
we drag them in the same way as we dragged routers and bind interfaces to them using the settings window (by double-clicking on the cloud).

Each interface has a cloud.

Having assembled the diagram, you can begin setting up the router and deploying the network.

The performance of such a network directly depends on the performance of the computer that pretends to be a router.

About performance:
The performance of a Windows system, all other things being equal, is less than that of Linux (FreeBSD, Solaris ...), but for home and Windows it will do.

A way to reduce processor load.

1. Right-click and select IDLE PC from the context menu.
2. After processing, a pop-up window will appear.
3. Select the result.

copy-paste: habrahabr.ru/blogs/cisconetworks/74305

3 Today there are three Cisco equipment emulators: VIRL, GNS3 and UNetLab. Let's go over their functionality to compare their advantages and disadvantages.

Original article: Comparison of UNetLab with VIRL and GNS3

Legality

GNS3 and UNetLab require you to obtain Cisco IOS yourself. This gray scheme may violate Cisco IOS terms of use, which keeps some users away from GNS3 or UNetLab. For its part, Cisco VIRL is licensed to use Cisco IOS and already comes with some IOS images inside. Let's give VIRL one flag.

Serial interface support

The first thing that stands out is the support for Serial interfaces. VIRL does not support Serial interfaces, but it may be an option in future releases. GNS3 and UNetLab have support for Serial interfaces. Therefore, GNS3 and UNetLab each receive one flag.

Support for additional Cisco equipment.

VIRL only supports IOS-XR, IOS XE, NX-OS, and classic IOS (vIOS-L2 and vIOS-L3) from Cisco. It is also possible to upload an ASAv image to VIRL.
GNS3 supports classic IOS (Dynamips), and through integration with QEMU it is possible to use Cisco VIRL images, Cisco ASAv, XRv.

However, for GNS under Windows, various troubles await you, for example, when you launch the vIOS-L2/L3 image (GNS already has a ready-made template for it), you will be surprised to find that if in the settings you specify the number of interfaces more than 8, the image will not start.
In addition, QEMU under Windows is limited to 2Gb RAM. This leads to problems running images such as Cisco XRv and Cisco CSR1000v. For example CSR1000v requires 3G RAM. You can try to set it less, but all interfaces will be in the DOWN state. The number of links in QEMU GNS is also limited to 16, i.e. this is the maximum number of connections to one QEMU device. More information can be found on the UNL developers website in the section Differences between current UNetLab and GNS3 1.3.3

Cisco IOL/IOU images also require a separate virtual machine to run.

In turn, UNetLab supports the widest range of both Cisco equipment and equipment from other vendors. You can run Cisco IOL images, images from VIRL (vIOS-L2 and vIOS-L3), Cisco ASA Firewall, Cisco IPS, XRv and CSR1000v images, dynamips images from GNS, Cisco vWLC and vWSA images,

Here we will give the flag to UNetLab

Support for other vendors.

There are several vendors whose equipment can be integrated into the GNS3 environment. But GNS3 does not advertise integration with anyone, although having an interface for interacting with QEMU, it is theoretically possible to implement Nested Virtualization and run images provided by vendors for working under VmWare. In practice, you may encounter difficulties or significant limitations in integrating this or that equipment into GNS3. For example, the Arista EOS switch in GNS3 for Windows is limited to only 8 interfaces, although the image itself supports 25.

However, when compared with UNetLab, the latter has the widest official support - Juniper, Extreme, Fortinet, HP, Checkpoint, Palo Alto, Arista, Alcatel, Citrix, MS Windows.

VIRL also does not advertise integrations with anyone, although this may be possible, for example support for Arista vEOS, Fortinet FortiGate, Juniper, Palo Alto, Windows. .

Out-of-band management (OOB Access)

Both VIRL and GNS3 and UNetLab support OOB access to the CLI. However, in UNetLab, you do not necessarily need to be on the same PC that is running the VM. You can run VM UNetLab on one PC or on ESXi, and your favorite Putty or SecureCRT terminal on any remote client - from home, from a hotel - from anywhere. Everyone gets the checkbox.

Preload configurations.

This is something that GNS3 cannot do. This is what VIRL, a function of AutoNetKit, can do. UNetLab can do this partially, only for IOL and Dynamips images. That's why VIRL earns its flag.

Multi-user functionality (Multi User).

Starting with version UNetLab 0.9.54, multi-user functionality has appeared. On the same VM, authorized users can create their own stands independently, as well as collaborate on a common stand shared by multiple users at the same time. In this case, users launch nodes of a common stand also independently of each other. This mode is ideal for training.

Such functionality is not supported in either GNS3 or Cisco VIRL. UNetLab takes the flag for itself

Price

Cisco VIRL costs almost $200 for the Personal Edition. Subscription is annual. But even after purchasing a license, you are still limited to 15 Cisco devices. By the way, it should be noted that images from other vendors can be launched without restrictions. GNS3 and UNetLab are free products. You can make a voluntary donation for product development if you wish. In addition, by making a donation to UNetLab you will also receive full support for installing and using the product from the developers, access to the latest versions and priority development of feature requests. But nevertheless, only GNS3 and UNetLab receive a flag.

Conclusion:

In conclusion, I would like to draw attention to some features of UnetLab compared to GNS:

1. The GUI in UNetLab is provided via a Web interface, while in GNS you need to install the client
2. The GUI in UNetLab supports adding your own topology images with active links to running devices. In GNS there is practically no such support (except for the background between the background and device images - but it looks very clumsy).
3. UNetLab has no RAM memory limit for QEMU. In GNS Windows you are limited to 2Gb
4. In UNetLab there is no limit on the number of links between devices. In GNS3 you are limited to 16 links in QEMU
5. In UNetLab, all devices run within one VM. In GNS3 you need a separate VM to run IOL images
6. Several users can work in VM UNetLab simultaneously. GNS3 is strictly a single-user system.

Let's summarize: In terms of ease of use, functionality, and hardware support, the victory today goes to UNetLab.