To create an executable file from my python script I’ve used cx_Freeze.
Just simply run from cmd:
python -m pip install cx_Freeze --upgrade
Create a new file with the following content:
import sys from cx_Freeze import setup, Executable base = None if sys.platform == "win32": base = "Win32GUI" setup(name="ITergo - Traceroute Interpreter", version="0.1", description="Traceroute Interpreter", executables=[Executable("main.py", base=base)] )
Now you can start the conversion:
python setup.py build
And it’s done.
Do not forget that cx_Freeze will not copy the files that your code uses (I/O).
By default the Cisco ASR1002 Chassis contains the following:
- Cisco ASR1002 Route Processor
- Cisco ASR 1002 SIP
- Cisco ASR SPA
The Embedded Services Processor (ESP) and power supplies are not contained in the Chassis, it can be installed as you can see the above picture.
The flash + nvram is in the Route Processor, so replacing the ESP will not make the router lose it’s IOS / startup configuration.
You can see the actual hardware element in:
(also show module in switches)
Router1#sho inv NAME: "CISCO3925-CHASSIS", DESCR: "CISCO3925-CHASSIS" PID: CISCO3925-CHASSIS , VID: V02, SN: ********* NAME: "Cisco Services Performance Engine 200 for Cisco 3900 ISR on Slot 0", DESCR: "Cisco Services Performance Engine 200 for Cisco 3900 ISR" PID: C3900-SPE200/K9 , VID: V05 , SN: ********* NAME: "C3900 AC Power Supply 1", DESCR: "C3900 AC Power Supply 1" PID: PWR-3900-AC , VID: V04 , SN: *********
But in cases like above you can be deceived. This router uses a Service Performance Engine and have an additional port. If you check show version you can see the difference:
Router1#sho ver Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.3(3)M4, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Wed 24-Sep-14 04:05 by prod_rel_team
Good to know: Combo ports
In the previous case we have a Cisco 3925 which has combo ports (copper/sfp).
In case the fiber is in use an SFP module is going to be visible in the “show inventory” section! If you use copper the SFP module will “hide”.
Base SX: Multimode fiber which uses a longer wavelength of light and can be used on shorter distances (100 to 500 meters). Cheaper than LX.
Base LX: Singlemode fiber which uses a narrower wavelength and able to transmit on much longer distances ( 2km, 10km, 40km, 60km, 80km, 120km).
GBIC vs SFP
GBIC is a hot-swappable Gigabit Interface optical module. SFP is the newer version of GBIC which was necessary because GBIC was too big in physical size.
GBIC uses SC connector while SFP uses LC connector. (Details)
The same kind of GBIC is equal in performance with SFP.
SFP vs SFP+ vs XFP
FastEthernet SFP modules
|Cisco 100M Ethernet SFP||Part Number||Description|
|Cisco 100BASE-FX SFP||GLC-FE-100FX||Operates on ordinary multimode fiber-optic (MMF) link spans up to 2 kilometers long. For 100Mbps Ethernet ports|
|GLC-GE-100FX||Operates on ordinary multimode fiber-optic (MMF) link spans up to 2 kilometers long. For Gigabit Ethernet ports|
|Cisco 100BASE-LX10 SFP||GLC-FE-100LX||Operates on ordinary single-mode fiber-optic (SMF) link spans up to 10 kilometers long.|
|Cisco 100BASE-BX10 SFP||GLC-FE-100BX-D GLC-FE-100BX-U||Operates on ordinary SMF single-strand link spans up to 10 kilometers long.|
|Cisco 100BASE-EX SFP||GLC-FE-100EX||Operates on ordinary single-mode fiber-optic (SMF) link spans up to 40 kilometers long.|
|Cisco 100BASE-ZX SFP||GLC-FE-100ZX||Operates on ordinary single-mode fiber-optic (SMF) link spans up to 80 kilometers long.|
GigabitEthernet SFP modules
|Cisco Gigabit Ethernet SFP||Part Number||Description|
|Cisco 1000BASE-SX SFP||GLC-SX-MM1 SFP-GE-S2||Operates on 50 μm multimode fiber links up to 550 m and on 62.5 μm FDDI-grade multimode fibers up to 220 m.|
|Cisco 1000BASE-LX/LH SFP||GLC-LH-SM1 SFP-GE-L2||Operates on standard single-mode fiber-optic link spans of up to 10 km and up to 550 m on any multimode fibers.|
|Cisco 1000BASE-ZX SFP||GLC-ZX-SM1 SFP-GE-Z2||Operates on standard single-mode fiber-optic link spans of up to approximately 70 km in length.|
|Cisco 1000BASE-BX10-D & 1000BASE-BX10-U SFP||GLC-BX-D2 GLC-BX-U2||Operates on a single strand of standard single-mode fiber. A 1000BASE-BX10-D device is always connected to a 1000BASE-BX10-U device with a single strand of standard single-mode fiber with an operating transmission range up to 10 km.|
|Cisco 1000BASE-T SFP||GLC-T SFP-GE-T3||1000BASE-T SFP Transceiver Module for Category 5 copper wire.|
- Voice Interface Card (VIC)
- WAN Interface Card (WIC)
- High-speed WIC (HWIC)
- Enhanced High-speed WIC (EHWIC)
Aggregation Services Router (ASR)
Shared Port Adapters (SPA) provide the physical interfaces for router connectivity ranging from copper, Channelized, Packet over SONET/SDH (PoS), ATM, and Ethernet.
SPA Interface Processor (SIP) provides the physical termination for the SPAs and accepts up to four half-height and two full-height Cisco SPAs.
1: SPA subslot 0
2: SPA subslot 1
3: SPA subslot 2
6: SPA subslot 3
More details >> here <<.
An example sho inv output:
NAME: "Chassis", DESCR: "Cisco ASR1004 Chassis" PID: ASR1004 , VID: V03, SN: ********** NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40" PID: ASR1000-SIP40 , VID: V02, SN: ********** <<< SIP NAME: "SPA subslot 0/0", DESCR: "1-port 10 Gigabit Ethernet Shared Port Adapter XFP based" PID: SPA-1X10GE-L-V2 , VID: V04, SN: ********** <<< SPA NAME: "subslot 0/0 transceiver 0", DESCR: "10GBASE-SR/SW" PID: XFP-10G-MM-SR , VID: 15 , SN: ********** <<< XFP NAME: "SPA subslot 0/1", DESCR: "1-port 10 Gigabit Ethernet Shared Port Adapter XFP based" PID: SPA-1X10GE-L-V2 , VID: V04, SN: ********** NAME: "subslot 0/1 transceiver 0", DESCR: "OC192 + 10GBASE-L" PID: XFP-10GLR-OC192SR , VID: 00 , SN: ********** ---------------------------------------------------------------------------- Interfaces Te0/0/0 Te0/1/0 Gi0
Note that the Transceiver numbering starts from the first physical interface!
Configuring FTP server
In this example the FTP server is operated by FileZilla.
Edit –> Users: Create a user with a password
Add a directory that you would like to use for file share:
Configuring Cisco device:
ip ftp source-interface Fa0/0 ip ftp username cisco ip ftp password cisco
After these preparations you can start downloading:
copy ftp://10.0.0.1/file.bin flash:
You can verify the transfer by using hashing:
verity /md5 flash:file.bin
Ways of using IPsec
- Crypto ACL
The traffic that match the ACL will be secured by IPsec.
- Virtual Tunnel Interface (VTI)
The traffic routed through the VTI will be secured by IPsec.
Main configuration steps
- IKE Phase 1 policy
- authentication (pre-shared)
- encryption (des, 3des, aes)
- hash (md5, sha)
- Transform Set
- ah ( md5/sha, hmac)
- esp (3des/aes/des/md5-hmac/sha-hmac)
- IPsec Profile
- set transform set
- IPv4 IPsec mode
- IP or Unnembered
- Source / Destination
- Apply IPsec Profile (above)
R1(config)#crypto keyring MYRING R1(conf-keyring)#pre-shared-key address 10.0.0.2 key cisco R1(config)#crypto ipsec transform-set P2P-SET esp-aes 256 esp-sha-hmac R1(config)#crypto ipsec profile P2P-PROFILE R1(ipsec-profile)#set transform-set P2P-SET R1(config)#int tunnel 1 R1(config-if)#tunnel mode ipsec ipv4 R1(config-if)#ip unnumbered loopback 0 R1(config-if)#tunnel source fa0/0 R1(config-if)#tunnel destination 10.0.0.2 R1(config-if)#tunnel protection ipsec profile P2P-PROFILE
crypto keyring MYRING
pre-shared-key address 10.0.0.2 key cisco
You must choose how should IKE Phase 1 authenticate: pre-shared key / certificate
crypto ipsec transform-set P2P-SET esp-aes 256 esp-sha-hmac
The transform set named P2P-SET is using ESP protocol for ecapsulation and AES for encryption. This tranform set also using ESP protocol and SHA for authentication.
AH and ESP could be used within one tranform set.
After this command you arrive into (cfg-crypto-trans) config mode where you could specify whether you want to use transport or tunnel mode for AH/ESP.
crypto ipsec profile P2P-PROFILE
set transform-set P2P-SET
When this profile is applied to an interface, the interface will use that tranform-set.
After this the IKE Phase 1 is configured. Note that the IKE Phase 1 policy need to match with the other side !!
ip unnumbered loopback 0
The tunnel interface is “borrowing” the IP address of Loopback 0.
tunnel protection ipsec profile P2P-PROFILE
Implementing the IPsec configurations on the tunnel.
To get more information on a module you can find documentations on the internet but python can also help you:
tamvarga@DHUB4432 ~/python-study $ python Python 2.7.12 (default, Oct 10 2016, 12:56:26) [GCC 5.4.0] on cygwin Type "help", "copyright", "credits" or "license" for more information. >>> import pexpect >>> help(pexpect) Help on package pexpect: NAME pexpect FILE /usr/lib/python2.7/site-packages/pexpect/__init__.py DESCRIPTION Pexpect is a Python module for spawning child applications and controlling them automatically. Pexpect can be used for automating interactive applications such as ssh, ftp, passwd, telnet, etc. It can be used to a automate setup scripts for duplicating software package installations on different servers. It can be used for automated software testing. Pexpect is in the spirit of Don Libes' Expect, but Pexpect is pure Python. Other Expect-like modules for Python require TCL and Expect or require C extensions to be compiled. Pexpect does not use C, Expect, or TCL extensions. It should work on any platform that supports the standard Python pty module. The Pexpect interface focuses on ease of use so that simple tasks are easy. There are two main interfaces to the Pexpect system; these are the function, run() and the class, spawn. The spawn class is more powerful. The run() function is simpler than spawn, and is good for quickly calling program. When you call the run() function it executes a given program and then returns the output. This is a handy replacement for os.system(). ... ... ...
You can also check the available functions of a specific (already imported) module:
>>> dir(pexpect) ['EOF', 'ExceptionPexpect', 'PY3', 'TIMEOUT', '__all__', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '__path__', '__version__', '_cast_bytes', '_cast_unicode', 'errno', 'fcntl', 'os', 'pty', 're', 're_type', 'resource', 'run', 'searcher_re', 'searcher_string', 'select', 'signal', 'spawn', 'spawnb', 'split_command_line', 'struct', 'sys', 'termios', 'time', 'traceback', 'tty', 'types', 'version', 'version_info', 'which']