Search

badly connected

Category

Uncategorized

Protected: ASR Licensing

This content is password protected. To view it please enter your password below:

Advertisements

Convert py to executable

To create an executable file from my python script I’ve used cx_Freeze.

Installing cx_Freeze

Just simply run from cmd:

python -m pip install cx_Freeze --upgrade

Creating setup.py

Create a new file with the following content:

import sys
from cx_Freeze import setup, Executable

base = None

if sys.platform == "win32":
	base = "Win32GUI"

setup(name="ITergo - Traceroute Interpreter",
	version="0.1",
	description="Traceroute Interpreter",
	executables=[Executable("main.py", base=base)]
	)

 

Creating executable 

Now you can start the conversion:

python setup.py build

And it’s done.
Do not forget that cx_Freeze will not copy the files that your code uses (I/O).

ASR1002 Build

By default the Cisco ASR1002 Chassis contains the following:

  • Cisco ASR1002 Route Processor
  • Cisco ASR 1002 SIP
  • Cisco ASR SPA

routers-asr-1002-router.jpg

The Embedded Services Processor (ESP) and power supplies are not contained in the Chassis, it can be installed as you can see the above picture.

The flash + nvram is in the Route Processor, so replacing the ESP will not make the router lose it’s IOS / startup configuration.

Interfaces – physical

Identify hardware

You can see the actual hardware element in:

show inventory
(also show module in switches)

Router1#sho inv
NAME: "CISCO3925-CHASSIS", DESCR: "CISCO3925-CHASSIS"
PID: CISCO3925-CHASSIS , VID: V02, SN: *********

NAME: "Cisco Services Performance Engine 200 for Cisco 3900 ISR on Slot 0", DESCR: "Cisco Services Performance Engine 200 for Cisco 3900 ISR"
PID: C3900-SPE200/K9 , VID: V05 , SN: *********

NAME: "C3900 AC Power Supply 1", DESCR: "C3900 AC Power Supply 1"
PID: PWR-3900-AC , VID: V04 , SN: *********

But in cases like above you can be deceived. This router uses a Service Performance Engine and have an additional port. If you check show version you can see the difference:

Router1#sho ver
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.3(3)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 24-Sep-14 04:05 by prod_rel_team

Be aware!

Good to know: Combo ports

In the previous case we have a Cisco 3925 which has combo ports (copper/sfp).
In case the fiber is in use an SFP module is going to be visible in the “show inventory” section! If you use copper the SFP module will “hide”.


Base SX: Multimode fiber which uses a longer wavelength of light and can be used on shorter distances (100 to 500 meters). Cheaper than LX.

Base LX: Singlemode fiber which uses a narrower wavelength and able to transmit on much longer distances ( 2km, 10km, 40km, 60km, 80km, 120km).

GBIC vs SFP

gbic-duplex-1280x9601
GBIC is a hot-swappable Gigabit Interface optical module. SFP is the newer version of GBIC which was necessary because GBIC was too big in physical size.

GBIC uses SC connector while SFP uses LC connector. (Details)
The same kind of GBIC is equal in performance with SFP.

The chase determines which one you have to use. (ie.: 3500 GBIC; 3560 SFP)

SFP vs SFP+ vs XFP

 

FastEthernet SFP modules

Cisco 100M Ethernet SFP Part Number Description
Cisco 100BASE-FX SFP GLC-FE-100FX Operates on ordinary multimode fiber-optic (MMF) link spans up to 2 kilometers long. For 100Mbps Ethernet ports
GLC-GE-100FX Operates on ordinary multimode fiber-optic (MMF) link spans up to 2 kilometers long. For Gigabit Ethernet ports
Cisco 100BASE-LX10 SFP GLC-FE-100LX Operates on ordinary single-mode fiber-optic (SMF) link spans up to 10 kilometers long.
Cisco 100BASE-BX10 SFP GLC-FE-100BX-D GLC-FE-100BX-U Operates on ordinary SMF single-strand link spans up to 10 kilometers long.
Cisco 100BASE-EX SFP GLC-FE-100EX Operates on ordinary single-mode fiber-optic (SMF) link spans up to 40 kilometers long.
Cisco 100BASE-ZX SFP GLC-FE-100ZX Operates on ordinary single-mode fiber-optic (SMF) link spans up to 80 kilometers long.

GigabitEthernet SFP modules

Cisco Gigabit Ethernet SFP Part Number Description
Cisco 1000BASE-SX SFP GLC-SX-MM1 SFP-GE-S2 Operates on 50 μm multimode fiber links up to 550 m and on 62.5 μm FDDI-grade multimode fibers up to 220 m.
Cisco 1000BASE-LX/LH SFP GLC-LH-SM1 SFP-GE-L2 Operates on standard single-mode fiber-optic link spans of up to 10 km and up to 550 m on any multimode fibers.
Cisco 1000BASE-ZX SFP GLC-ZX-SM1 SFP-GE-Z2 Operates on standard single-mode fiber-optic link spans of up to approximately 70 km in length.
Cisco 1000BASE-BX10-D & 1000BASE-BX10-U SFP GLC-BX-D2 GLC-BX-U2 Operates on a single strand of standard single-mode fiber. A 1000BASE-BX10-D device is always connected to a 1000BASE-BX10-U device with a single strand of standard single-mode fiber with an operating transmission range up to 10 km.
Cisco 1000BASE-T SFP GLC-T SFP-GE-T3 1000BASE-T SFP Transceiver Module for Category 5 copper wire.

Cisco Expansion Modules

Inteface Cards

Aggregation Services Router (ASR)

Shared Port Adapters (SPA) provide the physical interfaces for router connectivity ranging from copper, Channelized, Packet over SONET/SDH (PoS), ATM, and Ethernet.

spa
SPA

SPA Interface Processor (SIP) provides the physical termination for the SPAs and accepts up to four half-height and two full-height Cisco SPAs.

asr1000-sip40-_1600x1600
SIP

231510

1: SPA subslot 0
2: SPA subslot 1
3: SPA subslot 2
6: SPA subslot 3

More details >> here <<.

An example sho inv output:

NAME: "Chassis", DESCR: "Cisco ASR1004 Chassis"
PID: ASR1004 , VID: V03, SN: **********

NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40" 
PID: ASR1000-SIP40 , VID: V02, SN: **********   <<< SIP


NAME: "SPA subslot 0/0", DESCR: "1-port 10 Gigabit Ethernet Shared Port Adapter XFP based"
PID: SPA-1X10GE-L-V2 , VID: V04, SN: ********** <<< SPA

NAME: "subslot 0/0 transceiver 0", DESCR: "10GBASE-SR/SW"
PID: XFP-10G-MM-SR , VID: 15 , SN: ********** <<< XFP


NAME: "SPA subslot 0/1", DESCR: "1-port 10 Gigabit Ethernet Shared Port Adapter XFP based"
PID: SPA-1X10GE-L-V2 , VID: V04, SN: **********

NAME: "subslot 0/1 transceiver 0", DESCR: "OC192 + 10GBASE-L"
PID: XFP-10GLR-OC192SR , VID: 00 , SN: **********
----------------------------------------------------------------------------
Interfaces
Te0/0/0 
Te0/1/0 
Gi0

 

Numbering

Note that the Transceiver numbering starts from the first physical interface!

numbering.PNG

File transfer on Cisco devices

FTP

Configuring FTP server

In this example the FTP server is operated by FileZilla.

Edit –> Users: Create a user with a password

filezilla1

Add a directory that you would like to use for file share:

filezilla2.png

Configuring Cisco device:

ip ftp source-interface Fa0/0
ip ftp username cisco
ip ftp password cisco

After these preparations you can start downloading:

copy ftp://10.0.0.1/file.bin flash:

You can verify the transfer by using hashing:

verity /md5 flash:file.bin

 

SCP

 

Configuration of IPsec – CISCO

Ways of using IPsec

  • Crypto ACL
    The traffic that match the ACL will be secured by IPsec.
  • Virtual Tunnel Interface (VTI)
    The traffic routed through the VTI will be secured by IPsec.

 

Main configuration steps

IPsec

  • IKE Phase 1 policy
    • authentication (pre-shared)
    • encryption (des, 3des, aes)
    • hash (md5, sha)
    • lifetime
  • Transform Set
    • ah ( md5/sha, hmac)
    • esp (3des/aes/des/md5-hmac/sha-hmac)
  • IPsec Profile
    • set transform set

Tunnel Interface

  • IPv4 IPsec mode
  • IP or Unnembered
  • Source / Destination
  • Apply IPsec Profile (above)

 

R1(config)#crypto keyring MYRING
R1(conf-keyring)#pre-shared-key address 10.0.0.2 key cisco
R1(config)#crypto ipsec transform-set P2P-SET esp-aes 256 esp-sha-hmac
R1(config)#crypto ipsec profile P2P-PROFILE
R1(ipsec-profile)#set transform-set P2P-SET
R1(config)#int tunnel 1
R1(config-if)#tunnel mode ipsec ipv4
R1(config-if)#ip unnumbered loopback 0
R1(config-if)#tunnel source fa0/0
R1(config-if)#tunnel destination 10.0.0.2
R1(config-if)#tunnel protection ipsec profile P2P-PROFILE


crypto keyring MYRING
   pre-shared-key address 10.0.0.2 key cisco

You must choose how should IKE Phase 1 authenticate: pre-shared key / certificate

crypto ipsec transform-set P2P-SET esp-aes 256 esp-sha-hmac

The transform set named P2P-SET is using ESP protocol for ecapsulation and AES for encryption. This tranform set also using ESP protocol and SHA for authentication.
AH and ESP could be used within one tranform set.
After this command you arrive into (cfg-crypto-trans) config mode where you could specify whether you want to use transport or tunnel mode for AH/ESP.

crypto ipsec profile P2P-PROFILE
   set transform-set P2P-SET

When this profile is applied to an interface, the interface will use that tranform-set.

After this the IKE Phase 1 is configured. Note that the IKE Phase 1 policy need to match with the other side !!

ip unnumbered loopback 0

The tunnel interface is “borrowing” the IP address of Loopback 0.

tunnel protection ipsec profile P2P-PROFILE

Implementing the IPsec configurations on the tunnel.

 

d

d

Protected: IPSec (Internet Protocol Security)

This content is password protected. To view it please enter your password below:

Help

To get more information on a module you can find documentations on the internet but python can also help you:

tamvarga@DHUB4432 ~/python-study
$ python
Python 2.7.12 (default, Oct 10 2016, 12:56:26)
[GCC 5.4.0] on cygwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import pexpect
>>> help(pexpect)
Help on package pexpect:

NAME
 pexpect

FILE
 /usr/lib/python2.7/site-packages/pexpect/__init__.py

DESCRIPTION
 Pexpect is a Python module for spawning child applications and controlling
 them automatically. Pexpect can be used for automating interactive applications
 such as ssh, ftp, passwd, telnet, etc. It can be used to a automate setup
 scripts for duplicating software package installations on different servers. It
 can be used for automated software testing. Pexpect is in the spirit of Don
 Libes' Expect, but Pexpect is pure Python. Other Expect-like modules for Python
 require TCL and Expect or require C extensions to be compiled. Pexpect does not
 use C, Expect, or TCL extensions. It should work on any platform that supports
 the standard Python pty module. The Pexpect interface focuses on ease of use so
 that simple tasks are easy.

There are two main interfaces to the Pexpect system; these are the function,
 run() and the class, spawn. The spawn class is more powerful. The run()
 function is simpler than spawn, and is good for quickly calling program. When
 you call the run() function it executes a given program and then returns the
 output. This is a handy replacement for os.system().
...
...
...

 

You can also check the available functions of a specific (already imported) module:

>>> dir(pexpect)
['EOF', 'ExceptionPexpect', 'PY3', 'TIMEOUT', '__all__', '__builtins__',
 '__doc__', '__file__', '__name__', '__package__', '__path__', 
'__version__', '_cast_bytes', '_cast_unicode', 'errno', 'fcntl', 
'os', 'pty', 're', 're_type', 'resource', 'run', 'searcher_re', 
'searcher_string', 'select', 'signal', 'spawn', 'spawnb', 
'split_command_line', 'struct', 'sys', 'termios', 'time', 
'traceback', 'tty', 'types', 'version', 'version_info', 'which']

 

Blog at WordPress.com.

Up ↑