Logistics of using our cnt4504 labs.

The class will be divided into groups. Each group will have a collection of networks that they will be building and operating. The networks consist of 6 subnets and 4 routers and 4 workstations. A logical diagram of the network each group will maintain is available at http://www.cs.fiu.edu/~esj/cnt4504/network.html

The routers are "BR" (Running JunOS), "R1" (Running quagga/zebra on linux), "R2" and "R3" (both cisco 7206 routers running IOS). The workstations are ws1, ws2, and ws3 which are simple end stations running linux, and ws0 which is a workstation running linux and is also will be used for network support functions.

Accessing remotely

Each groups workstation ws0 can be accessed remotely from computers in the JCCL lab. The host name is cnt4504-ws0-gX.cis.fiu.edu (X=group number). You need to use the SSH protocol. Windows applications such as putty (available at http://www.chiark.greenend.org.uk/~sgtatham/putty/ are available in the JCCL lab machines and you can download and install at home.

To access from outside the JCCL lab or SCIS department you will first need to ssh to one of the JCCL linux servers (ocelot.aul.fiu.edu for example) and then ssh to the workstation.

When using ssh you will want to log in as root. From the command line ssh you would use 

	ssh root@cnt4504-ws0-gXX.cis.fiu.edu
Where XX is your group number.

Using the ssh protocol to talk to ws0 and then talk to the rest of your network is the prefered method. Allowing you to cut and paste data from your local system easily is just one advantage. But initially, you can not talk "in-band" (IE, via the IP protocol) directly to any station except ws0. So you will want to use the "out of band" VNC protocol which allows you to talk to WS0-WS3 and R1.

Out of band access is available on BR, R2, and R3 via telnet protocol to a specific port on the machine serving as host for all the virtual machines (cnt4504-b.cs.fiu.edu). Out of band access to ws0 - ws3 and to R1 is available via VNC to a specfic port on cnt4504-b.cs.fiu.edu.

It is always a good idea to try to have a "out-of-band" management channel to your devices. In-band is good when the network works, but out of band is very useful when the network is broken.

More information about VNC is available at http://en.wikipedia.org/wiki/VNC

For linux or windows systems I recommend the tightVNC client (available at http://www.tightvnc.com). For Mac OS 10 users I recommend Chicken of the VNC (available at http://sourceforge.net/projects/cotvnc.

VNC/"Telnet out of band" access is only allowed from SCIS systems. If you would like access from your home or office system, email me your PUBLIC ip address and I can poke a hole in the firewall for you.

Below is the data needed to access the the systems via the "out of band" methods: 


XX is group number

4XX00   - BR serial console via telnet protocol
4XX01   - R1 console via VNC protocol
4XX02   - R2 serial console via telnet protocol
4XX03   - R3 serial console via telnet protocol
4XX04   - arista switch serial console via telnet protocol
4XX10   - ws0 console via VNC protocol
4XX11   - ws1 console via VNC protocol
4XX12   - ws2 console via VNC protocol
4XX13   - ws3 console via VNC protocol
For the telnet access you would 

telnet cnt4504-b.cs.fiu.edu XXXXX			(XXXXX is port number from above)
For VNC access you would have your vnc client connect at the port XXXXX from above.

Booting and using WS0

WS0 is a workstation on net0. It uses IP address 10.XX.0.20/24 (XX is the group number) on eth0 to talk to the internal network. It also uses a real IP address on eth1 to allow it to talk to the outside world.

WS0 runs the a custom build of the CentOS 5 Linux operating system which runs in RAM off of a cd-rom. It requires no local disk. Each time you reboot the entire system reverts back to its base state. We do use a local disk /mnt/hda1 for persistent storage though. Here we will store stuff that we want to be prmanent across reboots.

In the directory /mnt/hda1 on the ws0 workstation you will find a file called rc.local. This is a shell script that is run at boot time. It basicly does the proper configs for the ethernet interfaces, copies a set of config files to the /etc directory, and starts the ssh server daemon.

You will add commands to this file to start up other network service daemons as part of the work this semester.

Configuring basics for network equipment

For every network device (router, switch, firewall, vpn concentrator, etc) you have a few basic tasks to configure it.

You also want to familiarize yourself with the appropriate commands to monitor the router

Working with Linux routers and end stations 


The linux command line networking tools:

mii-tool                        -- show link layer information for 10/100 cards
eth-tool                        -- newer command, works on some GigE and 10GigE cards
ifconfig [interface name]       -- show/set information about
arp                             -- show/set ip arp cache entries
route                           -- show/add/delete static entries to routing table
ip				-- The iproute2 master command that provides access to 
				   much the same functionality above.

Logging into the Linux/Quagga router R1

To talk to R1 when it does not have any in band IP addresses configured you will need to use a VNC client. You would connect to host cnt4504-b.cs.fiu.edu and to port 4XX01.

Logging in and Basic Interface commands on a Cisco router

To talk to the cisco routers (R2/R3) when they don't have an IP address to allow you to use ssh to login you must telnet to the "out of band" address and port (telnet cnt4504-b.cs.fiu.edu 4XX02 or 4XX03)

When you first talk to a Cisco router (either via serial port out of band or via ssh login) you are usually in non-enabled mode. This means you can run only a small subset of "show" commands and can not view or change the configurations. The prompt will be "hostname>" where hostname is the hostname you have set for the router. To be able to change things on the Cisco router and/or see all details about it you have to go to "enable" mode. This is done with the enable command and usually a separate password. 

	hostname>enable
	Password: 
	hostname#
Note the prompt changes from > to #

To find details about an interface on a cisco router you use the "show interface" command. This lists each interface on the router and many details about them. You can also just get the data for a single interface with show interface

Another variation is the "show ip interface brief" command. This lists the interfaces and their status, as well as the ip addresses associated with them.

Logging in and Basic Interface commands on a Juniper router

To talk to the Juniper router (BR) when it doesn't have an in band IP addresses configured you must telnet to the "out of band" address and port (telnet cnt4504-b.cs.fiu.edu 4XX00)

To find details about an interface on a Juniper router you use the "show interface" command. This lists each interface on the router and many details about it.

A variation on this is "show interface terse" which lists the interfaces and their status and layer 3 information.

On our Junipers we are only interested in fxp0 and fxp1. The others are their for special tunneling and multicast functions that we will not be using.

Copying configuration files from Juniper and Cisco routers to ws0

Once you have set up IP addresses and routing on your network you may at times want or need to copy configuration files from the routers off to some other machine. You perhaps would do this to include them in a lab report. To do this you would most likely copy them off to ws0 first and then from ws0 copy them to your JCCL account on ocelot.aul.fiu.edu.

To copy from your ws0 to your ocelot.aul.fu.edu account: 

	scp /path/to/file username@ocelot.aul.fiu.edu:

You will need to copy your configuration files to/from the routers to your ws0 machine. Files copied from the routers will be placed in the /root directory on ws0. You will want to copy them from that directory to some other directory under /mnt/hda1 if you want them to survive a reboot of ws0.

To copy a config file from the juniper router (BR) to ws0 you will type from the command line on BR: 

	file copy /config/juniper.conf.gz scp://root@10.XX.0.20
This will copy the entire current configuration of the juniper router to your /root directory on your ws0. The junipers store their configurations in .gz compressed format, so to uncompress it and save to the file /mnt/hda1/username/br you would issue these commands on ws0 
	cd /mnt/hda1 
	mkdir username 
	zcat /root/juniper.conf.gz > /mnt/hda1/username/br
Obviously you would use your username instead of "username". You will want to keep any work you do yourself on ws0 in a subdirectory of /mnt/hda1. Try to keep the /mnt/hda1 directory itself clear of your personal files and only have system files at the top level. Use subdirectories for your personal files and for some system config files.

On cisco IOS systems you have two config files. The running-config and the startup-config. The running-config is just that, the configuration the router is currently running. The startup-config is the configuration stored in permanent memory that is loaded as the system boots.

We can copy the running or startup config off to a ssh server (like ws0) 

	r2#copy startup-config scp://10.XX.0.20 
	Address or name of remote host [10.XX.0.20]? just hit enter for default 
	Destination username [r2]? root
	Destination filename [r2-confg]?  just hit enter for default 
	Writing r2-confg Password: !
	753 bytes copied in 19.512 secs (39 bytes/sec) 
	r2#
This puts it in /root on ws0. Again you will want to copy to some where on /mnt/hda1 for permanent storage. You can do the same thing with the running-config as well.

For the R1 (linux/quagga) router you can copy (again using scp) the files from your /mnt/hda1/quagga directory to ws0 (once routing is set up) 


	cd /mnt/hda1/quagga 
	scp *.conf 10.XX.0.20:/mnt/hda1/username