So today I'll be installing quagga in centos, and turning that centos vm into an IOS-like router.
After that, the goal is to test said faux Cisco router in GNS3 with some 7200 images. It's actually a pretty cool little concept, even if the source code looks like it hasn't been updated in a couple years. The concept? Take a Linux machine, slap a shell on it similar to Cisco IOS and use said Linux machine as a router. So, let's freaking do it!! I'll be using Centos 7, because I love Red Hat. First things first, let's install centos (minimal install here, you can have a GUI if you want one), and update it.
I used the basic settings for RHEL 64bit in Virtualbox, disabled the USB and audio controllers, and enabled Serial Port but left it disconnected for now. I bolded the 'enabled serial port' because, that will be important later.
Now let's power this sucker on and boot from centos 7 minimal install. You can pretty much next->next->finish the install, however DO make sure you go into Network & Hostname section to enable your network adapter and set a hostname.
Before install Quagga and getting into the configuration, let's update our system and enable console access over the Serial port.
Enable Serial Port
1) Add highlighted line to /etc/sysconfig/grub (net.ifnames=0 gives you legacy interface names, ie eth0)
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet net.ifnames=0 console=ttyS0"
2) Run the following
stty -F /dev/ttyS0 speed 9600
grub2-mkconfig -o /boot/grub2/grub.cfg
systemctl start getty@ttyS0
systemctl enable getty@ttyS0
Install Quagga, configure selinux, and get base settings in place
1) Install quagga
yum install quagga -y
cd /etc/quagga/
2) Copy basic conf files for OSPF and BGP into /etc/quagga/
cd /etc/quagga/
cp /usr/share/doc/quagga-0.99.22.4/ospfd.conf.sample .
cp /usr/share/doc/quagga-0.99.22.4/bgpd.conf.sample .
mv ospfd.conf.sample ospfd.conf
mv bgpd.conf.sample bgpd.conf
3) Change owner and set proper permissions on ospfd.conf and bgp.conf
chown quagga:quagga bgpd.conf
chown quagga:quagga ospfd.conf
chmod 640 bgpd.conf
chmod 640 ospfd.conf
4) Configure selinux to allow zebra to write to config files
setsebool -P zebra_write_config 1
5) Enable IP Forwarding (otherwise we'll just drop transit traffic)
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
6) Make sure firewalld/iptables is disabled
[root@cent-router ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@cent-router ~]# systemctl status firewalld
* firewalld.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
We can explore enabling firewall features in the future, but for now... we just want to route. Luckily the minimal install doesn't include either firewalld or iptables. If firewalld is running issue the following:
systemctl stop firewalld
systemctl disable firewalld
7) Enable Zebra, OSPF, and BGP on boot and start services.
systemctl enable zebra.service
systemctl enable ospfd.service
systemctl enable bgpd.service
systemctl start zebra.service
systemctl start ospfd.service
systemctl start bgpd.service
8) Finally, test IOS-like shell.
[root@cent-router ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
cent-router# show run
Building configuration...
Current configuration:
!
hostname cent-router
hostname ospfd
log stdout
hostname bgpd
!
password zebra
!
interface enp0s3
ipv6 nd suppress-ra
!
interface lo
!
router bgp 7675
bgp router-id 172.16.255.110
!
line vty
!
end
cent-router# conf t
cent-router(config)#
Beautiful!! Now we can shut this bad boy down, make (1) minor tweak and import it into virtualbox as a linked clone. This tweak is just marking network adapter 1 as "Not Attached", since we're relying on GNS3 to build these connections for us.
Last but not least, import this VM into GNS3.
Video Demo, Coming Soon...
This comment has been removed by the author.
ReplyDeleteShort joke about quagga: "watchguagga core.." :)
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteAt the point when asked for the secret word, offer the standard accreditations. You may need to counsel with your switch's handbook for the assembling unit arrangement settings. ws-c3750x-48p-s
ReplyDelete