MIMIC® Online Documentation
MIMIC IOS Simulator Guide
-
Table of Contents
-
Overview
Cisco's Network Management System (NMS) software such as Cisco DSL Manager (CDM), Service Connection Manager (SCM) and Cisco Network Order Manager (CNOM) use SNMP and/or the IOS (Internetwork Operating System) command line interface (CLI) to communicate with and manage Cisco devices. MIMIC supports both SNMP and IOS CLI simulation to enable a realistic simulation for any management application that uses the IOS CLI.
-
Implementation
The easiest way of implementing a new IOS simulation is to use the CLI Wizard to record a session between a management application and a device running IOS. The resulting "basic" simulation will give verbatim responses to requests that were captured in the recording. For example, the show clock would return the same response regardless of the time of day.
For more advanced simulations, with dynamic responses, you need to write Telnet rules with Tcl scripts. The MIMIC Virtual Lab implements such advanced simulations. They can be loaded into MIMIC with the Update Wizard.
-
Installation
A specific MIMIC licensing option, the IOS license, allows access to the protocol modules required to simulate a Cisco IOS entity. They are currently
Protocol module installation is required prior to first-time use of the IOS features. This consists in copying the dynamic library from the bin/dynamic/optional directory to the bin/dynamic directory. Please consult the Installation section of each of the Protocol Module Guides for details.
The protocol-specific modules for Telnet and/or TFTP can be enabled for an agent simulation via check boxes found on the Advanced tab of the Edit->Configure dialog.
-
IOS Explorer
Overview
IOS Explorer (iosdisc) is a stand-alone utility of the CLI Wizard functionality to automatically discover IOS commands supported by Cisco devices. This utility works in conjunction with IOS Recorder to create an IOS simulation. Instead of requiring a third party NMS application to issue IOS commands, iosdisc discovers the IOS commands on the device dynamically, which are recorded by the IOS Recorder.
The protocol capture needs to be launched prior to initiating the discovery process to capture maximum traffic, as documented below.
Auto discover commands
The user has the ability to either completely discover the device by specifying no commands to be included and no commands to be excluded. In the first dialog you can restrict the discovery by specifying the commands to be included and commands to be excluded. Approriately only included commands will be discovered and excluded commands will be ignored.
Issue discovered commands
Once the IOS commands are discovered, this dialog allows the commands to be issued after editing them by providing required arguments. The checklist shows all the commands with a checkbox indicating the command to be issued. Commands in red indicate they were excluded from the discovery process. The argument of the command appear as a leaf in the tree. When selected it allows the user to add the arguments through the graphical interface, which becomes the issued command. All the checked commands will be issued to the device when you click on the Finish button.
IOS Explorer can be invoked with following command line options:
-
--address ip-address
mandatory command line argument to specify the device supporting IOS commands and a telnet session. -
--out filename
mandatory command line argument to specify the output file where the rules are to be stored. This file will be written under the scripts/telnet directory. -
--password password
mandatory command line argument to specify the password to be used by the user to login to the device. -
[--port port-number]
-
[--username user-name]
optional command line argument to specify the user initiating a telnet session to the device. -
[--exclude cmd-list]
-
[--include cmd-list]
optional argument to indicate the IOS commands to be discovered if the user chooses partial discovery of the device. -
[--loginprompt prompt]
[--passwordprompt prompt]
optional arguments to indicate the login and password prompt patterns. IOS Explorer uses patterns like the login prompt ("Username: ") and password prompt ("Password: ") to construct the connection welcome message. -
[--timeout time]
-
[--depth level]
optional argument to specify the maximum command level to discover. For example, if show ip is the command to be discovered, all subcommands of show ip will be traversed. If a depth level of 2 is specified, only the show ip command is shown. -
[--notemplate]
optional argument to disable template rules lookup. The templates are for well-known commands like exit. -
[--template filename]
-
[--norepeat]
optional argument to ignore repeated requests. The captured data might contain some request more than once. The response for those duplicate request might change for every invocation, those responses are stored in a mtcl file and sent to the user in the order they were captured. This enables the user to simulate play back mode. This feature is disabled using the --norepeat option, in which case only the first response is used. -
[--device type]
optional argument to indicate a different type of CLI. The default is cisco, but currently we also know about juniper and riverstone type devices. -
[--noredirect symbol]
-
-
IOS Recorder
The IOS Recorder (iosrec) is a stand-alone utility to record Cisco IOS sessions and create basic IOS simulations.
The IOS Recorder uses tshark (version 1.10 or newer) (this used to be tethereal) to record one or more sessions between a management application (or telnet client) and an IOS device.
The tshark package needs to be installed and the config/iosrec.cfg file needs to point to the directory path of the installed tethereal / tshark program.
Here is a sample config/iosrec.cfg configuration file:
# iosrec configuration file. tethereal_path = /usr/local/bin #network_latency = 20 #login_failure_msg = % Login invalid #login_prompt = Username: #passwd_prompt = Password: #rule_template = library.rul
Although live recording of IOS transactions will be part of IOS Recorder in the future, the initial version of IOS Recorder depends on third party packet capture tools (e.g. ethereal, tethereal, snoop, tcpdump, Sniffer) for data acquisition. The captured live traffic protocol data is dumped by the packet capture tool into a binary file that needs to be fed to the IOS Recorder (with the --in command line option).
The IOS Recorder identifies connect events, requests and responses by looking at certain sequences of patterns in the captured data. (Technically, iosrec uses the TCP flags, the login prompt, password prompt, login failure message as patterns.)
Since it uses sequences of patterns to identify commands and create the rules for the IOS Simulator, it is highly recommended to start iosrec before starting a telnet session to the device, ie. one should not record in the middle of a session, eg. after you get login prompt or password prompt, or after typing half of a request.
The IOS Recorder supports the following command line options:
-
--server server-address
mandatory command line argument to filter the captured data from the specified IOS server. -
[--client client-address]
optional argument that will enable the user to generate rules from the traffic between two nodes (if the captured data has traffic from multiple client systems). -
[--port server-port]
-
--out rulesdb
mandatory command line option that specifies the rule file name. The rule file will be stored in the scripts/telnet directory. -
--in capture-file
-
[--norepeat]
The captured data might contain some request more than once. The response for those duplicate request might change for every invocation, those responses are stored in a mtcl file and sent to the user in the order they were captured. This enables the user to simulate play back mode. This feature is disabled using the --norepeat option, in which case only the first response is used. -
[--append]
this option enables incremental rule file creation, ie. the new rules are appended to the existing rule file. If --append option is used along with --norepeat option, the norepeat option will be appiled only to the newly generated rules. -
[--template template-file]
The template library file contains custom rules, which if they match the command will be placed in the rules file, ignoring the response seen by the recorder. This allows to create advanced rules for common IOS commands. This option overrides the default template library file scripts/telnet/library.rul. -
[--notemplate]
-
[--exclude request]*
-
[--delay]
to calculate the delay between request and response. The difference between the response and request includes the network latency. To account only for the command latency, you can set the network_latency configuration variable in config/iosrec.cfg to eliminate the network delay. The unit is milliseconds. -
[--loginprompt prompt]
IOS Recorder uses patterns like the login prompt ("Username: "), password prompt ("Password: ") and login failure message ("Login incorrect") to construct the connection welcome message. These default values can be overriden by setting the login_prompt, passwd_prompt and login_failure_msg configurables in config/iosrec.cfg respectively, or by this and the following two command line options. -
[--passwordprompt prompt]
-
[--loginfailuremsg msg]
-
[--resolvename]
-