MIMIC IOS Simulator Guide

  1. Table of Contents
  2. Overview
  3. Cisco's Network Management System (NMS) software such as Cisco DSL Manager (CDM), Service Connection Manager (SCM) and Cisco Network Order Manager (CNOM) use SNMP and/or the IOS (Internetwork Operating System) command line interface (CLI) to communicate with and manage Cisco devices. MIMIC supports both SNMP and IOS CLI simulation to enable a realistic simulation for any management application that uses the IOS CLI.

  4. Implementation
  5. The easiest way of implementing a new IOS simulation is to use the CLI Wizard to record a session between a management application and a device running IOS. The resulting "basic" simulation will give verbatim responses to requests that were captured in the recording. For example, the show clock would return the same response regardless of the time of day.

    For more advanced simulations, with dynamic responses, you need to write Telnet rules with Tcl scripts. The MIMIC Virtual Lab implements such advanced simulations. They can be loaded into MIMIC with the Update Wizard.

  6. Installation
  7. A specific MIMIC licensing option, the IOS license, allows access to the protocol modules required to simulate a Cisco IOS entity. They are currently

    Protocol module installation is required prior to first-time use of the IOS features. This consists in copying the dynamic library from the bin/dynamic/optional directory to the bin/dynamic directory. Please consult the Installation section of each of the Protocol Module Guides for details.

    The protocol-specific modules for Telnet and/or TFTP can be enabled for an agent simulation via check boxes found on the Advanced tab of the Edit->Configure dialog.

  8. IOS Explorer
  9. Overview

    IOS Explorer (iosdisc) is a stand-alone utility of the CLI Wizard functionality to automatically discover IOS commands supported by Cisco devices. This utility works in conjunction with IOS Recorder to create an IOS simulation. Instead of requiring a third party NMS application to issue IOS commands, iosdisc discovers the IOS commands on the device dynamically, which are recorded by the IOS Recorder.

    The protocol capture needs to be launched prior to initiating the discovery process to capture maximum traffic, as documented below.

    Auto discover commands

    The user has the ability to either completely discover the device by specifying no commands to be included and no commands to be excluded. In the first dialog you can restrict the discovery by specifying the commands to be included and commands to be excluded. Approriately only included commands will be discovered and excluded commands will be ignored.

    Issue discovered commands

    Once the IOS commands are discovered, this dialog allows the commands to be issued after editing them by providing required arguments. The checklist shows all the commands with a checkbox indicating the command to be issued. Commands in red indicate they were excluded from the discovery process. The argument of the command appear as a leaf in the tree. When selected it allows the user to add the arguments through the graphical interface, which becomes the issued command. All the checked commands will be issued to the device when you click on the Finish button.

    IOS Explorer can be invoked with following command line options:

    • --address ip-address
      mandatory command line argument to specify the device supporting IOS commands and a telnet session.

    • --out filename
      mandatory command line argument to specify the output file where the rules are to be stored. This file will be written under the scripts/telnet directory.

    • --password password
      mandatory command line argument to specify the password to be used by the user to login to the device.

    • [--port port-number]
      optional argument if the IOS device uses a non standard port.

    • [--username user-name]
      optional command line argument to specify the user initiating a telnet session to the device.

    • [--exclude cmd-list]
      optional argument to specify the commands to be excluded from the discovery process.

    • [--include cmd-list]
      optional argument to indicate the IOS commands to be discovered if the user chooses partial discovery of the device.

    • [--loginprompt prompt]
      [--passwordprompt prompt]
      optional arguments to indicate the login and password prompt patterns. IOS Explorer uses patterns like the login prompt ("Username: ") and password prompt ("Password: ") to construct the connection welcome message.

    • [--timeout time]
      optional argument to specify timeout to wait for response from device in seconds.

    • [--depth level]
      optional argument to specify the maximum command level to discover. For example, if show ip is the command to be discovered, all subcommands of show ip will be traversed. If a depth level of 2 is specified, only the show ip command is shown.

    • [--notemplate]
      optional argument to disable template rules lookup. The templates are for well-known commands like exit.

    • [--template filename]
      optional argument to specify a different template file from the default.

    • [--norepeat]
      optional argument to ignore repeated requests. The captured data might contain some request more than once. The response for those duplicate request might change for every invocation, those responses are stored in a mtcl file and sent to the user in the order they were captured. This enables the user to simulate play back mode. This feature is disabled using the --norepeat option, in which case only the first response is used.

    • [--device type]
      optional argument to indicate a different type of CLI. The default is cisco, but currently we also know about juniper and riverstone type devices.

    • [--noredirect symbol]
      optional argument to ignore output redirect commands with the specified symbol.

  10. IOS Recorder
  11. The IOS Recorder (iosrec) is a stand-alone utility to record Cisco IOS sessions and create basic IOS simulations.

    The IOS Recorder uses tshark (version 1.10 or newer) (this used to be tethereal) to record one or more sessions between a management application (or telnet client) and an IOS device.

    The tshark package needs to be installed and the config/iosrec.cfg file needs to point to the directory path of the installed tethereal / tshark program.

    Here is a sample config/iosrec.cfg configuration file:

    # iosrec configuration file.
    tethereal_path = /usr/local/bin
    #network_latency = 20
    #login_failure_msg = % Login invalid
    #login_prompt = Username: 
    #passwd_prompt = Password:
    #rule_template = library.rul

    Although live recording of IOS transactions will be part of IOS Recorder in the future, the initial version of IOS Recorder depends on third party packet capture tools (e.g. ethereal, tethereal, snoop, tcpdump, Sniffer) for data acquisition. The captured live traffic protocol data is dumped by the packet capture tool into a binary file that needs to be fed to the IOS Recorder (with the --in command line option).

    The IOS Recorder identifies connect events, requests and responses by looking at certain sequences of patterns in the captured data. (Technically, iosrec uses the TCP flags, the login prompt, password prompt, login failure message as patterns.)

    Since it uses sequences of patterns to identify commands and create the rules for the IOS Simulator, it is highly recommended to start iosrec before starting a telnet session to the device, ie. one should not record in the middle of a session, eg. after you get login prompt or password prompt, or after typing half of a request.

    The IOS Recorder supports the following command line options:

    • --server server-address

      mandatory command line argument to filter the captured data from the specified IOS server.

    • [--client client-address]

      optional argument that will enable the user to generate rules from the traffic between two nodes (if the captured data has traffic from multiple client systems).

    • [--port server-port]

      should be used if the IOS server uses a non standard port.

    • --out rulesdb

      mandatory command line option that specifies the rule file name. The rule file will be stored in the scripts/telnet directory.

    • --in capture-file

    • [--norepeat]
      The captured data might contain some request more than once. The response for those duplicate request might change for every invocation, those responses are stored in a mtcl file and sent to the user in the order they were captured. This enables the user to simulate play back mode. This feature is disabled using the --norepeat option, in which case only the first response is used.

    • [--append]

      this option enables incremental rule file creation, ie. the new rules are appended to the existing rule file. If --append option is used along with --norepeat option, the norepeat option will be appiled only to the newly generated rules.

    • [--template template-file]

      The template library file contains custom rules, which if they match the command will be placed in the rules file, ignoring the response seen by the recorder. This allows to create advanced rules for common IOS commands. This option overrides the default template library file scripts/telnet/library.rul.

    • [--notemplate]

      disables lookup in the template library.

    • [--exclude request]*
      to exclude specific request(s)

    • [--delay]
      to calculate the delay between request and response. The difference between the response and request includes the network latency. To account only for the command latency, you can set the network_latency configuration variable in config/iosrec.cfg to eliminate the network delay. The unit is milliseconds.
    • [--loginprompt prompt]

      IOS Recorder uses patterns like the login prompt ("Username: "), password prompt ("Password: ") and login failure message ("Login incorrect") to construct the connection welcome message. These default values can be overriden by setting the login_prompt, passwd_prompt and login_failure_msg configurables in config/iosrec.cfg respectively, or by this and the following two command line options.

    • [--passwordprompt prompt]

      Set the password prompt.

    • [--loginfailuremsg msg]

      Set the login failure message.

    • [--resolvename]
      if name resolution is enabled the server and client address can be host names.

    "Cisco" and "IOS" are registered trademarks of Cisco Systems Inc.