Lesson Contents
In your network labs, you’ll need hosts now and then to test things. This could be as simple as sending some pings (ICMP request and reply) to test routing, or you might need it to test services such as telnet, SSH, HTTP, etc.
You could use a Windows or Linux host, which can be physical or virtual, such as virtual machines (VM) or (Docker) containers. If you use an emulator, you might have to add nodes yourself, or if you are lucky, some emulators even come with different nodes that you can use, such as Cisco CML. For example:
Besides network devices, there are different nodes to choose from. Usually, these are Linux machines. For example, here is the Desktop node:
$ cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.16.2
PRETTY_NAME="Alpine Linux v3.16"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"The server node:
$ cat /etc/os-release
NAME=TinyCore
VERSION="14.0"
ID=tinycore
VERSION_ID=14.0
PRETTY_NAME="TinyCoreLinux 14.0"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:tinycore:tinycore_linux:14.0"
HOME_URL="http://tinycorelinux.net/"
SUPPORT_URL="http://forum.tinycorelinux.net/"
BUG_REPORT_URL="http://forum.tinycorelinux.net/"Or a Ubuntu node:
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammyThese work great, but you’ll need to know about Linux and understand the differences between the different Linux distributions. Configuring an IP address, DHCP client, or default gateway might be difficult if you never used Linux before. Also, if you want to install something, you’ll need to know how to use the correct package manager, and the node probably requires Internet connectivity, which might not be available in your lab.
For many lab tasks, routers are enough to use as hosts in your labs because you can do many things with them. Also, when you are on the job, it’s possible that you only have access to a router (or switch) for testing. Knowing how to use a router’s different client and server options is a valuable skill.
I prefer to use routers as servers and hosts in labs when possible. When I need something a router can’t do, such as generating a lot of traffic, I’ll use a Linux host.
In this lesson, I’ll show you how to use a Cisco IOS router as a server or host for different things. I’ll use two devices:
- H1: a host with IP address 192.168.1.1.
- S1: a server with IP address 192.168.1.2.
Let’s get started!
Routing
By default, a Cisco IOS router builds a routing table:
H1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.4/32 is directly connected, GigabitEthernet0/0This happens because ip routing is enabled by default. You can’t see it with show running-configuration because it’s enabled by default, but you can see it when you use the all option:
H1#show running-config all | include ip routing
ip routing protocol purge interface
ip routingTo disable routing, all we need to do is this:
H1#configure terminal
H1(config)#no ip routingThe router won’t build a routing table anymore:
H1#show ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is emptyAnd the router now acts like a regular host (or server). You’ll need to configure a default gateway (if you have one) to reach destinations outside your subnet, just like a regular host. If you had a router that you could use as default gateway, you can configure it like this:
H1(config)#ip default-gateway 192.168.1.254The default gateway shows up here:
H1#show ip route
Default gateway is 192.168.1.254
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is emptyThat’s it. Your router is now a host.
Connectivity
We can use the router to check for connectivity. Let’s look at some examples.
ICMP
You can use the ping command to check for basic connectivity. In its most simple form it looks like this:
H1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 msIf you don’t supply an IP address, there are many options you can choose from:
H1#ping
Protocol [ip]:
Target IP address: 192.168.1.2
Repeat count [5]: 10
Datagram size [100]: 1200
Timeout in seconds [2]:
Extended commands [n]: y
Ingress ping [n]:
Source address or interface:
DSCP Value [0]:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0x0000ABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10, 1200-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 1/1/3 msThis is useful for many things, such as testing Quality of Service. You can set most of these parameters right away as well:
H1#ping 192.168.1.2 ?
Extended-data specify extended data pattern
data specify data pattern
df-bit enable do not fragment bit in IP header
dscp Specify DSCP value in ASCII/Numeric for Ingress
ingress LAN source interface for Ingress
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
tos specify type of service value
validate validate reply dataThis shows you all the options. For example:
H1#ping 192.168.1.2 repeat 10 size 1200
Type escape sequence to abort.
Sending 10, 1200-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 1/1/3 msTraceroute
To test routing, you can also use traceroute from a router. Here is an example:
H1#traceroute networklessons.com
Type escape sequence to abort.
Tracing the route to ec2-52-20-118-12.compute-1.amazonaws.com (52.20.118.12)
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.254 24 msec 0 msec 0 msec
2 static.kpn.net (195.191.226.12) 4 msec 4 msec 0 msec
3 * * *
4 * * *
5 nl-ams02a-rc2-lag-102-0.aorta.net (84.115.131.111) 104 msec
nl-ams17b-rc1-lag-105-0.aorta.net (84.115.131.45) 96 msec
ae-6.r23.amstnl07.nl.bb.gin.ntt.net (129.250.2.232) 4 msec
6 us-was03a-rd1-ae-102-0.aorta.net (84.116.130.122) 96 msec 96 msec 124 msec
7 us-was03a-ri1-ae-11-0.aorta.net (84.116.130.165) 96 msec * *
8 * *
99.83.115.234 96 msecIP SLA
If you need more than a simple ping, you can try IP SLA. This tool is mostly used for routing and failover but can be used as a simple traffic generator in your labs. The advantage of IP SLA is that it runs in the background once it’s configured. Here is a quick example. On one side, we configure the traffic we want to generate:
H1(config)#ip sla 1
H1(config-ip-sla)#icmp-echo 192.168.1.2
H1(config-ip-sla-echo)#frequency 10
H1(config)#ip sla schedule 1 start-time now life foreverThis sends an ICMP echo request every 10 seconds. On the other end, we configure the responder:
S1(config)#ip sla responderThis now generates ICMP traffic in the background:
H1#show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
Latest RTT: 1 milliseconds
Latest operation start time: 09:54:55 UTC Tue Dec 24 2024
Latest operation return code: OK
Number of successes: 8
Number of failures: 0
Operation time to live: ForeverYou can also use IP SLA to generate UDP and/or TCP traffic.
Services
We can use different services on our router to use it as a server or client. I’ll show you some examples.
Telnet
Let’s start with telnet. We can enable the telnet server like this:
S1(config)#line vty 0 4
S1(config-line)#transport input telnetWe now have a telnet server. A router also has a telnet client:
H1#telnet 192.168.1.2
Trying 192.168.1.2 ... Open
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
Password required, but none setS1 disconnects me because no password has been configured, but that’s okay. We can connect to the telnet server, showing it’s working.
SSH
We can also configure an SSH server and use the SSH client. Let’s configure the SSH server:
S1(config)#username CISCO password CISCO
S1(config)#ip domain-name NWL.LABS1(config)#crypto key generate rsa
The name for the keys will be: S1.NWL.LAB
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)S1(config)#ip ssh version 2S1(config)#line vty 0 4
S1(config-line)#transport input ssh
S1(config-line)#login localNow we can connect using the SSH client:
H1#ssh -l CISCO 192.168.1.2
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************
Password:We can connect, excellent.
HTTP
How about an HTTP server? You can enable this with one command:
S1(config)#ip http serverWhat about an HTTP client? You can do that from the CLI as well:
H1#telnet 192.168.1.2 80
Trying 192.168.1.2, 80 ... OpenYou can use the telnet client to connect to the HTTP server. The server doesn’t have any HTML files but you are able to use HTTP methods:
GET /index.html HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Mon, 23 Dec 2024 13:17:16 GMT
Server: cisco-IOS
Connection: close
Set-Cookie: http_cookie=deleted; Domain=; Path=/; Max-Age=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; HttpOnly
Accept-Ranges: none
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
400 Bad Request
[Connection to 192.168.1.2 closed by foreign host]The server returns a header, gives an HTTP 400 error, and closes the connection. That’s ok. We can connect. This can be useful if you want to test an access-list or firewall. An alternative option is the copy http command.
TFTP
We can also use the TFTP server and client to transmit files. For example, you could copy the IOS files from one router to another. Let’s enable the TFTP server:
S1(config)#tftp-server flash:vios-adventerprisek9-mAnd copy it from the TFTP server to the host with the TFTP client:
H1#copy tftp: null:
Address or name of remote host []? 192.168.1.2
Source filename []? vios-adventerprisek9-m
Accessing tftp://192.168.1.2/vios-adventerprisek9-m...
Loading vios-adventerprisek9-m from 192.168.1.2 (via GigabitEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 149920624 bytes]
149920624 bytes copied in 829.884 secs (180653 bytes/sec)I copy it to the null: filesystem, so it doesn’t store the file anywhere.
DNS
You can also turn a router into a DNS server. Let’s enable this and configure one record:
S1(config)#ip domain name NWL.LAB
S1(config)#ip dns server
S1(config)#ip host S1.NWL.LAB 192.168.1.2On the client, we configure the IP address of the DNS server and tell it to do DNS lookups:
H1(config)#ip name-server 192.168.1.2
H1(config)#ip domain-lookupLet’s give it a try:
H1#ping S1.NWL.LAB
Translating "S1.NWL.LAB"...domain server (192.168.1.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 msThis works, and we resolved the name “S1.NWL.LAB”.
DHCP
We can also configure a DHCP server and DHCP client. Let’s configure a simple DHCP server:
S1(config)#ip dhcp pool MY_POOL
S1(dhcp-config)#network 192.168.1.0 255.255.255.0
S1(dhcp-config)#default-router 192.168.1.254This will assign IP addresses in the 192.168.1.0/24 range and include the IP address of the default gateway. On the client, you can enable DHCP like this:
H1(config)#interface GigabitEthernet 0/0
H1(config-if)#ip address dhcpThat’s all there is.
Conclusion
You have now learned different options for using a Cisco router as a host or server. This should be helpful in your labs. I hope you enjoyed this lesson. If you have any questions, feel free to leave a comment!