1 00:00:00,150 --> 00:00:06,510 In previous videos, which I've linked here, I showed you how to use Linux commands on Cisco iOS. 2 00:00:06,780 --> 00:00:12,270 This was using traditional Cisco iOS or monolithic Cisco iOS. 3 00:00:12,540 --> 00:00:15,580 You're kind of restricted in the Linux commands that you can use. 4 00:00:15,600 --> 00:00:21,510 In this video, however, I'm going to show you how to take that to the next level by using a Linux 5 00:00:21,510 --> 00:00:25,980 container running directly on Cisco, iOS, XXI. 6 00:00:26,310 --> 00:00:28,260 I'll show you how to use Python. 7 00:00:28,260 --> 00:00:30,640 In other words, create Python scripts. 8 00:00:30,660 --> 00:00:34,430 How to install applications within that Linux container. 9 00:00:34,440 --> 00:00:36,960 So you could, as an example, install Nano. 10 00:00:36,990 --> 00:00:40,380 That's just a basic application that I'll show you in this video. 11 00:00:40,380 --> 00:00:45,480 But I mean, you could install any type of application that runs on Linux within that container. 12 00:00:45,510 --> 00:00:48,170 Obviously, you need to think about what you're going to be doing. 13 00:00:48,180 --> 00:00:53,220 You don't want to run a huge kind of server database application on the container. 14 00:00:53,220 --> 00:00:59,400 But the point is, is that you can run Linux directly on a Cisco iOS device. 15 00:00:59,550 --> 00:01:04,090 This is true Linux, so you can use any command that's supported in CentOS. 16 00:01:04,110 --> 00:01:08,880 That's the flavor of Linux that the Cisco iOS users. 17 00:01:09,120 --> 00:01:16,070 You can run Python scripts directly within that Linux container or call them from within the Cisco iOS 18 00:01:16,080 --> 00:01:18,150 OC because this is YouTube. 19 00:01:18,180 --> 00:01:21,690 Please, could I ask you to subscribe to my YouTube channel, please? 20 00:01:21,690 --> 00:01:23,400 Could I ask you to like this video? 21 00:01:23,400 --> 00:01:28,530 If you find it useful, please click on the bell to get notifications to make it easier for you. 22 00:01:28,530 --> 00:01:35,700 I've put all the scripts below this video and links to documentation, so if you get bored, hopefully 23 00:01:35,700 --> 00:01:43,470 not of this video, you can refer to the documentation below the video to get more information and samples 24 00:01:43,470 --> 00:01:46,020 of the scripts that I'm running because we bought this. 25 00:01:57,300 --> 00:02:00,120 Now some feedback from you, please, before we get started. 26 00:02:00,420 --> 00:02:03,410 I am creating quite complex videos here. 27 00:02:03,450 --> 00:02:09,060 I'm going into quite a lot of detail with regards to the configuration of some of this network automation 28 00:02:09,060 --> 00:02:09,660 stuff. 29 00:02:09,979 --> 00:02:10,770 Other videos. 30 00:02:10,770 --> 00:02:11,500 Too long. 31 00:02:11,520 --> 00:02:12,780 Do you enjoy the videos? 32 00:02:12,780 --> 00:02:17,640 Please put comments below this video and let me know how I can make this better for you. 33 00:02:17,670 --> 00:02:18,750 Do you want shorter videos? 34 00:02:18,750 --> 00:02:20,350 Do you want more in depth videos? 35 00:02:20,370 --> 00:02:24,540 How can I make this better for you and help you become a better network engineer? 36 00:02:24,990 --> 00:02:28,050 Okay, so to demonstrate this, I'm not using this physical equipment. 37 00:02:28,050 --> 00:02:31,500 That's for my Kelly Linux hacking videos. 38 00:02:32,130 --> 00:02:34,380 In this example, I'm going to be using three. 39 00:02:34,500 --> 00:02:36,560 I've got a Linux container here. 40 00:02:36,570 --> 00:02:40,140 This is a Linux server which I'm going to use just for testing purposes. 41 00:02:40,230 --> 00:02:48,150 I've got a switch, I've got an iOS V router that simply there to enable Nat or to run Nat to get us 42 00:02:48,150 --> 00:02:49,170 to the internet. 43 00:02:49,380 --> 00:02:53,250 So this is just a basic infrastructure running within is three. 44 00:02:53,430 --> 00:03:00,870 What I'm going to do, however, is bring a Cisco CSR into the topology, the default here. 45 00:03:01,540 --> 00:03:04,120 With Engine three doesn't have enough memory. 46 00:03:04,120 --> 00:03:06,670 So I'm going to right click click configure. 47 00:03:07,570 --> 00:03:13,690 I'm going to change this to use 4096 meg of RAM and give it to CPUs. 48 00:03:15,580 --> 00:03:20,470 This device is running within the three VM locally on my Mac. 49 00:03:20,740 --> 00:03:25,570 So here I'm running three version 2.2 release candidate five. 50 00:03:25,840 --> 00:03:28,930 I'm running that CSR on the three VM. 51 00:03:29,490 --> 00:03:31,000 Okay, I'm going to start this up. 52 00:03:31,990 --> 00:03:33,690 Now it takes a while to boot. 53 00:03:33,700 --> 00:03:38,710 So while it's booting, let me talk a little bit more about what we doing here. 54 00:03:39,340 --> 00:03:46,450 I'm going to configure the CSR router so that I can access a Linux container running within the CSR. 55 00:03:46,900 --> 00:03:50,190 Now CSR routers use iOS iSCSI. 56 00:03:50,200 --> 00:03:54,220 That's different to monolithic or traditional iOS. 57 00:03:54,250 --> 00:04:00,670 In traditional iOS or monolithic iOS, the operating system is installed directly on the hardware here. 58 00:04:00,670 --> 00:04:08,440 The operating system, iOS, as we used to, runs on top of Linux so we can have containers running 59 00:04:08,620 --> 00:04:13,150 within Linux, running side by side to the Cisco iOS. 60 00:04:13,690 --> 00:04:17,529 Now there's a lot of documentation online showing you how to do this. 61 00:04:17,560 --> 00:04:19,370 Here's an example from Dev Net. 62 00:04:19,390 --> 00:04:24,400 I'll put links to this document and others below the video so that you can have a look at that in your 63 00:04:24,400 --> 00:04:25,090 own time. 64 00:04:25,090 --> 00:04:29,640 But basically what we're going to enable is the guest shell application. 65 00:04:29,650 --> 00:04:33,910 This is a Linux container that we can run on an iOS device. 66 00:04:34,620 --> 00:04:39,810 You can do many things such as run Linux commands, and I'm going to show you that here you can run 67 00:04:39,810 --> 00:04:40,900 Python scripts. 68 00:04:40,920 --> 00:04:42,220 I'll demonstrate that. 69 00:04:42,240 --> 00:04:44,940 There's also device level API integration. 70 00:04:45,150 --> 00:04:52,290 Now, in this document and many others that I've seen online, they get you to configure Nat or network 71 00:04:52,290 --> 00:04:58,910 address translation between the guest shell container and iOS iSCSI. 72 00:04:59,130 --> 00:05:00,250 We're not going to do that. 73 00:05:00,270 --> 00:05:03,300 We're going to use something that's been around for many years. 74 00:05:03,720 --> 00:05:10,740 We're going to use what's called IP unnumbered, which allows you to use an IP address from one network 75 00:05:10,740 --> 00:05:11,700 on another. 76 00:05:12,000 --> 00:05:18,150 Logically, what's happening within the CSR is we have one network, let's say gigabit Ethernet, one 77 00:05:18,150 --> 00:05:21,780 that connects us to the Internet or the local area network. 78 00:05:21,780 --> 00:05:27,690 But logically, there's a cable from the iOS SCSI to this container. 79 00:05:27,720 --> 00:05:29,460 This has been used for many, many years. 80 00:05:29,460 --> 00:05:37,010 So I remember back and forgive me for showing my age on the old, old 5500 Cisco Catalyst switches. 81 00:05:37,020 --> 00:05:38,990 That's like going back many, many years. 82 00:05:39,000 --> 00:05:42,690 They had a Catalyst switch that would run one operating system. 83 00:05:42,690 --> 00:05:48,300 And then logically, there was a connection within the switch to what was called an RSM, which was 84 00:05:48,300 --> 00:05:55,170 a router switch module, and you would move from OS, which had set based commands into a OSM, which 85 00:05:55,170 --> 00:05:57,390 was running Cisco iOS as we know today. 86 00:05:57,600 --> 00:06:02,660 So you had this logical connection that you could jump from one to the other within the same device, 87 00:06:02,670 --> 00:06:03,800 same kind of concept. 88 00:06:03,810 --> 00:06:04,200 Yeah. 89 00:06:04,950 --> 00:06:11,130 A more modern example of that is a Unity Express module that runs within a Cisco CME router. 90 00:06:11,160 --> 00:06:15,690 So if you've got a cool manager express router that's running Cisco iOS and then you would have this 91 00:06:15,690 --> 00:06:23,210 logical connection to a Linux operating system that ran the Unity Express of voice messaging system. 92 00:06:23,220 --> 00:06:25,860 So that kind of concept has been around for a long time. 93 00:06:25,860 --> 00:06:29,010 But yeah, what we're doing is we doing it with a container. 94 00:06:29,100 --> 00:06:36,600 So we are going to create a logical connection, as they've shown over here in this document from Cisco, 95 00:06:36,600 --> 00:06:39,090 iOS, iSCSI to the container. 96 00:06:39,090 --> 00:06:42,120 And we're using what's called a virtual port group for that. 97 00:06:42,150 --> 00:06:44,250 I'm not going to do it the way they've done here. 98 00:06:44,340 --> 00:06:45,510 I think it's too complicated. 99 00:06:45,510 --> 00:06:51,660 We'll use IPA numbered, which once again has been around since the days of modems called Manage Express 100 00:06:51,660 --> 00:06:55,350 Unity Express been around for a long time, used in many, many products. 101 00:06:55,740 --> 00:07:00,510 Okay, so my CSR device has booted up once again. 102 00:07:00,690 --> 00:07:05,100 I dragged a CSR into the Gen three topology. 103 00:07:05,100 --> 00:07:11,820 This is a brand new device, so hence we see system configuration dialog. 104 00:07:12,000 --> 00:07:15,140 Do I want to enter the initial configuration dialog? 105 00:07:15,150 --> 00:07:20,610 I'm going to say no, I don't want to use the initial configuration dialog and I want to terminate auto 106 00:07:20,610 --> 00:07:21,330 install. 107 00:07:21,690 --> 00:07:28,800 Now going back here, one of the reasons I changed the RAM and CPUs is I've found that when you start 108 00:07:28,800 --> 00:07:36,990 up the guest shell on iOS XY, in other words, the Cisco CSR engine is three using the defaults. 109 00:07:36,990 --> 00:07:39,090 It doesn't work, causes problems. 110 00:07:39,870 --> 00:07:41,310 Okay, so show version. 111 00:07:42,540 --> 00:07:43,680 Here's the command. 112 00:07:43,680 --> 00:07:45,960 You can see we're using Cisco, iOS, XY. 113 00:07:45,990 --> 00:07:53,160 This is the version of operating system notice here, Linux, this is using Linux and we can use a Linux 114 00:07:53,160 --> 00:07:56,700 container directly on this router. 115 00:07:57,180 --> 00:07:57,400 Okay. 116 00:07:57,450 --> 00:07:59,220 So go to global config mode. 117 00:07:59,220 --> 00:08:02,070 Let's give it a name such as CSR one. 118 00:08:02,070 --> 00:08:04,140 So hostname CSR one. 119 00:08:05,550 --> 00:08:09,810 This interface gigabit one is connected to my network. 120 00:08:10,140 --> 00:08:16,920 I've got the iOS v router here configured as a standard internet router. 121 00:08:16,920 --> 00:08:24,090 So all it's doing is acting as our default gateway to get to the internet. 122 00:08:24,300 --> 00:08:32,130 This IP address is actually a physical Cisco router in my network here at home, so that actually gets 123 00:08:32,130 --> 00:08:32,880 me to the internet. 124 00:08:32,880 --> 00:08:40,320 But this router is acting as our internet router to get us out of three into the physical world. 125 00:08:40,770 --> 00:08:48,090 All I've done on this router is configure IP addresses, so it's got this IP address as the inside IP 126 00:08:48,090 --> 00:08:51,690 address, this IP address as the outside IP address. 127 00:08:51,780 --> 00:08:56,490 So from a net or network address, translation point of view, that's the inside interface. 128 00:08:56,490 --> 00:08:58,140 This is the outside interface. 129 00:08:58,170 --> 00:09:01,740 This is our default gateway to get to the Internet. 130 00:09:02,890 --> 00:09:03,130 Okay. 131 00:09:03,130 --> 00:09:05,740 So back on the CSR brand new rotter. 132 00:09:05,860 --> 00:09:07,930 All I've done is give it a hostname. 133 00:09:09,160 --> 00:09:09,380 Okay. 134 00:09:09,430 --> 00:09:14,740 Top End show iocs service. 135 00:09:15,580 --> 00:09:19,180 This command shows us that. 136 00:09:19,970 --> 00:09:26,990 The IOCs service is not running at the moment, so that service is not currently running to enable it. 137 00:09:27,020 --> 00:09:32,750 Now I'll put all these commands below, so don't worry about trying to remember or write down all the 138 00:09:32,750 --> 00:09:35,630 commands in global configuration mode. 139 00:09:35,630 --> 00:09:37,640 I'm going to enable IOCs. 140 00:09:38,010 --> 00:09:38,200 Okay. 141 00:09:38,270 --> 00:09:42,500 So we can see that the server iocs has been notified to start. 142 00:09:42,680 --> 00:09:44,270 So do the show command again. 143 00:09:44,270 --> 00:09:45,920 Show IOCs service. 144 00:09:46,040 --> 00:09:49,890 What you'll notice is the services are now running. 145 00:09:49,910 --> 00:09:53,270 I'm not going to use HRA in this example, so that's okay. 146 00:09:54,160 --> 00:09:54,300 Okay. 147 00:09:54,380 --> 00:09:55,850 Show IP interface brief. 148 00:09:55,850 --> 00:09:58,070 The router is a brand new router. 149 00:09:58,070 --> 00:09:59,920 We haven't configured anything on it. 150 00:09:59,930 --> 00:10:08,150 So the first thing I'm going to do is give this router an IP address of, let's say ten 111 255 255 151 00:10:08,310 --> 00:10:10,850 zero and no, shut the interface. 152 00:10:11,640 --> 00:10:13,470 Very basic stuff. 153 00:10:13,770 --> 00:10:21,270 This router should hopefully be able to ping the iOS v router, which is the internet router. 154 00:10:22,500 --> 00:10:22,740 Okay. 155 00:10:22,740 --> 00:10:24,350 So Interface took a while to come up. 156 00:10:24,360 --> 00:10:33,360 Janus three Version 2.2 now supports link status, so we actually see the links like on a real router. 157 00:10:33,360 --> 00:10:40,620 So it took it a while for the keeper lives to kick in and bring the interface up so we can now ping 158 00:10:40,620 --> 00:10:41,850 our default gateway. 159 00:10:43,180 --> 00:10:43,450 Okay. 160 00:10:43,450 --> 00:10:44,870 So this is where it gets interesting. 161 00:10:44,890 --> 00:10:53,680 We're going to create an interface which is our virtual port group as per this diagram from Cisco Dev 162 00:10:53,680 --> 00:10:54,190 net. 163 00:10:54,400 --> 00:11:00,760 So interface virtual port group and I'm going to pick a number zero. 164 00:11:01,180 --> 00:11:06,910 And this is once again where I'm going to use commands from the past rather than configuring like they've 165 00:11:06,910 --> 00:11:07,700 done here. 166 00:11:07,840 --> 00:11:14,740 A separate subnet on the physical interface and then this virtual cable between iSCSI and the container. 167 00:11:14,950 --> 00:11:18,330 I'm going to simply reuse the same subnet. 168 00:11:18,340 --> 00:11:25,120 So this container will logically appear as if it's on the physical network, even though it's not. 169 00:11:25,360 --> 00:11:28,210 If you look at the logical cables within the device. 170 00:11:28,510 --> 00:11:32,890 So just in your mind's eye, imagine you've got a router, physical cable to the physical network, 171 00:11:32,890 --> 00:11:35,550 and then this logical cable to a container. 172 00:11:35,560 --> 00:11:40,510 Typically every interface on a router needs to be in a separate subnet, but we're going to put this 173 00:11:40,510 --> 00:11:44,140 in the same subnet as the physical network by using IPA numbered. 174 00:11:44,170 --> 00:11:47,050 It was a way in the past to conserve IP addresses. 175 00:11:47,080 --> 00:11:52,390 Here I'm using it to make things a lot simpler than the examples they've got on Cisco's website. 176 00:11:53,830 --> 00:11:54,430 Okay. 177 00:11:55,080 --> 00:12:02,130 So show IP interface brief in the output share. 178 00:12:02,130 --> 00:12:07,480 You can see that the virtual port group has the same IP address as the gigabit interface. 179 00:12:07,500 --> 00:12:09,930 Now from a routing point of view, that can get confusing. 180 00:12:09,930 --> 00:12:15,030 So we're going to have to create some specific static routes to make the routing work in this topology 181 00:12:15,030 --> 00:12:15,750 in a moment. 182 00:12:15,960 --> 00:12:18,060 But for now, that's all we need to do. 183 00:12:18,420 --> 00:12:21,810 The next command is to enable Guest Shell. 184 00:12:21,810 --> 00:12:28,080 So I'm going to say Guest Shell enable because I want to run the guest shell virtual port group is going 185 00:12:28,080 --> 00:12:29,040 to be zero. 186 00:12:29,400 --> 00:12:30,660 The guest IP. 187 00:12:30,660 --> 00:12:34,440 So what IP address am I going to allocate to the container? 188 00:12:34,920 --> 00:12:39,300 Remember we've got the router logical cable to the container. 189 00:12:39,300 --> 00:12:41,880 We need to allocate an IP address to this container. 190 00:12:42,060 --> 00:12:45,660 It's kind of like DHCP to the container if you like. 191 00:12:45,660 --> 00:12:48,030 Not a true analogy, but there you go. 192 00:12:48,540 --> 00:12:48,810 Okay. 193 00:12:48,810 --> 00:12:51,870 Now it says please wait for completion. 194 00:12:52,110 --> 00:12:55,350 Now I've had problems with this. 195 00:12:55,350 --> 00:12:59,400 You can as an example at the end of this command, add a DNS server. 196 00:12:59,700 --> 00:13:06,180 I want to use Google because I want to get this container to connect to the Internet and I want to install 197 00:13:06,180 --> 00:13:07,890 applications on this container. 198 00:13:08,190 --> 00:13:15,000 So I've found sometimes engineer three that's giving that gave me problems doing it this way work better. 199 00:13:15,030 --> 00:13:19,890 I'm not sure if you can hear my Mac, but it's starting to spin up and make a lot of noise as it starts 200 00:13:19,890 --> 00:13:21,330 this guest shell up. 201 00:13:22,080 --> 00:13:25,770 But as you can see there, that's been completed successfully. 202 00:13:25,830 --> 00:13:29,580 Just to show you the command notice, you could specify a name server here. 203 00:13:29,580 --> 00:13:32,940 I've had problems doing that, so I didn't do that here. 204 00:13:33,180 --> 00:13:36,330 I'll do that in a moment directly through Linux. 205 00:13:37,590 --> 00:13:37,800 Okay. 206 00:13:37,800 --> 00:13:39,300 So that's all you had to do. 207 00:13:40,270 --> 00:13:43,450 Just to remind you what I did. 208 00:13:45,940 --> 00:13:46,960 Was. 209 00:13:49,960 --> 00:13:57,880 Configure a virtual port group, use the IP address from the gigabit one interface gigabit one has an 210 00:13:57,880 --> 00:14:04,120 IP address configured interfaces, no shut and scrolling down notice I've got IOCs enabled, so that's 211 00:14:04,120 --> 00:14:05,500 basically all I had to do. 212 00:14:05,500 --> 00:14:10,090 Once again, I'll put the config below if so that you can see how to set this up yourself. 213 00:14:10,090 --> 00:14:12,610 I had quite a lot of problems getting it to work smoothly. 214 00:14:13,060 --> 00:14:16,420 Okay, so now what I'm going to do is run the guest shell. 215 00:14:17,410 --> 00:14:19,960 I'm going to run bash in this example. 216 00:14:19,960 --> 00:14:29,710 So basically what this is doing is connecting me to that container and I've now connected to Linux notice 217 00:14:29,710 --> 00:14:37,900 please this is Linux so you name a shows us that we're running Linux here this is not iOS. 218 00:14:37,900 --> 00:14:45,130 So show IP interface brief as an example doesn't work, but sudo giving me root privileges i have config. 219 00:14:45,130 --> 00:14:48,340 Shows me the IP address of this container. 220 00:14:48,370 --> 00:14:55,810 Again, the router allocated the IP address to the container when we ran the guest shell command over 221 00:14:55,810 --> 00:14:56,380 here. 222 00:14:56,380 --> 00:15:00,580 So I allocated that IP address to the docker container. 223 00:15:01,480 --> 00:15:01,660 Okay. 224 00:15:01,690 --> 00:15:02,620 So that's nice. 225 00:15:02,620 --> 00:15:05,470 And I get a lot of stick for using IP config. 226 00:15:05,470 --> 00:15:07,870 So I'll use IP address. 227 00:15:07,870 --> 00:15:10,750 Notice the IP address configured on the guest shell. 228 00:15:10,750 --> 00:15:22,240 Is this mean you can run commands here like you would on any Linux device, but notice the IP address 229 00:15:22,240 --> 00:15:23,170 is fail. 230 00:15:23,320 --> 00:15:30,520 The guest shell is not able to ping out and the reason for that is I need to set up routing notice. 231 00:15:30,520 --> 00:15:37,150 When I look at the routing table, I only see this ten 110 is out of gigabit one. 232 00:15:37,180 --> 00:15:40,210 There's no route to the Docker container. 233 00:15:40,390 --> 00:15:45,820 So what I need to do now is add a route to the Docker container. 234 00:15:45,970 --> 00:15:51,280 And just to prove the point actually before I do that, notice if I ping ten 112 from the router, it 235 00:15:51,280 --> 00:15:55,690 doesn't know where to send the traffic because there's no route to the Docker container. 236 00:15:55,990 --> 00:16:06,010 So what I'm going to do is IP Route ten 112, this will be a slash 32 route and I'm going to point it 237 00:16:06,010 --> 00:16:09,490 to the virtual port group of zero. 238 00:16:09,550 --> 00:16:14,470 So hopefully now I'll be able to ping the Linux container, which I can. 239 00:16:14,500 --> 00:16:15,280 There you go. 240 00:16:15,640 --> 00:16:15,870 Okay. 241 00:16:15,880 --> 00:16:18,130 But I also want to put a route to the Internet. 242 00:16:18,130 --> 00:16:23,650 So on my router, I'm going to add a default route to the iOS router. 243 00:16:23,650 --> 00:16:25,300 That's my Internet router. 244 00:16:26,300 --> 00:16:26,660 Okay. 245 00:16:26,660 --> 00:16:28,940 So ping ten 11254. 246 00:16:28,970 --> 00:16:30,320 Can the router ping? 247 00:16:30,350 --> 00:16:31,200 Default gateway? 248 00:16:31,220 --> 00:16:32,060 Yes, it can. 249 00:16:32,330 --> 00:16:33,530 I need to. 250 00:16:35,220 --> 00:16:36,390 Enable IP domain. 251 00:16:36,390 --> 00:16:37,770 Look up on this router. 252 00:16:38,370 --> 00:16:45,360 I need to enable a name server so that I can get to the internet and hopefully I'll be able to ping 253 00:16:45,390 --> 00:16:49,950 internet addresses which I can so I can ping google.com as an example. 254 00:16:50,220 --> 00:16:51,750 Can I ping cisco dot com? 255 00:16:51,750 --> 00:16:52,530 Yes, I can. 256 00:16:52,530 --> 00:16:55,920 So I have internet reachability from the router. 257 00:16:56,430 --> 00:17:03,540 But what I want to do now is run bash and make sure that this device can ping outside. 258 00:17:03,900 --> 00:17:05,819 Notice that didn't work before. 259 00:17:05,849 --> 00:17:07,530 Neither did this. 260 00:17:10,030 --> 00:17:12,760 So I can't ping the default gateway from the guest shell. 261 00:17:12,790 --> 00:17:14,140 I'll sort that out in a moment. 262 00:17:14,380 --> 00:17:20,710 But as an example, I won't be able to ping google.com because because I haven't configured a dns server 263 00:17:21,460 --> 00:17:32,380 cat etsi resolve dot conf shows me that there's no DNS server configured on this device, so I'm going 264 00:17:32,380 --> 00:17:33,900 to copy a command here. 265 00:17:33,970 --> 00:17:35,860 Again, I'll put this below the video. 266 00:17:35,950 --> 00:17:38,950 Basically I'm going to echo name server google. 267 00:17:39,630 --> 00:17:46,400 And a pen that to the file that didn't show that nicely. 268 00:17:46,410 --> 00:17:49,620 But if I do cat it's resolve conf. 269 00:17:49,680 --> 00:17:54,180 Notice I've got a name server added, which I didn't have previously. 270 00:17:54,600 --> 00:17:58,140 So if we do have internet connectivity that should resolve. 271 00:17:58,140 --> 00:18:00,120 But at the moment I'm having a problem. 272 00:18:00,480 --> 00:18:03,660 I have had quite a few issues running this and Janus three. 273 00:18:03,660 --> 00:18:07,710 So if you do struggle with things, you might have to reboot it. 274 00:18:08,040 --> 00:18:13,770 Okay, so let's just confirm that I haven't done something stupid on the CSR show. 275 00:18:13,770 --> 00:18:18,830 IP interface brief ping ten 11254. 276 00:18:18,840 --> 00:18:22,740 I can ping the default gateway. 277 00:18:24,320 --> 00:18:28,340 I can ping the Linux container. 278 00:18:29,010 --> 00:18:33,300 And as a sanity check, I'll connect to this Linux server. 279 00:18:35,200 --> 00:18:37,180 See, here's my Linux PC. 280 00:18:37,900 --> 00:18:38,960 It's got this IP address. 281 00:18:38,980 --> 00:18:40,360 Ping ten 111. 282 00:18:40,900 --> 00:18:45,160 Can I ping the seesaw router? 283 00:18:45,190 --> 00:18:46,300 Yes, I can. 284 00:18:46,330 --> 00:18:48,670 Can I ping the Linux container? 285 00:18:48,700 --> 00:18:49,600 Yes, I can. 286 00:18:49,660 --> 00:18:54,250 So this seems to be a Janus three problem rather than an issue on the CSR. 287 00:18:54,730 --> 00:18:57,010 So I might have to delete some links. 288 00:18:57,130 --> 00:19:01,570 This once again is the IP address of the server over here. 289 00:19:01,810 --> 00:19:04,030 Let me test if I can get the CSR. 290 00:19:05,730 --> 00:19:11,910 Linux container running here to ping to the Linux container. 291 00:19:12,000 --> 00:19:13,630 So let's go back into bash. 292 00:19:13,650 --> 00:19:15,930 Ping ten one 101. 293 00:19:17,010 --> 00:19:26,100 So notice the Linux container on the router can ping the Linux server in our network, but it comping 294 00:19:26,100 --> 00:19:26,820 the router. 295 00:19:27,270 --> 00:19:30,240 I'll delete some links in a moment to sort that out. 296 00:19:30,780 --> 00:19:33,450 But before I get there, let's add a user here. 297 00:19:33,450 --> 00:19:36,900 So pseudo user add David. 298 00:19:37,870 --> 00:19:40,570 Pseudo password, David. 299 00:19:40,960 --> 00:19:42,850 I'll set a password off Cisco. 300 00:19:42,880 --> 00:19:45,700 Not a great password at the moment. 301 00:19:46,210 --> 00:19:51,150 I've connected to the shell via the console, if you like. 302 00:19:51,160 --> 00:19:56,680 So notice the IP address, but I'll go to the Linux server. 303 00:19:57,160 --> 00:20:00,130 So this device has this IP address. 304 00:20:00,580 --> 00:20:06,580 Can I switch to the container running on the router? 305 00:20:06,610 --> 00:20:10,750 Yes, I can put my password in and I'm in. 306 00:20:10,750 --> 00:20:13,480 So again, this is the Linux server. 307 00:20:13,510 --> 00:20:16,810 This is the router linux shell. 308 00:20:16,840 --> 00:20:20,740 If I type who notice I have another connection. 309 00:20:21,460 --> 00:20:28,150 I've now switched from Linux here onto Linux on the CSR. 310 00:20:29,070 --> 00:20:35,400 So before I do any troubleshooting in Genesis three, I just want to make the point that this is Linux. 311 00:20:35,400 --> 00:20:36,870 So you'd. 312 00:20:37,620 --> 00:20:40,650 That's my home directory seed route. 313 00:20:40,740 --> 00:20:42,600 Alice Dash L. 314 00:20:42,900 --> 00:20:49,650 This is full blown Linux, so you can do all kinds of things yet, including installing applications, 315 00:20:49,890 --> 00:20:53,250 including running Python. 316 00:20:53,430 --> 00:20:59,460 So this is Python running within Linux on that CSR in the topology. 317 00:20:59,460 --> 00:21:04,590 So this is Python 2.7.5 over there. 318 00:21:05,190 --> 00:21:12,780 I can install Python three of our like, but basically this is Python as you know it and this is Linux 319 00:21:13,230 --> 00:21:14,220 as you may know it. 320 00:21:14,220 --> 00:21:16,770 St OS Running on that. 321 00:21:16,770 --> 00:21:18,840 CSR okay, so Ginn is three. 322 00:21:18,840 --> 00:21:20,520 What I'm going to do is delete this link. 323 00:21:21,550 --> 00:21:23,500 And then I'll edit back again. 324 00:21:28,830 --> 00:21:35,910 So hopefully that will solve the issue between the iOS, the router and the CSR. 325 00:21:36,510 --> 00:21:38,280 So paying ten 111. 326 00:21:38,610 --> 00:21:42,330 Can I ping the CSR router from the iOS router? 327 00:21:42,360 --> 00:21:43,260 Yes, I can. 328 00:21:43,440 --> 00:21:48,300 Can I ping the container on the CSR? 329 00:21:48,330 --> 00:21:49,190 Yes I can. 330 00:21:49,200 --> 00:21:52,860 So notice by deleting that link and re enabling it in three. 331 00:21:52,890 --> 00:21:54,540 I've solved the problem. 332 00:21:54,660 --> 00:21:58,170 So let's go back to the guest shell. 333 00:21:59,780 --> 00:22:00,110 Again. 334 00:22:00,110 --> 00:22:02,330 This is the guest show running on the CSR. 335 00:22:03,970 --> 00:22:04,240 Okay. 336 00:22:04,240 --> 00:22:06,400 So let's see if we can ping google.com. 337 00:22:06,970 --> 00:22:08,020 Notice we can. 338 00:22:08,230 --> 00:22:14,410 So I'm pinging the internet from a linux container running within the CSR. 339 00:22:15,460 --> 00:22:17,050 So that works. 340 00:22:18,750 --> 00:22:19,890 Clear the screen. 341 00:22:20,640 --> 00:22:24,000 Let's install an application. 342 00:22:24,000 --> 00:22:28,680 So pseudo yum, install and nano. 343 00:22:29,040 --> 00:22:36,270 And I'm going to say yes just to make sure that it downloads the software and installs it on the container. 344 00:22:36,720 --> 00:22:42,990 Installing this through Janus three can be a bit slow, so I'm installing this via a switch through 345 00:22:42,990 --> 00:22:44,820 a iOS router. 346 00:22:45,690 --> 00:22:48,420 Download can be pretty slow in DNS three. 347 00:22:48,600 --> 00:22:52,740 So what I'll do is speed this up so you don't have to watch the installation. 348 00:22:52,830 --> 00:22:53,160 Okay. 349 00:22:53,160 --> 00:22:54,960 So the installation is now completed. 350 00:22:55,230 --> 00:22:57,540 So notice I can use nano here. 351 00:22:58,350 --> 00:23:02,680 Just like I would in Linux, VI is installed on them. 352 00:23:02,700 --> 00:23:11,640 Some people get upset when I call this VI rather than them, but VM is installed by default. 353 00:23:12,540 --> 00:23:14,580 Nano isn't installed. 354 00:23:14,940 --> 00:23:19,350 Nano is going to be a lot easier for you if you new to Linux than VI. 355 00:23:19,380 --> 00:23:27,180 So let's call this Python script one dot p y and I'll just type something very basic here. 356 00:23:27,510 --> 00:23:30,240 We've got to do a hollow network automation. 357 00:23:33,100 --> 00:23:34,000 Script. 358 00:23:34,780 --> 00:23:37,210 Just to prove the point, I'll save the script. 359 00:23:37,660 --> 00:23:45,070 So Alice Python shows us that we've got this Python script and I'll use Python now to run that script. 360 00:23:45,610 --> 00:23:50,890 So I've been able to run a Python script within the Linux guest shell on that CSR. 361 00:23:50,950 --> 00:23:55,060 Now again, that might not be very useful, so let's do something better here. 362 00:23:55,720 --> 00:24:00,370 I'll cut that text and I'll say Import CIS. 363 00:24:01,990 --> 00:24:03,700 Import Seelye. 364 00:24:04,930 --> 00:24:05,860 And just to. 365 00:24:07,290 --> 00:24:08,320 To make sense of this. 366 00:24:08,320 --> 00:24:10,210 I'll do this interactively first. 367 00:24:10,540 --> 00:24:17,320 I've run Python and what I can do now is imports and import cli. 368 00:24:18,460 --> 00:24:24,040 I'm going to be able to run cli commands using python on box on this device. 369 00:24:24,040 --> 00:24:25,690 In other words, I don't need a separate server. 370 00:24:25,900 --> 00:24:34,420 I'm running this python script directly on the CSR and then I could use a command like CLI execute p 371 00:24:34,840 --> 00:24:37,930 show IP interface brief. 372 00:24:39,970 --> 00:24:42,580 And notice that command has executed. 373 00:24:43,150 --> 00:24:46,060 I could do something like show version. 374 00:24:47,080 --> 00:24:48,820 And there's the show version. 375 00:24:49,530 --> 00:24:50,490 On the router. 376 00:24:50,820 --> 00:24:53,700 He has my python command and he has the output. 377 00:24:53,910 --> 00:24:59,970 I could do something like show version, include version or something like that. 378 00:25:00,750 --> 00:25:02,490 And that should be uppercase, actually. 379 00:25:04,960 --> 00:25:07,210 So there's my command. 380 00:25:07,540 --> 00:25:10,030 And notice there's the version of operating system. 381 00:25:10,820 --> 00:25:12,290 I'm basically running. 382 00:25:13,970 --> 00:25:17,870 Shell commands within my script. 383 00:25:18,570 --> 00:25:20,390 Okay, so let's do that again. 384 00:25:20,390 --> 00:25:21,740 But through a script. 385 00:25:22,430 --> 00:25:24,440 Okay, so here's my script. 386 00:25:24,620 --> 00:25:25,880 I'll save that. 387 00:25:26,390 --> 00:25:31,000 And then I could run Python Python script one and there's the output. 388 00:25:31,010 --> 00:25:34,070 So let's push that to more on Linux. 389 00:25:35,070 --> 00:25:36,900 So my Python script over there. 390 00:25:37,830 --> 00:25:38,190 Yes. 391 00:25:38,190 --> 00:25:39,840 My show EIP interface brief. 392 00:25:40,350 --> 00:25:43,110 Here's my show version information. 393 00:25:43,440 --> 00:25:44,370 And again. 394 00:25:46,240 --> 00:25:50,860 I might want to make that easier to use. 395 00:25:50,860 --> 00:25:52,090 So do that. 396 00:25:54,390 --> 00:25:58,620 Clear my script, run the script, and there you go. 397 00:25:59,100 --> 00:26:05,010 Now, some people have asked us when I've demonstrated stuff previously and notice I'm back on the sly, 398 00:26:05,040 --> 00:26:07,950 so clear doesn't work because I'm on the rider now. 399 00:26:09,300 --> 00:26:11,850 Can you run these Python scripts from. 400 00:26:12,670 --> 00:26:15,610 The Sealy, and the answer is yes you can. 401 00:26:16,060 --> 00:26:22,720 In this document, Programmability Configuration Guide, they show you a lot more than what I'm demonstrating. 402 00:26:22,780 --> 00:26:30,280 So as an example, they show you that you can run Python directly from the router and you could also 403 00:26:30,280 --> 00:26:32,950 run a script that you've stored in Flash. 404 00:26:33,400 --> 00:26:40,480 So here's a sample script that they're running directly from Flash, and then here they are running 405 00:26:40,900 --> 00:26:43,120 a script from Guest Shell. 406 00:26:43,800 --> 00:26:45,880 Okay, so let's demonstrate that. 407 00:26:46,820 --> 00:26:46,930 Okay. 408 00:26:46,990 --> 00:26:49,270 So once again, I'm on the router now. 409 00:26:49,300 --> 00:26:52,930 This is iOS, ESXi, this is not Linux. 410 00:26:53,530 --> 00:26:56,560 What I can do now is say guest shell. 411 00:26:57,160 --> 00:26:59,470 Run Python. 412 00:26:59,470 --> 00:27:04,210 And then I'm going to specify the script that that is stored in Linux. 413 00:27:04,900 --> 00:27:09,160 So what this has done now is run the Python script that's stored in the Linux container. 414 00:27:09,340 --> 00:27:11,800 Here's the output of show IP interface brief. 415 00:27:11,830 --> 00:27:14,110 Here's show version. 416 00:27:14,710 --> 00:27:20,740 Now again, you can put the Cisco documentation, put scripts in the flesh of the router. 417 00:27:20,770 --> 00:27:24,520 So you might not want to keep them in the Linux container. 418 00:27:24,520 --> 00:27:29,560 You want to store them in the flash, and then you want to execute them from Flash. 419 00:27:30,040 --> 00:27:37,570 And they have a lot more complicated examples on the Cisco documentation, much better than the examples 420 00:27:37,570 --> 00:27:38,500 I've just shown you. 421 00:27:38,530 --> 00:27:40,390 I'm just trying to get you started. 422 00:27:40,820 --> 00:27:41,080 Okay. 423 00:27:41,080 --> 00:27:47,260 So in this video I showed you how to get a CSR configured within Janus three, how to enable the guest 424 00:27:47,260 --> 00:27:53,950 shell, how to access the guest shell, use Linux commands, install Linux applications, use Python 425 00:27:54,190 --> 00:27:55,720 run Python scripts. 426 00:27:56,460 --> 00:28:03,360 And hopefully open up a whole new world for you with regards to network automation using on box methods. 427 00:28:03,360 --> 00:28:07,020 In other words, we don't need Python on a separate server. 428 00:28:07,080 --> 00:28:12,150 In separate videos, I'll show you how to use Python on a Linux server like this and then configure 429 00:28:12,150 --> 00:28:13,770 devices that way. 430 00:28:13,770 --> 00:28:20,850 But in this example, I'm running Linux and Python on the router and I'm making changes on the router. 431 00:28:20,880 --> 00:28:27,660 One of the advantages of that is here we don't need IP connectivity to the router to run scripts. 432 00:28:27,660 --> 00:28:31,980 So if we lost IP connectivity to the router, the router could still run scripts locally. 433 00:28:31,980 --> 00:28:37,350 Whereas if I connect remotely and I'll lose IP connectivity to that router, my scripts will no longer 434 00:28:37,350 --> 00:28:38,040 work. 435 00:28:38,220 --> 00:28:38,530 Okay. 436 00:28:38,550 --> 00:28:39,450 This is a long video. 437 00:28:39,450 --> 00:28:42,330 Again, if you enjoyed this video, please like it. 438 00:28:42,330 --> 00:28:47,160 Please subscribe to my YouTube channel and please click on the bell to get notifications when I post 439 00:28:47,160 --> 00:28:48,030 a new video. 440 00:28:48,180 --> 00:28:49,200 I'm David Bumble. 441 00:28:49,200 --> 00:28:52,030 I want to wish you all the very best as we vote this.