Finding the right IOU images can be a tricky thing to do, depending on what you are looking for. Things may look correct, but when you dig deeper down into it, you might not get the results you are looking for.
This all came about when discussing HSRP and IOU limitations with Maureen on a post about HSRP and ASICs.
IOU Images for Switches and for Routers
IOU images come in two flavors. We have Layer 2 images for switches, and we have router images. Calling the Layer 2 switch images is a bit of a misnomer because they can actually perform layer 3 functionality (such as having a layer 3 VLAN interface), so don’t worry too much about it being called layer 2 (or l2 in the filename). Don’t ask me to supply the IOU images, though, that’s your homework…
IOU Switch images
IOU images for switches are usually named i86bi_linux_l2-<image>-<date> such as:
- i86bi_linux_l2-ipbasek9-ms.jan24-2013-B
- i86bi_linux_l2-ipbasek9-ms.jan24-2013-team_track
- i86bi_linux_l2-ipbasek9-ms.may8-2-13-team_track
- i86bi_linux_l2-upk9-ms.june20_2012_golden_spike
- i86bi_linux_l2-adventerprise-ms.nov11-2013-team_track
Most of these are using the ipbasek9 image. But there are others out there.
IOU Router images
IOU images for routers follow pretty much the same naming format:
- i86bi_linux-adventerprisek9-ms.152-2.15.T
- i86bi_linux-adventerprisek9-ms.152-4.M1
- i86bi_linux-jk9s-ms.150-1.XJR111.358_120107
- i86bi_linux-p-ms.june20_2012_golden_spike
Needless to say that a router image is not the same as a switch image.
Not all IOU images are equal
So what’s the point of this anyway?
Take the following topology:
We have three switches and one host. The top two switches are set up with HSRP running for VLAN 10, with trunk ports between them and the third switch, that just has VLAN 10 configured. The VPCS host is connected to an access port that’s in VLAN 10. The configuration is as follows:
SW1#sh run int e0/0 Building configuration... Current configuration : 103 bytes ! interface Ethernet0/0 switchport trunk encapsulation dot1q switchport mode trunk duplex auto end SW1#sh run int e0/1 Building configuration... Current configuration : 103 bytes ! interface Ethernet0/1 switchport trunk encapsulation dot1q switchport mode trunk duplex auto end SW1#sh run int vlan 10 Building configuration... Current configuration : 147 bytes ! interface Vlan10 ip address 10.10.1.2 255.255.255.0 standby 10 ip 10.10.1.1 standby 10 priority 150 standby 10 preempt delay minimum 60 end SW1# SW2#sh run int e0/0 Building configuration... Current configuration : 103 bytes ! interface Ethernet0/0 switchport trunk encapsulation dot1q switchport mode trunk duplex auto end SW2#sh run int e0/1 Building configuration... Current configuration : 103 bytes ! interface Ethernet0/1 switchport trunk encapsulation dot1q switchport mode trunk duplex auto end SW2#sh run int vlan 10 Building configuration... Current configuration : 109 bytes ! interface Vlan10 ip address 10.10.1.3 255.255.255.0 standby 10 ip 10.10.1.1 standby 10 priority 90 end SW2# SW3#sh run int e0/0 Building configuration... Current configuration : 103 bytes ! interface Ethernet0/0 switchport trunk encapsulation dot1q switchport mode trunk duplex auto end SW3#sh run int e0/1 Building configuration... Current configuration : 103 bytes ! interface Ethernet0/1 switchport trunk encapsulation dot1q switchport mode trunk duplex auto end SW3#sh run int e0/3 Building configuration... Current configuration : 93 bytes ! interface Ethernet0/3 switchport access vlan 10 switchport mode access duplex auto end SW3#
Nothing too hard here, but the image makes all the difference.
SW1#sh ver Cisco IOS Software, Solaris Software (I86BI_LINUXL2-ADVENTERPRISE-M), Experimental Version 15.1(20131216:211730) [mmen 106] Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Mon 16-Dec-13 13:50 by mmen ROM: Bootstrap program is Linux SW1 uptime is 1 hour, 5 minutes System returned to ROM by reload at 0 System image file is "unix:/home/gns3/Documents/GNS3/images/i86bi_linux_l2-adventerprise-ms"
With this image, we don’t get any working HSRP. Both the top two switches think that they are the active switch:
SW1#sh standby vlan 10
Vlan10 - Group 10
State is Active
2 state changes, last state change 01:02:08
Virtual IP address is 10.10.1.1
Active virtual MAC address is 0000.0c07.ac0a (MAC In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.904 secs
Preemption enabled, delay min 60 secs
Active router is local
Standby router is unknown
Priority 150 (configured 150)
Group name is "hsrp-Vl10-10" (default)
SW1#
SW2#sh standby vlan 10
Vlan10 - Group 10
State is Active
2 state changes, last state change 01:03:07
Virtual IP address is 10.10.1.1
Active virtual MAC address is 0000.0c07.ac0a (MAC In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.032 secs
Preemption disabled
Active router is local
Standby router is unknown
Priority 90 (configured 90)
Group name is "hsrp-Vl10-10" (default)
SW2#
Debugging HSRP shows that the two are not talking to each other, even though CDP and ARP look fine:
SW1#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW2 Eth 0/0 162 R S I Linux Uni Eth 0/0
SW3 Eth 0/1 122 R S I Linux Uni Eth 0/0
SW1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.1.1 - 0000.0c07.ac0a ARPA Vlan10
Internet 10.10.1.2 - aabb.cc80.0100 ARPA Vlan10
SW1#debug standby
HSRP debugging is on
SW1#
*May 23 07:39:26.362: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
*May 23 07:39:29.211: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
*May 23 07:39:31.624: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
*May 23 07:39:34.614: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
*May 23 07:39:37.568: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
*May 23 07:39:40.328: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
*May 23 07:39:43.090: HSRP: Vl10 Grp 10 Hello out 10.10.1.2 Active pri 150 vIP 10.10.1.1
SW1#
No HSRP traffic gets returned.
If we switch IOU images we do get a bit further:
SW1#sh ver
Cisco IOS Software, Solaris Software (I86BI_LINUXL2-IPBASEK9-M), Experimental Version 15.1(20130124:233217) [dstivers-jan24-2013-team_track 101]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 24-Jan-13 16:17 by dstivers
ROM: Bootstrap program is Linux
SW2 uptime is 7 minutes
System returned to ROM by reload at 0
System image file is "unix:/home/gns3/Documents/GNS3/images/i86bi_linux_l2-ipbasek9-ms.jan2"
SW1#sh standby vlan 10
Vlan10 - Group 10
State is Active
2 state changes, last state change 00:01:36
Virtual IP address is 10.10.1.1
Active virtual MAC address is 0000.0c07.ac0a (MAC In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.160 secs
Preemption enabled, delay min 60 secs
Active router is local
Standby router is 10.10.1.3, priority 90 (expires in 10.592 sec)
Priority 150 (configured 150)
Group name is "hsrp-Vl10-10" (default)
SW1#
SW2#sh standby vlan 10
Vlan10 - Group 10
State is Standby
1 state change, last state change 00:01:21
Virtual IP address is 10.10.1.1
Active virtual MAC address is 0000.0c07.ac0a (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.256 secs
Preemption disabled
Active router is 10.10.1.2, priority 150 (expires in 10.256 sec)
Standby router is local
Priority 90 (configured 90)
Group name is "hsrp-Vl10-10" (default)
SW2#
So HSRP looks good from the viewpoint of the switches. However, not all is well from the VPCS guest:
VPCS2> ip 10.10.1.254 /24 Checking for duplicate address... PC1 : 10.10.1.254 255.255.255.0 VPCS2> sh arp arp table is empty VPCS2> ping 10.10.1.2 10.10.1.2 icmp_seq=1 ttl=255 time=1.500 ms 10.10.1.2 icmp_seq=2 ttl=255 time=5.000 ms VPCS2> ping 10.10.1.3 10.10.1.3 icmp_seq=1 ttl=255 time=3.500 ms 10.10.1.3 icmp_seq=2 ttl=255 time=4.000 ms VPCS2> ping 10.10.1.1 10.10.1.1 icmp_seq=1 timeout 10.10.1.1 icmp_seq=2 timeout VPCS2> sh arp aa:bb:cc:80:04:00 10.10.1.2 expires in 65 seconds aa:bb:cc:80:05:00 10.10.1.3 expires in 68 seconds 00:00:0c:07:ac:0a 10.10.1.1 expires in 70 seconds VPCS2>
It can see that there is the HSRP VIF, but cannot reach it. SW3 also knows of the VIF:
SW3#sh mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0c07.ac0a DYNAMIC Et0/0
10 0050.7966.6802 DYNAMIC Et0/0
10 aabb.cc80.0400 DYNAMIC Et0/0
10 aabb.cc80.0500 DYNAMIC Et0/0
Total Mac Addresses for this criterion: 4
SW3#
So it goes to show that although things might look like they are working in IOU switches, downstream hosts might have a different idea about the network – so much so that things may not actually be reachable. Getting the correct IOU images is important. The people who enable us to get these images do a great job, but obviously cannot replicate 100% a device that relies on hardware to perform complex switching functions. There maybe functions that work in the first image used, that do not work in the second image I used. It can be a bit hit and miss.
If I do find an image that works in this scenario I will update the post, or if you know of one then please leave a comment below.
can you please upload this L2 IOU image where HSRP works please !!!!!
no, but if you google for it I am sure that you can find it
you only need to search in google "download iou for gns3 torrentz" that's all.
Thank's Stuart for the explain.
http://www.jorgelargaespada.wordpress.com
can someone please indicate here what is the complete filename that works now for HSRP? I am just asking about the file name and not the image itself… Thx
I don't think any image works 100% with IOU.
try disabling IGMP SNOOPING on the transit L2 device
"no ip igmp snooping" is an excellent advise. Normally, snooping ignores network control blocks (224.0.0.0/23), and MAC entries that are destined to the CPU are visible in "show mac address-table static". However this doesn't work correctly on IOU images.
Hi, can you share IOU image with me please
Regards from Chile
Fernando
No. They are copyrighted, so I won't share them and risk the wrath of lawyers!