24 replies to this topic

[Big Evil]

In alignment with CCIE level requirements, Cisco is adding L2 switching features to the CCIE R&S Troubleshooting exam through L2 IOS software on Unix (L2IOU) virtual environment. The new feature will be available starting January 17, 2011.


The CCIE R&S exam consists of 2 sections – the troubleshooting (TS) section which runs two hours, and the Configuration (Config) section which is six hours. The Config lab utilizes actual physical devices in racks, whereas, the TS lab uses a virtual environment under IOU. IOU offers a very realistic simulation of router (L3+) features in the TS lab but until now had no L2 switch capability. With the addition of the new L2IOU, the TS lab will now include both L2 and L3 capabilities in the virtual environment.


Note:

With this new capability you may notice some subtle cosmetic and functional differences between the behaviors of the physical switch and the virtual switch. However, the function of the devices is fundamentally the same, and these differences should not affect your ability to apply what you have learned to succeed in the lab exam.

https://learningnetw.../docs/DOC-10859

[laf_c]

I am just wandering, how come this technology is not available outside Cisco walls? Did anyone actually try it "outside"?

[TubigSuwah]

It would be great if that technology will be share to everyone... if will help a lot of network engineer in mastering Cisco technology.

[laf_c]

It would be great if that technology will be share to everyone... if will help a lot of network engineer in mastering Cisco technology.

So it is "Top Secret" and not cracked by anyone until now?

[Sunfish]

Some people recently claimed that they cracked it and got it up and running in their homelabs. So it might have escaped into the wild already...

[Darby Weaver]

Mr. Gaddis asking me for it now. I believe he acquired a copy of IOS on Unix.

I'm not certain what I have even works yet. No time to test it.

[Darby Weaver]

In any event I don't think Cisco is ready to distribute it yet.

[Sunfish]

In any event I don't think Cisco is ready to distribute it yet.

Definitely! It's for Cisco internal use only. Cisco implemented some kind of protection but it seems not too hard to work around it - at least if want to make it tick in a homelab and don't care about things like hostname or ip address.

However, it seems that up to now "only" the older IOU has been leaked but not the new L2IOU. Anyway, I guess it's just a matter of time...

[chrcel]

Cisco implemented some kind of protection but it seems not too hard to work around it

Cisco was never too serious about protection. remember callmanager. and with the recent hack of PS3, I would say resistance futile.

[Darby Weaver]

Definitely! It's for Cisco internal use only. Cisco implemented some kind of protection but it seems not too hard to work around it - at least if want to make it tick in a homelab and don't care about things like hostname or ip address.

However, it seems that up to now "only" the older IOU has been leaked but not the new L2IOU. Anyway, I guess it's just a matter of time...

Won't be long till it makes it public.

Edited by Darby Weaver, 13 June 2011 - 08:49 PM.

[Sunfish]

Cisco was never too serious about protection.

Well, it depends. Cisco can be very serious about it if they really want to.

To the best of my knowledge nobody has ever been able to break the license protection of the PIX/ASA devices - and I'm pretty sure nobody ever will.

Now Cisco is using the same pki mechanism to enforce the licenses on their ISR Generation 2 router series, metro-switches, 3560-X and 3750-X series switches, plus some other products. No hope for ever cracking that one!

[chrcel]

Well, it depends. Cisco can be very serious about it if they really want to.
To the best of my knowledge nobody has ever been able to break the license protection of the PIX/ASA devices - and I'm pretty sure nobody ever will.
Now Cisco is using the same pki mechanism to enforce the licenses on their ISR Generation 2 router series, metro-switches, 3560-X and 3750-X series switches, plus some other products. No hope for ever cracking that one!

well that is matter of resources. for serious businesses, they have to buy the license anyway so no gain to them. the new products you named use flex-lm or some sort of it, by the looks of it. and flex-lm has been cracked before. the reason why it will not happen is that there is no tangible benefit to anyone who does it. Every commercial protection has been been cracked it is a lost race from the start. All in all it is doable, but its not just worth the effort.
actually an interesting approach to this problem is taken by F5 Networks. whenever you want to upgrade you have to connect (or upload) to a web site post serial number and used licenses on the box. this is than verified against support contract and purchase orders DB. How easy and yet effective...

Edited by chrcel, 18 January 2011 - 05:06 AM.

[Sunfish]

I know that Cisco uses flex-lm for some of their software like Unity or NAC but I thought that the IOS feature protection is another story. It won't be difficult to develop a PKI based solution that is unbreakable - at least with today's technologies. Quantum computers may or may not change that one day.

Cisco could not care less about what people are doing in their homelabs but I heard from various Cisco sources that they loose a lot of money because companies found it just too tempting to "upgrade" their devices. Whether those companies will continue to buy those new protected devices is a different story of course.

If a protection is breakable then someone will do it. If not for money, then for glory and fame. Just a matter of time...

[Darby Weaver]

L2 IOU has been released.

Edited by Darby Weaver, 13 June 2011 - 08:49 PM.

[Darby Weaver]

Kinda feels like a 6500/Nexus hybrid under the hood.

Edited by Darby Weaver, 13 June 2011 - 08:48 PM.

[Darby Weaver]

FYI - L2 IOU did make its way public yesterday.

[faisal.saleem]

Any official URL for this news? Thanks.

[Sunfish]

I assume that Darby is referring to the thread that appeared at some well-known crap collection site yesterday.

It seems that some older L2 IOU version escaped into the wild. So it's no official news...

[TubigSuwah]

Yep, it is now on wild but it is still buggy.

[faisal.saleem]

Thanks Sunfish your statement seems valid. I was just wondering that why Cisco suddenly started to give it free perhaps they are making money via online labs using that IOU.

[Darby Weaver]

The Cisco Learning Network is offering L2 IOU Labs for sale -> $75.00 for 25 hours and so that is as official as it gets.

I've not purchased a session yet to say for sure whether or not it buggy or not.


Here's the real deal:



https://learningnetw...paign=Promo-CLL

[Darby Weaver]

I did buy 25 hours worth of Cisco IOU for MPLS.

[chrcel]

Here's the real deal:
https://learningnetw...paign=Promo-CLL

I had no idea such page actually existed. for the money, you can hardly go wrong

[Darby Weaver]

I'm going to rent them in late July or August and kick their tires for 25 hours of their labs and then 25 hours of mine.

[martinlo]

you can download LIVE Linux CD with L3/L2 IOU from several sites, so I guess, it is safe to say, it has been cracked and leaked.