Tài liệu Bridging Lab Scenarios docx

version 11.3 service timestamps debug uptime service timestamps log uptime no service password-encryption!. version 11.3 service timestamps debug uptime service timestamps log uptime no

Trang 1

Date of Issue: 01-01-2000

Bridging Lab Scenarios

by David Wolsefer

Introduction

Scenario 1 - A LAT Challenge

Equipment

The Setup

Objectives

Solution

R4's Configuration

R6's Final Configuration

Scenario 2 - Troubleshooting IRB

Equipment

Objectives

The Setup

R1:

R2:

R3:

R4:

Hints

Bugs Revealed

Solution

R2 Final Configuration:

Introduction

I developed these scenarios during my own preparation for the CCIE laboratory exam The first scenario is designed

to demonstrate how to configure a LAT service and use both one and two step LAT translation The second scenario

is a complex IRB scenario requiring the reader to troubleshoot numerous routers and illustrates a number of key issues one might encounter when configuring both transparent bridging and IRB

Scenario 1 - A LAT Challenge

Equipment

This scenario requires 3 routers and the proper version of IOS I suggest you use Enterprise or Enterprise Plus IOS The actual routers I used were a 2511 for R1, a 2513 for R4, and a 2524 for R6

The Setup

Trang 2

Disable IP routing on R6 and remove all IP addresses from R6 Enable LAT on the E0 interface of R6 and configure a LAT service named CCIE Verify using appropriate debug and show commands Configure R4 to translate the

160.10.1.2 address to the LAT CCIE service Verify one-step translation by Telnetting to 160.10.1.2 from R1 If the translation is configured correctly, you will find yourself at R6 as seen below:

r1#160.10.1.2

Trying 160.10.1.2 Open

Trying CCIE Open

Notice that you in effect Telnetted to R4, where one-step translation LATed you to R6

Now try two-step translation Telnet into R4 and then LAT to CCIE as shown below:

r4#lat CCIE

Trying CCIE Open

r6#

Solution

R4's Configuration

Current configuration:

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname r4

!

ip tcp synwait-time 5

no ip domain-lookup

!

interface Loopback0

ip address 160.10.1.1 255.255.255.0

!

interface Ethernet0

ip address 172.16.40.4 255.255.255.0

lat enabled

!

interface Serial0

no ip address

encapsulation frame-relay

no ip mroute-cache

lat enabled

no fair-queue

clockrate 56000

no frame-relay inverse-arp

!

interface Serial0.1 point-to-point

ip address 172.16.60.4 255.255.255.0

ip ospf network non-broadcast

frame-relay interface-dlci 201

!

interface Serial1

no ip address

shutdown

!

interface TokenRing0

Trang 3

ip address 172.16.240.4 255.255.255.0

ring-speed 16

!

router ospf 1

redistribute connected subnets

passive-interface TokenRing0

network 172.16.40.0 0.0.0.255 area 0

network 172.16.60.0 0.0.0.255 area 0

!

ip classless

!

translate tcp 160.10.1.2 lat CCIE

alias exec r show run

alias exec i show ip route

alias exec br show ip int brief

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

R6's Final Configuration

r6#r

Building configuration

!

version 11.3

!

hostname r6

!

no ip routing < - IP routing completely disabled

no ip domain-lookup

!

interface Ethernet0

no ip address

no ip route-cache

lat enabled < - LAT enabled on E0 interface

!

ip classless

!

lat service CCIE enabled < LAT service "CCIE" enabled

lat service SHOWRUN autocommand show run

lat service SHOWRUN enabled

!

alias exec br sho ip int brief

!

line con 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

Scenario 2 - Troubleshooting IRB

Trang 4

This scenario requires 4 routers to complete as is R5 is not really necessary since we are just pinging the BVI

interface, which would route to R5

Objectives

The objective of this lab is to troubleshoot a complex scenario using multiple routers configured for transparent

bridging and IRB When the network is configured correctly, you should be able to ping from the S0.1 interface of R2

to the BVI interface of R3 The IP address of R2's sub-interface S0.1 is 172.16.70.2 and the IP address of R3's BVI Interface is 172.16.70.3 You need to make sure that R1 is always the root bridge and that all bridging loops are eliminated Use the IEEE spanning tree protocol You may only use the "bridge 1 route IP" statement on a single router All traffic must traverse the R4 router You should remove all IP routing on R1 and R4 and all IP addresses on R1, R4, and R3's Serial 0.1 and Ethernet 1 Interfaces R3 may only route on the E 0 interface All other interfaces on R3 should be configured for bridging only

The Setup

The following configurations should be cut and pasted into your routers before beginning troubleshooting If you do not have routers that have the same interfaces as depicted in the diagram, adjust your configurations as necessary Here are the configurations:

R1:

!

version 11.3

!

hostname r1

!

no ip routing

no ip domain-lookup

ip host frsw 2001 1.1.1.1

Trang 5

ip host r2 2004 1.1.1.1

ip host r3 2003 1.1.1.1

ip host r4 2002 1.1.1.1

ip host r6 2006 1.1.1.1

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

no ip route-cache

no ip mroute-cache

!

interface Loopback10

description DO NOT DISTURB - for use by golab scripts

ip address 10.255.255.254 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0

no ip address

no ip route-cache

no ip mroute-cache

shutdown

no lat enabled

!

interface Serial0

no ip address

no ip route-cache

no ip mroute-cache

lat enabled

clockrate 56000

no frame-relay inverse-arp

!

no ip route-cache

no ip mroute-cache

bridge-group 1

!

interface Serial0.2 multipoint

no ip route-cache

no ip split-horizon

no ip mroute-cache

bridge-group 1

bridge-group 1 priority 255

!

interface Serial1

ip address 192.168.4.1 255.255.255.0

encapsulation x25 dce

no ip route-cache

no ip mroute-cache

shutdown

x25 address 112233

x25 map ip 192.168.4.2 556677 broadcast

clockrate 56000

!

ip classless

!

bridge irb

bridge 1 protocol ieee

bridge 1 priority 128

alias exec s show ses

!

line con 0

exec-timeout 0 0

privilege level 15

line 1 8

modem Host

transport input all

line 9 16

line aux 0

Trang 6

line vty 0 4

privilege level 15

no login

!

end

R2:

!

version 11.3

!

hostname r2

!

no ip routing

no ip domain-lookup

!

interface Serial0

no ip address

no ip route-cache

no ip mroute-cache

!

ip address 172.16.70.2 255.255.255.0

no ip route-cache

!

interface Serial1

no ip address

no ip route-cache

shutdown

!

no ip address

no ip route-cache

shutdown

!

interface BRI0

no ip address

no ip route-cache

shutdown

!

ip classless

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

R3:

r3#sh run

Trang 7

version 11.3

!

hostname r3

!

no ip routing

no ip domain-lookup

!

interface Ethernet0

ip address 172.16.30.3 255.255.252.0

no ip route-cache

!

interface Ethernet1

no ip address

no ip route-cache

bridge-group 1

!

interface Serial0

no ip address

no ip route-cache

no ip mroute-cache

!

no ip route-cache

bridge-group 1

!

interface Serial1

no ip address

no ip route-cache

shutdown

!

interface BVI1

ip address 172.16.70.3 255.255.255.0

!

ip classless

!

bridge irb

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

R4:

r4#r

!

version 11.3

!

Trang 8

hostname r4

!

no ip routing

no ip domain-lookup

!

interface Ethernet0

no ip address

no ip route-cache

bridge-group 1

bridge-group 1 priority 0

!

interface Serial0

no ip address

no ip route-cache

no ip mroute-cache

no fair-queue

clockrate 56000

!

no ip route-cache

bridge-group 1

!

interface Serial1

no ip address

no ip route-cache

shutdown

!

no ip address

no ip route-cache

shutdown

!

ip classless

!

bridge irb

bridge 1 protocol dec

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

Hints

1 Use the Show Span command to make sure each router is running the IEEE spanning tree protocol and that the

correct interfaces are blocking

2 Use the Debug Span Tree command to see where BPDUs are being forwarded

3 Use the Show Bridge command to see which MAC addresses each router is bridging.

4 Use the Show Interface IRB command to see which interfaces are routing and bridging IP.

5 Use the Debug Span Events command to monitor a given bridge's state Is it forwarding, blocking, listening, or

learning?

Trang 9

6 Is the correct port blocking or forwarding? Which port is the root port? Which port is the designated port? Which bridge is the root bridge? You may need to manipulate priority to make sure the correct router is the root bridge

7 Use the show IP protocol command to make sure R1 and R4 are not routing IP.

8 Do you need a frame map statement for physical and multipoint interfaces when you are bridging?

9 You must have the "bridge 1 route IP" command if you want to route and bridge on a given router using IRB

Bugs Revealed

Each router has two different bugs Here is a breakdown of the bugs:

• R1, changed the router's priority to 255 making R1 least likely to be the root bridge

• R1, eliminated the frame map bridge statements, these statements are necessary for NBMA networks

• R4, changed the spanning tree protocol to DEC, the correct protocol is IEEE

• R4, changed router's priority to 0, making it the root bridge instead of R1

• R3, missing bridge 1 route ip statement, this is necessary for the BVI to route IP to an interface

• R3, is missing a cost 65535 statement, which is necessary to place interface s 0.1 into blocking state and eliminate the bridging loop

Solution

Test that your solution is correct by pinging the BVI IP address on R3 from R2 Do a trace route to see that all the routers in between are configured as transparent bridges Sample output is given below followed by the final

configuration for each router:

r2#trace 172.16.70.3

Type escape sequence to abort

Tracing the route to 172.16.70.3

1 172.16.70.3 116 msec * 100 msec

r2#ping 172.16.70.3

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 172.16.70.3,

timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5),

round-trip min/avg/max = 184/196/204 ms

r2#

R2 Final Configuration:

Note: R2 has no special configuration since it is a non-bridging router

r2#r

!

version 11.3

!

hostname r2

!

Trang 10

no ip routing

no ip domain-lookup

!

interface Serial0

no ip address

no ip route-cache

no ip mroute-cache

!

ip address 172.16.70.2 255.255.255.0

no ip route-cache

!

interface Serial1

no ip address

no ip route-cache

shutdown

!

no ip address

no ip route-cache

shutdown

!

interface BRI0

no ip address

no ip route-cache

shutdown

!

ip classless

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

r3#r

!

version 11.3

!

hostname r3

!

no ip routing

no ip domain-lookup

!

interface Ethernet0

ip address 172.16.30.3 255.255.252.0

no ip route-cache

Trang 11

interface Ethernet1

no ip address

no ip route-cache

bridge-group 1

!

interface Serial0

no ip address

no ip route-cache

no ip mroute-cache

!

no ip route-cache

bridge-group 1

bridge-group 1 path-cost 65535

!

interface Serial1

no ip address

no ip route-cache

shutdown

!

interface BVI1

ip address 172.16.70.3 255.255.255.0

!

ip classless

!

bridge irb

bridge 1 route ip

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

r4#r

!

version 11.3

!

hostname r4

!

no ip routing

no ip domain-lookup

!

interface Ethernet0

no ip address

no ip route-cache

bridge-group 1

!

interface Serial0

no ip address

Trang 12

no ip route-cache

no ip mroute-cache

no fair-queue

clockrate 56000

!

no ip route-cache

bridge-group 1

!

interface Serial1

no ip address

no ip route-cache

shutdown

!

no ip address

no ip route-cache

shutdown

!

ip classless

!

bridge irb

!

line con 0

exec-timeout 0 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

no login

!

end

r1#r

!

version 11.3

!

hostname r1

!

no ip routing

no ip domain-lookup

ip host frsw 2001 1.1.1.1

ip host r2 2004 1.1.1.1

ip host r3 2003 1.1.1.1

ip host r4 2002 1.1.1.1

ip host r6 2006 1.1.1.1

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

no ip route-cache

no ip mroute-cache

!

interface Loopback10

description DO NOT DISTURB - for use by golab scripts

ip address 10.255.255.254 255.255.255.0

Tiêu đề	Bridging lab scenarios
Tác giả	David Wolsefer
Thể loại	Study guide
Năm xuất bản	2000

Định dạng
Số trang	14
Dung lượng	59,97 KB