Archive

Archive for July, 2012

ATM

July 29, 2012 Leave a comment

ATM:
– performs no error checking
– has no sequence numbers
– has exactly same frame size for every packet sent (53 bytes = 48 bytes data, 5bytes header)
– may occasionally be called “cell relay”
– integrates well with other network types
– used by 80% of SP for core
– is very fast

RFC 2684, 2225 (multiprotocol encapsulation over ATM adaptation Layer 5, classical IP)
– basic encapsulation
– allows for pvcs, svcs
– allows dynamic VPI/VCI configuration
– SP uses ILMI (interim LMI) to communicate PVC information

# sample config
R5
int ATM0/1
ip address 172.16.1.1 255.255.255.0
atm pvc 56 0 115 aal5snap (Name, VPI, VCI, locally significant) 56 = unique id (i.e. R5toR6); aal5snap = classic IP

ATM is the base of MPLS development

Categories: Cisco, Routing

Frame Relay

July 28, 2012 Leave a comment

Permanent virtual circuit (PVC) – gives appearance all end points are connected together
data link connection identifier (DLCI) – Numbers locally assigned for each originating circuit
local management interface (LMI) – language between CPE and ISP router
network-to-network interface (NNI) – configuration between ISP routers that provide the frame relay network
local access rate / committed information rate (CIR) – local access rate is physical connection speed (i.e. 1.544 T1), CIR is what ISP guarantees you (i.e. 128kbps), bw that is split out for PVCs

Hub and spoke lab (R3, R4 have to route through R2 to get to R2):
R1 ——– R2
|—- R3
|—- R4

R1
conf t
int s0/0
encapsulation frame-relay
ip address 10.1.1.1 255.255.255.0
no shut
show frame-relay lmi (check status sent/received)
show int s0/0 (LMI DLCI 1023, used for ISP to send info)

R2
int s0/0
encapsulation frame-relay
ip address 10.1.1.2 255.255.255.0
no shut
show frame-relay map <== 3 states
#active – local & remote connection working
#inactive – local connection working, remote is not
#deleted – local connect not working

show frame-relay pvc (shows status, pkts sent/rcvd, dlci)
# turn off inverse arp, if there are too many dlcis shown (CCIE lab)
# use subinterfaces for multiple p2p or p2m links, p2p is preferred)
R1
int s0/0
no frame-relay inverse-arp (prevents autodiscovery dlci…pertinent to ccie lab)
no arp frame-relay (prevents others from autodiscovering your dlci)
no ip address
end
clear frame-relay inarp (clear caches)
conf t
int s0/0.1 point-to-point (encap frame-relay has to already be ON on main interface)
ip address 10.1.1.1 255.255.255.0
frame-relay interfcace-dlci 102 (hard code dlci 102)
exit
# point to mulitpoint
int s0/0.2 multipoint
ip address 172.16.1.1 255.255.255.0
frame-relay map ip 172.16.1.2 103 broadcast (dlci 103 to remote router, broadcast allows routing protocols updates)
frame-relay map ip 172.16.1.3 104 broadcast (dlci 104 to other multilink)
show ip int brief
sh frame-relay map

R3
conf t
int s0/0
encapsulation frame-relay
no frame inverse-arp
no arp frame
ip address 172.16.1.2 255.255.255.0
frame map ip 172.16.1.1 301 broadcast
no shutdown

R4
conf t
int s0/0
encapsulation frame-relay
no frame inverse-arp
no arp frame
frame map ip 172.16.1.1 401 broadcast
no shut
show frame map

# now create mappings to get to R2, R3
frame map ip 172.16.1.2 401 broadcast

R3
conf t
int s0/0
frame map ip 172.16.1.3 301 broadcast
ping 172.16.1.1
show ip route (with eigrp networks would be advertised from R1 s0/0)
# Split horizon will prevent network advertisements going back the subinterfaces it came in from. R3 cannot see R4's LAN networks

R1
conf t
int s0/0.2
no ip split-horizon eigrp 1 (allow split horizon for eigrp AS 1, to allow eigrp adverts)

R4
# check if ip routes are now advertised
show ip route

## Frame Relay traffic shaping
CIR (committed information rate, i.e. 64kbps, guaranteed)
Tc (timing interval in 1/8s)
CIR/Tc = Bc (committed burst) = 64000/8 = 8000 bp per Tc
# If you don’t use all of your traffic, you can bank non-used bandwidth depending on ISP
Be (Excess Burst), the extra bw can have DE (discard eligible) added to FR headers

BECN – backwards explicit congestion notification (ISP tells your router to slow down, if congested)
FECN – forwards explicit congestion notification (SP adds header to target router to forward packet back to source router to slow down)
– routers drop both becn, fecn by default

1. create map-class and define parameters
2. interface configuration “frame traffic-shaping”
3. apply map-class to interface or pvc

R1 (R3 only has 28kbps)
conf t
map-class frame-relay SLOW
frame-relay adaptive-shaping becn
frame-relay mincir 24400 (do not go below 24kbps)
frame-relay cir 28800
frame-relay bc 3600 (28800/8 = 3600)
frame-relay be 200 (negotiated bonus bits from ISP)
# other options
frame-relay traffice-rate 28800 30000

show traffic-shape (nothing yet)
conf t
int s0/0
frame-relay traffic-shaping
int s0/0.1 (goes to R2)
frame-relay class SLOW (applied to interface, all subints will be affected too)
# Alternative to apply to specific dlci
frame-relay interface-dlci 102
frame-relay class SLOW
show traffic-shape

Categories: Cisco, Routing

HDLC and PPP

July 25, 2012 Leave a comment

# Cisco HDLC (enhanced HDLC)
– added keepalives
– added SLARP, gets IP address
– added STAC compression
– performance increases (7-12 byte header)

show controllers serial0/1
conf t
int s0/1
clock rate 64000
no shut
show interfaces serial 0/1
compress stac <== do on both sides of DCE, DTE

debug serial interface <== watches keepalives, 3 keepalives have to fail before link declared down

# PPP (data link protocol, use multilink to load balance)
# only 1 router configuration shown, must configure for each end point with same
int s0/0
encapsulation ppp
int s0/1
encapsulation ppp
exit
interface multilink 1
ip address 172.216.1.1 255.255.255.252
encapsulation ppp
multilink-group 1
int s0/0
multilink-group 1
int s0/1
multilink-group 1
show ppp multilink <== show load balancing
# authentication
conf t
username router2 password pass
int s0/0
ppp authentication chap
# On router2
conf t
username router1 password pass
int s0/0
ppp authentication chap
debug ppp authentication
# compression
conf t
int multilink 1
compress [mppc|predictor|stac] <== compresses pkts, mppc for MSFT clients, predictor (more memory, less cpu), stac (more cpu)
ip tcp header-compression <== only compress header
# options
ppp reliable-link <== error correction, L2
ppp quality 75 <== watch connection, see other side is received, if 75% pkts not received, drop line

debug ppp negotiation

# configuration on modems
conf t
int loopback 3
ip address 1.1.1.1 255.255.255.255
show line <== see aux port
conf t
line 129
transport input all
speed 38400
modem inout <== allow inbound/outbound calls
modem autoconfigure type usr_sportster <== usr_sportser is specific type here, can use "discovery" as well
show modecap <== show database of modems
show modemcap usr_sportser <== show configuration for this modem type
int async 129
encapsulation ppp
ppp authentication chap
async mode interactive <== allows for access to or through router, "dedicated" would only allow through the router
ip address 192.168.1.10 255.255.255.0
peer default ip address 192.168.1.11 <== assign IP to dial in
peer default ip address pool emergency <== assign IP pool to dial in
ip local pool emergency 192.168.1.11 192.168.1.12 <== give out 2 IPs
int async 129
dialer in-band <== sends digits on same line for outbound calls
dialer idle-timeout 60 <== disconnect if idle 60s

Categories: Cisco, Routing

Configuring Spanning Tree

July 24, 2012 Leave a comment

show spanning-tree
conf t
spanning-tree vlan 50 <== turns spanning tree on vlan 50
spanning-tree vlan 50 priority root primary <== make switch primary root, priority 24626
show spanning-tree vlan 50

# Modifying weight of spanning tree for a particular VLAN (load balancing)
conf t
int fa0/14
spanning-tree vlan 50 cost 4 <== sets the cost for this particular vlan
show spanning-tree blockedports <== show forwarded/blocked ports may change from new vlan cost

# Portfast
conf t
int fa0/5
spanning-tree portfast <== puts port in FWD mode, bypassing 35s STP process
# Protection from misconfiguration of port for portfast
conf t
spanning-tree portfast bpduguard <== if it sees BPDU packets, it will disable the port
spanning-tree portfast bpdufilter <== ignores BPDU packets
spanning-tree portfast default <== use with caution, enables portfast on all access ports

# Uplinkfast (Cisco proprietary, replaced by 802.1W rapid STP)
Places all ports going to same destination in uplink groups
If root port fails, transition is made to another port in the group
Takes ~5s to failover

conf t
spanning-tree uplinkfast

# Backbonefast (Cisco proprietary, replaced by 802.1W rapid STP)
If a switch with a port to the Root Port fails on that port, it may start generating ROOT BPDUs. The neighbor with Backbonefast configured will tell that switch that isn't the case and correct it.

conf t
spanning-tree backbonefast

# Rapid STP (backwards compat with 802.1d, on by default)
less states: discarding, learning, forwarding (blocking, listening are gone)
additional port roles: root port, designated port, alternate port, backup port, disabled port

conf t
spanning-tree mode rapid-pvst

Categories: Cisco, Switching

Cisco Switching notes

July 24, 2012 Leave a comment

When setting up a switch, enable the following commands:
conf t
line con 0
logging synchronous <== cause console messages to be written on a newline instead of current
no exec-timeout
no ip domain-lookup
# Don't use VLAN1 as mgmt, security hole since all switches use VLAN1 as admin

show ip int brief
alias exec s show ip int brief <== create shortcut "s" for "show ip int brief"

# Set up mgmt VLAN
cont t
int vlan 128
ip address 192.168.1.2 255.255.255.0
## Use "ip default-gateway" only if switch is not L3 capable
username admin password pass
service password-encryption
enable secret pass
line con 0
login local
exit
line vty 1 15
login local
privilege level 15 <== allows user login to immediately gain privileged (enable) mode access
line con 0
privilege level 15

# 2 ways to create VLANs
# Method 1:
vlan database <== being deprecated
# Method 2:
conf t
vlan 50
name VLAN_50
vlan 100
name VLAN_150

conf t
int range fastEthernet 0/22 – 24
switchport trunk encapsulation dot1q <== ISL being phased out by Cisco, avoid using it
switchport mode trunk

conf t
vtp mode server
vtp domain vtpdom
vtp password vtpdom
vtp version 2 <== VTP version 3 checks authentication so your switch config will be safer from rogue switch added
show vtp status

show spanning-tree blockedports

# Etherchannel (layer2)
conf t
int range fastEthernet 0/22 – 24
channel-group 1 mode desirable <== use desirable for PAgP protocol and tries to Etherchannel all ports
show etherchannel

# Etherchannel (layer3)
interface port-channel 1
no switchport <== turns off switching and supports L3 and can now add IP

# VLAN access map (create a drop map in example below)
conf t
access-list 101 permit ip host 192.168.2.2 host 192.168.2.3
vlan access-map DROP_MAP 20 <== allows 19 more before it, 0-65535)
action drop <== drop or forward
match ip address 101 <== match using access list
conf t
vlan filter DROP_MAP vlan-list 200 <== deny IP traffic within VLAN 200

# VLAN access map by MAC addr
vlan access-map deny_mac 20
action drop
match mac address invalid_mac
exit
mac access-list extended invalid_mac
permit host 00e0.1e58.598a host 00e1.6543.1234
exit
vlan filter deny_mac vlan-list 200 <== deny traffic by mac

# Protected mode
Ports in "Protected mode" can only communicate with unprotected ports and cannot with other Protected ports on same VLAN
conf t
int fa0/5
switchport protected
switchport block [unicast|multicast] <== prevents unknown MAC addr from being sent out
show int fa0/5 switchport

Categories: Cisco, Switching