After you finish configuration the routing protocols and redistributions, you need to test connectivity to all the interfaces for all routers.
We can configure TCL Script to achieve this:
Router##tclsh
+>foreach address {
+>192.168.1.1
+>192.168.1.2
+>192.168.1.3
+>192.168.1.4
+>} { ping $address }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/89 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router(tcl)#exit
Router#
Wednesday, March 26, 2008
Tuesday, March 25, 2008
Reflective ACL and Local PBR
The locally generated traffic from the router doesn't go through the ACL configured on the interface, so it would be some problem for the reflective ACL. The ACL won't allow the return traffic to pass through.
R1------Frame Relay------R2
R1 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.1 255.255.255.0
ip access-group inbound in
ip access-group outbound out
frame-relay interface-dlci 102
!
ip access-list extended inbound
permit ospf any any
evaluate TELNET
ip access-list extended outbound
permit ospf any any
permit tcp any any eq telnet reflect TELNET
!
R2 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.2 255.255.255.0
frame-relay interface-dlci 201
!
Telnet from R1 to R2 will be timed out.
What you can do is to create a loopback interface on R1 and configure a local PBR to direct the telnet traffic generated from R1 to go to the loopback interface.
R1:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
access-list 100 permit tcp any any eq telnet
!
!
!
route-map myPolicy permit 10
match ip address 100
set ip next-hop 10.10.10.10
!
ip local policy route-map myPolicy
!
By doing so, you force the traffic generated from the router to go back into the routing process, and go through the outbound ACL. And the reflective ACL would open a stateful hole for the return traffic.
R1------Frame Relay------R2
R1 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.1 255.255.255.0
ip access-group inbound in
ip access-group outbound out
frame-relay interface-dlci 102
!
ip access-list extended inbound
permit ospf any any
evaluate TELNET
ip access-list extended outbound
permit ospf any any
permit tcp any any eq telnet reflect TELNET
!
R2 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.2 255.255.255.0
frame-relay interface-dlci 201
!
Telnet from R1 to R2 will be timed out.
What you can do is to create a loopback interface on R1 and configure a local PBR to direct the telnet traffic generated from R1 to go to the loopback interface.
R1:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
access-list 100 permit tcp any any eq telnet
!
!
!
route-map myPolicy permit 10
match ip address 100
set ip next-hop 10.10.10.10
!
ip local policy route-map myPolicy
!
By doing so, you force the traffic generated from the router to go back into the routing process, and go through the outbound ACL. And the reflective ACL would open a stateful hole for the return traffic.
IPv6 over Frame Relay and OSPF
When you configure multi-point Frame Relay for IPv6, to make the OSPF working for the interface, you need to manually map the link-local address to dlci.
R1 (2001::1/64, FE80::1 ) ------ R2 (2001::2/64, FE80::2)
R1 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::1/64
ipv6 address FE80::1 link-local
frame map ipv6 2001::2 102 broadcast
frame map ipv6 FE80::2 102 broadcast
ipv6 ospf 1 area 0
R2 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::2/64
ipv6 address FE80::2 link-local
frame map ipv6 2001::1 201 broadcast
frame map ipv6 FE80::1 201 broadcast
ipv6 ospf 1 area 0
R1 (2001::1/64, FE80::1 ) ------ R2 (2001::2/64, FE80::2)
R1 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::1/64
ipv6 address FE80::1 link-local
frame map ipv6 2001::2 102 broadcast
frame map ipv6 FE80::2 102 broadcast
ipv6 ospf 1 area 0
R2 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::2/64
ipv6 address FE80::2 link-local
frame map ipv6 2001::1 201 broadcast
frame map ipv6 FE80::1 201 broadcast
ipv6 ospf 1 area 0
Saturday, March 22, 2008
PPP Small Tips
- ppp lcp predictive (to reduce the time LCP uses to negotiate with the peer)
- ppp quality percentage (to shutdown the port if the quality of the link - both incoming and outgoing - drops below the percentage)
Multilink Frame Relay
The maximum speed of traditional frame relay is 2M, and due to the new feature of Cisco IOS, FRF.16.1, you can bindle multiple frame relay links together to increase the bandwidth.
Restrictions of MFR:
1. Frame Relay fragmentation (FRF.12) is not supported.
2. Cisco Express Forwarding (CEF) is not supported.
Configuration Example for Multilink Frame Relay:
R6 ====(2 FR links)====R9
Configuration of R6:
interface MFR1
no ip address
!
interface MFR1.1 point-to-point
ip address 150.50.69.1 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
Configuration of R9:
frame-relay switching
!
interface MFR1
no ip address
frame-relay intf-type dce
!
interface MFR1.1 point-to-point
ip address 150.50.69.2 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/3
no ip address
TIPS:
One side needs to configure as intf-type dce, and to configure intf-type dce, frame-relay switching must be enabled.
Restrictions of MFR:
1. Frame Relay fragmentation (FRF.12) is not supported.
2. Cisco Express Forwarding (CEF) is not supported.
Configuration Example for Multilink Frame Relay:
R6 ====(2 FR links)====R9
Configuration of R6:
interface MFR1
no ip address
!
interface MFR1.1 point-to-point
ip address 150.50.69.1 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
Configuration of R9:
frame-relay switching
!
interface MFR1
no ip address
frame-relay intf-type dce
!
interface MFR1.1 point-to-point
ip address 150.50.69.2 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/3
no ip address
TIPS:
One side needs to configure as intf-type dce, and to configure intf-type dce, frame-relay switching must be enabled.
Subscribe to:
Posts (Atom)