To configure triggered update for RIP, you need to enable following command on the interface configuration mode:
ip rip triggered
This command only works on point-to-point sub-interface if it is a Frame-Relay interface.
Wednesday, May 28, 2008
Tuesday, May 20, 2008
Bridging over Frame Relay
Three routers connecting to the frame relay cloud with hub spoke topology, with R1 being the hub and R2 and R3 being the spokes.
R2 --(201)--(102)--R1--(103)--(301)--R3
IP address on R2 is 10.10.10.2/31, and IP address on R3 is 10.10.10.3/31.
Because the subnet mask is 31 bit, there is no space for R1. We have to run bridge over frame relay.
We will enable IRB on R2 and R3, and either IRB or CRB on R1. We will create two multipoint sub-interfaces on R1, to map the dlci with the bridge-group and bridge the DLCIs together.
Configurations below:
R1
bridge crb
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.1 multipoint
frame-relay map bridge 102 broadcast
bridge-group 1
!
interface Serial1/0.2 multipoint
frame-relay map bridge 103 broadcast
bridge-group 1
!
bridge 1 protocol ieee
R2
bridge irb
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay map bridge 201 broadcast
no frame-relay inverse-arp
bridge-group 1
!
interface BVI1
ip address 10.10.10.2 255.255.255.254
!
bridge 1 protocol ieee
bridge 1 route ip
!
R3
bridge irb
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay map bridge 301 broadcast
no frame-relay inverse-arp
bridge-group 1
!
interface BVI1
ip address 10.10.10.3 255.255.255.254
!
bridge 1 protocol ieee
bridge 1 route ip
!
Pinging R2 from R3 to test:
R3#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/228/276 ms
R3#
R2 --(201)--(102)--R1--(103)--(301)--R3
IP address on R2 is 10.10.10.2/31, and IP address on R3 is 10.10.10.3/31.
Because the subnet mask is 31 bit, there is no space for R1. We have to run bridge over frame relay.
We will enable IRB on R2 and R3, and either IRB or CRB on R1. We will create two multipoint sub-interfaces on R1, to map the dlci with the bridge-group and bridge the DLCIs together.
Configurations below:
R1
bridge crb
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.1 multipoint
frame-relay map bridge 102 broadcast
bridge-group 1
!
interface Serial1/0.2 multipoint
frame-relay map bridge 103 broadcast
bridge-group 1
!
bridge 1 protocol ieee
R2
bridge irb
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay map bridge 201 broadcast
no frame-relay inverse-arp
bridge-group 1
!
interface BVI1
ip address 10.10.10.2 255.255.255.254
!
bridge 1 protocol ieee
bridge 1 route ip
!
R3
bridge irb
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
frame-relay map bridge 301 broadcast
no frame-relay inverse-arp
bridge-group 1
!
interface BVI1
ip address 10.10.10.3 255.255.255.254
!
bridge 1 protocol ieee
bridge 1 route ip
!
Pinging R2 from R3 to test:
R3#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/228/276 ms
R3#
Tuesday, May 13, 2008
Catalyst 3550 and WCCP
To enable WCCP on Cisco Catalyst 3550 switch, first, you need to enable the SDM for routing with extended-match:
sdm prefer routing extended-match
Secondly, enable wccp globly:
ip wccp web-cache
Thirdly, WCCP on 3550 can only run inbound redirect, so under the user interface, run
ip wccp web-cache redirect in
sdm prefer routing extended-match
Secondly, enable wccp globly:
ip wccp web-cache
Thirdly, WCCP on 3550 can only run inbound redirect, so under the user interface, run
ip wccp web-cache redirect in
Saturday, May 10, 2008
Frame-Relay Traffic Shaping and QoS
When configuring frame relay traffic shaping and applying service policy to the map-class, keep the followings in mind:
- Use 'max-reserved-bandwidth' interface command to change the bandwidth available.
- Configure the 'frame-relay mincir' under the map-class to guarantee the bandwidth.
Tuesday, April 1, 2008
Frame Relay Full Status Polling
Cisco Frame Relay interface will send 6 keeps of exchanges before requesting a full status message.
This is done by keepalive packets. Every 10 seconds, it sends out a keepalive message, and every 60 seconds (6 times of keepalives), it requests a full status message.
If not allowed to change the keepalive, you can use 'frame-relay lmi-n391dte keep-exchanges' command to change the number of keepalives to request the full status message.
For example, if you are required to change the full status message interval to 180 seconds, and you are not allowed to change the keepalive interval, you can change the keep-exchanges to 18 using 'frame-relay lmi-n391dte 18'.
This is done by keepalive packets. Every 10 seconds, it sends out a keepalive message, and every 60 seconds (6 times of keepalives), it requests a full status message.
If not allowed to change the keepalive, you can use 'frame-relay lmi-n391dte keep-exchanges' command to change the number of keepalives to request the full status message.
For example, if you are required to change the full status message interval to 180 seconds, and you are not allowed to change the keepalive interval, you can change the keep-exchanges to 18 using 'frame-relay lmi-n391dte 18'.
Wednesday, March 26, 2008
TCL Script to Test Reachabilities
After you finish configuration the routing protocols and redistributions, you need to test connectivity to all the interfaces for all routers.
We can configure TCL Script to achieve this:
Router##tclsh
+>foreach address {
+>192.168.1.1
+>192.168.1.2
+>192.168.1.3
+>192.168.1.4
+>} { ping $address }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/89 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router(tcl)#exit
Router#
We can configure TCL Script to achieve this:
Router##tclsh
+>foreach address {
+>192.168.1.1
+>192.168.1.2
+>192.168.1.3
+>192.168.1.4
+>} { ping $address }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/89 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router(tcl)#exit
Router#
Tuesday, March 25, 2008
Reflective ACL and Local PBR
The locally generated traffic from the router doesn't go through the ACL configured on the interface, so it would be some problem for the reflective ACL. The ACL won't allow the return traffic to pass through.
R1------Frame Relay------R2
R1 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.1 255.255.255.0
ip access-group inbound in
ip access-group outbound out
frame-relay interface-dlci 102
!
ip access-list extended inbound
permit ospf any any
evaluate TELNET
ip access-list extended outbound
permit ospf any any
permit tcp any any eq telnet reflect TELNET
!
R2 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.2 255.255.255.0
frame-relay interface-dlci 201
!
Telnet from R1 to R2 will be timed out.
What you can do is to create a loopback interface on R1 and configure a local PBR to direct the telnet traffic generated from R1 to go to the loopback interface.
R1:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
access-list 100 permit tcp any any eq telnet
!
!
!
route-map myPolicy permit 10
match ip address 100
set ip next-hop 10.10.10.10
!
ip local policy route-map myPolicy
!
By doing so, you force the traffic generated from the router to go back into the routing process, and go through the outbound ACL. And the reflective ACL would open a stateful hole for the return traffic.
R1------Frame Relay------R2
R1 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.1 255.255.255.0
ip access-group inbound in
ip access-group outbound out
frame-relay interface-dlci 102
!
ip access-list extended inbound
permit ospf any any
evaluate TELNET
ip access-list extended outbound
permit ospf any any
permit tcp any any eq telnet reflect TELNET
!
R2 Configuration:
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/0.1 point-to-point
ip address 10.1.12.2 255.255.255.0
frame-relay interface-dlci 201
!
Telnet from R1 to R2 will be timed out.
What you can do is to create a loopback interface on R1 and configure a local PBR to direct the telnet traffic generated from R1 to go to the loopback interface.
R1:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
access-list 100 permit tcp any any eq telnet
!
!
!
route-map myPolicy permit 10
match ip address 100
set ip next-hop 10.10.10.10
!
ip local policy route-map myPolicy
!
By doing so, you force the traffic generated from the router to go back into the routing process, and go through the outbound ACL. And the reflective ACL would open a stateful hole for the return traffic.
IPv6 over Frame Relay and OSPF
When you configure multi-point Frame Relay for IPv6, to make the OSPF working for the interface, you need to manually map the link-local address to dlci.
R1 (2001::1/64, FE80::1 ) ------ R2 (2001::2/64, FE80::2)
R1 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::1/64
ipv6 address FE80::1 link-local
frame map ipv6 2001::2 102 broadcast
frame map ipv6 FE80::2 102 broadcast
ipv6 ospf 1 area 0
R2 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::2/64
ipv6 address FE80::2 link-local
frame map ipv6 2001::1 201 broadcast
frame map ipv6 FE80::1 201 broadcast
ipv6 ospf 1 area 0
R1 (2001::1/64, FE80::1 ) ------ R2 (2001::2/64, FE80::2)
R1 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::1/64
ipv6 address FE80::1 link-local
frame map ipv6 2001::2 102 broadcast
frame map ipv6 FE80::2 102 broadcast
ipv6 ospf 1 area 0
R2 configuration:
interface serial 0
encapsulation frame-relay
ipv6 address 2001::2/64
ipv6 address FE80::2 link-local
frame map ipv6 2001::1 201 broadcast
frame map ipv6 FE80::1 201 broadcast
ipv6 ospf 1 area 0
Saturday, March 22, 2008
PPP Small Tips
- ppp lcp predictive (to reduce the time LCP uses to negotiate with the peer)
- ppp quality percentage (to shutdown the port if the quality of the link - both incoming and outgoing - drops below the percentage)
Multilink Frame Relay
The maximum speed of traditional frame relay is 2M, and due to the new feature of Cisco IOS, FRF.16.1, you can bindle multiple frame relay links together to increase the bandwidth.
Restrictions of MFR:
1. Frame Relay fragmentation (FRF.12) is not supported.
2. Cisco Express Forwarding (CEF) is not supported.
Configuration Example for Multilink Frame Relay:
R6 ====(2 FR links)====R9
Configuration of R6:
interface MFR1
no ip address
!
interface MFR1.1 point-to-point
ip address 150.50.69.1 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
Configuration of R9:
frame-relay switching
!
interface MFR1
no ip address
frame-relay intf-type dce
!
interface MFR1.1 point-to-point
ip address 150.50.69.2 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/3
no ip address
TIPS:
One side needs to configure as intf-type dce, and to configure intf-type dce, frame-relay switching must be enabled.
Restrictions of MFR:
1. Frame Relay fragmentation (FRF.12) is not supported.
2. Cisco Express Forwarding (CEF) is not supported.
Configuration Example for Multilink Frame Relay:
R6 ====(2 FR links)====R9
Configuration of R6:
interface MFR1
no ip address
!
interface MFR1.1 point-to-point
ip address 150.50.69.1 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
Configuration of R9:
frame-relay switching
!
interface MFR1
no ip address
frame-relay intf-type dce
!
interface MFR1.1 point-to-point
ip address 150.50.69.2 255.255.255.252
frame-relay interface-dlci 96
!
interface Serial1/1
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/2
no ip address
encapsulation frame-relay MFR1
serial restart-delay 0
no arp frame-relay
!
interface Serial1/3
no ip address
TIPS:
One side needs to configure as intf-type dce, and to configure intf-type dce, frame-relay switching must be enabled.
Subscribe to:
Posts (Atom)