Documenting
my use of Cisco routers and Switches
--------------------------------------------------------------------------------------------------------------------------
This blog post documents my Internetworking Home Lab practice using Cisco
routers and Switches using GNS3 software on Windows 7 withing a VWware ESXi Hypervisor.
This is a recreation of the my Internetworking Technologies (Fall 2013) course weekly exercises. I simply recreated the network scenarios in my home lab.
I have currently implemented the following (in blue), and I use this setup from time to time to practice different networking technologies:
Layer
2 & 3 Connectivity
- VLANs
- VLAN Trunking
- IP Addressing
|
Frame
Relay
· Point-to-point
· Multiplepoint
|
Routing
Protocols
· RIPv2
· Multi-area OSPF
· BGP
|
MPLS
· Frame-mode MPLS
· Layer 2 MPLS VPN
· Layer 3 MPLS VPN
|
1. Overview
Figure 1 below
is a screenshot showing both the Ethernet and Serial physical network topology
of my test network. Routers 1 - 8 (R1 – R8) are Cisco c7200 router, while
Switches 1 – 3 (SW1 – SW3) are Cisco Routers c3725 being used as switches.
Figure 1: Test network in GNS3
running on a Windows 7 virtual machine within an ESXi 5.5 host
2. Physical Topology
Figures 2 - 3 show the Ethernet
Connections and Serial Connections respectively.
Tables 1 and 2 also shows the
physical Ethernet and Serial topology connections respectively.
Table 3
shows the Frame-relay switching table details.
3. Logical Topology
Figures 4 – 6 show Layer 3 Topology,
Routing Protocols and MPLS VPNs respectively. Tables 4 – 6 show details of the
interfaces advertised into OSPF Process 1, OSPF Process 28 and RIPv2
respectively.
Figure 2: Physical Network Topology –
Ethernet Connections
Figure 3: Physical Network Topology – Serial Connections
Device
|
Interface
|
Device
|
Interface
|
R1
|
FastEthernet1/0
|
SW1
|
FastEthernet1/1
|
R1
|
FastEthernet2/0
|
SW2
|
FastEthernet1/1
|
R1
|
FastEthernet3/0
|
SW3
|
FastEthernet1/1
|
R2
|
FastEthernet1/0
|
SW1
|
FastEthernet1/2
|
R2
|
FastEthernet2/0
|
SW2
|
FastEthernet1/2
|
R2
|
FastEthernet3/0
|
SW3
|
FastEthernet1/2
|
R3
|
FastEthernet1/0
|
SW1
|
FastEthernet1/3
|
R3
|
FastEthernet2/0
|
SW2
|
FastEthernet1/3
|
R3
|
FastEthernet3/0
|
SW3
|
FastEthernet1/3
|
R4
|
FastEthernet1/0
|
SW1
|
FastEthernet1/4
|
R4
|
FastEthernet2/0
|
SW2
|
FastEthernet1/4
|
R4
|
FastEthernet3/0
|
SW3
|
FastEthernet1/4
|
R5
|
FastEthernet1/0
|
SW1
|
FastEthernet1/5
|
R5
|
FastEthernet2/0
|
SW2
|
FastEthernet1/5
|
R5
|
FastEthernet3/0
|
SW3
|
FastEthernet1/5
|
R6
|
FastEthernet1/0
|
SW1
|
FastEthernet1/6
|
R6
|
FastEthernet2/0
|
SW2
|
FastEthernet1/6
|
R6
|
FastEthernet3/0
|
SW3
|
FastEthernet1/6
|
R7
|
FastEthernet1/0
|
SW1
|
FastEthernet1/7
|
R7
|
FastEthernet2/0
|
SW2
|
FastEthernet1/7
|
R7
|
FastEthernet3/0
|
SW3
|
FastEthernet1/7
|
R8
|
FastEthernet1/0
|
SW1
|
FastEthernet1/8
|
R8
|
FastEthernet2/0
|
SW2
|
FastEthernet1/8
|
R8
|
FastEthernet3/0
|
SW3
|
FastEthernet1/8
|
SW1
|
FastEthernet1/12
|
SW2
|
FastEthernet1/12
|
SW1
|
FastEthernet1/13
|
SW2
|
FastEthernet1/13
|
SW1
|
FastEthernet1/14
|
SW3
|
FastEthernet1/12
|
SW1
|
FastEthernet1/15
|
SW3
|
FastEthernet1/13
|
SW2
|
FastEthernet1/14
|
SW3
|
FastEthernet1/14
|
SW2
|
FastEthernet1/15
|
SW3
|
FastEthernet1/15
|
Table 1: Ethernet Connections
Device
|
Interface
|
Device
|
Interface
|
R1
|
Serial6/0
|
FRSW
|
1
|
R1
|
Serial6/1
|
FRSW
|
11
|
R1
|
Serial6/2
|
R8
|
Serial6/3
|
R1
|
Serial6/3
|
R2
|
Serial6/2
|
R2
|
Serial6/0
|
FRSW
|
2
|
R2
|
Serial6/1
|
FRSW
|
12
|
R2
|
Serial6/3
|
R3
|
Serial6/2
|
R3
|
Serial6/0
|
FRSW
|
3
|
R3
|
Serial6/1
|
FRSW
|
13
|
R3
|
Serial6/3
|
R4
|
Serial6/2
|
R4
|
Serial6/0
|
FRSW
|
4
|
R4
|
Serial6/1
|
FRSW
|
14
|
R4
|
Serial6/3
|
R5
|
Serial6/2
|
R5
|
Serial6/0
|
FRSW
|
5
|
R5
|
Serial6/1
|
FRSW
|
15
|
R5
|
Serial6/3
|
R6
|
Serial6/2
|
R6
|
Serial6/0
|
FRSW
|
6
|
R6
|
Serial6/1
|
FRSW
|
16
|
R6
|
Serial6/3
|
R7
|
Serial6/2
|
R7
|
Serial6/0
|
FRSW
|
7
|
R7
|
Serial6/1
|
FRSW
|
17
|
R7
|
Serial6/3
|
R8
|
Serial6/2
|
R8
|
Serial6/0
|
FRSW
|
8
|
R8
|
Serial6/1
|
FRSW
|
18
|
Table 2: Serial Connections
Interface
|
DLCI
|
Interface
|
DLCI
|
Interface
|
DLCI
|
Interface
|
DLCI
|
|
1
|
102
|
2
|
201
|
11
|
112
|
12
|
211
|
|
1
|
103
|
3
|
301
|
11
|
113
|
13
|
311
|
|
1
|
104
|
4
|
401
|
11
|
114
|
14
|
411
|
|
1
|
105
|
5
|
501
|
11
|
115
|
15
|
511
|
|
1
|
106
|
6
|
601
|
11
|
116
|
16
|
611
|
|
1
|
107
|
7
|
701
|
11
|
117
|
17
|
711
|
|
1
|
108
|
8
|
801
|
11
|
118
|
18
|
811
|
|
2
|
203
|
3
|
302
|
12
|
213
|
13
|
312
|
|
2
|
204
|
4
|
402
|
12
|
214
|
14
|
412
|
|
2
|
205
|
5
|
502
|
12
|
215
|
15
|
512
|
|
2
|
206
|
6
|
602
|
12
|
216
|
16
|
612
|
|
2
|
207
|
7
|
702
|
12
|
217
|
17
|
712
|
|
2
|
208
|
8
|
802
|
12
|
218
|
18
|
812
|
|
3
|
304
|
4
|
403
|
13
|
314
|
14
|
413
|
|
3
|
305
|
5
|
503
|
13
|
315
|
15
|
513
|
|
3
|
306
|
6
|
603
|
13
|
316
|
16
|
613
|
|
3
|
307
|
7
|
703
|
13
|
317
|
17
|
713
|
|
3
|
308
|
8
|
803
|
13
|
318
|
18
|
813
|
|
4
|
405
|
5
|
504
|
14
|
415
|
15
|
514
|
|
4
|
406
|
6
|
604
|
14
|
416
|
16
|
614
|
|
4
|
407
|
7
|
704
|
14
|
417
|
17
|
714
|
|
4
|
408
|
8
|
804
|
14
|
418
|
18
|
814
|
|
5
|
506
|
6
|
605
|
15
|
516
|
16
|
615
|
|
5
|
507
|
7
|
705
|
15
|
517
|
17
|
715
|
|
5
|
508
|
8
|
805
|
15
|
518
|
18
|
815
|
|
6
|
607
|
7
|
706
|
16
|
617
|
17
|
716
|
|
6
|
608
|
8
|
806
|
16
|
618
|
18
|
816
|
|
7
|
708
|
8
|
807
|
17
|
718
|
18
|
817
|
Table 3: Frame Relay switching Table
Figure 4: Logical Network Topology – Layer 3 Topology
Figure 5:
Logical Network Topology – Routing Protocols
Figure 6: Logical Network Topology – MPLS
VPNs
Device
|
Interface
|
Interface Address
|
Area
|
R1
|
Gi5/0
|
192.168.11.1/24
|
10
|
R1
|
Se6/1.12
|
192.168.12.1/24
|
10
|
R1
|
Se6/3
|
192.168.13.1/24
|
10
|
R1
|
Lo0
|
172.30.1.1/24
|
10
|
R2
|
Fa1/0
|
192.168.23.2/24
|
10
|
R2
|
Fa3/0
|
192.168.24.2/24
|
10
|
R2
|
Se6/1.12
|
192.168.12.2/24
|
10
|
R2
|
Lo0
|
172.30.2.2/24
|
10
|
R3
|
Fa1/0
|
192.168.35.3/24
|
0
|
R3
|
Lo0
|
172.30.3.3/24
|
0
|
R3
|
Fa3/0
|
192.168.23.3/24
|
10
|
R3
|
Se6/2
|
192.168.13.3/24
|
10
|
R4
|
Fa1/0
|
192.168.45.4/24
|
0
|
R4
|
Fa2/0
|
192.168.24.4
|
10
|
R4
|
Lo0
|
172.30.4.4/24
|
10
|
R5
|
Fa1/0
|
192.168.35.5/24
|
0
|
R5
|
Fa2/0
|
192.168.45.5/24
|
0
|
R5
|
Lo0
|
172.30.5.5/24
|
0
|
Table 4:
Interfaces advertised into OSPF Process 1
Device
|
Interface
|
Interface Address
|
Area
|
R2
|
Gi5/0
|
192.168.22.2/24
|
0
|
R2
|
Tu0
|
192.168.28.2/24
|
0
|
R8
|
Gi4/0
|
192.168.80.8/24
|
0
|
R8
|
Tu0
|
192.168.28.8/24
|
0
|
Table 5:
Interfaces advertised into OSPF Process 28
Device
|
Interface
|
Interface Address
|
R2
|
Gi5/0
|
192.168.22.2/24
|
R2
|
Tu0
|
192.168.28.2/24
|
R8
|
Gi4/0
|
192.168.80.8/24
|
R8
|
Tu0
|
192.168.28.8/24
|
Table 6:
Interfaces advertised into RIPv2
4 Layer 2 and Basic Layer 3
Connectivity
4.1 Configuring
the Ethernet Connections
Because there are no direct Ethernet
connections between each router, to achieve connectivity, the connections between
the Routers and the Switches are exploited. Specifically, on the Switches,
VLANs are configured (and appropriate ports assigned to them) such that the
router interfaces facing each other are part of the same VLAN. Also, since the
VLANs will span across multiple switches, we configure inter-switch trunk
links.
4.1.1 Configuring
Inter-Switch Trunk Links
SW1#configure terminal
SW1(config)#interface
FastEthernet1/12
SW1(config-if)#switchport mode
trunk
SW1(config-if)#switchport trunk
encapsulation dot1q
SW1(config-if)#end
SW1#
SW1#configure terminal
SW1(config)#interface
FastEthernet1/13
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk
encapsulation dot1q
SW1(config-if)#end
SW1#
I did similar
configurations for Fa1/14 and Fa1/15 on SW1. SW2 and SW3 are configured in a
similar manner.
The configuration can be verified with the command
SW1#show interfaces trunk
Figure
7: Verifying Inter-Switch Trunk Link configuration on SW1, SW2 and SW3
4.1.2 Configuring
VTP and Creating VLANs
VTP allows switches configured as VTP
servers to disseminate VLAN information to other switches configured as VTP Clients
(provided they are in the same domain) over trunk links. The VTP clients
receive this information and create corresponding VLANs in their own VLAN
tables.
SW2#vlan database
SW2(vlan)#vtp client
SW2(vlan)#exit
SW2#
Next, I configured a VTP domain name on the VTP server (SW1).
This is necessary because only devices that have the same VTP domain name share
VLAN information.
SW1#vlan database
SW1(vlan)#exit
SW1#
To show that the client switches have learned this newly
configured VTP domain, I run the following command on all switches.
SW2#show
vtp status
Next, I add the VLANs required for device connectivity (VLANs 23, 24, 35, 45, 67, and 68) into SW1 VLAN database
SW1#vlan database
SW1(vlan)#vlan 23 name VLAN_23
SW1(vlan)#exit
Same configuration is
done to create VLANs 24, 35, 45, 67, and 68.
4.1.3 Assigning
Switch Ports to VLANs
Once the VLANs are created, we can
assign the appropriate ports to each VLAN. For example, from the layer 3 Topology
in Figure 4, we see that R2 Fa1/0 and R3 Fa3/0 are supposed to be part of the
same VLAN 23. Now, from the Ethernet connections in Figure 3, we see that R2
Fa1/0 connects to SW1 Fa1/2 and that R3 Fa3/0 connects to SW3 Fa1/3. Hence, we
assign SW1 Fa1/2 and SW3 Fa1/3 to VLAN 23. Below is the command for SW1 Fa1/2.
SW1#configure terminal
SW1(config)#interface
FastEthernet1/2
SW1(config-if)#switchport mode
access
SW1(config-if)#switchport access
vlan 23
SW1(config-if)#end
SW1#
In a similar fashion,
I assign:
SW3
Fa1/2 and SW2 Fa1/4 to
VLAN 24, SW1 Fa1/3 and SW1 Fa1/5 to VLAN 35, SW1 Fa1/4 and SW2 Fa1/5 to VLAN 45, SW1
Fa1/6 and SW2 Fa1/7 to
VLAN 67, and SW2 Fa1/6 and SW3 Fa1/8 to VLAN 68.
To verify that the ports have been assigned, I run the command (on SW1
for example),
SW1#show vlan-switch brief |
exclude ^1 |^100[2-5]
4.1.4 Assigning IP Addresses to Router Interfaces
Using VLAN 23 for example, we see
(from Layer 3 Topology in Figure 4) that R2 Fa1/0 and R3 Fa3/0 interfaces are
on the same subnet 192.168.23.0/24. Note also that the host addresses are shown
close to each interface. We assign IP address to the two interfaces as follows:
R2#configure
terminal
R2(config)#interface
FastEthernet1/0
R2(config-if)#ip
address 192.168.23.2 255.255.255.0
R2(config-if)#no
shut
R2(config-if)#end
R2#
R3#configure
terminal
R3(config)#interface
FastEthernet3/0
R3(config-if)#ip
address 192.168.23.3 255.255.255.0
R2(config-if)#no
shut
R3(config-if)#end
R3#
Similar configurations are done for the other router interfaces which are directly connected to switches.
To verify that the interfaces are up and running, we use the command;
R3#show ip interface brief
Similar configurations are done for the other router interfaces which are directly connected to switches.
To verify that the interfaces are up and running, we use the command;
R3#show ip interface brief
Also, ping results now show connectivity between R2 Fa1/0 (192.168.23.2) and R3 Fa3/0 (192.168.23.3)
Figure 10: Verifying
interface set-up on R1, and connectivity between R2 and R3
Next is the GigabitEthernet
interface configuration on R7. Note that the interface is shown as two separate
sub-interfaces in the Layer 3 Topology in Figure 4.
R7#configure
terminal
R7(config)#interface
GigabitEthernet4/0.70
R7(config-subif)#encapsulation
dot1q 70
R7(config-subif)#exit
R7(config)#interface
GigabitEthernet4/0.77
R7(config-subif)#encapsulation
dot1Q 77
R7(config-subif)#ip
address 192.168.77.7 255.255.255.0
R7(config-subif)#end
4.2 Configuring
the Serial Connections
Note
that there are three serial connections in the Layer 3 Topology diagram in
Figure 4. The connections are between R1 and R3, R1 and R2, and R5 and R6.
4.2.1 Point-to-point Frame
Relay Sub-interfaces
We
configure a point-to-point link between R1 and R2 (as shown in Figure 4) using
point-to-point subinterfaces (since there’s only one neighbor who is bound to
receive all traffic sent across the link). This is done in order to avoid the
need for Layer 3 to Layer 2 address resolution which Frame Relay requires in
order to be able to encapsulate the frames before sending them over the link.
First, we configure R1 and R2 Se6/1
for Frame Relay. The command shown below is for R1:
R1#configure
terminal
R1(config)#interface
Serial6/1
R1(config-if)#encapsulation
frame-relay
R1(config-if)#no
shut
R1(config-if)#end
To examine the DLCI information R1
is receiving on interface Se6/1, we can use the following commands:
R1#show
frame-relay pvc interface Serial6/1 | include DLCI
Figure 11: Verifying DLCI
information received on R1 and R2 Se6/1 interfaces.
From the output above, we see that 7 PVCs have been provisioned by the “service provider”. They all currently show up as “unused” because we are yet to explicitly refer to any of them in the configuration.
Next, I configure the point-to-point subinterface using DLCI 112 (for
R1) and 211 (for R2):
R1#configure terminal
R1(config)#interface Serial6/1.12
point-to-point
R1(config-subif)#frame-relay interface-dlci
112
R1(config-fr-dlci)#exit
R1(config-subif)#ip address 192.168.12.1
255.255.255.0
R1(config-subif)#end
R1#
We can verify this configuration
using:
R1#show frame-relay pvc | include DLCI
and
R1#show frame-relay map
Figure
12: Verifying point-to-point Frame-Relay configuration and connectivity on R1
and R2
We note that the DLCI USAGE has
changed state from UNUSED to LOCAL and that the Frame Relay map now shows an
entry for Se6/1.12. So any traffic going out of this interface will be sent
across the link using DLCI 112.
We do the same configuration on R2
in order to achieve our desired connectivity. After which we will be able to
ping R2 from R1 and vice versa, as seen from Figure 12.
4.2.2 Multipoint Frame Relay
and Inverse ARP
We
use the serial connection between R5 and R6 to practice multipoint Frame Relay PVC
configuration. This employs the Inverse ARP functionality of Frame Relay which
helps to resolve IP addresses to DLCI numbers. When a router sends out an
Inverse ARP request on a DLCI, whoever is at the other end replies with its own
IP address on that DLCI.
R5#configure terminal
R5(config)#interface
Serial6/0
R5(config-if)#encapsulation
frame-relay
R5(config-if)#frame-relay
interface-dlci 506
R5(config-fr-dlci)#exit
R5(config-if)#ip
address 10.0.0.5 255.255.255.252
R5(config-if)#no
shut
R5(config-if)#end
R5#
We also do a similar configuration
on R6 Serial6/0 interface.
We can verify this configuration
using:
R6#show frame-relay map
R6#ping 10.0.0.5
and
R5#show frame-relay pvc | include DLCI
Figure
13: Verifying Multipoint Frame-Relay configuration and connectivity on R5 and
R6
4.2.3 PPP Encapsulation and Transparent Bridging
Note
that Figure 4 – Layer 3 Topology shows a serial connection between R1 and R3,
however from Figure 3 Physical Topology of Serial Connections, although R1 is
connected to R2, and R2 is connected to R3, there is no direct serial
connection between R1 and R3.
We can achieve our desired connectivity using Transparent Bridging by configuring R2 as an Integrated Routing and Bridging (IRB) device. What we want to do here is to configure R2 to act as a bridge between its Serial6/2 and Serial 6/3 interfaces, so that traffic received on R2’s Serial6/2 interface will be passed through, unmodified, out its Serial6/3 interface, and vice versa.
R2#configure
terminal
R2(config)#bridge
irb
R2(config)#bridge
13 protocol ieee
R2(config)#bridge
13 route ip
R2(config)#end
R2#
R2#configure
terminal
R2(config)#int bvi 13
R2(config-if)#ip address 192.168.13.2
255.255.255.0
R2(config-if)#no shut
R2(config-if)#end
R2#
R2#
R2#configure
terminal
R2(config)#interface
Serial6/2
R2(config-if)#bridge-group
13
R3(config-if)#encapsulation
ppp
R3(config-if)#ppp
bridge ip
R2(config-if)#no
shut
R2(config-if)#end
R2#
R2#configure
terminal
R2(config)#interface
Serial6/3
R2(config-if)#bridge-group
13
R3(config-if)#encapsulation
ppp
R3(config-if)#ppp
bridge ip
R2(config-if)#no
shut
R2(config-if)#end
R2#
Next, we configure R1, making sure to add the desired interface
(Se6/3 in this case) to the created bridge group. Note that each physical
interface itself is not configured with an IP address. Only the Bridge Virtual
Interface (BVI) in each router is configured with an IP address.
R1#configure terminal
R1(config)#bridge
irb
R1(config)#bridge
13 protocol ieee
R1(config)#bridge
13 route ip
R1(config)#end
R1#
R1#configure
terminal
R1(config)#int bvi 13
R1(config-if)#ip address 192.168.13.1
255.255.255.0
R1(config-if)#no shut
R1(config-if)#end
R1#
R1#configure
terminal
R1(config)#interface
Serial6/3
R1(config-if)#bridge-group
13
R3(config-if)#encapsulation
ppp
R3(config-if)#ppp
bridge ip
R1(config-if)#no
shut
R1(config-if)#end
R1#
Next, we configure R3
R3#configure terminal
R3(config)#bridge
irb
R3(config)#bridge
13 protocol ieee
R3(config)#bridge
13 route ip
R3(config)#end
R3#
R3#configure
terminal
R3(config)#int bvi 13
R3(config)#int bvi 13
R3(config-if)#ip address 192.168.13.3
255.255.255.0
R3(config-if)#no shut
R3(config-if)#end
R3#
R3#configure
terminal
R3(config)#interface
Serial6/2
R3(config-if)#bridge-group
13
R3(config-if)#encapsulation
ppp
R3(config-if)#ppp
bridge ip
R3(config-if)#no
shut
R3(config-if)#end
R3#
We can verify the configuration using the following commands:
show
interfaces Serial6/2 | include ^Serial|Open
(Before Pinging) show bridge 13 verbose
(Ping Results) R1#ping 192.168.13.3, R2#ping 192.168.13.1,
R3#192.168.13.1
(After Some Pinging) show bridge 13 verbose
show interfaces Se6/2 irb (on R1, R2 and R3)
5 Layer 3 Routing Protocols
for the Test Network
Figure 5: Logical Network Topology –
Routing Protocols
My
aim here is to configure routing protocols in the test network in line with
what is shown in the figure above. At this point I have configured the Loopback
0 interface on R1 – R8, using the IP address 172.30.X.X/24, where X is the
device number. So, for example, R1’s loopback interface is configured with the
IP address 172.30.1.1.
As can be seen from the figure above, Autonomous System (AS)
65001 should run multi-area OSPF, AS 65002 should run RIPv2 while both ASes
should exchange routing information with each other by means of a BGP session
between R5 and R6.
Also, VLAN 22 and VLAN 80 want to communicate only with one
another and should be otherwise inaccessible from the rest of the network. A
Generic Routing Encapsulation (GRE) Tunnel between R2 and R8 should be
configured to achieve this purpose. OSPF should also be configured to disseminate
routing information over the GRE tunnel.
5.1 Configuring Intra-AS Routing
in AS 65001 Using OSPF
R1
|
R2
|
R1#configure
terminal
R1(config)#router
ospf 1
R1(config-router)#passive-interface
Gi5/0
R1(config-router)#exit
R1(config)#interface
Lo0
R1(config-if)#ip
ospf 1 area 10
R1(config-if)#interface
Serial6/1.12
R1(config-subif)#ip
ospf 1 area 10
R1(config-subif)#interface
bvi 13
R1(config-if)#ip ospf 1 area 10
R1(config-if)#interface
Gi5/0
R1(config-if)#ip
ospf 1 area 10
R1(config-if)#end
R1#
|
R2#configure
terminal
R2(config)#router
ospf 1
R2(config-router)#exit
R2(config)#interface
Lo0
R2(config-if)#ip
ospf 1 area 10
R2(config-if)#interface
Serial6/1.12
R2(config-subif)#ip
ospf 1 area 10
R2(config-if)#interface
bvi 13
R2(config-subif)#ip
ospf 1 area 10
R2(config-subif)#interface
Fa1/0
R2(config-if)#ip ospf 1 area 10
R2(config-if)#interface
Fa3/0
R2(config-if)#ip
ospf 1 area 10
R2(config-if)#end
R2#
|
R3
|
R4
|
R3#configure
terminal
R3(config)#router
ospf 1
R3(config-router)#exit
R3(config)#interface
Lo0
R3(config-if)#ip
ospf 1 area 0
R3(config-if)#interface
Fa1/0
R3(config-if)#ip
ospf 1 area 0
R3(config-if)#interface
Fa3/0
R3(config-if)#ip
ospf 1 area 10
R2(config-if)#interface
bvi 13
R2(config-subif)#ip
ospf 1 area 10
R3(config-if)#end
R3#
|
R4#configure
terminal
R4(config)#router
ospf 1
R4(config-router)#exit
R4(config)#interface
Lo0
R4(config-if)#ip
ospf 1 area 0
R4(config-if)#interface
Fa2/0
R4(config-subif)#ip
ospf 1 area 10
R4(config-subif)#interface
Fa1/0
R4(config-if)#ip ospf 1 area 0
R4(config-if)#end
R4#
|
R5
|
|
R5#configure
terminal
R5(config)#router
ospf 1
R5(config-router)#exit
R5(config)#interface
Lo0
R5(config-if)#ip
ospf 1 area 0
R5(config-if)#interface
Fa2/0
R5(config-subif)#ip
ospf 1 area 0
R5(config-subif)#interface
Fa1/0
R5(config-if)#ip ospf 1 area 0
R5(config-if)#end
R5#
|
The
following figures show screenshots that verify successful configuration and
connectivity between all Routers in AS 65001.
R5#show ip route
show ip
ospf neighbor
ping
results (AS 65001)
5.2 Configuring Intra-AS Routing
in AS 65002 Using RIPv2
The Interior Gateway Protocol (IGP) of choice for AS 65002 is
RIPv2.
The
configuration is as follows:
R6
|
R7
|
R6#configure
terminal
R6(config)#router
rip
R6(config-router)#version
2
R6(config-router)#no
auto-summary
R6(config-router)#network
172.30.6.6
R6(config-router)#network
192.168.67.0
R6(config-router)#network
192.168.68.0
R6(config-router)#passive-interface
Lo0
R6(config-router)#end
R6#
|
R7#configure
terminal
R7(config)#router
rip
R7(config-router)#version
2
R7(config-router)#no
auto-summary
R7(config-router)#network
172.30.7.7
R7(config-router)#network
192.168.67.0
R7(config-router)#network
192.168.77.0
R7(config-router)#passive-interface
Lo0
R7(config-router)#end
R7#
|
R8
|
|
R8#configure
terminal
R8(config)#router
rip
R8(config-router)#version
2
R8(config-router)#no
auto-summary
R8(config-router)#network
172.30.8.8
R8(config-router)#network
192.168.68.0
R8(config-router)#passive-interface
Lo0
R8(config-router)#end
R8#
|
The
following figures show screenshots that verify successful configuration and
connectivity between all Routers in AS 65002.
show ip route
ping results (AS 65002)
5.3 Configuring Inter-AS Routing
Using BGP
Next we configure BGP on R5 and R6 so
that route information can be disseminated between the ASes.
Note
that the peering between R5 and R6 will be an eBGP (external BGP) peering since
they each belong to different autonomous systems.
The configuration is as follows:
R5
|
R6
|
R5#configure interface
R5(config)#router bgp 65001
R5(config-router)#neighbor
10.0.0.6 remote-as 65002
R5(config-router)#end
R5#
|
R6#configure interface
R6(config)#router bgp 65002
R6(config-router)#neighbor
10.0.0.5 remote-as 65001
R6(config-router)#end
R6#
|
show ip bgp summary
Since BGP does not explicitly advertise anything to neighbors
(from the two figures below, R5 does not yet show routes from AS 65002, neither
does R6 show routes from AS 65001), we will have to use network statements to
tell the BGP process what networks to advertise. Although the BGP network
statement is classless (i.e we can specify the network address and netmask of
the route we want to advertise into BGP), the exact match of that route must
exist in the routing table of the router running the BGP process.
R5#show ip route (shows
no BGP routes from AS 65002)
R6#show ip route (shows
no BGP routes from AS 65001)
R6#show ip route (shows
no BGP routes from AS 65001)
Thus,
we have to include the networks we want advertised on both R5 and R6 before we
can issue a network statement that will specify both network address and
netmask. One way to achieve this is to add the routes as static routes and
point it to the Null0 interface. Although all packets addressed to the null0
interface are dropped, this would allow us to advertise the route into BGP,
since we would then have the exact match in the routing table.
We
proceed as follows to add entries for Lo0 address of each router and also a
summary of the 192.168.0.0 networks in both ASes:
R5#configure
terminal
R5(config)#ip
route 172.30.1.0 255.255.255.0 Null0
R5(config)#ip
route 172.30.2.0 255.255.255.0 Null0
R5(config)#ip
route 172.30.3.0 255.255.255.0 Null0
R5(config)#ip
route 172.30.4.0 255.255.255.0 Null0
R5(config)#ip
route 192.168.0.0 255.255.192.0 Null0
R5(config)#end
R5#
Note that we don’t need to add static routes on R6 for R7 and
R8’s Lo0 address because they are already advertised by RIPv2 in the format
required for BGP network statement.
Once
our desired networks have been added to the routing table as static routes via
the Null0 interface, we can now go ahead and advertise this network into BGP:
R5#configure
terminal
R5(config)#router
bgp 65001
R5(config-router)#network
172.30.1.0 mask 255.255.255.0
R5(config-router)#network
172.30.2.0 mask 255.255.255.0
R5(config-router)#network
172.30.3.0 mask 255.255.255.0
R5(config-router)#network
172.30.4.0 mask 255.255.255.0
R5(config-router)#network
172.30.5.0 mask 255.255.255.0
R5(config-router)#network
192.168.0.0 mask 255.255.192.0
R5(config-router)#end
R5#
R6#configure
terminal
R6(config)#router
bgp 65002
R6(config-router)#network
172.30.6.0 mask 255.255.255.0
R6(config-router)#network
172.30.7.0 mask 255.255.255.0
R6(config-router)#network
172.30.8.0 mask 255.255.255.0
R6(config-router)#network
192.168.67.0 mask 255.255.255.0
R6(config-router)#network
192.168.68.0 mask 255.255.255.0
R6(config-router)#network
192.168.77.0 mask 255.255.255.0
R6(config-router)#end
R6#
At
this point, although BGP has been configured, there is still no route
distribution between the OSPF and BGP processes running on R5, or between the
RIPv2 and BGP running on R6. This is evident from the screenshots below.
show ip route bgp (on R5 and R6) – indicates
R5 and R6 has learnt BGP routes from each other.
R1#show
ip route – indicates that routes are yet to be learnt
from AS 65002
As can be seen, R1 does not show any routes from AS 65002,
neither does R7 show any routes from AS 65001. Hence, we are yet to achieve end
to end connectivity in our test network.
To enable route distribution, we issue
the following commands:
R5#configure
terminal
R5(config)#router
ospf 1
R5(config-router)#default-information
originate always
R5(config-router)#end
R5#
R6#configure
terminal
R6(config)#router
rip
R6(config-router)#default-information
originate
R6(config-router)#end
R6#
The
two sets of configuration steps above instruct both R5 and R6 to inject a
default route into OSPF and RIPv2 respectively. This enables other routers in
both ASes to have a default route to unknown networks as can be seen from the screenshots below.
R7#show ip route
We
should now have end-to-end connectivity between routers in our test network.
The following figures show screenshots that verify successful
configuration of BGP and connectivity between routers in AS 65001 and AS 65002.
pings verifying end-to-end
connectivity in our test network
5.4 Configuring Enhanced
End-to-End Service (yet to be completed)
As of now, although we have been able
to achieve full IP4 reachability within the routing domain, only clients in VLAN
11 on R1 and VLAN 77 on R7 have connectivity with each other. We are yet to
connect VLAN 22 (R2), VLAN 44 (R4), VLAN 80 (R8), and VLAN 88 (R8).
We will now use VLAN 22 and VLAN 80 to practice end-to-end service configuration by creating a Generic Routing Encapsulation (GRE) Tunnel between R2 and R8 to enable connectivity between clients on both VLANs. The aim here is to ensure that clients on VLAN 22 and VLAN 80 can only communicate with each other but not with anyone else. Neither VLANs should be reachable from any of the other VLANs.
REFERENCES
ELG
5369 – Internetworking Technologies Assignments, (University of Ottawa, Fall
2013)
No comments:
Post a Comment