Following on from my last post, I wanted to put together a small lab for me to start with inside my M10. As a reminder the extremely simple topology looks like so:
The plan is to make a simple lab like so:
This should give me something to start with. I can always add more to make things a lot more complicated. Below I’ll paste my config which also includes IP addressing for the links and loopbacks:
set interfaces fe-0/0/0 vlan-tagging set interfaces fe-0/0/1 vlan-tagging set logical-systems J1 interfaces fe-0/0/0 unit 15 vlan-id 15 set logical-systems J1 interfaces fe-0/0/0 unit 15 family inet address 10.15.15.1/24 set logical-systems J1 interfaces fe-0/0/0 unit 121 vlan-id 121 set logical-systems J1 interfaces fe-0/0/0 unit 121 family inet address 10.12.12.1/24 set logical-systems J1 interfaces fe-0/0/0 unit 122 vlan-id 122 set logical-systems J1 interfaces fe-0/0/0 unit 122 family inet address 10.21.21.1/24 set logical-systems J1 interfaces lo0 unit 1 family inet address 1.1.1.1/32 set logical-systems J2 interfaces fe-0/0/1 unit 25 vlan-id 25 set logical-systems J2 interfaces fe-0/0/1 unit 25 family inet address 10.25.25.2/24 set logical-systems J2 interfaces fe-0/0/1 unit 121 vlan-id 121 set logical-systems J2 interfaces fe-0/0/1 unit 121 family inet address 10.12.12.2/24 set logical-systems J2 interfaces fe-0/0/1 unit 122 vlan-id 122 set logical-systems J2 interfaces fe-0/0/1 unit 122 family inet address 10.21.21.2/24 set logical-systems J2 interfaces lo0 unit 2 family inet address 2.2.2.2/32 set logical-systems J3 interfaces fe-0/0/0 unit 35 vlan-id 35 set logical-systems J3 interfaces fe-0/0/0 unit 35 family inet address 10.35.35.3/24 set logical-systems J3 interfaces fe-0/0/1 unit 34 vlan-id 34 set logical-systems J3 interfaces fe-0/0/1 unit 34 family inet address 10.34.34.4/24 set logical-systems J3 interfaces lo0 unit 3 family inet address 3.3.3.3/32 set logical-systems J4 interfaces fe-0/0/0 unit 34 vlan-id 34 set logical-systems J4 interfaces fe-0/0/0 unit 34 family inet address 10.34.34.4/24 set logical-systems J4 interfaces fe-0/0/1 unit 45 vlan-id 45 set logical-systems J4 interfaces fe-0/0/1 unit 45 family inet address 10.45.45.4/24 set logical-systems J4 interfaces lo0 unit 4 family inet address 4.4.4.4/32 set logical-systems J5 interfaces fe-0/0/0 unit 25 vlan-id 25 set logical-systems J5 interfaces fe-0/0/0 unit 25 family inet address 10.25.25.5/24 set logical-systems J5 interfaces fe-0/0/0 unit 45 vlan-id 45 set logical-systems J5 interfaces fe-0/0/0 unit 45 family inet address 10.45.45.5/24 set logical-systems J5 interfaces fe-0/0/1 unit 15 vlan-id 15 set logical-systems J5 interfaces fe-0/0/1 unit 15 family inet address 10.15.15.5/24 set logical-systems J5 interfaces fe-0/0/1 unit 35 vlan-id 35 set logical-systems J5 interfaces fe-0/0/1 unit 35 family inet address 10.35.35.5/24 set logical-systems J5 interfaces lo0 unit 5 family inet address 5.5.5.5/32
All tested and working so feel free to use the configuration yourself
My last post explained that my CCIE is on short hold thanks to me not currently holding my passport. And so instead of just wasting time I’ve decided to learn a bit more about my Juniper devices.
A while back I showed how you can load JUNOS onto some old Nokia devices. This post and this post shows how.
One of the problems in the second post was that you could only install up to JUNOS 8.4 on these boxes. Anything more and you bork the box and need to start over.
So what if you need to run a bunch of Juniper routers and don’t have 10 sitting on your desk? Well the beauty of JUNOS is that you can partition a single router into multiple logical routers. This is not simply a separate VRF, it’s a whole logical router running it’s own processes and everything. In fact each logical system can even be running it’s own vrfs as well!
So I happen to have an old M10 router sitting in my lab. I actually have 2, but only 1 is currently working. To do any proper configuration you need more than a single box of course. This M10 is running a much newer release of JUNOS – 10.4 R1.9
So let’s get started. I’ve factory default the box by doing a load factory-default then commit
root> show version Model: m10 JUNOS Base OS boot [10.4R1.9] /removed/
This is my actual physical topology:
There is simply a physical Cat5 cable connecting port fe-0/0/0 to port fe-0/0/1
Below is the planned logical topology. 2 Juniper routers connected over 2 separate links.
First I’m going to set the interfaces to send tagged traffic so I can run multiple virtual links, each with a different vlan tag. Then I’ll set up the interfaces as above
set interfaces fe-0/0/0 vlan-tagging set interfaces fe-0/0/1 vlan-tagging set logical-systems JUNIPER1 interfaces fe-0/0/0 unit 1 vlan-id 20 set logical-systems JUNIPER1 interfaces fe-0/0/0 unit 1 family inet address 10.2.2.1/24 set logical-systems JUNIPER1 interfaces fe-0/0/1 unit 1 vlan-id 10 set logical-systems JUNIPER1 interfaces fe-0/0/1 unit 1 family inet address 10.1.1.1/24 set logical-systems JUNIPER2 interfaces fe-0/0/0 unit 2 vlan-id 10 set logical-systems JUNIPER2 interfaces fe-0/0/0 unit 2 family inet address 10.1.1.2/24 set logical-systems JUNIPER2 interfaces fe-0/0/1 unit 2 vlan-id 20 set logical-systems JUNIPER2 interfaces fe-0/0/1 unit 2 family inet address 10.2.2.2/24
Here we have created 2 logical systems – JUNIPER1 and JUNIPER2. I’ve then assigned 2 subinterfaces to each router. Let’s have a look to see if this actually works. To log into a logical system we use the set cli logical-system [logical system name] command. Once in there we can check the interfaces and then ping across
root> set cli logical-system JUNIPER1 Logical system: JUNIPER1 root:JUNIPER1> show interfaces terse Interface Admin Link Proto Local Remote fe-0/0/0 fe-0/0/0.1 up up inet 10.2.2.1/24 fe-0/0/1 fe-0/0/1.1 up up inet 10.1.1.1/24 root:JUNIPER1> ping 10.2.2.2 rapid PING 10.2.2.2 (10.2.2.2): 56 data bytes !!!!! --- 10.2.2.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.055/1.572/3.450/0.941 ms
No problems there at all. Note that once you are inside a logical system, you can configure it as though it’s a normal box. You don’t need to mention any logical system in the config. Let’s configure OSPF on these 2 interfaces:
root:JUNIPER1> configure Entering configuration mode [edit] root:JUNIPER1# edit protocols ospf area 0.0.0.0 [edit protocols ospf area 0.0.0.0] root:JUNIPER1# set interface fe-0/0/0.1 [edit protocols ospf area 0.0.0.0] root:JUNIPER1# set interface fe-0/0/1.1 [edit protocols ospf area 0.0.0.0] root:JUNIPER1# commit commit complete [edit protocols ospf area 0.0.0.0] root:JUNIPER1# exit [edit] root:JUNIPER1# exit Exiting configuration mode
So now how do we get out of this logical system back into the root? Use the clear cli logical-system command. Let’s get of of JUNIPER1 and go into JUNIPER2 and configure OSPF
root:JUNIPER1> clear cli logical-system Cleared default logical system root> set cli logical-system JUNIPER2 Logical system: JUNIPER2 root:JUNIPER2> configure Entering configuration mode [edit] root:JUNIPER2# edit protocols ospf area 0.0.0.0 [edit protocols ospf area 0.0.0.0] root:JUNIPER2# set interface fe-0/0/0.2 [edit protocols ospf area 0.0.0.0] root:JUNIPER2# set interface fe-0/0/1.2 [edit protocols ospf area 0.0.0.0] root:JUNIPER2# top [edit] root:JUNIPER2# commit commit complete [edit] root:JUNIPER2# exit Exiting configuration mode
So has it all worked?
root:JUNIPER2> show ospf neighbor Address Interface State ID Pri Dead 10.1.1.1 fe-0/0/0.2 Full 10.1.1.1 128 36 10.2.2.1 fe-0/0/1.2 Full 10.1.1.1 128 37
Of course it has ;)
While this works, it’s a big hassle having to log into the root system and then logging into the logical system. It also defeats the purpose of a logical system a bit as it would be ideal to give different users access to different logical systems.
Let’s create 2 users. user1 will be responsible for JUNIPER1 and user2 will be responsible for JUNIPER2. You’ll need to get back into the root system to do this.
set system login class USER1 logical-system JUNIPER1 set system login class USER1 permissions all set system login class USER2 logical-system JUNIPER2 set system login class USER2 permissions all set system login user user1 class USER1 set system login user user1 authentication encrypted-password "$1$2.bgMkK/$ALFH1kC1Q2s.Rgm8Uvuuh/" set system login user user2 class USER2 set system login user user2 authentication encrypted-password "$1$aOaM2CQa$OXMUk4burCY7vFlzmLZdR0"
Let’s give this a test by logging right out and then back in:
Amnesiac (ttyd0) login: user1 Password: --- JUNOS 10.4R1.9 built 2010-12-04 09:20:43 UTC user1:JUNIPER1>
Note that if you log in this way, you can’t clear out of the logical system. As far as you are concerned this is a separate router
user1:JUNIPER1> clear cli logical-system error: You are not a allowed to execute this command
So there you have it. I now have 2 routers running inside a single physical box. Juniper says you can have up to 15 logical routers inside a box so that gives me a lot to play with. If I get the second M10 working that’ll be 30 Juniper routers at my disposal. More than enough for even the most complex topologies
So I have to delay my next attempt for a while :(
As you may know I’m a South African citizen living in the UK. My wife is from Hungary which gives me full rights to work here. However my current visa is coming to an end and I need to apply for the next. I’ll have no trouble getting it, but the problem is that the current waiting times are up to 6 MONTHS!!!
The issue here is that the lab location is in Belgium. The EU has what’s called a Schengen agreement where any travel between Schengen states can be done without border control. Not all EU countries are in the Schengen area though, including the UK. This means that I am subject to border control if I go over to Belgium. Border control means passport. No passport means no travel.
So now I’m stuck. I can only hope my application goes quicker than normal, but I doubt it will.
However I will not waste this time. I’ll continue my studies, and may even branch more into SP stuff in the meantime as that is what I actually do day to day. So expect a more Service Provider feel to some upcoming posts and see what I actually do on a day to day basis :)
Ok, so the plan was to get my CCIE numbers and then move straight onto some Brocade training. I actually booked this exam for 2 weeks after I got back from Brussels.
But as I failed I decided yesterday to move it forward and knock it out quick, so I can concentrate on Cisco. I went to the exam centre and finished the exam in less than 25 minutes. Felt a piece of cake compared to my recent studying. Brocade have a BCNE in a nutshell pdf but I spent only about 5 minutes glancing at it.
Back to CCIE studying!
Thursday 26th April 2012
All packed and ready to go. I get to Kings Cross station in London at 08:30 as my train for Brussels leaves at 08:57. Not even thinking about the lab at this time to be honest. I make my way through check-in, through passport control and I’m on the Eurostar. My wife and I arrive around midday local time in Brussels. We head off to buy tickets to Diegem (€2.50 one way each) and 10 minutes later are sitting on the train. The journey to Diegem itself takes less than 20 minutes.
Once in Diegem we walk to our hotel (Ibis Brussels Airport) which is about 1.5km from the station. We actually pass Cisco on the way there. Cisco’s campus park is pretty much right next to Diegem Station. Once checked in we decide to take a walk to the Cisco entrance I need to be the next day at 08:00. I time the walk and it takes about 17 minutes to get from door to door so that’s pretty good.
After we’ve checked out where I need to be we decide to take a walk around Diegem itself. Bad idea. There is NOTHING to do in Diegem. It’s simply an area full of business buildings and hotels. There are no shops anywhere. Not only that but the weather is bad. We ended up eventually finding a shop far away from the business park but got caught by the rain and we huddled for cover for over 2 hours without an umbrella. At least this took my mind off the exam :) – In the shop itself I buy a couple of drinks, bottled water, dried fruit and nuts to snack on during the lab.
Once the rain died down a bit we made our way back to the hotel as quick as we could. This was the view from my hotel room itself:
Miserable…
While the hotel’s rooms were pretty cheap, their food was very expensive. A relatively simple dinner for my wife and myself ended up costing over €60.00 – I felt pretty ripped off. We had dinner quite early, around 18:30 and then headed back up to the room. I watched TV a bit and then had a small bit of trouble trying to get to sleep. But thanks to the huge walk we did previously in the day I drifted off to sleep around 23:30
Friday 27th April 2012 – Lab date.
I wake up at 05:30. I’ve set both my own and my wife’s alarm clock because I simply can’t afford to be late. I have a quick shower and we head down for a quick, and very expensive, breakfast. This time they charge me €14.00 per person for the privilege. I do however need food so I pay grudgingly. Once done I say goodbye to my wife and I take the walk down to Cisco. I end up arriving at 07:35. As I arrived 2 other candidates arrive together but I don’t feel like talking to anyone. I stand on the end of the bridge and 2 other guys arrive. The doors are still closed so we are all waiting outside. A Norwegian fellow then arrives and starts talking to me. I forgot his name but he says it’s his second time and he seems pretty happy. We chat until Cisco open the doors.
We all show our identification, asked to sign in and then we receive a paper name badge. We are asked to sit on the sofas in reception until the proctor arrives. I chat to the Norwegian guy again and he gives me some ear plugs which was very nice. Most of the others are sitting in complete silence. 10 minutes later the proctor arrives and tells us to follow him. We take the 2 lifts to the top floor. Just outside the actual lab room we are told the rules and then given out seat numbers. I end up sitting on desk 13. It’s right next to the window which is quite nice.
We are told what time we are to start, what time lunch will be and what time we will all finish. The toilets are right outside the door and there is also a coffee/tea/hot chocolate machine there. I have my water and snacks on my desk.
TS BEGINS
Just past 08:30am. I have the topology on screen, 10 questions to solve and a clock in the top right that is going down fast. I stick to my strategy though. My strategy is to quickly solve any ticket that has 3 or less routers involved. If I get stuck for longer than 5 minutes on any ticket I move onto the next. I solved ticket 1 in about 3 minutes. The next 5 tickets all contain more than 3 routers so I skip them all. I then solve the last 4 relatively quickly. 1 I went over the 5 minute mark, but I knew I was about to crack it. By the time I got to this section only 22 or so minutes had passed. I then moved back to the 5 I skipped. 2 were very complicated so I skipped those and did the other 3. Because I had a bit of time I gave myself 7 minutes per question tops. I eventually cracked 3 of them and moved finally to the 2 complicated ones. I eventually cracked both of those. By this time I had over 20 minutes left but I used those 20 minutes to re-read and verify all of my answers. By the time I was done with this I had 6 minutes left so I clicked on ‘end section’
CONFIG BEGINS
Straight away I start the config section. I immediately read through the entire lab to see what I’m in for. Some questions are extremely easy, others are not that difficult, and 4 or 5 I think WTF??!?
LUNCH BEGINS
I start off with Layer 2 of course and I find it very easy. I then begin with Layer3. I’m about halfway through when we are told to stop as it’s lunch time. Lunch is quite early as it’s just before midday. We are all brought to the front of the class and given a voucher. We are told that we need to keep together at all times. We are allowed to talk to each other, but not about the lab. Downstairs in the cafeteria we can take one main meal, a drink, and a dessert. I take the chicken and chips, coke zero, an orange, and a dessert. I’m last in line so by the time I sit down the first guys are half finished.
I try and make light conversation but most candidates simply aren’t talking. We are not allowed to talk about the lab, but of course the lab is what’s on all our minds. Before I know it we are told lunch is finished and we need to go back upstairs. This was after about 20 minutes. I take my unopened coke and orange back upstairs. We are told that we can start again as soon as we get back to our desks.
CONFIG CONTINUES
I eventually finish off layer3, and I’ve left 2 questions completely unanswered. I move onto section 3, then 4, then eventually 5. I have missed a few questions here and there and went for those that I knew I could get done right and quickly. I then move back to everything I did not answer. Some were extremely tough. I’ve got the DocCD open but it’s not helping too much. I eventually have an answer to all the questions, but a few I’m not sure if it’s correct or not.
Time is ticking though and you’ll be surprised just how fast time flies when you’re there. I plan a full 30 minutes of verification at the end. At 16:30 I then start verifying all my answers thoroughly. It’s a good thing I did as I noticed at least 3 little mistakes which I fixed.
I write down the point values of all questions I am 100% confident that I for the marks for. I then have a second list of points I have for answers I was not 100% sure about. I have 57 points in the ‘guaranteed’ line and about 15 in the so-so line. 6 I know I won’t get. You need 63 to get 80% in the config section so I’m not that happy about it. I attempt to turn those 15 so-so’s into guaranteed, but eventually run out of time. We are told we are going to get our results that night.
CONFIG ENDS
Lab is done. I chat to the Norwegian fellow in the lift on the way to the ground floor but I’m so tired I can hardly speak. I said something about verification but that’s about all I can say. I sign out downstairs, say good luck to the 2 candidates behind me and leave the building and walk back to the hotel. By this time I know I’ve passed TS, but the config is hanging in the balance.
I get back to the hotel and take my wife down to the bar. We have a couple of drinks and I tell her the same story as above. I’m checking my mail every 5 minutes but no email. I keep checking till midnight and no result and I eventually fall asleep.
Saturday 28th April to Sunday 29th April 2012
I wake up at 5am and I see an email from Cisco. I log in and see the result :( Passed TS, failed config. I’m pretty damn upset of course. I had a feeling I would fail, but my marks seem even worse than I thought they would be. I don’t know what Cisco is looking for, but certainly not the answers I was giving.
Our train only goes back to London on Sunday night so we ended up going to Paris on Saturday morning until Sunday late morning. The trip was quite nice and I was trying to put the result out of my mind but of course you can’t completely. Sunday we are back in Brussels and we go to the city centre and eat a lot of chocolates and waffles. It was good.
So here I am back at home. Am I upset? Yes I am. Am I defeated? Certainly not. So what’s next? I can’t do the lab again within 30 days but I’m not going to rush it. I’m giving myself a good 2 – 3 months and I’ll do it again. In this 2-3 months I need to work my socks off. Anything I was remotely unsure about I need to be 100% sure about.
Will it make me a better engineer? Of course it will. I’ve now seen where my weaknesses are and need to step up to the plate.
Watch this space :)
Got the result back early Saturday morning and it was not good. Passed the Troubleshooting section but failed the config section. I had a really bad section worth 6 points which personally I think is an impossible task with the version of IOS they have.
I’ll post more later but for now I’m in Paris with my wife just chilling out
Hi all.
I leave early tomorrow morning for Brussels. I arrive in Brussels via Eurostar around midday. I’ll check into my hotel and then take a walk to the Cisco campus and see where I need to be Friday morning.
I’ll then just chill out, or at least try to.
Exam starts 08:15 Brussels time Friday morning.
Then it’s a bit of a wait. This is a problem doing the exam on a Friday :(
Let’s see what happens…
No updates recently due to my lab date bearing down on me fast. I’ve installed a countdown app in the top right corner for all to see :O
Routing over frame-relay is pretty straightforward. Once you work out the differences between point to point and point to multipoint you’re pretty much set.
But what happens when you get to the lab and they require you to switch over frame-relay? Or have a point-to-point link through another router, but not running frame-relay switching? Or what about back to back frame-relay where no frame-relay switch is involved?
All of the above are actually not difficult, as long as you configure them each as least once.
Consider the following simply topology:
The task we’ve been given is for R1 to be a frame-relay switch. R2 and R3 need to communicate over a point to point link. The DLCI for R2 will be 203 and the DLCI for R3 will be 302. Let’s first configure R2 and R3 as a basic point-to-point:
R2:
R2#sh run | sec Serial0/0 interface Serial0/0 no ip address encapsulation frame-relay no frame-relay inverse-arp interface Serial0/0.203 point-to-point ip address 10.23.23.2 255.255.255.0 frame-relay interface-dlci 203
R3:
R3#sh run | sec Serial0/0 interface Serial0/0 no ip address encapsulation frame-relay no frame-relay inverse-arp interface Serial0/0.302 point-to-point ip address 10.23.23.3 255.255.255.0 frame-relay interface-dlci 302
At this point, let’s have a look at the PVCs from R2′s perspective:
R2#show frame pvc | include DLCI DLCI = 203, DLCI USAGE = LOCAL, PVC STATUS = DELETED, INTERFACE = Serial0/0.203
Remember DELETED means that the frame-switch has no idea about the DLCI that R2 is talking about. So let’s now configure R1 as a frame-relay switch. It’s a 3 step process. Tell the device it’s going to be a frame-relay switch. Tell the router which interfaces are going to be DCEs. And finally tell the router which DLCIs are going to be switched from one interface to another.
R1:
frame-relay switching ! interface Serial0/0 no ip address encapsulation frame-relay clock rate 128000 frame-relay intf-type dce frame-relay route 203 interface Serial0/1 302 ! interface Serial0/1 no ip address encapsulation frame-relay clock rate 128000 frame-relay intf-type dce frame-relay route 302 interface Serial0/0 203
Let’s take a look at R2 again:
R2:
R2#show frame pvc | include DLCI DLCI = 203, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.203 R2#ping 10.23.23.3 repeat 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 10.23.23.3, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 1/11/132 ms
To quickly see what routes are configured on the frame-switch, just do this:
R1#show frame-relay route Input Intf Input Dlci Output Intf Output Dlci Status Serial0/0 203 Serial0/1 302 active Serial0/1 302 Serial0/0 203 active
You can of course have multiple map statements referencing different DLCIs under each DCE interface like you would expect!
Now let’s change the topology:
This time they want to run OSPF between R2 and R3. They want the OSPF network type to be broadcast. These broadcasts need to go through R1, but R1 is NOT a frame-relay switch this time. To make sure we don’t somehow bounce things of R1′s IP address, we’ll configure a /31 between R2 and R3. Essentially we’ll be bridging through R1′s frame-relay interfaces.
Let’s create the bridge-group on R2 first. R3′s will almost match, just the DLCI and IP will change:
R2:
bridge irb ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay map bridge 201 broadcast bridge-group 1 ! interface BVI1 ip address 10.23.23.2 255.255.255.254 ip ospf network broadcast ip ospf 1 area 0 ! bridge 1 protocol ieee bridge 1 route ip
The important part to notice about this is the frame-relay map bridge command. As noted above, the config on R3 is pretty identical. This is R1′s config:
R1:
bridge irb ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay map bridge 102 broadcast frame-relay interface-dlci 102 bridge-group 1 ! interface Serial0/1 no ip address encapsulation frame-relay frame-relay map bridge 103 broadcast frame-relay interface-dlci 103 bridge-group 1 ! bridge 1 protocol ieee
Does it all work?
R2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.23.23.3 1 FULL/DR 00:00:32 10.23.23.3 BVI1 R2#ping 10.23.23.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.23.23.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 132/152/192 ms
Let’s move onto the last topic, back to back frame-relay. You have the following topology:
The tasks states that you need to run frame-relay, but there is no frame-relay switch involved. We don’t even get DLCI numbers on the diagram.
For back-to-back frame-relay to work we essentially turn off our keepalives. The keepalives will be looking for the LMI messages which simply don’t exist. We then hard code the DLCI number on both sides. These DLCI numbers need to MATCH however.
Let’s configure it up:
R1:
interface Serial0/0 ip address 10.23.23.3 255.255.255.0 encapsulation frame-relay no keepalive clock rate 2000000 frame-relay map ip 10.23.23.2 100 no frame-relay inverse-arp R1#ping 10.23.23.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.23.23.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/28/72 ms R1#show frame pvc | include DLCI DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = Serial0/0
You can see the PVC is static, and communication is working just fine.
This will be a short post.
I’ve mentioned it before, but let’s say you have a task which requires you to filters updates through a route-map. For some reason the task states you’re only allowed to use an ACL, not a prefix-list.
You are able to use an extended ACL as a prefix list.
Let’s use this simple topology:
R1 has a bunch of loopbacks. R1 and R2 are running EIGRP with each other. I’ve configured R1 to redistribute all connected routes into EIGRP.
R1′s loopbacks:
interface Loopback2 ip address 2.2.2.2 255.255.255.0 ! interface Loopback3 ip address 3.3.3.3 255.255.255.248 ! interface Loopback4 ip address 4.4.4.4 255.255.255.0 ! interface Loopback5 ip address 5.5.5.5 255.255.255.255 ! interface Loopback6 ip address 5.5.5.50 255.255.255.248
R2 sees all of these EIGRP routes in it’s RIB:
R2#show ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D EX 2.2.2.0 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
3.0.0.0/29 is subnetted, 1 subnets
D EX 3.3.3.0 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
4.0.0.0/24 is subnetted, 1 subnets
D EX 4.4.4.0 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
5.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D EX 5.5.5.5/32 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
D EX 5.5.5.48/29 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
Now the task states that I need to ensure 5.5.5.48/29 is redistributed, but not 5.5.5.5/32 – I’m not allowed to use a prefix-list and I’m not allowd to use a route-map that matches an interface.
If we then use a regular ACL, we’ll end up redistributing 5.5.5.5/32 as well if we’re not careful. What actually happens if the tasks says we need to redistribute all subnets that are /29 only. This would be 3.3.3.3/29 and 5.5.5.5.48/29
The simple answer is the extended list. Let’s do all /29s:
access-list 150 permit ip host 3.3.3.0 host 255.255.255.248 access-list 150 permit ip host 5.5.5.48 host 255.255.255.248 ! route-map SLASH29 permit 10 match ip address 150 ! router eigrp 1 redistribute connected metric 1 1 1 1 1 route-map SLASH29
Basically the ‘source’ becomes the IP address and the ‘destination’ becomes the subnet mask.
Does it work? Let’s take a look:
R2:
R2#sh ip route eigrp
3.0.0.0/29 is subnetted, 1 subnets
D EX 3.3.3.0 [170/2560002816] via 1.1.1.1, 00:02:12, FastEthernet0/0
5.0.0.0/29 is subnetted, 1 subnets
D EX 5.5.5.48 [170/2560002816] via 1.1.1.1, 00:01:30, FastEthernet0/0
So yes it works just fine. But really in the real world you would be using the far more powerful prefix-list…
Comments