Thursday, February 25, 2010
Wednesday, February 24, 2010
simple HSRP - inter vlan routing with external router (subinterface)
in this lab i just use 1 vlan, it didn't work when i have multiple vlan. will work around to solve this problem.
primary gateway is on R1, everytime R1 fail, R2 will take over the gateway.
configure sub interface for fa 0/1 on R1
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
description MG VLAN
encapsulation dot1Q 1 native //follow the vlan number, in this case HSRP for vlan 1
ip address 172.16.1.2 255.255.255.0
standby 1 ip 172.16.1.9 //choose a group number, must be same with the other side
standby 1 priority 150 //default value is 100, higher number got the priority to be primary
configure sub interface for fa 0/0 on R2
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 172.16.1.3 255.255.255.0
standby 1 ip 172.16.1.9
configure the password for telnet (line vty) on all devices to test the telnet connectivity later
line vty 0 4
password cisco
login
give an ip address for interface vlan 1 on switch (routed interface for this vlan)
interface Vlan1
ip address 172.16.1.1 255.255.255.0
set port to be trunked to the router
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
everything should work fine now, let's try
make sure both physical gateway and the HSRP/logical gateway are pingable from DLS1
previously we configure so R1 will have the higher priority, so it'll always be the primary. to confirm this, telnet to 172.16.1.9 from DLS1
good, now everything work as it should. what happen if the primary fail? and how long does it takes before HSRP notice and reroute the traffic? let's do the continuous ping from DLS1 to 172.16.1.9 and disconnect DLS1->R1 connection to know how many packet will be dropped before they change to secondary
by default HSRP will send hello packet to it's peer every 3 second, if the peer didn't reply within 3 hello packet then it's assumed as death, then secondary gateway will take over.
show standby to see the details for the standby configuration
cheers !
Cisco Router password recovery
please note that this routine may not work on some Cisco models
----
reboot the router by power off and on the device
when it started to boot, press break key while holding the control key
this will bring you to the rommon mode, once in, type confeg
1st option will prompted 'do you wish to change the configuration? y/n [n]:' answer with 'y'
after that press 'n' for all the option except this line 'enable "ignore system config info"? y/n [n]:',
type 'y'
then type reset
----
reboot the router by power off and on the device
when it started to boot, press break key while holding the control key
this will bring you to the rommon mode, once in, type confeg
1st option will prompted 'do you wish to change the configuration? y/n [n]:' answer with 'y'
after that press 'n' for all the option except this line 'enable "ignore system config info"? y/n [n]:',
type 'y'
then type reset
after reboot, you will notice from the show version that your register now is set to 0x2142, this is config bypass mode
if you want to keep previous startup config, copy startup to running config
then change the password
if you want a fresh start, just simply erase starup config by overwrite running into startup config
last !! don't forget to change register to normal mode again, type config-register 0x2102, copy run star and reboot
Tuesday, February 23, 2010
Inter VLAN routing with CEF - GNS3
Place your GNS3 router as below, i use Cisco 3640 with additional slot NM-16ESW to act as a layer 3 switch
port 12 access port for vlan 200
port 13 trunk, dot1q encapsulation
create vlan 100 and 200 on router
Router>en
Router#vlan da
Router(vlan)#vla 100
repeat the same to create vlan 200
enable inter vlan routing
Router(config)#ip routing
Router(config)#
configure the vlan interface(routed interface for that vlan), vlan 1 is for management
interface Vlan1
ip address 172.16.1.1 255.255.255.0
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.0
*always remember to no shutdown on interface, by default, like router, the interface is shutdown, unlike switch. Once the interface is up, trunk will work then the int vlan will be up
Router(config)#int fa 0/1
Router(config-if)#switchport trun encap dot1 //set the encapsulation
Router(config-if)#switchport mo trunk //set to trunk unconditionally
Now you should be able to ping from host on vlan 100 and 200 to the 192.168.100.1 and 192.168.200.1
VPCS 2 >ping 192.168.100.1
192.168.100.1 icmp_seq=1 time=5.188 ms
192.168.100.1 icmp_seq=2 time=3.645 ms
192.168.100.1 icmp_seq=3 time=3.547 ms
192.168.100.1 icmp_seq=4 time=20.745 ms
192.168.100.1 icmp_seq=5 time=34.342 ms
VPCS 2 >ping 192.168.200.1
192.168.200.1 icmp_seq=1 time=3.296 ms
192.168.200.1 icmp_seq=2 time=12.255 ms
192.168.200.1 icmp_seq=3 time=4.190 ms
192.168.200.1 icmp_seq=4 time=2.341 ms
192.168.200.1 icmp_seq=5 time=17.070 ms
you can use this command to check on the CEF status
show ip int vlan 100
Router#sh ip int vlan 100
Vlan100 is up, line protocol is up
Internet address is 192.168.100.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
sh ip route to show all the connected subnet
show ip int vlan 100
Router#sh ip int vlan 100
Vlan100 is up, line protocol is up
Internet address is 192.168.100.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
show ip cef summary
show ip cef
sh ip route to show all the connected subnet
Friday, February 19, 2010
GNS3 - install and configure VPCS to use with Linux (ubuntu)
1.download from here VPCS
2.extract and look for vpcs (vpcs.exe is for windows)
3.open terminal - issue command chmod +x vpcs
4.issue command gedit startup.vpc to configure the ip address, mask and gateway for VPCS.
add same line like picture below
put # for the rest of the line
5.now start VPCS use command ./vpcs (start)
use show to see all the configured ip address
6.open gns3 -> edit -> symbol manager
7.choose pc symbol from 'available symbol' to 'customized nodes'
on name = anyname ie, pc1
on type = cloud
click ok
8.drag n drop pc1 n pc2 in GNS3
double click on pc1
click on 'C0'
go to tab 'NIO UDP'
hold....
7.go back to step 4
now check n remember the LPORT n RPOR
8.resume step (7)
on local port put rport value
on remote port put lport value
on remote host put 127.0.0.1
click add
do the same for pc2
2.extract and look for vpcs (vpcs.exe is for windows)
3.open terminal - issue command chmod +x vpcs
4.issue command gedit startup.vpc to configure the ip address, mask and gateway for VPCS.
add same line like picture below
5.now start VPCS use command ./vpcs (start)
use show to see all the configured ip address
6.open gns3 -> edit -> symbol manager
on name = anyname ie, pc1
on type = cloud
click ok
double click on pc1
click on 'C0'
go to tab 'NIO UDP'
hold....
7.go back to step 4
now check n remember the LPORT n RPOR
8.resume step (7)
on local port put rport value
on remote port put lport value
on remote host put 127.0.0.1
click add
do the same for pc2
9.add switch to test the connectivity
10.go to vpcs and ping to each others
to navigate from 1 pc to another, simply type the number
Thursday, February 18, 2010
Inter-VLAN routing with External Router
in this GNS3 lab, i'll use router C3640 with additional module NM-16ESW to act as S1 and S2
-----------------------------------------------------------------------------------------------------------
ISP Conf
VLAN can only configured in vlan database mode (command : vlan database) at priviledge-level
set VTP domain
S2#vlan database
S2(vlan)#vtp domain lab
Domain name already set to lab .
S2(vlan)#vtp client //for S1 set this to client
create VLAN
S1#vlan database
S1(vlan)#vlan 100 name HR //repeat this step to create vlan 200 for Branch
VLAN 100 modified:
Name: HR
use show vlan-switch to display vlan information
-----------------------------------------------------------------------------------------------------------
ISP Conf
-----------------------------------------------------------------------------------------------------------
Current configuration : 772 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
interface Loopback0
ip address 200.200.200.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.0
clock rate 56000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
ip route 172.16.0.0 255.255.0.0 192.168.1.2 //static route for data to 172.16.x.x
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
GW Conf
-----------------------------------------------------------------------------------------------------------
Building configuration...
Current configuration : 1116 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex //if there is duplex miss match, set it to full
!
interface FastEthernet0/0.1
description MG VLAN 1
encapsulation dot1Q 1 native
ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0.100
description VLAN 100
encapsulation dot1Q 100 //put the number corresponding to the Vlan number for this int
ip address 172.16.100.1 255.255.255.0
!
interface FastEthernet0/0.200
description VLAN 200
encapsulation dot1Q 200
ip address 172.16.200.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
SW1 Conf
-----------------------------------------------------------------------------------------------------------
Current configuration : 1195 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport mode trunk //trunk port to GW
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
switchport access vlan 100 //connect host to here, ping other host on vlan 200 to check connectivity
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
channel-group 1 mode on //issue show etherchannel summary to see the detail of this interface
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
ip address 172.16.1.101 255.255.255.0 //management vlan, telnet to this IP from GW/host to make sure everything work fine
!
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco //configure password for line vty to enable telnet session to here
login
!
!
end
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
SW2 Conf
-----------------------------------------------------------------------------------------------------------
Current configuration : 1218 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet0/0
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
switchport access vlan 200
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/12
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
ip address 172.16.1.102 255.255.255.0
!
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password class
login
line vty 5 15
password class
login
!
!
end
-----------------------------------------------------------------------------------------------------------
Subscribe to:
Posts (Atom)