Pages

Wednesday, February 24, 2010

simple HSRP - inter vlan routing with external router (subinterface)


This lab use 2 Cisco 2600 series router and 1 Cisco 3560 switch.
in this lab i just use 1 vlan, it didn't work when i have multiple vlan. will work around to solve this problem.

primary gateway is on R1, everytime R1 fail, R2 will take over the gateway.

configure sub interface for fa 0/1 on R1
 interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 description MG VLAN
 encapsulation dot1Q 1 native //follow the vlan number, in this case HSRP for vlan 1
 ip address 172.16.1.2 255.255.255.0
 standby 1 ip 172.16.1.9 //choose a group number, must be same with the other side
 standby 1 priority 150 //default value is 100, higher number got the priority to be primary

configure sub interface for fa 0/0 on R2
 interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 172.16.1.3 255.255.255.0
 standby 1 ip 172.16.1.9

configure the password for telnet (line vty) on all devices to test the telnet connectivity later
line vty 0 4
 password cisco
 login

give an ip address for interface vlan 1 on switch (routed interface for this vlan)
interface Vlan1
 ip address 172.16.1.1 255.255.255.0

set port to be trunked to the router
interface GigabitEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk

everything should work fine now, let's try

make sure both physical gateway and the HSRP/logical gateway are pingable from DLS1

previously we configure so R1 will have the higher priority, so it'll always be the primary. to confirm this, telnet to 172.16.1.9 from DLS1




good, now everything work as it should. what happen if the primary fail? and how long does it takes before HSRP notice and reroute the traffic? let's do the continuous ping from DLS1 to 172.16.1.9 and disconnect DLS1->R1 connection to know how many packet will be dropped before they change to secondary


by default HSRP will send hello packet to it's peer every 3 second, if the peer didn't reply within 3 hello packet then it's assumed as death, then secondary gateway will take over.

show standby to see the details for the standby configuration


cheers !

Cisco Router password recovery

please note that this routine may not work on some Cisco models
----

reboot the router by power off and on the device

when it started to boot, press break key while holding the control key

this will bring you to the rommon mode, once in, type confeg

1st option will prompted 'do you wish to change the configuration? y/n  [n]:' answer with 'y'

after that press 'n' for all the option except this line 'enable  "ignore system config info"? y/n  [n]:',
type 'y'

then type reset



after reboot, you will notice from the show version that your register now is set to 0x2142, this is config bypass mode

if you want to keep previous startup config, copy startup to running config
then change the password




if you want a fresh start, just simply erase starup config by overwrite running into startup config

last !! don't forget to change register to normal mode again, type config-register 0x2102, copy run star and reboot


Tuesday, February 23, 2010

Inter VLAN routing with CEF - GNS3


Place your GNS3 router as below, i use Cisco 3640 with additional slot NM-16ESW to act as a layer 3 switch

for the layer 2 switch, set the properties as below

port 11 access port for vlan 100
port 12 access port for vlan 200
port 13 trunk, dot1q encapsulation

create vlan 100 and 200 on router


Router>en
Router#vlan da
Router(vlan)#vla 100

repeat the same to create vlan 200

enable inter vlan routing

Router(config)#ip routing
Router(config)#

configure the vlan interface(routed interface for that vlan), vlan 1 is for management


interface Vlan1
 ip address 172.16.1.1 255.255.255.0
!
interface Vlan100
 ip address 192.168.100.1 255.255.255.0
!
interface Vlan200
 ip address 192.168.200.1 255.255.255.0

configure trunking

*always remember to no shutdown on interface, by default, like router, the interface is shutdown, unlike switch. Once the interface is up, trunk will work then the int vlan will be up

Router(config)#int fa 0/1
Router(config-if)#switchport trun encap dot1 //set the encapsulation
Router(config-if)#switchport mo trunk //set to trunk unconditionally


Now you should be able to ping from host on vlan 100 and 200 to the 192.168.100.1 and 192.168.200.1


VPCS 2 >ping 192.168.100.1
192.168.100.1 icmp_seq=1 time=5.188 ms
192.168.100.1 icmp_seq=2 time=3.645 ms
192.168.100.1 icmp_seq=3 time=3.547 ms
192.168.100.1 icmp_seq=4 time=20.745 ms
192.168.100.1 icmp_seq=5 time=34.342 ms


VPCS 2 >ping 192.168.200.1
192.168.200.1 icmp_seq=1 time=3.296 ms
192.168.200.1 icmp_seq=2 time=12.255 ms
192.168.200.1 icmp_seq=3 time=4.190 ms
192.168.200.1 icmp_seq=4 time=2.341 ms
192.168.200.1 icmp_seq=5 time=17.070 ms

you can use this command to check on the CEF status

show ip int vlan 100


Router#sh ip int vlan 100
Vlan100 is up, line protocol is up
  Internet address is 192.168.100.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled

show ip cef summary

show ip cef



sh ip route to show all the connected subnet


Friday, February 19, 2010

GNS3 - install and configure VPCS to use with Linux (ubuntu)

1.download from here VPCS

2.extract and look for vpcs (vpcs.exe is for windows)

3.open terminal - issue command chmod +x vpcs




4.issue command gedit startup.vpc to configure the ip address, mask and gateway for VPCS.
   add same line like picture below


   put # for the rest of the line



5.now start VPCS use command ./vpcs (start)
   use show to see all the configured ip address


6.open gns3 -> edit -> symbol manager



7.choose pc symbol from 'available symbol' to 'customized nodes'
    on name = anyname ie, pc1
    on type = cloud
    click ok



8.drag n drop pc1 n pc2 in GNS3
    double click on pc1
    click on 'C0'
    go to tab 'NIO UDP'
    hold....

7.go back to step 4
    now check n remember the LPORT n RPOR

8.resume step (7)
    on local port put rport value
    on remote port put lport value
    on remote host put 127.0.0.1
    click add
    do the same for pc2


9.add switch to test the connectivity

10.go to vpcs and ping to each others
     to navigate from 1 pc to another, simply type the number


Thursday, February 18, 2010

Inter-VLAN routing with External Router

in this GNS3 lab, i'll use router C3640 with additional module NM-16ESW to act as S1 and S2


VLAN can only configured in vlan database mode (command : vlan database) at priviledge-level

set VTP domain

S2#vlan database
S2(vlan)#vtp domain lab
Domain name already set to lab .
S2(vlan)#vtp client //for S1 set this to client


create VLAN 

S1#vlan database
S1(vlan)#vlan 100 name HR //repeat this step to create vlan 200 for Branch
VLAN 100 modified:
    Name: HR

use show vlan-switch to display vlan information


-----------------------------------------------------------------------------------------------------------
ISP Conf
-----------------------------------------------------------------------------------------------------------
Current configuration : 772 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
interface Loopback0
 ip address 200.200.200.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 192.168.1.1 255.255.255.0
 clock rate 56000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
!
ip route 172.16.0.0 255.255.0.0 192.168.1.2 //static route for data to 172.16.x.x
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
GW Conf
-----------------------------------------------------------------------------------------------------------
Building configuration...

Current configuration : 1116 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex //if there is duplex miss match, set it to full
!
interface FastEthernet0/0.1
 description MG VLAN 1
 encapsulation dot1Q 1 native
 ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0.100
 description VLAN 100
 encapsulation dot1Q 100 //put the number corresponding to the Vlan number for this int
 ip address 172.16.100.1 255.255.255.0
!
interface FastEthernet0/0.200
 description VLAN 200
 encapsulation dot1Q 200
 ip address 172.16.200.1 255.255.255.0
!
interface Serial0/0
 ip address 192.168.1.2 255.255.255.0
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
end
-----------------------------------------------------------------------------------------------------------


-----------------------------------------------------------------------------------------------------------
SW1 Conf
-----------------------------------------------------------------------------------------------------------
Current configuration : 1195 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 switchport mode trunk //trunk port to GW
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
 switchport access vlan 100 //connect host to here, ping other host on vlan 200 to check connectivity
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/12
 switchport mode trunk
 channel-group 1 mode on //issue show etherchannel summary to see the detail of this interface
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
 ip address 172.16.1.101 255.255.255.0 //management vlan, telnet to this IP from GW/host to make sure everything work fine
!
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
line vty 5 15
 password cisco //configure password for line vty to enable telnet session to here
 login
!
!
end
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
SW2 Conf
-----------------------------------------------------------------------------------------------------------
Current configuration : 1218 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
interface Port-channel1
 switchport mode trunk
!
interface FastEthernet0/0
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
 switchport access vlan 200
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/12
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
 ip address 172.16.1.102 255.255.255.0
!
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password class
 login
line vty 5 15
 password class
 login
!
!
end
-----------------------------------------------------------------------------------------------------------