not so easy task. very much dependend on IOS software version.
For 3640 best is 12.3(14)T7
With 12.2 and 12.4 i was not able to achieve desired functionality.
the main steps are.
1. On Server site is to enable DHCP server to deliver ip addresses from pool.
2. On Client use ip address dhcp to receive /24 address for ppp interface!!!
3. On both sites use ip ospf mtu-ignore to ignore DDR packet mtu setting (both sides has different mtu sizes)
here goes configurations:
client:
R3#
!
interface Dialer1
ip address dhcp
encapsulation ppp
ip ospf mtu-ignore
no peer neighbor-route ## this removes connected route to peer - sometimes this can help avoid some ospf flapping
dialer pool 1
dialer idle-timeout 0
dialer persistentend
!
!
interface Virtual-Template2
ip address 150.1.40.1 255.255.255.0
ip ospf mtu-ignore
no peer neighbor-route ## this removes connected route to peer - sometimes this can help avoid some ospf flapping
peer default ip address dhcp-pool test_02
!
main paroblem that can occur running ospf on dial interface is mtu mismach between peers. usualu dialer (client) gets 1500 and virtual-access gets 1492 (server calculates actual one)
ospf will stuck EXCHANGE state - because DDR packet is can not fit into 1500 packet.
thereis two options:
1. use ip ospf mtu-ignore on the interface configuration level
2. make dialer interface mtu = virtual-access mtu
interface Dialer1
mtu 1492
ip address dhcp
encapsulation ppp
dialer pool 1
dialer persistent
end
very good explanation about mtu issues is no Ivan Pepelnjak's site:
http://ioshints.blogspot.com/2007/10/tale-of-three-mtus.html
Monday, 22 October 2007
Thursday, 18 October 2007
PPPoE session authentication PAP and CHAP
The same story but pppoe session must be authorized
A) pppoe authorized using pap
here R3 (client) sends pap username and password and R4 authorizes him
note !!! R3 accepts connection from R4 without any consideration
one line added to client interface configuration:
#R3
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp pap sent-username test password 0 test
!
On the server
#R4
!
aaa new-model
!
!
aaa authentication ppp ppp_local local
aaa authentication ppp list1 local
!
username test password 0 test
!
interface Virtual-Template2
ip unnumbered Loopback0
peer default ip address pool test_01
ppp authentication pap ## we are authetticating client using pap
!
ip local pool test_01 150.1.34.2
Please look at previous configuration for compleate configuration script!!!
A.1) now i am authetticating both sides (server author client and client author server)
R4#
!
username R3 password 0 CISCO
!
interface Virtual-Template1
ip address 10.10.10.1 255.255.255.0
no peer neighbor-route
peer default ip address dhcp-pool test_01
ppp authentication pap
ppp pap sent-username R4 password 0 CISCO
end
R3#
!
username R4 password 0 CISCO
!
!interface Dialer1
mtu 1492
ip address dhcp
encapsulation ppp
dialer pool 1
dialer persistent
ppp authentication
pap ppp pap sent-username R3 password 0 CISCO
end
B) pppoe authorized using chap
#R3
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp chap hostname testaz
ppp chap password 0 testaz
!
On the server
#R4
!
aaa new-model
!
!
aaa authentication ppp chap_local loca
aaa authentication ppp list1 local
!
username testaz password 0 testaz
!
interface Virtual-Template2
ip unnumbered Loopback0
peer default ip address pool test_01
ppp authentication chap chap_local
!
ip local pool test_01 150.1.34.2
Please look at previous configuration for compleate configuration script!!!
A) pppoe authorized using pap
here R3 (client) sends pap username and password and R4 authorizes him
note !!! R3 accepts connection from R4 without any consideration
one line added to client interface configuration:
#R3
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp pap sent-username test password 0 test
!
On the server
#R4
!
aaa new-model
!
!
aaa authentication ppp ppp_local local
aaa authentication ppp list1 local
!
username test password 0 test
!
interface Virtual-Template2
ip unnumbered Loopback0
peer default ip address pool test_01
ppp authentication pap ## we are authetticating client using pap
!
ip local pool test_01 150.1.34.2
Please look at previous configuration for compleate configuration script!!!
A.1) now i am authetticating both sides (server author client and client author server)
R4#
!
username R3 password 0 CISCO
!
interface Virtual-Template1
ip address 10.10.10.1 255.255.255.0
no peer neighbor-route
peer default ip address dhcp-pool test_01
ppp authentication pap
ppp pap sent-username R4 password 0 CISCO
end
R3#
!
username R4 password 0 CISCO
!
!interface Dialer1
mtu 1492
ip address dhcp
encapsulation ppp
dialer pool 1
dialer persistent
ppp authentication
pap ppp pap sent-username R3 password 0 CISCO
end
B) pppoe authorized using chap
#R3
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp chap hostname testaz
ppp chap password 0 testaz
!
On the server
#R4
!
aaa new-model
!
!
aaa authentication ppp chap_local loca
aaa authentication ppp list1 local
!
username testaz password 0 testaz
!
interface Virtual-Template2
ip unnumbered Loopback0
peer default ip address pool test_01
ppp authentication chap chap_local
!
ip local pool test_01 150.1.34.2
Please look at previous configuration for compleate configuration script!!!
Wednesday, 17 October 2007
PPPoE on Cisco routers (ip address asigment dynamic from server)
after several investigations have working configuration.
main requirement is to assign ip address for pppoe session for client (R3) from server (R4)
here goes config:
vpdn enable
!
!
!
!
interface Ethernet0/0
no ip address
full-duplex
pppoe enable
pppoe-client
dial-pool-number 1
!
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 2
!
!
interface Loopback100
ip address 150.1.34.1 255.255.255.255
!
!
interface Virtual-Template2
ip unnumbered Loopback100
peer default ip address pool test_01
!
ip local pool test_01 150.1.34.2
main tips:
1. on Client (R3) ip address negotiated in dialer intrface must be used
2. on Server (R4) under virtual-template 2 must use some ip unnumbered interface. Otherwise interface comes up but no ip address from local pool is asigned. Configuration was working in WB presentation, but in real lab not!!!
some outputs:
R3#sho ip ro
150.1.0.0/32 is subnetted, 2 subnets
C 150.1.34.1 is directly connected, Dialer1
C 150.1.34.2 is directly connected, Dialer1
R3#
R4#sho ip int b
Interface IP-Address OK? Method Status ProtocolEthernet0/0 unassigned YES NVRAM up up Ethernet0/1 unassigned YES NVRAM administratively down down Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down Serial1/0 unassigned YES NVRAM administratively down down Serial1/1 unassigned YES NVRAM administratively down down Serial1/2 unassigned YES NVRAM administratively down down Serial1/3 unassigned YES NVRAM administratively down down Virtual-Access1 unassigned YES unset up up Virtual-Access1.1 150.1.34.1 YES TFTP up up Virtual-Template1 unassigned YES NVRAM down down Virtual-Access2 unassigned YES unset down down Virtual-Template2 150.1.34.1 YES TFTP down down Loopback0 unassigned YES unset up up Loopback100 150.1.34.1 YES manual up up
main requirement is to assign ip address for pppoe session for client (R3) from server (R4)
here goes config:
vpdn enable
!
!
!
!
interface Ethernet0/0
no ip address
full-duplex
pppoe enable
pppoe-client
dial-pool-number 1
!
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 2
!
!
interface Loopback100
ip address 150.1.34.1 255.255.255.255
!
!
interface Virtual-Template2
ip unnumbered Loopback100
peer default ip address pool test_01
!
ip local pool test_01 150.1.34.2
main tips:
1. on Client (R3) ip address negotiated in dialer intrface must be used
2. on Server (R4) under virtual-template 2 must use some ip unnumbered interface. Otherwise interface comes up but no ip address from local pool is asigned. Configuration was working in WB presentation, but in real lab not!!!
some outputs:
R3#sho ip ro
150.1.0.0/32 is subnetted, 2 subnets
C 150.1.34.1 is directly connected, Dialer1
C 150.1.34.2 is directly connected, Dialer1
R3#
R4#sho ip int b
Interface IP-Address OK? Method Status ProtocolEthernet0/0 unassigned YES NVRAM up up Ethernet0/1 unassigned YES NVRAM administratively down down Ethernet0/2 unassigned YES NVRAM administratively down down Ethernet0/3 unassigned YES NVRAM administratively down down Serial1/0 unassigned YES NVRAM administratively down down Serial1/1 unassigned YES NVRAM administratively down down Serial1/2 unassigned YES NVRAM administratively down down Serial1/3 unassigned YES NVRAM administratively down down Virtual-Access1 unassigned YES unset up up Virtual-Access1.1 150.1.34.1 YES TFTP up up Virtual-Template1 unassigned YES NVRAM down down Virtual-Access2 unassigned YES unset down down Virtual-Template2 150.1.34.1 YES TFTP down down Loopback0 unassigned YES unset up up Loopback100 150.1.34.1 YES manual up up
Monday, 15 October 2007
PPPoE on Cisco routers (ip address asigment statical)
This topic goes about PPPoE issues on Cisco routers.
link about brodband termination on 7200
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e43.shtml
Just started this topic when i am in Belgrade. To be compleated later :)
It is true - thereis not so much information about pppoe in Cisco site.
Some information from simulations.
a) R3 is client and R4 is server. Ip addresses assigned staticaly.
hostname R3
vpdn enable
! interface Ethernet0/0
no ip address
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
!
interface Dialer1
ip address 150.1.34.3 255.255.255.0
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
!
!
hostname R4
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
!
!
!
!
interface Ethernet0/0
no ip address
full-duplex
pppoe enable
!
!
interface Virtual-Template1
ip address 150.1.34.4 255.255.255.0
!
some outputs:
R4#sho vpdn session
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Session Information Total tunnels 1 sessions 1
PPPoE Session InformationUID SID RemMAC OIntf Intf Session LocMAC VASt state 1 1 cc02.1d68.0000 Et0/0 Vi1.1 CNCT_PTA cc03.1d68.0000 UP
R3#sho vpdn session
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Session Information Total tunnels 1 sessions 1
PPPoE Session InformationUID SID RemMAC OIntf Intf Session LocMAC VASt state 0 1 cc03.1d68.0000 Et0/0 Vi2 N/A cc02.1d68.0000 UP
R3#sho ip int b
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 unassigned YES unset administratively down down
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Dialer1 150.1.34.3 YES manual up up
R3#
R4#sho ip int bInterface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 unassigned YES unset administratively down down
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Virtual-Access1.1 150.1.34.4 YES TFTP up up
Virtual-Template1 150.1.34.4 YES manual down down
Virtual-Access2 unassigned YES unset down down
R4#
compleated with it in Prague airport
link about brodband termination on 7200
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e43.shtml
Just started this topic when i am in Belgrade. To be compleated later :)
It is true - thereis not so much information about pppoe in Cisco site.
Some information from simulations.
a) R3 is client and R4 is server. Ip addresses assigned staticaly.
hostname R3
vpdn enable
! interface Ethernet0/0
no ip address
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
!
interface Dialer1
ip address 150.1.34.3 255.255.255.0
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
!
!
hostname R4
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
!
!
!
!
interface Ethernet0/0
no ip address
full-duplex
pppoe enable
!
!
interface Virtual-Template1
ip address 150.1.34.4 255.255.255.0
!
some outputs:
R4#sho vpdn session
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Session Information Total tunnels 1 sessions 1
PPPoE Session InformationUID SID RemMAC OIntf Intf Session LocMAC VASt state 1 1 cc02.1d68.0000 Et0/0 Vi1.1 CNCT_PTA cc03.1d68.0000 UP
R3#sho vpdn session
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Session Information Total tunnels 1 sessions 1
PPPoE Session InformationUID SID RemMAC OIntf Intf Session LocMAC VASt state 0 1 cc03.1d68.0000 Et0/0 Vi2 N/A cc02.1d68.0000 UP
R3#sho ip int b
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 unassigned YES unset administratively down down
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Access2 unassigned YES unset up up
Dialer1 150.1.34.3 YES manual up up
R3#
R4#sho ip int bInterface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 unassigned YES unset administratively down down
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Virtual-Access1.1 150.1.34.4 YES TFTP up up
Virtual-Template1 150.1.34.4 YES manual down down
Virtual-Access2 unassigned YES unset down down
R4#
compleated with it in Prague airport
Saturday, 13 October 2007
Ethernet switching
Ethernet switching in SP lab is not a big part. You can not make a lot with two switches.
So basic topics will be:
So basic topics will be:
- VTP
- STP
- EtherChannel
First topic is VTP.
Best resource is CCO:
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml
It can operate in 3 modes:
- Server - (this is default mode) all local vlan database chages are propagated to vtp domain members.
- Client - do not modify vlan information just listens.
- Transparent - do not participate in vtp related activities (no vtp adverts, no vtp database synchros). VTP messages received from other sw are transparently forwarded to neighbors.
Basic config:
vtp mode server
vtp domain ilikecisco
vtp password hmm
remarks from vtp issues
default version in witch SW operates by default is 2
Rack1SW1#sho vtp status VTP Version : 2Configuration Revision : 2Maximum VLANs supported locally : 256Number of existing VLANs : 6VTP Operating Mode : ServerVTP Domain Name : ciscoVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x6D 0x53 0x36 0xBC 0x9D 0x79 0x02 0x1A Configuration last modified by 0.0.0.0 at 3-1-93 03:13:31Local updater ID is 0.0.0.0 (no valid interface found)
Some VTP tips:
- if switch comes with higher VTP rewision number - he wins. it means his VLAN information is used in domain.
- diff between ver 1 and 2. if sw is running ver 1 transparent mode and vtp advertisment from another domain is comming - it is dropped. if sw is running ver 2 then this advertisment is propagated (forwarded) - want to say this info was conducted from Shiran Guez blog ;)
Second topic is STP (first need to determine what level of knowledge is needed for the lab)
Etherchannel section
nothing very special:configuration very straight forward
!interface Port-channel1 switchport mode trunk no ip address!!interface FastEthernet1/13 switchport mode trunk no ip address channel-group 1 mode on!interface FastEthernet1/14 switchport mode trunk no ip address channel-group 1 mode on!interface FastEthernet1/15 switchport mode trunk no ip address channel-group 1 mode on!
main problem arrises when vlan filtering is enabled on ports individualy. in such conditions sw will remove port from group.
just passed my CCIE SP written
on 2007 10 11 i have passes my 350-029 exam. first try was in april and i failed to achieve 69%. 60% was not enought.
This time was perfect with 98%
Not much time for joy. Lets go with lab preparations. It will not be easy because i am starting it without existing routing/switching certification.
This time was perfect with 98%
Not much time for joy. Lets go with lab preparations. It will not be easy because i am starting it without existing routing/switching certification.
Subscribe to:
Posts (Atom)