Access Lists, Wildcard Masks, and Binary Math

 <  Free Open Study  >  

Lab 26: Transparent Bridging, Remote Source-Route Bridging, LSAP Filtering ”Part II

Lab Walkthrough

Configure the Frame Relay switch and attach the four routers in a back-to-back manner to the Frame switch. Use V.35 cables or CSU/DSUs with crossover cables to connect the routers. Create the three Ethernet LANs and two Token Ring LANs by the use of switches or hubs/MAUs, as illustrated in Figure 13-45.

When the physical connections are complete, assign IP addresses to all LAN and WAN interfaces, as depicted in Chapter 11, "Hybrid: Enhanced Interior Gateway Routing Protocol (EGIRP)."

Example 13-44 Frame Relay and EIGRP Configurations of wolf, lone_rhino, and beerbelly
  hostname wolf   !  <<<text omitted>>>  !   interface Serial0   no ip address   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache   logging event subif-link-status   logging event dlci-status-change   frame-relay lmi-type cisco   !   interface Serial0.1 multipoint   ip address 172.16.1.1 255.255.255.0   no ip directed-broadcast    no ip split-horizon eigrp 2001  graphics/u2190.gif Split horizon disabled    frame-relay map ip 172.16.1.5 110 broadcast  graphics/u2190.gif Map statement to lone_rhino    frame-relay map ip 172.16.1.6 130 broadcast  graphics/u2190.gif Map statement to trashman   !   interface Serial0.2 point-to-point   ip address 172.16.2.1 255.255.255.0   no ip directed-broadcast    frame-relay interface-dlci 180  graphics/u2190.gif Inverse ARP   !  <<<text omitted>>>  !    router eigrp 2001  graphics/u2190.gif Routing EIGRP   passive-interface Ethernet0   network 172.16.0.0   no auto-summary   !  _______________________________________________________________________  hostname lone_rhino   !  <<<text omitted>>>  !   interface Serial0   ip address 172.16.1.5 255.255.255.0   encapsulation frame-relay    frame-relay map ip 172.16.1.6 111 broadcast  graphics/u2190.gif Map statement to trashman    frame-relay map ip 172.16.1.1 111 broadcast  graphics/u2190.gif Map statement to wolf   !  <<<text omitted>>>  !    router eigrp 2001  graphics/u2190.gif Routing EIGRP   network 172.16.0.0   no auto-summary   !  _______________________________________________________________________  hostname trashman   !   <<<text omitted>>>   !   interface Serial0   ip address 172.16.1.6 255.255.255.0   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache    frame-relay map ip 172.16.1.5 131 broadcast  graphics/u2190.gif Map statement to lone_rhino    frame-relay map ip 172.16.1.1 131 broadcast  graphics/u2190.gif Map statement to wolf   frame-relay lmi-type cisco   !  <<<text omitted>>>  !    router eigrp 2001  graphics/u2190.gif Routing EIGRP   network 172.16.0.0   no auto-summary   !  _______________________________________________________________________  hostname beerbelly   !  <<<text omitted>>>  !   interface Serial0   ip address 172.16.2.2 255.255.255.0   encapsulation frame-relay   frame-relay interface-dlci 181   frame-relay lmi-type cisco   !  <<<text omitted>>>  !   router eigrp 2001   network 172.16.0.0   no auto-summary   !  

After the Frame Relay network is configured and you have full IP reachability, you can begin to configure the bridging environment.

Your first task is to configure transparent bridging between the Ethernet segments of the wolf, lone_rhino, and trashman routers. You also must set the root of the Spanning Tree to be the wolf router. To accomplish this, you can follow this three-step configuration task list:

Step 1. Configure a bridge number and Spanning Tree for that bridge.

Step 2. Configure the interfaces to be a part of that bridge group .

Step 3. Configure a root bridge.

Beginning with Step 1, use the router command bridge-group 1 protocol ieee to create the bridge group on all the routers that you want to configure transparent bridging on. Step 2 involves assigning the physical or logical interfaces to the bridge group that you created. This is done with the interface command bridge-group 1. On Frame Relay multipoint interfaces, such as the S0.1 interface on wolf and the s0 interfaces on lone_rhino and trashman, you need to configure a frame-relay map bridge statement. Example 13-45 demonstrates Steps 1 and 2 being performed on the wolf router.

Example 13-45 Transparent Bridging Configuration on the wolf Router
 wolf(config)#  bridge 1 protocol ieee  wolf(config)#  interface ethernet 0  wolf(config-if)#  bridge-group 1  wolf(config)#  interface serial 0.1  wolf(config-subif)#  bridge-group 1  wolf(config-subif)#  frame-relay map bridge 110 broadcast  wolf(config-subif)#  frame-relay map bridge 130 broadcast  wolf(config-subif)# 

Example 13-46 demonstrates the transparent bridging configuration on the lone_rhino router.

Example 13-46 Transparent Bridging Configuration on the lone_rhino Router
 lone_rhino(config)#  bridge 1 protocol ieee  lone_rhino(config)#  interface e0  lone_rhino(config-if)#  bridge-group 1  lone_rhino(config-if)#  exit  lone_rhino(config)#  interface s0  lone_rhino(config-if)#  bridge-group 1  lone_rhino(config-if)#  frame-relay map bridge 111 broadcast  

The configuration for transparent bridging on the trashman is nearly identical to the configuration on the lone_rhino router. The frame-relay map statement for the trashman router would read frame-relay map bridge 131 broadcast. At this point, transparent bridging is working. You can determine the status of the bridge with the show bridge command, as shown in Example 13-47.

Example 13-47 Viewing the Status of the Transparent Bridge
 trashman#  show bridge  Total of 300 station blocks, 295 free Codes: P - permanent, S - self Bridge Group 1:     Address       Action   Interface       Age   RX count   TX count 0060.5cf3.5e65   forward   Ethernet0        0          44          0 0050.5475.e1ad   forward   Serial0          0          10          0 0000.8108.caae   forward   Serial0          0          20          0 0000.863c.3b41   forward   Serial0          3           2          0 00e0.b05a.66e4   forward   Serial0          3           1          0 trashman# 

The bridge should start displaying MAC address and should be forwarding out the serial and Ethernet interfaces. If you are not seeing this, ensure that the Frame Relay and Ethernet interfaces are all in the same bridge group. Also be sure that you have frame-relay map statements for the bridge.

Step 3 calls for configuration of the root of Spanning Tree to be the wolf router. This model might not be the same for yours; the root of Spanning Tree is the trashman router. To check which router is the current root, use the show spanning-tree command . Example 13-48 demonstrates this command on the trashman router. Notice that trashman is the current root for STP.

Example 13-48 Viewing STP on the trashman Router
 trashman#  show spanning-tree  Bridge group 1 is executing the IEEE compatible Spanning Tree protocol   Bridge Identifier has priority 32768, address 0060.5cf3.5da4   Configured hello time 2, max age 20, forward delay 15  We are the root of the spanning tree  Port Number size is 9   Topology change flag not set, detected flag not set   Times:  hold 1, topology change 35, notification 2           hello 2, max age 20, forward delay 15   Timers: hello 1, topology change 0, notification 0   bridge aging time 300 Port 2 (Ethernet0) of Bridge group 1 is forwarding    Port path cost 100, Port priority 128    Designated root has priority 32768, address 0060.5cf3.5da4    Designated bridge has priority 32768, address 0060.5cf3.5da4    Designated port is 2, path cost 0    Timers: message age 0, forward delay 0, hold 0    BPDU: sent 0, received 0 Port 6 (Serial0 Frame Relay) of Bridge group 1 is forwarding    Port path cost 647, Port priority 128    Designated root has priority 32768, address 0060.5cf3.5da4    Designated bridge has priority 32768, address 0060.5cf3.5da4    Designated port is 6, path cost 0    Timers: message age 0, forward delay 0, hold 0    BPDU: sent 0, received 0 trashman# 

To change the root so that it resides on the wolf router, use the following global command on the wolf router:

 wolf(config)#  bridge 1 priority 100  

By viewing STP on the trashman router as demonstrated in Example 13-49, you can see that the root is now the wolf router and that the priority has been changed to 100.

Example 13-49 Viewing STP on the trashman Router
 trashman#  show spanning-tree  Bridge group 1 is executing the IEEE compatible Spanning Tree protocol   Bridge Identifier has priority 32768, address 0060.5cf3.5da4   Configured hello time 2, max age 20, forward delay 15  Current root has priority 100, address 00e0.1e58.e792   Root port is 6 (Serial0), cost of root path is 647  Port Number size is 9   Topology change flag not set, detected flag not set   Times:  hold 1, topology change 35, notification 2           hello 2, max age 20, forward delay 15   Timers: hello 0, topology change 0, notification 0   bridge aging time 300 Port 2 (Ethernet0) of Bridge group 1 is forwarding    Port path cost 100, Port priority 128    Designated root has priority 100, address 00e0.1e58.e792    Designated bridge has priority 32768, address 0060.5cf3.5da4    Designated port is 2, path cost 647    Timers: message age 0, forward delay 0, hold 0    BPDU: sent 0, received 0 Port 6 (Serial0 Frame Relay) of Bridge group 1 is forwarding    Port path cost 647, Port priority 128    Designated root has priority 100, address 00e0.1e58.e792    Designated bridge has priority 100, address 00e0.1e58.e792    Designated port is 12, path cost 0    Timers: message age 2, forward delay 0, hold 0    BPDU: sent 0, received 57 trashman# 

The next portion of the lab involves configuring the beerbelly router so that its Token Ring network can have SNA access to the mainframe H.O.O.V.E.R.2 on the Token Ring network on the wolf router. The SNA application requires a RIF, so you must account for this in your configuration as well. To transport SNA across the WAN, you will use RSRB, primarily because you cannot use DLSw+ in the lab.

Recalling the four-step process for configuring RSRB, you have the following:

Step 1. Enable the use of the RIF, if required, with the router interface command multiring all command.

Step 2. Enable the virtual ring with the source-bridge ring-group virtual_ring command.

Step 3. Configure SRB from the physical ring to the virtual ring.

Step 4. Determine the encapsulation type to use, and configure RSRB. In this exercise, you will use TCP as the encapsulation type.

To create a remote peer for each peer router and one for the local router with TCP as the encapsulation type, use the following global router command:

  source-bridge remote-peer   virtual_ring   tcp   ip_address  [  lf   largest_frame_size  ] [  local-ack  ] 

Before you begin configuring RSRB, you should take the extra time to label a common virtual ring on the diagram and to configure the loopback address for the RSRB peers. Figure 13-46 is a new diagram of the network illustrating the loopback address/interfaces and the common virtual ring of 101.

Figure 13-46. Crime Fighters Network

graphics/13fig46.gif

In this model, the H.O.O.V.E.R.2 mainframe requires a RIF field. Therefore, in Step 1, you must enable the RIF on all Token Ring interfaces with the interface command multiring all. Step 2 calls for configuring a virtual ring. In this model, we have chosen to use a virtual ring of 101. The virtual ring is configured on the wolf and the beerbelly routers with the global command source-bridge ring-group 101. Step 3 involves configuring SRB on the Token Ring interfaces that you want to join to the RSRB group. The configuration for SRB on the beerbelly router resembles the following:

  beerbelly(config-if)#source-bridge 2 1 101  

The source-bridge command on the wolf router resembles the following:

 wolf(config-if)#source-bridge 1 1 101 

Example 13-50 shows the source-route bridge configuration of beerbelly.

Example 13-50 Configuration of beerbelly, up to This Point
  hostname beerbelly   !   <<<text omitted>>>   !    source-bridge ring-group 101  graphics/u2190.gif virtual ring   !    interface Loopback20  graphics/u2190.gif Loopback for RSRB peers   ip address 172.16.192.5 255.255.255.252   !  <<<text omitted>>>  !   interface TokenRing0   ip address 172.16.3.1 255.255.255.0   ring-speed 16    multiring all  graphics/u2190.gif RIF enabled    source-bridge 2 1 101  graphics/u2190.gif SRB from Ring 2 to Ring 101  

Step 4 calls for configuring RSRB peers and the transport type. In this model, you are using TCP for the RSRB transport. Therefore, you need to configure one RSRB TCP peer on each local router pointing at itself and one RSRB TCP peer pointing at the other router ”or, more specifically , the other router's loopback address. Example 13-51 illustrates the configuration of RSRB needed on the beerbelly and wolf routers. The RSRB remote-peer statements on beerbelly will match the remote-peer statement on the wolf router exactly. Remember that you always need a remote peer for the local router in RSRB configuration.

Example 13-51 Configuration of the beerbelly Router
  !   source-bridge ring-group 101   source-bridge remote-peer 101 tcp 172.16.192.5   source-bridge remote-peer 101 tcp 172.16.192.1   !  

At this point, the RSRB configuration is operational. To determine the status of the RSRB, use the command show source-bridge. Example 13-52 displays the status of the RSRB on the wolf router. If the RSRB has detected traffic, it should be in an "open" state.

Example 13-52 Viewing the RSRB on the wolf Router
 wolf#  show source-bridge  Local Interfaces:                           receive     transmit              srn bn  trn r p s n  max hops     cnt         cnt        drops To0            1  1  101 *   b    7  7  7       40           0          0 Global RSRB Parameters:  TCP Queue Length maximum: 100 Ring Group 101:   This TCP peer: 172.16.192.1    Maximum output TCP queue length, per peer: 100   Peers:                 state     bg lv  pkts_rx  pkts_tx  expl_gn   drops TCP    TCP 172.16.192.1      -             3        0        0        0       0   0  TCP 172.16.192.5      open          3        0        4        2       0   0  Rings:    bn: 1  rn: 1    local  ma: 4007.781a.e789 TokenRing0             fwd: 0    bn: 1  rn: 2    remote ma: 4000.30b1.270a TCP 172.16.192.5       fwd: 0 Explorers: ------- input -------             ------- output -------          spanning  all-rings     total      spanning  all-rings     total To0             0         40        40             0          0         0   Explorer fastswitching enabled   Local switched: 40        flushed 0         max Bps 38400          rings      inputs         bursts         throttles     output drops            To0          40              0                 0                0 wolf# 

When the RSRB is up and operational, apply the filter to it. In this model, you want to prevent the RSRB from transporting NetBIOS. To filter NetBIOS on the RSRB, you need to configure a SAP filter, denying SAP 0xf0. Because there is an implicit deny for all SAPs, you must add another line to override this. You then can apply the SAP filter to the RSRB with the command rsrb remote-peer lsap-output-list. Example 13-53 lists the relevant portions of the configuration from the wolf router.

Example 13-53 Filtering SAP on a RSRB
   rsrb remote-peer 101 tcp 172.16.192.5 lsap-output-list 201  graphics/u2190.gif filter to peer   172.16.192.5   !    access-list 201 deny   0xF0F0 0x0000  graphics/u2190.gif Deny NETBIOS    access-list 201 permit 0x0000 0xFFFF  graphics/u2190.gif Permit all SAPs   !  

The final portion of this lab involves configuring a static RIF on the beerbelly router. The RIF that you need to configure is the following:

 MAC = 0101.0027.0081; RING2-BRIDGE9-RING50-BRIDGE5-RING52-BRIDGE13-RING7 

Recall from the previous section that a static RIF is built from left to right. The first byte in our static RIF will be 0a30.

The first two bits, from left to right again, equal 00. This sets the explorer type to be a specific routes explorer. You want to use this explorer type because this is a static RIF. The bit 3 is set to 0, and it is reserved. The next five bits set the length of the RIF in bytes. In this example, the RIF is 10 bytes, or 0x0a. The next bit, the D or direction bit, is set to 0, indicating that the RIF is read from left to right, or forward. The next three bits are set to 011, which sets the frame size to be 4472, the Cisco maximum. The last four bits are reserved.

The RD fields, the next 4 bytes, break down rather easily: The next four bytes, 0029, 0325, 0034d, and 0070, are the four 16-bit RD fields. The first three bits of each byte are the ring number in hexadecimal format. The last bit is the ring number in hexadecimal format. For the RIF in this example, you have the following:

RING2 to BRIDGE9 = 0029

RING50 to BRIDGE5 = 0325

RING52 to BRIDGE13 = 034d

RING7 to BRIDGE0 = 0070

A bridge of 0 tells the SRB to terminate the RIF and that no more bridges follow the ring. Example 13-54 demonstrates the configuration of the static RIF on the beerbelly router, followed by the show rif command.

Example 13-54 Configuring and Viewing a Static RIF
 beerbelly#  conf t  Enter configuration commands, one per line.  End with CNTL/Z. beerbelly(config)#  rif 0101.0027.0081 0a30.0029.0325.034d.0070 to0  beerbelly(config)#  exit  beerbelly#  show rif  Codes: * interface, - static, + remote Dst HW Addr    Src HW Addr    How   Idle(min) Vlan Routing Information Field  0101.0027.0081 N/A            To0         -      - 0A30.0029.0325.034D.0070  0000.30b1.270a N/A            To0         *      - - beerbelly# 

Example 13-55 shows the complete configurations used in this lab.

Example 13-55 Final Configuration Listings
  hostname wolf   !   source-bridge ring-group 101   source-bridge remote-peer 101 tcp 172.16.192.1   source-bridge remote-peer 101 tcp 172.16.192.5   rsrb remote-peer 101 tcp 172.16.192.5 lsap-output-list 201   !   interface Loopback20   ip address 172.16.192.1 255.255.255.252   no ip directed-broadcast   !   interface Ethernet0   ip address 172.16.55.1 255.255.255.0   no ip directed-broadcast   media-type 10BaseT   bridge-group 1   !  <<<text omitted>>>  !   interface Serial0   no ip address   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache   logging event subif-link-status   logging event dlci-status-change   frame-relay lmi-type cisco   !   interface Serial0.1 multipoint   ip address 172.16.1.1 255.255.255.0   no ip directed-broadcast   no ip split-horizon eigrp 2001   frame-relay map bridge 130 broadcast   frame-relay map bridge 110 broadcast   frame-relay map ip 172.16.1.5 110 broadcast   frame-relay map ip 172.16.1.6 130 broadcast   bridge-group 1   !   interface Serial0.2 point-to-point   ip address 172.16.2.1 255.255.255.0   no ip directed-broadcast   frame-relay interface-dlci 180   !  <<<text omitted>>>  !   interface TokenRing0   ip address 172.16.35.1 255.255.255.0   no ip directed-broadcast   ring-speed 16   multiring all   source-bridge 1 1 101   !   router eigrp 2001   passive-interface Ethernet0   network 172.16.0.0   no auto-summary   !  <<<text omitted>>>  !   access-list 201 deny   0xF0F0 0x0000   access-list 201 permit 0x0000 0xFFFF   !   bridge 1 protocol ieee   bridge 1 priority 100  _______________________________________________________________________  hostname lone_rhino   !  <<<text omitted>>>  !   interface Ethernet0   ip address 172.16.5.1 255.255.255.0   bridge-group 1   !   interface Serial0   ip address 172.16.1.5 255.255.255.0   encapsulation frame-relay   frame-relay map bridge 111 broadcast   frame-relay map ip 172.16.1.6 111 broadcast   frame-relay map ip 172.16.1.1 111 broadcast   bridge-group 1   !  <<<text omitted>>>  !   router eigrp 2001   network 172.16.0.0   no auto-summary   !  <<<text omitted>>>  !   bridge 1 protocol ieee  _______________________________________________________________________  hostname trashman   !  <<<text omitted>>>  !   interface Ethernet0   ip address 172.16.6.1 255.255.255.0   no ip directed-broadcast   bridge-group 1   !   interface Serial0   ip address 172.16.1.6 255.255.255.0   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache   frame-relay map bridge 131 broadcast   frame-relay map ip 172.16.1.5 131 broadcast   frame-relay map ip 172.16.1.1 131 broadcast   frame-relay lmi-type cisco   bridge-group 1   !  <<<text omitted>>>  !   router eigrp 2001   network 172.16.0.0   no auto-summary   !  <<<text omitted>>>  !   bridge 1 protocol ieee  _______________________________________________________________________  hostname beerbelly   !   !   rif 0101.0027.0081 0A30.0029.0325.034D.0070 TokenRing0   !  <<<text omitted>>>  !   source-bridge ring-group 101   source-bridge remote-peer 101 tcp 172.16.192.5   source-bridge remote-peer 101 tcp 172.16.192.1   rsrb remote-peer 101 tcp 172.16.192.1 lsap-output-list 201   !   interface Loopback20   ip address 172.16.192.5 255.255.255.252   !   interface Serial0   ip address 172.16.2.2 255.255.255.0   encapsulation frame-relay   frame-relay interface-dlci 181   frame-relay lmi-type cisco   !  <<<text omitted>>>  !   interface TokenRing0   ip address 172.16.3.1 255.255.255.0   ring-speed 16   multiring all   source-bridge 2 1 101   !  <<<text omitted>>>  !   router eigrp 2001   network 172.16.0.0   no auto-summary   !  <<<text omitted>>>  !   access-list 201 deny   0xF0F0 0x0000   access-list 201 permit 0x0000 0xFFFF  
 <  Free Open Study  >  


CCIE Practical Studies, Volume I
CCIE Practical Studies, Volume I
ISBN: 1587200023
EAN: 2147483647
Year: 2001
Pages: 283
Authors: Karl Solie

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net