< Free Open Study > |
Lab 26: Transparent Bridging, Remote Source-Route Bridging, LSAP Filtering ”Part IILab WalkthroughConfigure the Frame Relay switch and attach the four routers in a back-to-back manner to the Frame switch. Use V.35 cables or CSU/DSUs with crossover cables to connect the routers. Create the three Ethernet LANs and two Token Ring LANs by the use of switches or hubs/MAUs, as illustrated in Figure 13-45. When the physical connections are complete, assign IP addresses to all LAN and WAN interfaces, as depicted in Chapter 11, "Hybrid: Enhanced Interior Gateway Routing Protocol (EGIRP)." Example 13-44 Frame Relay and EIGRP Configurations of wolf, lone_rhino, and beerbellyhostname wolf ! <<<text omitted>>> ! interface Serial0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache logging event subif-link-status logging event dlci-status-change frame-relay lmi-type cisco ! interface Serial0.1 multipoint ip address 172.16.1.1 255.255.255.0 no ip directed-broadcast no ip split-horizon eigrp 2001 Split horizon disabled frame-relay map ip 172.16.1.5 110 broadcast Map statement to lone_rhino frame-relay map ip 172.16.1.6 130 broadcast Map statement to trashman ! interface Serial0.2 point-to-point ip address 172.16.2.1 255.255.255.0 no ip directed-broadcast frame-relay interface-dlci 180 Inverse ARP ! <<<text omitted>>> ! router eigrp 2001 Routing EIGRP passive-interface Ethernet0 network 172.16.0.0 no auto-summary ! _______________________________________________________________________ hostname lone_rhino ! <<<text omitted>>> ! interface Serial0 ip address 172.16.1.5 255.255.255.0 encapsulation frame-relay frame-relay map ip 172.16.1.6 111 broadcast Map statement to trashman frame-relay map ip 172.16.1.1 111 broadcast Map statement to wolf ! <<<text omitted>>> ! router eigrp 2001 Routing EIGRP network 172.16.0.0 no auto-summary ! _______________________________________________________________________ hostname trashman ! <<<text omitted>>> ! interface Serial0 ip address 172.16.1.6 255.255.255.0 no ip directed-broadcast encapsulation frame-relay no ip mroute-cache frame-relay map ip 172.16.1.5 131 broadcast Map statement to lone_rhino frame-relay map ip 172.16.1.1 131 broadcast Map statement to wolf frame-relay lmi-type cisco ! <<<text omitted>>> ! router eigrp 2001 Routing EIGRP network 172.16.0.0 no auto-summary ! _______________________________________________________________________ hostname beerbelly ! <<<text omitted>>> ! interface Serial0 ip address 172.16.2.2 255.255.255.0 encapsulation frame-relay frame-relay interface-dlci 181 frame-relay lmi-type cisco ! <<<text omitted>>> ! router eigrp 2001 network 172.16.0.0 no auto-summary ! After the Frame Relay network is configured and you have full IP reachability, you can begin to configure the bridging environment. Your first task is to configure transparent bridging between the Ethernet segments of the wolf, lone_rhino, and trashman routers. You also must set the root of the Spanning Tree to be the wolf router. To accomplish this, you can follow this three-step configuration task list:
Beginning with Step 1, use the router command bridge-group 1 protocol ieee to create the bridge group on all the routers that you want to configure transparent bridging on. Step 2 involves assigning the physical or logical interfaces to the bridge group that you created. This is done with the interface command bridge-group 1. On Frame Relay multipoint interfaces, such as the S0.1 interface on wolf and the s0 interfaces on lone_rhino and trashman, you need to configure a frame-relay map bridge statement. Example 13-45 demonstrates Steps 1 and 2 being performed on the wolf router. Example 13-45 Transparent Bridging Configuration on the wolf Routerwolf(config)# bridge 1 protocol ieee wolf(config)# interface ethernet 0 wolf(config-if)# bridge-group 1 wolf(config)# interface serial 0.1 wolf(config-subif)# bridge-group 1 wolf(config-subif)# frame-relay map bridge 110 broadcast wolf(config-subif)# frame-relay map bridge 130 broadcast wolf(config-subif)# Example 13-46 demonstrates the transparent bridging configuration on the lone_rhino router. Example 13-46 Transparent Bridging Configuration on the lone_rhino Routerlone_rhino(config)# bridge 1 protocol ieee lone_rhino(config)# interface e0 lone_rhino(config-if)# bridge-group 1 lone_rhino(config-if)# exit lone_rhino(config)# interface s0 lone_rhino(config-if)# bridge-group 1 lone_rhino(config-if)# frame-relay map bridge 111 broadcast The configuration for transparent bridging on the trashman is nearly identical to the configuration on the lone_rhino router. The frame-relay map statement for the trashman router would read frame-relay map bridge 131 broadcast. At this point, transparent bridging is working. You can determine the status of the bridge with the show bridge command, as shown in Example 13-47. Example 13-47 Viewing the Status of the Transparent Bridge trashman# show bridge Total of 300 station blocks, 295 free Codes: P - permanent, S - self Bridge Group 1: Address Action Interface Age RX count TX count 0060.5cf3.5e65 forward Ethernet0 0 44 0 0050.5475.e1ad forward Serial0 0 10 0 0000.8108.caae forward Serial0 0 20 0 0000.863c.3b41 forward Serial0 3 2 0 00e0.b05a.66e4 forward Serial0 3 1 0 trashman# The bridge should start displaying MAC address and should be forwarding out the serial and Ethernet interfaces. If you are not seeing this, ensure that the Frame Relay and Ethernet interfaces are all in the same bridge group. Also be sure that you have frame-relay map statements for the bridge. Step 3 calls for configuration of the root of Spanning Tree to be the wolf router. This model might not be the same for yours; the root of Spanning Tree is the trashman router. To check which router is the current root, use the show spanning-tree command . Example 13-48 demonstrates this command on the trashman router. Notice that trashman is the current root for STP. Example 13-48 Viewing STP on the trashman Routertrashman# show spanning-tree Bridge group 1 is executing the IEEE compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 0060.5cf3.5da4 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Port Number size is 9 Topology change flag not set, detected flag not set Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 1, topology change 0, notification 0 bridge aging time 300 Port 2 (Ethernet0) of Bridge group 1 is forwarding Port path cost 100, Port priority 128 Designated root has priority 32768, address 0060.5cf3.5da4 Designated bridge has priority 32768, address 0060.5cf3.5da4 Designated port is 2, path cost 0 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, received 0 Port 6 (Serial0 Frame Relay) of Bridge group 1 is forwarding Port path cost 647, Port priority 128 Designated root has priority 32768, address 0060.5cf3.5da4 Designated bridge has priority 32768, address 0060.5cf3.5da4 Designated port is 6, path cost 0 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, received 0 trashman# To change the root so that it resides on the wolf router, use the following global command on the wolf router: wolf(config)# bridge 1 priority 100 By viewing STP on the trashman router as demonstrated in Example 13-49, you can see that the root is now the wolf router and that the priority has been changed to 100. Example 13-49 Viewing STP on the trashman Routertrashman# show spanning-tree Bridge group 1 is executing the IEEE compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 0060.5cf3.5da4 Configured hello time 2, max age 20, forward delay 15 Current root has priority 100, address 00e0.1e58.e792 Root port is 6 (Serial0), cost of root path is 647 Port Number size is 9 Topology change flag not set, detected flag not set Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0 bridge aging time 300 Port 2 (Ethernet0) of Bridge group 1 is forwarding Port path cost 100, Port priority 128 Designated root has priority 100, address 00e0.1e58.e792 Designated bridge has priority 32768, address 0060.5cf3.5da4 Designated port is 2, path cost 647 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, received 0 Port 6 (Serial0 Frame Relay) of Bridge group 1 is forwarding Port path cost 647, Port priority 128 Designated root has priority 100, address 00e0.1e58.e792 Designated bridge has priority 100, address 00e0.1e58.e792 Designated port is 12, path cost 0 Timers: message age 2, forward delay 0, hold 0 BPDU: sent 0, received 57 trashman# The next portion of the lab involves configuring the beerbelly router so that its Token Ring network can have SNA access to the mainframe H.O.O.V.E.R.2 on the Token Ring network on the wolf router. The SNA application requires a RIF, so you must account for this in your configuration as well. To transport SNA across the WAN, you will use RSRB, primarily because you cannot use DLSw+ in the lab. Recalling the four-step process for configuring RSRB, you have the following:
Before you begin configuring RSRB, you should take the extra time to label a common virtual ring on the diagram and to configure the loopback address for the RSRB peers. Figure 13-46 is a new diagram of the network illustrating the loopback address/interfaces and the common virtual ring of 101. Figure 13-46. Crime Fighters Network
In this model, the H.O.O.V.E.R.2 mainframe requires a RIF field. Therefore, in Step 1, you must enable the RIF on all Token Ring interfaces with the interface command multiring all. Step 2 calls for configuring a virtual ring. In this model, we have chosen to use a virtual ring of 101. The virtual ring is configured on the wolf and the beerbelly routers with the global command source-bridge ring-group 101. Step 3 involves configuring SRB on the Token Ring interfaces that you want to join to the RSRB group. The configuration for SRB on the beerbelly router resembles the following: beerbelly(config-if)#source-bridge 2 1 101 The source-bridge command on the wolf router resembles the following: wolf(config-if)#source-bridge 1 1 101 Example 13-50 shows the source-route bridge configuration of beerbelly. Example 13-50 Configuration of beerbelly, up to This Pointhostname beerbelly ! <<<text omitted>>> ! source-bridge ring-group 101 virtual ring ! interface Loopback20 Loopback for RSRB peers ip address 172.16.192.5 255.255.255.252 ! <<<text omitted>>> ! interface TokenRing0 ip address 172.16.3.1 255.255.255.0 ring-speed 16 multiring all RIF enabled source-bridge 2 1 101 SRB from Ring 2 to Ring 101 Step 4 calls for configuring RSRB peers and the transport type. In this model, you are using TCP for the RSRB transport. Therefore, you need to configure one RSRB TCP peer on each local router pointing at itself and one RSRB TCP peer pointing at the other router ”or, more specifically , the other router's loopback address. Example 13-51 illustrates the configuration of RSRB needed on the beerbelly and wolf routers. The RSRB remote-peer statements on beerbelly will match the remote-peer statement on the wolf router exactly. Remember that you always need a remote peer for the local router in RSRB configuration. Example 13-51 Configuration of the beerbelly Router! source-bridge ring-group 101 source-bridge remote-peer 101 tcp 172.16.192.5 source-bridge remote-peer 101 tcp 172.16.192.1 ! At this point, the RSRB configuration is operational. To determine the status of the RSRB, use the command show source-bridge. Example 13-52 displays the status of the RSRB on the wolf router. If the RSRB has detected traffic, it should be in an "open" state. Example 13-52 Viewing the RSRB on the wolf Routerwolf# show source-bridge Local Interfaces: receive transmit srn bn trn r p s n max hops cnt cnt drops To0 1 1 101 * b 7 7 7 40 0 0 Global RSRB Parameters: TCP Queue Length maximum: 100 Ring Group 101: This TCP peer: 172.16.192.1 Maximum output TCP queue length, per peer: 100 Peers: state bg lv pkts_rx pkts_tx expl_gn drops TCP TCP 172.16.192.1 - 3 0 0 0 0 0 TCP 172.16.192.5 open 3 0 4 2 0 0 Rings: bn: 1 rn: 1 local ma: 4007.781a.e789 TokenRing0 fwd: 0 bn: 1 rn: 2 remote ma: 4000.30b1.270a TCP 172.16.192.5 fwd: 0 Explorers: ------- input ------- ------- output ------- spanning all-rings total spanning all-rings total To0 0 40 40 0 0 0 Explorer fastswitching enabled Local switched: 40 flushed 0 max Bps 38400 rings inputs bursts throttles output drops To0 40 0 0 0 wolf# When the RSRB is up and operational, apply the filter to it. In this model, you want to prevent the RSRB from transporting NetBIOS. To filter NetBIOS on the RSRB, you need to configure a SAP filter, denying SAP 0xf0. Because there is an implicit deny for all SAPs, you must add another line to override this. You then can apply the SAP filter to the RSRB with the command rsrb remote-peer lsap-output-list. Example 13-53 lists the relevant portions of the configuration from the wolf router. Example 13-53 Filtering SAP on a RSRBrsrb remote-peer 101 tcp 172.16.192.5 lsap-output-list 201 filter to peer 172.16.192.5 ! access-list 201 deny 0xF0F0 0x0000 Deny NETBIOS access-list 201 permit 0x0000 0xFFFF Permit all SAPs ! The final portion of this lab involves configuring a static RIF on the beerbelly router. The RIF that you need to configure is the following: MAC = 0101.0027.0081; RING2-BRIDGE9-RING50-BRIDGE5-RING52-BRIDGE13-RING7 Recall from the previous section that a static RIF is built from left to right. The first byte in our static RIF will be 0a30. The first two bits, from left to right again, equal 00. This sets the explorer type to be a specific routes explorer. You want to use this explorer type because this is a static RIF. The bit 3 is set to 0, and it is reserved. The next five bits set the length of the RIF in bytes. In this example, the RIF is 10 bytes, or 0x0a. The next bit, the D or direction bit, is set to 0, indicating that the RIF is read from left to right, or forward. The next three bits are set to 011, which sets the frame size to be 4472, the Cisco maximum. The last four bits are reserved. The RD fields, the next 4 bytes, break down rather easily: The next four bytes, 0029, 0325, 0034d, and 0070, are the four 16-bit RD fields. The first three bits of each byte are the ring number in hexadecimal format. The last bit is the ring number in hexadecimal format. For the RIF in this example, you have the following:
A bridge of 0 tells the SRB to terminate the RIF and that no more bridges follow the ring. Example 13-54 demonstrates the configuration of the static RIF on the beerbelly router, followed by the show rif command. Example 13-54 Configuring and Viewing a Static RIFbeerbelly# conf t Enter configuration commands, one per line. End with CNTL/Z. beerbelly(config)# rif 0101.0027.0081 0a30.0029.0325.034d.0070 to0 beerbelly(config)# exit beerbelly# show rif Codes: * interface, - static, + remote Dst HW Addr Src HW Addr How Idle(min) Vlan Routing Information Field 0101.0027.0081 N/A To0 - - 0A30.0029.0325.034D.0070 0000.30b1.270a N/A To0 * - - beerbelly# Example 13-55 shows the complete configurations used in this lab. Example 13-55 Final Configuration Listingshostname wolf ! source-bridge ring-group 101 source-bridge remote-peer 101 tcp 172.16.192.1 source-bridge remote-peer 101 tcp 172.16.192.5 rsrb remote-peer 101 tcp 172.16.192.5 lsap-output-list 201 ! interface Loopback20 ip address 172.16.192.1 255.255.255.252 no ip directed-broadcast ! interface Ethernet0 ip address 172.16.55.1 255.255.255.0 no ip directed-broadcast media-type 10BaseT bridge-group 1 ! <<<text omitted>>> ! interface Serial0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache logging event subif-link-status logging event dlci-status-change frame-relay lmi-type cisco ! interface Serial0.1 multipoint ip address 172.16.1.1 255.255.255.0 no ip directed-broadcast no ip split-horizon eigrp 2001 frame-relay map bridge 130 broadcast frame-relay map bridge 110 broadcast frame-relay map ip 172.16.1.5 110 broadcast frame-relay map ip 172.16.1.6 130 broadcast bridge-group 1 ! interface Serial0.2 point-to-point ip address 172.16.2.1 255.255.255.0 no ip directed-broadcast frame-relay interface-dlci 180 ! <<<text omitted>>> ! interface TokenRing0 ip address 172.16.35.1 255.255.255.0 no ip directed-broadcast ring-speed 16 multiring all source-bridge 1 1 101 ! router eigrp 2001 passive-interface Ethernet0 network 172.16.0.0 no auto-summary ! <<<text omitted>>> ! access-list 201 deny 0xF0F0 0x0000 access-list 201 permit 0x0000 0xFFFF ! bridge 1 protocol ieee bridge 1 priority 100 _______________________________________________________________________ hostname lone_rhino ! <<<text omitted>>> ! interface Ethernet0 ip address 172.16.5.1 255.255.255.0 bridge-group 1 ! interface Serial0 ip address 172.16.1.5 255.255.255.0 encapsulation frame-relay frame-relay map bridge 111 broadcast frame-relay map ip 172.16.1.6 111 broadcast frame-relay map ip 172.16.1.1 111 broadcast bridge-group 1 ! <<<text omitted>>> ! router eigrp 2001 network 172.16.0.0 no auto-summary ! <<<text omitted>>> ! bridge 1 protocol ieee _______________________________________________________________________ hostname trashman ! <<<text omitted>>> ! interface Ethernet0 ip address 172.16.6.1 255.255.255.0 no ip directed-broadcast bridge-group 1 ! interface Serial0 ip address 172.16.1.6 255.255.255.0 no ip directed-broadcast encapsulation frame-relay no ip mroute-cache frame-relay map bridge 131 broadcast frame-relay map ip 172.16.1.5 131 broadcast frame-relay map ip 172.16.1.1 131 broadcast frame-relay lmi-type cisco bridge-group 1 ! <<<text omitted>>> ! router eigrp 2001 network 172.16.0.0 no auto-summary ! <<<text omitted>>> ! bridge 1 protocol ieee _______________________________________________________________________ hostname beerbelly ! ! rif 0101.0027.0081 0A30.0029.0325.034D.0070 TokenRing0 ! <<<text omitted>>> ! source-bridge ring-group 101 source-bridge remote-peer 101 tcp 172.16.192.5 source-bridge remote-peer 101 tcp 172.16.192.1 rsrb remote-peer 101 tcp 172.16.192.1 lsap-output-list 201 ! interface Loopback20 ip address 172.16.192.5 255.255.255.252 ! interface Serial0 ip address 172.16.2.2 255.255.255.0 encapsulation frame-relay frame-relay interface-dlci 181 frame-relay lmi-type cisco ! <<<text omitted>>> ! interface TokenRing0 ip address 172.16.3.1 255.255.255.0 ring-speed 16 multiring all source-bridge 2 1 101 ! <<<text omitted>>> ! router eigrp 2001 network 172.16.0.0 no auto-summary ! <<<text omitted>>> ! access-list 201 deny 0xF0F0 0x0000 access-list 201 permit 0x0000 0xFFFF |
< Free Open Study > |