快速鍵:
1.Ctrl+A:把游標快速移動到整行的最開始
2.Ctrl+E:把游標快速移動到整行的最末尾
3.Esc+F:前進1個單詞
4.Esc+B:後退1個單詞
5.Ctrl+F:前進1個字元
6.Ctrl+B:後退1個字元
7.Ctrl+D:刪除單獨1個字元
8.Backspace:刪除單獨1個字元
9.Ctrl+R:重新顯示1行
10.Ctrl+U:擦除1整行
11.Ctrl+W:刪除1個單詞
12. Ctrl+Z從全局模式退出到特權模式
13.Up arrow或者Ctrl+P:顯示之前最後輸入過的命令
14.Down arrow或者Ctrl+N:顯示之前剛剛輸入過的命令
2013/07/22
2013/07/21
INE R&S ATC042 - Reliable Backup Interface with GRE
debug tunnel keepalive
GRE / IP Protocol Number 47
IPv6 / IP Protocol Number 41
IP in IP / IP Protocol Number 4
R5可使用Tuunel當成Reliable Interface...主線從FR建Tunnel至R4.....備援走R4
R5連R4
int tunnel 45
backup interface serial 0/1/0
ip route 0.0.0.0 0.0.0.0 tunnel 45
ip route 0.0.0.0 0.0.0.0 serial 0/1/0 10
------------------------------------------------------------------------------------------------------
Google: ip protocol number
Protocol Numbers
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
INE R&S ATC041 - GRE Tunneling, GRE Recursive Routing Errors
GRE Tunneling
• Generic Routing Encapsulation
– IP Protocol 47
• Used to transport payload protocols over IPv4 network
– IPv4
– IPv6
– CLNS
– Etc.
GRE Tunneling
• Create tunnel interface
– interface tunnel [number]
• Define source and destination
– tunnel source [ip | interface]
– tunnel destination [ip]
• Apply payload protocols
– ip address…
– ipv6 address…
• Optional keepalive
– keepalive
GRE Recursive Failure
• Tunnel destination must not recurse to the tunnel interface itself
– 1.2.3.4 via Tunnel0
– Tunnel0 via 1.2.3.4
• IOS detects this and disables the interface
– %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
• Can happen due to metric or distance errors
--------------------------------------------------------------------------------------------------------
• Generic Routing Encapsulation
– IP Protocol 47
• Used to transport payload protocols over IPv4 network
– IPv4
– IPv6
– CLNS
– Etc.
GRE Tunneling
• Create tunnel interface
– interface tunnel [number]
• Define source and destination
– tunnel source [ip | interface]
– tunnel destination [ip]
• Apply payload protocols
– ip address…
– ipv6 address…
• Optional keepalive
– keepalive
GRE Recursive Failure
• Tunnel destination must not recurse to the tunnel interface itself
– 1.2.3.4 via Tunnel0
– Tunnel0 via 1.2.3.4
• IOS detects this and disables the interface
– %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
• Can happen due to metric or distance errors
--------------------------------------------------------------------------------------------------------
2013/07/19
INE R&S ATC040- Policy Routing
Policy Routing
• Normal routing is destination based
• Policy routing can decide based on…
– Source
– Destination
– Protocol type (FTP, HTTP, etc.)
– Incoming interface
Policy Routing
• Traffic criteria defined by route-map “match”
– Permit means to policy route
– Deny means to use normal forwarding
– match [interface | ip address | …]
• Action defined by route-map “set”
– set ip [default] next-hop
– set [default] interface
Policy Routing
• Apply to incoming traffic
– ip policy route-map [route-map]
• Apply to locally originated traffic
– ip local policy route-map [route-map]
– Older versions don’t have control plane check
----------------------------------------------------------------------------
PBR範例為:
正常路徑 SW4->SW2->R5->R3->SW1
希望路徑 SW4->SW2->R5->R4->R6->SW1
R5做PBR設定:
access-list 100 permit icmp any any echo
route-map PBR permit 10
match ip address 100
set ip next-hop 155.10.45.4 or set ip interface serial 0/1/0
int fa0/0
ip policy route-map PBR
show route-map
debug ip policy
next-hop 要設定在 ip address 或是P2P interface上...避免在NBMA介面上
----------------------------------------------------------------------------
PBR搭配IP SLA
• Normal routing is destination based
• Policy routing can decide based on…
– Source
– Destination
– Protocol type (FTP, HTTP, etc.)
– Incoming interface
Policy Routing
• Traffic criteria defined by route-map “match”
– Permit means to policy route
– Deny means to use normal forwarding
– match [interface | ip address | …]
• Action defined by route-map “set”
– set ip [default] next-hop
– set [default] interface
Policy Routing
• Apply to incoming traffic
– ip policy route-map [route-map]
• Apply to locally originated traffic
– ip local policy route-map [route-map]
– Older versions don’t have control plane check
----------------------------------------------------------------------------
PBR範例為:
正常路徑 SW4->SW2->R5->R3->SW1
希望路徑 SW4->SW2->R5->R4->R6->SW1
R5做PBR設定:
access-list 100 permit icmp any any echo
route-map PBR permit 10
match ip address 100
set ip next-hop 155.10.45.4 or set ip interface serial 0/1/0
int fa0/0
ip policy route-map PBR
show route-map
debug ip policy
next-hop 要設定在 ip address 或是P2P interface上...避免在NBMA介面上
----------------------------------------------------------------------------
PBR搭配IP SLA
INE R&S ATC039 - Enhanced Object Tracking, IP SLA, Reliable Static Routing
Enhanced Object Tracking
• What if line protocol up status does not indicate reachability?
– NBMA interfaces, Metro Ethernet, etc.
• EOT adds more reliable tracking such as
– Route entry, route metric, IP SLA, EEM, etc.
• EOT can integrate with
– Static routing, policy routing, FHRPs, etc.
• Configuration
– track [number] [interface | ip | list | …]
------------------------------------------------------------------------------
Cisco IOS Software Releases 12.4 T - Configuration Guides - IP
IP Application Services Configuration Guide, Cisco IOS Release 12.4T
Configuring Enhanced Object Tracking
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-eot.html
Cisco IOS Software Releases 12.4 T - Configuration Guides - IP
First Hop Redundancy Protocols Configuration Guide, Cisco IOS Release 12.4T
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4t/fhp-12-4t-book.html
Cisco IOS Software Releases 12.4 T - Configuration Guides - Network Management
IP SLAs Configuration Guide, Cisco IOS Release 12.4T
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/12-4t/sla-12-4t-book.html
------------------------------------------------------------------------------
設定範例:
• What if line protocol up status does not indicate reachability?
– NBMA interfaces, Metro Ethernet, etc.
• EOT adds more reliable tracking such as
– Route entry, route metric, IP SLA, EEM, etc.
• EOT can integrate with
– Static routing, policy routing, FHRPs, etc.
• Configuration
– track [number] [interface | ip | list | …]
------------------------------------------------------------------------------
Cisco IOS Software Releases 12.4 T - Configuration Guides - IP
IP Application Services Configuration Guide, Cisco IOS Release 12.4T
Configuring Enhanced Object Tracking
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-eot.html
Cisco IOS Software Releases 12.4 T - Configuration Guides - IP
First Hop Redundancy Protocols Configuration Guide, Cisco IOS Release 12.4T
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4t/fhp-12-4t-book.html
Cisco IOS Software Releases 12.4 T - Configuration Guides - Network Management
IP SLAs Configuration Guide, Cisco IOS Release 12.4T
http://www.cisco.com/en/US/docs/ios-xml/ios/ipsla/configuration/12-4t/sla-12-4t-book.html
------------------------------------------------------------------------------
設定範例:
INE R&S ATC038 - Backup Interface
Backup Interface
• Tracks line protocol of “primary” interface
– If line protocol is up, “backup” interface is in standby
– If line protocol is down, “backup” interface is active
• Configuration
– backup [interface | load | delay]
– Placed on the primary interface
• What causes the line protocol to go down?
--------------------------------------------------------------------
範例為使用R5 S0/0/0(Frame-Relay)為主要的線路...S0/1/0為備援線路
• Tracks line protocol of “primary” interface
– If line protocol is up, “backup” interface is in standby
– If line protocol is down, “backup” interface is active
• Configuration
– backup [interface | load | delay]
– Placed on the primary interface
• What causes the line protocol to go down?
--------------------------------------------------------------------
範例為使用R5 S0/0/0(Frame-Relay)為主要的線路...S0/1/0為備援線路
INE R&S ATC037 - Floating Static Routes
Floating Static Routes
• Static route with higher administrative distance used to backup another route
• Routes must be of equal longest match
• Static route with higher administrative distance used to backup another route
• Routes must be of equal longest match
INE R&S ATC036 - On-Demand Routing (ODR)
On Demand Routing
• Uses CDP to advertise directly connected networks to “hub” router
– Hub router advertises default route to “stub” router via CDP
– No routing protocols allowed on stub router
• Configuration on Hub
– router odr
------------------------------------------------------------------------------------
R5當成 Hub, 啟動 router odr
因為R5使用 Main Multipoint Frame-Relay interface...預設cdp disable...要下cdp enable開啟
其他路由器 - 使用Frame-Relay Subinterface...預設cdp enable
Hub 會收到 stub 路由器所有direct connection介面的路由...代號為 o , AD值預設為 160
Stub 會收到一筆 default gateway的路由...代號為 o , AD值預設為 160
以下為網路上 copy 來的 stub2 範例...
• Uses CDP to advertise directly connected networks to “hub” router
– Hub router advertises default route to “stub” router via CDP
– No routing protocols allowed on stub router
• Configuration on Hub
– router odr
------------------------------------------------------------------------------------
R5當成 Hub, 啟動 router odr
因為R5使用 Main Multipoint Frame-Relay interface...預設cdp disable...要下cdp enable開啟
其他路由器 - 使用Frame-Relay Subinterface...預設cdp enable
Hub 會收到 stub 路由器所有direct connection介面的路由...代號為 o , AD值預設為 160
Stub 會收到一筆 default gateway的路由...代號為 o , AD值預設為 160
以下為網路上 copy 來的 stub2 範例...
INE R&S ATC035 - IP Default-Gateway, IP Default-Network
Other Default Routing
• ip default-gateway
– Only when IP routing is off
• ip default-network
– Network flagged as default in routing advertisements
– Must be a classful network that is not directly connected
--------------------------------------------------------------------------
IGRP不支援advertisement 0.0.0.0/0
* Asterisk
下 ip default-network 30.0.0.0 指令的路由器, 必須本身沒有這段網段, 還必須是 classfull network
• ip default-gateway
– Only when IP routing is off
• ip default-network
– Network flagged as default in routing advertisements
– Must be a classful network that is not directly connected
--------------------------------------------------------------------------
IGRP不支援advertisement 0.0.0.0/0
* Asterisk
下 ip default-network 30.0.0.0 指令的路由器, 必須本身沒有這段網段, 還必須是 classfull network
2013/07/18
INE R&S ATC034 - Static Routing Examples
Default Routing
• To a next-hop
– Use the layer 2 address of the next hop for all layer 3 destinations
• To an multipoint interface
– All destinations require layer 3 to layer 2 resolution
– Layer 2 mapping table size problems
• To a point-to-point interface
– No layer 3 to layer 2 resolution required
-------------------------------------------------------
ip route 0.0.0.0 0.0.0.0 fastethernet0/0
需要fa0/0有啟動路由及Proxy ARP功能的設備代回ARP, 才有機會網路能通
ip route 0.0.0.0 0.0.0.0 serial0/0/0
若此介面為NBMA(Frame-Relay)需要設定frame-relay map ip x.x.x.x 501, 才有機會網路能通
show frame-relay map
ip route 0.0.0.0 0.0.0.0 serial0/0/0
若此介面為point-to-point, OK.........
• To a next-hop
– Use the layer 2 address of the next hop for all layer 3 destinations
• To an multipoint interface
– All destinations require layer 3 to layer 2 resolution
– Layer 2 mapping table size problems
• To a point-to-point interface
– No layer 3 to layer 2 resolution required
-------------------------------------------------------
ip route 0.0.0.0 0.0.0.0 fastethernet0/0
需要fa0/0有啟動路由及Proxy ARP功能的設備代回ARP, 才有機會網路能通
ip route 0.0.0.0 0.0.0.0 serial0/0/0
若此介面為NBMA(Frame-Relay)需要設定frame-relay map ip x.x.x.x 501, 才有機會網路能通
show frame-relay map
ip route 0.0.0.0 0.0.0.0 serial0/0/0
若此介面為point-to-point, OK.........
INE R&S ATC033 - IP Routing Overview, Switching Paths, Static Routing
IP Routing Overview
• Three main steps
– Routing
• Find the outgoing interface
– Switching
• Move the packet between interfaces
– Encapsulation
• Build the layer 2 header
The Routing Process
• Find the longest match
– show ip route 1.2.3.4
• 1.0.0.0/8
• 1.2.0.0/16
• 1.2.3.0/24
• Recurse to the outgoing interface
– 1.2.3.4 via 5.6.7.8
– 5.6.7.8 via 9.0.1.2
– 9.0.1.2 via 3.4.5.6
– 3.4.5.6 directly connected, FastEthernet0/0
• Three main steps
– Routing
• Find the outgoing interface
– Switching
• Move the packet between interfaces
– Encapsulation
• Build the layer 2 header
The Routing Process
• Find the longest match
– show ip route 1.2.3.4
• 1.0.0.0/8
• 1.2.0.0/16
• 1.2.3.0/24
• Recurse to the outgoing interface
– 1.2.3.4 via 5.6.7.8
– 5.6.7.8 via 9.0.1.2
– 9.0.1.2 via 3.4.5.6
– 3.4.5.6 directly connected, FastEthernet0/0
INE R&S ATC032 - Fallback Bridging
Fallback Bridging
• Catalyst 3560
– IPv4 & IPv6 routing
– All other protocol stacks must be bridged
• IPX, NetBIOS, CLNS, etc.
• Fallback bridging allows other stacks to be bridged between SVIs and routed interfaces
Configuring Fallback Bridging
• Enable fallback bridge group
– bridge 1 protocol vlan-bridge
• Apply bridge-group to SVI or routed interface
– bridge-group 1
------------------------------------------------------------
• Catalyst 3560
– IPv4 & IPv6 routing
– All other protocol stacks must be bridged
• IPX, NetBIOS, CLNS, etc.
• Fallback bridging allows other stacks to be bridged between SVIs and routed interfaces
Configuring Fallback Bridging
• Enable fallback bridge group
– bridge 1 protocol vlan-bridge
• Apply bridge-group to SVI or routed interface
– bridge-group 1
------------------------------------------------------------
Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(46)SE
Configuring Fallback Bridging
INE R&S ATC031 - Transparent Bridging, IRB
Transparent Bridging Overview
• IOS can route or bridge a protocol, not both
– Router –IP routed by default
– Switch –IP bridged by default
• Transparent bridging subject to normal STP rules
– Only one active path
– Root bridge election
– Root port election
– Designatedport election
Configuring Transparent Bridging
• Disable IP Routing (if bridging IP)
– no iprouting
• Configure transparent bridge group
– bridge 1 protocol ieee
• Apply bridge group to the interface
– bridge-group 1
• Static resolution over multipoint NBMA
– frame-relay map bridge
• IOS can route or bridge a protocol, not both
– Router –IP routed by default
– Switch –IP bridged by default
• Transparent bridging subject to normal STP rules
– Only one active path
– Root bridge election
– Root port election
– Designatedport election
Configuring Transparent Bridging
• Disable IP Routing (if bridging IP)
– no iprouting
• Configure transparent bridge group
– bridge 1 protocol ieee
• Apply bridge group to the interface
– bridge-group 1
• Static resolution over multipoint NBMA
– frame-relay map bridge
2013/07/17
INE R&S ATC030 - PPPoFR, PPPoE
PPP over Frame Relay
• Define PPP interface
– interface virtual-template [num]
• Apply logical options
– Authentication, multilink, IP address, etc.
• Assign to DLCI
– frame-relay interface-dlci[dlci] pppvirtual-template [num]
PPP over EthernetServer
• Define PPP interface
– interface virtual-template [num]
• Apply logical options
– Authentication, multilink, IP address, etc.
• Define BBA Group
– bba-group pppoe[name | global]
– virtual-template [num]
• Bind to link
– pppoe enable group [name| global]
PPP over Ethernet Client
• Define PPP interface
– interface dialer [num]
– encapsulation ppp
– dialer pool [pool]
– dialer group | dialer persistent
• Apply logical options
– Authentication, multilink, IP address, etc.
• Bind to link
– pppoe-client dial-pool-number [pool]
--------------------------------------------------------------------------------
PPPoFR Configuration
(virtual-template永遠都是down/down...要看virtual-access up/up)
(FR能允許Baby Giants...所以互Ping 1500 bytes df-bit enable...可以Ping通,
(但兩邊Serial均看到 0 bytes giants , Brain說要看介面...有些介面可以看的到)
• Define PPP interface
– interface virtual-template [num]
• Apply logical options
– Authentication, multilink, IP address, etc.
• Assign to DLCI
– frame-relay interface-dlci[dlci] pppvirtual-template [num]
PPP over EthernetServer
• Define PPP interface
– interface virtual-template [num]
• Apply logical options
– Authentication, multilink, IP address, etc.
• Define BBA Group
– bba-group pppoe[name | global]
– virtual-template [num]
• Bind to link
– pppoe enable group [name| global]
PPP over Ethernet Client
• Define PPP interface
– interface dialer [num]
– encapsulation ppp
– dialer pool [pool]
– dialer group | dialer persistent
• Apply logical options
– Authentication, multilink, IP address, etc.
• Bind to link
– pppoe-client dial-pool-number [pool]
--------------------------------------------------------------------------------
PPPoFR Configuration
(virtual-template永遠都是down/down...要看virtual-access up/up)
(FR能允許Baby Giants...所以互Ping 1500 bytes df-bit enable...可以Ping通,
(但兩邊Serial均看到 0 bytes giants , Brain說要看介面...有些介面可以看的到)
Cisco Devices Debug Message
logging buffer 512000
======================================================
預設為 logging console 7 (7為debug訊息...表示通通都顯示在console上)
若想 debug 時...
可以下 logging console 6 (6為informational訊息...表示debug訊息我們不想出現在console上)
logging console 6
clear log
debug something
觸發事項...例如 shutdown interface....等等等
show log
想要還原時..........
undebug all
clear log
logging console 7
======================================================
預設為 logging console 7 (7為debug訊息...表示通通都顯示在console上)
若想 debug 時...
可以下 logging console 6 (6為informational訊息...表示debug訊息我們不想出現在console上)
logging console 6
clear log
debug something
觸發事項...例如 shutdown interface....等等等
show log
想要還原時..........
undebug all
clear log
logging console 7
PPP PAP & CHAP 設定及說明
-----------------------------------------------------
PAP
R1 (PAP request authentication 要求需要認證的一方):
int s0/0
encapsulation ppp
ip address 13.0.0.1 255.255.255.0
ppp authentication pap
username BOB password CISCO
R3 (PAP response authentication 回應認證要求的一方):
int s0/0
encapsulation ppp
ip address 13.0.0.3 255.255.255.0
ppp pap sent-username BOB password CISCO
-----------------------------------------------------
PAP
R1 (PAP request authentication 要求需要認證的一方):
int s0/0
encapsulation ppp
ip address 13.0.0.1 255.255.255.0
ppp authentication pap
username BOB password CISCO
R3 (PAP response authentication 回應認證要求的一方):
int s0/0
encapsulation ppp
ip address 13.0.0.3 255.255.255.0
ppp pap sent-username BOB password CISCO
-----------------------------------------------------
INE R&S ATC029 - PPP, PPP PAP Authentication, PPP CHAP Authentication
PPP
• Media independentencapsulation
– Serial, Ethernet, Frame Relay, ATM, etc.
– encapsulation ppp
• Adds features that other layer2 medias don’t natively support
– Authentication
– Multilink
– Fragmentation
– Reliability
PPP Negotiation
• PPP uses Link Control Protocol (LCP) to negotiate higher layer protocols
– Internet Protocol Control Protocol (IPCP)
– IPV6CP
– CDPCP
– Etc.
• Can be used to negotiate
– Address assignment
– Routing information
• Verification
– debug pppnegotiation
• Media independentencapsulation
– Serial, Ethernet, Frame Relay, ATM, etc.
– encapsulation ppp
• Adds features that other layer2 medias don’t natively support
– Authentication
– Multilink
– Fragmentation
– Reliability
PPP Negotiation
• PPP uses Link Control Protocol (LCP) to negotiate higher layer protocols
– Internet Protocol Control Protocol (IPCP)
– IPV6CP
– CDPCP
– Etc.
• Can be used to negotiate
– Address assignment
– Routing information
• Verification
– debug pppnegotiation
2013/07/15
INE R&S ATC028 - Frame-Relay End-to-End Keepalives
Frame Relay End-to-End Keepalives
• End-to-End LMI used to track circuit status by default
– If one side is down, other side should be INACTIVE
• Certain design break end-to-end LMI
– Frame Relay provider handoffs
– Frame Relay over MPLS L2VPN
• Frame Relay EEK adds new keepalive between DTEs
Frame Relay End-to-End Keepalives
• Configuration
– map-class frame-relay [name]
• Not class-map
– frame-relay end-to-end keepalive mode [bidirectional | passive-reply | reply | request]
• If one side replies, other must request
– class [name]
– frame-relay class [name]
• Verification
– show frame-relay pvc
• End-to-End LMI used to track circuit status by default
– If one side is down, other side should be INACTIVE
• Certain design break end-to-end LMI
– Frame Relay provider handoffs
– Frame Relay over MPLS L2VPN
• Frame Relay EEK adds new keepalive between DTEs
Frame Relay End-to-End Keepalives
• Configuration
– map-class frame-relay [name]
• Not class-map
– frame-relay end-to-end keepalive mode [bidirectional | passive-reply | reply | request]
• If one side replies, other must request
– class [name]
– frame-relay class [name]
• Verification
– show frame-relay pvc
INE R&S ATC027 - Back-to-Back Frame Relay
Back-to-BackFrame Relay
• Can be used in place of HDLC or PPP on direct serial connections
• Without a switch no LMI is generated
• Circuit will have DELETED
• Disable LMI through no keepalive
– Circuit becomes STATIC
===================================
• Can be used in place of HDLC or PPP on direct serial connections
• Without a switch no LMI is generated
• Circuit will have DELETED
• Disable LMI through no keepalive
– Circuit becomes STATIC
===================================
INE R&S ATC026 - Frame Relay Switching
Frame Relay Switching
• Enable Frame Relay Switching
– frame-relay switching
• DCE end oflink provides clocking
– clock rate [rate]
– show controllers serial
• Frame Relay Switch is logical DCE
– frame-relay intf-type dce
• Legacy syntax on both links
– frame-relay route [in-DLCI] interface [int] [out-DLCI]
• New syntax globally
– connect [name] [interface-1] [DLCI-1] [interface-2] [DLCI-2]
======================================================
• Enable Frame Relay Switching
– frame-relay switching
• DCE end oflink provides clocking
– clock rate [rate]
– show controllers serial
• Frame Relay Switch is logical DCE
– frame-relay intf-type dce
• Legacy syntax on both links
– frame-relay route [in-DLCI] interface [int] [out-DLCI]
• New syntax globally
– connect [name] [interface-1] [DLCI-1] [interface-2] [DLCI-2]
======================================================
INE R&S ATC025 - Frame Relay Configuration Part 2
我們有三顆Router, R3, R4, R5 ... 雖然跟R1與R2無關....但經過FR Network可能還是有關係
既使R1, R2設定 frame-relay static map.............R3, R4,R5使用frame-relay dynamic map...
但是別忘了R1, R2仍有可能會回應Inverse ARP
INE R&S ATC024 - Frame Relay Configuration Part 1
int s0/0
encapsulation frame-relay
Port / Line Protocol
UP / UP is OK
UP/ DOWN is LMI Problem
DOWN/ DOWN is PHY Problem
show frame-relay lmi
check Num Status Eng. Sent
check Num Status msgs Rcvd.
Num status Timeouts
show frame-relay pvc
show frame-relay pvc | include DLCI
debug frame-relay packet
debug frame-relay enents ------------>顯示Invers ARP的資訊
show frame-relay map
於R2上Ping 12.0.0.2會Ping不到自己............
show frame-relay map......12.0.0.1 dynamic map.....表示是透過Invers ARP學習而來
會發現沒有12.0.0.2
我們可以設定frame-relay map ip 12.0.0.2 201這樣設定靜態的ARP, 這樣就可以Ping OK...
但要注意...
frame-relay map建議...要的話全部動態學習......要的話全部靜態設定.......
因為平台不同...很可能shutdown Port後...再no shutdown起來後...dynamic map就無法學習到
Brain再次建議.........要的話全部動態學習......要的話全部靜態設定.......
2013/07/14
INE R&S ATC023 - Frame Relay
Broadcast Overview
• Broadcast Medias
– Ethernet
– Token-Ring
– FDDI
• Native “broadcast” support
– Source can address all connected destinations simultaneously
– Simplifies layer 3 to layer 2 resolution
NBMA Overview
• Non-Broadcast Multi Access
– Frame Relay, ISDN, ATM, etc.
• No native “broadcast” support
– Source cannot address all connected destinations simultaneously
• E.g. you can’t call every possible phone number in the ISDN cloud
– Layer 3 broadcast sent as layer 2 replicated unicast
• AKA “pseudo-broadcast”
– Implies Layer 3 to Layer 2 resolution issues
• Broadcast Medias
– Ethernet
– Token-Ring
– FDDI
• Native “broadcast” support
– Source can address all connected destinations simultaneously
– Simplifies layer 3 to layer 2 resolution
NBMA Overview
• Non-Broadcast Multi Access
– Frame Relay, ISDN, ATM, etc.
• No native “broadcast” support
– Source cannot address all connected destinations simultaneously
• E.g. you can’t call every possible phone number in the ISDN cloud
– Layer 3 broadcast sent as layer 2 replicated unicast
• AKA “pseudo-broadcast”
– Implies Layer 3 to Layer 2 resolution issues
2013/07/13
INE R&S ATC022 - Flex Links
FlexLinks
• Allowslink redundancy without STP
– Primary link forwards while backup link blocks
– switchport backup interface
• MAC-Address Move Update allows for faster convergence of CAM
– mac address-table move update [receive | transmit]
– switchport backup interface [int] mmu primary
=========================================
SW2 use Fa0/17 as Primary Link to SW3 , Fa0/13 as Backup Link to SW1, SW1 to SW3
@SW2
int fa0/17
switchport backup intface fa0/13
switchport backup intface fa0/13 mmu primary vlan 1
switchport backup intface fa0/13 preemption mode forced
switchport backup intface fa0/13 preemption delay 35
exit
macaddress-table move update transmit
• Allowslink redundancy without STP
– Primary link forwards while backup link blocks
– switchport backup interface
• MAC-Address Move Update allows for faster convergence of CAM
– mac address-table move update [receive | transmit]
– switchport backup interface [int] mmu primary
=========================================
SW2 use Fa0/17 as Primary Link to SW3 , Fa0/13 as Backup Link to SW1, SW1 to SW3
@SW2
int fa0/17
switchport backup intface fa0/13
switchport backup intface fa0/13 mmu primary vlan 1
switchport backup intface fa0/13 preemption mode forced
switchport backup intface fa0/13 preemption delay 35
exit
macaddress-table move update transmit
INE R&S ATC021 - MST with Multiple Regions
Inter-RegionMST
• MSTRegion is defined by
– VLANto instance mappings
– Region name
– Revision number
• Inter-Region path selection uses a CST
– Intra-region MSTIs are collapsed into CIST
• MSTRegion is defined by
– VLANto instance mappings
– Region name
– Revision number
• Inter-Region path selection uses a CST
– Intra-region MSTIs are collapsed into CIST
INE R&S ATC020- Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST
Rapid Spanning-Tree Protocol
• Rapid convergence based on sync process
• Enabled through…
– spanning-tree mode mst
– spanning-tree mode rapid-pvst
• Sync process only occurs on point-to-point non-edge ports
– Implies link-type must be accurate
– spanning-tree link-type [point-to-point|shared]
– spanning-tree portfast
========================================
P2P Full duplex
Non-Edge
PC連接上SW後, 很慢, 並且當Root Port若是改變, PC會無法連線30s
SW會送Send Proposal Out, PC若沒回應(LIS,LRN,FWD共30s)
解決方式: 準確的設定spanning-tree portfast於SW Port上.....P2P Edge....
debug spanning-tree proposal
• Rapid convergence based on sync process
• Enabled through…
– spanning-tree mode mst
– spanning-tree mode rapid-pvst
• Sync process only occurs on point-to-point non-edge ports
– Implies link-type must be accurate
– spanning-tree link-type [point-to-point|shared]
– spanning-tree portfast
========================================
P2P Full duplex
Non-Edge
PC連接上SW後, 很慢, 並且當Root Port若是改變, PC會無法連線30s
SW會送Send Proposal Out, PC若沒回應(LIS,LRN,FWD共30s)
解決方式: 準確的設定spanning-tree portfast於SW Port上.....P2P Edge....
debug spanning-tree proposal
INE R&S ATC019 - Multiple Spanning-Tree Protocol (MST)
MultipleSpanning-Tree Protocol
• IEEE (802.1s) response to PVST/PVST+
• Supports Rapid STP(802.1w)
• Instances are separate from VLANs
– PVST+ uses one instance per VLAN
– MST uses definable instances
• Highly scalable
– Switches with same instances, configuration revision number, and name form a “region”
– Different regions see each other as virtual bridges
MST Path Selection
• Same election process as CST/PVST
– Root bridge
• Lowest BID
– Root port
• Lowest cost
• Lowest upstream BID
• Lowest port ID
• IEEE (802.1s) response to PVST/PVST+
• Supports Rapid STP(802.1w)
• Instances are separate from VLANs
– PVST+ uses one instance per VLAN
– MST uses definable instances
• Highly scalable
– Switches with same instances, configuration revision number, and name form a “region”
– Different regions see each other as virtual bridges
MST Path Selection
• Same election process as CST/PVST
– Root bridge
• Lowest BID
– Root port
• Lowest cost
• Lowest upstream BID
• Lowest port ID
2013/07/12
INE R&S ATC015 ~ 018 - STP BPDU Filter, BPDU Guard , Root Guard , Loop Guard, Unidirectional Link Detection (UDLD)
Advanced STP Features
• BPDU Filter
– Filter BPDUs in and out
• BPDU Guard
– If BPDU is received shut port down
• Root Guard
– If superior BPDU is received shut port down
• Loop Guard & UDLD
– Prevent unidirectional links
---------------------------------------------------------
Global Config Interface Config
spanning-tree portfast bpdufilter default spanning-tree bpdufilter enable
spanning-tree portfast bpduguard default spanning-tree bpduguard enable
spanning-tree rootguard
spanning-tree loopguard default spanning-tree guard loop
• BPDU Filter
– Filter BPDUs in and out
• BPDU Guard
– If BPDU is received shut port down
• Root Guard
– If superior BPDU is received shut port down
• Loop Guard & UDLD
– Prevent unidirectional links
---------------------------------------------------------
Global Config Interface Config
spanning-tree portfast bpdufilter default spanning-tree bpdufilter enable
spanning-tree portfast bpduguard default spanning-tree bpduguard enable
spanning-tree rootguard
spanning-tree loopguard default spanning-tree guard loop
INE R&S ATC014 - STP BackboneFast
Advanced STP Features
• BackboneFast
– Indirect failures should start recalculating immediately
-----------------------------------------------------
用途在全部SW (也包含Root SW) , 因為SW要知道及反應RLQ (Root Link Query PDU)
若SW斷線時, SW於其他線路會送 inferior BPDU 及 RLQ request
Root SW收到RLQ後, 會立即送出RLQ Respone......
• BackboneFast
– Indirect failures should start recalculating immediately
-----------------------------------------------------
用途在全部SW (也包含Root SW) , 因為SW要知道及反應RLQ (Root Link Query PDU)
若SW斷線時, SW於其他線路會送 inferior BPDU 及 RLQ request
Root SW收到RLQ後, 會立即送出RLQ Respone......
INE R&S ATC013 - STP UplinkFast
Advanced STP Features
• UplinkFast
– Direct Root Port failure should reconverge immediately if Alternate Port available
-----------------------------------------------------------------------------------------------------------
用途在非Root SW, SW有多條線路時, 當Root Port失效時ALT Port立即FWD
並且Spoof CAM Table to ALT Port
spanning-tree uplinkfast
• UplinkFast
– Direct Root Port failure should reconverge immediately if Alternate Port available
-----------------------------------------------------------------------------------------------------------
用途在非Root SW, SW有多條線路時, 當Root Port失效時ALT Port立即FWD
並且Spoof CAM Table to ALT Port
spanning-tree uplinkfast
2013/07/11
INE R&S ATC012 - STP Timers, STP PortFast
STP Timers
• Timers effect the transition between port states
– Set only on the Root Bridge
• Hello
– How often configuration BPDUs are sent
– Defaults to 2 seconds
• MaxAge
– How long to wait in blocking state without hearing a BPDU
– Defaults to 20 seconds
• Forward Delay
– How long to wait in each the listening and learning phases
– Defaults to 15 seconds
Changing STP Timers
• Configuration
– spanning-tree vlan [vlan]hello-time
– spanning-tree vlan [vlan] forward-time
– spanning-tree vlan [vlan] max-age
• Verification
– show spanning-tree vlan [vlan]
Advanced STP Features
• PortFast
– Edge ports shouldn’t be subject to Forwarding Delay
– Also effects TCN generation
------------------------------------------------------
CSP,PVST,PVST+都是由Root Switch送BPDU.....STP Timer也都由Root Switch控制
RSTP hop by hop Switch送BPDU
• Timers effect the transition between port states
– Set only on the Root Bridge
• Hello
– How often configuration BPDUs are sent
– Defaults to 2 seconds
• MaxAge
– How long to wait in blocking state without hearing a BPDU
– Defaults to 20 seconds
• Forward Delay
– How long to wait in each the listening and learning phases
– Defaults to 15 seconds
Changing STP Timers
• Configuration
– spanning-tree vlan [vlan]hello-time
– spanning-tree vlan [vlan] forward-time
– spanning-tree vlan [vlan] max-age
• Verification
– show spanning-tree vlan [vlan]
Advanced STP Features
• PortFast
– Edge ports shouldn’t be subject to Forwarding Delay
– Also effects TCN generation
------------------------------------------------------
CSP,PVST,PVST+都是由Root Switch送BPDU.....STP Timer也都由Root Switch控制
RSTP hop by hop Switch送BPDU
INE R&S ATC010 - STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority
How STP Works
• Elect one Root Bridge
• Elect one Root Port per bridge
• Elect Designated Ports
Root Bridge Election
• Switch with lowest Bridge ID in the network becomes Root Bridge
• Bridge ID contains…
– Bridge Priority
• 0 -61440 in increments of 4096
– System ID Extension
• 0 -4095
– MAC Address
Bridge Priority(0-61440) + System ID Extension(VLAN ID 1-4095) + MAC Address
• Elect one Root Bridge
• Elect one Root Port per bridge
• Elect Designated Ports
Root Bridge Election
• Switch with lowest Bridge ID in the network becomes Root Bridge
• Bridge ID contains…
– Bridge Priority
• 0 -61440 in increments of 4096
– System ID Extension
• 0 -4095
– MAC Address
Bridge Priority(0-61440) + System ID Extension(VLAN ID 1-4095) + MAC Address
2013/07/10
INE R&S ATC009 - 802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling
802.1q Tunneling
• Layer 2 VPN over switched Ethernet network
– Lightweight version of MPLS L2VPN
• SP’s PE adds additional 802.1q tag to all frames received from CE
– Called “metro tag” or “QinQ”
• PE assigns all CE facing ports to the same VLAN
– One VLAN per customer in P network
• Configuration
– switchport mode dot1q-tunnel
• Tells switch to double tag frames
– switchport access vlan [vlan]
• Metro VLAN assignment
• Verification
– show dot1q-tunnel
• Cannot be dynamically negotiated
• Layer 2 VPN over switched Ethernet network
– Lightweight version of MPLS L2VPN
• SP’s PE adds additional 802.1q tag to all frames received from CE
– Called “metro tag” or “QinQ”
• PE assigns all CE facing ports to the same VLAN
– One VLAN per customer in P network
• Configuration
– switchport mode dot1q-tunnel
• Tells switch to double tag frames
– switchport access vlan [vlan]
• Metro VLAN assignment
• Verification
– show dot1q-tunnel
• Cannot be dynamically negotiated
2013/07/09
INE R&S ATC008 - Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel
EtherChannel
Used to aggregate bandwidth of physical links
– Same logic as PPP Multilink
• Consists of two parts
– Port-Channel interface
• Logical interface representing the link bundle
– Members interfaces
• Physical links part of a link bundle
• Channel can be any type of interface
– i.e. layer 2 access, trunk, tunnel, or layer 3 routed
EtherChannel Negotiation
• channel-group [number] mode [mode]
• Mode determines how negotiation occurs
– On
• No negotiation
– Desirable & Auto
• Initiate of listen for PAgP
– Active & Passive
• Initiate Active: send LACP
– Passive: listen for LACP
• PAgPvs. LACP
– Like ISL vs. 802.1q
Used to aggregate bandwidth of physical links
– Same logic as PPP Multilink
• Consists of two parts
– Port-Channel interface
• Logical interface representing the link bundle
– Members interfaces
• Physical links part of a link bundle
• Channel can be any type of interface
– i.e. layer 2 access, trunk, tunnel, or layer 3 routed
EtherChannel Negotiation
• channel-group [number] mode [mode]
• Mode determines how negotiation occurs
– On
• No negotiation
– Desirable & Auto
• Initiate of listen for PAgP
– Active & Passive
• Initiate Active: send LACP
– Passive: listen for LACP
• PAgPvs. LACP
– Like ISL vs. 802.1q
2013/07/08
INE R&S ATC007 - SVIs, Native Routed Interfaces, Router-on-a-Stick
Layer 3 Routing
Switched Virtual Interfaces (SVI)
– interface Vlan [1-4094]
– VLAN must exist in the database first
Native Routed Interface
– no switchport
– Same as Ethernet interface on a router
Router-on-a-Stick
– Layer 2 Switch trunks traffic to external Layer 3 router
– Legacy version of SVI
Router usually does not support DTP or VTP
– switchport mode trunk
– switchport trunk allowed vlan
Router encapsulated ISL or 802.1q traffic using subinterfaces
– encapsulation [isl| dot1q] [vlan] [native]
Native VLAN must match
– Can be on the main interface or subinterfacewith native keyword
-----------------------------------------------------------------------------------
switchport autostate exclude
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_58_se/command/reference/cli3.html#wp3553817
Switched Virtual Interfaces (SVI)
– interface Vlan [1-4094]
– VLAN must exist in the database first
Native Routed Interface
– no switchport
– Same as Ethernet interface on a router
Router-on-a-Stick
– Layer 2 Switch trunks traffic to external Layer 3 router
– Legacy version of SVI
Router usually does not support DTP or VTP
– switchport mode trunk
– switchport trunk allowed vlan
Router encapsulated ISL or 802.1q traffic using subinterfaces
– encapsulation [isl| dot1q] [vlan] [native]
Native VLAN must match
– Can be on the main interface or subinterfacewith native keyword
-----------------------------------------------------------------------------------
switchport autostate exclude
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_58_se/command/reference/cli3.html#wp3553817
INE R&S ATC006 - VLAN and VTP Review
Command Review
- show vlan [brief]
- show interface status
- show interface switchport
- show interface trunk
- show spanning-tree [vlan | interface]
- show vtp status
- show vtp password
- show interface pruning
- show vlan [brief]
- show interface status
- show interface switchport
- show interface trunk
- show spanning-tree [vlan | interface]
- show vtp status
- show vtp password
- show interface pruning
INE R&S ATC005 - VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs
預設VLANs 2 –1001 are "prune eligible"
如何確認呢? show int fa0/2 switchport
會有一行Pruning VLANS Enable: 2-1001
VLANs not in the “prune eligible list” cannot be pruned
- i.e. traffic will always be sent/received for them
若於Trunk Port上設定
switchport trunk pruning vlan remove X
表示VLAN X就不在Prune eligible清單中(一定會被FWD)
can't be pruning -> 表示FWD
若網路中有一台Router/VM有Trunk(若不支援VTP)
會讓VTP Prune功能失效...全部VLAN FWD
解決方式: 在界接的SW Trunk Port上設定...switchport trunk allowed vlan X,Y,Z
如何確認呢? show int fa0/2 switchport
會有一行Pruning VLANS Enable: 2-1001
VLANs not in the “prune eligible list” cannot be pruned
- i.e. traffic will always be sent/received for them
若於Trunk Port上設定
switchport trunk pruning vlan remove X
表示VLAN X就不在Prune eligible清單中(一定會被FWD)
can't be pruning -> 表示FWD
若網路中有一台Router/VM有Trunk(若不支援VTP)
會讓VTP Prune功能失效...全部VLAN FWD
解決方式: 在界接的SW Trunk Port上設定...switchport trunk allowed vlan X,Y,Z
INE R&S ATC004 - VTP, VTP Authentication, VTP Pruning
VLAN Trunking Protocol (VTP)
- NOT a requirement of Ethernet networks
-- Does not define the broadcast domain
-- Used to advertise VLAN attributes
-- Just for administration
VLAN Database vs. Global Configuration
- Domain Name
- Modes
-- Server
-- Client
-- Transparent
- Authentication
- Pruning
- Version
Authentication預設為Null....+VTP Revision = 產出MD5 Digest HASH (就是最後的VTP Database)
密碼改了 ............MD5 Digest Hash就會變...
VLAN有新增/刪除造成VTP Revision 增加...MD5 Digest Hash就會變...
- NOT a requirement of Ethernet networks
-- Does not define the broadcast domain
-- Used to advertise VLAN attributes
-- Just for administration
VLAN Database vs. Global Configuration
- Domain Name
- Modes
-- Server
-- Client
-- Transparent
- Authentication
- Pruning
- Version
Authentication預設為Null....+VTP Revision = 產出MD5 Digest HASH (就是最後的VTP Database)
密碼改了 ............MD5 Digest Hash就會變...
VLAN有新增/刪除造成VTP Revision 增加...MD5 Digest Hash就會變...
INE R&S ATC003 - Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP
Separate “core” network tasks from “peripheral” tasks
Core tasks
- 100% needed for basic layer 2 connectivity
- Cannot do anything layer 3+ without this
Peripheral tasks
- Rest of layer 3+ tasks do not rely on these topics
Core Ethernet Switching
- Trunking
- VLANs
- VTP
- EtherChannel
- 802.1q Tunneling (Possibly Core)
Core tasks
- 100% needed for basic layer 2 connectivity
- Cannot do anything layer 3+ without this
Peripheral tasks
- Rest of layer 3+ tasks do not rely on these topics
Core Ethernet Switching
- Trunking
- VLANs
- VTP
- EtherChannel
- 802.1q Tunneling (Possibly Core)
INE R&S ATC002 - Using the Cisco Documentation
建議各位去看看
SUPPORT-->Technology -->IP-->IP Routing-->OSPF
http://www.cisco.com/en/US/tech/tk365/tk480/tsd_technology_support_sub-protocol_home.html
IP Routing Frequently Asked Questions
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a008012d8f7.shtml
OSPF: Frequently Asked Questions
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml
這些IP Routing Protocol FAQ都是建議花一點時間去看...
包含所有的IGP,BGP,MPLS,Multicast,and IPv6....
Technology Documentation Not accessible during the Lab Exam
SUPPORT-->Technology -->IP-->IP Routing-->OSPF
http://www.cisco.com/en/US/tech/tk365/tk480/tsd_technology_support_sub-protocol_home.html
IP Routing Frequently Asked Questions
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a008012d8f7.shtml
OSPF: Frequently Asked Questions
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml
這些IP Routing Protocol FAQ都是建議花一點時間去看...
包含所有的IGP,BGP,MPLS,Multicast,and IPv6....
Technology Documentation Not accessible during the Lab Exam
INE R&S ATC001 - Introduction
講師為 Brian McGahan, CCIE #8593...CCIEx3, CCDE #2013::13
Class Objective
- Configuration
- Verification
- Troubleshooting
CCIE R&S Lab Exam Blueprint
- http://www.cisco.com/go/ccie
INE’s Expanded Blueprint
- Google "site:blog.ine.comexpanded blueprint"
Structured CCIE Preparation Approach
- Gain a basic understanding
- Gain basic hands-on experience to reinforce and expand your understanding
- Gain an expert level of understanding
- Gain an expert level of hands-on experience
知道某項技術是為了什麼所設計....
基本的設定方法...
如何檢查狀態......
Class Objective
- Configuration
- Verification
- Troubleshooting
CCIE R&S Lab Exam Blueprint
- http://www.cisco.com/go/ccie
INE’s Expanded Blueprint
- Google "site:blog.ine.comexpanded blueprint"
Structured CCIE Preparation Approach
- Gain a basic understanding
- Gain basic hands-on experience to reinforce and expand your understanding
- Gain an expert level of understanding
- Gain an expert level of hands-on experience
知道某項技術是為了什麼所設計....
基本的設定方法...
如何檢查狀態......
動力火車 - 莫忘初衷 (官方版MV HD)
你需要聽聽看...莫忘初衷...原版的更好聽...Just Do..IT.......!!!
http://www.youtube.com/watch?v=GXCqD01A8Ak
莫忘初衷
我懂你真的累了 不想多說什麼
忘了在你眼中 世界曾是彩虹
朋友就陪你沉默 看車水馬龍
看沒星星的夜空 You never alone
http://www.youtube.com/watch?v=GXCqD01A8Ak
莫忘初衷
我懂你真的累了 不想多說什麼
忘了在你眼中 世界曾是彩虹
朋友就陪你沉默 看車水馬龍
看沒星星的夜空 You never alone
訂閱:
文章 (Atom)