lab routing and switching-t dinh
DESCRIPTION
LAB Routing and SwitchingTRANSCRIPT
-
1Introduction to Routing and SwitchingSimulate with GNS3
Nguyn Quc nh
Faculty of IT, Ho Chi Minh City University of Industry
Sept 2012
-
2Schedule for 10 Weeks
Part 1: Starting with GNS3
Part 2: Static routing
Part 3: VLAN
Part 4: LAN with STP
Part 5: RIP (v2, ng)
Part 6: OSPF
Part 7: BGP
Part 8: Multicasting
Part 9: Access Control List
Part 10: Review (Oh great)
-
3Part 1
Starting with GNS3
Nguyn Quc nh
-
4Why not Packet Tracer?
How different?
Packet Tracer: simulation program
GNS3: emulation program
On PT, you just can't fully operate BGP, STP, multicast
But the upside of PT (so it'd be there)
Lightweight
Easily to configure and see the result
-
5To get started with GNS3
see
GNS3: Graphical Network Simulator
by Mike Fuszner, v1.0
-
6Notes: Setup
For this part and also later parts, use IOS 3640
Make sure to have virtual PC (vpc) for your testing (i.e. ping)
GNS3 and its components run faster under Linux than under Windows
Above all, always set IDLE PC to save your computer computation
Try to remember all commands may overload your little brain, use ? for commands supported
-
7Note: Saving configuration
Configurations in two locations - RAM and NVRAM.
The running configuration is stored in RAM.
Any configuration changes to the router are made to the running-configuration and take effect immediately after the command is entered.
The startup-configuration is saved in NVRAM and is loaded into the router's running-configuration when the router boots up.
To save the running-configuration to the startup configuration, type the following from privileged EXEC mode (i.e. at the "Router#" prompt.)
#copy running-config startup-config
-
8Tip: Save your working frequently with
#copy running-config startup-config
-
9 Target:
Read (and do) up to page #40 of Mike's tutorial
You have to setup and configure IP address of PCs in this network
PC1 PC2PC1 PC3
-
10
Q: Could PC1 ping F0/0 of West? Why
Q: Could PC1 ping S0/1 of West? Why
Q: Could PC1 ping PC2? Why
-
11
Part 2
Static Routing
Nguyn Quc nh
-
12
Why static routing?
Static routing vs Dynamic routing
How different?
What scale?
Static routing: toy game for tiny network
-
13
Commands
config t
interface Fa0/0
ip address [ip-address] [subnet-mask]
show ip route: displace routing table in a router
ip route [destination-network-address] [subnet-mask] [next-hop-IP-address]: configure static route statement
sh ip int brief: displace brief interfaces information
-
14
Lab 1
Target: Use static routing to connect all PCs in this networkIP addresses of interface and PCs are shown in the picture
-
15
Hint: configure static routing table in each
(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.2(config)#ip route 192.168.2.0 255.255.255.0 10.0.0.2
(config)#ip route 192.168.0.0 255.255.255.0 10.0.0.1(config)#ip route 192.168.2.0 255.255.255.0 10.0.1.2
(config)#ip route 192.168.0.0 255.255.255.0 10.0.1.1(config)#ip route 192.168.1.0 255.255.255.0 10.0.1.1
West
Central
East
-
16
Command show ip route on West, East, and Central
Does it reveal something? Try to explain the results
See more results with ping, traceroute(router), and tracert (PC)
-
17
Check your understanding by configure following network
1 2 3
4 5
6
7 8
-
18
Grand addresses 172.(15+X).0.0/16 for X-thsubnet.
User static routing
All PCs could communicate through the network
Checking (always checking)
show ip route
ping to the internet
tracert from PC
Requirements for previous scenario
-
19
Part 4
LAN with STP
Nguyn Quc nh
-
20
Objective
Learn how to identify which switch is elected as the root bridge.
Learn how to determine the optimum bridge placement.
Learn to optimize Spanning Tree convergence.
Learn to change connection cost.
-
21
To use switch @GNS3
GNS3 doesn't include layer-2 and layer-3 switches.
we could utilize router as switch instead
by using NM-16ESW module in router. In this way you can configure switching protocols like VLAN, STP, VTP ect.
How?
To make a switch symbol, see following slide
-
22
To use switch @GNS3
1
23
You got a switch symbol from c3600 (c3640)Use it in the following VLAN labs
-
23
(1) Network scenario
Put the switch in order as shown in the picture. In which the R4 is put in the last
12
3
4
-
24
By default, STP is build in VLAN 1. And R1 is the root. Why?
R1#show spanning-tree
VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address cc00.597e.0000
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set S
Port 1 (FastEthernet0/0) of VLAN1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.1.
Designated root has priority 32768, address cc01.60ce.0000
Designated bridge has priority 32768, address cc01.60ce.0000
Designated port id is 128.1, designated path cost 0 S
BPDU: sent 24, received 0
Port 2 (FastEthernet0/1) of VLAN1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.2.
-
25
R1#show spanning-tree
VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address cc00.597e.0000
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
S
R2#show spanning-tree
VLAN1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address cc01.597e.0000
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address cc00.597e.0000
Root port is 2 (FastEthernet0/1), cost of root path is 38
S
-
26
Where's the root
R1 is the root.
By default a Root Bridge is elected, and the one has slowest Bridge ID (determined by the Bridge Priority and the MAC address) is the winner.
Want to make
R4 to be the root bridge
-
27
Change the root bridge
By default, all bridge has priority of 32768
To change priority of one bridge:
Switch (config)# spanning-tree vlan priority
To make one bridge be root-bridge (priority = 8192)
Switch (config)# spanning-tree vlan root primary
To make one bridge be secondary root-bridge for redundancy (priority = 16384)
Switch (config)# spanning-tree vlan root secondary
-
28
Let's make some changes
Make R4 become the root:
R4(config)# spanning-tree vlan 1 root primary
Make R3 has one port to be blocked (why we has following setting?)
R3(config)#spanning-tree vlan 1 priority 61440
-
29
(2) Change the cost of each link
Default path costs
10BaseT: 100
100BaseT: 19
1000Baset: 4
To change the cost in each link
switch (config-if)# spanning-tree vlan cost
What happens when the port of R4 which links to R2 has the cost of 15?
-
30
(3) Spanning tree convergence
STP uses several timers to recover from topology changes
Modifying STP timers
spanning-tree vlan vlan-list hello-time seconds
spanning-tree vlan vlan-list forward-time seconds
spanning-tree vlan vlan-list max-age seconds
-
31
Multilayer switching
To be available
Get from http://www.gns3-labs.com/2008/09/22/multilayer-switching-in-a-campus-network/
-
32
Part 4
VLAN
Nguyn Quc nh
-
33
Notes on VLAN
VLANs are assigned on the switch port. There is no VLAN assignment done on the host (usually).
Assigning a host to the correct VLAN is a 2-step process:
1.Connect the host to the correct port on the switch.
2.Assign to the host the correct IP address depending on the VLAN memebership
Remember: VLAN = Subnet
Following labs, we use static VLANs
-
34
Commands Related to VLAN
To add more items to vlan database:
#vlan database
(vlan)#vlan 20 name engineering
To make a host connect to current port belong to vlan 20:
(config-if)#switchport mode access
(config-if)#switchport acess vlan 20
To turn current port to trunking mode:
(config-if)#switchport mode trunk
(config-if)#switchport trunk allowed vlan all
-
35
Commands Related to VLAN (cont)
And to show vlan summary:
#show vlan?
#show vlan-switch
#show interfaces fa0/1 switchport
#sh vtp status
Following slides explain more in few commands
-
36
Configure Ranges of VLANs
Switch(config)#interface range
fastethernet 0/8, fastethernet 0/12
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit
vlan 3
-
37
Mode Acess
Switch(config)#interface fastethernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#exit
Note: The switchport mode access command should be configured on all ports that the network administrator does not want to become a trunk port.
-
38
Face Mistake, to Remove
Deleting a Port VLAN Membership
Switch(config-if)#no switchport access
vlan vlan_number
Deleting a VLAN
Switch#vlan database
Switch(vlan)#no vlan
Switch(vlan)#exit
-
39
VLAN Tagging
To turn current port to trunking mode:
(config-if)#switchport mode trunk
(config-if)#switchport trunk allowed vlan
all
Or more selective
No VLAN Tagging
VLAN Tagging
-
40
Lab 1: Assign VLAN Port
Target: Create this VLAN table @R1:VLAN 1: defaultVLAN 10: engineeringVLAN 20: r-dVLAN 30: accountingVLAN 40: sale
VLAN 10 owns 172.168.10.0/24 subnetVLAN 20 owns 172.168.11.0/24 subnetVLAN 30 owns 172.168.12.0/24 subnetVLAN 40 owns 172.168.13.0/24 subnet
-
41
Lab 1: Assign VLAN Port (cont)
Assign following:C0 owned by an engineerC1 owned by an engineerC2 owned by a seller
Their IP addresses assigned by your own
Configure the network. Then answer:Can C0 ping C1? Why?Can C0 ping C2? Why?
-
42
Lab 2: VLAN Trunking
switchport mode trunk
switchport mode access
-
43
Lab 2: VLAN Trunking (cont)
Assign following:C0 owned by an engineerC1 owned by an engineerC2 owned by a seller
C3 owned by an engineerC4 owned by a seller
Their IP addresses assigned by your own
Check if all engineers/sellers assigned to the same subnet
-
44
Lab 3 (option): Testing your understanding with VLAN Trunking
For guidance, see attached documentation (part3-lab3.pdf) from TruongTan Inst.
-
45
Lab 4 (option): Routing between VLANs
For guidance, see attached documentation (part3-lab4.pdf) from TruongTan Inst.
-
46
Part 5
RIP
Nguyn Quc nh
-
47
Recall
Distance vector routing
RIP, RIPv2
RIPng
-
48
First exampleBuild a system with IPs of routers and PCs as shown at the figure
-
49
Setup RIPv2 as routing algorithm
West(config-if)#router ripWest(config-router)#version 2West(config-router)#network 192.168.0.0West(config-router)#network 10.0.0.0
Central(config-if)#router ripCentral(config-router)#version 2Central(config-router)#network 192.168.1.0Central(config-router)#network 10.0.0.0Central(config-router)#network 10.0.1.0
East(config-if)#router ripEast(config-router)#version 2East(config-router)#network 192.168.2.0East(config-router)#network 10.0.1.0
-
50
Subnet mask?
Since class in network address is history, do not use RIPv1
RIPv2 work with CIDR; but, you didn't see subnet mask on above commands.
How?
-
51
Checking, checking
Check RIP with following command
show ip route
show ip route protocols
show ip rip database
tracert
tracerouter
show ip protocol
Try to read the result
-
52
Extend your simulation
-
53
Extend your simulation
Add the new link to RIP
Now, you have 2 ways to go from 192.168.0.0/24 to 192.168.2.0/24 network
Check
Show ip route
Show ip protocols
Tracert
Tear down East's e0/1 - switch link
Tear down West's s1/0 Central's s1/0 link
See what happen, try to explain the result
-
54
Check your understanding by configure following network
1 2 3
4 5
6
7 8
-
55
Check your understanding by configure following network
Requirements You are allow to utilize 10.0.0.0/8 network
Subnet X are assigned with 10.(15+X).0.0/16 address spaces
Use RIPv2 for this autonomous system
Make sure all PCs could connect to the Internet
Check your network connection
-
56
How about RIPng?
IPv6 version of RIP
Commands:
#using ipv6 unicasting
(config)#ipv6 unicast-routing
#assign an IPv6 address to current interface
(config-if)#ipv6 address
#enable RIPng under process-name
(config-if)#ipv6 rip enable
-
57
Example
Beside traditional interface, e.g. fast ethernet, we adopt loopback interface notation.
-
58
Example of West configuration
West(config)#ipv6 unicast-routing
West(config)#int e0/0West(config-if)#ipv6 address 2001:db8:0:12::1/64West(config-if)#ipv6 rip tree enableWest(config-if)#no shut
West(config)#int loopback 0West(config-if)#ipv6 address 2001:db8:0:10::1/64West(config-if)#ipv6 rip tree enableWest(config-if)#no shutS
Then S try to find your way to configure Central and East.Test your network with show ipv6 route, show ipv6 protocols, tracert, etc.
-
59
Part 6
OSPF
Nguyn Quc nh
-
60
Recall
What is OSPF?
Multiple area network
-
61
Example
-
62
Area 0
Area 1 Area 2
Example
-
63
Commands
router ospf process-ID
process-ID is from 1 to 65535
may defer from node to node
network IP-address wildcard-mask
area area-#
wildcard-mask = not (network mask)
area-# is pre-defined number
make sure backbone area named area 0
-
64
Commands
R1Network 192.168.23.0 0.0.0.255 area 0Network 10.0.1.0 0.0.0.255 area 1
R2network 192.168.23.0 0.0.0.255 area 0Network 172.16.34.0 0.0.0.255 area 2
R3network 10.0.1.0 0.0.0.255 area 1network 10.0.2.0 0.0.0.255 area 1
R4network 172.16.34.0 0.0.0.255 area 2network 172.16.35.0 0.0.0.255 area 2
-
65
Helpful commands for OSPFshow ip protocol Displays parameters for all protocols running on the router
show ip route Displays a complete IP routing table
show ip ospf Displays basic information about OSPF routing processes
show ip ospf interface Displays OSPF info as it relates to all interfaces
show ip ospf border-routers Displays border and boundary router information
show ip ospf neighbor Displays a detailed list of neighbors
show ip ospf neighbor detail Lists all OSPF neighbors and their states
clear ip route * Clears entire routing table, forcing it to rebuild
clear ip route a.b.c.d Clears specific route to network a.b.c.d
clear ip opsf counters Resets OSPF counters
clear ip ospf Resets entire OSPF process, forcing OSPF to re
debug ip ospf events Displays all OSPF events
debug ip ospf adjacency routers Displays various OSPF states and DR/ BDR election between adjacent
debug ip ospf packets Displays OPSF packets
-
66
Check your understanding
With following side network
Pay attention:
/28 (not /24 any more)
Recalculate subnet-id
Recalculate wildcard-mask
-
67
-
68
Part 7
BGP
Nguyn Quc nh
-
69
BGP in overview
transit
multihomed
-
70
BGP commands in GNS3
Declare your own AS number by
router bgp
Define neighbors with
neighbor remote-as
Define the networks you own by
network mask
-
71
Lab 1
-
72
Lab 1
-
73
Lab 1
Router 0Router0(config)#router bgp 1Router0(config-router)#neighbor 4.4.4.2 remote-as 2Router0(config-router)#network 1.1.1.0 mask 255.255.255.0
Router 1Router1(config)#router bgp 2Router1(config-router)#neighbor 4.4.4.1 remote-as 1Router1(config-router)#neighbor 5.5.5.3 remote-as 3Router1(config-router)#network 2.2.2.0 mask 255.255.255.0
Router 3Router2(config)#router bgp 3Router2(config-router)#neighbor 5.5.5.2 remote-as 2Router2(config-router)#network 3.3.3.0 mask 255.255.255.0
-
74
Lab 1
Use following debugging command to check your system
show ip protocols
show ip route
show ip bgp
tracert
tracerouter
-
75
Check your understanding network with BGP Lab 2
-
76All subnets are /24
-
77
AS1Run multiareaOSPF
AS2Run RIP
AS3Run RIP
Inter AS: BGP
-
78
OSPF area 0
OSPF area 1
OSPF area 2
RIPv2
RIPv2
-
79
Check your understanding network with BGP Lab 3 (*)
(*) This network is taken from http://buildingbgplab.blogspot.com
-
80
-
81
Part 8
Multicasting
Nguyn Quc nh
-
82
See http://www.gns3-labs.com/2008/11/22/multicasting/
PIM
-
83
Part 9
Security
Nguyn Quc nh