R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 1 of 124
2013 Narbik Kocharians. All rights reserved
CCIE Foundation
5.0
www.MicronicsTraining.com
Narbik Kocharians
CCIE #12410
R&S, Security, SP
VOL-I
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 2 of 124
2013 Narbik Kocharians. All rights reserved
Table of Content:
Subject Page
Topology 4
Section One:
Logical or Physical Subject Page
Lab 1 Physical to Logical Topology I 10
Lab 2 Physical to Logical Topology II 21
Lab 3 Physical to Logical Topology III 36
Section Two:
3560 Switching Subject Page
Lab 1 Basic 3560 configuration 56
Lab 2 Spanning-tree 802.1d 91
Section Three:
Frame-relay Subject Page
Lab 1 Multipoint Hub-n-Spoke Using Frame-relay maps 107
Lab 2 - Multipoint Hub-n-Spoke Using Frame-relay sub-interfaces 122
Lab 3 Frame-relay configurstion in a Point-to-point manner 127
Lab 4 Mixture of Point-to-point & Multipoint Frame-relay 132
Lab 5 Running PPP on Frame-relay 137
Section Four:
RIPv2 Subject Page
Lab 1 Configuring RIPv2 145
Lab 2 RIPv2 Authentication (Clear text and MD5) 153
Lab 3 Configuring different RIPv2 Update methods 159
Lab 4 Injection of Default routes in RIPv2 166
Lab 5 Filtering RIPv2 routes 177
Section five:
Eigrp Lab 1 Configuring Eigrp and Adjusting the Timers 185
Lab 2 Eigrp Metric 195
Lab 3 Eigrp Summarization 198
Lab 4 Eigrp Authentication & Advanced Configuration 209
Lab 5 Eigrp Stub 215
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 3 of 124
2013 Narbik Kocharians. All rights reserved
Section Six:
OSPF Subject Page
Lab 1 Advertising Networks 228
Lab 2 OSPF Non-Broadcast Networks 244
Lab 3 OSPF Broadcast Networks 252
Lab 4 OSPF Point-to-point Networks 259
Lab 5 OSPF Point-to-Multipoint Networks 265
Lab 6 OSPF Point-to-Multipoint Non-Broadcast Networks 274
Lab 7 OSPF Cost 280
Lab 8 OSPF Authentication 287
Lab 9 OSPF Summarization 317
Lab 10 OSPF Filtering 328
Lab 11 Virtual-Links and GRE Tunnels 358
Lab 12 OSPF Stub, T/Stubby, NSSA, NSS-Stub, NSS-T/Stub 369
Section Seven:
Redistribution Subject Page
Lab 1 Redistribution Basics 389
Section Eight:
BGP Subject Page
Lab 1 Establishing Neighbor Adjacency 5
Lab 2 Route reflectors, Originator-ID and Cluster-ID 15
Lab 3 Conditional Advertisement & BGP Backdoor 35
Lab 4 The Community Attribute 51
Lab 5 The AS-Path Attribute 65
Lab 6 The Weight Attribute 76
Lab 7 The Multi Exist Discriminator (MED) Attribute 86
Lab 8 Filtering Using Access-lists and Prefix-lists 105
Lab 9 Regular Expressions 118
Lab 10 BGP Confederation 137
Section Nine:
IPv6 Subject Page
Lab 1 Configuring Basic IPv6 145
Lab 2 Configuring Point-to-point, Multipoint and Multi-access links 158
Lab 3 Configuring RIPng 178
Lab 4 Configuring EIGRPv6 191
Lab 5 Configuring OSPFv3 203
Lab 6 OSPFv3 Non-Broadcast Netywork Type 225
Lab 7 OSPFv3 Broadcast Network Type 235
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 4 of 124
2013 Narbik Kocharians. All rights reserved
Lab 8 OSPFv3 Point-to-point Network Type 242
Lab 9 OSPFv3 Point-to-Multipoint Broadcast Network Type 250
Lab 10 OSPFv3 Point-to-Multipoint Non-Broadcast Network Type 259
Section Ten:
QoS Subject Page
Lab 1 MLS QoS 272
Lab 2 DSCP-Mutation 287
Lab 3 DSCP-CoS 299
Lab 4 CoS-DSCP 306
Lab 5 IP-Prec-to-DSCP 313
Lab 6 Individual Rate Policer 319
Lab 7 Policed-DSCP 325
Lab 8 Aggregate Policer 331
Lab 9 Frame-relay Traffic Shaping 337
Lab 10 Basic Class-Based Policing 345
Section Eleven:
IP Services and Network Optimization & Advanced Features Subject Page
Lab 1 HSRP 357
Lab 2 VRRP 385
Lab 3 GLBP 420
Lab 4 NTP 438
Lab 5 OER/PFR Configuration 448
Lab 6 EEM 465
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 5 of 124
2013 Narbik Kocharians. All rights reserved
F0/0
R1
R2
F0/0
F0/0
F0/0
F0/0
F0/0
F0/0
F0/0
F0/0 F0/1
F0/1
F0/5
F0/6
F0/11
F0/12
F0/13
F0/4
F0/3
F0/2
F0/1
Switch -1
F0/13
F0/12
Switch -3
F0/1
R3
R4
R5
R6
BB1
BB2
BB3
F0/1
F0/1
F0/5
F0/6
F0/11
F0/4
F0/3
F0/2
F0/1
Switch -2
F0/1
F0/1
F0/1
F0/1
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 6 of 124
2013 Narbik Kocharians. All rights reserved
The Serial Connection Between R1 and R3
R1 R3DCE
DTES0/1
S0/1
The Serial Connection Between R4 and R5
R4 R5DCE
DTES0/1
S0/1
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 7 of 124
2013 Narbik Kocharians. All rights reserved
Frame-Relay Switch Connections
R1
R2
R3
R4
R5
R6
S0/0
S0/1
S0/2
S0/3
S1/0
S1/1
S1/2
S0/0
S0/0
S0/0
S0/0/
0
S0/1
S0/0/
0
S0/0
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 8 of 124
2013 Narbik Kocharians. All rights reserved
Frame-Relay DLCI Connections:
Router: Local DLCI: Connecting to:
R1 102
112
103
104
105
106
164
R2
R2
R3
R4
R5
R6
R4
R2 201
211
203
204
205
206
R1
R1
R3
R4
R5
R6
R3 301
302
304
305
306
R1
R2
R4
R5
R6
R4 401
402
403
405
406
461
R1
R2
R3
R5
R6
R1
R5 501
502
503
504
506
R1
R2
R3
R4
R6
R6 601
602
603
604
605
R1
R2
R3
R4
R5
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 9 of 124
2013 Narbik Kocharians. All rights reserved
Switch-to-Switch connections:
SW3 SW4
SW1 SW2
F0/19
F0/20
F0/19
F0/20
F0/2
1
F0/2
2 F0/2
1
F0/2
2F0/23F0/23
F0/24
F0/24
F0/18
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 10 of 124
2013 Narbik Kocharians. All rights reserved
CCIE Foundation
5.0
www.MicronicsTraining.com
Narbik Kocharians
CCIE #12410
R&S, Security, SP
Configuring Logical Topology
from the Physical Topology
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 11 of 124
2013 Narbik Kocharians. All rights reserved
F0/0
VLAN 23
.1
12.1.1.0/24
VLAN 12
F0/0
F0/1
F0/1
F0/1
F0/0
F0/0 F0/1
F0/0
F0/0 F0/1
F0/0
R1
R3BB1
R4 R5
R6
BB2 BB3
R2
F0/1
F0/1
.1
.2
.2
.3
.3
.4 .5
.5
.6
.11
.11
.22 .33
VLAN 11
VLAN 123 VLAN 345
VLAN 56
100.1.1.0/24
123.1.1.0/24 200.1.1.0/24
23.1.1.0/24
56.1.1.0/24
LAB 1-
Physical to Logical Topology Basic configuration
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 12 of 124
2013 Narbik Kocharians. All rights reserved
Task 1
Shutdown all ports on all switches.
On All Switches
SWx(config)#Int range f0/1-24
SWx(config-if-range)#Shut
Task 2
Configure the above topology, if this configuration is performed successfully, every router
should be able to ping its neighboring routers in the same subnet.
Lets start with R1 and R2s connection in VLAN 12, we can see that these two routers are connected via their F0/0 interfaces, and the other interfaces of these two routers are connected to other routers via
their F0/1 interface, meaning that the F0/0 interface is not used to connect to other routers, we will see
how to configure that scenario in the next lab.
If the physical topology is checked, you can easily see that the F0/0 interfaces of these two routers are
connected to SW1 ports F0/1 and F0/2 for R1 and R2 respectively, so lets configure these two ports on SW1 in VLAN 12 and verify.
On SW1
SW1(config)#Int range f0/1-2
SW1(config-if-range)#Swi mode acc
SW1(config-if-range)#swi acc v 12
SW1(config-if-range)#No shut
Lets verify:
On SW1
SW1#Show vlan brief | Exc unsup
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 13 of 124
2013 Narbik Kocharians. All rights reserved
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Gi0/1, Gi0/2
12 VLAN0012 active Fa0/1, Fa0/2
Lets configure the F0/0 interfaces of R1 and R2:
On R1
R1(config)#Int F0/0
R1(config-if)#Ip addr 12.1.1.1 255.255.255.0
R1(config-if)#No shut
On R2
R2(config)#Int F0/0
R2(config-if)#Ip addr 12.1.1.2 255.255.255.0
R2(config-if)#No shut
To verify the configuration:
On R1
R2#Ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
We can configure R2s connection to R3 or R1s connection to BB1, the following configures R1s connection to BB1:
Before we assign an IP address to the interfaces of these routers, lets configure the F0/1 interfaces of R1 and BB1 in VLAN 11, and then, configure the F0/1 interfaces of R1 and BB1.
We can see that these interfaces are connected to SW2s F0/1 and F0/11 for R1 and BB1 respectively, therefore, these two ports on SW2 should be configured in VLAN 11:
On SW2
W2(config)#Int Range f0/1,f0/11
SW2(config-if-range)#Swi mode acc
SW2(config-if-range)#Swi acc v 11
SW2(config-if-range)#No shut
On R1
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 14 of 124
2013 Narbik Kocharians. All rights reserved
R1(config)#Int F0/1
R1(config-if)#Ip address 100.1.1.1 255.255.255.0
R1(config-if)#No shut
On BB1
BB1(config)#Int F0/1
BB1(config-if)#Ip addr 100.1.1.11 255.255.255.0
BB1(config-if)#No shut
To verify the configuration:
On R1
R1#Ping 100.1.1.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.1.1.11, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
NOWlets configure the R2 and R3s F0/1 interface in VLAN 23, we can see that these two interfaces are connected to SW2s F0/2 for R2s F0/1 and F0/3 for R3s F0/1 interface.
On SW2
SW2(config)#Int Range F0/2-3
SW2(config-if-range)#Swi mode acc
SW2(config-if-range)#swi acc v 23
SW2(config-if-range)#No shut
On R2
R2(config)#Int F0/1
R2(config-if)#Ip addr 23.1.1.2 255.255.255.0
R2(config-if)#No shut
On R3
R3(config)#Int F0/1
R3(config-if)#Ip addr 23.1.1.3 255.255.255.0
R3(config-if)#No shut
To verify the configuration:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 15 of 124
2013 Narbik Kocharians. All rights reserved
On R2
R2#Ping 23.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Lets move on to BB1, BB2 and BB3s configuration in VLAN 123. In this case we can see that BB1s F0/0 interface is connected to SW1s port F0/11, and BB2s F0/0 interface is connected to SW1s F0/12 interface, but BB3s F0/1 is connected to SW3s F0/13 interface. But how do we get these routers in the same VLAN? WellSW3 and SW1 are connected va their F0/21 and F0/22 interfaces, we can use one of these two interfaces, in this case lets choose F0/21, therefore, the F0/1 interfaces of SW1 and SW3 should be configured as a trunk allowing VLAN 123 to traverse through this trunk, lets configure the trunk and the VLANs before we configure the routers:
To configure ports F0/11 and F0/12 in VLAN 123:
On SW1
SW1(config)#Int Range f0/11-12
SW1(config-if-range)#Swi mode acc
SW1(config-if-range)#Swi acc v 123
SW1(config-if-range)#No shut
To configure a trunk:
On SW1 and SW3
SWx(config)#Int F0/21
SWx(config-if)#Swi trunk encap dot
SWx(config-if)#swi mode trunk
SWx(config-if)#No shut
Lastly the F0/13 interface of SW3 is configured in VLAN 123
On SW3
Sw3(config)#Int F0/13
Sw3(config-if)#Swi mode acc
Sw3(config-if)#swi acc v 123
Sw3(config-if)#No shut
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 16 of 124
2013 Narbik Kocharians. All rights reserved
Lets verify the VLAN configuration:
On SW1
SW1#Show vlan br | Exc unsup
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/22, Fa0/23, Fa0/24, Gi0/1
Gi0/2
12 VLAN0012 active Fa0/1, Fa0/2
123 VLAN0123 active Fa0/11, Fa0/12
Lets verify the trunk link and ensure that VLAN 123 can traverse through this trunk link:
On SW1
SW1#Show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/21 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/21 1-4094
Port Vlans allowed and active in management domain
Fa0/21 1,12,123
Port Vlans in spanning tree forwarding state and not pruned
Fa0/21 1,12,123
Lets verify the VLAN configuration and the trunk interface configured on SW3:
On SW3
Sw3#Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/21 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/21 1-4094
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 17 of 124
2013 Narbik Kocharians. All rights reserved
Port Vlans allowed and active in management domain
Fa0/21 1,123
Port Vlans in spanning tree forwarding state and not pruned
Fa0/21 1,123
Sw3#Show vlan br | exc unsup
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
123 VLAN0123 active Fa0/13
Lets configure the routers:
On BB1
BB1(config)#Int F0/0
BB1(config-if)#Ip addr 123.1.1.11 255.255.255.0
BB1(config-if)#No shut
On BB2
BB2(config)#Int F0/0
BB2(config-if)#Ip addr 123.1.1.22 255.255.255.0
BB2(config-if)#No shut
On BB3
BB3(config)#Int F0/1
BB3(config-if)#IP addr 123.1.1.33 255.255.255.0
BB3(config-if)#No shut
To test the configuration:
On BB1
BB1#Ping 123.1.1.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.22, timeout is 2 seconds:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 18 of 124
2013 Narbik Kocharians. All rights reserved
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
BB1#Ping 123.1.1.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.33, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
The ONLY VLAN left to be configured is VLAN 345, by looking at the interfaces of the routers used in
this VLAN we can see that R5 is using its F0/1 interface and not its F0/0, which means that R5s F0/1 interface is not connected to the same Switch as the one that connects R3 and R4. By looking at the
physical topology, we can see that R5s F0/1 interface is connected to SW2s F0/5 interface whereas, the F0/0 interfaces of R3 and R4s connected to SW1, this tells us that we need a trunk connection between SW1 and SW2 allowing VLAN 345 to traverse through this trunk. Since SW1 and SW2 have three
connections between them, in this lab the F0/20 interface is used for the trunk.
On SW1 and SW2
SWx(config)#Int F0/20
SWx(config-if)#Swi tru enc dot
SWx(config-if)#Swi mode tru
SWx(config-if)#No shut
To verify the configuration:
On SW1
SW2#Show inter trunk
Port Mode Encapsulation Status Native vlan
Fa0/20 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/20 1-4094
Port Vlans allowed and active in management domain
Fa0/20 1,11,23
Port Vlans in spanning tree forwarding state and not pruned
Fa0/20 none
We do not see VLAN 123 over this trunk because it is not configured, lets configure VLAN 123 on SW1 and SW2, or configure both switches in the same VTP domain and then configure VLAN 123 on one of
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 19 of 124
2013 Narbik Kocharians. All rights reserved
the switches, and have VTP messages propagate the VLAN.dat, in this case the later is chosen:
On SW1
SW1(config)#VTP domain TST
Changing VTP domain name from NULL to TST
Remember that a name MUST be assigned or else the VLAN.dat will not be propagated. The following
configures interfaces F0/3 and F0/4 interfaces of SW1 in VLAN 123:
SW1(config)#Int Range f0/3-4
SW1(config-if-range)#Swi mode acc
SW1(config-if-range)#Swi acc v 345
SW1(config-if-range)#No shu
Lets configure the F0/5 interface of SW2 in VLAN 123:
On SW2
SW2(config)#Int F0/5
SW2(config-if)#Swi mode acc
SW2(config-if)#Swi acc v 345
SW2(config-if)#No shut
Lets verify the configuration
On SW2
SW2#Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/20 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/20 1-4094
Port Vlans allowed and active in management domain
Fa0/20 1,12,123,345
Port Vlans in spanning tree forwarding state and not pruned
Fa0/20 1,12,123,345
On SW1
SW1#Show interface trunk
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 20 of 124
2013 Narbik Kocharians. All rights reserved
Port Mode Encapsulation Status Native vlan
Fa0/20 on 802.1q trunking 1
Fa0/21 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/20 1-4094
Fa0/21 1-4094
Port Vlans allowed and active in management domain
Fa0/20 1,12,123,345
Fa0/21 1,12,123,345
Port Vlans in spanning tree forwarding state and not pruned
Fa0/20 1,12,123,345
Fa0/21 1,12,123,345
Lets configure R3-5:
On R3
R3(config)#Int F0/0
R3(config-if)#Ip addr 200.1.1.3 255.255.255.0
R3(config-if)#No shut
On R4
R4(config)#Int F0/0
R4(config-if)#Ip addr 200.1.1.4 255.255.255.0
R4(config-if)#No shut
On R5
R5(config)#Int F0/1
R5(config-if)#Ip addr 200.1.1.5 255.255.255.0
R5(config-if)#No shut
To verify the configuration:
On R3
R3#Ping 200.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.1.4, timeout is 2 seconds:
.!!!!
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 21 of 124
2013 Narbik Kocharians. All rights reserved
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R3#Ping 200.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.1.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Task 3
Erase the startup configuration and reload the routers and switches before proceeding to the
next lab.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 22 of 124
2013 Narbik Kocharians. All rights reserved
F0/0
VLAN 34
.1
13.1.1.0/24
VLAN 13
F0/0F0/0
F0/0
F0/1
F0/0F0/0
F0/0
F0/0
F0/0
R1
R4
R2
BB1
R5
R6
BB3BB2
R3
F0/1
F0/1
.1.3
.3
.4
.4
.5
.6
.2
.11
.22 .33
VLAN 12
VLAN 123
VLAN 24
VLAN 56
12.1.1.0/24
123.1.1.0/24
24.1.1.0/24
34.1.1.0/24
.4
.2
45.1.1.0/24
VLAN 45.4
.5
F0/1
F0/1
F0/0 .2
.22F0/0
F0/0
F0/0
F0/0
VLAN 22
22.1.1.0/24
56.1.1.0/24
VLAN 16
16.1.1.0/24
.11
LAB 2-
Physical to Logical Topology Intermediate
Configuration
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 23 of 124
2013 Narbik Kocharians. All rights reserved
Task 1
Shutdown all ports on all switches.
On All Switches
SWx(config)#Int range f0/1-24
SWx(config-if-range)#Shut
Task 2
Configure the above topology, if this configuration is performed successfully, every router
should be able to ping its neighboring routers in the same subnet.
Lets do a top down configuration starting from VLAN 13.
NOTE: The F0/0 interface of R3 is configured in this VLAN, and the other Ethernet interfaces of this
router are configured in other VLANs, whereas, the F0/0 interface of R1 is configured in two VLANs.
Since this is Physically impossible, logical interfaces can be configured to accomplish this task; to
accomplish this task a trunk is configured with different DOT1q VLAN tags for different VLANs.
Since the F0/0 interface of all routers are connected to SW1, lets configure SW1 for these routers:
On SW1
SW1(config)#Int F0/3
SW1(config-if)#Swi mode acc
SW1(config-if)#Swi acc vlan 13
SW1(config-if)#No shut
NOTE: Since the F0/1 interface of SW1 is connected to R1s F0/0 interface, and R1s F0/0 interface must be configured in different VLANs, the F0/1 interface of this switch MUST be configured as a trunk.
SW1(config)#Int F0/1
SW1(config-if)#Swi trunk encap dot1q
SW1(config-if)#Swi mode trunk
SW1(config-if)#No shut
Lets configure the routers starting with R3:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 24 of 124
2013 Narbik Kocharians. All rights reserved
On R3
R3(config)#Int F0/0
R3(config-if)#IP addr 13.1.1.3 255.255.255.0
R3(config-if)#No shut
On R1
R1(config)#Int F0/0
R1(config-if)#No shut
R1(config-if)#Int F0/0.13
R1(config-subif)#Encap dot1q 13
R1(config-subif)#Ip addr 13.1.1.1 255.255.255.0
To verify the configuration:
On SW1
SW1#Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,13
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,13
On R1
R1#Ping 13.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.1.1.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
NOW.lets configure VLAN 34 connecting R3 to R4:
We need some configuration on the switch to which these routers are connected to. Lets begin with the
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 25 of 124
2013 Narbik Kocharians. All rights reserved
Switch configuration:
Since the F0/1 interface of R3 is connected to SW2, the F0/3 interface of SW2 must be configured in
VLAN 34:
On SW2
SW2(config)#Int F0/3
SW2(config-if)#Swi mode acc
SW2(config-if)#Swi acc vlan 34
SW2(config-if)#No shut
NOTE: R4s F0/1 interface is also connected to SW2, but this interface is also configured in another VLAN (VLAN 45), so we know that the F0/1 interface of R4 must be configured as a trunk and the port
on the switch (SW2) to which it is connected should also be configured as trunk.
On SW2
SW2(config)#int F0/4
SW2(config-if)#Swi trun encap dot1q
SW2(config-if)#Swi mode trunk
SW2(config-if)#No shut
Since the switch is configured, lets move on to the routers starting with R3. This routers configuration is very basic and all we need to do is assign an IP address and NO SHUT the F0/1 interface.
On R3
R3(config)#Int F0/1
R3(config-if)#Ip addr 34.1.1.3 255.255.255.0
R3(config-if)#No shut
Lets configure R4; we know that the F0/1 interface of this router must be configured as a trunk.
On R4
R4(config)#Int F0/1
R4(config-if)#No shut
R4(config)#int F0/1.34
R4(config-subif)#Encap dot1q 34
R4(config-subif)#Ip addr 34.1.1.4 255.255.255.0
To verify and test the configuration:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 26 of 124
2013 Narbik Kocharians. All rights reserved
On SW2
SW2#Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/4 1-4094
Port Vlans allowed and active in management domain
Fa0/4 1,34
Port Vlans in spanning tree forwarding state and not pruned
Fa0/4 1,34
R4#Ping 34.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.1.1.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
So we can see that when a Physical Ethernet interface is configured in multiple VLANs, the interface of
the router MUST be configured as a trunk, and the port on the switch that it is connected MUST also be
configured as a trunk.
Lets configure VLAN 12. Just like any VLAN configuration we have some configuration to perform on the switch/es and some configuration on the router/s.
In this VLAN, R1s F0/0 interface must be configured with another sub-interface, remember earlier the F0/0 interface of R1 was configured with a sub-interface for VLAN 13; we also know that the F0/1
interface of the switch SW1 is already configured as a trunk, lets verify this information:
On SW1
SW1#Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Port Vlans allowed and active in management domain
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 27 of 124
2013 Narbik Kocharians. All rights reserved
Fa0/1 1,13
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,13
Lets configure SW1 for R2, but once again we can see that the F0/0 interface of R2 is configured in two different VLANs, this means that the F0/0 interface of R1 and the port to which it is connected to MUST
be configured as trunk.
On SW1
SW1(config)#Int F0/2
SW1(config-if)#Swi trunk encap dot1q
SW1(config-if)#Swi mode trunk
SW1(config-if)#No shut
On R1
R1(config)#Int F0/0.12
R1(config-subif)#Encap dot1q 12
R1(config-subif)#Ip address 12.1.1.1 255.255.255.0
On R2
R2(config)#Int F0/0
R2(config-if)#No shut
R2(config)#Int F0/0.12
R2(config-subif)#Encap dot1q 12
R2(config-subif)#Ip addr 12.1.1.2 255.255.255.0
To verify the configuration:
On R1
R1#Ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
What went wrong?
Lets verify and see if the VLAN is allowed to traverse over the trunk links:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 28 of 124
2013 Narbik Kocharians. All rights reserved
On SW1
SW1#Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,13
Fa0/2 1,13
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,13
Fa0/2 1,13
ONLY VLAN 13 is allowed over the trunk, but WHY? Lets see all the configured VLANs:
On SW1
SW1#Show vlan brie | Exc unsup
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2
13 VLAN0013 active Fa0/3
VLAN 13 was created when the F0/3 interface of SW1 was placed in VLAN 13, since none of the
interfaces of SW1 is implicitly configured in VLAN 12 this VLAN was never created. Lets configure VLAN 12 on SW1:
On SW1
SW1(config)#VLAN 12
SW1(config-vlan)#Exit
R1#Ping 12.1.1.2
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 29 of 124
2013 Narbik Kocharians. All rights reserved
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Lets configure VLAN 24:
On SW1
NOTE: Since by placing the F0/4 interface of SW1 in VLAN 24, the IOS will auto-create this VLAN,
therefore, we wont run into the previous problem.
SW1(config)#int F0/4
SW1(config-if)#Swi mode acc
SW1(config-if)#Swi acc vlan 24
SW1(config-if)#No shut
On R2
Another sub-interface is configured in VLAN 24:
R2(config)#Int F0/0.24
R2(config-subif)#Encap dot1q 24
R2(config-subif)#Ip addr 24.1.1.2 255.255.255.0
On R4
R4(config)#Int F0/0
R4(config-if)#Ip addr 24.1.1.4 255.255.255.0
R4(config-if)#No shut
To verify the configuration:
On R2
R2#Ping 24.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.1.1.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
NEXT VLAN is VLAN 22. We can easily see that another sub-interface must be configured on R2. The
switch, SW1s F0/2 interface is already configured as trunk. BB2s F0/0 interface is in two different VLANs, so a trunk must be configured on the F0/0 interface of the BB2 and the port to which the
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 30 of 124
2013 Narbik Kocharians. All rights reserved
interface is connected to.
Lets start with SW1s configuration:
On SW1
The port that BB2s F0/0 interface is connected is configured as a trunk to allow VLANs 22 and 123 to traverse through:
SW1(config)#Int F0/12
SW1(config-if)#Swi tru encap dot1q
SW1(config-if)#SWi mode trunk
SW1(config-if)#No shut
VLAN 22 MUST be configured on the switch:
SW1(config)#Vlan 22
SW1(config-vlan)#exit
Lets configure another sub-interface for VLAN 22:
On R2
R2(config)#Int F0/0.22
R2(config-subif)#Encap dot1q 22
R2(config-subif)#Ip addr 22.1.1.2 255.255.255.0
On BB2
BB2(config)#Int F0/0
BB2(config-if)#No shut
BB2(config)#Int F0/0.22
BB2(config-subif)#Encap dot1q 22
BB2(config-subif)#Ip addr 22.1.1.22 255.255.255.0
To verify the configuration:
On R2
R2#Ping 22.1.1.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.1.1.22, timeout is 2 seconds:
.!!!!
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 31 of 124
2013 Narbik Kocharians. All rights reserved
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
Before going further into the configuration of this topology, lets summarize what we have covered in this lab:
When configuring routers in a VLAN we MUST pay attention to the following:
If the routers interface is in ONE VLAN, then, configure the VLAN on the switch and place the interface to which the router is connected to in that VLAN.
If the routers interface is configured in multiple VLANs, then configure the interface of the router as a trunk. ISL encapsulation is only available on the older IOS and routers, therefore the ONLY
encapsulation is DOT1q, and this means we configure multiple sub-interfaces on the router. Each sub-
interface should be configured in the appropriate VLAN as identified in the topology. The switchport to
which the router is connected to, must also be configured as a trunk, YOU MUST ENSURE THAT THE
VLAN IS CONFIGURED AND IT IS ALLOWED TO TRAVERSE THROUGH THE TRUNK.
Lets configure VLAN 45. R4 needs another sub-interface configuration; R5s F0/1 interface must be configured as trunk because it is in two different VLANs, and the F0/5 interface of SW2 should also be
configured as a trunk and VLAN 45 MUST be configured/created on SW2.
On SW2
SW2(config)#Int F0/5
SW2(config-if)#Swi trunk encap dot1q
SW2(config-if)#Swi mode trunk
SW2(config-if)#No shut
SW2(config)#Vlan 45
SW2(config-vlan)#exit
On R4
R4(config)#Int F0/1.45
R4(config-subif)#encap dot1q 45
R4(config-subif)#Ip addr 45.1.1.4 255.255.255.0
On R5
R5(config)#Int F0/1
R5(config-if)#No shut
R5(config)#Int F0/1.45
R5(config-subif)#Encap dot1q 45
R5(config-subif)#Ip addr 45.1.1.5 255.255.255.0
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 32 of 124
2013 Narbik Kocharians. All rights reserved
To verify the configuration:
On R4
R4#Ping 45.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 45.1.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
Lets configure VLAN 123. We know that the following must be configured:
The F0/0 interface of BB3 must be configured in VLAN 123
The F0/13 interface of SW1 must be configured in VLAN 123, this is the interface that BB3s F0/0 interface is connected to
BB1s F0/0 must be configured as a trunk, since it is a member of multiple VLANs, VLAN 123, and VLAN 16.
The interface of the switch to which BB1 is connected to must also be configured as a trunk.
Another sub-interface must be configured on BB2.
On SW1
SW1(config)#Int F0/13
SW1(config-if)#Swi mode acc
SW1(config-if)#Swi acc vlan 123
SW1(config-if)#No shut
On BB3
BB3(config)#Int F0/0
BB3(config-if)#Ip addr 123.1.1.33 255.255.255.0
BB3(config-if)#No shut
On BB1
BB1(config)#Int F0/0
BB1(config-if)#No shut
BB1(config-if)#Int F0/0.123
BB1(config-subif)#Encap dot1q 123
BB1(config-subif)#Ip addr 123.1.1.11 255.255.255.0
On SW1
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 33 of 124
2013 Narbik Kocharians. All rights reserved
SW1(config)#Int F0/11
SW1(config-if)#Swi tru encap dot1q
SW1(config-if)#Swi mode trunk
SW1(config-if)#No shu
On BB2
BB2(config)#Int F0/0.123
BB2(config-subif)#Encap dot1q 123
BB2(config-subif)#Ip addr 123.1.1.22 255.255.255.0
To verify the configuration:
On BB2
BB2#Ping 123.1.1.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.11, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
BB2#Ping 123.1.1.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.33, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
The second to last VLAN is VLAN 16. To configure this VLAN we must configure the following:
The F0/0 interface of R6 should be configured as a trunk, because it is connected to two different VLANs, VLAN 16 and VLAN 56.
The F0/6 interface of SW1 must be configured as a trunk; this is the interface to which R6s F0/0 interface is connected to.
VLAN 16 must be configured on this switch.
Another sub-interface must be configured on BB1 for this VLAN.
On R6
R6(config)#Int F0/0
R6(config-if)#No shut
R6(config)#Int F0/0.16
R6(config-subif)#Encap dot1q 16
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 34 of 124
2013 Narbik Kocharians. All rights reserved
R6(config-subif)#Ip addr 16.1.1.6 255.255.255.0
On SW1
SW1(config)#Int F0/6
SW1(config-if)#Swi trunk encap dot1q
SW1(config-if)#Swi mode trunk
SW1(config-if)#No shut
SW1(config)#VLAN 16
SW1(config-vlan)#Exit
On BB1
BB1(config)#Int F0/0.16
BB1(config-subif)#Encap dot1q 16
BB1(config-subif)#Ip addr 16.1.1.11 255.255.255.0
To verify the configuration:
On BB1
BB1#Ping 16.1.1.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 16.1.1.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
NOWthe last VLAN in this topology, VLAN 56.
In this case we can see that R5 is using its F0/1 and R6 is using its F0/0 interface, this means that they are connected to two different switches. This means that a trunk must be configured to
connect these two switches and the trunk must allow the VLAN to traverse through this trunk
link.
A sub-interface must be configured on R5 for this VLAN
A sub-interface must be configured on R6 for this VLAN
VLAN 56 must be configured on BOTH SWITCHES, or VTP messages must be configured to propagate the VLAN.
On SW1
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 35 of 124
2013 Narbik Kocharians. All rights reserved
SW1(config)#Vlan 56
SW1(config-vlan)#exit
On SW2
SW2(config)#Vlan 56
SW2(config-vlan)#exit
To configure a trunk link between the switches:
On SW1 and SW2
SWx(config)#Int F0/18
SWx(config-if)#Swi tru enc dot
SWx(config-if)#Swi mode trunk
SWx(config-if)#No shu
On R5
R5(config)#Int F0/1.56
R5(config-subif)#Encap dot 56
R5(config-subif)#Ip addr 56.1.1.5 255.255.255.0
On R6
R6(config)#Int F0/0.56
R6(config-subif)#Encap dot 56
R6(config-subif)#Ip addr 56.1.1.6 255.255.255.0
To verify and test the configuration
On SW1
SW1#Show inter F0/18 trunk
Port Mode Encapsulation Status Native vlan
Fa0/18 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/18 1-4094
Port Vlans allowed and active in management domain
Fa0/18 1,12-13,16,22,24,56,123
Port Vlans in spanning tree forwarding state and not pruned
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 36 of 124
2013 Narbik Kocharians. All rights reserved
Fa0/18 1,12-13,16,22,24,56,123
On SW2
SW2#Show interface f0/18 trunk
Port Mode Encapsulation Status Native vlan
Fa0/18 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/18 1-4094
Port Vlans allowed and active in management domain
Fa0/18 1,34,45,56
Port Vlans in spanning tree forwarding state and not pruned
Fa0/18 1,34,45,56
On R5
R5#Ping 56.1.1.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 56.1.1.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
Task 3
Erase the startup configuration and reload the routers and switches before proceeding to the
next lab.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 37 of 124
2013 Narbik Kocharians. All rights reserved
SW1 SW2
F0/19
F0/20
Task 1
Shutdown all ports on the four switches.
On All Switches:
Switch(config)#Int range f0/1-24
Switch(config-if-range)#Shut
To verify the configuration:
On All Switches:
Switch#Show interface status | Exc disabled|notconnect
Port Name Status Vlan Duplex Speed Type
LAB 2- Spanning-tree Protocol 802.1D
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 38 of 124
2013 Narbik Kocharians. All rights reserved
Task 2
Configure Dot1q trunking on the F0/19 and F0/20 interfaces of SW1 and SW2.
On SW1 and SW2
SW2(config)#Int range f0/19-20
SW2(config-if-range)#Switchport trunk encapsulation dot1q
SW2(config-if-range)#Switchport mode trunk
SW2(config-if-range)#No shut
To verify the configuration:
On SW1
SW1#Show inter trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 on 802.1q trunking 1
Fa0/20 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 1-4094
Fa0/20 1-4094
Port Vlans allowed and active in management domain
Fa0/19 1
Fa0/20 1
Port Vlans in spanning tree forwarding state and not pruned
Fa0/19 none
Fa0/20 none
Task 3
Which switch is the root bridge and why?
Before we start with the show commands, lets review the STP protocol:
When the switches come up, they will both think of themselves as the root bridge, and they will send
BPDUs out every port advertising them as the root bridge. What does a BPDU look like?
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 39 of 124
2013 Narbik Kocharians. All rights reserved
2 Bytes 1 Byte 1 Byte 1 Byte 8 Bytes 4 Bytes 8 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes
Protocol-ID Version Msg Type Flags Root ID Root-Path-Cost Bridge-ID Port-ID Msg Age Max Age Hello Time Forward-delay
Lets explain the fields:
Protocol-ID Indicates the type of the protocol, its set to zero
Version Identifies the version of the protocol, its set to zero
Message Type Indicates the type of message, its set to zero
Flags This field includes one of the following: TC-bit, which signals a topology change
TCA-bit, which is set to ACK the receipt of a configuration Message with the TC-bit set
Root ID The BID of the root bridge
Root Path Cost Cumulative cost of the sending bridge to the root bridge
Bridge ID Indicates the Priority and the BID of the sending bridge
Port ID Indicates the port number through which the BPDU was sent
Message Age The elapsed time since the root bridge sent the configuration message
Max-Age Indicates when the current configuration message should be deleted
Hello Time The time between the root bridge configuration messages
Forward-delay indicates the legth of time that the bridge should wait before transitioning to a new state after a topology change
So initially, every switch will set the Root-ID and the Bridge-ID to the local BIDs value.
Lets see the BID of each switch:
On SW1
SW1#Show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0012.7f40.9380
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0012.7f40.9380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 40 of 124
2013 Narbik Kocharians. All rights reserved
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/20 Desg FWD 19 128.22 P2p
We can see that the BID which is a concatenation of Priority value and the MAC address in the Bridge-
ID and the Root ID section of the above show command are identical, which means that this bridge
MUST be the root bridge, and the area that is highlighted in green clearly states that the This bridge is the root.
The receiving bridge compares the Root-id to its own Root-id, and the lower value wins and if the
received Root-id is better (Lower) than the local Root-id, then, the local Root-id is replaced with the
Root-id in the received BPDUs.
Since the MAC address is different on every switch, the priority is looked at first, and as a tie breaker
the switch with a lowest MAC address becomes the Root bridge.
Lets look at SW2:
On SW2
SW2#Show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0012.7f40.9380
Cost 19
Port 21 (FastEthernet0/19)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001d.e5d6.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------
Fa0/19 Root FWD 19 128.21 P2p
Fa0/20 Altn BLK 19 128.22 P2p
Another way of knowing which switch is the Root bridge is to use the following command:
On SW2
SW2#Show spanning-tree root
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 41 of 124
2013 Narbik Kocharians. All rights reserved
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ---------
VLAN0001 32769 0012.7f40.9380 19 2 20 15 Fa0/19
NOTE: The last field (Root Port) indicates that the root bridge is found through F0/19 interface. Lets use CDP to find out the device that is connected to F0/19 interface:
SW2#Show cdp neighbor F0/19 | B Device ID
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW1 Fas 0/19 173 S I WS-C3560-2Fas 0/19
Lets check SW1:
SW1#Show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ----------
VLAN0001 32769 0012.7f40.9380 0 2 20 15
NOTE: The Root Port column is empty, which indicates that this switch is the Root bridge.
Task 4
Which port is the Root-Port?
Every None Root Bridge must select a Root Port. The Root Port is the closest port to the Root Bridge.
The Root port calculation is based on the Root-Path-Cost, which is the cumulative cost of all links to
the Root Bridge.
In this topology, SW2 is the None Root Bridge, so lets find out the Root Port:
On SW2
SW2#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Root FWD 19 128.21 P2p
Fa0/20 Altn BLK 19 128.22 P2p
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 42 of 124
2013 Narbik Kocharians. All rights reserved
We can clearly see that the F0/19 of SW2 is the root port, but what if there is a tie?
Lets go through the golden rules that STP uses to break ties:
A lower Root BID
A lower Path cost to the Root Bridge
A lower Sending BID
A lower Sending Port-ID, which is the combination of Priority.Port-id
Since the Root Bridge is already known, lets go with the second rule and check the Path cost to the Root Bridge:
On SW2
SW2#Sh spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ----------
VLAN0001 32769 0012.7f40.9380 19 2 20 15 Fa0/19
Lets shutdown the F0/19 interface and check the cost through F0/20 interface: SW2(config)#Int F0/19
SW2(config-if)#Shut
SW2#Show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ----------
VLAN0001 32769 0012.7f40.9380 19 2 20 15 Fa0/20
Lets enable the F0/19 interface of SW2:
On SW2 SW2(config)#Int F0/19
SW2(config-if)#No shut
In this case both F0/19 and F0/20 have the same cost.
So since the cost to the Root Bridge is the same through both paths, lets check the next rule, which is the Lower Sending BID, in this case it will be the same, since both interfaces are connected to the same Switch (SW1); therefore, lets look at the last rule, The lowest sending Port-ID, to find out the
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 43 of 124
2013 Narbik Kocharians. All rights reserved
lowest sending port-id, we can use the Show spanning-tree command:
On SW2
SW2#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Root FWD 19 128.21 P2p
Fa0/20 Altn BLK 19 128.22 P2p
We can see why the F0/19 interface is the Root port and the F0/20 interface is in BLK state, the Prio.Nbr column reveals the priority.Port-ID of the neighboring switch. You can see that the F0/19 interface and the F0/20 interface receive the same port-priority value from SW1, but the port-id is
lower through the local F0/19 interface versus the F0/20 interface of SW2.
Task 5
Which port is the Designated-Port for the two segments?
There should be one designated port per segment, there are two segments connecting the two switches,
since SW1 is the Root Bridge, and all the ports on the Root bridge will always be in designated state,
ports F0/19 and F0/20 of SW1 is elected as the designated ports on the two segments; the designated
ports are elected based on the lowest path cost.
lets verify:
On SW1
SW1#Show spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ----------
VLAN0001 32769 0012.7f40.9380 0 2 20 15
NOTE: No matter which port is used on the root bridge (SW1), the cost is zero, and that is why all
interfaces on the Root bridge will always be in designated state because they will always be the closest
interface to the root bridge.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 44 of 124
2013 Narbik Kocharians. All rights reserved
Task 6
Which port is in the BLK state?
Once all the designated ports and the Root ports are determined, the rest of the port/s (Left over ports)
will be in blocked state, lets verify:
On SW1
SW1#Show spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
Number of blocked ports (segments) in the system : 0
Of course, there should NOT be any ports in blocking state on the root bridge. Lets verify the blocked port on SW2:
On SW2
SW2#Show spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0001 Fa0/20
Number of blocked ports (segments) in the system : 1
Lets verify that information:
On SW2
SW2#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Root FWD 19 128.21 P2p
Fa0/20 Altn BLK 19 128.22 P2p
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 45 of 124
2013 Narbik Kocharians. All rights reserved
Task 7
Configure SW2 such that its F0/20 interface transitions into FWD state and the F0/19 interface transitions into BLK state.
The BLK port is the port with the highest path cost, therefore, if the cost of the F0/20 interface is changed to be lower than the F0/19 interface, then the F0/20 interface will transition into FWD state and the F0/19 interafce will transition into BLK state. Lets test this:
On SW2
SW2(config)#Int F0/20
SW2(config-if)#Spanning-tree cost 10
To verify the configuration:
On SW2
SW2#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Altn BLK 19 128.21 P2p
Fa0/20 Root LIS 10 128.22 P2p
SW2#Show spannin | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Altn BLK 19 128.21 P2p
Fa0/20 Root LRN 19 128.22 P2p
SW2#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Altn BLK 19 128.21 P2p
Fa0/20 Root FWD 10 128.22 P2p
We can see that the F0/20 goes through Listenening and learning state and transitions into FWD state, and the F0/19 transitions into BLK state.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 46 of 124
2013 Narbik Kocharians. All rights reserved
Task 8
Remove the configuration commands from the previous task, and configure SW1 such that
the F0/20 interface of SW2 transitions into FWD state and the F0/19 interface of SW2 transitions into BLK state.
On SW2
SW2(config)#int f0/20
SW2(config-if)#No Spanning-tree cost 10
To verify the configuration:
On SW2
SW2#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Root FWD 19 128.21 P2p
Fa0/20 Altn BLK 19 128.22 P2p
To configure SW1
SW1(config)#Int F0/20
SW1(config-if)#Spanning-tree port-priority 0
To verify the configuration:
On SW1
SW1#Show spanning-tree | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/20 Desg FWD 19 0.22 P2p
On SW2
SW2#Show spanning-tree | B Interface
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 47 of 124
2013 Narbik Kocharians. All rights reserved
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Altn BLK 19 128.21 P2p
Fa0/20 Root FWD 19 128.22 P2p
As you can see, when it comes to port-pirority, it affects the neighboring switch.
Task 9
Configure SW2 to be the root bridge. You should use a macro to accomplish this task.
To accomplish this task using a MACRO, we can use, the root Primary, lets test this MACRO:
On SW2
SW2(config)#Spanning-tree vlan 1 root primary
To verify the configuration:
On SW2
SW2#Show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 001d.e5d6.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 001d.e5d6.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ------
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/20 Desg FWD 19 128.22 P2p
NOTE: The default priority is 32768, and with every VLAN, the default value is incremented by the
VLAN ID, in this case the ONLY VLAN in the Database is VLAN 1, therefore, 32768 + 1 = 32769.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 48 of 124
2013 Narbik Kocharians. All rights reserved
Using the Spanning-tree root primary Macro, the total priority is reduced by 8192, so:
32769 8192 = 24577, and we know that the switch with the lowest priority will become the root bridge.
Task 10
Remove the command from the previous task, and configure SW2 to be the root bridge. You
should NOT use a macro to accomplish this task.
On SW2
SW2(config)#No spanning-tree vlan 1 root pri
To verify the configuration:
On SW1
SW1#Show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0012.7f40.9380
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0012.7f40.9380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/20 Desg FWD 19 0.22 P2p
On SW2
SW2(config)#Spanning-tree vlan 1 priority 0
To verify the configuration:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 49 of 124
2013 Narbik Kocharians. All rights reserved
On SW2
SW2#Show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1
Address 001d.e5d6.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address 001d.e5d6.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/20 Desg FWD 19 128.22 P2p
Task 11
Remove the command from the previous task, and configure two VLANs 100 and 200. SW1
should be configured such that on SW2 the traffic for VLAN 100 takes the F0/19 interface,
whereas, the traffic for VLAN 200 takes the F0/20 interface.
On SW2
SW2(config)#No Spanning-tree vlan 1 priority 0
On SW1
SW1(config)#int f0/20
SW1(config-if)#No spanning-tree port-priority 0
SW1(config)#vtp domain tst
Changing VTP domain name from NULL to tst
SW1(config)#VLAN 100,200
SW1(config-vlan)#exit
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 50 of 124
2013 Narbik Kocharians. All rights reserved
To verify the configuration:
On SW2
SW2#Show vlan brie | Exc unsup
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
100 VLAN0100 active
200 VLAN0200 active
We can see that the configured VLANs (100 and 200) are propagated to SW2 via VTP messages. Lets configure the load sharing part of this task:
SW1(config)#Int F0/19
SW1(config-if)# Spanning-tree vlan 100 port-priority 16
SW1(config-if)#int f0/20
SW1(config-if)#Spanning-tree vlan 200 port-priority 16
To verify the configuration:
On SW2
The output of the following show commands reveal that on SW2 the traffic for VLAN 100 uses the
F0/19 interface, whereas, the traffic for VLAN 200 uses the F0/20 interface.
SW2#Show spanning-tree vlan 100 | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Root FWD 19 128.21 P2p
Fa0/20 Altn BLK 19 128.22 P2p
SW2#Show spanning-tree vlan 200 | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Altn BLK 19 128.21 P2p
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 51 of 124
2013 Narbik Kocharians. All rights reserved
Fa0/20 Root FWD 19 128.22 P2p
Lets verify these values on SW1
On SW1
SW1#Show spanning-tree vlan 100 | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Desg FWD 19 16.21 P2p
Fa0/20 Desg FWD 19 128.22 P2p
SW1#Show spanning-tree vlan 200 | B Interface
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----
Fa0/19 Desg FWD 19 128.21 P2p
Fa0/20 Desg FWD 19 16.22 P2p
Task 12
Erase the startup configuration and vlan.dat and reload the switches before proceeding to the
next lab.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 52 of 124
2013 Narbik Kocharians. All rights reserved
R1R1
R4
R3
R2
S0/0
S0/0
S0/0
S0/0
104
103
102
401
301
201
10.1.1.1 /24
10.1.1.4 /24
10.1.1.3 /24
10.1.1.2 /24
IP addressing and DLCI information Chart:
Routers IP address Local DLCI Connecting to:
R1s S0/0
10.1.1.1 /24 102
103
104
R2
R3
R4
R2s S0/0 10.1.1.2 /24 201 R1
R3s S0/0 10.1.1.3 /24 301 R1
R4s S0/0 10.1.1.4 /24 401 R1
Lab 1 Multipoint Hub-n-Spoke using
Frame-relay map statements
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 53 of 124
2013 Narbik Kocharians. All rights reserved
Task 1
Configure a frame-relay Hub and spoke using frame-relay map statements. Use the IP
addressing in the above chart.
Disable inverse-arp such that the routers do not generate inverse-arp request packets, and
ensure that only the assigned DLCIs in the above diagram are used and mapped, these
mappings should be as follows:
On R1: DLCIs 102, 103 and 104 should be mapped to R2, R3 and R4 respectively.
On R2, R3 and R4: DLCIs 201, 301 and 401 should be used on R2, R3 and R4 respectively for their mappings to R1 (The hub).
In the future Eigrp routing protocol will be configured on these routers, ensure that the
routers can handle the Multicast traffic generated by the Eigrp routing protocol. DO NOT
configure any sub-interface(s) to accomplish this task.
On R1 R1(config)#Int S0/0
R1(config-if)#IP address 10.1.1.1 255.255.255.0
R1(config-if)#Encapsulation frame
R1(config-if)#Frame-relay map ip 10.1.1.2 102 broadcast
R1(config-if)#Frame-relay map ip 10.1.1.3 103 broadcast
R1(config-if)#Frame-relay map ip 10.1.1.4 104 broadcast
R1(config-if)#NO frame-relay inverse-arp
R1(config-if)#NO shut
To verify the configuration:
On R1
R1#Show frame-relay map
Serial0/0 (up): ip 10.1.1.2 dlci 102(0x66,0x1860), static,
broadcast,
CISCO, status defined, inactive
Serial0/0 (up): ip 10.1.1.3 dlci 103(0x67,0x1870), static,
broadcast,
CISCO, status defined, inactive
Serial0/0 (up): ip 10.1.1.4 dlci 104(0x68,0x1880), static,
broadcast,
CISCO, status defined, inactive
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 54 of 124
2013 Narbik Kocharians. All rights reserved
You may see DLCIs 105 and 106 mapped to 0.0.0.0 IP address, these dynamic mappings may not affect
Unicast traffic, but they will affect Multicast and/or Broadcast traffic, therefore, they should be
removed from the mapping table. The Clear frame-relay inarp command will NOT have any effect on these entries, whereas, saving the configuration and then reloading the routers will definitely clear
the 0.0.0.0 mappings. Another way to clear the 0.0.0.0 mapping is to remove the encapsulation and reconfigure the encapsulation back again, but once the encapsulation is removed, the frame-relay
commands configured under the interface are also removed.
The output of the above show command shows that the DLCIs are all in inactive status, this means that the problem is on the other side of the VC, in this case, the other end of these VCs are not
configured yet, and once they are configured, the status should transition to active state.
Lets configure the spoke routers:
On R2
R2(config)#Int S0/0
R2(config-if)#Ip address 10.1.1.2 255.255.255.0
R2(config-if)#Encapsulation frame
R2(config-if)#Frame-relay map ip 10.1.1.1 201 broadcast
R2(config-if)#NO frame-relay inverse-arp
R2(config-if)#NO shut
To verify the configuration:
On R2
Lets start with layer one and see if we have a serial cable connected to the Frame-relay switch, if so, which end of the cable is connected to our router, DTE or DCE?
The output of the following show command shows that the DTE end of the cable is connected to our
local router, and the Clocks detected tells us that we are receiving clocking from a DCE device. This should always be the first step in troubleshooting frame-relay. If the output of the following command
showed that we have the DCE end of the cable connected to our router, then, the local router has to
provide clocking, which means that the Clock rate command MUST be configured on the physical interface or else the VC will NOT transition into UP/UP state.
R2#Show controller S0/0 | Inc clocks
DTE V.35 TX and RX clocks detected.
In the next step, we should see if the local router is exchanging LMIs with the frame-relay switch.
NOTE: Keepalive LMIs are exchanged every 10 seconds, which means that if the frame-relay switch is
configured correctly and the LMI types are also configured correctly (They match on the router and
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 55 of 124
2013 Narbik Kocharians. All rights reserved
the switch), then, you should see the number of status Enquires sent and received increment every 10
seconds.
R2#Show frame-relay lmi | Inc Num
Num Status Enq. Sent 68 Num Status msgs Rcvd 69
Num Update Status Rcvd 0 Num Status Timeouts 0
R2#Show frame-relay lmi | Inc Num
Num Status Enq. Sent 69 Num Status msgs Rcvd 70
Num Update Status Rcvd 0 Num Status Timeouts 0
Next the frame-relay maps are checked:
R2#Show frame-relay map 201
Serial0/0 (up): ip 10.1.1.1 dlci 201(0xC9,0x3090), static,
broadcast,
CISCO, status defined, active
NOTE: The output of the above show command reveals that the remote IP address of 10.1.1.1 is
mapped to the local DLCI of 201. Make sure you see the correct IP address.
In the paranthesis, DLCI 201 is presented in Hexadecimal and Q922 format. If the Hexadecimal value
of 0xC9 is converted to decimal, the result is 201, which is the local DLCI number.
The second Hexadecimal value of 0x3090, indicates how the DLCI is split into two sections within the Frame-relay header; a DLCI is a 10 bit digit and the first 6 bits (The most significant 6 bits) are in the
first byte and the last 4 bits of the DLCI, is found in the beginning of the second byte of the Frame-
relay frame, as follows:
Frame Relay header structure
Notice how the 10 bits are divided? 6 bits are in the first BYTE and the remaining 4 bits are in the
second Byte.
If the hex value of 0x3090 is converted to decimal, you will once again see a DLCI value of 201. As follows:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 56 of 124
2013 Narbik Kocharians. All rights reserved
Convert 0x3090 to Binary:
3 0 9 0
0011 0 0 0 0 1001 0000
Take the most significant 6 bits, in this case: 001100
Take the most significant 4 bits of the second byte, in this case: 1001
Note the most significant 6 bits of the first byte and the most significant 4 bits of the second byte are
concatenated into a 10 bit value, as follows:
0011001001
If the above binary number is converted to decimal (1 + 8 + 64 + 128), you should get 201.
In the final step, an end to end reachability is tested:
R2#Ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms
Lets configure R3:
On R3 R3(config)#Int S0/0
R3(config-if)#Ip address 10.1.1.3 255.255.255.0
R3(config-if)#Encapsulation frame
R3(config-if)#Frame-relay map ip 10.1.1.1 301 broadcast
R3(config-if)#NO frame-relay inverse-arp
R3(config-if)#NO shut
To verify the configuration:
On R3 R3#Ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 57 of 124
2013 Narbik Kocharians. All rights reserved
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms
R3#Show frame map
Serial0/0 (up): ip 10.1.1.1 dlci 301(0x12D,0x48D0), static,
broadcast,
CISCO, status defined, active
Lets configure R4:
On R4 R4(config)#Int S0/0
R4(config)#Ip address 10.1.1.4 255.255.255.0
R4(config)#Encapsulation frame
R4(config)#Frame-relay map ip 10.1.1.1 401 broadcast
R4(config)#NO frame-relay inverse-arp
R4(config)#NO shut
To verify the configuration:
On R4
R4#Ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms
R4#Show frame-relay map
Serial0/0 (up): ip 10.1.1.1 dlci 401(0x191,0x6410), static,
broadcast,
CISCO, status defined, active
Task 2
Ensure that every router can ping every IP address connected to the cloud. When configuring
this task, ensure that the hub router does NOT receive redundant routing traffic.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 58 of 124
2013 Narbik Kocharians. All rights reserved
NOTE: Every IP address connected to the cloud also includes the local routers IP address. Lets test the existing situation:
Remember routers IP address is also connected to the cloud
On R1
R1#Ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The ping is NOT successful. Lets enable the Debug Frame-relay packet and try the ping again: R1#Debug Frame-relay packet
Frame Relay packet debugging is on
R1#Ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
You should see the following debug output:
Serial0/0:Encaps failed--no map entry link 7(IP).
Serial0/0:Encaps failed--no map entry link 7(IP).
Serial0/0:Encaps failed--no map entry link 7(IP).
Serial0/0:Encaps failed--no map entry link 7(IP).
Serial0/0:Encaps failed--no map entry link 7(IP).
Success rate is 0 percent (0/5)
Lets disable the debug:
On R1 R1#u all
The output of the above debug states that there is NO mapping and encapsulation failed because of
that; Frame-relay can be configured in two different ways: Multipoint and Point-to-point.
There is ONLY one way to configure frame-relay in a point-to-point manner, and thats through a point-to-point sub-interface configuration, whereas, a multipoint can be configurd in two ways:
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 59 of 124
2013 Narbik Kocharians. All rights reserved
Perform the entire configuration directly under the main interface.
Configure a sub-interface in a multipoint manner.
Since the entire configuration was performed without the use of sub-interfaces, this is a multipoint
interface. In a multipoint frame-relay configuration two conditions must be met before an IP address
is reachable:
A. The destination IP address must be in the routing table with a valid next hop. B. There must be a frame-relay mapping for that destination.
In this case the destination IP address is in the routing table, but the frame-relay mapping is missing.
When configuring the frame-relay mapping, you can use any active DLCI on the local router:
On R1 R1(config)#Interface S0/0
R1(config-if)#Frame-relay map ip 10.1.1.1 102
NOTE: Since the local router will NOT be sending Multicast or Broadcast traffic to itself, there is no
need to add the Broadcast keyword for this mapping configuration.
To verify the configuration:
On R1 R1#Ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/101/108 ms
Lets test R2s reachability, we already know that it needs a frame-relay map or else it will not be able to ping its own IP address, lets configure one and test:
On R2
R2(config)#Int S0/0
R2(config-if)#Frame-relay map ip 10.1.1.2 201
To test the configuration:
On R2
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 60 of 124
2013 Narbik Kocharians. All rights reserved
R2#Ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/100/108 ms
Lets see if R2 can ping the other spokes:
On R2 R2#Ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2#Ping 10.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Do we have frame-relay mappings for these destinations? Lets check:
On R2 R2#Show frame-relay map
Serial0/0 (up): ip 10.1.1.2 dlci 201(0xC9,0x3090), static,
CISCO, status defined, active
Serial0/0 (up): ip 10.1.1.1 dlci 201(0xC9,0x3090), static,
broadcast,
CISCO, status defined, active
NOTE: There are two frame-relay mappings, one for 10.1.1.2 and the second one is for 10.1.1.1 IP
addresses. Lets add two more frame-relay mappings, one for 10.1.1.3 and the second one for 10.1.1.4:
On R2 R2(config)#Int S0/0
R2(config-if)#Frame-relay map ip 10.1.1.3 201
R2(config-if)#Frame-relay map ip 10.1.1.4 201
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 61 of 124
2013 Narbik Kocharians. All rights reserved
There are two points that you need to remember:
a. The destination IP address must be in the routing table with a valid next hop. b. There must be a frame-relay mapping for that destination.
To test the configuration:
On R2
R2#Ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Lets turn on the Debug Frame-relay packet and ping again and see the result:
On R2 R2#Deb frame pack
Frame Relay packet debugging is on
R2#Ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 104.
Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 104.
Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 104.
Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 104.
Serial0/0(o): dlci 201(0x3091), pkt type 0x800(IP), datagramsize 104.
Success rate is 0 percent (0/5)
It seems like the local router (R2) is sending the packets out, lets enable the same debugging on R3 and see the result:
On R2 R2#Ping 10.1.1.3
Type escape sequence to abort.
R&S Foundation by Narbik Kocharians CCIE R&S Foundation 5.0 Page 62 of 124
2013 Narbik Kocharians. All rights reserved
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
On R3 Serial0/0(i): dlci 301(0x48D1), pkt type 0x800, datagramsize 104
Serial0/0:Encaps failed--no map entry link 7(IP)
It looks like R3 is missing frame-relay map back to R2. Lets configure a frame-relay map on R3 for R2 and test again:
On R3
R3(config)#Int S0/0
R3(config-if)#Frame-relay map ip 10.1.1.2 301
To verify the configuration:
On R2 R2#Ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/100/100 ms
Perfect..Lets do the same on R4.
On R4 R4(config)#Int S0/0
R4(con