Saturday, June 12, 2010

INE Workbook Vol 2 Lab 3

Whats that? You heard me say I was going to work on troubleshooting? Well - troubleshooting with Dynamips doesn't work so well and I just couldn't load all the features on my dynamips switches. So I plan to rent some rack time next week. In the mean time, I am moving on to Lab 3. I skipped lab 2 because it was a difficulty 6 and since I'm getting low on time, I am only going to tackle difficulty 7 and above to start. If I have time - I will circle back to the other labs.

With CRB briding, a protocol can be routed on one interface while bridged on another interface. Traffic in the routing domain cannot be passed to the bridged domain. With IRB, a protocol can be routed and bridged on the same interface. For example, with CRB, IPX can be bridged while IP is routed. CRB is legacy and replaced by IRB with the addition of the BVI. Steps to create a bridge include:


  1. Create a transparent bridge group using 'bridge 1 protocol ieee'. This creates a bridge for non-IP protocols. Add the pertinent interfaces to the bridge with 'bridge-group [num] where num is your bridge group number. These interfaces can now bridge non-IP protocols (aka - fallback bridging). 
  2. To enable IRB, and thus bridge IP protocols, issue the 'bridge irb'. Now you need to select which protocols to route; 'bridge 1 route ip'. Now IP will be routed and bridged. This is not specific to IP and can be accomplished with other protocols..
  3. Now you need to create the bvi with 'interface bvi 1'. Now all traffic that passed through the bridged domain to the routed domain, and vice versa, must pass through the BVI. Now add any logical configuration such as IP address.
That's it! I am finally getting this bridging thing. I was able to accomplish this except I forget to add the IP address and route IP - mostly because the instructions weren't clear that I needed to do this. You can verify with 'show interface irb'. This will show you what protocols are bridged, and which ones are routed. 

Remember that a virtual link IS an Area 0 adjacency so if you are required to authenticate all area 0 adjacencies, you must include authentication on your virtual links!

Boy did I get tripped on the redistribution scenario for a pretty stupid reason - I couldn't figure out how to prefer one route in OSPF over the other...METRIC STUPID! Sheesh. I didn't come up with the solution INE did, but had I altered the metric, my solution would have been the same....This is why I am doing full labs - so I can learn and remember stuff like this!

'timers lsa arrival 2000' will protect against flooding with the same LSA during network instability.

To prevent your BGP AS from being used as a transit AS, use the community NO EXPORT which will prevent advertisement to EBGP neighbors.

Use 'mpls ldp discovery transport-address interface ' to set ldp/tdp to use the specified interface as the TCP connect source instead of what you have set as the router-id (most likely loopback0).

The IGMP static-group command causes the devices to process switch the group specified.

The follow are required in an ACL to permit traceroute to complete.

 1 permit icmp any any time-exceeded
 2 permit icmp any any port-unreachable

In TCP intercept 'watch' mode, incomplete sessions will be terminated with a RST after 30 seconds. You can set the time with ' ip tcp intercept watch-timeout 15'.

If you get a scenario pointing you to a TFTP server on a vlan and NOT a particular host, you need to set the ip helper-address to the broadcast address of that subnet. Also, you need to enable 'ip directed-broadcast' on the VLAN interface.

'frame-relay interface-dlci 555 protocol ip 136.1.5.2' will assign and IP address via BOOTP to the host on dlci 555 when used on a point-to-point interface. With P2M, a frame-relay map will accomplish the same.

When using subinterfaces with rsvp, the 'ip rsvp' commands will need to be applied on the physical interface as well. If there are multiple subinterfaces, the physical rates should be the sum of all subinterfaces. Also - frame-relay requires fair-queue to be enabled. So if you are using FRTS, be aware...

And with that, I've finished lab 3. To be honest, this lab was not kind to me. I've used the blog here to take notes on the things that tripped me up. Other things that I didn't note here are just oversights that will kill me in the real lab. Read twice, and verify twice. That is my motto. My biggest weakness was the BGP section. If I have time, I would like to tackle both INE and Narbik's BGP sections for a little reinforcement. Well, I won't be studying tomorrow and will instead be traveling to Chicago for work. Hopefully I can get a few labs done next week, and touch back on BGP. We will see how that goes...

No comments:

Post a Comment