LAB Routing and Switching-T Dinh

1Introduction to Routing and SwitchingSimulate with GNS3

Nguyn Quc nh

Faculty of IT, Ho Chi Minh City University of Industry

Sept 2012

2Schedule for 10 Weeks

Part 1: Starting with GNS3

Part 2: Static routing

Part 3: VLAN

Part 4: LAN with STP

Part 5: RIP (v2, ng)

Part 6: OSPF

Part 7: BGP

Part 8: Multicasting

Part 9: Access Control List

Part 10: Review (Oh great)

3Part 1

Starting with GNS3

Nguyn Quc nh

4Why not Packet Tracer?

How different?

Packet Tracer: simulation program

GNS3: emulation program

On PT, you just can't fully operate BGP, STP, multicast

But the upside of PT (so it'd be there)

Lightweight

Easily to configure and see the result

5To get started with GNS3

see

GNS3: Graphical Network Simulator

by Mike Fuszner, v1.0

6Notes: Setup

For this part and also later parts, use IOS 3640

Make sure to have virtual PC (vpc) for your testing (i.e. ping)

GNS3 and its components run faster under Linux than under Windows

Above all, always set IDLE PC to save your computer computation

Try to remember all commands may overload your little brain, use ? for commands supported

7Note: Saving configuration

Configurations in two locations - RAM and NVRAM.

The running configuration is stored in RAM.

Any configuration changes to the router are made to the running-configuration and take effect immediately after the command is entered.

The startup-configuration is saved in NVRAM and is loaded into the router's running-configuration when the router boots up.

To save the running-configuration to the startup configuration, type the following from privileged EXEC mode (i.e. at the "Router#" prompt.)

#copy running-config startup-config

8Tip: Save your working frequently with

#copy running-config startup-config

9 Target:

Read (and do) up to page #40 of Mike's tutorial

You have to setup and configure IP address of PCs in this network

PC1 PC2PC1 PC3

10

Q: Could PC1 ping F0/0 of West? Why

Q: Could PC1 ping S0/1 of West? Why

Q: Could PC1 ping PC2? Why

11

Part 2

Static Routing

Nguyn Quc nh

12

Why static routing?

Static routing vs Dynamic routing

How different?

What scale?

Static routing: toy game for tiny network

13

Commands

config t

interface Fa0/0

ip address [ip-address] [subnet-mask]

show ip route: displace routing table in a router

ip route [destination-network-address] [subnet-mask] [next-hop-IP-address]: configure static route statement

sh ip int brief: displace brief interfaces information

14

Lab 1

Target: Use static routing to connect all PCs in this networkIP addresses of interface and PCs are shown in the picture

15

Hint: configure static routing table in each

(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.2(config)#ip route 192.168.2.0 255.255.255.0 10.0.0.2



West

Central

East

16

Command show ip route on West, East, and Central

Does it reveal something? Try to explain the results

See more results with ping, traceroute(router), and tracert (PC)

17

Check your understanding by configure following network

1 2 3

4 5

6

7 8

18

Grand addresses 172.(15+X).0.0/16 for X-thsubnet.

User static routing

All PCs could communicate through the network

Checking (always checking)

show ip route

ping to the internet

tracert from PC

Requirements for previous scenario

19

Part 4

LAN with STP

Nguyn Quc nh

20

Objective

Learn how to identify which switch is elected as the root bridge.

Learn how to determine the optimum bridge placement.

Learn to optimize Spanning Tree convergence.

Learn to change connection cost.

21

To use switch @GNS3

GNS3 doesn't include layer-2 and layer-3 switches.

we could utilize router as switch instead

by using NM-16ESW module in router. In this way you can configure switching protocols like VLAN, STP, VTP ect.

How?

To make a switch symbol, see following slide

22

To use switch @GNS3

1

23

You got a switch symbol from c3600 (c3640)Use it in the following VLAN labs

23

(1) Network scenario

Put the switch in order as shown in the picture. In which the R4 is put in the last

12

3

4

24

By default, STP is build in VLAN 1. And R1 is the root. Why?

R1#show spanning-tree

VLAN1 is executing the ieee compatible Spanning Tree protocol

Bridge Identifier has priority 32768, address cc00.597e.0000

Configured hello time 2, max age 20, forward delay 15

We are the root of the spanning tree

Topology change flag not set, detected flag not set S

Port 1 (FastEthernet0/0) of VLAN1 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1.

Designated root has priority 32768, address cc01.60ce.0000

Designated bridge has priority 32768, address cc01.60ce.0000

Designated port id is 128.1, designated path cost 0 S

BPDU: sent 24, received 0

Port 2 (FastEthernet0/1) of VLAN1 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.2.

25





We are the root of the spanning tree

Topology change flag not set, detected flag not set

S





Current root has priority 32768, address cc00.597e.0000

Root port is 2 (FastEthernet0/1), cost of root path is 38

S

26

Where's the root

R1 is the root.

By default a Root Bridge is elected, and the one has slowest Bridge ID (determined by the Bridge Priority and the MAC address) is the winner.

Want to make

R4 to be the root bridge

27

Change the root bridge

By default, all bridge has priority of 32768

To change priority of one bridge:

Switch (config)# spanning-tree vlan priority

To make one bridge be root-bridge (priority = 8192)

Switch (config)# spanning-tree vlan root primary

To make one bridge be secondary root-bridge for redundancy (priority = 16384)

Switch (config)# spanning-tree vlan root secondary

28

Let's make some changes

Make R4 become the root:

R4(config)# spanning-tree vlan 1 root primary

Make R3 has one port to be blocked (why we has following setting?)

R3(config)#spanning-tree vlan 1 priority 61440

29

(2) Change the cost of each link

Default path costs

10BaseT: 100

100BaseT: 19

1000Baset: 4

To change the cost in each link

switch (config-if)# spanning-tree vlan cost

What happens when the port of R4 which links to R2 has the cost of 15?

30

(3) Spanning tree convergence

STP uses several timers to recover from topology changes

Modifying STP timers

spanning-tree vlan vlan-list hello-time seconds

spanning-tree vlan vlan-list forward-time seconds

spanning-tree vlan vlan-list max-age seconds

31

Multilayer switching

To be available

Get from http://www.gns3-labs.com/2008/09/22/multilayer-switching-in-a-campus-network/

32

Part 4

VLAN

Nguyn Quc nh

33

Notes on VLAN

VLANs are assigned on the switch port. There is no VLAN assignment done on the host (usually).

Assigning a host to the correct VLAN is a 2-step process:

1.Connect the host to the correct port on the switch.

2.Assign to the host the correct IP address depending on the VLAN memebership

Remember: VLAN = Subnet

Following labs, we use static VLANs

34

Commands Related to VLAN

To add more items to vlan database:

#vlan database

(vlan)#vlan 20 name engineering

To make a host connect to current port belong to vlan 20:

(config-if)#switchport mode access

(config-if)#switchport acess vlan 20

To turn current port to trunking mode:

(config-if)#switchport mode trunk

(config-if)#switchport trunk allowed vlan all

35

Commands Related to VLAN (cont)

And to show vlan summary:

#show vlan?

#show vlan-switch

#show interfaces fa0/1 switchport

#sh vtp status

Following slides explain more in few commands

36

Configure Ranges of VLANs

Switch(config)#interface range

fastethernet 0/8, fastethernet 0/12

Switch(config-if)#switchport access vlan 3

Switch(config-if)#exit

vlan 3

37

Mode Acess

Switch(config)#interface fastethernet 0/1

Switch(config-if)#switchport mode access

Switch(config-if)#exit

Note: The switchport mode access command should be configured on all ports that the network administrator does not want to become a trunk port.

38

Face Mistake, to Remove

Deleting a Port VLAN Membership

Switch(config-if)#no switchport access

vlan vlan_number

Deleting a VLAN

Switch#vlan database

Switch(vlan)#no vlan

Switch(vlan)#exit

39

VLAN Tagging

To turn current port to trunking mode:

(config-if)#switchport mode trunk

(config-if)#switchport trunk allowed vlan

all

Or more selective

No VLAN Tagging

VLAN Tagging

40

Lab 1: Assign VLAN Port

Target: Create this VLAN table @R1:VLAN 1: defaultVLAN 10: engineeringVLAN 20: r-dVLAN 30: accountingVLAN 40: sale

VLAN 10 owns 172.168.10.0/24 subnetVLAN 20 owns 172.168.11.0/24 subnetVLAN 30 owns 172.168.12.0/24 subnetVLAN 40 owns 172.168.13.0/24 subnet

41

Lab 1: Assign VLAN Port (cont)

Assign following:C0 owned by an engineerC1 owned by an engineerC2 owned by a seller

Their IP addresses assigned by your own

Configure the network. Then answer:Can C0 ping C1? Why?Can C0 ping C2? Why?

42

Lab 2: VLAN Trunking

switchport mode trunk

switchport mode access

43

Lab 2: VLAN Trunking (cont)

Assign following:C0 owned by an engineerC1 owned by an engineerC2 owned by a seller

C3 owned by an engineerC4 owned by a seller

Their IP addresses assigned by your own

Check if all engineers/sellers assigned to the same subnet

44

Lab 3 (option): Testing your understanding with VLAN Trunking

For guidance, see attached documentation (part3-lab3.pdf) from TruongTan Inst.

45

Lab 4 (option): Routing between VLANs

For guidance, see attached documentation (part3-lab4.pdf) from TruongTan Inst.

46

Part 5

RIP

Nguyn Quc nh

47

Recall

Distance vector routing

RIP, RIPv2

RIPng

48

First exampleBuild a system with IPs of routers and PCs as shown at the figure

49

Setup RIPv2 as routing algorithm

West(config-if)#router ripWest(config-router)#version 2West(config-router)#network 192.168.0.0West(config-router)#network 10.0.0.0

Central(config-if)#router ripCentral(config-router)#version 2Central(config-router)#network 192.168.1.0Central(config-router)#network 10.0.0.0Central(config-router)#network 10.0.1.0

East(config-if)#router ripEast(config-router)#version 2East(config-router)#network 192.168.2.0East(config-router)#network 10.0.1.0

50

Subnet mask?

Since class in network address is history, do not use RIPv1

RIPv2 work with CIDR; but, you didn't see subnet mask on above commands.

How?

51

Checking, checking

Check RIP with following command

show ip route

show ip route protocols

show ip rip database

tracert

tracerouter

show ip protocol

Try to read the result

52

Extend your simulation

53

Extend your simulation

Add the new link to RIP

Now, you have 2 ways to go from 192.168.0.0/24 to 192.168.2.0/24 network

Check

Show ip route

Show ip protocols

Tracert

Tear down East's e0/1 - switch link

Tear down West's s1/0 Central's s1/0 link

See what happen, try to explain the result

54


1 2 3

4 5

6

7 8

55


Requirements You are allow to utilize 10.0.0.0/8 network

Subnet X are assigned with 10.(15+X).0.0/16 address spaces

Use RIPv2 for this autonomous system

Make sure all PCs could connect to the Internet

Check your network connection

56

How about RIPng?

IPv6 version of RIP

Commands:

#using ipv6 unicasting

(config)#ipv6 unicast-routing

#assign an IPv6 address to current interface

(config-if)#ipv6 address

#enable RIPng under process-name

(config-if)#ipv6 rip enable

57

Example

Beside traditional interface, e.g. fast ethernet, we adopt loopback interface notation.

58

Example of West configuration

West(config)#ipv6 unicast-routing

West(config)#int e0/0West(config-if)#ipv6 address 2001:db8:0:12::1/64West(config-if)#ipv6 rip tree enableWest(config-if)#no shut

West(config)#int loopback 0West(config-if)#ipv6 address 2001:db8:0:10::1/64West(config-if)#ipv6 rip tree enableWest(config-if)#no shutS

Then S try to find your way to configure Central and East.Test your network with show ipv6 route, show ipv6 protocols, tracert, etc.

59

Part 6

OSPF

Nguyn Quc nh

60

Recall

What is OSPF?

Multiple area network

61

Example

62

Area 0

Area 1 Area 2

Example

63

Commands

router ospf process-ID

process-ID is from 1 to 65535

may defer from node to node

network IP-address wildcard-mask

area area-#

wildcard-mask = not (network mask)

area-# is pre-defined number

make sure backbone area named area 0

64

Commands

R1Network 192.168.23.0 0.0.0.255 area 0Network 10.0.1.0 0.0.0.255 area 1

R2network 192.168.23.0 0.0.0.255 area 0Network 172.16.34.0 0.0.0.255 area 2

R3network 10.0.1.0 0.0.0.255 area 1network 10.0.2.0 0.0.0.255 area 1

R4network 172.16.34.0 0.0.0.255 area 2network 172.16.35.0 0.0.0.255 area 2

65

Helpful commands for OSPFshow ip protocol Displays parameters for all protocols running on the router

show ip route Displays a complete IP routing table

show ip ospf Displays basic information about OSPF routing processes

show ip ospf interface Displays OSPF info as it relates to all interfaces

show ip ospf border-routers Displays border and boundary router information

show ip ospf neighbor Displays a detailed list of neighbors

show ip ospf neighbor detail Lists all OSPF neighbors and their states

clear ip route * Clears entire routing table, forcing it to rebuild

clear ip route a.b.c.d Clears specific route to network a.b.c.d

clear ip opsf counters Resets OSPF counters

clear ip ospf Resets entire OSPF process, forcing OSPF to re

debug ip ospf events Displays all OSPF events

debug ip ospf adjacency routers Displays various OSPF states and DR/ BDR election between adjacent

debug ip ospf packets Displays OPSF packets

66

Check your understanding

With following side network

Pay attention:

/28 (not /24 any more)

Recalculate subnet-id

Recalculate wildcard-mask

68

Part 7

BGP

Nguyn Quc nh

69

BGP in overview

transit

multihomed

70

BGP commands in GNS3

Declare your own AS number by

router bgp

Define neighbors with

neighbor remote-as

Define the networks you own by

network mask

71

Lab 1

72

Lab 1

73

Lab 1

Router 0Router0(config)#router bgp 1Router0(config-router)#neighbor 4.4.4.2 remote-as 2Router0(config-router)#network 1.1.1.0 mask 255.255.255.0

Router 1Router1(config)#router bgp 2Router1(config-router)#neighbor 4.4.4.1 remote-as 1Router1(config-router)#neighbor 5.5.5.3 remote-as 3Router1(config-router)#network 2.2.2.0 mask 255.255.255.0

Router 3Router2(config)#router bgp 3Router2(config-router)#neighbor 5.5.5.2 remote-as 2Router2(config-router)#network 3.3.3.0 mask 255.255.255.0

74

Lab 1

Use following debugging command to check your system

show ip protocols

show ip route

show ip bgp

tracert

tracerouter

75

Check your understanding network with BGP Lab 2

76All subnets are /24

77

AS1Run multiareaOSPF

AS2Run RIP

AS3Run RIP

Inter AS: BGP

78

OSPF area 0

OSPF area 1

OSPF area 2

RIPv2

RIPv2

79

Check your understanding network with BGP Lab 3 (*)

(*) This network is taken from http://buildingbgplab.blogspot.com

81

Part 8

Multicasting

Nguyn Quc nh

82

See http://www.gns3-labs.com/2008/11/22/multicasting/

PIM

83

Part 9

Security

Nguyn Quc nh

LAB Routing and Switching-T Dinh

Documents

Transcript of LAB Routing and Switching-T Dinh