Tuesday, December 3, 2013

Cisco Q-in-Q Configuration Example


  

Cisco Q-in-Q Configuration Example:

Cisco switches(not all of them) supports IEEE 802.1Q tunneling(Q-in-Q) and Layer 2 protocol tunneling features to carry customer’s multiple vlans across the service provider’s L2 backbone.

In this example, we will do Q-in-Q configuration.

Here is the topology for this example:

 



 

Q-in-Q configuration on PE Switch-1:

interface GigabitEthernet0/2

 port-type nni

 switchport access vlan 100

 switchport mode dot1q-tunnel

Q-in-Q configuration on PE Switch-2:

interface GigabitEthernet0/2

 port-type nni

 switchport access vlan 100

 switchport mode dot1q-tunnel

Uplink Port Configuration of CE Switch-1

interface FastEthernet3

 switchport mode trunk

interface Vlan10

 ip address 10.10.10.1 255.255.255.0

interface Vlan20

 ip address 20.20.20.1 255.255.255.0

Uplink Port Configuration of CE Switch-2

interface FastEthernet3

 switchport mode trunk

interface Vlan10

 ip address 10.10.10.2 255.255.255.0

interface Vlan20

 ip address 20.20.20.2 255.255.255.0

 

Lets test the L2TP(Layer2 Tunneling Protocol) configuration:

CE –Switch-1#ping 10.10.10.2               

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

We see that connection works.

Lets increase the size of the packet:

CE –Switch-1#ping 10.10.10.2 size 1496 df-bit

Type escape sequence to abort.

Sending 5, 1496-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:

Packet sent with the DF bit set

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

It’s ok again..

Lets increase the size 1-byte more..

CE –Switch-1#ping 10.10.10.2 size 1497 df-bit

Type escape sequence to abort.

Sending 5, 1497-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:

Packet sent with the DF bit set

.....

Success rate is 0 percent (0/5)

It doesn’t work.Because  PE switch adds a new 802.1q header.The size of this heades is 4-byte.So, the MTU must be increased at all switches of the Service Provider.New value must be 1504 or more. 
at 5:37 PM 0 comments

Wednesday, November 13, 2013

Bgp route filtering with Route-map


Bgp route filtering with Route-map

In this example we are only announcing default route and filtering specific routes.

Here is the configuration:

router bgp 65500
 no synchronization
 bgp log-neighbor-changes
 network 0.0.0.0
 network 192.168.1.0 mask 255.255.255.0
 neighbor 10.10.10.2 remote-as 65500
 neighbor 10.10.10.2 route-map spoke-out out

ip prefix-list defaultroute seq 5 permit 0.0.0.0/0

route-map spoke-out permit 10
 match ip address prefix-list defaultroute
 set metric 0
 set ip next-hop 10.10.10.1

We see that, we have 192.168.1.0/24 network in our bgp table.

R1#show ip bgp
BGP table version is 4, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.10.10.254               0         32768 i
*> 192.168.1.0      0.0.0.0                    0         32768 i

But we are not advertising it to the remote neighbor:

R1#show ip bgp neighbors 10.10.10.2 advertised-routes 
BGP table version is 4, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.10.10.254               0         32768 i
Total number of prefixes 1

Lets also check the remote router:

R4#show ip bgp neighbors 10.10.10.1 routes
BGP table version is 3, local router ID is 10.10.10.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*>i0.0.0.0          10.10.10.1             0    100      0 i
Total number of prefixes 1
at 5:23 PM 0 comments

Wednesday, October 9, 2013

Cisco Remote Switched Port Analyzer(RSPAN)


Cisco Remote Switched Port Analyzer(RSPAN) 

The captured traffic from the sources is copied into the RSPAN vlan.Then it is forwarded over trunk ports that are allowed to carry the RSPAN vlan.The switch which attached to the network analyzer device, got the RSPAN traffic and delivers it to the network analyzer.

Configuration example on source switches:

monitor session 1 source vlan 100 - 120

monitor session 1 destination remote vlan 200

Configuration example on destionation switch:

monitor session 1 source remote vlan 200

monitor session 1 destination interface Gigabitethernet0/5
at 8:24 AM 0 comments

Saturday, October 5, 2013

Cisco Switched Port Analyzer (SPAN)


The Switched Port Analyzer (SPAN) , which is also called port mirroring, sends the network traffic to a network analyzer(sniffer).
In this example there is a sniffer on port Gigabitethernet5/1.We want to capture all network on port GigabitEthernet5/2 and send the copy of this traffic to port GigabitEthernet5/1:
 
monitor session 1 source interface GigabitEthernet5/2
monitor session 1 destination interface GigabitEthernet5/1

In this example there is a sniffer on port Gigabitethernet3/1.We want to capture all network on vlan 100 and send the copy of this traffic to port GigabitEthernet3/1:

monitor session 1 source vlan 100
monitor session 1 destination interface GigabitEthernet3/1
at 11:10 AM 0 comments
Subscribe to: Posts (Atom)