CCIE Pursuit Blog

January 6, 2008

Internetwork Expert Volume III: Lab 1 – Section 3

3 WAN Technologies

3.1 Hub and Spoke

This was an easy Hub and Spoke configuration.  The only gotcha is that the initial configurations have some of the FR ports configured with an IP address and opened up.  That means that FR Inverse-ARP is in play:

Before configuration:

r5(config)#do sh run int s0/0
interface Serial0/0
 ip address 140.1.245.5 255.255.255.0
 encapsulation frame-relay
end

r5(config)#do sh frame map
Serial0/0 (up): ip140.1.245.2 dlci 502(0x1F6,0x7C60), dynamic,
              broadcast,, status defined, active
Serial0/0 (up): ip 140.1.245.4 dlci 504(0x1F8,0x7C80), dynamic,
              broadcast,, status defined, active 

3.2 Point-To-Point

This was a very basic point-to-point Frame Relay configuration.

3.3 PPP Authentication

PPP is usually a time-waster for me.  I have boned up on the topic a bit and this task was very basic, so I had little trouble except for my own undoing: 

r5:
username r4 password 0 CISCO
!
interface Serial0/1
 description ->r4 PTP DTE PPP
 ip address 140.1.45.5 255.255.255.0
 encapsulation ppp
 ppp authentication chap

Debugging ppp authentication:
*Mar  1 04:14:18.396: Se0/1 PPP: Authorization required
*Mar  1 04:14:18.400: Se0/1 CHAP: O CHALLENGE id 13 len 23 from “r5″
*Mar  1 04:14:18.400: Se0/1 CHAP: I CHALLENGE id 19 len 23 from “r4″
*Mar  1 04:14:18.404: Se0/1 CHAP: Using hostname from unknown source
*Mar  1 04:14:18.404: Se0/1 CHAP: Using password from AAA 
*Mar  1 04:14:18.404: Se0/1 CHAP: O RESPONSE id 19 len 23 from “r5″

The link would not come up.  The fact that it was trying to use an AAA password made me suspect that I had misconfigured the password.  Close, I actually mucked up the username on r4:

r4(config-if)#do sh run | i username
username r4
password 0 CISCO

r4(config-if)#no username r4 password 0 CISCO
r4(config)#user r5pass CISCO
r4(config)#
*Mar  1 04:15:26.552: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up

This is what the debug looks like when PPP CHAP authentication is successful:

Se0/1 PPP: Using default call direction
Se0/1 PPP: Treating connection as a dedicated line
Se0/1 PPP: Session handle[C1000004] Session id[62]
Se0/1 PPP: Authorization required
Se0/1 CHAP: O CHALLENGE id 56 len 23 from “r5″
Se0/1 CHAP: I CHALLENGE id 62 len 23 from “r4″
%LINK-3-UPDOWN: Interface Serial0/1, changed state to up
Se0/1 CHAP: Using hostname from unknown source
Se0/1 CHAP: Using password from AAA
Se0/1 CHAP: O RESPONSE id 62 len 23 from “r5″
Se0/1 CHAP: I RESPONSE id 56 len 23 from “r4″
Se0/1 PPP: Sent CHAP LOGIN Request
Se0/1 PPP: Received LOGIN Response PASS
Se0/1 PPP: Sent LCP AUTHOR Request
Se0/1 PPP: Sent IPCP AUTHOR Request
Se0/1 LCP: Received AAA AUTHOR Response PASS
Se0/1 IPCP: Received AAA AUTHOR Response PASS
Se0/1 CHAP: O SUCCESS id 56 len 4
Se0/1 CHAP: I SUCCESS id 62 len 4
Se0/1 PPP: Sent CDPCP AUTHOR Request
Se0/1 PPP: Sent IPCP AUTHOR Request
Se0/1 CDPCP: Received AAA AUTHOR Response PASS
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up

Internetwork Expert Volume III: Lab 1 – Section 2

2 Bridging and Switching

2.1 VLAN Assignments

This is a pretty easy task.  You need to set up sw1 as a VTP server and the remaining switches as VTP clients.  You are then given a list of named VLANs to configure as well as a list of ports with VLAN assignments.

IE refers to the VLANs by VLAN name (i.e. VLAN_B) instead of the VLAN number.  You need to use the number when assigning a port to a VLAN:

sw1(config-if)#swit acc vla ?
  <1-4094>  VLAN ID of the VLAN when this port is in access mode
  dynamic   When in access mode, this interfaces VLAN is controlled by VMPS

sw1(config-if)#swit acc vla VLAN_B
                                                ^
% Invalid input detected at ‘^’ marker.

The initial configurations have shut down most of the ports so there are no trunks negotiated by default, so if you do these tasks in order, be sure to come back and verify VTP and access ports after your trunks are up and VTP has propagated the VLANs.

The IE solution guide shows that they are using “switchport mode access” under the ports.  I don’t see anything in the task that requires this.

My solution:

interface FastEthernet0/1
 switchport access vlan 14

sw1#sh int fa0/1 switch
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 14 (VLAN_A)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
—output truncated—

IE answer:

interface FastEthernet0/1
 switchport access vlan 14
 switchport mode access

sw1(config-if)#do sh int fa0/1 swit
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 14 (VLAN_A)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
—output truncated—

2.3 Etherchannel

Simple Etherchannel task.  This subtask is a red herring:

“Use the default native VLAN for this connection.”

Dot1q trunking uses VLAN 1 as the native VLAN by default, so no additional configuration is necessary:

sw1(config)#do sh int po1 trunk

Port        Mode         Encapsulation  Status        Native vlan
Po1         on               802.1q                   trunking      1

Since no channel-group protocol or number was specified in the task,  I used “on” and “1″ respectively:

interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on

2.3 Trunking

Be careful on this task.  They are asking for two distinct, non-contiguous dot1q trunks.  You can still use “interface range” to shave a little time off of this task though:

sw2(config)#int rang fa0/19,fa0/21
sw2(config-if-range)#swit tru en dot
sw2(config-if-range)#swit mod tru
sw2(config-if-range)#no shut

2.4 Etherchannel

Mind the order of operations for Layer 3 Etherchannels during this task.  The IE solution guide has a nice example of the correct order of operations.  Also, this task asks you to “use all remaining directly connected inter-switch links” between sw2 and sw3 as well as sw2 and sw4.  This gets a little difficult due to the initial configurations setting some of the connected ports in shutdown.  Unless you are given a layer 2 map with all of the inter-switch connections listed in the actual lab, this would be a pain in the ass as you would need to do a “no shut” ports on sw2, sw3, and sw4 to see the connections via “show cdp neighbor”.  Also note that both Layer 3 Etherchannels use a /25 (255.255.255.128) mask.  You’ll discover one of the two initial configuration errors during this task.

Internetwork Expert Volume III: Lab 1 – Section 1

1 Troubleshooting

First error:

I initially missed this error on my fly-by at the beginning of the lab, but caught it later on.  It was an SVI that had been configured with an incorrect second octet:

sw2(config)#do sh run int vlan82
interface Vlan82
 ip address 192.1.1.8 255.255.255.0
end

sw2(config)#int vlan82
sw2(config-if)#ip add 192.10.1.8 255.255.255.0

Second error:

The second error was a little more complicated, but easier to spot as you won’t be able to build your Layer 3 Etherchannels until you fix it.

As you try to configure a Layer 3 Etherchannel with the IP address and mask listed on the topology, you’ll encounter the following error:

sw2(config-if)#ip add 140.1.0.8 255.255.255.128
Bad mask /25 for address 140.1.0.8

If you take a look at the final octet of the address and the mask, you’ll find that the address is in the zero (140.1.0.0) subnet:

Address  .8    0|0001000
Mask     .128  1|0000000

This should not be a problem as “ip subnet-zero” is enabled by default:

ip subnet-zero

But, IE turned it off in the initial configuration:

sw2(config-if)#do sh run | i subnet-zero
no ip subnet-zero

sw2(config-if)#ip subnet-zero
sw2(config)#int po23
sw2(config-if)#ip add 140.1.0.8 255.255.255.128

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 109 other followers