Section 9 – IP Services – 8 Points
9.1 Default Gateways
Users in VLAN 26 have their default-gateway set to their own IP address instead of r6’s address. Configure r2 and r6 to support them.
WTF? No clue.
The answer: turn off proxy-arp on those segments.
UPDATE:
It turns out that I read the question wrong. The requirement is:
“Configure r2 and r6 not [sic] support these users.”
It make sense to disable proxy-arp so as NOT to support these users. The users are set up to ARP for everything. Proxy-ARP is enabled by default so r2 and r6 will respond to ARPs with their own MAC address if they have a route for the address that the users ARP for. By disabling proxy-arp, the routers will not respond to those ARP requests.
9.2 Web Caching
Configure WCCP for users in VLAN 4. The web servers are out the Frame link.
“Configure r4 to support this setup, but don not attempt to cache HTTP traffic between VLANs 4 and 45.”
r4(config)#int fa0/0
r4(config-if)#ip wccp web-cache redirect in
r4(config-if)#int s0/0
r4(config-if)#ip wccp web-cache redirect out
r4(config)#ip wccp ?
<0-254> Dynamically defined service identifier number
check Enable a WCCP check
outbound-acl-check Enable acl check on original outbound interface
version protocol version
web-cache Standard web caching service
r4(config)#ip wccp web-cache ?
group-address Set the multicast group
group-list Set the access-list used to permit group membership
password Authentication password (key)
redirect-list Set the access-list used to permit redirection
<cr>
The three options that stand out as possibly being useful for the last requirement are the outbound-acl-check, the group-list, and the redirect-list.
I peeked the solution guide.
Huh?
IE just enabled WCCP globally and then set s0/0 to redirect out??? Does that last requirement mean ALL HTTP request on VLANs 4 and 45 or just the traffic between those two VLANs (as I understood it)?
I get it now. There are only two egress point for traffic from VLAN 4 or 45. They can either egress the other VLAN or out the Frame link. So IE’s solution makes sense.
9.3 IP SLA
This is a basic IP SLA task in which you must set up IP SLA on r6 to ping 115.0.0.1 every 30 seconds with 1250 byte packets and a timeout of 25ms.
I kept getting failures:
r6#sh ip sla mo stat
Round trip time (RTT) Index 1
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *05:04:09.895 UTC Mon Mar 18 2002
Latest operation return code: Timeout
Number of successes: 0
Number of failures: 4
Operation time to live: 3503 sec
The reason was simple. My packets were not fast enough. 
r6#p 115.0.0.1 si 1250
Type escape sequence to abort.
Sending 5, 1250-byte ICMP Echos to 115.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
9.4 Gateway Redundancy
You need to use the SLA monitor in the last task with HSRP. R6 should be VLAN 26’s default gateway but only if the SLA monitor is successful, otherwise they should use r2.
r6(config)#track 1 rtr 1
r6(config-track)#int f0/1.26
r6(config-subif)#stand 1 track 1decre 20
r6(config-subif)#stand 1 ip 174.1.26.1
r6(config-subif)#stand 1 preempt
r2(config)#int g0/0.26
r2(config-subif)#stand 1 ip 174.1.26.1
r2(config-subif)#stand 1 preempt
r2(config-subif)#stand 1 prio 90
Since my SLA monitor is failing, r2 should be active and r6 should have a priority of 80:
r2#sh stand
GigabitEthernet0/0.26 – Group 1
State is Active
1 state change, last state change 00:01:12
Virtual IP address is 174.1.26.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.556 secs
Preemption enabled
Active router is local
Standby router is 174.1.26.6, priority 80 (expires in 7.556 sec)
Priority 90 (configured 90)
IP redundancy name is “hsrp-Gi0/0.26-1″ (default)
r6#sh stand
FastEthernet0/1.26 – Group 1
State is Standby
4 state changes, last state change 00:01:22
Virtual IP address is 174.1.26.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.232 secs
Preemption enabled
Active router is 174.1.26.2, priority 90 (expires in 7.232 sec)
Standby router is local
Priority 80 (default 100)
Track object 1 state Down decrement 20
IP redundancy name is “hsrp-Fa0/1.26-1″ (default)
Just to see if it will come up I deleted the SLA monitor and re-added it with a timeout and threshold of 50ms:
no ip sla monitor 1
ip sla monitor 1
type echo protocol ipIcmpEcho 115.0.0.1
request-data-size 1250
timeout 50
threshold 50
freq 5
ip sla monitor schedule 1 start-time now
r6#sh ip sla monitor stat
Round trip time (RTT) Index 1
Latest RTT: 28 ms
Latest operation start time: *05:14:18.275 UTC Mon Mar 18 2002
Latest operation return code: OK
Number of successes: 12
Number of failures: 0
Operation time to live: 3543 sec
r6#sh stand
FastEthernet0/1.26 – Group 1
State is Active
8 state changes, last state change 00:01:09
Virtual IP address is 174.1.26.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.296 secs
Preemption enabled
Active router is local
Standby router is 174.1.26.2, priority 90 (expires in 7.296 sec)
Priority 100 (default 100)
Track object 1 state Up decrement 20
IP redundancy name is “hsrp-Fa0/1.26-1″ (default)
r2#sh stand
GigabitEthernet0/0.26 – Group 1
State is Standby
5 state changes, last state change 00:01:33
Virtual IP address is 174.1.26.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.280 secs
Preemption enabled
Active router is 174.1.26.6, priority 100 (expires in 8.276 sec)
Standby router is local
Priority 90 (configured 90)
IP redundancy name is “hsrp-Gi0/0.26-1″ (default)
“Users in VLAN 26 have their default-gateway set to their own IP address instead of r6’s address. Configure r2 and r6 to support them.
WTF? No clue.
The answer: turn off proxy-arp on those segments.”
– wow. I’m really confused by this. Before reading your answer I thought, “oh the answer must be to turn ON proxy arp!” … how disabling proxy arp solves this problem is really not clicking for me. Any help anybody? I would think that if the users’ default gateway is their own IP address, then when they wanted to send something off their subnet they would either a) arp for it and thus proxy arp is the solution, or b) send it to themselves, and their PC would need something in it’s route table. WTF?
Comment by Joe A — August 18, 2008 @ 9:33 am |
@Joe – You can blame this on my poor reading skills.
It turns out that I read the question wrong. The requirement is:
“Configure r2 and r6 not [sic] support these users.”
It make sense to disable proxy-arp so as NOT to support these users. The users are set up to arp for everything. Proxy-ARP is enabled by default so r2 and r6 will respond to ARPs with their own MAC address if they have a route for the address that the users ARP for. By disabling proxy-arp, the routers will not respond to those ARP requests.
Comment by cciepursuit — August 19, 2008 @ 9:56 am |
Ooooohhhhhhhhhhhhhhhhh….well then, that makes sense! Now I’m happy
Thanks for clearing that up, I appreciate that.
Comment by Joe A — August 19, 2008 @ 11:43 am |