CCIE Pursuit Blog

April 9, 2008

Internetwork Expert Volume III: Lab 5 – Section 3

WAN Technologies – 9 Points

3.1 Hub and Spoke

Strange task:

“Configure a Frame Relay connection between r1, r2, and r5 using multipoint subinterfaces on each router.”
“Do not use Inverse-ARP or more than on frame-relay map command on each router.”

I’m having trouble with only using one frame map statement on r5 (hub).  Can I use PPPoFR?

Hellz yeah I can!!!

I eventually got this correct, but I spent a ton of time running through all of the different varations of Frame Relay in my head and I couldn’t produce on that only used one frame-relay map statement on the hub.  This is a case of me reading too little into the question (it never stated that you needed to use exacly one map, just one or less) as well as not being confident of my PPPoFR implementation.  In the end, you won’t use any frame-relay map statements on any of the routers.

3.2 PPPoFR

More fun with PPPoFR.  Much easier than the last task though.  🙂 

Your connection will not come up until you configure PPP authentication so you may as well skip ahead to task 3.4 right away.

3.3 PPP

“Configure PPP on the Serial connection between r4 and r5 using dialer interfaces.”

Wow.  I had to peek the solution on this one as I haven’t done anything with dialers for ages.

r4(config-if)#do sh run | sec l0/1|Dialer
interface Serial0/1
 no ip address
 shutdown
 dialer in-band
 dialer pool-member 1

 pulse-time 1 <-IOS throws this on by default
interface Dialer0
 ip address 128.1.45.4 255.255.255.0
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent

In the lab I would have just used PPP encapsution on the links and moved on.  I would have tried to get the points at the end of the lab if I had time.

dialer pool

dialer persistent

dialer pool-member

dialer in-band

r5#sh dialer

Se0/1 – dialer type = IN-BAND SYNC NO-PARITY
Dialer pool 1, priority 0
Idle timer (never), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Interface bound to profile Di0
Time until disconnect never

Connected to <unknown phone number>

Di0 – dialer type = DIALER PROFILE
Idle timer (never), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1

Dial String      Successes   Failures    Last DNIS   Last status
r5#

3.4 PPP Authentication

Authenticate the PPPoFR connection we configured in task 3.2 using PAP.  r6 should not authenticate BB1.

interface Serial0/0
 no ip address
 encapsulation frame-relay
 frame-relay interface-dlci 301 ppp Virtual-Template1
!
interface Virtual-Template1
 ip address 54.1.8.6 255.255.255.0
 ppp authentication pap
 ppp pap sent-username ROUTER6 password 0 CISCO

That’s not working:

*Mar  8 03:56:12.058: Vi1 PAP: Using hostname from interface PAP
*Mar  8 03:56:12.058: Vi1 PAP: Using password from interface PAP
*Mar  8 03:56:12.058: Vi1 PAP: O AUTH-REQ id 11 len 18 from “ROUTER6”
*Mar  8 03:56:12.062: Vi1 PAP: I AUTH-REQ id 11 len 14 from “BB1”
*Mar  8 03:56:12.062: Vi1 PAP: Authenticating peer BB1
*Mar  8 03:56:12.062: Vi1 PPP: Sent PAP LOGIN Request
*Mar  8 03:56:12.062: Vi1 PPP: Received LOGIN Response FAIL
*Mar  8 03:56:12.062: Vi1 PAP: O AUTH-NAK id 11 len 26 msg is “Authentication failed”

No clue.  I looked at the solution guide and the only difference was that IE did not use ‘ppp authentication pap’

r6(config)#int virtual-tem 1
r6(config-if)#no ppp authen pap
r6(config-if)#
*Mar  8 04:28:40.518: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

*Mar  8 04:29:28.846: Vi1 PPP: Using default call direction
*Mar  8 04:29:28.846: Vi1 PPP: Treating connection as a dedicated line
*Mar  8 04:29:28.846: Vi1 PPP: Session handle[BA0003AB] Session id[934]
*Mar  8 04:29:28.846: Vi1 PPP: Authorization required
*Mar  8 04:29:44.958: Vi1 PPP: No authorization without authentication
*Mar  8 04:29:44.958: Vi1 PAP: Using hostname from interface PAP
*Mar  8 04:29:44.958: Vi1 PAP: Using password from interface PAP
*Mar  8 04:29:44.958: Vi1 PAP: O AUTH-REQ id 166 len 18 from “ROUTER6”
*Mar  8 04:29:44.962: Vi1 PAP: I AUTH-ACK id 166 len 5
*Mar  8 04:29:45.962: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

Really??? That was the issue?

Ummm….of course it was.  DOH!!!  I can’t believe that I fucked this up.  One of the requirements is that r6 should not authenticate BB1.  By configuring ‘ppp authentication pap’ on r6 that is exactly what I was trying to do.  Another time-wasting task.  This one was my fault though. 

 

Advertisements

1 Comment »

  1. Please check this bug
    There is a loop hole in the PPP connections for IPs other than .1, .2, .5
    Rack1R2#traceroute 128.1.125.3

    Type escape sequence to abort.
    Tracing the route to 128.1.125.3

    1 128.1.125.5 108 msec 92 msec 16 msec
    2 128.1.125.1 124 msec 136 msec 192 msec
    3 128.1.125.5 48 msec 140 msec 124 msec
    4 128.1.125.1 96 msec 108 msec 124 msec
    5 128.1.125.5 172 msec 148 msec 132 msec
    6 128.1.125.1 316 msec 124 msec 248 msec
    7 128.1.125.5 156 msec 168 msec 176 msec
    8 128.1.125.1 204 msec 156 msec 448 msec

    Comment by Aly — April 28, 2008 @ 11:04 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: