From: John Neiberger (neiby@xxxxxxxxxx)
Date: Thu Mar 14 2002 - 12:26:09 GMT-3
Perhaps not, but I believe I tried to ping without adding
multiring ip and it did not work. It was then that I added the
command and the ping succeeded.
I've already blown away the configs to go back to work on my
IPSec configuration. Perhaps someone either knows the answer
or will set this up and test it.
If I think about it, I'll set it up again when I get home
tonight, just to make sure.
John
---- On Thu, 14 Mar 2002, RSiddappa@NECBNS.com
(RSiddappa@NECBNS.com) wrote:
>
> John,
>
> This is absolutely good and workign config. But I am stll not
sure do u
> need
> that multiring Ip on the token ring interface fo the router
doign
> Translational bridging.
>
> I do no think. I had it workign with out that few days back.
>
> R.
>
>
>
> -----Original Message-----
> From: John Neiberger [mailto:neiby@ureach.com]
> Sent: Thursday, March 14, 2002 12:17 AM
> To: ccielab@groupstudy.com
> Subject: SR/TLB for IP Discoveries (LONG)
>
>
> Since I was temporarily fed up with staring at ipsec configs
I
> thought I'd take a crack at the SR/TLB stuff going on today.
I
> wasn't able to make this work using the configs posted
today.
> In fact, I can't figure out why the posted configs were
working
> at all. :-)
>
> I printed out three different docs from CCO and cross-
> referenced that with examples from the archives to come up
with
> a working solution. Here is the scenario:
>
> R2 --- (eth) --- R4 --- (tr) --- R3
>
> Let's start with R4 since it's the most complex. The first
> step is to configure SRB and transparent bridging:
>
> no ip routing
> !
> source-bridge ring-group 100
> !
> int to0
> source-bridge 10 5 100
> !
> int e0
> bridge-group 1
> !
> bridge 1 protocol ieee
>
> Then, configure SR/TLB to bridge between the two interfaces:
>
> source-bridge transparent 100 200 5 1
>
> In that config, the first number is from the source-bridge
ring-
> group statement. The second number is the virtual ring
number
> that identifies the transparent bridging domain to the SRB
> domain. The third number is the bridge number taken from the
> SRB config on the token ring interface. Finally, the fourth
> number is the bridge-group number taken from the ethernet
> interface config.
>
> At this point things won't be working just yet. On R2, the
> ethernet-only router, we simply need to configure an IP
> address. Then, we need to add an IP address to R3 that's in
> the same subnet. Go ahead, try to ping...it won't work yet,
> and here's where it starts to get a little tricky if you're
> doing this with IP.
>
> On R4 you've configured SR/TLB which handles layer-two
traffic
> just fine but it doesn't know how to handle embedded layer
> three addresses. To fix this, add the following:
>
> bridge 1 bitswap-layer3-addresses
>
> That's fairly straightforward, but things aren't going to
work
> yet. If you try to ping R2 from R3, the initial ARP will
> fail. Why? Because the router needs to send an explorer and
> it's not configured to do so. So, go to R3 and add the
> following:
>
> int to0
> source-bridge 10 4 200 (the 4 and 200 are irrelevant)
> source-bridge spanning
> multiring ip <------ important!
>
> Pings still won't work until you go back to the SR/TLB router
> and add 'source-bridge spanning' and 'multiring ip'. At that
> point, pings should succeed.
>
> With this solution there are no guarantees that all IP
traffic
> will work. In fact, this is configuration is probably a
really
> bad idea if you're running IP, but it at least sort of
works.
>
> I broke this down into sections to show the steps I went
> through to figure this out and make it work. Here are the
> final working configs:
>
> R2 (ethernet):
>
> int ethernet0
> ip address 172.16.43.2 255.255.255.0
>
> R3 (token ring):
>
> int tokenring0
> ip add 172.16.43.3 255.255.255.0
> source-bridge 10 4 200
> source-bridge spanning
> multiring ip
>
> R4 (SR/TLB):
>
> no ip routing
> !
> source-bridge ring-group 100
> source-bridge transparent 100 200 5 1
> !
> int ethernet 0
> bridge-group 1
> !
> int tokenring0
> source-bridge 10 50 100
> source-bridge spanning
> multiring ip
> !
> bridge 1 protocol ieee
> bridge 1 bitswap-layer3-addresses
>
> I currently have these exact configs on my routers, and here
is
> the result:
>
> R3#
> R3#sho arp
> Protocol Address Age (min) Hardware Addr Type
> Interface
> Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> TokenRing0
> R3#ping 172.16.43.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 172.16.43.2, timeout is 2
> seconds:
> .!!!!
> Success rate is 80 percent (4/5), round-trip min/avg/max =
> 8/8/8 ms
> R3#sho arp
> Protocol Address Age (min) Hardware Addr Type
> Interface
> Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> TokenRing0
> Internet 172.16.43.2 0 0000.30b1.4bc1 SNAP
> TokenRing0
> R3#
>
> I sure hope I don't have to mess with this in the real lab,
but
> this little adventure was very enlightening. At least I
think
> I could get it working if I run into it when it counts. :-)
>
> Regards,
> John
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:08 GMT-3