From: Brian Lodwick (xpranax@xxxxxxxxxxx)
Date: Thu Mar 14 2002 - 17:12:53 GMT-3
Are you talking about the configs I posted?
The configs I posted were almost identical except instead of using multiring
ip I used multiring all, and I changed the MTU on the Token-Ring portion to
1500 so that no packet ever reaches the ethernet side and is discarded
because it exceeds ethernet's MTU size since Token-Ring's MTU is 4472, and
the default MTU for most Cisco Token-Ring interfaces is 4464.
>>>Brian
>From: John Neiberger <neiby@ureach.com>
>Reply-To: John Neiberger <neiby@ureach.com>
>To: ccielab@groupstudy.com
>Subject: SR/TLB for IP Discoveries (LONG)
>Date: Thu, 14 Mar 2002 01:17:05 -0500
>
>Since I was temporarily fed up with staring at ipsec configs I
>thought I'd take a crack at the SR/TLB stuff going on today. I
>wasn't able to make this work using the configs posted today.
>In fact, I can't figure out why the posted configs were working
>at all. :-)
>
>I printed out three different docs from CCO and cross-
>referenced that with examples from the archives to come up with
>a working solution. Here is the scenario:
>
>R2 --- (eth) --- R4 --- (tr) --- R3
>
>Let's start with R4 since it's the most complex. The first
>step is to configure SRB and transparent bridging:
>
>no ip routing
>!
>source-bridge ring-group 100
>!
>int to0
> source-bridge 10 5 100
>!
>int e0
> bridge-group 1
>!
>bridge 1 protocol ieee
>
>Then, configure SR/TLB to bridge between the two interfaces:
>
>source-bridge transparent 100 200 5 1
>
>In that config, the first number is from the source-bridge ring-
>group statement. The second number is the virtual ring number
>that identifies the transparent bridging domain to the SRB
>domain. The third number is the bridge number taken from the
>SRB config on the token ring interface. Finally, the fourth
>number is the bridge-group number taken from the ethernet
>interface config.
>
>At this point things won't be working just yet. On R2, the
>ethernet-only router, we simply need to configure an IP
>address. Then, we need to add an IP address to R3 that's in
>the same subnet. Go ahead, try to ping...it won't work yet,
>and here's where it starts to get a little tricky if you're
>doing this with IP.
>
>On R4 you've configured SR/TLB which handles layer-two traffic
>just fine but it doesn't know how to handle embedded layer
>three addresses. To fix this, add the following:
>
>bridge 1 bitswap-layer3-addresses
>
>That's fairly straightforward, but things aren't going to work
>yet. If you try to ping R2 from R3, the initial ARP will
>fail. Why? Because the router needs to send an explorer and
>it's not configured to do so. So, go to R3 and add the
>following:
>
>int to0
> source-bridge 10 4 200 (the 4 and 200 are irrelevant)
> source-bridge spanning
> multiring ip <------ important!
>
>Pings still won't work until you go back to the SR/TLB router
>and add 'source-bridge spanning' and 'multiring ip'. At that
>point, pings should succeed.
>
>With this solution there are no guarantees that all IP traffic
>will work. In fact, this is configuration is probably a really
>bad idea if you're running IP, but it at least sort of works.
>
>I broke this down into sections to show the steps I went
>through to figure this out and make it work. Here are the
>final working configs:
>
>R2 (ethernet):
>
>int ethernet0
> ip address 172.16.43.2 255.255.255.0
>
>R3 (token ring):
>
>int tokenring0
> ip add 172.16.43.3 255.255.255.0
> source-bridge 10 4 200
> source-bridge spanning
> multiring ip
>
>R4 (SR/TLB):
>
>no ip routing
>!
>source-bridge ring-group 100
>source-bridge transparent 100 200 5 1
>!
>int ethernet 0
> bridge-group 1
>!
>int tokenring0
> source-bridge 10 50 100
> source-bridge spanning
> multiring ip
>!
>bridge 1 protocol ieee
>bridge 1 bitswap-layer3-addresses
>
>I currently have these exact configs on my routers, and here is
>the result:
>
>R3#
>R3#sho arp
>Protocol Address Age (min) Hardware Addr Type
>Interface
>Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
>TokenRing0
>R3#ping 172.16.43.2
>
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 172.16.43.2, timeout is 2
>seconds:
>.!!!!
>Success rate is 80 percent (4/5), round-trip min/avg/max =
>8/8/8 ms
>R3#sho arp
>Protocol Address Age (min) Hardware Addr Type
>Interface
>Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
>TokenRing0
>Internet 172.16.43.2 0 0000.30b1.4bc1 SNAP
>TokenRing0
>R3#
>
>I sure hope I don't have to mess with this in the real lab, but
>this little adventure was very enlightening. At least I think
>I could get it working if I run into it when it counts. :-)
>
>Regards,
>John
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3