From: John Neiberger (neiby@xxxxxxxxxx)
Date: Thu Mar 14 2002 - 17:22:41 GMT-3
I don't recall whose configs I was looking at, but if I
remember correctly the order of parameters in the source-bridge
transparent command were wrong in the config I was comparing
mine to. I'd have to look back at the archives to see whose
they were.
You bring up a good point that I missed. The MTU on the TR
side should be lowered to match that of the ethernet side.
This wouldn't matter if we were simply using pings to test, but
it could make a huge difference if you were really trying to
run applications over this setup.
Thanks,
John
---- On Thu, 14 Mar 2002, Brian Lodwick (xpranax@hotmail.com)
wrote:
> Are you talking about the configs I posted?
>
> The configs I posted were almost identical except instead of
using
> multiring
> ip I used multiring all, and I changed the MTU on the Token-
Ring portion
> to
> 1500 so that no packet ever reaches the ethernet side and is
discarded
> because it exceeds ethernet's MTU size since Token-Ring's MTU
is 4472,
> and
> the default MTU for most Cisco Token-Ring interfaces is 4464.
>
> >>>Brian
>
>
> >From: John Neiberger <neiby@ureach.com>
> >Reply-To: John Neiberger <neiby@ureach.com>
> >To: ccielab@groupstudy.com
> >Subject: SR/TLB for IP Discoveries (LONG)
> >Date: Thu, 14 Mar 2002 01:17:05 -0500
> >
> >Since I was temporarily fed up with staring at ipsec configs
I
> >thought I'd take a crack at the SR/TLB stuff going on
today. I
> >wasn't able to make this work using the configs posted today.
> >In fact, I can't figure out why the posted configs were
working
> >at all. :-)
> >
> >I printed out three different docs from CCO and cross-
> >referenced that with examples from the archives to come up
with
> >a working solution. Here is the scenario:
> >
> >R2 --- (eth) --- R4 --- (tr) --- R3
> >
> >Let's start with R4 since it's the most complex. The first
> >step is to configure SRB and transparent bridging:
> >
> >no ip routing
> >!
> >source-bridge ring-group 100
> >!
> >int to0
> > source-bridge 10 5 100
> >!
> >int e0
> > bridge-group 1
> >!
> >bridge 1 protocol ieee
> >
> >Then, configure SR/TLB to bridge between the two interfaces:
> >
> >source-bridge transparent 100 200 5 1
> >
> >In that config, the first number is from the source-bridge
ring-
> >group statement. The second number is the virtual ring
number
> >that identifies the transparent bridging domain to the SRB
> >domain. The third number is the bridge number taken from the
> >SRB config on the token ring interface. Finally, the fourth
> >number is the bridge-group number taken from the ethernet
> >interface config.
> >
> >At this point things won't be working just yet. On R2, the
> >ethernet-only router, we simply need to configure an IP
> >address. Then, we need to add an IP address to R3 that's in
> >the same subnet. Go ahead, try to ping...it won't work yet,
> >and here's where it starts to get a little tricky if you're
> >doing this with IP.
> >
> >On R4 you've configured SR/TLB which handles layer-two
traffic
> >just fine but it doesn't know how to handle embedded layer
> >three addresses. To fix this, add the following:
> >
> >bridge 1 bitswap-layer3-addresses
> >
> >That's fairly straightforward, but things aren't going to
work
> >yet. If you try to ping R2 from R3, the initial ARP will
> >fail. Why? Because the router needs to send an explorer and
> >it's not configured to do so. So, go to R3 and add the
> >following:
> >
> >int to0
> > source-bridge 10 4 200 (the 4 and 200 are irrelevant)
> > source-bridge spanning
> > multiring ip <------ important!
> >
> >Pings still won't work until you go back to the SR/TLB router
> >and add 'source-bridge spanning' and 'multiring ip'. At that
> >point, pings should succeed.
> >
> >With this solution there are no guarantees that all IP
traffic
> >will work. In fact, this is configuration is probably a
really
> >bad idea if you're running IP, but it at least sort of works.
> >
> >I broke this down into sections to show the steps I went
> >through to figure this out and make it work. Here are the
> >final working configs:
> >
> >R2 (ethernet):
> >
> >int ethernet0
> > ip address 172.16.43.2 255.255.255.0
> >
> >R3 (token ring):
> >
> >int tokenring0
> > ip add 172.16.43.3 255.255.255.0
> > source-bridge 10 4 200
> > source-bridge spanning
> > multiring ip
> >
> >R4 (SR/TLB):
> >
> >no ip routing
> >!
> >source-bridge ring-group 100
> >source-bridge transparent 100 200 5 1
> >!
> >int ethernet 0
> > bridge-group 1
> >!
> >int tokenring0
> > source-bridge 10 50 100
> > source-bridge spanning
> > multiring ip
> >!
> >bridge 1 protocol ieee
> >bridge 1 bitswap-layer3-addresses
> >
> >I currently have these exact configs on my routers, and here
is
> >the result:
> >
> >R3#
> >R3#sho arp
> >Protocol Address Age (min) Hardware Addr Type
> >Interface
> >Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> >TokenRing0
> >R3#ping 172.16.43.2
> >
> >Type escape sequence to abort.
> >Sending 5, 100-byte ICMP Echos to 172.16.43.2, timeout is 2
> >seconds:
> >.!!!!
> >Success rate is 80 percent (4/5), round-trip min/avg/max =
> >8/8/8 ms
> >R3#sho arp
> >Protocol Address Age (min) Hardware Addr Type
> >Interface
> >Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> >TokenRing0
> >Internet 172.16.43.2 0 0000.30b1.4bc1 SNAP
> >TokenRing0
> >R3#
> >
> >I sure hope I don't have to mess with this in the real lab,
but
> >this little adventure was very enlightening. At least I
think
> >I could get it working if I run into it when it counts. :-)
> >
> >Regards,
> >John
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3