From: John Neiberger (neiby@xxxxxxxxxx)
Date: Thu Mar 14 2002 - 20:30:58 GMT-3
Hmm... that's very interesting. :-) Well, as far as ring 200
goes, that's a coincidence that doesn't affect anything. On
the client router I should have picked a different ring
number. In my haste, I picked the same ring number that I'm
using on the SR/TLB router.
Regarding the 'source-bridge 10 50 100' line, I have *no* idea
what happened there. It should be 10 5 100. Now I'm
curious...I'm going to have to set this up again tonight and
try this again from scratch to make sure I've got it right.
I really need to get more sleep. My ability to focus is gone
and I keep making silly mistakes like this! :-) The config
worked, but that doesn't matter if it's not 'correct'.
Thanks,
John
---- On Thu, 14 Mar 2002, Tshon (tshon@netzero.net) wrote:
> Do you mind reposting the configs... I'm looking at the ones
you have
> and they seem to be missing some valueable info.
>
> int ethernet0
> ip address 172.16.43.2 255.255.255.0
>
> R3 (token ring):
>
> int tokenring0
> ip add 172.16.43.3 255.255.255.0
> source-bridge 10 4 200
> source-bridge spanning
> multiring ip
>
> why are you using ring 200..... and where does the other
router
> reference 200 on it's interface...
> or is 200 you virtual....
>
> Then R4 (SR/TLB):
>
> no ip routing
> !
> source-bridge ring-group 100
> source-bridge transparent 100 200 5 1
> !
> int ethernet 0
> bridge-group 1
> !
> int tokenring0
> source-bridge 10 50 100
> source-bridge spanning
> multiring ip
>
>
> The 50 is for the Bridge number... but you have 5 in ths
transparent.
> Brian Lodwick wrote:
>
> > Are you talking about the configs I posted?
> >
> > The configs I posted were almost identical except instead
of using
> > multiring ip I used multiring all, and I changed the MTU on
the
> > Token-Ring portion to 1500 so that no packet ever reaches
the ethernet
>
> > side and is discarded because it exceeds ethernet's MTU
size since
> > Token-Ring's MTU is 4472, and the default MTU for most
Cisco
> > Token-Ring interfaces is 4464.
> >
> >>>> Brian
> >>>
> >
> >
> >> From: John Neiberger <neiby@ureach.com>
> >> Reply-To: John Neiberger <neiby@ureach.com>
> >> To: ccielab@groupstudy.com
> >> Subject: SR/TLB for IP Discoveries (LONG)
> >> Date: Thu, 14 Mar 2002 01:17:05 -0500
> >>
> >> Since I was temporarily fed up with staring at ipsec
configs I
> >> thought I'd take a crack at the SR/TLB stuff going on
today. I
> >> wasn't able to make this work using the configs posted
today.
> >> In fact, I can't figure out why the posted configs were
working
> >> at all. :-)
> >>
> >> I printed out three different docs from CCO and cross-
> >> referenced that with examples from the archives to come up
with
> >> a working solution. Here is the scenario:
> >>
> >> R2 --- (eth) --- R4 --- (tr) --- R3
> >>
> >> Let's start with R4 since it's the most complex. The first
> >> step is to configure SRB and transparent bridging:
> >>
> >> no ip routing
> >> !
> >> source-bridge ring-group 100
> >> !
> >> int to0
> >> source-bridge 10 5 100
> >> !
> >> int e0
> >> bridge-group 1
> >> !
> >> bridge 1 protocol ieee
> >>
> >> Then, configure SR/TLB to bridge between the two
interfaces:
> >>
> >> source-bridge transparent 100 200 5 1
> >>
> >> In that config, the first number is from the source-bridge
ring-
> >> group statement. The second number is the virtual ring
number
> >> that identifies the transparent bridging domain to the SRB
> >> domain. The third number is the bridge number taken from
the
> >> SRB config on the token ring interface. Finally, the
fourth
> >> number is the bridge-group number taken from the ethernet
> >> interface config.
> >>
> >> At this point things won't be working just yet. On R2, the
> >> ethernet-only router, we simply need to configure an IP
> >> address. Then, we need to add an IP address to R3 that's
in
> >> the same subnet. Go ahead, try to ping...it won't work
yet,
> >> and here's where it starts to get a little tricky if you're
> >> doing this with IP.
> >>
> >> On R4 you've configured SR/TLB which handles layer-two
traffic
> >> just fine but it doesn't know how to handle embedded layer
> >> three addresses. To fix this, add the following:
> >>
> >> bridge 1 bitswap-layer3-addresses
> >>
> >> That's fairly straightforward, but things aren't going to
work
> >> yet. If you try to ping R2 from R3, the initial ARP will
> >> fail. Why? Because the router needs to send an explorer
and
> >> it's not configured to do so. So, go to R3 and add the
> >> following:
> >>
> >> int to0
> >> source-bridge 10 4 200 (the 4 and 200 are irrelevant)
> >> source-bridge spanning
> >> multiring ip <------ important!
> >>
> >> Pings still won't work until you go back to the SR/TLB
router
> >> and add 'source-bridge spanning' and 'multiring ip'. At
that
> >> point, pings should succeed.
> >>
> >> With this solution there are no guarantees that all IP
traffic
> >> will work. In fact, this is configuration is probably a
really
> >> bad idea if you're running IP, but it at least sort of
works.
> >>
> >> I broke this down into sections to show the steps I went
> >> through to figure this out and make it work. Here are the
> >> final working configs:
> >>
> >> R2 (ethernet):
> >>
> >> int ethernet0
> >> ip address 172.16.43.2 255.255.255.0
> >>
> >> R3 (token ring):
> >>
> >> int tokenring0
> >> ip add 172.16.43.3 255.255.255.0
> >> source-bridge 10 4 200
> >> source-bridge spanning
> >> multiring ip
> >>
> >> R4 (SR/TLB):
> >>
> >> no ip routing
> >> !
> >> source-bridge ring-group 100
> >> source-bridge transparent 100 200 5 1
> >> !
> >> int ethernet 0
> >> bridge-group 1
> >> !
> >> int tokenring0
> >> source-bridge 10 50 100
> >> source-bridge spanning
> >> multiring ip
> >> !
> >> bridge 1 protocol ieee
> >> bridge 1 bitswap-layer3-addresses
> >>
> >> I currently have these exact configs on my routers, and
here is
> >> the result:
> >>
> >> R3#
> >> R3#sho arp
> >> Protocol Address Age (min) Hardware Addr Type
> >> Interface
> >> Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> >> TokenRing0
> >> R3#ping 172.16.43.2
> >>
> >> Type escape sequence to abort.
> >> Sending 5, 100-byte ICMP Echos to 172.16.43.2, timeout is 2
> >> seconds:
> >> .!!!!
> >> Success rate is 80 percent (4/5), round-trip min/avg/max =
> >> 8/8/8 ms
> >> R3#sho arp
> >> Protocol Address Age (min) Hardware Addr Type
> >> Interface
> >> Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> >> TokenRing0
> >> Internet 172.16.43.2 0 0000.30b1.4bc1 SNAP
> >> TokenRing0
> >> R3#
> >>
> >> I sure hope I don't have to mess with this in the real
lab, but
> >> this little adventure was very enlightening. At least I
think
> >> I could get it working if I run into it when it counts. :-
)
> >>
> >> Regards,
> >> John
> >>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3