From: Dan Shechter (danshtr@yahoo.com)
Date: Wed Jun 23 2004 - 09:13:02 GMT-3
Have you tried with proxy-arp on R5?
--- "Alexander Arsenyev (GU/ETL)" <alexander.arsenyev@ericsson.com>
wrote:
> Hello Tim,
>
> I've tested my solution between Cat3550 and 2511 router (I've sold
> my CCIE rack some time ago and had to borrow the kit) - the only
> boxes I managed to get hold of.
> Though 2511 did not run any routing protocol (in absense of other
> routers) I've configured a number of loopback interfaces on 2511 to
> simulate subnets - I believe this workaround is representative.
>
> Now the configs and debugs :-)
> R5#sh run
> Building configuration...
>
> Current configuration:
> !
> version 11.0
> service udp-small-servers
> service tcp-small-servers
> !
> hostname R5
> !
> !
> ip subnet-zero
> !
> interface Loopback0
> ip address 142.6.13.5 255.255.255.0
> !
> interface Loopback1
> ip address 142.6.14.5 255.255.255.0
> !
> interface Loopback2
> ip address 142.6.23.5 255.255.255.0
> !
> interface Loopback3
> ip address 142.6.43.5 255.255.255.0
> !
> interface Ethernet0
> ip address 142.6.58.5 255.255.255.0 <------Link to Cat3550
> no ip mroute-cache
> !
> interface Serial0
> no ip address
> no ip mroute-cache
> shutdown
> !
> interface Serial1
> no ip address
> no ip mroute-cache
> shutdown
> !
> ip classless
> ip route 150.6.8.0 255.255.255.0 142.6.58.35
> logging buffered 65536
> alias exec ib show ip int brief
> alias exec ir show ip route
> alias exec io show ip ospf
> alias exec ig show ip bgp
> !
> line con 0
> line 1 16
> no exec
> transport input telnet
> line aux 0
> transport input all
> line vty 0 4
> password cisco
> login
> !
> end
> Cat3550#sh run
> Building configuration...
>
> Current configuration : 2490 bytes
> !
> version 12.1
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname Cat3550
> !
> !
> ip subnet-zero
> ip routing
> !
> !
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> !
> !
> !
> !
> interface Loopback0
> ip address 150.6.8.8 255.255.255.0
> !
> interface FastEthernet0/1
> switchport mode dynamic desirable
> !
> interface FastEthernet0/2
> switchport mode dynamic desirable
> !
> interface FastEthernet0/3
> switchport mode dynamic desirable
> !
> interface FastEthernet0/4
> switchport mode dynamic desirable
> !
> interface FastEthernet0/5
> switchport mode dynamic desirable
> !
> interface FastEthernet0/6
> switchport mode dynamic desirable
> !
> interface FastEthernet0/7
> switchport mode dynamic desirable
> !
> interface FastEthernet0/8
> switchport mode dynamic desirable
> !
> interface FastEthernet0/9
> switchport mode dynamic desirable
> !
> interface FastEthernet0/10
> switchport mode dynamic desirable
> !
> interface FastEthernet0/11
> switchport mode dynamic desirable
> !
> interface FastEthernet0/12
> switchport mode dynamic desirable
> !
> interface FastEthernet0/13
> switchport mode dynamic desirable
> !
> interface FastEthernet0/14
> switchport mode dynamic desirable
> !
> interface FastEthernet0/15
> switchport mode dynamic desirable
> !
> interface FastEthernet0/16
> switchport mode dynamic desirable
> !
> interface FastEthernet0/17
> switchport mode dynamic desirable
> !
> interface FastEthernet0/18
> switchport mode dynamic desirable
> !
> interface FastEthernet0/19
> switchport mode dynamic desirable
> !
> interface FastEthernet0/20
> switchport mode dynamic desirable
> !
> interface FastEthernet0/21
> switchport mode dynamic desirable
> !
> interface FastEthernet0/22
> switchport mode dynamic desirable
> !
> interface FastEthernet0/23
> switchport mode dynamic desirable
> !
> interface FastEthernet0/24
> switchport mode dynamic desirable
> !
> interface GigabitEthernet0/1
> switchport mode dynamic desirable
> !
> interface GigabitEthernet0/2
> switchport mode dynamic desirable
> !
> interface Vlan1
> ip address 142.6.255.254 255.255.0.0 secondary
> ip address 142.6.58.35 255.255.255.0
> !
> ip classless
> ip http server
> !
> arp 142.6.13.5 0010.7be8.7281 ARPA <--------this is required for my
> solution to work
> arp 142.6.14.5 0010.7be8.7281 ARPA <--------the MAC address is R5'
> E0 interface MAC
> arp 142.6.23.5 0010.7be8.7281 ARPA
> arp 142.6.43.5 0010.7be8.7281 ARPA
> alias exec ib sh ip int brief
> alias exec ir show ip route
> alias exec io show ip ospf
> alias exec ig show ip bgp
> !
> line con 0
> exec-timeout 0 0
> privilege level 15
> line vty 0 4
> privilege level 15
> no login
> line vty 5 15
> privilege level 15
> no login
> !
> !
> end
>
> As You can see I've added a number of sttaic ARP entries to Cat3550
> (one for each Lo interface on R5). Without them
> the Cat3550 sends ARP request but never gets a reply:
>
> Cat3550#ping 142.6.14.5
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 142.6.14.5, timeout is 2 seconds:
> 00:17:12: IP ARP: creating incomplete entry for IP address:
> 142.6.14.5 interface
> Vlan1
> 00:17:12: IP ARP: sent req src 142.6.255.254 0008.e3c3.7b00,
> dst 142.6.14.5 0000.0000.0000 Vlan1
> 00:17:12: IP ARP throttled out the ARP Request for 142.6.14.5.
> 00:17:14: IP ARP: sent req src 142.6.255.254 0008.e3c3.7b00,
> dst 142.6.14.5 0000.0000.0000 Vlan1
> 00:17:14: IP ARP throttled out the ARP Request for 142.6.14.5.
> 00:17:16: IP ARP: sent req src 142.6.255.254 0008.e3c3.7b00,
> dst 142.6.14.5 0000.0000.0000 Vlan1
> 00:17:16: IP ARP throttled out the ARP Request for 142.6.14.5.
> 00:17:18: IP ARP: sent req src 142.6.255.254 0008.e3c3.7b00,
> dst 142.6.14.5 0000.0000.0000 Vlan1
> 00:17:18: IP ARP throttled out the ARP Request for 142.6.14.5.
> 00:17:20: IP ARP: sent req src 142.6.255.254 0008.e3c3.7b00,
> dst 142.6.14.5 0000.0000.0000 Vlan1
> 00:17:20: IP ARP throttled out the ARP Request for 142.6.14.5.
> Success rate is 0 percent (0/5)
>
> I guess because 142.6.255.254 is not on common subnet between R5
> then R5 does NOT reply to ARP request from Cat3550.
> After adding static ARP entries the things started to work:
> Cat3550#sh deb
> Generic IP:
> ICMP packet debugging is on
> Cat3550#ping 142.6.43.5
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 142.6.43.5, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4
> ms
> Cat3550#
> 00:31:19: ICMP: echo reply rcvd, src 142.6.43.5, dst 142.6.58.35
> 00:31:19: ICMP: echo reply rcvd, src 142.6.43.5, dst 142.6.58.35
> 00:31:19: ICMP: echo reply rcvd, src 142.6.43.5, dst 142.6.58.35
> 00:31:19: ICMP: echo reply rcvd, src 142.6.43.5, dst 142.6.58.35
> 00:31:19: ICMP: echo reply rcvd, src 142.6.43.5, dst 142.6.58.35
> Cat3550#
>
> As You can see Cat3550 pings R5 with source address of 142.6.58.35
> (primary on interface Vlan1) and receives replies from R5.
> Otherwise if Cat3550 would send ICMP Echo with source address of
> 142.6.255.254 it would never receive a reply!
>
> I believe static ARP entries and secondary addresses on Cat3550 are
> not explicitly prohibited by Your lab scenario (as per Brian's
> email):
> 5.30. Enable IP routing on SW2.
> 5.31. SW2's only connection to the rest of the routing domain is
> through
> R5.
> In order to minimize memory and CPU utilization on SW2, the only
> routes that it should have are those which are directly connected.
> 5.32. All other routers should still have IP reachability to SW2's
> loopback
> address.
> 5.33. You are allowed one static route on R5.
>
> Can't see anything about secondary addresses/static ARP entries
>
> HTH,
> Cheers
> Alex
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: 22 June 2004 21:26
> To: Alexander Arsenyev (GU/ETL); 'Group Study'
> Subject: Re: Routing without routing protocol
>
>
> Alex,
>
> I think you might be the only person to come up with an alternative
> solution
> to NATing that would both work and not violate any lab rules.
>
> In this lab, the Cat's lo0 addr is 150.6.8.8/24.
>
> The subnet between the Cat and R5 is 142.6.58.0/24 and all the
> subnets in
> the network are of a form 142.6.x.y/24 where x equals the number of
> the
> routers on either side of the link, for example, 142.6.13.y is the
> link
> between R1 and R3, and y equals the host address.
>
> Is it possible for you to test this?
>
> If this really works that would be a very cool solution.
>
> Thanks, Tim
>
>
> ----- Original Message -----
> From: "Alexander Arsenyev (GU/ETL)"
> <alexander.arsenyev@ericsson.com>
> To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
> <ccielab@groupstudy.com>
> Sent: Tuesday, June 22, 2004 3:50 PM
> Subject: RE: Routing without routing protocol
>
>
> > Hello Tim,
> >
> > Suppose You have been given a block of IP addresses for lab
> routers:
> 1.1.0.0/16
> > The example Cat3550 config might look like following:
> >
> > interface Vlan10
> > !the L3 interface which faces R5
> > ip address 1.1.128.10 255.255.255.0
> > !the link endpoint IP address, R5 has 1.1.128.5/24
> > ip adress 1.1.0.254 255.255.128.0 secondary <-----summary for all
> other
> lab IP addresses
> > !
> > !
> > interface Lo0
> > ip address 1.1.129.20 255.255.255.0
> > !
> > You would have to play with summary address, or have to configure
> several
> summary addresses depending on how discontiguous
> > the lab subnetting is. The summary must not overlap Cat3550
> Vlan10 and Lo0
> IP addresses or it will be impossible to configure such secondary
> address.
> > HTH,
> > Cheers
> > Alex
> >
> > -----Original Message-----
> > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > Sent: 22 June 2004 20:33
> > To: Alexander Arsenyev (GU/ETL); 'Group Study'
> > Subject: Re: Routing without routing protocol
> >
> >
> > Alex,
> >
> > That sounds like a very creative solution but I don't think this
> will
> work.
> > Can you test this? I don't have a Cat 3550 otherwise I would
> test it
> > myself.
> >
> > Also, could you elaborate a little more about that summary
> address? Are
> you
> > saying to create a summary on the Cat? If so, how would you do
> that given
> > that the CAT isn't running a routing protocol. Are you saying, I
> should
> just
> > change the mask to a shorter mask, for example, the original
> address on
> the
> > Cat's interface connecting it to R5 is 142.6.58.8/24. If I
> change the
> mask
> > to /16, then, you're right, the Cat will see the source address
> of all
> pings
> > as on the same subnet and will arp for the L2 mac address. And,
> then,
> since
> > proxy arp is on by default, R5 will take it from there.
> >
> > If all I have to do is create a summary adddress on the CAT, then
> this
> > solution would work and not violate the rules. But, otherwise, I
> think,
> so
> > far, at least, that NAT is the only viable solution that doesn't
> break the
> > lab rules.
> >
> > There are general Lab instructions which prohibit adding or
> changing any
> > addresses unless explicitly stated otherwise. So, this wouldn't
> work in
> this
> > particular situation ( the 2ndary address added to the Cat
> interface), but
> I
> > really like the creativity of your solution.
> >
> > At this point I'm 99% sure the solution being looked for was NAT.
> >
> > But, thanks, I like that creative thinking.
> >
> > Tim
> >
> > ----- Original Message -----
> > From: "Alexander Arsenyev (GU/ETL)"
> <alexander.arsenyev@ericsson.com>
> > To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
> > <ccielab@groupstudy.com>
> > Sent: Tuesday, June 22, 2004 2:32 PM
> > Subject: RE: Routing without routing protocol
> >
> >
> > > Ok, the requirement is now clear.
> > > How about that:
> > > 1) summarise all lab networks into one, say, 1.1.0.0/16
> > > 2) assign unused address from this summarised network to
> Cat3550 Vlan
> > interface/L3 interface as secondary, say:
> > >
> > > int Vlan10
> > > ip add 1.1.255.254 255.255.255.0 secondary
> > >
> > > 3) then when Cat3550 has a packet (ping) to send to existing
> address it
> > will ARP for destination address
> > > because it will see them as directly connected
> > > 4) R5 will respond to ARP due to proxy ARP enabled by default
> > > 5) Cat3550 will use primary address as source of ICMP echo
> request
> > > 6) all routers in lab will be able to respond to ping if You
> configure a
> > static route on R5 and redistribute it
> > > into IGP
> > > 7) the requirement "the only routes it [Cat3550] should have
> are those
> > which are directly connected" is also preserved because the route
> to
> > 1.1.0.0/16 will be shown as "directly connected" in Cat3550 route
> table.
> > > Comments, please?
> > > HTH,
> > > Cheers
> > > Alex
> > >
> > > -----Original Message-----
> > > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > > Sent: 22 June 2004 19:18
> > > To: diptish doshi; Alexander Arsenyev (GU/ETL); 'Group Study'
> > > Subject: Re: Routing without routing protocol
> > >
> > >
> > > ODR is an interesting idea although I'm not sure if that will
> meet the
> > > requirements of the task.
> > >
> > > If I had a 3550, I'd try it out.
> > >
> > > "Enable ip routing on the 3550. The only routes it should have
> are those
> > > which are directly connected. All other routers should still
> have ip
> > > reachability to the 3550's lo0 address. You are allowed one
> static route
> > on
> > > R5"
> > >
> > > The general lab instructions prohibit PBR, default routes. etc.
> > >
> > >
> > > ----- Original Message -----
> > > From: "diptish doshi" <diptishdoshi007@yahoo.com>
> > > To: "Alexander Arsenyev (GU/ETL)"
> <alexander.arsenyev@ericsson.com>;
> > > "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
> <ccielab@groupstudy.com>
> > > Sent: Tuesday, June 22, 2004 1:59 PM
> > > Subject: RE: Routing without routing protocol
> > >
> > >
> > > > hi ,
> > > > Won't configuring ODR on R5 work ?
> > > > or im missing something.
> > > > regards,
> > > > diptish
> > > >
> > > >
> > > > --- "Alexander Arsenyev (GU/ETL)"
> > > > <alexander.arsenyev@ericsson.com> wrote:
> > > > > PBR is prohibited on R5 only or on both R5 and
> > > > > Cat3550?
> > > > > Cheers
> > > > > Alex
> > > > >
> > > > > -----Original Message-----
> > > > > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > > > > Sent: 22 June 2004 18:21
> > > > > To: Alexander Arsenyev (GU/ETL); 'Group Study'
> > > > > Subject: Re: Routing without routing protocol
> > > > >
> > > > >
> > > > > PBR, default network, static routes etc. were
> > > > > explicitly prohibited for this
> > > > > task.
> > > > >
> > > > > From the posts I've seen so far, it looks like NAT
> > > > > can be used and possibly
> > > > > irdp, but I'm not sure irdp would work.
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Alexander Arsenyev (GU/ETL)"
> > > > > <alexander.arsenyev@ericsson.com>
> > > > > To: "'Group Study'" <ccielab@groupstudy.com>
> > > > > Sent: Tuesday, June 22, 2004 1:06 PM
> > > > > Subject: RE: Routing without routing protocol
> > > > >
> > > > >
> > > > > > I believe PBR on Cat3550 also suits the
> > > > > requirement, never tried it myself
> > > > > though.
> > > > > > It is supported from IOS 12.1(13)EA1 , see
> > > > >
> > > >
> > >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/ol366401.htm#89520
> > > > > > Given that Cisco introduces new features into R&S
> > > > > lab 6 months after
> > > > > general release (see
> > > > >
> > > >
>
http://www.cisco.com/warp/public/625/ccie/rs/lab_exam_blueprint.html
> > > > > ) You
> > > > > are very likely to see Cat3550 with IOS supporting
> > > > > PBR in actual lab.
> > > > > >
> > > > > > HTH,
> > > > > > Cheers
> > > > > > Alex
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: nobody@groupstudy.com
> > > > > [mailto:nobody@groupstudy.com]On Behalf Of
> > > > > > ccie2be
> > > > > > Sent: 22 June 2004 17:45
> > > > > > To: Larry; 'MMoniz'; 'Group Study'
> > > > > > Subject: Re: Routing without routing protocol
> > > > > >
> > > > > >
> > > > > > Yeah, ip routing on the Cat was a required
> > > > > condition of the task. Based
> > > > > on
> > > > > > the other posts, I feel safe in saying that what
> > > > > they were looking for was
> > > > > > Nat, but I'm still open to the posibility that
> > > > > irdp could meet the
> > > > > > requirements, although I'm not yet 100% convinced.
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Larry" <groupstudy@american-hero.com>
> > > > > > To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'MMoniz'"
> > > > > <ccie2002@tampabay.rr.com>;
> > > > > > "'Group Study'" <ccielab@groupstudy.com>
> > > > > > Sent: Tuesday, June 22, 2004 12:39 PM
> > > > > > Subject: RE: Routing without routing protocol
> > > > > >
> > > > > >
> > > > > > > From my experience you will need to disable ip
> > > > > routing on the 3550, and
> > > > > > just
> > > > > > > enable irdp under the ethernet interface.
> > > > > > >
> > > > > > > The question is are you allowed to disable
> > > > > routing on the 3550? I know
> > > > > you
> > > > > > > said it was enabled, but does it have to stay
> > > > > enabled?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: nobody@groupstudy.com
> > > > > [mailto:nobody@groupstudy.com] On Behalf Of
> > > > > > > ccie2be
> > > > > > > Sent: Tuesday, June 22, 2004 11:00 AM
> > > > > > > To: MMoniz; Group Study
> > > > > > > Subject: Re: Routing without routing protocol
> > > > > > >
> > > > > > > OK, Mike. Maybe you're on to something, but...
> > > > > > >
> > > > > > > there's only basically one command, ip irdp.
> > > > > > >
> > > > > > > Using that one command, how do I make R5
> > > > > generate irdp messages as
> > > > > opposed
> > > > > > > to just listening for those messages. And,
> > > > > likewise with the 3550, how
> > > > > do
> > > > > > I
> > > > > > > make the 3550 listen for irdp instead of sending
> > > > > them?
> > > > > > >
> > > > > > > Thanks, Tim
> > > > > > > ----- Original Message -----
> > > > > > > From: "MMoniz" <ccie2002@tampabay.rr.com>
> > > > > > > To: "ccie2be" <ccie2be@nyc.rr.com>; "Group
> > > > > Study"
> > > > > <ccielab@groupstudy.com>
> > > > > > > Sent: Tuesday, June 22, 2004 11:32 AM
> > > > > > > Subject: RE: Routing without routing protocol
> > > > > > >
> > > > > > >
> > > > > > > > Actually you would need to enable IRDP on R5
> > > > > so it will produce IRDP
> > > > > > > > messages. The Cat will listen to these
> > > > > > > > as it will be the client.
> > > > > > > >
> > > > > > > > IRDP has the capability to "intercept" rip and
> > > > > igrp messages but this
> > > > > is
> > > > > > > not
> > > > > > > > a requirement.
> > > > > > > >
> > > > > > > > IRDP actually uses ICMP for messaging as the
> > > > > name implies. Here is a
> > > > > > link
> > > > > > > > for it.
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr
> > > > > > > > _c/ipcprt1/1cfipadr.htm#1001945
> > > > > > > >
> > > > > > > > Mike
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > > > > > > > Sent: Tuesday, June 22, 2004 11:17 AM
> > > > > > > > To: MMoniz; Group Study
> > > > > > > > Subject: Re: Routing without routing protocol
> > > > > > > >
> > > > > > > >
> > > > > > > > Hey Mike,
> > > > > > > >
> > > > > > > > Option isn't allowed - the instructions
> > > > > explicitly told me to enable
> > > > > ip
> > > > > > > > routing on the 3550.
> > > > > > > >
> > > > > > > > Re: irdp. I thought of that this morning but I
> > > > > thought if irdp were
> > > > > > used,
> > > > > > > it
> > > > > > > > would have to be on the 3550. However, since
> > > > > there's no routing
> > > > > > protocol
> > > > > > > > running on the link between the 3550 and R5,
> > > > > there wouldn't be any
> > > > > > routing
> > > > > > > > updates to listen for.
> > > > > > > >
> > > > > > > > Also, if I remember correctly, irdp only
> > > > > listens for rip or igrp
> > > > > updates
> > > > > > > and
> > > > > > > > only ospf is running on R5.
> > > > > > > >
> > > > > > > > I think there's still something else I'm
> > > > > missing.
> > > > > > > >
> > > > > > > > Thanks, I'm sure I'll find out, Tim
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "MMoniz" <ccie2002@tampabay.rr.com>
> > > > > > > > To: "ccie2be" <ccie2be@nyc.rr.com>; "Group
> > > > > Study"
> > > > > > <ccielab@groupstudy.com>
> > > > > > > > Sent: Tuesday, June 22, 2004 10:28 AM
> > > > > > > > Subject: RE: Routing without routing protocol
> > > > > > > >
> > > > > > > >
> > > > > > > > > Well I would say you have basically 2
> > > > > options here.
> > > > > > > > >
> > > > > > > > > 1. Use IRDP on R5
> > > > > > > > >
> > > > > > > > > 2. Disable IP routing on the Cat and
> > > > > configure a default-gateway.
> > > > > This
> > > > > > > is
> > > > > > > > > not a static route or a static network!!
> > > > > > > > >
> > > > > > > > > Mike
> > > > >
> > > > === message truncated ===
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > New and Improved Yahoo! Mail - 100MB free storage!
> > > > http://promotions.yahoo.com/new_mail
>
>
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:48 GMT-3