From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Apr 17 2006 - 14:02:43 GMT-3
This is a fun stupid router trick (SRT) from IEWB-RS Volume II courtesy
of Brian Dennis. The question specifically states:
3.2 Backup Interface
- The network administrator has requested that the serial link between
R4 and R5 be down during non-work hours.
- Configure R4 and R5 so that the serial interface is not up during the
nonworking hours of 5pm and 8am.
- During working hours the serial connection between R4 and R5 should be
up and up.
We know the feature of backup interface will allow the interface
to be up or down based on the tracking of another interface, but how do
we extend it to track a time range? We also know that a time range can
be bound to a layer 3 IP access-list. Since we can't apply it to the
direct layer 2 keepalives of the interface we have to involve layer 3
somehow. The answer? A tunnel.
Create a tunnel interface based off another interface (Serial0/0
in this specific case was chosen) and issue the "backup interface
Serial0/1" command, where S0/1 is the Serial between R4 and R5. Now
assuming that the tunnel is UP/UP the Serial between R4 and R5 will be
DOWN/STANDBY. So now what we need to do is make sure that the Tunnel is
only UP/UP outside of work hours. If it is DOWN/DOWN during work hours
then the Serial between R4 and R5 will be UP/UP. To do this we'll
create the time range that matches the works hours and tie it to an
access-list that blocks GRE. With GRE keepalive enabled the tunnel is
DOWN/DOWN during work hours, which causes the Serial0/1 to be UP/UP.
Once the time range becomes inactive (after work hours) the tunnel goes
UP/UP and the Serial0/1 goes DOWN/STANDBY. :)
Below is the full solution and verification:
Task 3.2
R4:
interface Tunnel45
ip unnumbered Serial0/0
backup delay 0 5
backup interface Serial0/1
keepalive 5 3
tunnel source Serial0/0
tunnel destination 176.1.145.5
!
interface Serial0/0
ip address 176.1.145.4 255.255.255.0
ip access-group DENY_GRE_WORK_HOURS in
!
ip access-list extended DENY_GRE_WORK_HOURS
deny gre host 176.1.145.5 host 176.1.145.4 time-range WORK_HOURS
permit ip any any
!
time-range WORK_HOURS
periodic daily 8:00 to 17:00
R5:
interface Tunnel45
ip unnumbered Serial0/0
keepalive 5 3
tunnel source Serial0/0
tunnel destination 176.1.145.4
Tasks 3.2 Verification
During non-working hours:
Rack1R4#clock set 18:00:00 1 Mar 2006
%SYS-6-CLOCKUPDATE: System clock has been updated from 18:05:00 UTC Wed
Mar 1 2006 to 18:00:00 UTC Wed Mar 1 2006, configured from console by
console.
Rack1R4#show access-list
Extended IP access list DENY_GRE_WORK_HOURS
10 deny gre host 176.1.145.5 host 176.1.145.4 time-range WORK_HOURS
(inactive) (0 matches)
20 permit ip any any (60 matches)
Rack1R4#show interface Tunnel45
Tunnel45 is up, line protocol is up
Hardware is Tunnel
Interface is unnumbered. Using address of Serial0/0 (176.1.145.4)
Backup interface Serial0/1, failure delay 0 sec, secondary disable
delay 5 sec,
kickin load not set, kickout load not set
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (5 sec), retries 3
Tunnel source 176.1.145.4 (Serial0/0), destination 176.1.145.5
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:11:23, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
148 packets input, 8944 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
173 packets output, 10536 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Rack1R4#show backup
Primary Interface Secondary Interface Status
----------------- ------------------- ------
Tunnel45 Serial0/1 normal operation
Rack1R4#show interface s0/1
Serial0/1 is standby mode, line protocol is down
Hardware is QUICC Serial
Internet address is 176.1.45.4/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10 sec)
Last input 00:05:46, output 00:05:46, output hang never
Last clearing of "show interface" counters 2d04h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
33688 packets input, 1485544 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
33474 packets output, 1466606 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions
DCD=up DSR=up DTR=down RTS=down CTS=up
During working hours:
Rack1R4#clock set 8:01:00 1 Mar 2006
%SYS-6-CLOCKUPDATE: System clock has been updated from 18:05:52 UTC Wed
Mar 1 2006 to 08:01:00 UTC Wed Mar 1 2006, configured from console by
console.
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel45, changed state
to down
%LINK-3-UPDOWN: Interface Serial0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state
to up
Rack1R4#show access-list
Extended IP access list DENY_GRE_WORK_HOURS
10 deny gre host 176.1.145.5 host 176.1.145.4 time-range WORK_HOURS
(active) (28 matches)
20 permit ip any any (179 matches)
Rack1R4#show backup
Primary Interface Secondary Interface Status
----------------- ------------------- ------
Tunnel45 Serial0/1 backup mode
Rack1R4#show interface Tunnel45
Tunnel45 is up, line protocol is down
Hardware is Tunnel
Interface is unnumbered. Using address of Serial0/0 (176.1.145.4)
Backup interface Serial0/1, failure delay 0 sec, secondary disable
delay 5 sec,
kickin load not set, kickout load not set
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (5 sec), retries 3
Tunnel source 176.1.145.4 (Serial0/0), destination 176.1.145.5
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:17:48, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
211 packets input, 11968 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
250 packets output, 14232 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Rack1R4#show interface s0/1
Serial0/1 is up, line protocol is up
Hardware is QUICC Serial
Internet address is 176.1.45.4/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: CDPCP, IPCP, loopback not set
Keepalive set (10 sec)
Last input 00:00:02, output 00:00:08, output hang never
Last clearing of "show interface" counters 2d04h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
33714 packets input, 1488210 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
33502 packets output, 1469368 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Guyler, Rik
> Sent: Monday, April 17, 2006 10:08 AM
> To: 'ccielab@groupstudy.com'
> Subject: RE: Backup Interface
>
> But the original question said "the serial interface is not up during
> working hours of 5pm and 6am". Does this mean the interface itself is
not
> up/up or does it mean not moving data?
>
> Rik
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Schulz, Dave
> Sent: Monday, April 17, 2006 10:25 AM
> To: Naveed Khan; CCIEin2006
> Cc: Cisco certification
> Subject: RE: Backup Interface
>
> You're welcome, Naveed.
>
> ________________________________
>
> From: Naveed Khan [mailto:naveed_k@hotmail.com]
> Sent: Mon 4/17/2006 1:22 PM
> To: Schulz, Dave; CCIEin2006
> Cc: Cisco certification
> Subject: Re: Backup Interface
>
>
> Yes I got it. I thought it just like backup interface command. Thankx
a
> lot.
> Naveed
>
> ----- Original Message -----
> From: Schulz, Dave <mailto:DSchulz@dpsciences.com>
> To: Naveed Khan <mailto:naveed_k@hotmail.com> ; CCIEin2006
> <mailto:ciscocciein2006@gmail.com>
> Cc: Cisco certification <mailto:ccielab@groupstudy.com>
> Sent: Monday, April 17, 2006 7:18 AM
> Subject: RE: Backup Interface
>
> You apply it directly in the access list....you must use the
> extended acl....
>
> access-list 100 permit ip any any time-range WORK_HRS
>
> interface s0/0
> ip access-group 100 in
>
> HTH,
> Dave
>
>
>
> ________________________________
>
> From: Naveed Khan [mailto:naveed_k@hotmail.com]
> Sent: Mon 4/17/2006 1:13 PM
> To: CCIEin2006; Schulz, Dave
> Cc: Cisco certification
> Subject: Re: Backup Interface
>
>
> Hi
> I understand that I could setup time-range but how I apply that.
> Naveed
>
> ----- Original Message -----
> From: CCIEin2006 <mailto:ciscocciein2006@gmail.com>
> To: Schulz, Dave <mailto:DSchulz@dpsciences.com>
> Cc: Naveed Khan <mailto:naveed_k@hotmail.com> ; Cisco
> certification <mailto:ccielab@groupstudy.com>
> Sent: Monday, April 17, 2006 7:11 AM
> Subject: Re: Backup Interface
>
> Okay, but thats more for a dialer interface, how do you
> apply it to a point to point circuit?
>
>
> On 4/17/06, Schulz, Dave <DSchulz@dpsciences.com> wrote:
>
> Take a look at time-ranges applied to an ACL.
HTH.
>
> Dave
>
> ________________________________
>
> From: nobody@groupstudy.com on behalf of Naveed
Khan
> Sent: Mon 4/17/2006 12:13 PM
> To: Cisco certification
> Subject: Backup Interface
>
>
>
> Hello
> Any clue for this scenario?
> Configure RouterA and RouterB so the serial
> interface is not up during
> working
> hours of 5pm and 6am.
> Naveed
>
>
>
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:57 GMT-3