아래는 예는 255.255.255.255 마스크를 사용하여, 정적경로지정하는 예

Document Sample
아래는 예는 255.255.255.255 마스크를 사용하여, 정적경로지정하는 예 Powered By Docstoc
					아래는 예는 255.255.255.255 마스크를 사용하여, 정적경로지정하는 예입니다.


경로 지정방식은
ip route 204.10.tt.tt 255.255.255.255 FastEthernet0/0


예

-----------------------------
Here is filtered version of configuration:-

boot-start-marker
boot-end-marker
!
logging buffered 16000 warnings
logging console critical
enable secret 5 @#$#$@#$
!
memory-size iomem 20
clock timezone EST -5
clock summer-time EDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
!
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server x.x.x.x
!
no ip bootp server
ip dhcp-server 192.168.1.15
!
username administrator password 0 password
!
!
!
interface Multilink1
description Internet
ip address 204.10.xx.x 255.255.255.248
no ip redirects
ip nat outside
load-interval 30
no cdp enable
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
!
interface FastEthernet0/0
description connection to firewall
ip address 204.10.yy.y 255.255.255.252
speed auto
full-duplex
!
interface Serial0/0
description Multilink1
no ip address
encapsulation ppp
load-interval 30
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/1
ip address 192.168.1.3 255.255.255.0
ip helper-address 192.168.1.15
duplex auto
speed auto
!
interface Serial0/1
description Point to Point to second location
ip address 192.168.255.5 255.255.255.252
encapsulation ppp
load-interval 30
no fair-queue
!
interface Serial1/0
description Point to Point to third location
ip address 192.168.255.1 255.255.255.252
ip helper-address 192.168.1.15
ip nat inside
encapsulation ppp
ip policy route-map thirdloc
load-interval 30
no fair-queue
!
interface Serial1/1
description Multilink1
no ip address
encapsulation ppp
load-interval 30
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
ip nat inside source list 15 interface Multilink1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 multilink1
ip route 0.0.0.0 0.0.0.0 public_ip_second_loc 15
ip route 192.168.1.0 255.255.255.0 192.168.1.1
ip route 192.168.3.0 255.255.255.0 192.168.255.6
ip route 192.168.4.0 255.255.255.0 192.168.255.2
ip route public_ip_second_loc 255.255.255.255 192.168.255.6
ip route 204.10.tt.tt 255.255.255.255 FastEthernet0/0
ip route 204.10.tt.tt 255.255.255.255 FastEthernet0/0
ip route 204.10.tt.tt 255.255.255.255 FastEthernet0/0
ip route 204.10.tt.tt 255.255.255.255 FastEthernet0/0
ip route 204.10.vv.vv 255.255.255.252 Serial0/1
!
!
logging 204.10.60.xx
access-list 7 permit 192.168.4.0 0.0.0.255
access-list 7 permit 192.168.3.0 0.0.0.255
access-list 7 permit 192.168.255.0 0.0.0.255
access-list 10 permit 69.141.85.99 log
access-list 10 permit 192.168.0.0 0.0.255.255 log
access-list 10 permit 204.10.60.0 0.0.3.255 log
access-list 10 permit 8.10.241.0 0.0.0.255 log
access-list 15 permit 192.168.4.0 0.0.0.255
access-list 50 permit any
no cdp run
route-map thirdloc permit 10
match ip address 7
set ip next-hop 192.168.1.2
!
end

The problem is two fold:-
1. The hosts on network 192.168.4.0 cannot get to dhcp server (192.168.1.15).
Also, from the current router, 192.168.255.2 (router's ip at third location) is unreachable.
2. The multilink1 is only working for one serial interface Serial 0/0.




  1. CASE PRINCIPLE


 Vyatta version used: VC 2.0 Feb 20, 2007

 In this first case study, we will see a very simple example where the routing is done with only static routes.



 Read the Vyatta policy about the Community Edition.




  2. PICTURE




                                                                                      Functionalities tested:

                                                                                         Interface settings
                                                                                         Static routes
                                                                                         Telnet access




  3. CONFIGURATIONS


 CISCO ROUTER 2651                                              VYATTA A ROUTER

 interface FastEthernet0/1                                      edit interfaces ethernet eth0
   ip address 10.1.3.2 255.255.255.0                             set address 10.1.3.1 prefix-length 24

 interface FastEthernet0/0                                      edit interfaces ethernet eth1
   ip address 10.1.4.2 255.255.255.0                             set address 10.1.1.1 prefix-length 24


 hostname Cisco-2651                                            set system host-name VyattaA

 ip route 10.1.0.0 255.255.0.0 10.1.3.1                         set protocols static route 10.1.0.0/16 next-hop 10.1.3.2
                                               set protocols static route 10.200.1.4/32 next-hop 10.1.3.2
ip route 10.200.1.4 255.255.255.255 10.1.4.1   set protocols static route 10.200.1.1/32 next-hop 10.1.1.2
ip route 10.200.1.1 255.255.255.255 10.1.3.1

line vty 0 4                                   set service telnet
  no login

enable secret password                         edit system login user vyatta
                                               set authentification plaintext-password password


CISCO SWITCH L3 3750                           VYATTA B ROUTER

interface vlan 1                               edit interfaces ethernet eth1
  ip address 10.1.1.2 255.255.255.0             set address 10.1.4.1 prefix-length 24

interface Loopback 1                           edit interfaces loopback lo
  ip address 10.200.1.1 255.255.255.255         set address 10.200.1.4 prefix-length 32

hostname 3750_L3                               set system host-name VyattaB

ip route 0.0.0.0 0.0.0.0 10.1.1.1              set system static gateway-address 10.1.4.2

line vty 0 4                                   set service telnet
no login

enable secret password                         edit system login user vyatta
                                               set authentification plaintext-password password

ip routing
ip multicast-routing distributed



 4. SHOW COMMANDS

  ROUTING TABLE

vyatta@VyattaA#show route




Cisco-2651#show ip route




vyatta@VyattaB#show route
3750_L3#show ip route




  INTERFACES

vyatta@VyattaA#show interfaces ethernet eth0 physical




vyatta@VyattaA#show interfaces ethernet eth0 statistics




Cisco-2651#show ip interface brief




Cisco-2651#show ip interface FastEthernet 0/1
vyatta@VyattaA#show version




Cisco-2651#show version
OSPF 사용 예…..




 1. CASE PRINCIPLE


Vyatta version used: VC 2.0 Feb 20, 2007

In this second case study, we will see an example where two Desktops are connected between each other through two routers, on e Cisco 2651
router and one Vyatta router.
The routers use the OSPF dynamic routing protocol to advertise the IP networks.



Read the Vyatta policy about the Community Edition.




 2. PICTURE




                                                                                 Functionalities tested:

                                                                                 (click on the web links to have more details about a
                                                                                 protocol)

                                                                                   Interface settings
                                                                                   OSPF - backbone area
                                                                                   SSH access
                                                                                   Telnet access
                                                                                   Web access




 3. CONFIGURATIONS


CISCO ROUTER                                               VYATTA ROUTER


interface FastEthernet0/0                                  edit interfaces ethernet eth0
  description link to Vyatta router                         set description "link to Cisco router"
  ip address 200.0.0.2 255.255.255.0                        set address 200.0.0.1 prefix-length 24
  duplex full                                               set duplex full
  speed 100                                                 set speed 100

interface FastEthernet0/1                                  edit interfaces ethernet eth1
  description link to Desktop A                             set description "Desktop B"
  ip address 10.1.0.2 255.255.255.0                         set address 10.2.0.1 prefix-length 24

interface Loopback1                                        edit interfaces loopback lo
  ip address 10.200.1.1 255.255.255.255                     set address 10.200.1.2 prefix-length 32

                                                           set protocols ospf4
router ospf 1                                              edit protocols ospf4
                                                            set router-id 10.200.1.2
 network 10.1.0.0 0.0.0.255 area 0                          set area 0.0.0.0 interface eth0 address 200.0.0.1
 network 10.200.1.1 0.0.0.0 area 0                          set area 0.0.0.0 interface eth1 address 10.2.0.2
 network 200.0.0.0 0.0.0.255 area 0                         set area 0.0.0.0 interface lo address 10.200.1.2

hostname cisco                                             set system host-name Vyatta-Router

line vty 0 4                                               set service telnet
  no login
ip http server                                             set service http
                                                           set service ssh

                                                           edit system login user vyatta
enable secret password
                                                            set authentification plaintext-password password

Desktop A                                                 Desktop B

ip address:              10.1.0.3                         ip address:  10.2.0.3
subnet mask:             255.255.255.0                    subnet mask: 255.255.255.0
gateway:                 10.1.0.2                         gateway:     10.2.0.2
                         Screenshot                                    Screenshot

SEE THE ENTIRE CONFIGURATION OF THE DEVICES:

2651 Cisco router
Vyatta router

You can use a Cisco 3750 L3 switch instead of the 2651 Cisco router:
3750 switch L3



 4. SHOW COMMANDS

  ROUTING TABLE

vyatta@Vyatta-Router#show route




cisco#show ip route




  ROUTE FOR A SUBNET

vyatta@Vyatta-Router#show route | match 10.1.0.0




cisco#show ip route | include 10.2.0.0




  ROUTE FOR A NEXT-HOP

vyatta@Vyatta-Router#show route next-hop 200.0.0.2




cisco#show ip route | include 200.0.0.1




  OSPF NEIGHBORS

vyatta@Vyatta-Router#show opsf4 neighbor
cisco#show ip ospf neighbor




  OSPF DATABASE

vyatta@Vyatta-Router#show opsf4 database




cisco#show ip ospf database




  INTERFACE STATS 1

vyatta@Vyatta-Router#show interfaces ethernet eth0 statistics




cisco#show interfaces FastEthernet 0/0
  INTERFACE STATS 2
vyatta@Vyatta-Router#show interfaces ethernet eth0 physical




cisco#show ip interface brief




END TO END CONNECTIVITY CHECKS:

From Desktop A
C:\>tracert 10.2.0.3




From Desktop B
C:\>tracert 10.2.0.3
복잡한 OSPF
1. CASE PRINCIPLE


Vyatta version used: VC 2.0 Feb 20, 2007

We will test in this third example a medium difficulty level environment where two desktops are linked together with two OPSF areas, one OSPF
area is tagged as stub area. Other Vyatta functionalities listed below are tested in the same time.

The Vyatta A router and the Layer 3 Switch are located in a stub area. They have OPSF intra (O) and inter-area routes (OIA) in their routing
tables but no external OSPF route. To route these external OPSF networks like 10.200.1.4 (see next paragraph), there is a default OSPF route to
the border router (Vyatta A router) on the routers inside area 1.
Vyatta A is a border router because it is in area 0 or backbone area and in area 1.

For the purpose of our case study, the 10.200.1.4 static route is redistributed into OSPF on the Vyatta B router to "artificially" create an external
OPSF network tagged as OE2. Because of the stub area, this network should not be propagated on the Vyatta A router and the Layer 3 Switch.



Please be aware that the Vyatta ntp synchronization and dhcp relay settings do not work on Vyatta VC2.
Read the Vyatta policy about the Community Edition.




 2. PICTURE




                                                                                        Functionalities tested:

                                                                                        (click on the web links to have more details about a
                                                                                        protocol)

                                                                                          Interface settings
                                                                                          OSPF - backbone area
                                                                                          OSPF - multi area
                                                                                          OSPF - stub area
                                                                                          Static routing
                                                                                          Redistribution - static to OSPF
                                                                                          DHCP server
                                                                                          SNMP settings
                                                                                          Syslog settings
                                                                                          802.1Q - trunking
                                                                                          SSH access
                                                                                          Telnet access
                                                                                          ntp synchronization




 3. CONFIGURATIONS
SWITCH LAYER 2 IOS: 12.2-25.SEB4           See the entire configuration

interface GigabitEthernet 1/0/1
  description Vyatta_A
  switchport mode trunk
  switchport trunk encapsulation dot1q

interface GigabitEthernet1/0/2
  description DHCP_client
  switchport access vlan 2

interface GigabitEthernet1/0/3
  switchport access vlan 3

interface GigabitEthernet1/0/4
  switchport access vlan 100

interface vlan 1
  shutdown

interface vlan 2
  ip address 10.101.2.1 255.255.255.0

interface vlan 3
  ip address 10.101.3.1 255.255.255.0

interface vlan 100
  ip address 10.101.1.1 255.255.255.0

ip default-gateway 10.101.1.2

logging 10.102.1.99
logging trap debugging

snmp-server community TeddyBear RO 50
access-list 50 permit 10.102.1.99

line vty 0 4
  no login

enable secret password

ntp server 10.1.2.2


VYATTA A ROUTER VC2 Feb 20, 2007           See the entire configuration

set interfaces ethernet eth0
edit interfaces ethernet eth0
 set description Switch_Layer3
 set address 10.100.1.2 prefix-length 24

set interfaces ethernet eth1
edit interfaces ethernet eth1
 set description Switch_Layer2
 set vif 2 address 10.101.2.2 prefix-length 24
 set vif 3 address 10.101.3.2 prefix-length 24
 set vif 100 address 10.101.1.2 prefix-length 24

set interfaces loopback lo
edit interfaces loopback lo
 set address 10.200.1.1 prefix-length 32

set protocols ospf4
edit protocols ospf4
 set router-id 10.200.1.1
 set area 0.0.0.1 area-type stub
 set area 0.0.0.1 interface lo address 10.200.1.1
 set area 0.0.0.1 interface eth0 address 10.100.1.2
 set area 0.0.0.1 interface eth1.2 address 10.101.2.2
 set area 0.0.0.1 interface eth1.3 address 10.101.3.2
 set area 0.0.0.1 interface eth1.100 address 10.101.1.2

set protocols snmp
edit protocols snmp
 set community TeddyBear   authorization ro
 set community TeddyBear   client 10.102.1.99
 set community TeddyBear   location Paris-router
 set community TeddyBear   contact Guillaume

edit system
 set host-name VyattaA
 set ntp-server 10.1.2.2
 delete ntp-server 69.59.150.135
 set login user vyatta authentification plaintext-password password
 set login user root authentification plaintext-password password

set service dhcp-server name server1
edit service dhcp-server name server1
 set start 10.101.2.101 stop 10.101.2.120
 set default-router 10.101.2.2
 set network-mask 24
 set interface eth1.2

set system syslog host 10.102.1.99 facility * level info

set service telnet
set service ssh

commit


SWITCH LAYER 3 IOS: 12.2-25.SEE2            See the entire configuration

hostname 3750-Cisco

ip routing
ip multicast-routing distributed

interface Vlan1
  ip address 10.100.1.1 255.255.255.0

interface Vlan2
  ip address 10.100.2.1 255.255.255.0

interface FastEthernet1/0/1
  description Vyatta_A

interface FastEthernet1/0/2
  description Vyatta_B
  switchport access vlan 2

interface Loopback1
  ip address 10.200.1.3 255.255.255.255

router ospf 1
 area 1 stub
 network 10.100.1.0 0.0.0.255 area 1
 network 10.100.2.0 0.0.0.255 area 1
 network 10.200.1.3 0.0.0.0 area 1

logging trap informational
logging 10.102.1.99

access-list 50 permit 10.102.1.99
snmp-server community TeddyBear RO 50

ip domain-name domain.net
crypto key generate rsa

line vty 0 4
  no login

enable secret password

ntp server 10.1.2.2


VYATTA B ROUTER VC2 Feb 20, 2007            See the entire configuration

set interfaces ethernet eth0
edit interfaces ethernet eth0
 set description Switch_Layer3
 set address 10.100.2.2 prefix-length 24

set interfaces ethernet eth1
edit interfaces ethernet eth1
 set description Cisco_2651
 set address 10.1.2.1 prefix-length 24

set interfaces loopback lo
edit interfaces loopback lo
 set address 10.200.1.2 prefix-length 32

set protocols ospf4
edit protocols ospf4
 set router-id 10.200.1.2
 set area 0.0.0.0 interface eth1 address 10.1.2.1
 set area 0.0.0.0 interface lo address 10.200.1.2
 set area 0.0.0.1 area-type stub
 set area 0.0.0.1 default-lsa disable false
 set area 0.0.0.1 interface eth1 address 10.100.2.2
 set export static-to-OPSF

set protocols static route 10.200.1.4/32 next-hop 10.1.2.2

set protocols snmp
edit protocols snmp
 set community TeddyBear     authorization ro
 set community TeddyBear     client 10.102.1.99
 set community TeddyBear     location London-router
 set community TeddyBear     contact Philou

set policy policy-statement static-to-OSPF
edit policy policy-statement static-to-OSPF
 set term from protocol static
 set term then action accept

edit system
 set host-name VyattaB
 set ntp-server 10.1.2.2
 delete ntp-server 69.59.150.135
 set login user vyatta authentification plaintext-password password
 set login user root authentification plaintext-password password

set system syslog host 10.102.1.99 facility * level info

set service telnet
set service ssh

commit


CISCO 2651 IOS: 12.2-23a         See the entire configuration

hostname cisco-2651

interface FastEthernet 0/0
  description Vyatta B router
  ip address 10.1.2.2 255.255.255.0

interface FastEthernet 0/1
  description SNMP/Syslog/TFTP server
  ip address 10.102.1.1 255.255.255.0

interface Loopback1
  ip address 10.200.1.4 255.255.255.255

router ospf 1
 network 10.1.2.0 0.0.0.255 area 0
 network 10.102.1.0 0.0.0.255 area 0

logging trap informational
logging 10.102.1.99

access-list 50 permit 10.102.1.99
snmp-server community TeddyBear RO 50

line vty 0 4
  no login

enable secret password

ntp master



Desktop A Microsoft Windows Config
Desktop B Microsoft Windows Config

  Save the configurations on the 10.102.1.99 TFTP server:

Cisco_device#copy run tftp
Vyatta_device#save tftp://10.102.1.99/vyatta.conf

  SNMP check from the SNMP server (Ubuntu or Debian):

Install SNMP server:
#apt-get install snmp

snmpstatus -vcommunity_level -c community_name ip_address
example:
#snmpstatus -v2c -c TeddyBear 10.100.2.2

  Top of the page



 4. SHOW COMMANDS

  SWITCH LAYER 2

Switch_L2#show ip route
Switch_L2#show interfaces GigabitEthernet 1/0/1 trunk




Switch_L2#show ntp associations




 VYATTA A ROUTER

vyatta@VyattaA#show route




vyatta@VyattaA#show ospf4 neighbor




vyatta@VyattaA#show ospf4 database




vyatta@VyattaA#show dhcp lease
vyatta@VyattaA#show dhcp statistics




vyatta@VyattaA#show ntp associations




 SWITCH LAYER 3

3750-Cisco#show ip route




3750-Cisco#show ip ospf neighbor




3750-Cisco#show ip ospf database
3750-Cisco#show ntp associations




 VYATTA B ROUTER

vyatta@VyattaB#show route




vyatta@VyattaB#show ospf4 neighbor




vyatta@VyattaB#show ospf4 database
vyatta@VyattaB#show ntp associations




 ROUTER 2651

cisco-2651#show ip route




cisco-2651#show ip ospf neighbor
cisco-2651#show ip ospf database




cisco-2651#show ntp associations




cisco-2651#show ntp status




END TO END CONNECTIVITY CHECKS:

From Desktop A to Desktop B
C:\>tracert 10.102.1.99




From Desktop B to Desktop A
C:\>tracert 10.101.2.119
BGP 예

 1. CASE PRINCIPLE


BE CAREFUL, THIS CASE STUDY HAS NOT BEEN VALIDATED

The configurations below are for information ONLY!!!

We noticed that under Vyatta VC 3.0 the OSPF -> BGP redistribution leads to the BGP process crash.




Unfortunately, we cannot provide you the results of our tests because of some bugs crashing the bgp routing table.
Read the Vyatta policy about the Community Edition.

https://bugzilla.vyatta.com/show_bug.cgi?id=932
https://bugzilla.vyatta.com/show_bug.cgi?id=1469




 2. PICTURE
                                                              Functionalities tested:

                                                              (click on the web links to have more details about
                                                              a protocol)

                                                                Interface settings
                                                                OSPF - backbone area
                                                                BGP
                                                                Redistr. - BGP to OSPF
                                                                Redistr. - OSPF to BGP
                                                                Telnet access




  Top of the page




 3. CONFIGURATIONS

  ROUTERS CONFIGURATIONS


ROUTER 2651 A IOS: 12.2-23a
   See the entire configuration


interface FastEthernet0/1
  ip address 10.0.2.99 255.255.255.0
  no shutdown

interface FastEthernet0/0
  ip address 10.0.1.99 255.255.255.0
  no shutdown

interface Loopback 1
  ip address 50.0.1.99 255.255.255.255

Cisco_2651_A


router ospf 1
 network 10.0.1.0 0.0.0.255 area 0
 network 10.0.2.0 0.0.0.255 area 0
 network 50.0.1.99 0.0.0.0 area 0

line vty 0 4
  no login

enable secret password


SWITCH L3 3750 IOS: 12.2-25.SEE4         VYATTA A VC 3.0 Oct 29, 2007
   See the entire configuration             See the entire configuration


interface vlan 1                         edit interfaces ethernet eth0
  ip address 10.1.1.2 255.255.255.0       set address 10.0.2.2 prefix-length 24
  no shutdown
interface FastEthernet1/0/1
  switchport access vlan 1

interface vlan 2                         edit interfaces ethernet eth1
  ip address 100.0.1.1 255.255.255.0      set address 100.0.2.2 prefix-length 24
  no shutdown
interface FastEthernet1/0/2
  switchport access vlan 2

interface Loopback 1                     edit interfaces loopback lo
  ip address 50.0.1.1 255.255.255.255     set address 50.0.1.2 prefix-length 32

hostname Cisco_3750_L3                   set system host-name Vyatta-A


                                         set policy policy-statement to-OSPF
                                         edit policy policy-statement to-OSPF
                                          set term 1 from protocol connected
                                          set term 1 then metric 2000
                                          set term 1 then action accept
                                          set term 2 from protocol bgp
                                          set term 2 then metric 2000
                                          set term 2 then action accept


router ospf 1
                                         set protocols ospf4
 network 10.0.1.0 0.0.0.255 area 0
                                         edit protocols ospf4
                                          set area 0.0.0.0 interface eth0 address 10.0.2.2
 redistribute connected metric 1000
                                          set router-id 50.0.1.2
 metric-type 1 subnets
                                          set export to-OSPF
 redistribute bgp 65001 metric 1000
 metric-type 1 subnets


                                         set policy policy-statement to-BGP
                                         edit policy policy-statement to-BGP
                                          set term 1 from protocol connected
                                          set term 1 then action accept
                                          set term 2 from protocol ospf4
                                          set term 2 then action accept



                                         set protocols bgp
router bgp 65001
                                         edit protocols bgp
 no synchronization
                                          set bgp-id 50.0.1.2
 bgp router-id 50.0.1.1
                                          set local-as 65001
 network 50.0.1.1 mask 255.255.255.255
                                          set peer 10.0.1.1 as 65001
 redistribute connected
                                          set peer 10.0.1.1 local-ip 10.0.2.2
 redistribute ospf 1
                                          set peer 10.0.1.1 next-hop 10.0.2.2
 neighbor 10.0.2.2 remote-as 65001
                                          set peer 100.0.2.4 as 65004
 neighbor 100.0.1.3 remote-as 65003
                                          set peer 100.0.2.4 local-ip 100.0.2.2
 neighbor 100.0.1.3 route-map r2 in
                                          set peer 100.0.2.4 next-hop 100.0.2.2
 no auto-summary
                                          set peer 100.0.2.4 import LocalPref
                                          set export to-BGP


route-map r2 permit 10                   set policy policy-statement LocalPref
 set local-preference 333                edit policy policy-statement LocalPref
                                          set term 1 then localpref 222
                                          set term 1 then action accept

line vty 0 4                             set service telnet
  no login

enable secret password


ip routing
ip multicast-routing distributed


ROUTER 2651 B IOS: 12.2-23a              VYATTA B VC 3.0 Oct 29, 2007
   See the entire configuration             See the entire configuration


interface FastEthernet0/0                edit interfaces ethernet eth0
  ip address 100.0.1.3 255.255.255.0      set address 200.0.1.5 prefix-length 24
  no shutdown

interface FastEthernet0/1                edit interfaces ethernet eth1
  ip address 200.0.1.3 255.255.255.0      set address 200.0.2.5 prefix-length 24
 no shutdown

interface Loopback 1                                              edit interfaces loopback lo
  ip address 50.0.1.3 255.255.255.255                              set address 50.0.1.5 prefix-length 32

hostname Cisco_2651_B                                             set system host-name Vyatta-B

                                                                  set policy policy-statement to-BGP
                                                                  edit policy policy-statement to-BGP
                                                                   set term 1 from protocol connected
                                                                   set term 1 then action accept

                                                                  set protocols bgp
                                                                  edit protocols bgp
router bgp 65003
                                                                   set bgp-id 50.0.1.5
 bgp router-id 50.0.1.3
                                                                   set local-as 65005
 network 50.0.1.3 mask 255.255.255.255
                                                                   set peer 200.0.1.3 as 65003
 redistribute connected
                                                                   set peer 200.0.1.3 local-ip 200.0.1.5
 neighbor 100.0.1.1 remote-as 65001
                                                                   set peer 200.0.1.3 next-hop 200.0.1.5
 neighbor 200.0.1.5 remote-as 65005
                                                                   set peer 200.0.2.4 as 65004
 neighbor 200.0.1.5 route-map r3 out
                                                                   set peer 200.0.2.4 local-ip 200.0.2.5
 no auto-summary
                                                                   set peer 200.0.2.4 next-hop 200.0.2.5
                                                                   set export to-BGP

route-map r3 permit 10
 set metric 55

line vty 0 4                                                      set service telnet
  no login

enable secret password


ROUTER 2651 C IOS: 12.2-46a
   See the entire configuration


interface FastEthernet0/0
  ip address 100.0.2.4 255.255.255.0
  no shutdown

interface FastEthernet0/1
  ip address 200.0.2.4 255.255.255.0
  no shutdown

interface Loopback 1
  ip address 50.0.1.4 255.255.255.255

router bgp 65004
 bgp router-id 50.0.1.4
 network 50.0.1.4 mask 255.255.255.255
 redistribute connected
 neighbor 100.0.2.2 remote-as 65001
 neighbor 200.0.2.5 remote-as 65005
 neighbor 200.0.2.5 route-map r99 out
 no auto-summary

hostname Cisco_2651_C


route-map r99 permit 10
 set metric 99

line vty 0 4
  no login

enable secret password

VRPP 예

. CASE PRINCIPLE


Vyatta version used: VC 2.2 Aug 30, 2007

We will study here a standardized routing redundancy protocol called VRRP (Virtual Routing Redundancy Protocol). It is based on the Cisco
redundancy protocol called HSRP and is the only way to provide redundancy between routers from different manufacturer.
The router having the highest VRRP priority is elected as master. It owns a MAC address which looks like 00-00-5E-00-01-XX and corresponding
to the virtual VRRP IP address.
For more information about VRRP, visit the excellent VRRP Wikipedia page.



Read the Vyatta policy about the Community Edition.



 2. PICTURE
                                                                                           Functionalities tested:

                                                                                           (click on the web links to have more details about a
                                                                                           protocol)

                                                                                              Interface settings
                                                                                              VRRP
                                                                                              Telnet access




 3. CONFIGURATIONS


CISCO ROUTER 2651 IOS: 12.4(16)                                 VYATTA ROUTER VC2.2 Aug 30, 2007
   See the entire configuration                                    See the entire configuration



interface FastEthernet0/0                                       edit interfaces ethernet eth1
  ip address 172.16.10.2 255.255.255.0                           set address 172.16.10.3 prefix-length 24
                                                                 set vrrp vrrp-group 100
 vrrp   100   ip 172.16.10.1                                     set vrrp virtual-address 172.16.10.1
 vrrp   100   priority 80                                        set vrrp priority 100
 vrrp   100   preempt                                            set vrrp preempt true
 vrrp   100   authentification 123                               set vrrp authentification 123

hostname Cisco-router                                           set system host-name Vyatta-Router

line vty 0 4                                                    set service telnet
  no login

enable secret password                                          edit system login user vyatta
                                                                 set authentification plaintext-password password



 4. SHOW COMMANDS

Vyatta_Router>show vrrp


Physical interface: eth0, Address: 172.16.10.1

        Interface state: up, Group: 100, State: master

        Priority: 100, Advertisement interval: 1s, Authentication type: simple

        Preempt: yes, VIP count: 1, VIP: 172.16.10.1

        Advertisement timer: 763s, Master router: 172.26.10.2

        Virtual MAC: 00:00:5E:00:01:64


Cisco-Router#show vrrp brief




Cisco-Router#show vrrp all


FastEthernet0/0 - Group 100

         State is Backup

         Virtual IP address is 172.26.10.1

         Virtual MAC address is 0000.5e00.0164

         Advertisement interval is 1.000 sec

         Preemption enabled

         Priority is 80

         Authentication text "123"

         Master Router is 172.26.10.2, priority is 100

         Master Advertisement interval is 1.000 sec
       Master Down interval is 3.687 sec



Packet analysis from Desktop:

A VRRP packet is captured with the Wireshark tool.
Note that the VRRP authentification string ("123") is sent in clear text.




 1. CASE PRINCIPLE


Vyatta version used: VC 2.0 Feb 20, 2007

The Static NAT, where one IP address is translated to another IP address, can be used to reach an internal web server from the Internet.
A benefit of static NAT compared to any other type of NAT is that the TCP or UDP ports are not modified during the translation.

In our example, we configured a source and destination static NAT.



 2. PICTURE
                                                             Functionalities tested:

                                                             (click on the web links to have more details about a
                                                             protocol)

                                                                Interface settings
                                                                Telnet access
                                                                NAT - Static
                                                                Static Routing




 3. CONFIGURATIONS


CISCO ROUTER 2651 IOS: 12.2(15)T17     VYATTA ROUTER VC2 Feb 20, 2007


interface FastEthernet0/0              edit interfaces ethernet eth1
  description Server A                  set description ServerB
  ip address 10.0.0.1 255.255.255.0     set address 10.0.0.1 prefix-length 24
  ip nat inside

interface FastEthernet0/1              edit interfaces ethernet eth0
  description Vyatta                    set description Cisco
  ip address 50.0.0.2 255.255.255.0     set address 50.0.0.1 prefix-length 24
  ip nat outside

ip route 60.0.0.0 255.255.255.240      set protocols static route 70.0.0.0/28 next-hop
50.0.0.1                               50.0.0.2

ip nat inside source static 10.0.0.2   set service nat rule 1
70.0.0.2                               edit service nat rule 1
                                        set type destination
                                        set translation-type static
                                        set inbound-interface eth0
                                        set protocols all
                                        set source network 0.0.0.0/0
                                        set destination address 60.0.0.56
                                        set inside-address address 10.0.0.2

                                       set service nat rule 2
                                       edit service nat rule 2
                                        set type source
                                        set translation-type static
                                        set outbound-interface eth0
                                        set protocols all
                                        set source address 10.0.0.2
                                        set destination network 0.0.0.0/0
                                        set outside-address address 60.0.0.2

line vty 0 4                           set service telnet
  no login

enable secret password                 edit system login user vyatta
                                        set authentification plaintext-password password



 4. SHOW COMMANDS

vyatta@vyatta>show nat rules




vyatta@vyatta>show nat statistics
vyatta:~#tcpdump -v -p icmp
(must be executed by the root user at the Linux prompt)




Router#show ip nat translations




Router#show ip nat statistics




Router#debug ip nat
Router#terminal monitor




END TO END CONNECTIVITY CHECKS:

From WebServerA:
c:\>tracert 60.0.0.2




From WebServerB:
c:\>tracert 70.0.0.2




 Top of the page
2.1 CASE PRINCIPLE        2.2 PICTURE        2.3 CONFIGURATIONS           2.4 SHOW COMMANDS



 1. CASE PRINCIPLE

The Static PAT (Port Address Translation) is where an IP address and a layer 4 (TCP/UDP) port are translated to one IP address and one layer 4
port.
It can be used to reach an internal file server from the Internet.

In our example, we configured static destination PAT.



 2. PICTURE




                                                                                   Functionalities tested:

                                                                                   (click on the web links to have more details about a
                                                                                   protocol)

                                                                                     Interface settings
                                                                                     Telnet access
                                                                                     PAT - Static
                                                                                     Static Routing




 3. CONFIGURATIONS


CISCO ROUTER 2651 IOS: 12.2(15)T17                          VYATTA ROUTER VC2 Feb 20, 2007


interface FastEthernet0/0                                   edit interfaces ethernet eth1
  description Server A                                       set description ServerB
  ip address 10.0.0.1 255.255.255.0                          set address 10.0.0.1 prefix-length 24
  ip nat inside

interface FastEthernet0/1                                   edit interfaces ethernet eth0
  description Vyatta                                         set description Cisco
  ip address 50.0.0.2 255.255.255.0                          set address 50.0.0.1 prefix-length 24
  ip nat outside

ip route 60.0.0.0 255.255.255.240                           set protocols static route 70.0.0.0/28 next-hop
50.0.0.1                                                    50.0.0.2

ip nat inside source static                                 set service nat rule 1
tcp 10.0.0.2 21 70.0.0.2 21                                 edit service nat rule 1
                                                             set type destination
                                                             set translation-type static
                                                             set inbound-interface eth0
                                                             set protocols tcp
                                                             set source network 0.0.0.0/0
                                                             set destination address 60.0.0.2
                                                             set destination port-name ftp
                                                             set inside-address address 10.0.0.2

line vty 0 4                                                set service telnet
  no login

enable secret password                                      edit system login user vyatta
                                                             set authentification plaintext-password password



 4. SHOW COMMANDS

vyatta@vyatta>show nat rules
vyatta@vyatta>show nat statistics




vyatta:~#tcpdump port 21
(must be executed by the root user at the Linux prompt)




Router#show ip nat translations




Router#show ip nat statistics




Router#debug ip nat
Router#terminal monitor




 Top of the page



3.1 CASE PRINCIPLE        3.2 PICTURE       3.3 CONFIGURATIONS          3.4 SHOW COMMANDS



 1. CASE PRINCIPLE

The dynamic NAT is where an IP address member of a pool is translated to an IP address member of another pool of addresses.
It can be used when you want to link two networks having the same IP range.

In our example, we configured dynamic source NAT.
 2. PICTURE



                                                                  Functionalities tested:

                                                                  (click on the web links to have more details about a
                                                                  protocol)

                                                                     Interface settings
                                                                     Telnet access
                                                                     NAT - Dynamic
                                                                     Static Routing




 3. CONFIGURATIONS


CISCO ROUTER 2651 IOS: 12.2(15)T17          VYATTA ROUTER VC2 Feb 20, 2007


interface FastEthernet0/0                   edit interfaces ethernet eth1
  description Server A                       set description ServerB
  ip address 10.0.0.1 255.255.255.0          set address 10.0.0.1 prefix-length 24
  ip nat inside

interface FastEthernet0/1                   edit interfaces ethernet eth0
  description Vyatta                         set description Cisco
  ip address 50.0.0.2 255.255.255.0          set address 50.0.0.1 prefix-length 24
  ip nat outside

ip route 60.0.0.0 255.255.255.240           set protocols static route 70.0.0.0/28 next-hop
50.0.0.1                                    50.0.0.2

ip nat pool nat-pool 70.0.0.0 70.0.0.15     set service nat rule 1
netmask 255.255.255.240                     edit service nat rule 1
ip nat inside source list 1 pool nat-pool    set type source
access-list 1 permit 10.0.0.0 0.0.0.255      set translation-type dynamic
                                             set outbound-interface eth0
                                             set protocols all
                                             set source network 10.0.0.0/24
                                             set destination network 0.0.0.0/0
                                             set outside-address address 60.0.0.0/28

line vty 0 4                                set service telnet
  no login

enable secret password                      edit system login user vyatta
                                             set authentification plaintext-password password



 4. SHOW COMMANDS

vyatta@vyatta>show nat rules




vyatta@vyatta>show nat statistics
vyatta:~#tcpdump -v
(must be executed by the root user at the Linux prompt)




Router#show ip nat translations




Router#show ip nat statistics




Router#debug ip nat
Router#terminal monitor




END TO END CONNECTIVITY CHECKS:

From Desktop A:
c:\>tracert 50.0.0.1




From Desktop B:
c:\>tracert 50.0.0.2
  Top of the page



4.1 CASE PRINCIPLE         4.2 PICTURE        4.3 CONFIGURATIONS            4.4 SHOW COMMANDS




NAT 예

 1. CASE PRINCIPLE

The masquerade NAT is where source IP addresses inside a pool of addresses are translated to one unique IP address.

It is typically used for a group of users having private IP addresses and which are requesting access to the Internet.



 2. PICTURE



                                                                                      Functionalities tested:

                                                                                      (click on the web links to have more details about a
                                                                                      protocol)

                                                                                        Interface settings
                                                                                        Telnet access
                                                                                        NAT - Masquerade
                                                                                        Static Routing




 3. CONFIGURATIONS


CISCO ROUTER 2651 IOS: 12.2(15)T17                            VYATTA ROUTER VC2 Feb 20, 2007


interface FastEthernet0/0                                     edit interfaces ethernet eth1
  description Server A                                         set description ServerB
  ip address 10.0.0.1 255.255.255.0                            set address 10.0.0.1 prefix-length 24
  ip nat inside

interface FastEthernet0/1                                     edit interfaces ethernet eth0
  description Vyatta                                           set description Cisco
  ip address 50.0.0.2 255.255.255.0                            set address 50.0.0.1 prefix-length 24
  ip nat outside

ip route 60.0.0.0 255.255.255.240                             set protocols static route 70.0.0.0/28 next-hop
50.0.0.1                                                      50.0.0.2

ip nat inside source list 1 interface                         set service nat rule 1
FastEthernet0/1 overload                                      edit service nat rule 1
access-list 1 permit 10.0.0.0 0.0.0.255                        set type source
                                                               set translation-type masquerade
                                                               set inbound-interface eth0
                                                               set protocols all
                                                               set source network 10.0.0.0/24
                                                               set destination address 0.0.0.0/0

line vty 0 4                                                  set service telnet
  no login

enable secret password                                        edit system login user vyatta
                                                               set authentification plaintext-password password



 4. SHOW COMMANDS

vyatta@vyatta>show nat rules
vyatta@vyatta>show nat statistics




vyatta:~#tcpdump -v
(must be executed by the root user at the Linux prompt)




Router#show ip nat translations
(telnet from Desktop A to Vyatta)




Router#show ip nat statistics




Router#debug ip nat
Router#terminal monitor




END TO END CONNECTIVITY CHECKS:

From Desktop A:
c:\>tracert 50.0.0.1
From Desktop B:
c:\>tracert 50.0.0.2




DHCP예

 1. CASE PRINCIPLE


Vyatta version used: VC 2.2 Aug 30, 2007

DHCP for Dynamic Host Configuration Protocol, is a protocol used by computers called clients, to get an IP address from a server.
In addition to an IP address, the server provides optional settings such as a subnet mask, a default gateway or a DNS server to the client.
To request an IP address, the client first broadcasts on the local subnet to find DHCP servers.
By default, the routers do not forward the broadcasts but they can be configured to forward them to the DHCP server.
The router forwarding the request is called a DHCP relay.

Check the packet analysis section to get information about the DHCP operations request process.




 2. PICTURE




                                                                                            Functionalities tested:

                                                                                            (click on the web links to have more details about a
                                                                                            protocol)

                                                                                                Interface settings
                                                                                                Telnet access
                                                                                                DHCP server
                                                                                                DHCP relay




 3. CONFIGURATIONS


VYATTA ROUTER A VC2.2 Aug 30, 2007                           CISCO ROUTER A 2621 IOS: 12.2(23a)
   See the entire configuration                                  See the entire configuration


edit interfaces ethernet eth0                                interface FastEthernet0/0
 set address 10.0.2.1 prefix-length 24                         ip address 10.0.2.1 255.255.255.0

set system host-name Vyatta-RouterA                          hostname Cisco-routerA

set service telnet                                           line vty 0 4
                                                               no login

edit system login user vyatta                                enable secret password
 set authentification plaintext-password

set service dhcp-server shared-network-name mydhcp           service dhcp
edit service dhcp-server shared-network-name mydhcp
 set subnet 10.0.2.0/24                                       ip dhcp pool mydhcp
 set subnet 10.0.1.0/24
 edit subnet 10.0.1.0/24
   dns-server 10.0.2.3                                          network 10.0.1.0 255.255.255.0
   default-router 10.0.1.2
   set start 10.0.1.200 stop 10.0.1.210                         dns-server 10.0.2.3
   set start 10.0.1.212 stop 10.0.1.222                         default-router 192.168.1.1


                                                              ip dhcp excluded-address 10.0.1.0 10.0.1.199
                                                              ip dhcp excluded-address 10.0.1.223 10.0.1.255
                                                              ip dhcp excluded-address 10.0.1.211

                                                              ip route 0.0.0.0 0.0.0.0 10.0.2.2
set protocols static route 0.0.0.0/0 next-hop 10.0.2.2



VYATTA ROUTER B VC2.2 Aug 30, 2007                            CISCO ROUTER B 2621 IOS: 12.4(16)
   See the entire configuration                                   See the entire configuration


edit interfaces ethernet eth0                                 interface FastEthernet0/0
 set address 10.0.1.2 prefix-length 24                          ip address 10.0.1.2 255.255.255.0

edit interfaces ethernet eth1                                 interface FastEthernet0/1
 set address 10.0.2.2 prefix-length 24                          ip address 10.0.2.2 255.255.255.0

set system host-name Vyatta-RouterB                           hostname Cisco-routerB

set service telnet                                            line vty 0 4
                                                                no login

edit system login user vyatta                                 enable secret password
 set authentification plaintext-password

edit service dhcp-relay                                       ip helper-address 10.0.2.1
 set server 10.0.2.1
set service dhcp-relay interface eth0
set service dhcp-relay interface eth1

DESKTOP:

To force a dhcp renewal:

Linux: dhclient eth0
Windows:
Start -> Run -> cmd
ipconfig /renew




 4. SHOW COMMANDS & PACKET ANALYSIS:


1. VYATTA CASE STUDY                              2. CISCO CASE STUDY




1. VYATTA CASE STUDY

Vyatta_Router>show version


Baseline Version: vc2-2

Built by:            root@vyatta.com

Built on:            Thu Aug 23 20:41:03 UTC 2007

Build ID:            aa2e45f-1a45b2b-518c9cc-a9aa9f8-4c29b36-6890d5d-200708232041


Cisco-Router#show dhcp leases


IP address           Hardware Address              Lease expiration                     Pool        Client Name

------------         -------------------           ---------------------                -------     -------------

10.0.1.222           00:99:88:77:66:55             2007/09/11 23:59:46                  mydhcp      Client_Laptop


Cisco-Router#show dhcp statistics


Total DHCP requests for all pools:                       11

Total DHCP responses for all pools:                      3
pool                                                                 pool size            # leased          # avail

-----                                                                --------             --------          ------

mydhcp                                                               0                    1                 -1


Cisco-RouterA#show route


0.0.0.0/0                      [static(1)]                               > to 10.0.2.2                       via eth0

10.0.2.0/24                    [connected(0)]                            > to 10.0.2.1                       via eth0

127.0.0.0/8                    [connected(0)]                            > to 127.0.0.1                      via lo


Cisco-RouterB#show dhcp statisctics


dhcp server is not running


Cisco-RouterB#show route


10.0.1.0/24                    [connected(0)]                            > to 10.0.1.2                       via eth0

10.0.2.0/24                    [connected(0)]                            > to 10.0.2.2                       via eth1

127.0.0.0/8                    [connected(0)]                            > to 127.0.0.1                      via lo


PACKETS ANALYSIS:

Wireshark (on the Desktop) and TCPdump (on the Vyatta routers) are used to capture packets during the DHCP IP address request process.

Desktop: (DHCP client)




The capture above shows clearly the DHCP operations four steps process:


- DHCP Discover:
- DHCP Offer:
                                             The   client broadcasts to find a DHCP server.
                                             The   server sends an unicast message to the client with an IP address.
- DHCP Request:
                                             The   client broadcasts to say to potential other DHCP servers that it received an IP address.
                                             The   server sends an unicast message to the client with optional settings such as the default gateway.
- DHCP Acknowledgement:


It is interesting to notice, in case you need to set firewall rules, that the packets sent from the client use UDP source port 68 and UDP
destination port 67. When sent back from the server to the client, they use UDP source port 67 and UDP destination port 68.

Vyatta-RouterA:
(DHCP server)
tcpdump -n port 67

IP   10.0.2.2.67   > 10.0.2.1.67: BOOTP/DHCP,       Request from 00:99:88:77:66:55, length 300
IP   10.0.2.1.67   > 10.0.1.2.67: BOOTP/DHCP,       Reply, length 300
IP   10.0.2.2.67   > 10.0.2.1.67: BOOTP/DHCP,       Request from 00:99:88:77:66:55, length 329
IP   10.0.2.1.67   > 10.0.1.2.67: BOOTP/DHCP,       Reply, length 300

Vyatta-RouterB: (DHCP relay)

tcpdump -n port 67

IP   0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request           from 00:99:88:77:66:55, length 300
IP   10.0.1.2.67 > 10.0.1.222.68: BOOTP/DHCP, Reply, length         300
IP   0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request           from 00:99:88:77:66:55, length 329
IP   10.0.1.2.67 > 10.0.1.222.68: BOOTP/DHCP, Reply, length         300


  Top of the page         Show Commands menu




2. CISCO CASE STUDY

Cisco-RouterA#show ip route
Gateway of last resort is 10.0.2.2 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.2.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 10.0.2.2

Cisco-RouterA#show ip dhcp binding


IP address            Client-ID/                              Lease expiration                           Type
                      Hardware address

10.0.1.200            0100.9988.7766.55                       Mar 02 1993 12:45 AM                       Automatic

Cisco-RouterA#show ip dhcp server statistics


Memory usage                           13393

Address pools                          1

Database agents                        0

Automatic bindings                     1

Manual bindings                        0

Expired bindings                       0

Malformed messages                     0



Message                                Received

BOOTREQUEST                            0

DHCPDISCOVER                           7

DHCPREQUEST                            9

DHCPDECLINE                            0

DHCPRELEASE                            6

DHCPINFORM                             0



Message                                Sent

BOOTREPLY                              0

DHCPOFFER                              7

DHCPACK                                8

DHCPNAK                                1

Cisco-RouterB#show ip route


Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
C       10.0.2.0 is directly connected, FastEthernet0/1
C       10.0.1.0 is directly connected, FastEthernet0/0


PACKETS ANALYSIS:

Wireshark (on the Desktop) and TCPdump (on the Vyatta routers) are used to capture packets during the DHCP IP address request process.

Desktop client: (DHCP client)




The capture above shows clearly the DHCP operations four steps process:


- DHCP Discover:                         The   client broadcasts to find a DHCP server.
- DHCP Offer:                            The   server sends an unicast message to the client with an IP address.
                                         The   clients broadcast to say to potential other DHCP servers that it received an IP address.
- DHCP Request:                          The   server sends an unicat message to the client with optional settings such as the default gateway.
 - DHCP Acknowledgement:


 It is interesting to notice, in case you need to set firewall rules, that the packets sent from the client uss UDP source port 68 and UDP
 destination port 67. When sent back from the server to the client, they use UDP source port 67 and UDP destination port 68.

 Cisco-RouterA: (DHCP Server)

 #debug ip dhcp server packety

 DHCPD:    DHCPDISCOVER received from client 0100.9988.7766.55 through relay 10.0.1.2.
 DHCPD:    Sending DHCPOFFER to client 0100.9988.7766.55 (10.0.1.200).
 DHCPD:    unicasting BOOTREPLY for client 0099.8877.6655 to relay 10.0.1.2.
 DHCPD:    DHCPREQUEST received from client 0100.9988.7766.55.
 DHCPD:    Sending DHCPACK to client 0100.9988.7766.55 (10.0.1.200).
 DHCPD:    unicasting BOOTREPLY for client 0099.8877.6655 to relay 10.0.1.2.

 The "01" characters before the MAC address represent the Ethernet media type.

 Cisco-RouterB: (DHCP Relay)

 #debug ip dhcp server packety

 DHCPD:    setting giaddr to 10.0.1.2.
 DHCPD:    BOOTREQUEST from 0100.9988.7766.55 forwarded to 10.0.2.1.
 DHCPD:    forwarding BOOTREPLY to client 0099.8877.6655.
 DHCPD:    creating ARP entry (10.0.1.200, 0099.8877.6655).
 DHCPD:    unicasting BOOTREPLY to client 0099.8877.6655 (10.0.1.200).
 DHCPD:    Finding a relay for client 0100.9988.7766.55 on interface FastEthernet0/0.
 DHCPD:    setting giaddr to 10.0.1.2.
 DHCPD:    BOOTREQUEST from 0100.9988.7766.55 forwarded to 10.0.2.1.
 DHCPD:    forwarding BOOTREPLY to client 0099.8877.6655.
 DHCPD:    creating ARP entry (10.0.1.200, 0099.8877.6655).
 DHCPD:    unicasting BOOTREPLY to client 0099.8877.6655 (10.0.1.200).

             1. CASE PRINCIPLE

             Network bridges connects multiple network segments or local area networks at the data link layer (layer 2) of the OSI model.
             The behavior of bridges are very similar to hubs or switches, they all let layer two broadcasts pass through them.
             As a comparison, routers work at the layer three of the OSI model and will stop these broadcasts.

             In our case study, we will bridge two network interfaces on three different components: a Vyatta router, a Cisco router and a Linux
             machine. (The windows XP bridging howto will come very soon).

             An IP address is set on the bridges to be able to manage them:
             On Vyatta, as this is not possible to do it from the router interface, you must do it at the Linux level.
             On Cisco, you must activate the integrated routing and bridging (IRB) mode.


BRIDGING




  2. PICTURE

 Functionalities tested:

 (click on the web links to have more details about a protocol)

   Interface settings
   bridging




  3. CONFIGURATIONS
VYATTA ROUTER VC3.0 Oct 29, 2007                                        CISCO ROUTER 2621 IOS: 12.2(23a)

edit interfaces ethernet eth0                                           interface FastEthernet0/0
 set bridge-group bridge br0                                              bridge-group 1

edit interfaces ethernet eth1                                           interface FastEthernet0/1
 set bridge-group bridge br0                                              bridge-group 1

set system host-name Vyatta-Router                                      hostname Cisco-router

set service telnet                                                      line vty 0 4
                                                                          no login

                                                                        bridge irb
                                                                        bridge 1 protocol ieee
                                                                        bridge 1 route ip

                                                                        interface BVI 1
                                                                          ip address 10.0.2.1




Configurations done at the
Debian/Linux level:
Login with the root user.
Set the bridge IP address:


#ifconfig br0 10.0.2.1 netmask 255.255.255.0

To keep your settings permanently:


#vim /etc/network/interfaces

auto br0
iface br0 inet static
address 10.0.2.1
netmask 255.255.255.0




LINUX Debian or Ubuntu

- Install the tools need to build a bridge:


#apt-get install bridge-utils

- Load the bridge kernel module:


#modprobe bridge

- Check that the bridge module is loaded:


#lsmod | grep bridge

- Activate the Ethernet interfaces:


#ifconfig eth0 up
#ifconfig eth1 up

- Create the bridge:


#brctl addbr br0

- Add members to the bridge:


#brctl addif br0 eth0
#brctl addif br0 eth1

- Set the bridge IP address:


#ifconfig br0 10.0.2.1 netmask 255.255.255.0

To keep your settings after a reboot, create the following script stored in the "/root/bridge.sh" file:


#!bin/bash
# Load the bridge kernel module
modprobe bridge
# Activate the Ethernet interfaces
ifconfig eth0 up
ifconfig eth1 up
# Create the bridge
brctl addbr br0
# Add members to the bridge
brctl addif br0 eth0
brctl addif br0 eth1
# Set the bridge IP address:
ifconfig br0 10.0.2.1 netmask 255.255.255.0

Then you have to add the following lines in the "/etc/crontab" file:


#vim /etc/crontab

@reboot root /root/bridge.sh



    4. SHOW COMMANDS:

    Vyatta Router

- Check the bridge status:


Vyatta-Router#show bridge

bridge name           bridge id                      STP enabled         interfaces

br0                   8000.0000ab12cd34              no                  eth0

                                                                         eth1

The bridge ID begins with "8000" and is followed by the lowest MAC address of one of its members.

- Check the bridge members:


Vyatta-Router#show bridge br0 macs

port    no     mac addr                      is local?    ageing timer

2              00:00:ab:12:cd:34             yes          0.00

1              00:04:11:22:33:44             yes          0.00

- Check the bridge interface:


vyatta:~#ifconfig br0

    Cisco Router

- Check the bridge members:


#show interface irb

- Check the bridge interface:


#show interface BVI1

    Linux Router

- Check the bridge status:


Linux#brctl show

bridge name           bridge id                      STP enabled         interfaces

br0                   8000.0000ab12cd34              no                  eth0

                                                                         eth1

The bridge ID begins with "8000" and is followed by the lowest MAC address of one of its members.

- Check the bridge members:


Linux#brctl showmacs br0

port    no     mac addr                      is local?    ageing timer

2              00:00:ab:12:cd:34             yes          0.00

1              00:04:11:22:33:44             yes          0.00

- Check the bridge interface:


Linux#ifconfig br0

				
DOCUMENT INFO
Shared By:
Stats:
views:16
posted:7/26/2009
language:Korean
pages:41