Routing Enterasys

7/2/2011
There is nothing more important than our customers
Enterprise Routing
Course Overview
Version 4.04
A Siemens Enterprise Communications Company
Enterprise Routing Course Overview

Course Description
This course is designed to educate participants about Enterasys

routing products, including their features, functions and
configuration.
The course includes technology summaries, product introduction

and overview, as well as, hands-on application via lab exercises.
During this course, you will learn how to setup and configure
Enterasys Switches for various network topologies, explore different
router operating modes such as RIP, OSPF, PIM-SM, IGMP, LS-NAT,
and VRRP, and gain experience in troubleshooting the Enterasys
routing product line.
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company All rights reserved.
2011 Enterasys Networks, Inc.

All
rights reserved Enterasys Confidential
7/2/2011

Course Outline
Day One
Module #1: Enterasys Routing Products Overview
Module #2: Basic Routing Configuration
- Lab #1-Direct Routes, Static Routes, RIP,
DHCP/BootP Relay (IP-Helper)
Module #3: OSPF

- Lab #2-OSPF Basic and Advanced Configurations
Day Two
Module #4: LS-NAT
- Lab #3- LS-NAT Configuration
Module #5: TWCB

Module #6: ACLs
- Lab#4-ACL Lab
Day Three
Module #7: Multicast Routing
- Lab #5- PIM-SM Multicast Routing Configuration
Module #8: VRRP

- Lab #6- VRRP Configuration
Module #9: Troubleshooting

- Lab #7- System Troubleshooting

Course Prerequisites
Student prerequisite knowledge/skills
Topics not covered in this course
Experienced PC user
In depth discussion of :
Operational knowledge of
802.1D (STP)
Ethernet
TCP/IP
802.1D standard
Network design
802.1Q standard
Wireless
Understanding of TCP/IP protocol
Understanding of various types of routing and

multicast protocols, with specific knowledge
in the following:
-
OSPF
PIM-SM
IGMP
VRRP
LS-NAT
TWCB
NetSight NMS
Dragon
In depth discussion of the following Protocols,
OSPF, PIM-SM, IGMP, and VRRP or other
routing protocols.

All
7/2/2011

Course Objectives
Enterasys Routing Products Overview

-
Explain the differences and similarities between the B3/B5/C2/C3/C5, G-Series, N-Series DFEs, and S-Series routers for
routing.
Basic Router Overview

- Direct Routes
- Static Routes
- Rip Routing
- DHCP/BootP Relay (IP Helper)
OSPF
- Verify that basic OSPF network is configured correctly via various show commands. If not correct troubleshoot network.
- Configure static routes for redistribution into OSPF and verify network changes correctly, troubleshoot network if incorrect.
- Configure OSPF Areas for stub areas and NSSA, Authentication, and Summarization. Then verify network changes are correct,
troubleshoot network if in correct.
LS-NAT
- Configure LSNAT on routers/switches. Verify that the network is configured correctly via various show commands, troubleshoot
if incorrect.
- Implementation, send and Receive data traffic using LSNAT setup. Verify that traffic is being received and properly load
balanced over available servers, troubleshoot if incorrect
TWCB
- Review Transparent Web Cache Balancing feature on N & S-Series products, Discuss configuration related parameters for
implementing feature.

Course Objectives (continued)
ACLs
- Configuration
- Implementation
PIM-SM
- Configure PIM-SM & IGMP on routers/switches and verify that the multicast network is configured correctly via various show
commands, troubleshoot if incorrect.
- Send and Receive multicast traffic throughout the network, verify that traffic is being received over correct links and joins are
complete, troubleshoot if incorrect.
- Stop receiving multicast, verify that prunes have halted traffic correctly, and troubleshoot if incorrect.
VRRP
- Configure a basic VRRP network and verify that it is configured correctly via various show commands. If not correct
troubleshoot network.
- Configure VRRP Critical IP; verify VRRP is configured correctly, if not troubleshoot.
- Disable Critical IP interface, verify VRRP switches to new master correctly, if not troubleshoot. Added multiple VRRP instances
to network, with load sharing of clients between instances. Verify that VRRP is correctly configured.
Troubleshooting
- Examine the commands and tools most commonly used to determine if a reported problem within a routed environment, is
actually a network related issue.
- Implement the mechanisms used to isolate a problem down to a specific category.

All
7/2/2011
Getting Started & Introductions
Sign the Attendance Form

Class Hours
- 9:00 am to 5:00 pm
Instructor
- Nicols Martnez
Attendees
- Name?
- Company?
- Job Description?
- What is your experience with routing?
- Are you currently using Enterasys routing products? (Which?)
- What do you hope to learn about routing from this course?
Enterprise Routing
Routing Products Overview
Version 4.03

All
7/2/2011
Enterprise Routing Routing Products Overview

Routing Review- OSI Model
Destination System
Source System
Application
Application
Presentation
Presentation
Session
Session
Router
Transport
Network
Transport
Routing Function
Network
Data Link
Data Link
Data Link
Data Link
Physical
Physical
Physical
Physical

Routing Review
Routers / Layer 3 Switching:
Layer 2 Switching:
- Switch packets between different physical networks, based - Switch frames within the same physical network, based
upon Network-layer addressing
upon Data Link-layer (MAC) addressing
- Do not flood MAC-layer broadcasts from one attached
network to another
- Are protocol dependent (e.g., IPv4 routed to IPv4; IPv6
routed to IPv6).
- Support packet fragmentation
- Support multiple Physical- and Mac-layer packet
encapsulation types, and have the ability to translate from
one type to another
- Flood all MAC-layer broadcasts out all attached ports in

the same physical network
- Are protocol transparent (i.e. -- unaware of IP, IPX, etc.,
protocols embedded in the datagrams)
- Do not support packet fragmentation
- Support multiple Physical- and Mac-layer packet
encapsulation types, and have the ability to translate from
one type to another

All
10
7/2/2011
Enterprise Routing Routing Products Overview When

Should Routing be Implemented?
When communication is needed between VLANs
When MAC-layer multicast/broadcast traffic is adversely effecting

network performance
When packet switching based upon upper-layer protocols such as IP

is desired
Where multiple active paths between systems is required
11
Enterprise Routing Routing Products Overview Router

Advantages
Isolation of MAC-layer broadcast traffic. Routers allow VLANs to

communicate but prevent the flow of broadcast traffic from one
physical LAN to another
Path Selection. Routers can use the best path which physically
exists between source and destination systems. Some routers
allow for load balancing over redundant paths
Flexibility. Routers can support any desired network topology
The total size of the network interconnected with routers is, for all
practical purposes, unlimited

All
12
7/2/2011
Enterprise Routing Routing Products Overview Router

Disadvantages
Protocol Dependence. Routers operate at the OSI Network layer and

must be aware of the protocol(s) they are configured to route. A
router will ignore traffic it is not configured to handle
Configuration complexity, routers require more extensive setup and

provisioning
Cost, routers are typically more complex devices than switches and
can be more expensive
13

Enterasys Routing Support
The following Enterasys switch products support both Layer 2 (the

Data Link layer of the OSI model) switching and Layer 3 (the network
layer) IP routing functionality:
- B3/B5/C2/C3/C5
- G Series
- N-Series DFE
- Gold
- Platinum
- Diamond
- S Series

All
14
7/2/2011

B3/B5/C2/C3/C5
B3/B5 supports only basic IP routing functionality (i.e., directly

connected routes, RIP routes, static routes, and standard ACLs)
C2/C3/C5 Series supports basic IP routing functionality (i.e., directly
connected routes, RIP routes, static routes, and standard ACLs)
Additionally, via an optional advanced routing license (L3-LIC, Layer
3 Routing License), the C2/C3/C5 supports
-
OSPF, PIM, DVMRP, VRRP and Extended ACLs.

License will need to be re-entered if configuration is cleared on C2
License will NOT need to be re-entered if configuration is cleared C3/C5
Optional license C3 IPv6-LIC (IPv6 licenses) enables IPv6 functionality on the C3
IPv6 functionality is included in the advanced routing licenses for the C5.
Requires the purchase and activation of a advance routing license for each unit in a stack.
15
Enterasys G Series
- Multi-user policy per port

- Up to eight policy users per port
- Individual policy capabilities identical to C3 Release 1.1 at initial shipment
- Routing features
- Basic routing (RIP v1/v2) included
- Advanced routing option (OSPF, DVMRP, PIM-SM, VRRP)
- IPv6 management and IPv6 routing (option)
- Hot swapping of IOMs

- Front panel push button
- Safely remove IOM with power applied with no impact on the rest of the switch
- Install new IOM in any empty slot
- No impact on running switch
- IOM not recognized by the switch until next reboot

All
16
7/2/2011

N-Series Gold/ Platinum
The N-Series is a modular design chassis.

Four models, the N1, N3, N5, and the N7 with
granular Layer 2/3/4 classification
Support advanced Layer 3 IP routing

Three product lines:
Distributed Forwarding Engines (DFEs), Diamond:
Significant Processing Enhancements over Platinum DFEs,
plus increased Security, Routing & Policy Scalability.
DFEs, Platinum: optimized for more features and higher
performance
Designed for wiring closets, server farm

aggregations, and distribution switching.
Platinum DFE modules can support up to 256
routing interfaces and can be configured for RIP
and/or OSPF routing protocols
OSPF support on the N-Series

requires the purchase
and activation of an advanced
routing license.
17

N DFE Limits
The show limits command can be used to determine Layer 3

related system limits for N-Series routers
N7 Platinum(su)->show router limits

|
(256 MgB)
Resource |
Entries
Memory (bytes)
Max-InUse=Avail | *Each ~=
Max
InUse
======== | ===== ===== ===== | ===== ======= =======

Dynamic ARPs * | 32768
Static ARPs * |
1024
3 32765 |
92 3014656
92
1024 |
276
94208
288 3535776
2016
Routing Table | 12277
7 12270 |
Static Routes |
1024
1024 |
44
45056
IP Helper |
5120
5120 |
12
61440
LSA type 1 * |
512
508 |
1672
856064
6688
LSA type 2 * |
512
510 |
1596
817152
3192
LSA type 3 * |
3000
3000 |
248
744000
LSA type 4 * |
3000
3000 |
324
972000
LSA type 5 * |
4000
4000 |
428 1712000
LSA type 7 * |
4000
4000 |
444 1776000
LSA type 9 * |
512
512 |
1548
792576
LSA type 10 * |
64
64 |
1548
99072
LSA type 11 * |
512
512 |
1548
792576

All
18
7/2/2011

N-Series DFE Limits (contd)
Entries
Resource |
Memory (bytes)(256 MgB)
Max-InUse=Avail | *Each ~=
Max
InUse
======== | ===== ===== ===== | ===== ======= =======

DVMRP Routes | 10000
0 10000 |
Interfaces |
277
274 |
Secondary Addresses |
2000
2000 |
Configured Rip Nets |
300
300 |
Rip Routes |
3000
3000 |
VRRP Entries |
1024
PBR Entries
5000
LSNAT Virtual Server Cfg * |
50
LSNAT Global Binding * | 32000

LSNAT Cache Binding * |
Dhcp Leases
124 1240000
1072
3216
12
3600
32
96000
1024 |
724
741376
4999 |
120
600000
120
50 | 19696
984800
0 32000 |
340 10880000
2000
2000 |
212
424000
1024
1024 |
172
176128
31435424
15508
Total: |
PreAllocated *: |
Total Avail Mem (Appx):
296944
25295104
124556808
* Indicates PreAllocated Memory Elements
19

What is the N-Series Standalone Switch?
The N-Series Standalone or 2G Systems are

two new small fixed form factor Platinum
products created to complement the N-Series
Chassis Products
- Memory upgrade DFE-256MB-UGK & N-EOS-L3
(advance routing license) are included.

All
20
10
7/2/2011
Enterprise Routing
S-Series Routing Products
The S-Series routing products comes in multiple chassis sizes

and standalone
I/O modules with option module slots are available for
unparalleled configuration flexibility
- Highest combined port density per rack unit in the industry
Highest performance in its class

- Future proofed to >6 Tbps* Backplane capacity
S8
- 1.28 Tbps, 950 Mpps Load sharing I/O fabric pair
Connectivity
S4
- Triple speed with PoE Gigabit SFP

- 10 Gigabit Ethernet SFP+
S3
- Support for future 40/100 Gigabit Ethernet

SSA
Maximum port capacities

- 576 Triple Speed ports, 576- Gigabit SFP ports
- 128 10 Gigabit Ethernet SFP+ ports
Builds upon N Series technology

- Flow based switching architecture
- Secure Networks policy embedded with deep packet inspection
- Based on N Series firmware
21

Deployment Flexibility
Edge/Access
Distribution/Data
Center
Core
SSA
SSA
S3
S8
S4
S4
S8

All
22
11
7/2/2011

S-Series System Architecture
Fabric-based architecture in S4 and S8

- Load sharing I/O fabric modules provide highly scalable
inter module connectivity while also providing a full
compliment of front panel connectivity
Fabric-less architecture in S3 chassis

- Backplane uses mesh architecture to interconnect I/O
modules
- I/O modules contain fabric elements for module to module
communication
- S3 provides a cost optimized approach to deploying
features to the network edge
premium
Multiple host CPUs for maximum resiliency

- Switching and routing applications are distributed
throughout the system providing industry leading scalability
and resiliency
23

S4 / S8 Fabric Modules
Load-sharing fabrics
- I/O Fabrics contain the crossbar fabric circuitry
- Provide the data-plane connectivity to all other slots
- An I/O fabric module is required for chassis operation
Crossbar work in unison to provide maximum system throughput

- Fabric pair provides 1.28 Tbps in an S8 chassis and 640 Gbps in an S4 Chassis (Real)
Third fabric capability in S8 chassis for full performance redundancy

(N+1)
Full 160Gbps front panel I/O support
All I/O fabric and I/O modules include a high performance host CPU
- Distributed switching and routing across all modules that provides scalability and
enhanced resiliency

All
24
12
7/2/2011

S Series Limits
The show router limits command can be used to determine Layer 3 related system limits
for S-Series routers
S Chassis(rw-config)->show router limits
Chassis limits:
Application
---------------------------------------access-list-entries
5000
access-lists
applied-access-lists-ipv4-in 256
applied-access-lists-ipv4-out 256
applied-access-lists-ipv6-in 256
applied-access-lists-ipv6-out 256
appsvc-ftp-alg-entries
appsvc-global-bindings
bgp-limits
dhcp-leases
dvmrp-limits
26214400
entries-per-access-list
ip-addresses
4373
ip-interfaces
256
ip-interface-addresses
lo-interfaces
8
lpbk-interfaces
multicast-flows
nat-global-bindings
nat-ip-addresses
nat-pools
nat-portmapped-addresses 10
nat-static-rules
nd-dynamic-entries
Limit
In use Entry size
--------- ----------------------0
1000
0
0
0
0
0
4000
0
40B
32768
0
100B
262144
0
1B
1000
0
56B
0
1B
25M
5000
0
128
21
4096
0
148B
32768
0
12B
1000
0
36B
10
0
280B
0
8.6K
85.9K
500
0
96B
32768
2
48B
Total Memory
156.3K
3.1M
25M
54.7K
-
592K
384K
35.2K
2.7K
46.9K
1.5M
25

Overview of Routing Support
Summary of routing support on Enterasys platforms:
Routing Functionality
N-series (Diamond
Platinum and Gold)
S Series
B3/B5/C2/C3/C5
&
G-Series
*
*
BGP
****
IS-IS
****
DVMRP
*
****
*
PIM-SM
* **
RIP v1/v2
OSPF
*
IPv6
***
IRDP
VRRP
*
Standard ACLs
* **
Extended ACLs
LSNAT
*
*
PBR
DoS Prevention
DHCP Server
* Requires advanced routing license
** Requires extended memory of 256 MB **** 7.21 code release

Note: PIM-SM is not supported on B-Series Switches
*** Supported only the C3/C5, G-Series & S Series

All
26
13
7/2/2011

Static and Dynamic Routing Support
Switch Router Family

S-Series
N-Series Diamond / Platinum
N-Series Gold
C5
B3/B5/C2/C3/G-Series
Dynamic Routes
IP Interfaces
Static Routes
~262k
1,024
256
12,276/25,000
1,024
256
10,117
512
96
5000
128
48
2,500
64
24
Routers use routing protocols to maintain their routing tables. Routing tables can be maintained
either statically or dynamically.
Static Routes
- Static routes are manually configured and entered into a switchs routing table. Static routes take default precedence
over routes chosen by dynamic routing protocols.
Dynamic Routes
- Dynamic routes are learned when routers send routing table information to each other.
- The two forms of dynamic routing that are most commonly used are Distance Vector and Link State. The specific
Distance Vector and Link State protocols used on Enterasys products are discussed below.
27

Internal Route Precedence
Internal Route Precedence:
Route Type
B3/B5/C2/C3/C5
G-Series
OSPF
110
110
110
110
ISIS
n/a
115
n/a
n/a
RIP
120
120
120
120
EBGP
n/a
20
n/a
n/a
IBGP
n/a
200
n/a
n/a
Directly connected
Static

All
28
14
7/2/2011

Internal Route Precedence
N3 (su)->show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2
* - candidate default, U - per user static route
C 1.1.1.1/32 [0/1] directly connected, Loopback 1
O 2.2.2.2/32 [110/10] via 10.1.1.2, Vlan 10
C 10.1.1.0/24 [0/1] directly connected, Vlan 10
R 11.1.1.0/24 [120/2] via 10.1.1.2, Vlan 10
S 12.1.1.0/24 [1/0] via 10.1.1.2, Vlan 10
29

Static and Dynamic Routing Support, ECMP
Switch router Family
Maximum
paths
Round
Robin
Hashing
RIP
OSPF
Static Routes
S-Series
N-Series Platinum/Diamond
N-Series Gold
C2 /C3/C5/G3
Equal Cost Multi-Path with load sharing

- The DFE-Diamond/Platinum, and S-Series support up to 8 equal cost paths.
- DFE-Gold, C2/C3/C5 and X Series support 4 equal cost paths.
- Round Robin algorithm ensures uniform load balancing across all paths
- Hashing algorithm ensures sequential delivery of all packets
- DFE can use a flow based round robin algorithm to combine features
- Hashing algorithm is the default when both are available

All
30
15
7/2/2011
Enterprise Routing
Basic Routing Config
Version 4.03
Enterprise Routing Basic Routing Config

Routing Review

All
32
16
7/2/2011

Pre-routing Considerations: Switching Features
1.
Disable Spanning Tree
C3(su)->set spantree disable

Port
String
C3(su)->set spantree portadmin
2.
disable
Disable GVRP
C3(su)->set gvrp disable

Port
String
C3(su)->set gvrp
disable
33

Pre-routing Considerations: Switching Features
Switched

All
34
17
7/2/2011

Pre-routing Considerations: VLAN Review
1. Create the VLAN used for IP routing from the switch CLI
C3(su)-> set vlan create 5
2. Assign ports to the VLAN
Port
String
VLAN id
VLAN
id
C3(su)-> set port vlan fe.1.6 5

Then answer Y to add port to the egress list and clear the existing PVID
Port
String
VLAN
id
modify-egress
OR
3. Assign ports to the VLAN
Port VLAN
String id

Then answer N to not add port to the egress list and not clear the PVID
4. Assign ports to the VLANs egress list

VLAN
id
Port
String
C3(su)-> set vlan egress 5 fe.1.6 untagged

35

Router Configuration B,C,G Series
As soon as 2 or more Routing interfaces

are created, routing between VLANs is
available.
Enter Router Mode
VLAN 5
VLAN 10
C3(su)->router
Enter Router Privileged Mode

(su)->router>enable
Enter Configuration Mode

(su)->router#configure
Enter Interface Configuration Mode

(su)->router(Config)# interface vlan 5
(su)->router(Config-if(Vlan 5)#ip address 192.168.5.1 255.255.255.0
(su)->router(Config-if(Vlan 5))#no shutdown
(su)->router(Config)# interface vlan 10
(su)->router(Config-if(Vlan 10)#ip address 192.168.10.1 255.255.255.0
(su)->router(Config-if(Vlan10))#no shutdown

All
36
18
7/2/2011

Router Configuration S and N-Series Version 7.11
Unified CLI:
Prior to firmware 7.0, when logging in to an NSeries device,
system or switch command mode of the CLI
the users was first placed in
This command mode provided access to all nonrouting device configuration (e.g., STP, LACP,
VLAN creation, LACP, etc)
Entering a completely different CLI mode was required to configure or monitor routing level
functionality
Once in routing mode, switch related configuration and monitoring was no longer available.
Switch and routing configuration and monitoring took place within separate, distinct CLI
subsystems between which there was no communication
37

Unified CLI (continued):

Each subsystem had its own rules, behaviors, tools, and command history. In release 7.0 or
greater, this is no longer the case
Release 7.0 operates within a single CLI subsystem, and both switch and routing commands are
accessible within the single CLI subsystem
This implementation is described as the unified CLI
In the following CLI example, the configure command enters routing configuration mode and ACL
10 is created.
Additionally, while in ACL 10 configuration mode, the date is set to 04/15/2009 using the system
level command set time without ever leaving the router ACL configuration command mode.
NChassis(rw)->
N Chassis(rw)->configure
N Chassis(rw-config)->ip access-list standard 10
N Chassis(rw-cfg-std-acl)->set time 04/15/2009
N Chassis(rw-cfg-std-acl)-><163>Apr 14 09:07:56 0.0.0.0 System[1]Time and Date set
(by user) to: WED APR 15 09:07:56 2009
N Chassis(rw-cfg-std-acl)->

All
38
19
7/2/2011

As soon as 2 or more Routing interfaces are

created, routing between VLANs is
available.
VLAN 10
VLAN 5
Create a vlan interface

N3 (su)->set ip address 192.168.1.2 mask 255.255.255.0 interface vlan.0.10
Enter configuration mode

N3 (su)->configure
Enter Router interface and protocol configuration modes

N3 (su-config)->interface vlan.0.10
N3(su-config-intf-vlan.0.10)-> no shutdown
N3(su-config-intf-vlan.0.10)-> ip forwarding
N3 (su-config)->router rip
N3(su-config-rip)->network 192.168.1.0 255.255.255.0
39

Loopback Interface Configuration
A loopback is an internal interface not associated with any physical port
When creating an IP interface on a loopback the following steps are required:

N3(su)->config
N3(su-config)->loopback 2
N3(su-config-intf-loop.0.2)->ip address 2.2.2.2 255.255.255.255
N3(su-config-intf-loop.0.2)->no shutdown
By default, when IP interfaces on a loopback is created the interface is in a down

state.
-
Therefore, no shutdown must be entered to bring up the loopback.
Loopback interfaces are not associated with any VLAN.
The loopback can be used for remote administration of the router in lieu of the host
interface.
The loopback interface must be reachable via standard routing methods, (i.e.,
through a static, or dynamic route).

All
40
20
7/2/2011

Static and Dynamic Routing Support
Routers use routing protocols to maintain their routing tables. Routing tables can
be maintained either statically or dynamically.
Static Routes
- Static routes are manually configured and entered into a switchs routing table. Static
routes take default precedence over routes chosen by dynamic routing protocols.
Dynamic Routes
- Dynamic routes are learned when routers send routing table information to each other.
- The three forms of dynamic routing that are most commonly used are Distance Vector,
Link State and Path vector protocols.
- Distance Vector Protocols
- RIPv1 and RIPv2
- DVMRP
- Link State Protocols
- OSPFv2
- IS-IS
- Path Vector Protocols
- BGP4
41

Static Route Provisioning
Router 192.168.5.1
Router 192.168.5.2
R1
R2
10.10.1.1 Network
Configuring Static Routes

- Static routes are manually configured and entered into a devices routing table
Destination Prefix
Mask
Next-Hop
R1(su-config)->ip route 10.10.1.0 255.255.255.0 192.168.5.2
R1(su)->show ip route
C
S
192.168.5.0/24 [cost 0] directly connected, Vlan 5

10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5

All
42
21
7/2/2011

RIP Overview
RIP is a standard-based form of distance-vector routing protocol.

Two versions of RIP are available for routing IPv4:
- RIP version 1, defined by RFC 1058 (STD 34) 6/88
- RIP version 2, defined by RFC 2453 (STD 56) 8/99
Routing decision is select shortest path based on hop count.

- Each router is one hop.
- RIP has a 15 hop-count limitation.
RIP updates occur every 30 seconds and sends the entire routing table
contents.
- IP/UDP port 520
- Up to 25 routes per packet
Subsequent to topology change, convergence time increases significantly

with network size
RIPv2 Differences from RIPv1:
- Includes the network mask which supports variable-length subnet masking.
- Transmits RIPv2 updates as multicast, rather than broadcast (both are supported).
- Provides an authentication mechanism not supported by RIPv1.
43

RIP Configuration
Steps to configure RIP:

Create IP Interfaces
Add IP Address to IP interfaces
Create RIP Instance
Add RIP Networks
Enable RIP

All
44
22
7/2/2011

Dynamic Routing (RIPv2)
192.168.10.0/24
R1
192.168.5.0
.1
.2
R2
192.168.4.0
C Series Config
N Series Config
R1 (su-config)-> router rip
R1 (su-config-rip)-> network 192.168.5.0 0.0.0.255
R1(su-config-rip)-> network 192.168.10.0 0.0.0.255
R1(su-config-rip)-> exit
R2>Router(config)# router rip

R2>Router(config-router)# exit
R2>Router(config)# interface vlan 4
R2>Router(config-if(Vlan4))# ip rip enable
R2>Router(config-if(Vlan4))# ip rip receive version 2
Note: N & S-series Routers running 7.x firmware run RIPv2
R2>Router(config-if(Vlan4))# ip rip send version 2
by default, therefore, they do not require RIPv2 to be
R2>Router(config)# interface vlan 5
enabled at the interface level
R2>Router(config-if(Vlan5))# ip rip enable
R2>Router(config-if(Vlan5))# ip rip receive version 2
R2>Router(config-if(Vlan5))# ip rip send version 2
45

Dynamic Routing (RIP)
192.168.10.0/24
R1
192.168.5.0
.1
.2
R2
192.168.4.0
R2(su)->router> show ip route
C
192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF

interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
C
192.168.10.0/24 [cost 1] via 192.168.5.1, Vlan 5

All
46
23
7/2/2011
Routing Configuration
Connected, Static, & Dynamic Routes
RIP
Enabled
192.168.10.0/24
R1
192.168.5.0
.1
.2
R2
192.168.4.0
10.10.1.0
C
C
S
R

10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5
192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5
47

DHCP/BootP Relay
DHCP/BOOTP relay functionality is used to assist a host device in obtaining

an IP address.
A typical situation occurs when a host requests an IP address with no DHCP

server located on the directly connected LAN segment.
Using DHCP/BOOTP relay, a router interface can forward the DHCP request
to a server located on another network if, the IP forwardprotocol is enabled
for UDP and the address of the DHCP server is configured as a helper
address ip helper on the receiving interface of the router.

All
48
24
7/2/2011

DHCP/BootP Relay
The DHCP/BOOTP relay function will detect the DHCP request and make the
necessary changes to the IP packet header, replacing the destination IP
address with the address of the DHCP server, and the source IP address with
the address configured on the receiving interface.
The router then sends the DHCP request to the DHCP server identified by the
ip helper address.
When the response is returned from the DHCP server, the DHCP/ BOOTP
relay function sends it to the host, allowing the host to obtain its IP address
49

DHCP/BootP Relay Configuration
Use the ip forward-protocol {udp [port]} command to enable UDP broadcast

forwarding and specify which protocols will be forwarded. This is a global
level command.
The example below shows how to enable forwarding of UDP datagrams carrying DHCP requests (port 67):
Router(su-config)-> ip forward-protocol udp 67
Note: use of the ip forward-protocol command is required only on S & N Series Routers NOT on C Series devices.
Use the ip helper-address address command to enable DHCP/BOOTP relay and the
forwarding of local UDP broadcasts. This is an interface level command
The configuration below permits UDP broadcasts from hosts on the 1.35.11.0/24 network to reach a DHCP
server (1.35.0.1) on the 1.35.0.0 network
Router(su-config)-> interface vlan 3511
Router(su-config-intf)-> ip address 1.35.11.254 255.255.255.0
Router(su-config-intf)->ip helper-address 1.35.0.1
Router(su-config-intf)->no shutdown

All
50
25
7/2/2011

ARP Configuration and Display
ARP Configuration
-
Displaying the ARP cache for host
C2(su)->
-
show arp
Displaying the ARP cache for all VLAN IP

interfaces
C2(su)->router>
-
show ip arp
Adding a static ARP cache entry
C2(su)->router(Config)#
arp <ip-address>
<h-h-h>
Changing the ARP cache timeout

C2(su)->router(Config)# arp
timeout seconds
Clearing the ARP cache usually resolves

problems created with changing ip
addresses
C2(su)->router# clear arp-cache
[ <ip-address> ]
Configuration Limits
-
C2(su)-> show arp

LINK LEVEL ARP TABLE
IP Address
Phys Address
Flags
Interface
-----------------------------------------------------10.1.204.17
00-01-f4-5f-49-c5 S
host.0.1
10.1.204.65
00-01-f4-5f-49-c5 S
host.0.1
10.1.204.97
00-01-f4-5f-49-c5 S
host.0.1
10.1.204.98
00-00-00-00-00-00
host.0.1
10.1.204.2
00-00-00-00-00-00
host.0.1
10.1.204.15
00-00-00-00-00-00
host.0.1
10.1.204.17
00-01-f4-5f-49-c5 S
host.0.1
10.1.204.20
00-00-00-00-00-00
host.0.1
10.1.204.21
00-00-00-00-00-00
host.0.1
10.1.204.22
00-00-00-00-00-00
host.0.1
10.1.204.34
00-00-00-00-00-00
host.0.1
10.1.204.65
00-01-f4-5f-49-c5 S
host.0.1
10.1.204.66
00-00-00-00-00-00
host.0.1
10.1.204.67
00-00-00-00-00-00
host.0.1
10.1.204.97
00-01-f4-5f-49-c5 S
host.0.1
10.1.204.98
00-00-00-00-00-00
host.0.1
------------------------------------------------------
C2(su)->router> show ip arp

Protocol Address
Age(min) Hardware Addr Interface
--------------------------------------------------Dynamic 10.1.204.2
0m
000D:883C:5A4B
VLAN1
Dynamic 10.1.204.15
0m
000D:883E:10E3
VLAN1
Internet 10.1.204.17
0001:F45F:49C5
VLAN1
Dynamic 10.1.204.20
0m
0011:1136:6B0B
VLAN1
Dynamic 10.1.204.21
0m
0009:6B99:814D
VLAN1
Dynamic 10.1.204.31 141m
00D0:B7B6:6597
VLAN1
Dynamic 10.1.204.32
0m
00D0:B7A7:7159
VLAN1
Dynamic 10.1.204.34
0m
0006:1BDA:A1A6
VLAN1
0001:F45F:49C5
VLAN1
Dynamic 10.1.204.66
0m
0010:A4E6:513B
VLAN1
Dynamic 10.1.204.67
0m
000D:883C:97CC
VLAN1
0001:F45F:49C5
VLAN1
Dynamic 10.1.204.98
3m
0002:B32F:B563
VLAN1
Arp entry count = 13.
* - Static
ARP cache timeout defaults to 4 hours on the N, S, G,

and C2/C3/C5 2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company All rights reserved.
51

File Management
write file This command saves the router configuration (N Series 6.12)
The write file command is not required when using 7.xx firmware

All
52
26
7/2/2011

Additional Information
Multiple IP Interface Configuration:

On B, C, and G-Series routers, there are two IP subsystems. A system layer IP

subsystem used to configure the single host management IP interface and a
routing layer IP subsystem used to configure routing IP interfaces.
The host interface acts as a non-routed management IP interface, and must be

assigned to a VLAN (VLAN 1 is the default).
The host interface is always up and utilizes an ARP cache and route table
independent from the ARP cache and route table used by the routing layer IP
subsystem
The C2/C3/C5 host interface address can not be assigned to the same network as
the local routed VLAN interface.
To assign host interface address to a VLAN other than 1, for C-Series, use
command:
C-Series> set host vlan vlan-id
53

Additional Information (continued)
IP Interface Configuration N & S-Series

In release 7.0 the concept of a system IP address is no longer valid.
The ability to set a unique IP address on each VLAN configured on the switch means that host management
can be accessed from any VLAN configured with its own IP
The ability to assign an IP subnet to an interface that is separate from a subnet which is passing data through
the switch allows the network administrator to create an outofband management subnet designed to only
pass network management data
Use the set ip address command to create a nonrouting host management IP interface for a VLAN:
S Chassis(rw)->set ip address 125.100.10.1 mask 255.255.0.0 interface vlan.0.5
Use the ip forwarding command is used to enable or disable IP forwarding:

N3 Chassis(su)->show running-config
interface vlan.0.5
ip address 125.100.10.1 255.255.0.0 primary
no ip proxy-arp
no ip forwarding
no ipv6 forwarding
no shutdown
N3 Chassis(rw-config)->interface vlan.0.5
SN3Chassis(rw-config-intf-vlan.0.5)-> ip forwarding

All
54
27
7/2/2011

Additional Information (continued)
Router functionality is enabled by default across the product line
To disable routing, issue the following command on B, C, and G-Series Routers

-
RouterA>(config)# no ip routing
On the N & S-series Routers running 7.x firmware, use the clear router all command
to remove all routing configuration from a system
-
RouterA>(config)# clear router all
Each VLAN allows the assignment of a primary IP address/mask and a number of

secondary IP addresses/masks
Each routed VLAN interface must be assigned to its own subnet
By default, when VLAN IP interfaces are created on the N, S, & C2/C3/C5, they are
administratively DOWN
-
Therefore a, no shutdown command must be entered after an IP interface is created
Configuration changes take effect immediately
55

Routing Table Overview B,C,G and N-series 6.12
There are two show ip route commands, one in switch mode and one in router
mode
Switch mode- show ip route command shows Host routes:
C2(su)->show ip route
ROUTE TABLE
Destination
Gateway
Mask
Tos Flags Refcnt Use
Interface
----------------------------------------------------------------------------default
192.168.0.1
00000000
0
UGC
0
0
host
127.0.0.1
127.0.0.1
00000000
0
UH
0
0
loopback
192.168.0.0
192.168.0.2
ffffff00
0
UC
1
0
host
-----------------------------------------------------------------------------
The host interface maintains a separate routing table from the VLAN interfaces
Each can be separately viewed and maintained
Each can have a separate and distinct default route

All
56
28
7/2/2011

Routing Table overview
Routing Mode- show ip route shows all static and dynamic routes
To see the routing table for the Routed IP interfaces, you must be in router mode
for B, C, and G-Series routers.
C2(su)->router> show ip route
C
C
C
C
S
S

192.168.1.0/24 [cost 0] via 172.16.0.51, Vlan 123
192.168.100.0/24 [cost 0] via 172.16.0.37, Vlan 123
57
Enterprise Routing
OSPF Configurations
Version 4.03

All
29
7/2/2011
Enterprise Routing - OSPF

Overview of OSPF Routing Protocol
OSPF primary characteristics:

- It is open in that its specification is in the public domain
- It is based on Dijkstras Shortest Path First algorithm
Developed by the Interior Gateway Protocol (IGP) working group of the IETF
(mid-1980s)
- RFC 2328
- RFC 1583
OSPF was created because RIP was increasingly unable to serve large,
heterogeneous networks
- Routing loops occurred with sudden topology changes
- Using distance metric to determine reachability resulted in count to Infinity delays
- Slow convergence
Uses the best effort transport mechanism of IP

- Protocol number 89
- Uses both IP Unicast and Multicast addresses
- 224.0.0.5 (AllSPFRouters)
- 224.0.0.6 (AllDRRouters)
59

Faster convergence than distance vector algorithms

A more descriptive routing metric
- Configurable per outbound interface
- Interface value between 1 and 65,535
Equal-cost multipath
- If multiple equal cost paths to a destination exist, the paths are inserted in routing table
- Load balancing among the routes
- Default path costs are 10
Routing Hierarchy
- Routing domain can be divided into areas for ease of management and control
- Support for route summarization and aggregation by area
Security
- Simple or MD5 Authentication

All
60
30
7/2/2011

Link State Advertisements (LSAs)

- Describe local piece of routing topology
- As accumulated from all routers in area/domain, form a link state database
Link State Database

- Describes complete routing topology
- Identical for all the routers within the same area, when a network has converged
- Distributed, replicated database model
- Routing table is re-computed from database only when topology changes occur
Distribution of LSAs uses reliable flooding

- Link State Updates advertise topology changes and keep entries up-to-date
- Large RIP update packets advertise entire route table every 30 seconds age out in 90 sec
- Individual entries are refreshed every 30 minutes age out after 60 minutes
- Uses multicasting to minimize network disruption
- Has its own acknowledgement protocol to ensure reliable packet delivery
61

The network topology must appear consistent - the link state database must be
identical on all routers
All entities in the routing domain use unique 32 bit numbers for identification
- Routers are assigned a router ID normally based on their IP address
- Networks either use their network id or IP address of a router interface on that network
- Areas are strictly administratively assigned
Routers use OSPF Hello protocol to identify neighbors and maintain neighbor
relationships
Only Routers in an adjacency state of are permitted to exchange link state
information
- The necessity of ensuring consistency in the LSDB prohibits simple broadcasting on route
information.
- Flooding information uses a split horizon technique
In multi-access networks, a Designated Router (DR) is elected to ensure

reliable distribution of LSAs.
- Backup Designated Router (BDR) is also elected

All
62
31
7/2/2011

63

The OSPF Area - Definition
Definition of an OSPF area
- Consists of a collection of network segments and interconnected routers
- Identified by area Id using dotted-decimal format (Ex: 0.0.0.1)
- ID has no association with IPv4 addresses of IPv4 nodes in the area
- When an IPv4 interface is enabled with OSPF, it is associated with an area
- Each routers interface belongs to only 1 area; therefore,

- Each network belongs to only 1 area
- A router may belong to multiple areas having interfaces in different areas
- Multiple networks and router interfaces may belong to a single area
Example:
AREA 0.0.0.34
10.10.10.1/24
AREA: 0.0.0.34
AREA 0.0.0.0
20.30.20.1/24
20.30.20.2/24
AREA: 0.0.0.0 AREA: 0.0.0.0
50.30.20.2/24
AREA: 0.0.0.0
10.10.10.2/24
AREA: 0.0.0.34
10.10.10.0/24
20.30.20.0/24
50.30.20.0/24

All
88
32
7/2/2011

The OSPF Area - Implications
OSPF Router Classification:

- Area Border Router (referred to as ABRs)
- Router that has interfaces in at least two different areas
- Autonomous System Border Router (referred to as ASBRs)

- Router that has interface running a different routing protocol
- Internal Router:
- Routers interfaces completed contained within an OSPF area
BGP IGP Domain
Example:
OSPF IGP Domain
AREA 0.0.0.34
AREA 0.0.0.0
10.10.10.1/24
AREA: 0.0.0.34
20.30.20.1/24
AREA: 0.0.0.0
10.10.10.2/24
AREA: 0.0.0.34
20.30.20.2/24
AREA: 0.0.0.0
10.10.10.0/24
50.30.20.2/24
AREA: 0.0.0.0
50.30.20.0/24
20.30.20.0/24
89

Inter-Area Routing Example
Area 0.0.0.2
Intra-Area
Routes
Inter-Area
Routes
40.0.0.0/24
10.0.0.0/24
30.0.0.0/24
20.0.0.0/24
50.0.0.0/24
50.0.0.0/24
Area Border Routers
60.0.0.0/24
Area 0.0.0.1
60.0.0.0/24
10.0.0.0/24
Backbone
20.0.0.0/24 Area 0.0.0.0
30.0.0.0/24
40.0.0.0/24
C
A
Area 0.0.0.2
Area 0.0.0.0
Area 0.0.0.1
Intra-Area
Routes
Inter-Area
Routes
50.0.0.0/24
10.0.0.0/24
60.0.0.0/24
20.0.0.0/24
Intra-Area
Route
Inter-Area
Route
30.0.0.0/24
10.0.0.0/24
30.0.0.0/24
40.0.0.0/24
20.0.0.0/24
40.0.0.0/24
50.0.0.0/24
60.0.0.0/24

All
66
33
7/2/2011

Stub Areas
Summaries
from Area
0.0.0.1
A dead-end area
There are no other ways to enter
ASBR
Summaries
from Area
0.0.0.0
ASBR
ABR
or exit the stub area except via the ABR

The reason for building stub areas is
Normal
0.0.0.0
Stub
0.0.0.1
to further reduce the size of routing tables

AS-external-LSAs are not flooded into Stub Areas
Routing to external designations from Stub Areas are
A
Default
Route
based on Default Routes originated by a Stub Areas ABR.

Summary LSAs can also use the Default Route for Inter-area routing.
Criteria:
- Stub areas must not have an ASBR
- Stub areas should have one ABR
- Or, if more than one, accept non-optimal routing paths to the External AS
- No Virtual Links allowed in a stub area

67

Stub Areas
Totally Stubby Area (TSA)

- TSA differ from Stub areas in that there are not even summary routes injected into the
TSA.
- The only route that is injected by the ABR is the default route.
- All inter-area routes follow the default for all destinations both internal and external to
the OSPF domain.
Not-So-Stubby Areas (NSSA)

- NSSA is defined in RFC 1587
- Similar to existing OSPF stub area configuration
- Capability to importing AS external routes in a limited fashion
- An ASBR in the NSSA will inject Externals using Type 7 LSA

All
68
34
7/2/2011

OSPF Features
Common OSPF Features Supported on

S Series, DFE, C2/C3 /C5, & G3
- ECMP
- Timers
Hello
- Authentication
- Simple
Dead
Retransmit Interval
Transmit delay
- MD5
spf
- Redistribution
- Cost
- Static
- Priority
- Rip
- Stub
NSSA
- Direct
Totally Stub
- BGP **
- IS-IS **
- OSPF
- Virtual Links
- Summarization
- Route Administrative Distance

- Specify Neighbor router
- Not supported in C2/C3/C5
**Supported on the S Series Router 7.21

firmware and above
- Passive Interface
69

OSPF Features
OSPF Equal Cost Multiple Path (ECMP)

- S=8
- N (Platinum/ Diamond) = 8
- N (Gold) = 4
- G=4
- C2/C3/C5 = 4

All
70
35
7/2/2011

ECMP
71

ECMP
Router#show ip route
Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interarea

E1 - 0SPF external type 1, E2 - 0SPF external type 2
* - candidate default, U - per-user static route, o - ODR
1.1.1.0/24 [0/1] directly connected, Vlan 10
4.4.4.0./24 [110/20] via 2.2.2.2, Vlan 20
5.5.5.0./24 [110/20] via 3.3.3.2, Vlan 30
6.6.6.0/24 [110/30] via 3.3.3.2, Vlan 30
127.0.0.0/24 [0/1] directly connected, Lo
via 2.2.2.2, Vlan 20

All
72
36
7/2/2011

Simple Configuration Process
OSPF Process
Disable GVRP and spanning tree
VLAN setup Create VLANs and assign ports to VLANs

Configure VLAN interfaces
Create an OSPF instance
OSPF
Configuration Configure OSPF networks and areas
Ensure the advanced routing license is setup
C2/C3/C5
Enable OSPF at VLAN interface level
additional
OSPF steps Create Router ID (must be done before enabling
OSPF at global level).
73
Enterprise Routing OSPF

OSPF config C2/C3/C5 & G-Series only
From router config mode:

Create an OSPF instance
- router ospf 10
Create a Router ID
- Router id 5.5.5.5
From each vlan interface (C2/C3/C5)

Associate the vlan to an area
- ip ospf areaid 0.0.0.0
Be sure to enable OSPF on each VLAN

- ip ospf enable
Note: The C2/C3/C5 & G3 requires an advanced license to Route OSPF


All
74
37
7/2/2011

Create an OSPF Config
N & S Series OSPF configuration
From config mode, create an OSPF instance

- router ospf 10
Use network command and reverse mask to associate subnets with OSPF
instance. Set area that subnet is a part of.
- network 20.1.2.0 0.0.0.255 area 0.0.0.0
- network 20.1.3.0 0.0.0.255 area 1
Note: The N & Series require an advanced license to Route OSPF
75

Examining OSPF Information

Show ip route
Show ip ospf
Show ip ospf interface
Show ip ospf neighbor
Show ip ospf area 0.0.0.0
Show ip ospf database

All
76
38
7/2/2011

Show ip route
Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interarea
S
S
S
O
O
O
C
C
C
O
O
O
C
C
111.1.3.0/24
111.1.2.0/24
111.1.1.0/24
IA 30.1.3.0/24
IA 30.1.2.0/24
IA 30.1.1.0/24
20.1.3.0/24
20.1.2.0/24
20.1.1.0/24
IA 10.3.2.0/24
IA 10.2.1.0/24
IA 10.3.1.0/24
10.1.2.0/24
10.1.1.0/24
[20/0] via 10.1.1.2, Vlan 11

[20/0] via 10.1.1.2, Vlan 11
[20/0] via 10.1.1.2, Vlan 11
[110/40] via 10.1.2.2, Vlan 12
[110/40] via 10.1.2.2, Vlan 12
[110/40] via 10.1.2.2, Vlan 12
[0/1] directly connected, Vlan 11
[110/30] via 10.1.2.2, Vlan 12
[110/20] via 10.1.2.2, Vlan 12
[110/40] via 10.1.2.2, Vlan 12
77

Show ip ospf
Routing Process "ospf 10 " with ID 10.1.1.1

Supports only single TOS(TOS0) route
It is an internal router.
Summary Link update interval is 0 seconds.
External Link update interval is 0 seconds.
Redistributing External Routes from,
Number of areas in this router is 1
Area 0.0.0.1
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm executed 2 times
Area ranges are
Link State Update Interval is 0:30:00 and due in 0:16:38.
Link State Age Interval is 0:00:00 and due in 0:00:00.

All
78
39
7/2/2011

Show ip ospf interface

R1(su)->show ip ospf interface vlan.0.10
Internet Address 192.168.1.5 Mask 255.255.255.0, Area 0.0.0.0
Router ID 192.168.1.5, Cost: 10 (computed)
Transmit Delay is 1 sec, State other-designated-router, Priority 10
Designated Router id 192.168.1.1, Interface Addr 192.168.1.5
Backup Designated Router id 192.168.1.2,
Timer intervals configured, Hello 10, Dead 40, Retransmit 5
79

Show ip ospf area 0.0.0.0
Router4(su)->router>show ip ospf area 0
AreaID
0.0.0.0
Link State Age Interval
10
External Routing
Import External LSAs
Spf Runs
10
Area Border Router Count
0
Area LSA Count
0
Area LSA Checksum
0
Stub Mode
Disable
Import Summary LSAs
Enable

All
80
40
7/2/2011

Show ip ospf database
OSPF Router with ID(10.1.1.1)

Displaying Net Link States(Area 0.0.0.1)
LinkID
ADV Router Age
Seq#
Checksum
10.1.2.2
10.1.2.2
102 0x80000005 0x4ecd
Displaying Router Link States(Area 0.0.0.1)
LinkID
ADV Router
Age
Seq#
Checksum LinkCount
10.1.1.1
10.1.1.1
123 0x80000009 0xa93b
5
10.1.2.2
10.1.2.2
92 0x80000009 0x53b1
1
Displaying Summary Net Link States(Area 0.0.0.1)
LinkID
ADV Router
Age
Seq#
Checksum
10.3.1.0
10.1.2.2
142 0x80000005 0x62bb
10.3.2.0
10.1.2.2
142 0x80000005 0xf234
10.2.1.0
10.1.2.2
142 0x80000005 0xa58d
30.1.1.0
10.1.2.2
1114 0x80000005 0x7596
30.1.2.0
10.1.2.2
1104 0x80000005 0x6aa0
30.1.3.0
10.1.2.2
1094 0x80000005 0x5faa
81
Enterprise Routing OSPF

Advanced Configuration Process
Advanced OSPF configuration
Redistribute Routes
Setting the Router ID to the loopback address
Set the Designated Router
Setup Stub Areas
Stub
NSSA
Configure summarization
Setup Authentication
Simple
MD5

All
82
41
7/2/2011

Redistribute Routes
Router1 (su-config)->
New Path Cost
Router1 (su-config)-> router ospf 10
Router1 (su-config-ospf-10)-> redistribute static metric 22 subnets
Include all subnets
Router1 (su-config-ospf-10)-> redistribute connected subnets

Router1 (su-config-ospf-10)-> exit
83

Setting the Router ID to the loopback address

Router1 (su-config)->interface loopback 1
Router1 (su-config -intf-loop.0.1)-> ip address 1.1.1.1 255.255.255.255
Router1 (su-config -intf-loop.0.1)-> no shutdown
Router1 (su-config -intf-loop.0.1)-> exit
Router1 (su-config)-> Router OSPF 10
Router1 (su-config-ospf-10))-> router-id 1.1.1.1
Router1 (su-config)-> show running-config

router ospf 10
router-id 1.1.1.1
log-adjacency
exit

All
84
42
7/2/2011

Set the Designated Router priority
N & S-Series
Router1 (su-config)-> interface vlan 11
Router1 (su-config- intf-vlan.0.11)-> ip ospf priority 100
Router1 (su-config- intf-vlan.0.11)-> exit
C & G Series:
Router2>Router(config)# interface vlan 12
Router2>Router(config-if(Vlan 12))#ip ospf priority 100
Router2>Router(config-if(Vlan 12))#exit
85

Setup Stub Areas
Stub
Router1 (su-config-ospf-10)-> area 0.0.0.1 stub
Router1 (su-config-ospf-10)->exit
NSSA
Router2(su)->Router(config)#router ospf 10
Router2(su)->Router(config-router)#area 0.0.0.2 nssa default-information-originate
Router2(su)->Router(config-router)#exit

All
86
43
7/2/2011

Summarization

Router1 (su-config-ospf-10)-> area 0.0.0.1 range 20.1.0.0 255.255.0.0
87

Setup Authentication (Simple)
C2/C3/C5 & G Series
Router2>Router(config)# interface vlan 12
Router2>Router(config-if(Vlan 12))#ip ospf authentication-key redsox
S & N Series
Router1 (su-config-ospf-10)-> area 0.0.0.1 authentication simple
Router1 (su-config) interface vlan 12

Router1 (su-config-intf-vlan.0.12) ip ospf authenticationkey redsox
Router1 (su-config-intf-vlan.0.12) exit

All
88
44
7/2/2011

Setup Authentication (MD5)
C2/C3/C5 & G Series
Router2(su)->Router(config)#interface vlan 32
Router2(su)->Router(config-if(Vlan 32))#ip ospf message-digest-key 22 md5 pats05
Router2(su)->Router(config-if(Vlan 32))#exit
S & N-series
Router1(su-config)->router ospf 10
Router1 (su-config-ospf-10)->area 0.0.0.2 authentication message-digest
Router1 (su-config-ospf-10)->exit
Router1 (su-config)->interface vlan 32
Router1 (su-config-intf-vlan.0.32)ospf message-digest-key 22 md5 pats05
Router1 (su-config-intf-vlan.0.32)->exit
89

Multi-Area Configuration Example
OSPF Configuration Lab
Create OSPF Instance
Create IP Interfaces
Add IP OSPF Networks and Areas
Add IP Address to IP interfaces
Set the Designated Router
Add Secondary IP Addresses
Redistribute Static Routes
Add Static Routes
Setup Summarization
Set the Router ID to Loopback Interface
Setup Authentication
Simple
MD5
RID 3.3.3.3
RID 1.1.1.1
RID 2.2.2.2

All
90
45
7/2/2011
Enterprise Routing
LSNAT Configuration
Version 4.03
Enterprise Routing LSNAT

LSNAT Overview: What is LSNAT?
Load Sharing Network Address Translation
LSNAT is a load balancing routing feature designed to provide load sharing

network services between multiple servers grouped into server farms
It can be tailored to an individual server service without requiring any

modification to clients or servers.
Examples of wellknown services are HTTP on port 80, SMTP (email) on

port 25, or FTP on port 21.

All
92
46
7/2/2011

LSNAT Overview: LSNAT Configuration Components
There are three LSNAT configuration components:
- The client that is requesting a service from the server

- The virtual server, configured on the LSNAT router. The virtual server intercepts the
service request from the client and determines the physical (real) server the request
will be forwarded to
- The server farm which is a logical entity containing the multiple real servers, one of
which will service the clients request
93

LSNAT Overview: How Does It Work?
A request for service is sent by the client to the server farm. The destination
address for the service request is the virtual servers unique Virtual IP
(VIP)address.
A VIP address can be an IP address or an IP address and port address

combination. The same IP address can be used for multiple virtual servers if
a different port address is used.
The LSNAT configured router recognizes the VIP address and knows that
LSNAT must select a real server to forward the request to.
Before forwarding the request, based upon the server load balancing
process configured, LSNAT selects the real server for this request.

All
94
47
7/2/2011
Enterprise Routing LS-NAT

LSNAT Overview: How Does It Work (continued)?
LSNAT changes the destination IP address from the VIP address to the
address of the selected real server member of the server farm associated
with the VIP address.
The packet is then forwarded to the selected real server.
The real server sends a service response back to the client with its address
as the response source address.
At the router, LSNAT sees the real server address and knows it must first
translate it back to the VIP address before forwarding the packet on to the
client.
95

LSNAT Overview: How Does It Work (continued)?

All
96
48
7/2/2011

LSNAT Overview: Why Would I Use LSNAT?
Server Load Sharing

- When a single server is not able to cope with the demands of multiple client sessions
Reliability
- Server reliability is increased by allowing you to take individual servers offline without with
out ongoing service operations
Redundancy
- Load sharing also provides redundancy in the case of a server failure. LSNAT
automatically removes the failed server from the selection process.
Security
- Security is improved since only the VIP is known, not the real server IP addresses
Performance
- LSNAT improves network performance by leveling traffic over many systems
- Using LSNAT in conjunction with Aggregate Links removes the performance bottleneck
concerns of one physical link to a server by bundling multiple switch to server links
97

Implementing LSNAT
1. Configure one or more server farms by:

- Specifying a server farm name
- Configuring real servers as members of the server farm
- Specifying a load balancing algorithm for each server farm
2. Configure each real server by:

- Enabling the real server for service
- Optionally specifying a round robin weight value for this real server
3. Configure a virtual server by:

- Specifying a virtual server name
- Associating a virtual server with a server farm
- Configuring a virtual server IP address (VIP)
- Enabling a virtual server for service

All
98
49
7/2/2011

LSNAT Configuration Considerations
The following considerations must be taken into account when configuring

LSNAT:
- Supported on N & S-Series Routers
- ALL modules in the chassis must have upgraded memory to 256 MB, and must have an
advanced license activated. (N-Series Only)
- A server farm cannot be shared by different virtual servers.
- In order to edit or delete a virtual server or real server (serverfarm) configuration, the
devices must be first configured out of service, using the no inservice command, before
the changes will be allowed.
99

LSNAT Configuration

All
100
50
7/2/2011
Enterprise Routing
Transparent Web Cache Balancing
(TWCB)
Version 4.03
Enterprise Routing TWCB

TWCB Overview: What is TWCB?
Transparent Web Cache Balancing (TWCB)
TWCB provides for the storing of frequently accessed web objects on a

cache of local servers
Each HTTP request is transparently redirected by an N/SSeries router to a

configured cache server.
When a user first accesses a web object, the object is stored on a cache
server. Each subsequent request for the object uses the cached object,
avoiding the need to access the host web site.

All
102
51
7/2/2011

TWCB Overview: Why Would I Use TWCB?
Web caching reduces network traffic and aides in optimizing bandwidth usage by localizing web
traffic patterns
Web caching allows endusers to access web objects stored on local cacheservers with a much
faster response time than accessing the same objects over an internet connection or through a
default gateway
Transparency, TWCB is transparent to the user, web traffic is automatically rerouted to the webcache server
Load balancing, TWCB provides for load balancing across all cacheservers of a given server
farm. The farm can be configured so heavy webusers can be distributed across server resources
using a predictor roundrobin algorithm.
Scalability, TWCB provides by the ability to associate up to 128 cacheservers with the web-cache.
103

Implementing TWCB
Implementing TWCB requires a routed network with IP interfaces that allow

the N or SSeries router to send requests for the internet to the correct web
caching device
There are five aspects to TWCB configuration:
1. Creating the Server Farm which is used to cache the web objects and populate them
with cacheservers.
2. Associating heavy webusers with a roundrobin list which caches those users web
objects across all servers associated with the configured server farm.
3. Specifying the hosts whose HTTP requests will or will not be redirected to the
cacheservers.
4. Creating a webcache that the server farms will be associated with
5. Apply the caching policy

All
104
52
7/2/2011

TWCB Configuration
A TWCB configuration is made up of one or more cacheservers that are

logically grouped in a server farm and one or more server farms that are
associated with a webcache
There are four TWCB configuration components:
1. The server farm: Consists of a logical grouping of cacheservers. Each server farm
belongs to a webcache.
2. The cache server: A physical server on which an enduser cache resides. Each cache
server belongs to a server farm. You can configure up to 128 cache servers per
webcache
3.
The webcache: A logical entity in which all server farms reside. The current TWCB
implementation supports a single webcache. You create a webcache by naming it in
router configuration command mode.
4. The outbound interface: Typically an interface that connects to the internet. It is the
interface that will be used for redirecting web objects from the host web site to the
cache server
105

TWCB Configuration (continued)

All
106
53
7/2/2011

TWCB Configuration (continued)
1. Configure one or more Server Farms by:

- Specifying a server farm name
- Associating cache servers with the server farm
- Optionally, configuring a predictor round-robin list
2. Configure the Cache Servers by:

- Assigning each server a cache ip-address
- Setting the cache server fail detection method
- Placing the cache server in service
3. Configure the Web-Cache by:

- Specifying a web-cache name
- Adding the specified server farm to the web-cache
- Placing the web-cache in service.
4. Configure the Outbound Interface by:

- Setting the redirect for outbound HTTP traffic from this outbound interface to the cache servers
107

TWCB Configuration Considerations
The following considerations must be taken into account when configuring

TWCB:
- Supported on N & S-Series Routers
- TWCB is an advanced routing feature. It is standard on the S, and requires a license on
the N.
- A minimum of 256 MB of memory is required on all DFE modules in order to enable
TWCB. (N-Series Only)
- In order to edit or delete a cache server configuration, the server must be first configured
out of service, using the no inservice command, before the changes will be allowed
- The cacheservers should have a webbased proxy cache running. The Squid application
is an example of a webbased proxy cache

All
108
54
7/2/2011
Enterprise Routing
ACL Configurations
Version 4.03
Enterprise Routing ACLs

IP Access Control Lists
Access Control Lists filter IP packets based upon specified characteristics
Depending on the product ACLs may be applied to router interfaces as access

groups, either inbound, outbound or both
Enterasys routers support the configuration of both standard and extended

ACLs.
A standard ACL supports traffic control based on only the source IP address.
An extended ACL supports traffic control based on both the source and destination IP
address, as well as protocol and layer 4 port.
All ACLs are set with an implicit deny all rule as the last rule upon ACL creation.
N and S-Series Routers support the creation on both numbered and named ACLs in
Release 7.0
ACLs may be created in two different ways

1. Standard and Extended, numbered and named ACL configuration rules can be added,
deleted, or modified through CLI commands from router configuration mode.
2. Standard and Extended, numbered and named ACL configuration rules can be added,
deleted, or modified using ACL Manger, which is accessible via NetSight Console.

All
110
55
7/2/2011

IP Access Control Lists
Enterasys Platform Support of Access List
Access-List
Standard
N-series
Diamond
N-series
Platinum
Nseries
Gold
S Series
C2/C3
C5
B5
B3
G3
Access-List
Extended
*
*
Named ACLs,
Standard/Extende
d
*
*
Interface Inbound
Interface
Outbound
Max ACL Rules
5,000
5,000
1,000
5000
100
400
200
100
100
Maximum Rules
per group
999
999
999
999
* Requires advanced routing features software license.
111

Access Control List (ACL) Configuration
An ACL Filters traffic permitting or denying on a packet basis
Support for inbound or outbound filtering is based on platform
Configuration Limits
-
Only one inbound and one outbound (if suppported) ACL, standard or extended, may be
statically applied per interface.
An ACL can contain up to a set maximum number of rules plus the implicit deny all rule.
ACL rules are added and deleted to an ACL group through CLI commands from router
configuration CLI mode or NetSight ACL Manager.

All
112
56
7/2/2011

ACL Configuration, Router CLI
Standard ACL rule creation

C2(su)->router(Config)# access-list number {deny | permit} <src-addr>
Example:
C2(su)->router(Config)# access-list 15 deny 172.158.12.23
Valid number values are between 1 and 99 for standard ACLs.
Extended ACL rule creation

-
For TCP or UDP with source and destination IP addresses

C2(su)->router(Config)#access-list number {deny | permit} {tcp | udp} <src-addr> eq port
<dst-addr>
Example:
C2(su)->router(Config)# access-list 108 deny tcp 10.1.2.0 0.0.0.255 eq 80 any
For just source and destination IP addresses

C2(su)->router(Config)#access-list number {deny | permit} ip <srcaddr> <dst-addr>
Example:
C2(su)->router(Config)# access-list 101 permit ip any any
Valid number values are between 100 and 199 for extended ACLs.
113

Applying ACLs, Router CLI
C2/C3/C5 & G Series

- ACLs can only be applied to packets inbound on IP interfaces.
- ACLs are applied to VLAN-based IP interfaces.
- To apply an access list to an interface, use the following commands from the
router interface configuration mode
router(Config)# interface vlan vlan-id
router(Config-if(Vlan id))# ip access-group number in
- To remove an ACL from an interface

router(Config-if(Vlan id))#no ip access-group number in
- Rule changes take effect immediately

All
114
57
7/2/2011

N & S-Series
- The N & S-Series systems allows a total of 5,000 access rules to be applied to
Access Control Lists (ACLs)
- Individual ACL groups will support up to 999 access rules.
- 200 ACL groups can be created for both standard and extended
- For standard ACLs, valid values are 1 to 99 or named
- For extended ACLs, valid values are 100 to 199 or named
- To configure extended ACLs on N Gold and Platinum DFEs the advanced routing license is
required.
- To add an ACL and ACL rule:

N3 Chassis(su-config)->ip access-list standard 1
N3 Chassis(su-cfg-std-acl-1)->permit 192.5.34.0 0.0.0.255
N3 Chassis(su-cfg-std-acl-1)->exit
N3 Chassis(su-config)->
- To insert or replace an ACL entry:

N3 Chassis(su-cfg-std-acl-1)-> insert before 5 permit 1.35.1.1 0.0.0.255
N3 Chassis(su-cfg-std-acl-1)-> replace 7 permit 201.1.1.4 0.0.0.255
115

N & S-Series
- To move entries within an ACL:
N3 Chassis(su-cfg-std-acl-1)-> move before 2 from 3 to 6
N3 Chassis(su-cfg-std-acl-1)-> exitt
- To show ACLs:
N3 Chassis(su-config)->show access-lists
Standard IP access list 1 (9 entries)
1 permit 192.5.34.0 0.0.0.255
2 deny host 201.201.201.201
3 deny 201.1.1.1 0.0.0.255
4 permit 1.35.1.1 0.0.0.255
5 deny 201.1.1.2 0.0.0.255
6 deny host 101.101.101.101
7 deny 201.1.1.3 0.0.0.255
8 permit 201.1.1.4 0.0.0.255
-- implicit deny all
To assign an IP access list to an interface, use the command ip access-group

N3 Chassis(su-config-intf-vlan.0.10)->ip access-group {name/number} in/out

All
116
58
7/2/2011

Additional Product Information
ACL Logging, optionally, a user can configure N & S Series Routers to log
traffic hits of ACL rules through syslog messaging
Example:
N3 Chassis(su-cfg-std-acl-1)->permit 100.1.1.1 0.0.0.255 {log or log-verbose}
- Appending the log parameter to an ACL rule, allows the router to keeps track of ACL rule
hits for a defined parameter set. When access-list 102 is applied to an interface, traffic
matching this rule will be denied, and the event will be passed by the router to a syslog
server for logging purposes.
- Note: ACL rule match logging is intended to be used as a diagnostic/troubleshooting tool.

Since enabling logging increases host processing, you should keep logged traffic to the
minimum amount necessary.
117

Additional Product Information

All
118
59
7/2/2011

Managing ACLs Router CLI
Amending ACL rules

- To change a rule use
...# access-list number replace number <rule...>
- To create a rule out of sequence

...# access-list number insert number <rule...>
- To reorder a rule or group of rules by moving them before a specific rule

...# access-list number move number number [ number ]
Removing ACL rules

- Remove the ACL and all its rules
...# no access-list acl-number
- Remove a specific rule in an acl

...# no access-list acl-number rule#
- Remove a range of rules in an ACL

...# no access-list acl-number rule# rule#
119

Displaying ACLs Router CLI
Displaying ACLs
- To display the current ACLs configured on the C2/C3, use the following
command from router mode:
C2(su)->router> show access-lists [number]
- Example:
C2(su)->router> show access-lists
Standard IP access-list 10
1: permit 192.168.100.0 0.0.0.255
2: permit 192.168.200.0 0.0.0.255
3: permit host 192.168.30.1
4: deny 192.168.0.0 0.0.255.255
5: deny 172.16.0.0 0.0.255.255
6: permit any
Extended IP access list 110
1: permit tcp host 10.1.2.3 eq 17 any
2: deny udp host 14.9.123.52 eq 512 14.0.0.0 0.255.255.255
3: permit tcp host 125.34.12.4 eq 25 host 15.23.19.3

All
120
60
7/2/2011

Displaying ACLs Router CLI
Displaying IP Interface parameters

- To display the current ACLs applied on the C2/C3/C5, use the following
command from router mode:
C2(su)->router> show ip interface vlan [number]
- Example:
C2(su)->router> show ip interface vlan 123
Vlan 123 is Admin UP
Vlan 123 is Oper UP
Primary IP Address is 172.16.0.1
Frame Type Ethernet
MAC-Address 0001.F45F.49C5
ip access-group 64 in
Outgoing AccessList is not set
MTU is 6145 bytes
ARP Timeout is 1 seconds
Direct Broadcast Disabled
Proxy ARP is Disabled
Mask
255.255.255.0
121

Accessing NetSight ACL Manager

All
122
61
7/2/2011

123


All
124
62
7/2/2011

ACL Manager : Creating an ACL
125

ACL Manager : Creating an ACL Rule

All
126
63
7/2/2011

127


All
128
64
7/2/2011

129

ACL Manager : Assigning ACLs To An Interface

All
130
65
7/2/2011

ACL Manager : Enforcing
131

ACL Manager: Additional Product Info
How ACL Names are Determined on a Device:

- If the device only supports numbered ACLs (N-Series, firmware version 6.0 and above), ACL Manager must
assign a number for the ACL when it is enforced to the device.
- If the ACL is a standard ACL, ACL 199 will be used
- For first ACL enforced, ACL Manager will attempt to use 1. If 1is already in use, ACL Manager will consider 2. If
2 is in use, ACL Manager will consider 3, 4, 5, etc
- If the ACL is an extended ACL, ACL 100199 will be used
- For first ACL enforced, ACL Manager will attempt to use 100. If 100 is already in use, ACL Manager will
consider 101. If 101 is in use, ACL Manager will consider 102, 103, 104, etc
- If the device supports named & numbered ACLs (N & S-Series, version 7.0 and above) ACL Manager will
enforce ACL to device using the ACL name.
- For N-Series platforms using firmware versions 7.0 and above, when creating an ACL via ACL Manager, the
ACL must be created as an S-Series type ACL in order for the ACL to be written successfully to the NetSight
database

All
132
66
7/2/2011

ACL Manager: Additional Product Info
ACL Manager is supported on the following products:

- N-Series Firmware Version 6.0 and later
- S-Series Firmware Version 7.0 and later
- X-Series Firmware Version 1.6 and later
- XSR Series Firmware Version 7.6 and later
133
Enterprise Routing ACLs and PBR

Policy Based Routing
Policy Based Routing (PBR)- Allows packets that meet an ACLs criteria to be looked up in a route
map to determine the next hop.
This allows packets that meet one criteria to go one direction while those that meet a different
criteria to go another way, all without the use of a routing protocol.

All
134
67
7/2/2011

RouterA(su-config)->show ip route
Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF
interarea
type 2
O IA 10.1.4.0/24 [110/20] via 10.1.3.2 Vlan 13
C
C
C
C
135

Configuring Policy Based Routing
Create an ACL
RouterA(su-config)->ip access-list extended 101
RouterA(su-cfg-ext-acl-101)->permit ip 10.1.1.0 0.0.0.255 10.1.4.0 0.0.0.255
Create a route-map entry

RouterA(su-config)->route-map policy 101
Check for an acl match

RouterA(su-config-route-map-pbr)->match ip address 101
Set the route for the match

RouterA(su-config-route-map-pbr)->set next-hop 10.1.2.2
Go to the VLAN interface

RouterA(su-config)->interface vlan 10
Assign the route-map to that VLAN

RouterA(su-config-intf-vlan.0.10)->ip policy route-map 101

All
136
68
7/2/2011

VLAN 10
RouterA(su-config)->show ip route
Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF
interarea
type 2
O IA 10.1.4.0/24 [110/20] via 10.1.3.2 Vlan 13
C
C
C
C
RouterA(su-config)->ip access-list extended 101

RouterA(su-cfg-ext-acl-101)->permit ip 10.1.1.0 0.0.0.255 10.1.4.0
0.0.0.255
RouterA(su-config)->route-map policy 101
RouterA(su-config-route-map-pbr)->match ip address 101
RouterA(su-config-route-map-pbr)->set next-hop 10.1.2.2
RouterA(su-config-route-map-pbr)->exit
RouterA(su-config)->interface vlan 10
RouterA(su-config-intf-vlan.0.10)->ip policy route-map 101
137
Enterprise Routing
Multicast Routing
Version 4.03

All
69
7/2/2011
Enterprise Routing - Multicast Routing

Multicast Routing
Video Conferencing Source

Rendezvous
Router
Designated
Router
192.18.0.32
Last-Hop
Router
Multicast dataflow
Switch
Sales
No receivers
139

Multicast Introduction
In a routed environment, data communications has traditionally been IP Unicast

(one host to one host) and IP Broadcast (one host to every host) transmissions.
Requirements for one to many, many to many and many to one data
transmissions are standardizing.
Multicast protocol applications solve the inefficient way that traditional unicast
transmissions route these types of traffic.
A single packet is transmitted toward multiple receivers.
Unlike broadcasts, receivers are scattered across multiple networks.
To ensure efficient packet delivery, routers must:

-
Never forward packet back toward the source

Replicate packet as needed and forward out all interfaces that lead to intended
recipients
Do not forward packet out interfaces that do not lead to recipients
I.e., never flood packets

All
140
70
7/2/2011

Multicast Introduction
Protocol Independent Multicast-Sparse Mode (PIM-SM) is used for forwarding

multicast data on a network.
- Uses the well-known multicast IP address 224.0.0.13 (ALL-PIM-ROUTERS group).
- Uses the Internet Group Management Protocol (IGMP) to determine group memberships.
- For PIM-SM, you must configure a unicast routing protocol such as, OSPF
- It explicitly constructs a tree from each sender to the receivers in a multicast group.
141

IGMP Overview
The Internet Group Management Protocol (IGMP) controls multicast membership

of IP hosts and routers for multicast groups and is comprised of three key
components: a Server, a Querier, and Hosts:
1. Server
A Server is a station that sends a IP multicast data stream with a particular multicast
destination IP and MAC Address.
2. Querier
A Querier is a switch or router that manages IGMP group memberships for a
network and communicates with the Hosts on the LAN segment to establish these
memberships.
Only one Querier exists per LAN segment. This may be implemented by a layer 2 or
layer 3 device.
The lowest IP address assumes the role of Querier for a LAN segment.
3. Hosts
Hosts are IGMP clients who wish to participate in the IGMP groups for the receipt of
multicast traffic.

All
142
71
7/2/2011

IGMP Overview
IGMP configuration can be performed on either a switch or a router depending

on the vendor implementation.
-
The IGMP configurable values include igmp enable/disable, query-enable/disable,

igmp version, max response time, query interval, robustness variable and last
membership interval.
IP hosts use IGMP to request multicast packets associated to a particular

multicast group by sending an IGMP join message.
-
When a host joins a group, it sends an IGMP Join (Report) message.
When a host leaves a group, it sends an IGMP Leave Group message.
Multicast routers use IGMP to determine which directly attached networks

have hosts that want to receive multicast traffic destined to a particular
multicast address.
-
When a querier wants to discover if on-link hosts want to receive multicast traffic, it
sends an IGMP Query message.
143

IGMP Overview
Solicited Join
3.
The router sends a query
4.
The host response with a Join
5.
The router sends the stream
Network A
2.
Switch 2
Receiver 1
The switch floods

multicast traffic (IGMP
snooping is not enabled)
to the router
Switch 1
Unsolicited Join
& IGMP Leave
Router 1
Multicast
Server
Switch 3
Receiver 2
6.
The host sends a Join
7.
The router sends the stream
8.
The host sends an IGMP Leave and

stops receiving the stream
1.
The multicast
stream is sent to the
switch by the host
(server)

All
144
72
7/2/2011

PIM-SM Overview
Protocol Independent Multicast-Sparse-Mode (PIM-SM) is used to efficiently route IP

packets to multicast groups.
Although configuration of a unicast routing protocol such as OSPF is required with PIM,
PIM-SM is protocol independent. That is, it does not rely on any one particular underlying
routing protocol to operate. It can function using routes from, OSPF, RIP, static
configuration, or a combination of unicast route types.
PIM relies on IGMP to determine group memberships and uses unicast routes to perform
reverse path forwarding (RPF) checks, which are essentially route lookups on the multicast
source.
PIM-SM works on the assumption that recipients for any multicast group will be sparsely
distributed throughout a network. Therefore, not all subnets in a network will have interest in
multicast traffic.
It over comes scaling limitations present in earlier multicast routing protocols such as
DVMRP, in which packets were flooded everywhere and then pruned off branches where no
receivers were present.
PIM-SM explicitly constructs a tree from each sender to receivers in a multicast group
making better use of bandwidth.
Scenarios for using PIM-SM include desktop video conferencing and telephone conference
calls.
145

PIM-SM Overview-Multicast Forwarding
PIM-SM dynamically builds a distributed tree topology for forwarding multicast data on a network.
The protocol designates a router as a rendezvous point (RP).
The RP represents the root of the distributed or shared tree. It is generally recommended that the
RP be statically configured on routers participating in a PIM-SM environment.
1. When a designated router (DR) receives multicast traffic from a particular source, traffic flows
through the DR to the RP. The RP then forwards traffic on towards multicast receivers
requesting in that group.
-
The multicast sources DR registers with the RP and sends multicast data from the source directly to the
RP via a unicast routing protocol.
RP then sends data sent by multicast sources DR to requesting multicast receivers.
2. When a last-hop router receives the first packet of traffic for a multicast group requested by a
multicast receiver on that router, the last-hop router forwards traffic to the receiver, and then
uses reverse path forwarding (RFP) to learn the shortest path to the group source.
-
The DR then stops using the RP (a prune message is sent to terminate traffic along that route) and
begins using the shortest path tree (SPT) between the multicast source and multicast receiver.
By using the SPT or shortest path route, unnecessary traffic concentrations and throughput delays are
reduced.
Alternatively, the network can be setup to allow multicast traffic to flow only through the RP, doing so
can increase the traffic load on the RP and cause delays in packet delivery
3. If the RP has no current join requests for the group, source traffic is dropped at the RP.

All
146
73
7/2/2011

PIM-SM Overview-Multicast Forwarding
147

PIM-SM Overview Multicast Forwarding
Displaying Multicast Route Table

- The table each router uses to maintain multicast routing information on packets sent from
multicast sources to IP multicast groups is called the MROUTE table
- As shown below, the mroute table displays the multicast source and group address,
incoming interface, RPF neighbor, outgoing interface, whether interface is in a
pruned/forwarding state, and the uptime for the stream
Example:
show ip mroute
IP Multicast Routing Table
1 of 2: PIMSM (*, 224.4.4.4), 00:00:32/00:02:57, RP 172.10.1.1,flags:SC
Incoming interface: Null, RPF nbr 172.10.1.1
Outgoing interface list:
Vlan-2, Forward/Sparse, 00:00:32/00:02:57
2 of 2: PIMSM (172.13.1.201/32, 224.4.4.4), 00:00:23/00:03:21, flags:T
Incoming interface: Vlan-14, RPF nbr 172.14.1.2
Vlan-2, Forward/Sparse, 00:00:32/00:02:57

All
148
74
7/2/2011

PIM-SM Overview Multicast Forwarding
Displaying Multicast Forwarding Table

- Each router maintains a Show IP multicast mcache table which provides details on
multicast source to group mappings as wells as inbound and outbound multicast interfaces.
- As shown below, the mcache command displays the multicast source and group address
mappings, incoming interface, outgoing interface list, and whether the interface is in a
pruned/forwarding state.
Example:
show ip mcache (N & S-Series command)
P Multicast mcache table
1 of 1: (172.13.1.201/32, 224.4.4.4)
Sources: 172.13.1.201
Incoming interface: Vlan-14
Vlan-2, Forward/Sparse
149

PIM-SM Overview Terms & Router Types
Within a PIM-SM domain, routers can statically or dynamically configured to perform different
roles:
Rendezvous Point (RP)

Designated Router (DR)
Bootstrap Router (BSR)
Static Rendezvous Point (Static-RP)
PIM Domain
Shortest Path Tree (SPT)
Reverse Path Forwarding (RPF)

All
150
75
7/2/2011

PIM-SM Overview Message Types
PIM-SM version 1 messages are used within IGMP packets. PIM-SM version 2 messages are
encapsulated in IP packets with a protocol number of 103. Initially, PIM-SM uses a shared tree for
multicast distribution. A router is administratively elected as the rendezvous point in the network. New
sources are required to register with the rendezvous point. Once this is done, then multicast packets
are forwarded to receivers.
Enterasys PIM-SM enabled devices use the following message types:
Hello (Hold Time)

Hello (Designated router priority)
Register
Register-Stop
Join/Prune (J/P)
Bootstrap
Candidate RP message
Assert
151

PIM-SM Overview Message Flow
1.
The sources DR registers and sends multicast data from the source directly to the RP via a unicast
routing protocol.
2.
The leaf/last-hop router (that is, the receivers router) sends a multicast group (*,G) join message
upstream to the RP, indicating that the receiver wants to receive the multicast data. This builds the
reverse path tree (RPT) between the leaf router and the RP.
3.
The RP sends an (S,G) join message to the source.
4.
The last-hop router joins the shortest path tree (SPT) and sends an (S,G) join message to the source.
This builds the shortest path tree(SPT).
5.
Native multicast packets (that is, nonregistered packets) are sent from the sources DR to the receiver
on its SPT, while registered multicast packets continue to be sent from the sources DR to the RP.
6.
A prune message is sent from the last-hop router to the RP.
7.
As a result of the prune sent in step 6, a prune message (registerstop) is sent from the RP to the
sources DR once traffic is flowing down the SPT, the RPT is then pruned for that given (S,G).

All
152
76
7/2/2011

PIM-SM Overview Message Flow
153

PIM-SM Overview
Operational Considerations
Enterasys support version 2 of the PIM protocol as described in RFC 2362 and
draft-ietf-pim-sm-v2-new-09.
PIM-SM is supported on Enterasys Matrix N & S-Series, Secure Stack C2 and C3,
and G-Series platforms on which routing has been enabled.
On Secure Stack C2 and C3 devices and G-Series devices, PIM-SM is an
advanced routing feature that must be enabled with via a license key.
A minimum of 256 MB of memory is required on DFE modules in order to enable
PIM.
- Use the show system hardware command to display the amount of memory installed on a
module. Module memory can be upgraded to 256 MB using the DFE-256MB-UGK memory
kit.

All
154
77
7/2/2011
Enterprise Routing
Virtual Router Redundancy Protocol (VRRP)
Version 4.03
Enterprise Routing VRRP

Overview
Virtual Router Redundancy Protocol (VRRP) provides a

means for redundant access to remote destinations by
associating multiple routers, physically connected to a
common LAN segment, to one virtual router.
- Designed to eliminate single point of failure for hosts on a shared
LAN
- An election protocol to provide a virtual router function for redundant
access to remote destinations
- A Master is elected to be responsible for forwarding packets for hosts
- Dynamic fail-over should the Master become unavailable
- LAN clients can then always use the virtual router as the gateway
The virtual router is configured with a VRID, or Virtual

Router Identifier. This VRID can range from 1 to 255 and is
unique to each virtual router on a particular LAN segment.
Benefits
- High availability default path
- Does not require dynamic routing or router discovery protocols on
end-hosts
- Facilitate resilience and load sharing at the same time

All
156
78
7/2/2011

Concepts and Definitions
Routers Roles in VRRP

- Virtual Router (VR)
- VR Identifier (VRID)
- VR Priority
- IP Address Owner
VRRP cfg:
VRID=1
IP=IP1
Pri=255
- Virtual Router Master

- Virtual Router Backup
VR Master Election
VRRP cfg:
VRID=1
IP=IP1
Pri=100
- VR Master
IP1
IP2
ADV
Normal Operation
ADV
Master
VMAC1
- VRRP Advertisement
MAC1
MAC3
MAC4
IP3
IP4
Gateway=IP1
MAC(IP1)=VMAC1
- IP Address Owner if one exists
MAC2
Backup
New Master
Gateway=IP1
MAC(IP1)=VMAC1
- Failover when master not available
157

Protocol Summary
Designed for rapid transition to minimize service interruption

- Protocol messaging is performed using IP multicast datagrams
- 3 Protocol States Initialize, Backup & Master
- Only 1 Message Type used - Advertisement
- Normally only 1 sender required
- 2 Timers
- Adver_Timer (by default Advertisement_Interval=1 sec)
- Master_Down_Timer=3*Advertisement_Interval)+Skew_Time
-
where Skew_Time=(256-Priority)/256
- VR MAC Address based on VRID

00
00
IANA
5E
00
01
VRRP
xx
VRID

All
158
79
7/2/2011

Protocol Summary
RouterB(rw)->Router#show ip vrrp
Vlan Vrid State
Owner AssocIpAddr Priority VirtMacAddr
10
1
Backup
0
10.1.1.254
100 0000.5e00.0101
Advertisement
RouterA(su)->show ip vrrp vlan.0.10

Codes: Pri = Operational Priority
V = Version of the protocol
T = Type ( M-Master IP Address, A-Associate IP Address )
A = Admin status of Associate address ( E-enabled, D-disabled
)
O = Owner status of Associate address ( Y-yes, N-no )
Interface Vrid State
Pri V T A O IP Address
----------- ---- ---------- --- - - - - --------------------------------------vlan.0.10 1 master 200 2 M - - 10.1.1.1
A E N 10.1.1.254
159

ARP Process
Host ARP
- When a host sends an ARP request for a VR IP address:
- VR Master must respond with virtual MAC address (00-00-5e-00-01-VRID)
- regardless its the IP address owner or not
- VR Backup must not respond to the ARP request
- For other IP addresses

- VRRP router must respond with its physical MAC address
- regardless of master or backup
Gratuitous ARP
- When a VR becomes the master, it sends gratuitous ARP for the VR IP address with the
virtual MAC address.
- Enables switches to bind the VR MAC address to the correct port in FDB and updating on
ARP caches for all on-link nodes, the VR master sends gratuitous ARP every 10 seconds.

All
160
80
7/2/2011

Summary
Virtual Router Redundancy Protocol (VRRP) provides a means for redundant

access to remote destinations by associating multiple routers, physically connected
to a common LAN segment, to one virtual router.
VRRP is an election protocol that dynamically assigns responsibility for one or
more virtual router(s) to the VRRP router(s) in a network.
- This allows multiple routers to use the same virtual IP address.
The virtual router is configured with a VRID, or Virtual Router Identifier. This VRID
can range from 1 to 255 and is unique to each virtual router on a particular LAN
segment.
Critical IP functionality allows the user to force a VRRP failover if a specified
interface goes down, such as the uplink to the default gateway for instance.
The master-icmp-reply command enables an enhancement to the standard RFC
behavior which allows the VRRP master to reply to ICMP requests when it is not
the IP owner.
Preempt mode and delay allow the user to control whether or not a failover occurs
when the Primary master comes back up and how long to wait before the preempt
161
occurs.

Product Specifics
Switch Family
Max Entries
(Total VRRP
Networks)
Virtual IP
Addresses per
Interface
Virtual
Router IDs
per IF
Critical IPs
per VID
S-Series
2048
16
10
N-Series (Platinum)
1,024
N-Series (Gold)
128
C2/C3/C5
480
20

All
162
81
7/2/2011

Product Specifics
N & S-Series
- Prior to firmware release 7.0, VRRP was configured from the router VRRP configuration command mode. VRRP
configuration has been moved to the interface configuration command mode for release 7.0.
- Support VRRP state transition and authentication failure traps.
- Support MD5 and text authentication of VRRP advertisements.
- Up to 10 Critical IPs.
- If IP owner, the Master will always preempt immediately, regardless of preempt mode settings, to avoid this issue use a
Virtual IP address that does not exist on the routers already.
- Supports master-icmp reply, to enable ICMP replies for non-owner masters.
Configuration Command
Explanation
vrrp create 1 {v2-IPv4 or v3-IPv4}
Creates the VRRP instance of 1, for a router interface
vrrp address
Example:
su-config-intf-vlan.0.10)->vrrp address 1
10.1.1.254
Associates the virtual address of 10.1.1.254 with VRID 1 for the interface on VLAN 10 as non-IP
address owner
vrrp priority
Example:
(su-config-intf-vlan.0.10)->vrrp priority 1 200
Assigns a priority of 200 to VRID 1 for the interface on VLAN 10. Possible values are from 1 to 254,
with the higher values indicating increased priority. The value of 255 is reserved for the VRRP
router that owns the IP address associated with the virtual router. Priority 0 is reserved for signaling
that the master has stopped working.
vrrp critical-ip vrid ip-address [critical-priority]

Example:
(su-config-intf-vlan.0.10)->vrrp critical-ip 1
10.1.3.1 101
Assigns the critical IP address of 10.1.3.1 for VRID 1 on the interface on VLAN 10. Therefore, if the
local interface with this IP Address was unreachable it would reduce the VRIDs priority by the
critical priority setting (default 10), when priority falls below the backup it indicates that the Master
has failed.
vrrp enable
Example:
(su-config-intf-vlan.0.10)-> vrrp enable
Starts VRRP instance with VRID 1 on the interface on VLAN interface 10
163

Product Specifics
ICMP Echo
- Per RFC, only the IP address owner responds to ICMP Echo Requests destined to virtual
routers IP address
- Depending on implementation, non-owner master may respond to ICMP Echo Request by
a configuration option:
- N & S Series: RouterA(su-config-intf-vlan.0.10)->vrrp accept-mode <VRRP ID>
ICMP Redirect
- When a default router finds another router on the same subnet provides a better first hop in
the path to a destination, it sends an ICMP Redirect to notify the host
- Depending on the network topology, there could create issues when VRRP is running as
well
- Per RFC, ICMP Redirects may be used together with VRRP in an asymmetric topology
- If used, the IP source address of an ICMP redirect should be set to the virtual routers IP address
when a VRRP master router is generating the ICMP Redirect message.
- It may be useful to disable Redirects for specific cases where VRRP is used to load share
traffic in a symmetric topology

All
164
82
7/2/2011

VRRP Configuration & Operation (VIP non-owner)
N-Series
RouterA(su-config-intf-vlan.0.10)->
RouterA: vrrp create 1 v2-IPv4
RouterA: vrrp address 1 10.1.1.254
RouterA: vrrp priority 1 200
RouterA: vrrp critical-ip 1 10.1.3.1 101
RouterA: vrrp accept-mode 1
RouterA: vrrp enable 1
router vrrp
RouterB: create vlan 10 1
RouterB: address vlan 10 1 10.1.1.254 0
RouterB: priority vlan 10 1 100
RouterB: enable vlan 10 1
165

VRRP Configuration & Operation (VIP Owner)
N-Series
RouterA(su-config-intf-vlan.0.20)->
RouterA: vrrp create 2 v2-IPv4
RouterA: vrrp address 2 10.1.2.2
RouterA: vrrp enable 2
router vrrp
RouterB: create vlan 20 2
RouterB: address vlan 20 2 10.1.2.2 1
RouterB: enable vlan 20 2
RouterB(su)->router#show ip vrrp
Vlan Vrid State
Owner AssocIpAddr
20 2
Master
1
10.1.2.2
Priority
255

All
166
83
7/2/2011

Critical IP
Critical IP functionality allows an administrator to

force a VRRP failover if a specified interface goes
down
For example, an interface used for internet access
- This is accomplished by monitoring the availability of a
defined path which is not physically connected to the VLAN
being protected by the VRRP process
- When the monitored path goes down, the current master
sends an ADVERTISEMENT indicating the updated
priority, (note, the the VRIDs priority will decrease by the
value of the critical-ips critical-priority). It then relinquishes
its mastership for the VLAN
Master
New Master
ADV(0)
- When the path restores, so does the VR priority and the master
will resume to master state if Preemption enabled
Consideration of IP address ownership

- IP Address Owner being a non-master no longer receives
traffic its supposed to
Thus may be considered down by other routers
Use different Virtual IP Addresses when using this feature

- Supported on N & S Series Routers
167

VRRP Critical-IP Operation
critical-ip priority = 101

----------- ---- ---------- --- - - - - -------------vlan.0.10 1 master
200 2 M - - 10.1.1.1
A E N 10.1.1.254
RouterB(rw)->Router#show ip vrrp
Vlan Vrid State
Owner AssocIpAddr Priority VirtMacAddr
10 1
Master
0
10.1.1.254
100 0000.5e00.0101

----------- ---- ---------- --- - - - - -------------vlan.0.10 1 backup
99 2 M - - 10.1.1.1
A E N 10.1.1.254

All
168
84
7/2/2011

VRRP Configuration (Authentication)
Authentication can help to guarantee that routing information is imported only from
trusted routers.
Authentication can be used to avoid careless mis-configuration
Simple and MD5 authentication schemes can be used, but a single scheme must
be configured for each network.
The authentication command specified at the interface level determines the type of
authentication and key values used for each VRRP instance
Simple Authentication:
RouterA(su-config)->interface vlan.0.10
RouterA(su-config-intf-vlan.0.10)->vrrp authentication simple vrrpkey
MD5 Authentication: (N & S-Series)

RouterA(su-config)->interface vlan.0.20
RouterA(su-config-intf-vlan.0.20)->vrrp authentication md5 vrrpkey2 hmac-96
169
Enterprise Routing
Troubleshooting
Version 4.03

All
85
7/2/2011
Enterprise Routing Troubleshooting

Overview
Network troubleshooting is the process of recognizing and diagnosing

networking problems, (e.g., connectivity or performance) with the goal of
keeping your network running at an optimal level
Enterasys products provide a variety of commands and tools that can be

used as a means for recognizing and diagnosing networking troubles.
Within this module, we will examine the commands and tools most
commonly used to determine if a reported problem, within a routed
environment, is actually a network related issue.
Additionally, we will implement the mechanisms used to isolate a problem

down to a specific category.
171

Commands & Tools
Show Commands
Logging Commands
Ping & Trace Route
Debugging Commands (N & S Series)
Third Party Tools (e.g., Wireshark)
NMS (NetSight)

All
172
86
7/2/2011

Show Commands
Show Commands supply a powerful method for monitoring and

troubleshooting your network.
They can be used to perform a range of functions like:
- Monitoring switch or router performance

- Monitoring network performance
- Isolating routing/switching/interface level problems
- Identifying the status of network end stations
173

Show Commands
The show commands listed in the following slides are some of the most
frequently used commands for troubleshooting network problems:
- show version (Use this command to display hardware and firmware information)
- show system utilization (Use this command to display system resource utilization
information)
- show port status (Use this command to display operating and admin status, speed,
duplex mode and port type for one or more ports on the device)
- show port counters (Use this command to display port counter statistics detailing traffic
through the device)

All
174
87
7/2/2011

Show Commands
- show spantree stats [port port-string] [sid sid] (Use this command to display Spanning
Tree information for one or more ports.)
RouterB(su)->show spantree stats port ge.1.1
Spanning tree status
- disabled
Spanning tree instance
-0
Designated Root MacAddr

Designated Root Port
- 00:11:88:64:FB:42
-0
Designated Root Priority - 32768

Designated Root Cost
-0
Root Max Age
- 20
Root Hello Time
-2
Root Forward Delay
- 15
Bridge ID MAC Address
- 00:11:88:64:FB:42
Bridge ID Priority
- 32768
Bridge Max Age
- 20
Bridge Hello Time
-2
Bridge Forward Delay
- 15
Topology Change Count
-0
ime Since Top Change

Max Hops
SID Port
- 0 days 2:47:42
- 20
State
Role
Cost
--- ---------- ---------------- ----------- -------0
ge.1.1
Disabled
Disabled
Priority
--------
128
175

Show Commands
- show vlan [vlan-list] (Use this command to display all information related to one
or more VLANs. Only ports that are in a forwarding state will be displayed by this
command)
This example shows how to display information for a VLAN
Matrix(rw)->show vlan 1
VLAN: 1 NAME: DEFAULT VLAN Status: Enabled
VLAN Type: Permanent FID: 1
Creation Time: 4 days 9 hours 4 minutes 50 seconds ago
Egress Ports
host.0.1, fe.1.1-10, ge.2.1-4, fe.3.1-7, lag.0.1-32
Forbidden Egress Ports
None.
Untagged Ports
host.0.1, fe.1.1-10, ge.2.1-4, fe.3.1-7, lag.0.1-32
- show vlan static [vlan-list] (Use this command to display all information related
to one or more VLANs, regardless of port state. Note, both forwarding and nonforwarding ports will be displayed by this command)

All
176
88
7/2/2011

Show Commands
- show running-config (Use this command to display the nondefault,

usersupplied commands entered while configuring the device)
This example shows how to display the current router operating configuration:
Router#show running-config
!
router id 192.168.100.1
!
interface loopback 1
ip address 192.168.100.1 255.255.255.255
no shutdown
!
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shutdown
!
router ospf 1
network 192.168.10.0 0.0.0.255 area 0.0.0.0
network 192.168.100.1 0.0.0.0 area 0.0.0.0
177

Show Commands
- show ip interface [vlan vlan-id] [loopback loopback-id] (Use this command to

display information, including administrative status, IP address, MTU (Maximum
Transmission Unit) size and bandwidth, and ACL configurations, for interfaces
configured for IP)
This example shows how to display configuration information for VLAN 10:
Router#show ip interface vlan 10
Vlan 10 is Admin UP
Vlan 10 is Oper UP
IP Address 10.1.1.1 Mask 255.255.255.0
Frame Type ARPA
MAC-Address 0011.8842.e19b
Incoming Access List is not Set
Outgoing Access List is not Set
IP Helper Address is not Set
MTU is 1500 bytes
ARP Timeout is 14400 seconds
Proxy Arp is Enabled
Gratuitous arp learning is not set
ICMP Re-Directs are enabled
ICMP Unreachables are always sent
ICMP Mask Replies are always sent
Policy routing disabled

All
178
89
7/2/2011

Show Commands
- show ip arp [ip-address] (Use this command to display entries in the Address
Resolution Protocol, ARP table. ARP converts an IP address into a physical
address.)
This example shows how to use the show ip arp command:
Router#show ip arp
Protocol
Address
Age (min)
Hardware Addr
Type
Interface
---------------------------------------------------------------------------------------------Internet
192.168.200.251
0003.4712.7a99
ARPA
Vlan1
Internet
192.168.200.141
0002.1664.a5b3
ARPA
Vlan1
Internet
134.141.235.167
00d0.cf00.4b74
ARPA
Vlan2
179

Show Commands
- show ip route (Use this command to display information about IP routes)

RIP
Enabled
192.168.10.0/24
VLAN 10
R1
192.168.5.0
.1
VLAN 5
.2
R2
192.168.4.0
10.10.1.0
R1(su)->router> show ip route
C
C
S
R

10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5
192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5

All
180
90
7/2/2011

Show Commands
- show ip protocol (Use this command to display information about IP protocols running on
the device)
This example shows how to display IP protocol information. In this case, the routing protocol is
OSPF:
RouterC(rw)->Router#show ip protocols
Routing Protocol is "ospf 10
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: ospf 10
Routing for Networks:
3.3.3.3/32
10.1.3.0/24
10.1.2.0/24
Routing Information Sources:
Gateway
Distance
2.2.2.2
10
0:05:34
Last Update
1.1.1.1
10
0:05:34
Distance: (default is 110)
181

Show Commands
- show ip traffic (Use this command to display IP traffic statistics)
Router#show ip traffic
IP Statistics:
Rcvd: 0 total, 0 local destination 0 header errors
0 unknown protocol, 0 security failures
Frags: 0 reassembled, 0 timeouts 0 couldn't reassemble
0 fragmented, 0 couldn't fragment
Bcast: 0 received, 0 sent
Mcast: 0 received, 2 sent
Sent: 2 generated, 0 forwarded
0 no route
ICMP Statistics:
Rcvd: 0 total, 0 checksum errors, 0 length errors
0 redirects, 0 unreachable, 0 echo
0 echo reply, 0 mask requests, 0 quench
0 parameter, 0 timestamp, 0 time exceeded,
Sent: 0 total, 0 redirects, 0 unreachable, 0 echo, 0 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
UDP Statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total, 0 forwarded broadcasts
TCP Statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total
OSPF Statistics:
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
Sent: 0 total
ARP Statistics:
Rcvd: 0 requests, 0 replies, 0 others
Sent: 0 requests, 0 replies

All
182
91
7/2/2011

Show Commands
- show support (Use this command to display switch information for

troubleshooting)
- show version
- show logging buffer
- show port status
- show system utilization process
- show system utilization storage
- show config
183

Logging Commands
This section outlines the steps required to configure system logging on an

Enterasys Switch/Router
System logging can be configured so that log messages are directed to a
syslog server, displayed directly in the console window, or sent to a log file
stored on the switch.
When configuring an Enterasys Switch/Router for logging the following the
steps should be taken:
- Enable logging:
- locally (display log messages in console window, save messages to file, or both),
- syslog server
- Limit the types of messages that are logged to by setting the appropriate logging severity
level (For syslog server only)
Note:
Logging messages can also be viewed by issuing the show logging buffer command. By default, all log
messages are directed to the log buffer. The log buffer is cleared on system reboot.

All
184
92
7/2/2011

Logging Commands
- show logging all (Use this command to display all configuration information for
system logging.)
RouterC(su)->show logging all
Application
Current Severity Level Server List
-------------------------------------------------------------------------------------------------------------------------------89
CLI
1-8
90
SNMP
1-8
91
Webview
1-8
93
System
1-8
95
RtrFe
1-8
96
Trace
1-8
112
UPN
1-8
117
AAA
1-8
118
Router
1-8
140
AddrNtfy
1-8
141
OSPF
1-8
142
VRRP
1-8
147
LACP
1-8
1(emergencies)
2(alerts)
4(errors)
6(notifications)
5(warnings)
7(information)
IP Address
3(critical)
8(debugging)
Facility
Severity
Description
Port
Status
----------------------------------------------------------------------------------1 10.1.12.12
Defaults:
ocal4 debugging(8)
default
local4 debugging(8)
514 enabled
514
Syslog Console Logging enabled

Syslog File Logging disabled
185

Logging Commands
- show logging buffer(Use this command to display the last 256 messages
logged within logging buffer)
This example shows a portion of the information displayed with the show logging buffer command
RouterC(su)show logging buffer
<164>Aug 19 14:15:37 172.10.1.101 Trace[1]OSPF: rcv. v:2 t:1 l:48 rid:1.1.1.1 ai
d:0.0.0.0 chk:dc8d aut:0 auk: from vlan 20
d:0.0.0.0 chk:d88b aut:0 auk: from vlan 30
<164>Aug 19 14:15:44 172.10.1.101 Trace[1]OSPF: tx. v:2 t:1 l:48 aid:0.0.0.0 chk
:d88b aut:0 auk: src:10.1.3.2 dst:224.0.0.5 to vlan 30
<164>Aug 19 14:15:44 172.10.1.101 Trace[1]OSPF: tx. v:2 t:1 l:48 aid:0.0.0.0 chk
:dc8d aut:0 auk: src:10.1.2.2 dst:224.0.0.5 to vlan 20
d:0.0.0.0 chk:dc8d aut:0 auk: from vlan 20

All
186
93
7/2/2011

Logging Commands
- show logging local (Use this command to view the current status for local logging
configuration)
RouterC(su)->show logging local
Syslog Console Logging enabled
Syslog File Logging disabled
- set logging local console {enable | disable} file {enable | disable} (Use this command
to configure log messages to the console and a persistent file)
- clear logging local (Use this command to clear the console and persistent store logging
for the local session)
- set logging here {enable | disable} (Use this command to enable or disable the current
CLI session as a Syslog destination)
- clear logging here (Use this command to clear the logging state for the current CLI
session)
187

Logging Commands
- set logging server {index, ip-addr} (Use this command to configure a Syslog server)
- show logging server (Use this command to display the Syslog configuration for a
particular server)
RouterC(su)->show logging
IP Address
Facility Severity
Description
Port Status
------------------------------------------------------------------------1 10.1.12.12
local4 debugging(8)
default
514 enabled

All
188
94
7/2/2011

Logging Commands
Once syslog has been configured, log messages can be directed to and save at an external location
189

Ping & Trace Route
Two handy tools for troubleshooting network related problems are ping and trace
route.
Both ping and trace route are based on the Internet Control Message protocol
(ICMP), which is used within IP to communicate network conditions that may require
attention.
The ping command can be used to verify end station reachability and network
connectivity.
- Ping (Use this command to test routing network connectivity by sending IP ping requests)
This example shows output from a successful ping to IP address 182.127.63.23:
Router#ping 182.127.63.23
Reply from 182.127.63.23
Reply from 182.127.63.23
Reply from 182.127.63.23
This example shows output from an unsuccessful ping to IP address 182.127.63.24:
Matrix>Router#ping 182.127.63.24
Timed Out
Timed Out
Timed Out

All
190
95
7/2/2011

Ping & Trace Route
The trace route command is a helpful tool that can be used to debug IP route
forwarding issues, by discovering the path that a routers packets will follow when
traveling to a destination
As with ping, it is generally a good idea to use the traceroute command when the
network is functioning correctly so you have a baseline to compare against when
troubleshooting.
- traceroute (Use this command to display a hopbyhop path through an IP network from the device to a
specific destination host)
Router#traceroute 192.167.225.46
Traceroute to 192.167.225.46, 30 hops max, 40 byte packets
1 10.00 ms 20.00 ms 20.00 ms 192.167.201.2 []
2 20.00 ms 20.00 ms 20.00 ms 192.4.9.10 [enatel-rtr10.enatel.com]
3 240.00 ms * 480.00 ms 192.167.208.43 [enatel-rtr43.enatel.com]
4 <1 ms * 20.00 ms 192.167.225.46 [enatel-rtr46.enatel.com]
TraceRoute Complete
191

Debugging (N & S Series)
Router debugging is a powerful tool that can be used to isolate network problems
It provides a mechanism collect data on network traffic which is present (or not
present) on the network.
- debug ip (Use this command to enable the debug IP packet utility for monitoring of IP traffic)
RouterA(su-config)->debug ip ?
ospf
Open Shortest Path First
packet
IP based packet monitor
vrrp
debug vrrp

All
192
96
7/2/2011

This example shows how to setup a debug session for IP OSPF adjacency events
Router(config)#debug ip ospf ?
adj
OSPF adjacency events
flood
OSPF flooding
lsa-generation OSPF lsa generation

packet
restart
OSPF packets
OSPF graceful restart
retransmission OSPF retransmission events

spf
OSPF spf
Before entering the debug ip ospf adj command, enter a set logging here enable command to direct
SYSLOG messages to the CLI session window:
RouterC(su)->set logging here
Router(config)#debug ip ospf adj
ip ospf adjacency events are directed to the CLI console window:
<165>Aug 19 14:47:32 172.10.1.101 Router[1]router interface vlan 20, ip 10.1.2.0 is down

<164>Aug 19 14:47:32 172.10.1.101 Trace[1]OSPF: Neighbor change Event on interface vlan 20 DOWN
<165>Aug 19 14:47:35 172.10.1.101 Router[1]router interface vlan 20, ip 10.1.2.0 is up
193

- show debugging (Use this command to display the debug IP Packet utility settings)
Router(config)#show debugging
OSPF adj debugging is on
OSPF restart debugging is on
- debug ip packet restart (Use this command to restart the debug IP packet utility)
Router(config)# debug ip packet restart
- no debug ip ospf adj (Use this command to disable the debug IP packet utility for OSPF
adjacency events)

All
194
97
7/2/2011

Third Party Tools
In many instances, a 3rd party diagnostic tool can be just as useful in diagnosing a
network failures as the routers built in commands and tools.
Network analyzers like Wireshark, can be used to decode many types of protocols
across numerous layers of the OSI model.
In addition to their packet capture capabilities, network analyzers can:

- Filter traffic to a specific protocol type
- Time stamp captured data
- Present network traffic in easily readable graphs and charts.
195

Third Party Tools

All
196
98
7/2/2011

Enterasys NetSight NMS
NetSight Console provides a collection of tools that let you monitor device status,
define network configuration, and automate troubleshooting tasks.
It is designed to facilitate specific network management tasks (such as
troubleshooting) while sharing data and providing common controls and a
consistent user interface.
Console Tools:
- MIB Tools
- Topology Manager
- Compass
- FlexViews
- VLAN Editor
- TFTP
- Device Manager
- Alarms/Events
197

NetSight NMS

All
198
99
7/2/2011

NetSight NMS
MIB-II Information
Device-level configurations:
Port Level RMON
Real Time view of traffic or Errors
199
Visit us at: www.enterasys.com


All
100

Routing Enterasys

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Routing Enterasys

Transféré par

Droits d'auteur :

Formats disponibles

7/2/2011

There is nothing more important than our customers

Enterprise Routing Course Overview

This course is designed to educate participants about Enterasys

The course includes technology summaries, product introduction

2011 Enterasys Networks, Inc.

Enterprise Routing Course Overview

Module #3: OSPF

Module #5: TWCB

Module #8: VRRP

Module #9: Troubleshooting

Enterprise Routing Course Overview

Student prerequisite knowledge/skills

Topics not covered in this course

Understanding of TCP/IP protocol

Understanding of various types of routing and

2011 Enterasys Networks, Inc.

Enterprise Routing Course Overview

Enterasys Routing Products Overview

Basic Router Overview

Enterprise Routing Course Overview

2011 Enterasys Networks, Inc.

Getting Started & Introductions

Sign the Attendance Form

There is nothing more important than our customers

2011 Enterasys Networks, Inc.

Enterprise Routing Routing Products Overview

Enterprise Routing Routing Products Overview

Routers / Layer 3 Switching:

- Flood all MAC-layer broadcasts out all attached ports in

2011 Enterasys Networks, Inc.

Enterprise Routing Routing Products Overview When

When communication is needed between VLANs

When MAC-layer multicast/broadcast traffic is adversely effecting

When packet switching based upon upper-layer protocols such as IP

Where multiple active paths between systems is required

Enterprise Routing Routing Products Overview Router

Isolation of MAC-layer broadcast traffic. Routers allow VLANs to

Flexibility. Routers can support any desired network topology

2011 Enterasys Networks, Inc.

Enterprise Routing Routing Products Overview Router

Protocol Dependence. Routers operate at the OSI Network layer and

Configuration complexity, routers require more extensive setup and

Enterprise Routing Routing Products Overview

The following Enterasys switch products support both Layer 2 (the

2011 Enterasys Networks, Inc.

Enterprise Routing Routing Products Overview

B3/B5 supports only basic IP routing functionality (i.e., directly

OSPF, PIM, DVMRP, VRRP and Extended ACLs.

- Multi-user policy per port

- Hot swapping of IOMs

2011 Enterasys Networks, Inc.

Enterprise Routing Routing Products Overview

The N-Series is a modular design chassis.

Support advanced Layer 3 IP routing

Designed for wiring closets, server farm

OSPF support on the N-Series

Enterprise Routing Routing Products Overview

The show limits command can be used to determine Layer 3

N7 Platinum(su)->show router limits

======== | ===== ===== ===== | ===== ======= =======

Routing Table | 12277

2011 Enterasys Networks, Inc.

Enterprise Routing Routing Products Overview

Requires extended memory of 256 MB ** 7.21 code release