Escenario multi ISP para
migrar enlaces a PPP
Fecha: 8 de septiembre del 2012, Clase: CCNA 4
En este escenario existen dos sucursales: Rosario y
Córdoba, unidos por 4 ISP, los cuales existen dentro de la "nube", a
la cual
no se puede acceder, por lo tanto, deberemos aplicar
habilidades adquiridas en CCNA2.
Escenario disponible en: ftp://ftp.vilarrasa.com.ar/ (user y pass: ccna)
Para poder migrar los enlaces, debemos ingresar
primero en una sucursal (en este ejemplo Rosario), luego "pararnos"
en uno
de los ISP de la nube y de allí, en la sucursal
remota (en este ejemplo Córdoba).
Una vez allí debemos comenzar a migrar desde HDLC
(encapsulación por defecto) a PPP, siguiendo el sentido inverso hacia
Rosario, porque de lo contrario si migraramos
primero nuestro extremo perdemos contacto con el extremo opuesto, y por lo
tanto no podremos cambiar de protocolo.
Si comenzamos en Rosario y tener que entrar en
Córdoba vía la solapa CLI, significaría "un viajecito" en avión hasta
allá y
tomar control del router (bien hecho y mas barato en
remoto).
Si efectuaramos el procedimiento incorrecto, nos
encontraríamos con esta situación:
Rosario#sh ip ospf nei(buscamos vecinos)
Neighbor ID Pri
State Dead Time Address Interface
172.16.5.2 0
FULL/ - 00:00:30 172.16.1.2
Serial0/1
172.16.6.2 0
FULL/ - 00:00:32 172.16.2.2
Serial0/2
172.16.7.2 0
FULL/ - 00:00:39
172.16.3.2 Serial0/3
172.16.4.2 0
FULL/ - 00:00:32 172.16.0.2
Serial0/0 (elegimos un vecino)
Rosario#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Rosario(config)#int
s0/0
Rosario(config-if)#encapsulation
ppp (el enlace se caerá)
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/0, changed state to down
00:00:37: %OSPF-5-ADJCHG:
Process 1, Nbr 172.16.4.2 on Serial0/0 from FULL to DOWN,
Neighbor Down: Interface
down or detached
Rosario(config-if)#exit
Rosario(config)#exit
%SYS-5-CONFIG_I:
Configured from console by console
Rosario#telnet
172.16.0.2 (intentamos cambiar a PPP el extremo)
Trying 172.16.0.2 ...
% Connection timed out;
remote host not responding
Rosario#sh ip ospf nei (no existe vecino en la Serial0/0)
Neighbor ID Pri
State Dead Time Address Interface
172.16.5.2 0
FULL/ - 00:00:32 172.16.1.2
Serial0/1
172.16.6.2 0
FULL/ - 00:00:35 172.16.2.2
Serial0/2
172.16.7.2 0
FULL/ - 00:00:31 172.16.3.2
Serial0/3
Rosario#sh int s0/0 (verificamos capa 2 en la interfaz)
Serial0/0 is up, line
protocol is down (disabled)
Hardware is HD64570
Internet address is 172.16.0.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10
sec)
LCP Closed
Closed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2,
BACP (protocolos L3 soportados por NCP)
Last input never, output never, output hang never
---resumido---
Detalle de la migración ( un solo ISP )
Verificación inicial
Rosario#sh ip osp nei (buscamos vecinos)
Neighbor ID Pri
State Dead Time Address Interface
172.16.7.2 0
FULL/ - 00:00:30 172.16.3.2
Serial0/3 (elegimos uno, no confundir ID
172.16.5.2 0
FULL/ - 00:00:30 172.16.1.2
Serial0/1 con IP del router (Address))
172.16.4.2 0
FULL/ - 00:00:38 172.16.0.2
Serial0/0
172.16.6.2 0
FULL/ - 00:00:31 172.16.2.2
Serial0/2
Rosario#172.16.3.2 (nos conectamos)
Trying 172.16.3.2 ...Open
User Access Verification
Password: (cisco)
Telmex>sh ip ospf
nei (buscamos vecinos)
Neighbor ID Pri
State Dead Time Address Interface
172.16.3.1 0
FULL/ - 00:00:36 172.16.3.1
Serial0/0
172.16.7.1 0
FULL/ - 00:00:36 172.16.7.1 Serial0/1
(elegimos uno)
Telmex>172.16.7.1 (nos conectamos)
Trying 172.16.7.1 ...Open
User Access Verification
Password: (cisco)
Cordoba>enable
Password: (class)
Cordoba#sh ip ospf nei (verificamos vecinos)
Neighbor ID Pri
State Dead Time Address Interface
172.16.7.2 0
FULL/ - 00:00:30 172.16.7.2
Serial0/3 (Telmex)
172.16.6.2 0
FULL/ - 00:00:32 172.16.6.2
Serial0/2
172.16.4.2 0
FULL/ - 00:00:32 172.16.4.2 Serial0/0
172.16.5.2 0
FULL/ - 00:00:30 172.16.5.2
Serial0/1
Cambios de configuración
Cordoba#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Cordoba(config)#int
s0/3
Cordoba(config-if)#encap
ppp (cambiamos protocolo, la conexión se perderá)
% Connection refused by
remote host
Telmex>
Telmex#sh int s0/1 (interfaz involucrada)
Serial0/1 is up, line
protocol is down (disabled)
Hardware is HD64570
Internet address is 172.16.7.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10
sec)
Last input never, output never, output hang never
---resumido---
Telmex#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Telmex(config)#int s0/1
Telmex(config-if)#encap
ppp (cambiamos protocolo, la conexión se reestablece)
Telmex(config-if)#^Z
Telmex#sh int s0/1 (verificamos)
Serial0/1 is up, line
protocol is up (connected)
Hardware is HD64570
Internet address is 172.16.7.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10
sec)
LCP Open (subcapa inferior)
Open: IPCP, CDPCP (protocolos de capa 3
que utilizan el protocolo de capa 2)
Last input never, output never, output hang never
---resumido---
Telmex#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Telmex(config)#int
s0/0 (interfaz
involucrada a Rosario)
Telmex(config-if)#encap
ppp (cambiamos protocolo, la conexión se perderá)
% Connection refused by
remote host
Rosario#
Rosario#sh int s0/3 (interfaz involucrada)
Serial0/3 is up, line
protocol is down (disabled)
Hardware is HD64570
Internet address is 172.16.3.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10
sec)
Last input never, output never, output hang never
---resumido---
Rosario#
Rosario#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Rosario(config)#int
s0/3
Rosario(config-if)#encap
ppp (cambiamos protocolo, la conexión se reestablece)
Rosario(config-if)#^Z
Rosario#
%SYS-5-CONFIG_I:
Configured from console by console
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/3, changed state to up
00:10:30: %OSPF-5-ADJCHG:
Process 1, Nbr 172.16.7.2 on Serial0/3 from LOADING to FULL, Loading Done
Rosario#sh int s0/3 (verificamos)
Serial0/3 is up, line
protocol is up (connected)
Hardware is HD64570
Internet address is 172.16.3.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10
sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
---resumido---
Rosario#
Rosario#sh ip route (verificamos)
---resumido---
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.1.0 is directly connected,
FastEthernet0/0
O 10.0.2.0 [110/129] via 172.16.2.2,
00:01:00, Serial0/2
[110/129] via 172.16.0.2, 00:01:00, Serial0/0
[110/129] via 172.16.1.2, 00:01:00, Serial0/1
[110/129] via 172.16.3.2, 00:01:00, Serial0/3
172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks
C 172.16.0.0/24 is directly connected,
Serial0/0
C 172.16.1.0/24 is directly connected,
Serial0/1
C 172.16.2.0/24 is directly connected,
Serial0/2
C 172.16.3.0/24 is directly connected, Serial0/3
C 172.16.3.2/32 is directly connected,
Serial0/3
O 172.16.4.0/24 [110/128] via 172.16.0.2,
00:11:11, Serial0/0
O 172.16.5.0/24 [110/128] via 172.16.1.2,
00:11:11, Serial0/1
O 172.16.6.0/24 [110/128] via 172.16.2.2,
00:11:11, Serial0/2
O 172.16.7.0/24 [110/128] via 172.16.3.2,
00:01:00, Serial0/3 (segmento migrado)
Rosario#
Rosario#trace
172.16.7.1 (verificamos tráfico, la IP es la Serial0/3
de Córdoba)
Type escape sequence to
abort.
Tracing the route to
172.16.7.1
1 172.16.3.2 31 msec 31 msec 32 msec (Rosario-Telmex)
2 172.16.7.1 50 msec 63 msec 63 msec (Telmex-Córdoba)
Rosario#
Migramos PPP con autenticación CHAP
Rosario#172.16.3.2
Trying 172.16.3.2 ...Open
User Access Verification
Password: (cisco)
Telmex>ena
Password: (class)
Telmex#172.16.7.1
Trying 172.16.7.1 ...Open
User Access Verification
Password: (cisco)
Cordoba>ena
Password: (class)
Cordoba#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Cordoba(config)#username
Telmex pass P4$$word (atención case-sensitive)
Cordoba(config)#int
s0/3
Cordoba(config-if)#ppp
authentication chap (la conexión se cortará)
% Connection timed out;
remote host not responding
Telmex#
Telmex#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Telmex(config)#username
Cordoba password P4$$word (atención
case-sensitive)
Telmex(config)#username
Rosario password P4$$word (atención case-sensitive)
Telmex(config)#int s0/1
Telmex(config-if)#ppp
auth chap (el otro extremo ya es CHAP)
Telmex(config-if)#exit
Telmex(config)#int s0/0
Telmex(config-if)#ppp
auth chap (la conexión se cortará)
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/3, changed state to down
00:17:01: %OSPF-5-ADJCHG:
Process 1, Nbr 172.16.7.2 on Serial0/3 from FULL to DOWN,
Neighbor Down: Interface
down or detached
% Connection timed out;
remote host not responding
Rosario#
Rosario#conf t
Enter configuration commands,
one per line. End with CNTL/Z.
Rosario(config)#username
Telmex pass P4$$word (atención case-sensitive)
Rosario(config)#int
s0/3
Rosario(config-if)#ppp
auth chap (el otro extremo ya es CHAP)
%LINEPROTO-5-UPDOWN: Line protocol
on Interface Serial0/3, changed state to up
00:17:58: %OSPF-5-ADJCHG:
Process 1, Nbr 172.16.7.2 on Serial0/3 from LOADING to FULL, Loading Done
Rosario(config-if)#^Z
Rosario#sh ip route (verificamos)
---resumido---
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.1.0 is directly connected,
FastEthernet0/0
O 10.0.2.0
[110/129] via 172.16.2.2, 00:01:01, Serial0/2 (Córdoba vía 3 enlaces de 4)
[110/129] via 172.16.0.2, 00:01:01, Serial0/0
[110/129] via 172.16.1.2, 00:01:01, Serial0/1
172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks
C 172.16.0.0/24 is directly connected,
Serial0/0
C 172.16.1.0/24 is directly connected,
Serial0/1
C 172.16.2.0/24 is directly connected,
Serial0/2
C 172.16.3.0/24 is directly connected,
Serial0/3
C 172.16.3.2/32 is directly connected,
Serial0/3
O 172.16.4.0/24 [110/128] via 172.16.0.2,
00:17:37, Serial0/0
O 172.16.5.0/24 [110/128] via 172.16.1.2,
00:17:37, Serial0/1
O 172.16.6.0/24 [110/128] via 172.16.2.2,
00:17:37, Serial0/2
O 172.16.7.0/24 [110/192] via 172.16.2.2,
00:01:01, Serial0/2 (todavía no hay convergencia, esta
red
[110/192] via 172.16.0.2, 00:01:01,
Serial0/0 se alcanza
vía los otros 3 ISP, ver el
[110/192] via 172.16.1.2, 00:01:01,
Serial0/1 costo
cuando el enlace esté UP UP)
Rosario#sh ip route (nuevamente)
---resumido---
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.1.0 is directly connected,
FastEthernet0/0
O 10.0.2.0
[110/129] via 172.16.2.2, 00:00:12, Serial0/2 (Córdoba vía 4 enlaces de 4)
[110/129] via 172.16.0.2, 00:00:12, Serial0/0
[110/129] via 172.16.1.2, 00:00:12, Serial0/1
[110/129]
via 172.16.3.2, 00:00:12, Serial0/3
172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks
C 172.16.0.0/24 is directly connected,
Serial0/0
C 172.16.1.0/24 is directly connected,
Serial0/1
C 172.16.2.0/24 is directly connected,
Serial0/2
C 172.16.3.0/24 is directly connected,
Serial0/3
C 172.16.3.2/32 is directly connected,
Serial0/3
O 172.16.4.0/24 [110/128] via 172.16.0.2,
00:17:50, Serial0/0
O 172.16.5.0/24 [110/128] via 172.16.1.2,
00:17:50, Serial0/1
O 172.16.6.0/24 [110/128] via 172.16.2.2,
00:17:50, Serial0/2
O 172.16.7.0/24 [110/128] via 172.16.3.2,
00:00:12, Serial0/3 (ver ahora el costo OSPF menor)
Rosario#trace
172.16.7.1 (verificamos)
Type escape sequence to
abort.
Tracing the route to
172.16.7.1
1 172.16.3.2 31 msec 31 msec 31 msec (Telmex)
2 172.16.7.1 62 msec 47 msec 62 msec (Córdoba)
Rosario#
El escenario un día sin nubes:
Escenario alternativo:user y pass mal configurados
Rosario#debug ppp auth (monitoreo de la autenticación)
Rosario#debug ppp nego (monitoreo de negociación LCP)
Rosario#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Rosario(config)#username
Telmex pass Pa$$word (en router Telmex es P4$$word)
Rosario(config)#int
s0/3
Rosario(config-if)#shut
(bajamos el enlace)
%LINK-5-CHANGED: Interface
Serial0/3, changed state to administratively down
Serial0/3 PPP: Phase is
TERMINATING
Serial0/3 LCP: State is
Closed
Serial0/3 PPP: Phase is
DOWN
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/3, changed state to down
00:22:38: %OSPF-5-ADJCHG:
Process 1, Nbr 172.16.7.2 on Serial0/3 from FULL to DOWN,
Neighbor Down: Interface
down or detached
Rosario(config-if)#no
shut (levantamos enlace)
%LINK-5-CHANGED: Interface
Serial0/3, changed state to up
Serial0/3 PPP: Using
default call direction
Serial0/3 PPP: Treating
connection as a dedicated line
Serial0/3 PPP: Phase is ESTABLISHING,
Active Open
Serial0/3 LCP: State is
Open
Serial0/3 PPP: Phase is AUTHENTICATING
Serial0/3 IPCP: O CONFREQ
[Closed] id 1 len 10
Serial0/3 IPCP: I CONFACK
[Closed] id 1 len 10
Serial0/3 IPCP: O CONFREQ
[Closed] id 1 len 10
Serial0/3 IPCP: I CONFNACK
[REQsent] id 1 len 10
Serial0/3 IPCP: I CONFREQ
[Closed] id 1 len 10 (nuevo intento)
Serial0/3 IPCP: O CONFACK
[Closed] id 1 len 10
Serial0/3 IPCP: I CONFREQ
[REQsent] id 1 len 10
Serial0/3 IPCP: O CONFNACK
[REQsent] id 1 len 10
Rosario(config-if)#shut
(bajamos el enlace)
%LINK-5-CHANGED: Interface
Serial0/3, changed state to administratively down
Serial0/3 PPP: Phase is TERMINATING
Serial0/3 LCP: State is Closed
Serial0/3 PPP: Phase is DOWN
Rosario(config-if)#exit
Rosario(config)#username
Telmex pass P4$$word (corregimos password)
Rosario(config)#int
s0/3
Rosario(config-if)#no
shut (levantamos nuevamente)
%LINK-5-CHANGED: Interface
Serial0/3, changed state to up
Serial0/3 PPP: Using
default call direction
Serial0/3 PPP: Treating
connection as a dedicated line
Serial0/3 PPP: Phase is ESTABLISHING,
Active Open
Serial0/3 LCP: State is
Open
Serial0/3 PPP: Phase is AUTHENTICATING
Serial0/3 IPCP: O CONFREQ
[Closed] id 1 len 10
Serial0/3 IPCP: I CONFACK
[Closed] id 1 len 10
Serial0/3 IPCP: O CONFREQ
[Closed] id 1 len 10
Serial0/3 IPCP: I CONFACK
[REQsent] id 1 len 10
Serial0/3 PPP: Phase is FORWARDING,
Attempting Forward
Serial0/3 Phase is ESTABLISHING,
Finish LCP
Serial0/3 Phase is UP
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/3, changed state to up
00:22:03: %OSPF-5-ADJCHG:
Process 1, Nbr 172.16.7.2 on Serial0/3 from LOADING to FULL, Loading
Done
(2012) Networking is a
scarecrow for pretty girls
Rosario, Argentina