Migrar
enlaces de PPP a Frame Relay
Fecha: 22/9/2012 Clase:
CCNA4
Escenario (en Packet Tracer,
disponible en ftp://ftp.vilarrasa.com.ar/
, user y pass: ccna)
Consignas del escenario:
1. Conectar enlaces serial 0/0
a la nube según layout
2. Reconfigurar encapsulacion
3. Reconfigurar IP en Rosario
4. Configurar DLCI por cada
circuito virtual en Rosario
5. Aplicar ACL en las WAN para
permitir solo redes 192.168.x.x
Punto 1.
1. Conectar enlaces serial 0/0 a la nube según
layout (observar
el extremo DCE del cable del lado del
SW frame-relay, el router actúa siempre como DTE).
2. Reconfigurar encapsulación
2.1 Para BsAs (ver tipo de LMI en el SW frame-relay, el puerto Serial1)
BsAs#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
BsAs(config)#int s0/0
BsAs(config-if)#encapsulation
frame-relay
BsAs(config-if)#frame-relay
lmi-type ansi (acorde a configuración del SW
frame-relay)
BsAs(config-if)#^Z
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/0, changed state to up
%SYS-5-CONFIG_I:
Configured from console by console
%DUAL-5-NBRCHANGE:
IP-EIGRP 10: Neighbor 220.0.0.1 (Serial0/0) is up: new adjacency
BsAs#sh frame-relay map
(verificación capa 2)
Serial0/0 (up): ip
220.0.0.1 dlci 200, dynamic, broadcast, CISCO, status defined, active
BsAs#sh ip eigrp nei (verificación capa 3)
IP-EIGRP neighbors for
process 10
H Address Interface Hold
Uptime SRTT RTO Q Seq
(sec) (ms)
Cnt Num
0 220.0.0.1 Se0/0
11 00:00:29 30
1000 0 30
BsAs#
2.2 Para Jujuy
Jujuy#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Jujuy(config)#int s0/0
Jujuy(config-if)#encap
frame-relay
Jujuy(config-if)#^Z (el LMI es tipo cisco por defecto)
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/0, changed state to up
%DUAL-5-NBRCHANGE:
IP-EIGRP 10: Neighbor 220.0.0.5 (Serial0/0) is up: new adjacency
Jujuy#sh frame-relay
map (verificación capa 2)
Serial0/0 (up): ip
220.0.0.5 dlci 300, dynamic, broadcast, CISCO, status defined, active
Jujuy#sh ip eigrp nei (verificación capa 3)
IP-EIGRP neighbors for
process 10
H Address Interface Hold
Uptime SRTT RTO Q Seq
(sec) (ms)
Cnt Num
0 220.0.0.5 Se0/0
14 00:00:09 40
1000 0 33
Jujuy#
2.3 Para Mendoza
Mendoza#
Mendoza#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Mendoza(config)#int
s0/0
Mendoza(config-if)#encapsulation
frame-relay
Mendoza(config-if)#end (el LMI es tipo cisco por defecto)
%LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial0/0, changed state to up
%SYS-5-CONFIG_I:
Configured from console by console
%DUAL-5-NBRCHANGE:
IP-EIGRP 10: Neighbor 220.0.0.9 (Serial0/0) is up: new adjacency
Mendoza#sh frame-relay
map (verificación capa 2)
Serial0/0 (up): ip 220.0.0.9
dlci 300, dynamic, broadcast, CISCO, status defined, active
Mendoza#sh ip eigrp nei
(verificación capa 3)
IP-EIGRP neighbors for
process 10
H Address Interface Hold
Uptime SRTT RTO Q Seq
(sec) (ms)
Cnt Num
0 220.0.0.9 Se0/0
14 00:00:19 40
1000 0 38
Mendoza#
Punto 3. y 4. Rosario:
Rosario#conf t
Enter configuration
commands, one per line. End with
CNTL/Z.
Rosario(config)#interface
Serial0/1
Rosario(config-if)#no
ip address (esta ip se afectará a la subinterfaz
frame-relay)
Rosario(config-if)#exit
Rosario(config)#interface
Serial0/2
Rosario(config-if)#no
ip address (esta ip se afectará a la subinterfaz
frame-relay)
Rosario(config-if)#exit
Rosario(config)#interface
Serial0/3
Rosario(config-if)#no
ip address (esta ip se afectará a la subinterfaz
frame-relay)
Rosario(config-if)#exit
Rosario(config)#interface
Serial0/0.1 point-to-point
Rosario(config-subif)# ip
address 220.0.0.1 255.255.255.252 (antes serial0/1)
Rosario(config-subif)# frame-relay
interface-dlci 100 (Punto 4. corresponde a VC BsAs)
Rosario(config-if)#exit
Rosario(config)#interface
Serial0/0.2 point-to-point
Rosario(config-subif)# ip
address 220.0.0.5 255.255.255.252 (antes serial0/2)
Rosario(config-subif)# frame-relay
interface-dlci 101 (Punto 4. corresponde a VC Jujuy)
Rosario(config-subif)# exit
Rosario(config)#interface
Serial0/0.3 point-to-point
Rosario(config-subif)# ip
address 220.0.0.9 255.255.255.252 (antes serial0/3)
Rosario(config-subif)# frame-relay
interface-dlci 102 (Punto 4. corresponde a VC Mendoza)
Rosario(config-subif)#end
Rosario#
Rosario#sh frame-relay
map (verificación capa 2)
Serial0/0.1 (up):
point-to-point dlci, dlci 100, broadcast, status defined, active
Serial0/0.2 (up):
point-to-point dlci, dlci 101, broadcast, status defined, active
Serial0/0.3 (up):
point-to-point dlci, dlci 102, broadcast, status defined, active
Rosario#
Rosario#sh frame-relay
pvc (verificación en capa 2)
PVC Statistics for interface
Serial0/0 (Frame Relay DTE)
DLCI = 100,
DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.1 (BsAs)
input pkts 14055 output pkts 32795 in bytes 1096228
out bytes 6216155 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 32795 out bcast bytes 6216155
DLCI = 101, DLCI USAGE =
LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.2 (Jujuy)
input pkts 14055 output pkts 32795 in bytes 1096228
out bytes 6216155 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 32795 out bcast bytes 6216155
DLCI = 102, DLCI USAGE =
LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.3 (Mendoza)
input pkts 14055 output pkts 32795 in bytes 1096228
out bytes 6216155 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 32795 out bcast bytes 6216155
Rosario#sh ip eigrp nei
(verificación en capa 3)
IP-EIGRP neighbors for
process 10
H Address Interface Hold
Uptime SRTT RTO Q Seq
(sec) (ms)
Cnt Num
0 220.0.0.2 Se
10 00:10:02 40
1000 0 26 (BsAs)
1 220.0.0.6 Se
10 00:05:05 40
1000 0 34 (Jujuy)
2 220.0.0.10 Se 12
00:01:34 40 1000
0 27 (Mendoza)
5. Implantación de ACL:
5.1 Para Rosario
conf t
access-list 101 permit
eigrp any any
access-list 101 permit ip
192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 deny ip
any any
int s0/0.1 (tráfico desde BsAs)
ip access-group 101 in
exit
access-list 102 permit
eigrp any any
access-list 102 permit ip
192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 102 deny ip
any any
int s0/0.2 (tráfico desde Jujuy)
ip access-group 102 in
exit
access-list 103 permit
eigrp any any
access-list 103 permit ip
192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 deny ip
any any
int s0/0.3 (tráfico desde Mendoza)
ip access-group 103 in
exit
5.2 Para BsAs
conf t
access-list 100 permit eigrp
any any
access-list 100 permit ip
192.168.0.0 0.0.3.255 192.168.1.0 0.0.0.255
access-list 100 deny ip
any any
int s0/0
ip access-group 100 in
end
La wildcard es
3.255 para que permita las redes 0.0, 2.0 y 3.0 o sea:
00000000.00000000
00000010.00000000
00000011.00000000
5.3 Para Jujuy
conf t
access-list 100 permit
eigrp any any
access-list 100 permit ip
192.168.0.0 0.0.3.255 192.168.2.0 0.0.0.255
access-list 100 deny ip
any any
int s0/0
ip access-group 100 in
end
La wildcard es
3.255 para que permita las redes 0.0, 1.0 y 3.0 o sea:
00000000.00000000
00000001.00000000
00000011.00000000
5.4 Para Mendoza
conf t
access-list 100 permit
eigrp any any
access-list 100 permit ip
192.168.0.0 0.0.3.255 192.168.3.0 0.0.0.255
access-list 100 deny ip any
any
int s0/0
ip access-group 100 in
end
La wildcard es
3.255 para que permita las redes 0.0, 1.0 y 2.0 o sea:
00000000.00000000
00000010.00000000
00000010.00000000
Verificación
Desde Rosario:
PC>tracert
192.168.1.10 (verifica a BsAs)
Tracing route to
192.168.1.10 over a maximum of 30 hops:
1 47 ms 32 ms
31 ms 192.168.0.1
2 * * * Request
timed out.
3 125 ms 125 ms
109 ms 192.168.1.10
Trace complete.
PC>
PC>tracert
192.168.2.10 (verifica a Jujuy)
Tracing route to
192.168.2.10 over a maximum of 30 hops:
1 31 ms 31 ms
32 ms 192.168.0.1
2 * * * Request
timed out.
3 125 ms 125 ms
93 ms 192.168.2.10
Trace complete.
PC>tracert
192.168.3.10 (verifica a Mendoza)
Tracing route to
192.168.3.10 over a maximum of 30 hops:
1 31 ms 31 ms
31 ms 192.168.0.1
2 * * * Request
timed out.
3 125 ms 125 ms
93 ms 192.168.3.10
Trace complete.
PC>
Desde BsAs:
PC>tracert
192.168.0.10
Tracing route to
192.168.0.10 over a maximum of 30 hops:
1 19 ms 18 ms
31 ms 192.168.1.1
2 * * * Request
timed out.
3 125 ms 125 ms
109 ms 192.168.0.10
Trace complete.
PC>
Desde Jujuy:
PC>tracert
192.168.0.10
Tracing route to
192.168.0.10 over a maximum of 30 hops:
1 31 ms 31 ms
32 ms 192.168.2.1
2 * * * Request
timed out.
3 109 ms 99 ms
125 ms 192.168.0.10
Trace complete.
PC>
Desde Mendoza:
PC>tracert
192.168.0.10
Tracing route to
192.168.0.10 over a maximum of 30 hops:
1 32 ms 31 ms
16 ms 192.168.3.1
2 * * * Request
timed out.
3 125 ms 125 ms
125 ms 192.168.0.10
Trace complete.
PC>
Verificación de ACL (todas las líneas deben
tener paquetes con match)
Rosario#sh access-lists
Extended IP access list
101
permit eigrp any any (57 match(es))
permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255 (17
match(es))
deny ip any any (3 match(es)) (salto
2 del tracert)
Extended IP access list
102
permit eigrp any any (51 match(es))
permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 (17
match(es))
deny ip any any (3 match(es)) (salto
2 del tracert)
Extended IP access list
103
permit eigrp any any (47 match(es))
permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255 (14
match(es))
deny ip any any (3 match(es)) (salto
2 del tracert)
Rosario#
BsAs#sh access-lists
Extended IP access list
100
permit eigrp any any (295 match(es))
permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.3.255 (27
match(es))
deny ip any any (6 match(es)) (salto
2 del tracert)
BsAs#
Jujuy#sh access-lists
Extended IP access list
100
permit eigrp any any (297 match(es))
permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.3.255 (17
match(es))
deny ip any any (3 match(es)) (salto
2 del tracert)
Jujuy#
Mendoza#sh access-lists
Extended IP access list 100
permit eigrp any any (304 match(es))
permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.3.255 (17
match(es))
deny ip any any (3 match(es)) (salto
2 del tracert)
Mendoza#
(2012) Tales for winners from uncle Ernest
Rosario, Argentina