Lab 8.1.3 Simulating WAN Connectivity
Step 1: Connect the PCs to the router console ports
a. Referring to the topology diagram, connect a console cable from PC1 to the console port on R1. Connect a consolecable from PC2 to the console port on R2.
b. Apply power to all PCs and routers.
c. Open a HyperTerminal session on each PC and establish a session to the respective router.
Step 2: Configure the serial interface on R1
Within the global configuration mode of R1, enter the following commands:
Router(config)#hostname Router1
Router1(config)#interface serial 0/1/0
Router1(config-if)#ip address 192.168.1.1 255.255.255.0
Router1(config-if)#no shutdown
Router1(config-if)#end
Router1#
Step 3: Configure the serial interface on R2
Within the global configuration mode of R2, enter the following commands:
Router(config)#hostname Router2
Router2(config)#interface serial 0/1/1
Router2(config-if)#ip address 192.168.1.2 255.255.255.0
Router2(config-if)#clock rate 56000
Router2(config-if)#no shutdown
Router2(config-if)#end
Router2#
Step 4: View the show interface output
a. On Router1, issue the show interface serial 0/1/0 command from the privileged EXEC
mode to view the encapsulation type.
Router1#show interface serial 0/1/0
Serial0/1/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:09, output 00:00:08, output hang never
Last clearing of “show interface” counters 00:19:54
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
14 packets input, 980 bytes, 0 no buffer
Received 9 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
14 packets output, 1026 bytes, 0 underruns
0 output errors, 0 collisions, 8 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=down DTR=up RTS=up CTS=up
What is the encapsulation type?
HDLC
b. On Router2, issue the show interface serial 0/1/1 command from the privileged EXEC
mode to view the encapsulation type.
Router2#show interface serial 0/1/1
Serial0/1/1 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 00:00:05, output 00:00:06, output hang never
Last clearing of “show interface” counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
9 packets input, 616 bytes, 0 no buffer
Received 4 broadcasts, 0 runts, 0 giants, 0 throttles
2673 input errors, 2673 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort
101 packets output, 4001 bytes, 0 underruns
0 output errors, 0 collisions, 43 interface resets
0 output buffer failures, 0 output buffers swapped out
5 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
What is the encapsulation type?
HDLC
Step 5: Test router connectivity
From Router2, ping Router1 to test connectivity.
Router2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
If the ping is unsuccessful, troubleshoot the routers until connectivity is attained.
Step 6: Change the encapsulation type to PPP
From the privileged EXEC mode, issue the following commands to change the encapsulation type on the
connecting serial interfaces of both routers to PPP.
Router1#config terminal
Router1(config)#interface serial 0/1/0
Router1(config-if)#encapsulation ppp
Router1(config-if)#end
Router1#
Router2#config terminal
Router2(config)#interface serial 0/1/1
Router2(config-if)#encapsulation ppp
Router2(config-if)#end
Router2#
Step 7: View the show interface output
a. On Router1, issue the show interface serial 0/1/0 command from the privileged EXEC
mode to view the encapsulation type.
Router1#show interface serial 0/1/0
Serial0/1/0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, loopback not set
Keepalive set (10 sec)
Last input 00:00:18, output 00:00:03, output hang never
Last clearing of “show interface” counters 00:01:49
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31 packets input, 1837 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
40 packets output, 2960 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
8 carrier transitions
DCD=up DSR=down DTR=up RTS=up CTS=up
b. On Router2, issue the show interface serial 0/1/1 command from privileged EXEC mode to
view the encapsulation type.
Router2#show interface serial 0/1/1
Serial0/1/1 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load
1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of “show interface” counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
54 packets input, 4042 bytes, 0 no buffer
Received 28 broadcasts, 0 runts, 0 giants, 0 throttles
2673 input errors, 2673 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort
137 packets output, 6252 bytes, 0 underruns
0 output errors, 0 collisions, 47 interface resets
0 output buffer failures, 0 output buffers swapped out
5 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Can the serial interface on Router2 be pinged from Router1?
Ya
Can the serial interface on Router1 be pinged from Router2?
Ya
If the answer is no for either question, troubleshoot the router configurations to find the error.
Then issue the pings again until the answer to both questions is yes.
Step 8: Configure PPP authentication on R1 with CHAP
a. Configure the CHAP username and password on the R1 router. The username must be identical to
the hostname of the other router. Both the password and usernames are case-sensitive. Define the
username and password to expect from the remote router. On Cisco routers, the secret password
must be the same for both routers.
Router1(config)#username Router2 password cisco
Router1(config)#interface serial 0/1/0
Router1(config-if)#ppp authentication chap
Router1(config-if)#end
Router1#
Step 9: Configure PPP authentication on R2 with CHAP
a. Configure the CHAP username and password on the R2 router. The passwords must be the
same on both routers. The username must be identical to the hostname on the other router. Both
the password and user names are case-sensitive. Define the username and password to expect
from the remote router.
Router2(config)#username Router1 password cisco
Router2(config)#interface serial 0/1/1
Router2(config-if)#ppp authentication chap
Router2(config-if)#end
Router2#
Step 10: Verify that the serial connection is functioning
Verify that the serial connection is functioning by pinging the serial interface of R1.
Was it successful?
yes
Router2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms
Why or why not?
Jawab:
Kedua router menggunakan PPP dengan CHAP dan username yang sesuai dan password diatur pada kedua router.
Step 12: Clean up
a. Erase the configurations and reload the routers.
b. Disconnect and store the cabling.
c. For PC hosts that are normally connected to other networks (such as the school LAN or to the
Internet), reconnect the appropriate cabling and restore the TCP/IP settings.
Lab 8.2.2 Creating a WAN Connectivity Test Plan
Task 1: Review the Supporting Documentation
Step 1: Refer to the WAN Design Test Plan document provided for this lab
Download the WAN Design Test Plan. What is the purpose of this WAN design test? Which elements
of the design will be tested using this plan?
The purpose of this prototype is to demonstrate the use of Frame Relay WAN links to connect a remote site router to a central site router through a router that simulates a Frame Relay switch. Backup Ethernet links from the remote site and central site to a 4th router simulate a VPN backup capability and provide an alternate path in the event that one of the Frame Relay WAN links goes down.
a. Document the purpose of the test in the Introduction section of the WAN Design Test Plan.
b.Review the tests that will be run to validate the prototype.
Step 2: Review the equipment needed to perform the tests
Review the list of all equipment needed to build the prototype and to perform the tests. Be sure to include
cables, optional connectors or components, and software. If the recommended equipment is not available in your lab, discuss possible substitutes with your instructor and classmates, based on interface requirements of the topology.
a. If substitute equipment must be used, list the devices here:
b. Determine the amount of each type of cabling necessary to create the prototype test topology. Record the information on the Equipment chart in the WAN Design Test Plan.
c. Document any special configuration or cabling issues that might arise if substitute equipment is used.
Task 2: Document information regarding Test 1
Task 3: Document information regarding Test 2
Task 4: Reflection / Challenge
Why is Frame Relay a good choice as a primary WAN technology?
Ini adalah teknologi yang fleksibel yang banyak didukung oleh peralatan vendor. Layanan ini biasanya tersedia dari sebagian besar penyedia layanan Telecom (TSPS). Memberikan kestabilan data digital link dengan berbagai CIRs tergantung pada kebutuhan pelanggan. Mendukung berbagai topologi. SLA biasanya available.
When is it most important to have a backup link? How does a backup link compare to a redundant link?
Link Backup diperlukan ketika hilangnya link primer yang akan menyebabkan hilangnya akses ke sumber daya kritis. Ini adalah biaya / resiko keputusan yang dibuat oleh sebuah organisasi.
Lab 8.2.5 Configuring and Verifying WAN Backup Links
Task 1: Build the Network. Task Complete
Step 1 Connect devices
a. Connect the routers as shown in the topology diagram. Refer to the Test Plan in Lab 8.2.2 for cabling
required.
b. For each of the routers to be configured, use the erase startup-config and the reloadcommands from the privileged EXEC prompt, to ensure that you are starting with a clean configuration.
Task 2: Configure Router ISPX as a Backup. Task Complete
Step 1: Perform basic configuration of the ISPX router
Connect a PC to the console port of the router to perform configurations using a terminal emulation
program.
Configure the router with hostname, passwords, message-of-the–day, and no ip domain lookup.
Router(config)#hostname ISPX
ISPX(config)#line console 0
ISPX(config-line)#password cisco
ISPX(config-line)#login
ISPX(config-line)#exit
ISPX(config)#line vty 0 4
ISPX(config-line)#password cisco
ISPX(config-line)#login
ISPX(config-line)#exit
ISPX(config)#enable password cisco
ISPX(config)#enable secret class
ISPX(config)#no ip domain-lookup
ISPX(config)#banner motd #Unauthorized use prohibited#
Step 2: Configure ISPX router FastEthernet interfaces
Configure the FastEthernet interfaces for the backup links to the Edge2 and BR3 routers. Configure a
description and the IP address, and activate each interface.
Step 3: Configure a static route on the ISPX router to the FilmCompany local network
On the ISPX router, configure a normal static route to the BR3 network 172.18.225.0/25 via the Fa0/0
interface on BR3.
Step 4: Configure a static route on the ISPX router to the stadium local network
On the ISPX router, configure a normal static route to the Edge2 network 172.18.3.0/24 via the Fa0/1
interface on Edge2.
Task 3: Configure the Stadium Edge2 Router. Task Complete:
Step 1: Perform basic configuration of the router
Connect a PC to the console port of the router to perform configurations using a terminal emulation program. Erase and reload the router before starting.
Configure the router with a hostname, passwords, message-of-the–day, and no ip domain lookup.
Step 2: Configure stadium router Edge2 interfaces
Configure the Serial 0/1/1 interface with Frame Relay encapsulation. Configure a point-to-point
subinterface for DLCI 110.
Edge2(config)#interface serial0/1/1
Edge2(config-if)#description primary link to BR3
Edge2(config-if)#encapsulation frame-relay
Edge2(config-if)#no shutdown
Edge2(config-if)#interface serial0/1/1.110 point-to-point
Edge2(config-subif)#ip address 172.18.0.9 255.255.255.252
Edge2(config-subif)#frame-relay interface-dlci 110
Edge2(config-fr-dlci)#end
Configure FastEthernet 0/0 interface for the stadium LAN network 172.18.3.0/24.
Configure FastEthernet 0/1 interface for the backup link to the ISPX router per the topology diagram.
Step 3: Configure a dynamic routing protocol on stadium router Edge2
On Edge2, configure the EIGRP routing protocol to advertise the 172.18.3.0/24 network and the
172.18.0.8/30 network. Use EIGRP process ID 10. Disable auto-summary.
Configure EIGRP MD5 authentication to accept updates from the FilmCompany router BR3 on the Frame Relay subinterface.
Sample steps to configure EIGRP authentication are:
Edge2#configure terminal
Edge2(config)#key chain MYCHAIN
Edge2(config-keychain)#key 1
Edge2(config-keychain-key)#key-string securetraffic
Edge2(config-keychain-key)#exit
Edge2(config)#interface serial 0/1/1.110
Edge2(config-subif)#ip authentication mode eigrp 10 md5
Edge2(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN
Edge2(config-subif)#end
Edge2#
Until EIGRP and MD5 configuration are complete on router BR3, no EIGRP updates will be received.
The debug eigrp packet command can be used to view the EIGRP exchange as it is occurring
between the routers.
Task 4: Configure the FilmCompany BR3 Router. Task Complete:
Step 1: Perform basic configuration of the router
Connect a PC to the console port of the router to perform configurations using a terminal emulation
program. Erase and reload the router before starting.
Configure the router with a hostname, passwords, message-of-the–day, and no ip domain lookup.
Step 2: Configure router BR3 interfaces
Configure Serial 0/1/0 interface with Frame Relay encapsulation. Configure a point-to-point
subinterface for DLCI 100.
BR3(config)#interface serial0/1/0
BR3(config-if)#description primary link to Edge2
BR3(config-if)#encapsulation frame-relay
BR3(config-if)#no shutdown
BR3(config-if)#interface serial0/1/0.100 point-to-point
BR3(config-subif)#ip address 172.18.0.10 255.255.255.252
BR3(config-subif)#frame-relay interface-dlci 100
BR3(config-fr-dlci)#end
Configure FastEthernet 0/1 interface for the FilmCompany LAN network 172.18.225.0/25.
Configure FastEthernet 0/0 interface for the backup link to the ISPX router per the topology diagram.
Step 3: Configure the dynamic routing protocol on router BR3
On BR3, configure the EIGRP routing protocol to advertise the 172.18.225.0/25 network and the
172.18.0.8/30 network. Use EIGRP process ID 10. Disable auto-summary.
Configure EIGRP MD5 authentication to accept routing updates from the Edge2 router on interface
serial0/1/0.100.
BR3#configure terminal
BR3(config)#key chain MYCHAIN
BR3(config-keychain)#key 1
BR3(config-keychain-key)#key-string securetraffic
BR3(config-keychain-key)#exit
BR3(config)#interface serial 0/1/0.100
BR3(config-subif)#ip authentication mode eigrp 10 md5
BR3(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN
BR3(config-subif)#end
When authentication is configured, both Edge2 and BR3 should begin accepting EIGRP updates. Use
the show ip route command to verify that the routes to the LAN devices have been learned.
Until EIGRP and MD5 configuration are complete on router BR3, no EIGRP updates will be received
successfully. The command debug eigrp packet shows when EIGRP authentication is
successful. Example output of the debug eigrp packet command once BR3 is correctly
configured is shown below:
BR3#debug eigrp packet
00:47:04: EIGRP: received packet with MD5 authentication, key id = 1
00:47:04: EIGRP: Received HELLO on Serial0/1/0.100 nbr 172.18.0.9
Task 5: Conduct Primary Frame Relay Link Testing Based on the Test Plan. Task
Complete:
Execute the procedures outlined in Test 1 to test the simulated Frame relay network. Record the results of the tests in the Test 1: Results and Conclusions section.
Step 1: Console into routers Edge2 and BR3 and verify the basic configuration, IP addressing, Frame Relay
Issue the show running-config command for each of the routers to verify passwords, IP addressing, and Frame Relay configuration. See end of lab for router configs.
Step 2: Verify the Frame Relay configuration on Edge2, BR3, and FR1
Use show frame-relay commands to verify the Frame Relay configurations. See Lab 8.2.4 for command output.
show frame-relay map – Status of point-to-point links
show frame-relay pvc – Permanent Virtual Circuit (PVC) status and statistics
show frame-relay lmi – Local Management Interface (LMI) statistics
show frame-relay route – DLCI/interface routing (FR1 switch only)
Step 3: Verify routing table contents on router Edge2
Display the routing table for Edge2 using the show ip route command.
Edge2#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.18.0.248/30 is directly connected, FastEthernet0/1
D 172.18.225.0/25
[90/2172416] via 172.18.0.10, 00:09:33, Serial0/0/1.110
C 172.18.0.8/30 is directly connected, Serial0/0/1.110
C 172.18.3.0/24 is directly connected, FastEthernet0/0
Is there an EIGRP route to the FilmCompany LAN 172.18.225.0/25?
Ya
What is the AD of this route?
90
What is the next hop IP address to get to this network?
172.18.0.10 (F/R link)
Does the primary route take the Frame Relay link?
Ya
Step 4: Verify routing table contents on router BR3
Display the routing table for BR3 using the show ip route command.
BR3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.18.225.0/25 is directly connected, FastEthernet0/1
C 172.18.225.248/30 is directly connected, FastEthernet0/0
C 172.18.0.8/30 is directly connected, Serial0/0/0.100
D 172.18.3.0/24 [90/2172416] via 172.18.0.9, 00:11:59,
Serial0/0/0.100
Is there an EIGRP route to the Edge2 network 172.18.3.1/24?
Ya
What is the AD of this route?
90
Step 5: Verify routing table contents on router ISPX
Display the routing table for ISPX using the show ip route command.
ISPX#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user
static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.18.0.248/30 is directly connected, FastEthernet0/1
S 172.18.225.0/25 [1/0] via 172.18.225.249
C 172.18.225.248/30 is directly connected, FastEthernet0/0
S 172.18.3.0/24 [1/0] via 172.18.0.249
Are there any EIGRP routes?
Tidak
Why or why not?
ISPX router tidak menjalankan protokol EIGRP.
Are there any static routes and if so, to what network?
Ya, pada BR3 LAN network 172.18.225.0/25 dan pada Edge2 LAN network 172.18.3.0/24
What is the purpose of these static routes?
Menyediakan rute dari Edge2 untuk LAN BR3 melalui router ISPX. Jika ISP tidak akan tahu bagaimana untuk sampai ke sana.
Step 6: Test IP connectivity between routers Edge2 and BR3 via the primary Frame Relay link
Ping from Edge2 to the IP address of host PC2. Was the ping successful?
Ya
If not, troubleshoot until successful.
Ping from BR3 to the IP address of host PC1.
Was the ping successful?
Ya
If not, troubleshoot until successful.
Verify that traffic is taking the correct path by using the traceroute command.
Turn off all debugging using the undebug all command.
Record all results in the WAN Design Test Plan document in the Test 1: Results and Conclusions section.
Perform Test 2: Backup Link Configuration Test
Task 6: Configure floating static routes. Task Complete:
Step 1: Configure a floating static route on Edge2 and BR3 via the primary Frame Relay link.
On Edge2, configure a static route to the FilmCompany LAN (172.18.225.0/25) using the next hop
address of the interface Fa0/1 on router ISPX. Configure the administrative distance on the floating
static routes to be 130, greater than the administrative distance of the EIGRP learned route.
On BR3, configure a static route to the stadium LAN (172.18.3.0/24) using the next hop address of
the interface Fa0/0 on router ISPX. Configure the administrative distance on the floating static route
to be 130, greater than the administrative distance of the EIGRP learned route.
Task 7: Conduct Backup Link Test. Task Complete:
Step 1: Test the backup link though the ISPX router by taking down the primary Frame Relay link
Cause the Frame Relay link from Edge2 to FR1 to fail by shutting down the Serial 0/1/1 interface.
Step 2: Verify routing table contents on router Edge2
Display the routing table for Edge2 using the show ip route command.
Edge2#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user
static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 3 subnets, 3 masks
C 172.18.0.248/30 is directly connected, FastEthernet0/1
S 172.18.225.0/25 [130/0] via 172.18.0.250
C 172.18.3.0/24 is directly connected, FastEthernet0/0
Is there an EIGRP route to the FilmCompany network 172.18.225.0/25 now?
Tidak
Is the floating static backup route to the FilmCompany network 172.18.225.0/25 that you defined
earlier now present?
Ya
What is the AD of this route?
130
What is the next hop IP address to get to the 172.18.225.0/25 network?
172.18.0.250 (ISPX Fa0/1 link)
Does the backup route take the ISPX link?
Ya
Step 3: Verify routing table contents on router BR3
Display the routing table for BR3 using the show ip route command.
BR3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
level-2
ia – IS-IS inter area, * – candidate default, U – per-user static
route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 3 subnets, 3 masks
C 172.18.225.0/25 is directly connected, FastEthernet0/1
C 172.18.225.248/30 is directly connected, FastEthernet0/0
S 172.18.3.0/24 [130/0] via 172.18.225.250
Continue to issue the show ip route command until the EIGRP route is gone and the floating
static route is installed, otherwise ping responses (echo reply) cannot be sent back to Edge2.
Is there an EIGRP route to the Edge2 network 172.18.3.0/24?
Tidak
Is there a floating static route?
Ya
What is the AD of this route?
130
What is the next hop IP address to get to the 172.18.3.0/24 network?
172.18.225.250 (ISPX Fa0/0)
Step 4: Test IP connectivity between routers Edge2 and BR3 via the backup Ethernet link
a. Ping from PC1 on Edge2 to the IP address of host PC2.
Was the ping successful?
Ya
If not, troubleshoot until successful.
Verify that traffic is taking the backup link by using the tracert command from PC1 to PC2. Record the results in the WAN Design Test Plan section Test 2: Results and Conclusions.
Turn off any debugging using the undebug all command.
Step 5: Clean up
Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are
normally connected to other networks (such as the school LAN or to the Internet), reconnect the
appropriate cabling and restore the TCP/IP settings.
Task 8: Reflection / Challenge
When is it most important to have a backup link? How does a backup link compare to a redundant link?
Link Backup diperlukan ketika hilangnya link primer yang akan menyebabkan hilangnya akses ke sumber daya kritis. Ini adalah biaya / resiko keputusan yang dibuat oleh sebuah organisasi.
This lab uses the RIP dynamic routing protocol and floating static routes to demonstrate primary and backup routes. Would it be possible to use all static routes and no dynamic routing protocol?
Ya, tapi rute statis untuk semua lokasi jaringan harus ditetapkan untuk komunikasi end-to–end
antara jaringan. Harus ada rute untuk mencapai tujuan jaringan dan rute di tempat tujuan untuk kembali, agar komunikasi dua arah terjadi.
Lab 8.2.6 Evaluating the Prototype Test
Step 1: Identify if weaknesses are present in the design
Is the Frame Relay WAN design able to scale to meet the expected growth?
Ya, layanan Frame Relay biasanya sangat terukur. CIR tambahan dapat dibeli dan sirkuit tambahan dapat ditambahkan jika diperlukan.
Do the results of the prototype test indicate that the Frame Relay configuration will work as expected?
Karena sebuah router bertindak sebagai saklar Frame Relay simulasi, tidak ada cara untuk menguji bandwidth dan kinerja Frame Relay nyata switched jaringan. Karena tidak mungkin untuk menguji kemampuan melalui jaringan Frame Relay TSP sebenarnya ada risiko yang berkaitan dengan desain.
Are there any weaknesses associated with using the VPN connections as backup to the Frame Relay WAN?
Walaupun pengujian memverifikasi bahwa fungsi Ethernet berbasis simulasi backup, ini tidak cukup mensimulasikan penggunaan link VPN sebagai link Fast Ethernet jauh lebih cepat daripada VPN khas. Daerah yang paling kritis risiko adalah kinerja dari link VPN sebagai backup dalam jaringan nyata. Apabila komponen suara dan video dari jaringan ditambahkan ke WAN lalu lintas yang ada, mungkin ada masalah kualitas layanan jika koneksi VPN harus digunakan. VPN arus melalui ISP tidak memiliki tingkat jaminan pelayanan. Selain itu, tidak memiliki mekanisme untuk menyediakan QoS. Akibatnya, link cadangan hanya bisa menyediakan konektivitas terbatas dalam hal kegagalan.
Will a failure of the primary link cause the FilmCompany to lose connectivity to the Stadium LAN?
Tidak, link backup dengan rute statis mengambang akan diaktifkan untuk menyediakan konektivitas ketika F primer / link R gagal.
Does the EIGRP authentication provide for a secure transmission of the routing updates?
Ya, meskipun penggunaan Pesan Digest 5 (MD5). Kombinasi kunci pengenal dan antarmuka yang terkait dengan pesan unik mengidentifikasi algoritma otentikasi dan kunci MD5 otentikasi digunakan.
Step 2: Determine what the risks are of not correcting the weaknesses
If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to
FilmCompany?
Risikonya adalah bahwa jaringan Frame Relay bawah beban aktual pengguna yang sebenarnya tidak akan melakukan serta link disimulasikan dalam prototipe. Juga, linkVPN cadangan disimulasikan mungkin tidak bekerja seperti yang diharapkan dalam hal pemulihan menggunakan link VPN nyata bukan link FastEthernet simulasi. Penerimaan akhir dari desain mungkin harus menunggu sampai hasil instalasi pilot diketahui.
Step 3: Suggest ways that the design can be improved to reduce the risk
In what ways could the proposed design be improved to reduce the areas of risk?
Jika waktu dan uang mengizinkan, uji coba dapat dijalankan di mana sirkuit F/R sementara dengan CIR tertentu bisa dipasang dengan kerjasama layanan yang disediakan dan beban uji simulasi dapat dihasilkan pada berbagai waktu untuk memastikan kinerja di bawah tinggi –volume kondisi. Tingkat perjanjian layanan (SLA) juga bisa dinegosiasikan untuk menyediakan asuransi yang rangkaian akan bekerja seperti yang diharapkan selama periode beban puncak. Sehubungan dengan link backup VPN, pilot dapat termasuk penggunaan koneksi VPN aktual melalui link DSL ke lebih akurat menunjukkan kemampuan pemulihan dari desain yang diusulkan.
Step 4: Document the weaknesses and risks on the test plan
In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested improvements.
Step 4: Reflection
Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected?
Adalah penting untuk mengidentifikasi kelemahan dan risiko dalam desain yang diusulkan sebelum menyajikannya kepada pelanggan untuk memastikan bahwa pelanggan memahami keterbatasan prototipe dan tidak mengarah pada memiliki harapan yang tidak realistis berdasarkan prototipe. Mungkin tidak mungkin untuk mengimbangi semua kelemahan yang dapat diidentifikasi karena waktu, uang atau kendala personil. Risiko harus dianalisa dan seimbang terhadap variabel-variabel lainnya.
Lab 8.3.2 Creating a VPN Connectivity Test Plan
Step 1: Review the VPN Design Test Plan
Review the VPN Design Test Plan. Note the tests that the designer indicates are necessary to perform using the prototype network.
Test 1: Description and purpose:
EasyVPN Server Setup Verifikasi
Test 2: Description and purpose:
Konektivitas Test Klien VPN
Step 2: Review the Equipment section
Which device will be used as the VPN server in the prototype network? 1841 Router
What IOS version is necessary to configure the EasyVPN server? Advanced Layanan IP versi 12,4 atau di atas dan Cisco SDM
Is equipment available in your lab with the correct IOS to build the prototype network configuration?
Step 3: Review the Design and Topology section
At the top of this lab, the actual VPN topology is shown, as well as the topology being used in the prototype test. Compare both topologies. Remote workers usually connect to the Internet and then use client software to create the VPN tunnel to the server. In the prototype environment, the connection between the VPN client and the VPN server is a much more direct connection.
What is the risk of testing the VPN operation in a prototype environment?
Kondisi dunia nyata tidak dapat dengan mudah disimulasikan. Server VPN akan memberikan alamat logis ke remote host H1 yang berlaku di jaringan internal. Alamat ini akan ditugaskan secara dinamis, ketika terowongan VPN dibuat.
Step 4: Review the Test 1 Description, Procedures, and Expected Results sections
The designer needs to verify that the EasyVPN server can be configured and managed by the existing
personnel. It is important to document how the Cisco SDM software can be used to configure and manage the VPN server.
Step 5: Review the Test 2 Description, Procedures, and Expected Results sections
Read through the Test 2 information in the test plan. Determine an appropriate goal for Test 2 and fill in the table in the VPN Design Test Plan.
After reading the Procedures section, what do you think would be a successful outcome of completing the
Test 2 procedures?
Successful connection to the VPN server using the external VPN client
Successful tunnel establishment
VPN client has received an internal IP address from the VPN server.
VPN client can ping an internal host or connect to an internal server service
Record your answers in the Expected Results and Success Criteria section for Test 2.
Reflection / Challenge
Why do you think it is important to test the VPN operation in a pilot installation, as well as a prototype test?
Implementasi pilot dapat menguji konfigurasi dan operasi dalam lingkungan dunia nyata.
What are the benefits of managing the VPN server with internal personnel, rather than using the ISP to
manage it?
Hal ini lebih fleksibel. Mengurangi biaya. Lebih mudah untuk menambahkan klien tambahan.
yossihanifahusna
Yossi Hanifa Husna's Blog 