CCIE Routing & Switching Advanced Technologies Class

Transcript

1	Introduction	0h 43m
2	Using the Cisco Documentation	0h 52m
3	Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP	0h 47m
4	VTP, VTP Authentication, VTP Pruning	1h 02m
5	VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs	0h 48m
6	VLAN and VTP Review	0h 19m
7	SVIs, Native Routed Interfaces, Router-on-a-Stick	0h 46m
8	Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel	0h 57m
9	802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling	1h 03m
10	STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority	1h 46m
11	STP Review	0h 12m
12	STP Timers, STP PortFast	0h 34m
13	STP UplinkFast	0h 11m
14	STP BackboneFast	0h 12m
15	STP BPDU Filter	0h 13m
16	STP BPDU Guard	0h 11m
17	STP Root Guard	0h 11m
18	STP Loop Guard, Unidirectional Link Detection (UDLD)	0h 11m
19	Multiple Spanning-Tree Protocol (MST)	0h 40m
20	Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST	0h 18m
21	MST with Multiple Regions	0h 33m
22	Flex Links	0h 16m
23	Frame Relay	0h 39m
24	Frame Relay Configuration Part 1	0h 34m
25	Frame Relay Configuration Part 2	0h 41m
26	Frame Relay Switching	0h 27m
27	Back-to-Back Frame Relay	0h 08m
28	Frame-Relay End-to-End Keepalives	0h 18m
29	PPP, PPP PAP Authentication, PPP CHAP Authentication	0h 59m
30	PPPoFR, PPPoE	0h 40m
31	Transparent Bridging, IRB	0h 32m
32	Fallback Bridging	0h 14m
33	IP Routing Overview, Switching Paths, Static Routing	0h 42m
34	Static Routing Examples	0h 25m
35	IP Default-Gateway, IP Default-Network	0h 14m
36	On-Demand Routing (ODR)	0h 07m
37	Floating Static Routes	0h 10m
38	Backup Interface	0h 29m
39	Enhanced Object Tracking, IP SLA, Reliable Static Routing	0h 21m
40	Policy Routing	0h 43m
41	GRE Tunneling, GRE Recursive Routing Errors	0h 27m
42	Reliable Backup Interface with GRE	0h 25m
43	RIP Overview, RIP Versions, RIP Auto-Summary	0h 48m
44	RIP Split-Horizon, RIP Timers	0h 22m
45	RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks	0h 16m
46	RIP Unicast Updates	0h 03m
47	RIP Offset-List	0h 18m
48	RIP Authentication	0h 11m
49	RIP Summarization	0h 10m
50	Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering	0h 48m
51	RIP Default Routing, RIP Conditional Default Routing	0h 18m
52	RIP Triggered, RIP Validate Update Source,	0h 12m
53	EIGRP Overview	0h 29m
54	EIGRP Auto-Summary	0h 07m
55	EIGRP Split-Horizon	0h 11m
56	EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface	0h 24m
57	EIGRP Hello-Interval, EIGRP Hold-Time	0h 05m
58	EIGRP Authentication	0h 11m
59	EIGRP Time Based Authentication	0h 25m
60	EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering	0h 47m
61	EIGRP Unequal Cost Load Balancing, EIGRP Variance	0h 19m
62	EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map	0h 28m
63	EIGRP Stub Router Advertisement	0h 22m
64	EIGRP Default Routing	0h 13m
65	EIGRP Route Filtering	0h 11m
66	EIGRP Router-ID	0h 07m
67	Miscellaneous EIGRP Features	0h 02m
68	OSPF Overview	0h 27m
69	Establishing OSPF Adjacencies, Understanding the OSPF Database	0h 43m
70	OSPF Network Type Broadcast, OSPF DR/BDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint	0h 56m
71	OSPF Network Type Point-to-Point, OSPF Network Type Mismatch	0h 13m
72	OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost	0h 17m
73	OSPF Network Type Loopback	0h 02m
74	OSPF Path Selection	0h 27m
75	OSPF Convergence Timers	0h 09m
76	OSPF Authentication	0h 12m
77	OSPF Summarization	0h 32m
78	OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs	0h 40m
79	Controlling OSPF NSSA Redistribution	0h 02m
80	OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression	0h 24m
81	Route Redistribution Overview	0h 36m
82	Route Redistribution Configuration & Verification, Connected Redistribution	0h 22m
83	OSPF External Path Selection, TCL PING Scripting	0h 33m
84	Routing Loops Overview, EIGRP Route Loop Prevention	0h 55m
85	Metric Based Routing Loops, Route Tagging	0h 46m
86	Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile	0h 58m
87	BGP Overview, BGP Peering Types	0h 51m
88	Establishing BGP Peerings, EBGP Multihop, BGP Neighbor Disable Connected Check, BGP TTL Security	0h 49m
89	BGP 4-Byte ASNs	0h 20m
90	BGP Local AS, BGP Peer Groups	0h 30m
91	BGP Next-Hop Self, BGP Next-Hop Processing	0h 30m
92	BGP Route Reflectors	0h 37m
93	Large Scale BGP Route Reflectors with Clusters	0h 34m
94	BGP Confederation	0h 37m
95	BGP NLRI Advertisements, BGP Network Statement, BGP Redistribution	0h 43m
96	BGP Aggregation, BGP Aggregation & Summary-Only, BGP Aggregation & Unsuppress-Map	0h 46m
97	BGP Origin, BGP Aggregation & AS-Set, BGP Aggregation & Advertise-Map	0h 22m
98	BGP Conditional Route Injection	0h 21m
99	BGP Bestpath Selection, BGP Multipath, BGP Weight	0h 53m
100	BGP Local Preference, BGP Local Preference and Communities, BGP AS-Path Prepending,	0h 30m
101	BGP MED, BGP MED Missing As Worst, BGP Deterministic MED	0h 34m
102	BGP Communites, BGP Regular Expressions	0h 43m
103	BGP Filtering, BGP Convergence Timers, BGP Default Routing, Miscellaneous BGP Features	0h 24m
104	MPLS Overview, MPLS Label Distribution Protocol (LDP)	1h 05m
105	MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)	0h 40m
106	MPLS Layer 3 VPNs Overview, VRF Lite	0h 36m
107	MPLS Layer 3 VPNs and VPNv4 BGP	1h 08m
108	MPLS Layer 3 VPN Verification & Troubleshooting	0h 49m
109	MPLS Layer 3 VPN OSPF PE-CE Routing Overview	0h 06m
110	MPLS Layer 3 VPN OSPF PE-CE Routing Path Selection & Sham-Links	2h 01m
111	MPLS Layer 3 VPN OSPF PE-CE Routing Loop Prevention & Down-Bit, OSPF Capability VRF-Lite	0h 40m
112	IPv6 Overview, IPv6 ICMPv6 ND, IPv6 over NBMA	0h 44m
113	IPv6 Routing Overview, IPv6 Static Routing	0h 28m
114	IPv6 RIPng	0h 20m
115	IPv6 EIGRPv6	0h 09m
116	IPv6 OSPFv3	0h 31m
117	MP-BGP for IPv6	0h 26m
118	IPv6 Tunneling	1h 13m
119	Multicast Overview, IGMP	0h 34m
120	PIM Overview	0h 18m
121	PIM Dense Mode	1h 03m
122	PIM Sparse Mode	0h 30m
123	PIM Sparse Mode Configuration	0h 36m
124	PIM Sparse Mode RPF & RP Troubleshooting	0h 27m
125	Auto-RP, Multicast over GRE Tunnels	0h 53m
126	Bootstrap Router (BSR), Bidirectional PIM, Source Specific Multicast (SSM)	0h 40m
127	MSDP, Anycast RP	0h 27m
128	IPv6 Multicast Routing	0h 24m
129	QoS Overview, IntServ QoS, DiffServ QoS, IP Precedence, DSCP, MQC, HQF	0h 41m
130	MQC Classification	0h 44m
131	FIFO, FQ, WFQ, CBWFQ, HQF	0h 50m
132	LLQ	0h 23m
133	WRED	0h 31m
134	Traffic Shaping, Traffic Policing	0h 40m
135	Frame Relay Traffic Shaping (FRTS)	0h 33m
136	RSVP	0h 07m
137	Catalyst 3560 QoS	1h 00m
138	IOS Security Overview, Access Lists (ACLs)	0h 58m
139	Time Based ACLs, Dynamic ACLs	0h 33m
140	Reflexive ACLs	0h 21m
141	TCP Intercept, Content Based Access Control (CBAC)	0h 34m
142	Zone Based Policy Firewall (ZBPF)	1h 09m
143	AAA, Local Authentication, Local Authorization, Role Based CLI Access	0h 43m
144	Port Security, Static CAM Entries, Storm Control, 802.1X Authentication, PACLs, RACLs, VLAN Access Maps (VACLs)	0h 48m
145	DHCP Snooping, Dynamic ARP Inspection (DAI), IP Source Guard	0h 12m
146	Protected Ports, Private VLANs	0h 25m
147	IP Services Overview, HSRP	1h 10m
148	VRRP, GLBP	0h 28m
149	NAT	0h 42m
150	DHCP, DNS	0h 30m
151	NetFlow	0h 09m
152	WCCP, Miscellaneous IP Services	0h 06m
153	System Management Overview, NTP, NTP Authentication	0h 24m
154	SNMP, RMON	0h 38m
155	Syslog, Telnet, SSH, Banners	0h 21m
156	EEM Scripting, Miscellaneous System Management	0h 26m
Total Duration		81h 59m

Slides - Diagrams

Slides - Introduction

Slides - Ethernet Switching

Slides - Advanced Ethernet Switching

Slides - Frame Relay

Slides - PPP

Slides - Transport Bridging

Slides - Redistribution

Slides - IOS Security

Slides - Layer 2 Security

Slides - IP Services

Slides - System Management

0:00:12	So, as I mentioned here, one of the key advantages
0:00:15	of running PPP over different types of media
0:00:21	is that it adds the PPP specific features like the authentication, the multi-link, the reliability
0:00:28	to interfaces that don't normally support that.
0:00:32	One of them we see here is running PPP over frame relay,
0:00:36	which would allow us to multi-link, multiple frame relay permanent virtual circuits together
0:00:42	before frame relay introduce its own multi-link protocol,
0:00:45	PPP was the way that we could do that.
0:00:47	But we could also use it for fragmentation if we're doing some sort of
0:00:52	QoS, or PPP over frame relay,
0:00:56	or authentication if we wanna make sure that both ends are the correct devices over the network.
0:01:02	Now, the configuration is pretty straight forward.
0:01:05	The only issue with this is that we need to make sure to do it in the correct order.
0:01:09	So, anytime in PPP that we are referencing either a virtual template interface or a geiger interface,
0:01:16	You need to make sure to create the interface
0:01:19	before you bind it to any process.
0:01:22	So, in this case, there's really only two steps. We create a virtual template,
0:01:26	apply the options on to it like our IP address.
0:01:30	and then assign it to the frame relay DLCI.
0:01:33	If we were to assign the tempalte to the DLCI.
0:01:36	Before it was actually created,
0:01:39	Sometimes you can end up in an order or operation error,
0:01:43	Would the configuration doesn'yt work even you know the statements in there are correct.
0:01:48	So both for the PPP iver Frame Relay, and for the Ethernet,
0:01:52	Make sure that you always create the logical interfaces before you bind them to the physical link.
0:01:59	So here we have a case, between,
0:02:02	routers 4 and 5.
0:02:07	that we have connections to the frame relay cloud.
0:02:14	We have a PVC 405 from 4 to 5.
0:02:18	And then 504 back from 5 to 4.
0:02:22	And i believe this interfaces are as 0/0/0.
0:02:28	So first let configure just a basic frame relay connection.
0:02:31	Make sure that we can ping across the links.
0:02:34	And then we will run PVP over Frame Relay for the connection.
0:02:41	So on router 4, lets look at what are configuration are up to this point.
0:02:46	We have just the default configuration.
0:02:50	We'll say encapsulation frame relay at the link.
0:02:56	I'll have the IP address 45.0.0.4,
0:03:03	No shutdown.
0:03:07	Then likewise on router 5.
0:03:16	Encapsulation Frame Relay, IP address
0:03:21	And Not Shutdown.
0:03:23	Now if the Circuit is properly provisioned between them
0:03:27	in the frame relay cloud.
0:03:28	There should not be anything more that we need to do beyond this.
0:03:31	Because we should learn the PVC'c from LMI.
0:03:34	We see that we're running IPv4 on the interface.
0:03:37	Which then means that we should send an inverse ARP request
0:03:41	and inverse ARP Replies between the two neighbors.
0:03:44	If we look at the result fo the Show Frame Relay Map
0:03:48	we should hopefully see in a couple of minutes here.
0:03:51	there it goes right now, that we do have a dynamic mappings between these neighbors.
0:03:56	So on router 5, if i ping 45.0.0.4,
0:04:00	we see that we have connectivity to router 4.
0:04:04	Now the reason im testing this, is to make sure that
0:04:08	we have verified there's no problems in the underlying Layer 1 or Layer 2 topology.
0:04:12	And now when we add PPP on top of this,
0:04:16	If there's some sort of connectivity issue then we're guaranteed that the problem
0:04:21	is related to PPP.
0:04:23	Not to the underlying Frame Relay Network.
0:04:27	So now I'll remove the IP addresses from the link.
0:04:33	So No IP Address on 4 and 5.
0:04:37	Because the link level is not gonna run IP, the link level is now going to run a PPP.
0:04:43	Only inside the PPP encapsulation will then, Be the IP Header.
0:04:50	So our next step is we configure the interface virtual template.
0:04:58	Where a virtual template is always a PPP encapsulated link.
0:05:03	So, before configuring any options on here, if we wereto look at the Show Interface Virtual Template 1,
0:05:12	the encapsulation for this
0:05:14	is always PPP.
0:05:17	So, it's a specific type of virtualinterface just for PPP connections.
0:05:24	On the template, the only minimumconfiguration we need is just our address.
0:05:29	So, we'll say, IP address...
0:05:31	is 45.0.0.4.
0:05:36	Then, at the link level,
0:05:40	for frame relay interface DLCI 405,
0:05:46	we are now running PPP.
0:05:49	The virtual template number is 1
0:05:52	that we're going to copyour configuration from.
0:05:58	If the configuration is working, when welook at the Show IP Interface Brief,
0:06:04	we should see that thevirtual template is down,
0:06:08	but the virtual access, which is thelogical instance of the PPP session is up.
0:06:18	In this case, we can see the virtual access is down,because I didn't configure PPP on router 5 yet.
0:06:25	So, the line protocol we're looking at here is for the virtual access, not for the virtual template.
0:06:29	The template will always be down-down.
0:06:35	On router 5, we'll do the same thing. Interface Virtual...
0:06:39	Template 1.
0:06:42	Put an IP address.
0:06:47	Then, at the frame relay interface,
0:06:53	DLCI is 405, and this is PPP virtual template number 1.
0:07:02	So now, we see both the link is up for the virtual access and the line protocol.
0:07:07	If we check on router 4, we should see the line protocol now up.
0:07:12	If we look at the routing table,
0:07:15	if we Show IP Route,
0:07:17	we should see now that we have a peer neighbor route for the remote device,
0:07:23	which in this case is router 5's address 45.0.0.5/32.
0:07:29	If we send packets to this,
0:07:32	we can see that we have connectivity.
0:07:35	Now, if we were to look at the Debug frame relay packets,
0:07:40	and send frames across the interface,
0:07:42	notice now that the frame relay process sees a different protocol type code,
0:07:50	because the actual echoes and echo replies,
0:07:54	they're encapsulated inside PPP first.
0:07:59	So, PPP has different protocol type codes depending on what the individual payload is.
0:08:06	For PPP with an IP payload, we can see it's 0X3cf.
0:08:12	Depending on what the individual upper layer protocol is,
0:08:16	PPP can then signal that to the lower layer protocols.
0:08:21	But in our case, we don't even really care what the number is. Just the point is that...
0:08:25	it's not 0 by 800, which was IP.
0:08:31	So, from an encapsulation point of view,
0:08:33	this means that we no longer need the frame relay map statement.
0:08:37	So, when we look at Show Frame Relay Map.
0:08:42	we do not have any resolutions for the IP protocol.
0:08:47	Even though this is configured on the main interface,
0:08:51	which is normally amultipoint interface.
0:08:54	the logical instance of theconnection is point-to-point.
0:08:58	Because by definition, PPP is the point-to-point protocol.
0:09:02	It can only be configured between two neighbors at a time.
0:09:11	There's a question, "What would the new packet look like?"
0:09:14	Basically, it would be...
0:09:17	Normally, you have your...
0:09:21	frame relay header.
0:09:23	Followed by the IP header.
0:09:25	And then, whatever the payload is. Let's say it's TCP,
0:09:28	and then, it's web browsing.
0:09:32	If we were to run this on PPP over frame relay,
0:09:35	we would have the frame relay header.
0:09:38	Followed by the PPP header.
0:09:41	Then, IP. Then, TCP.
0:09:44	Then, the actual payload.
0:09:48	So, the PPP encapsulation, this is having an additional 8 bytes.
0:09:54	But the frame relay transport should be able to handle that.
0:09:59	You could potentially run into issues with the...
0:10:02	the payload size
0:10:05	of the both Layer 2 encapsulation plus the PPP encapsulation at the same time.
0:10:10	We'll see that next when we look at running PPP over Ethernet.
0:10:16	But if we were to look at router 4 and router 5,
0:10:19	and look at the Show Interface Serial 0.0.0,
0:10:24	the MTU of the frame relay interface here is 1,500 bytes.
0:10:31	So, if I were to ping
0:10:33	45.0.0.5,
0:10:36	there's nothing wrong with that.
0:10:38	But if I say that the size is...
0:10:41	larger, let's say, 14.90... Or not 14.92, 1,500,
0:10:50	and let's set the Don't Fragment Bit.
0:10:58	Let's see if we go above...
0:11:03	If we go above 1,500, it's gonna be dropped.
0:11:05	So, basically, what this means...
0:11:08	is that the Layer 2 controller of frame relay
0:11:12	is allowing essentially baby giants.
0:11:16	Where a baby giant is a frame that exceeds the MTU,
0:11:20	but only via very small amount
0:11:23	where, let's see if it's actually counted this way. If we Show Interface Serial 0.0.0,
0:11:31	the number of output packets...
0:11:38	It says, "Received 0 giants." Let's see what the other side says.
0:11:43	On 5, if we Show...
0:11:46	Interface Serial 0.0.0,
0:11:56	now, 5 is not counting those as giants.
0:11:58	It depends on the different encapsulation types. Some of the links will support this. Some of them won't.
0:12:04	We'll see when we run it over Ethernet it is not gonna support that.
0:12:08	So, with PPPoE, we do need to account for the case that we are subtracting
0:12:14	the 8 bytes from the payload of Ethernet,
0:12:19	where frame relay, it's not really a problem to begin with, because frame relay does support fragmentation.
0:12:26	So, the frame relay interface could break up the large IP packet into multiple payloads.
0:12:33	So, if we were to look at like the...
0:12:36	if we do the ping
0:12:38	without the DF Bit set,
0:12:41	this is gonna work.
0:12:44	So, it doesn't really make sense that the packet payload of 2,000 bytes is allowed.
0:12:51	But we're doing fragmentation as actually being split up into multiple packets.
0:12:57	But if we set the Don't Fragment Bit,
0:13:01	then, this is definitely not gonna get through, because it exceed the MTU of the link.
0:13:12	There's a question here, "The 0 byte 3cf, is this the Ether-type field?
0:13:19	I thought the Ether-type field was only Ether-related."
0:13:24	It's technically not the Ether-type.
0:13:27	Which was again, if we scroll back up, this is what came from the...
0:13:33	the Debug Frame Relay Packet.
0:13:36	This is essentially the Layer 2 protocol-type code
0:13:40	that is going inside the frame relay header.
0:13:44	The thing is that with the frame relay Ethernet they use a similar type of Layer 2 encapsulation
0:13:49	that say what is the Upper Layer protocol.
0:13:53	So if we were to, let's seach for this, what actually is,
0:13:57	let's say PPP Ether Type Value.
0:14:04	And let's see if PPP is in here.
0:14:17	So it says PPP is 8863 and 8864.
0:14:24	That would be for Ehternet though, so let's say instead lets say, PPP
0:14:30	Layer 2 Type Code.
0:14:39	And what did we see, we saw 3CF, lets see if its listed in here.
0:14:46
0:14:58	It says link control protocol runs on top of PPP with the number 0XC021
0:15:05	Then if we probably look at IPCP.
0:15:16	Lets see if it shows the type here.
0:15:19	This is gonna say basicallly that IP is the payload.
0:15:22	So at this level we dont really care down to the pack or format of PPP.
0:15:27	It's just that it could potentially be useful if you need to know this value for something
0:15:34	that the debug frame relay packet is gonna show you.
0:15:38	Now in production the easiest way was just to search for it.
0:15:43	But the things is within the Lab Exam you get some very specific Layer 2 question.
0:15:48	Like iff you wanna filter out PPP with a Layer Access List.
0:15:53	Then you would need to use this Layer 2 Type Code,
0:15:57	to match the frame.
0:16:01	Okay we'll see this when we get to security with the switches.
0:16:06	Really the only case where it could become problematic.
0:16:10	Is or at least the common case is that when we're dealing with IPv4,
0:16:15	over Ethernet.
0:16:21	That there's a difference between the IPv4 type codee itself which is 0x800.
0:16:29	And the IPv4 ARP which is 0x806.
0:16:37	You could potentially run into a problem where if your matching on Layer 2 type codes.
0:16:45	If I were to permit in an Access List
0:16:51	But i did not permit 0x806.
0:16:53	What you would see is that the traffic would be able to go over the link.
0:16:58	Until the ARP cache timed out.
0:17:02	Then once the, once the ARP cache times out then the new request would be dropped.
0:17:08	Becaus ARP uses a different Layer 2 code, 0x806 not 0x800.
0:17:14	So we'll look at some of the details with that in the Layer 2 security.
0:17:18	But usually its not a common implementation to match on that Layer 2 protocol number
0:17:22	when your trying to do any type of filtering.
0:17:30	So we can see configuration-wise, its really not that much involvewith the PPP over frame relay.
0:17:35	Its just at the linkl level.
0:17:38	We bind the Virtual Template to the circuit.
0:17:41	And then at the Virtual Template, this is where,
0:17:47	any of the logical configuration would go,
0:17:49	so if we wanted to PPP authentication, thats gonna go on tthe Virtual Template.
0:17:53	Same with PPP multilink, if i had remote circuit I wanted to bind them together.
0:18:01	Then i coul created a multilink interface, I could say interface multilink 1,
0:18:09	And this is part of the PPP,
0:18:17	PPP multilink group number 1.
0:18:21	Then on the Virtual Interfaces.
0:18:27	I would say these are running PPP multilink
0:18:30	and were part of group 1.
0:18:32	So then it means on the interface multilink 1,
0:18:38	this is were my IP address would go.
0:18:43	And on interface virtual template 1,
0:18:49	we would not have the IP address there.
0:18:54	So the configuration for the multilink is not that much beyond what,
0:19:01	we saw here which is the virtual template.
0:19:05	The difference is that whatever link is running,
0:19:09	what ever link is running PPP, which in this case virtual interface.
0:19:14	We put this in the multilink group.
0:19:17	Then the multilink interface
0:19:20	is kind of similar to like how the port channel interface works on the switches.
0:19:25	This is where our logical config wuld go.
0:19:28	So the nanyone who's part of multilink group 1, is gonna be bound together with this IP address.
0:19:34	Then the PPP process is gonna do Layer 2 fragmentation,
0:19:38	to balance the traffic over whatever members of the multilink group are.
0:19:49	Documentation-wise this would be listed under the, lets go to 12.4 configuration.
0:19:58	This is actually the under dial.
0:20:02	So dial PPP configuration, thenmedia independent PPP.
0:20:11	And this next one.
0:20:15	Media independent PPP and Multilink PPP.
0:20:18	So if we look at one of their examples.
0:20:23	Multilink PPP using multilink group interfaces over ATM.
0:20:32	So it says we have a multilink interface.
0:20:37	Then the virtual template is in the multilink group.
0:20:42	And this particular ATM PVC is using that virtual template.
0:20:47	So basically it means that Layer 2 PVC which is 0/32.
0:20:53	Has this address assigned to it.
0:20:57	But what's interesting about the feature is that since the media independent.
0:21:02	We could multilink an Ethernet and a ATM interface together.
0:21:06	Or a Frame Relay interface and a Point to Point serail interface together.
0:21:11	Because Encapsualtion is independent on what's going on the underlying Layer 1 and Layer 2.
0:21:26	So the our next variation for this would be PPP over Ethernet.
0:21:32	Now the PPP over Ethernet documentation,
0:21:35	is a little bit hard to find, its kind a little bit obscure if you didn't know where it is.
0:21:42	So from the 12.4T configuration guide.
0:21:45	We would want to go down to,
0:21:56	UInder long reach Ethernet and DSL.
0:22:00	Its this first document broadband access aggregation and DSL configuration.
0:22:06	Because typically PPP over Ethernet is DSL related config.
0:22:11	Its then under part 2 PPP over ATM over Ehernet over any transport.
0:22:18	This second sub document providing protocol suport for broadband access or PPPoE sessions.
0:22:24	This is theservers dosumentation.
0:22:28	Then the next one PPPoE client, have we see that's the client config.
0:22:37	So the first portion woulbe to configure the server this is where,
0:22:40	the device that is going to aggregate the multiple sessions.
0:22:45	So in a real design this woul be from a DSL point of view.
0:22:52	We would have the..
0:22:56	The DSL modems.
0:23:00	That are going down to the Access Layer.
0:23:04	These are basically the PPPoE clients.
0:23:13	Between the modem and whats known as the DSL aggregation multiplexer or the DSLAM.
0:23:21	IT is basically taking ATM PVC's.
0:23:26	And then bridging them together in a higher speed interface.
0:23:31	So lets say that whatever these are, it depends on what type of DSL it is.
0:23:36	But lets say that these are 10Mbps.
0:23:39	we could then aggregate this together as OC-48 and this goes up to the agrregation router.
0:23:46	So this aggregation router this would be the PPPoE server.
0:23:53	Where the aggregation multiplexer, its basially just doing the Layer 1 multiplexing.
0:23:58	Thats taking the ATM cells in and then transportion them to the..
0:24:03	to the OC-48 interface.
0:24:06	So the PPPoE session actually goes from the end modem which is actually a bridge,
0:24:13	that goes to the aggregation router.
0:24:19	So in our case we'll havetwo different routers being both the
0:24:28	the client and the server.
0:24:31	We'll do this between router 1 and lets just say router 2,
0:24:38	I think they're already in the same segment.
0:24:41	So this should be VLAN 10 between them.
0:24:46	And router 1 and 2 there already should be on the same subnet.
0:24:51	So i wanna make sure before I make any changes related to PPP.
0:24:56	Can i get basic connectivity between the neighbors.
0:24:59	So this would eliminate any problems in the VLAN creation the trunking VTP pruning.
0:25:06	All of that stuff thats going on the switches, i wanna makes sure the Layer 2 switch
0:25:10	can at least give me basic transport.
0:25:13	Once that is done then i can put the PPP configuration on.
0:25:17	Because if there's a problem i would then know it directly related to PPP.
0:25:22	Not to any other underlying layer.
0:25:31	So lets look at router 1's LAN interface.
0:25:38	We have 10.0.0.1 if we ping 10.0.0.2,
0:25:44	We have connectivity to router 2.
0:25:53	We'll say that router 1 will be the PPPoE server, and router 2 is the PPPoE client.
0:26:02	So from the server's point of view.
0:26:04	First thing is that we find the logical interface where PPP is gonna run.
0:26:09	This is the Virtual Template just like what was in the PPP over frame relay configuration.
0:26:14	On the virtual template this is where any of our logical options would go.
0:26:19	So if we wanted to PPP authentication.
0:26:21	We wanted to multilink, thats where our IP address would go as well.
0:26:26	Next we define a broadband access group.
0:26:31	And either give it a user defined name or just use the default global group.
0:26:36	This is how we are binding the virtual template, down to the nterface level.
0:26:41	So the BBA group reference the virtual template.
0:26:45	Then at the linklevel we reference the BBA group.
0:26:52	So first thing on the server which is router 1.
0:26:55	We'll configure the interface virtual template 1.
0:27:00	The IP address will be 12.0.0.1.
0:27:07	On the actual Ethernet link there's no IP address.
0:27:11	Because now the ethernet is gonna be running just PPP.
0:27:14	Its not running IP anymore.
0:27:17	Next we have the BBA group.
0:27:22	This is for PPPoE and we'll say this is group 1.
0:27:28	So i could use the global keyword.
0:27:31	Or i could give is a user defined name, this is just if you have multiple groups.
0:27:35	And you want different groups applied to different interfaces.
0:27:42	Next I reference what is the virtual template number, in this case thits is virtual template number 1.
0:27:48	Then lastly at the linklevel we say PPPoE Enable the groups name is group 1.
0:28:04	Next we have the clients config.
0:28:07	Clients config is a little bit different syntax, it uses a dial in logic.
0:28:12	Where we need to use the dialer interface.
0:28:15	which them implies we need to either configure interesting traffic
0:28:21	To control what is actually going to initiate the PPPoE call or we could use the dialer
0:28:26	persistent feature that say's, I always want the link to be up.
0:28:32	So typically the most DSL config you would see the dialer persistent command there.
0:28:35	As opposed to the dialer group.
0:28:41	So on router 2 we configure the dialer interface we say interface dialer 1.
0:28:46	And this by default does not run PPP.
0:28:49	If we show interface dial 1.
0:28:52	This is an HDLC interface.
0:28:55	So i then need to say encapsulation PPP.
0:29:01	Next i have the logical options like the IP address.
0:29:09	I need the dialer pool number this is how im going to bind the logical interface to the physical interface.
0:29:18	Then i need to say how do i actually want to initiate the call.
0:29:22	In this case I'll say dialer persistent which means that the link is always up.
0:29:30	Than at the interface level there's no IP address there, instead we have the PPPoE client.
0:29:39	And the dial pool number is 2, so thats matching here the dialer pool.
0:29:50	We could see now we have logical instance of the connection the virtual access.
0:29:55	If we look at the routing table, and we see that we have the peer neighbor route to the other side.
0:30:02	This tells us that the Link ControlProtocol, LCP negotiation was correct.
0:30:07	And then, also the IPCP, the IPControl Protocol was correct.
0:30:13	So now, if we ping 12.0.0.1,
0:30:18	and we see, we haveconnectivity to router 1.
0:30:24	So again, our full configurationhere on the client
0:30:27	is the dialer interface,and then, the physical link.
0:30:42	Then, on the server,
0:30:46	we have the...
0:30:48	virtual template.
0:30:52	We have the BBA group.
0:30:59	And then, we havethe physical link.
0:31:01	This is where theBBA group is bound.
0:31:07	Now, there's a question here, "This configurationyou're doing between router 2 and 1,
0:31:11	if there's a few switches in betweenthe two routers with a trunk,
0:31:15	how would they find each other? Also if there wereother routers trying to do PPPoE in the network,
0:31:20	wouldn't they get confused andpeer possibly with the wrong peers."
0:31:25	So, let's look at the firstportion of the question first.
0:31:28	If there are multiple switches between router 1 and 2,how do they figure out where they are in the first place?
0:31:36	It's gonna be the same asnormal Layer 2 switching logic.
0:31:39	If I look at router 1and Show CDP Neighbors,
0:31:43	on my Fast Ethernet 0/0,
0:31:46	I'm connected to switch1's Fast Ethernet 0/1.
0:31:51	If we look at...
0:31:54	switch 1 and Show MACAddress Table Dynamic.
0:32:01	Interface Fast Ethernet 0/1,
0:32:04	we see that we havethe MAC address of router 1.
0:32:08	Then, if we were tolook at the entire VLAN,
0:32:15	we have the MACaddress of router 2.
0:32:19	So, the Ethernet frameitself is not changing.
0:32:23	It's between theEthernet and the IP payload
0:32:28	that we're insertingthe PPP header.
0:32:30	So, if we look at theactual packet format,
0:32:34	it's gonna be the Ethernet header.
0:32:37	Normally followed by the IPheader, and then the payload.
0:32:46	But in this case, it would be theEthernet header followed by the PPP header.
0:32:52	Then the IP header,and then the payload.
0:32:57	So, whatever the payloadis in this case's voice.
0:33:00	So, we're still using the Ethernet MACaddresses to switch the traffic over Layer 2,
0:33:08	but we're running PPP overEthernet, not IP over Ethernet.
0:33:20	So again, here's router2's client config.
0:33:23	We have the dialer interface,this is where our logical options go.
0:33:27	Then, at the physical link,
0:33:30	we're referencing the dial poolnumber, which is this number 2 here.
0:33:37	Most of the examples use thesame number for the dialer interface.
0:33:40	The pool, the dialer group,and then dialer pool number.
0:33:44	So, it gets a little bit confusing whichones actually relate to each other.
0:33:48	But the dialer interface itself doesn't matter.Okay, it is the pool that is on the interface
0:33:53	that we're using tobind to the physical link.
0:33:58	Now, what will be a problem here
0:34:01	when we look at the Debug PPP...
0:34:04	Negotiation,
0:34:06	and we...
0:34:09	Let's say, we shutdown the...
0:34:13	Ethernet interface.
0:34:23	And we bring this back up.
0:34:31	We should see router 2...
0:34:35	trying to initiate the call over to...
0:34:37	router 1.
0:34:45	Now, in this case, I believe that theswitches are not configured for port fast.
0:34:50	So, we're gonna have to wait until the SpanningTree converges about 30 seconds here.
0:34:57	If we Show Debug,
0:34:59	okay, we're debugging PPP.
0:35:03	If we Show IP Interface Brief,
0:35:09	the dialer is up.
0:35:14	So, that link not get shutdown?
0:35:16	Now, it did. Let me shutdownthe dialer. That'll reset the session.
0:35:53	So, we see that thenegotiation was fine.
0:35:56	They go all the way through IP CP,they install each other's routes.
0:36:00	Then, the virtual access comes up.
0:36:02	Now, while we're doing theLink Control Protocol Negotiation.
0:36:07	If we look at what theclient is saying to the server,
0:36:13	router 2, who is the clienthere is saying that...
0:36:20	Actually, the other way around.The server is saying that...
0:36:23	"My maximum receivable unit,
0:36:27	which is basically,the inbound MTU is 1492."
0:36:34	Router 2 is replying with an outbound not anacknowledgement'. So it's a negative acknowledgement.
0:36:41	Saying that, "You should not use 1500."
0:36:44	Or that you should...
0:36:56	Hmmm.. Let's see. So he's requesting 1492...
0:37:02	Okay, router 2 us saying, "No. You can'tuse 1492. You should use 1500.
0:37:06	So, the service says, "Can we use 1500?"
0:37:08	Client says, "1500 is fine."
0:37:10	Okay, the issue is that when we look at theclient, and say Show Interface Dialer 1,
0:37:17	the dialer's MTU is 1500 bytes.
0:37:22	If we look at the server, and say,Show Interface Virtual Template 1,
0:37:31	the virtual template's MTU is 1500.
0:37:35	And if we look at the virtual access,
0:37:39	it says "The virtual access is also 1500."
0:37:41	But when we look at the Ethernetheader followed by the PPP payload,
0:37:48	this really actually should be 1492, not 1500.
0:37:54	Because the Ethernet header is taking up anadditional 1500 bytes of the Ethernet's payload.
0:38:00	This would then mean, if willtry to send frames to router 1
0:38:06	that are bigger than 1492,
0:38:14	so, at 1492, that should be fine.
0:38:16	Once I go to 1493, these are gonna get dropped.
0:38:21	Because Ethernet does notsupport fragmentation,
0:38:24	and the switches have not beenconfigured to accept the baby giants.
0:38:28	Which is the frames again thatare just a little bit over the MTU.
0:38:32	So, what I should do here isthat on the dialer interface,
0:38:37	this should be configured tofragment IP above 1492.
0:38:46	So, this command the IP MTU, this isdifferent in the physical interface MTU.
0:38:51	Because on Ethernet, Fast Ethernet, it doesn't supportus changing the MTU in most implementations.
0:38:59	Okay, if I say MTU 1492 here,
0:39:02	you could see this platform, it says "You can'tset Fast Ethernet MTU. It doesn't support it."
0:39:08	Now, gigabit Ethernet, that's fine. You canchange the MTU to whatever you want.
0:39:11	But Ethernet is supposed to be 1500.
0:39:14	Regular Fast Ethernet issupposed to be 1500.
0:39:17	So, what I'm doing instead is telling therouter that "If you receive an IP packet
0:39:23	who's entire length is over 1492,
0:39:27	then, you need to break itup into multiple frames."
0:39:31	So now, I could say that "If I ping...
0:39:36	router 1 with 1493, this is gonna through,because now, fragmentation occurs."
0:39:43	But previously...
0:39:48	If I say, No IP MTU 1492,
0:39:53	we should 1493 is gonna fail.
0:39:58	Because at this point, theIP MTU is 1500 bytes.
0:40:02	The router doesn't start fragmentationuntil it goes above 1500.
0:40:06	But we really need to tell it to startfragmentation at above 1492.
0:40:10	Because we have to subtract theextra 8 bytes for the PPP.
0:40:16	This is also typically where you would wantto say that IP TCP MSS Adjust command.
0:40:24	Where is it? IP...
0:40:30	IP TCP Adjust MSS.
0:40:34	So, we would say 1452 here.
0:40:38	Because 1452 plus 20bytes for the TCP header,
0:40:41	plus 20 bytes for the IP header.
0:40:44	Gets us to our IP MTU which is 1492.
0:40:49	So, this would basically fix end hosts that are not properly implementing path MTU discovery.

Now Viewing

CCIE Routing & Switching Advanced Technologies Class
Title:	CCIE Routing & Switching Advanced Technologies Class
Duration:	81h 59m
The CCIE Routing & Switching Advanced Technologies Class is the first step in understanding CCIE level technologies and is a companion to the Advanced Technologies Lab Workbook. Each technology you need to know for the CCIE Routing & Switching lab will be described in detail using an instructor led hands on demonstration. The class consists of over 80 hours of in depth explanations and examples.
Get instant access to our entire library!
$159/month	Add to Cart
Download this Course
$299.00	Add to Cart

PPPoFR, PPPoE

Create Bookmark