Lab # 2 Part 1-
Experiments for the 3rd Week
Read Ch 2.1.7 for this set of experiments.
Objectives
· Configuring the bridge/router
· Simple bridge experiment
1.1 Configuration Procedures for Bridge/Router
In this section we describe general bridge/router configuration procedures.
1.1.1 Initial Configuration of Bridge/Router
Below, as an example, we show the initial configuration of the router 1. For more information on Cisco routers you can go to the online manuals on Cisco’s website: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_r/index.htm. All three routers are running s/w version 12.
Initial configuration of router1
Initial Router configuration for the Cisco 2500 Series
When you start the router for the first time you need to configure it. The following is the configuration procedure for the 2500 router. This is what you see when you turn it on:
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by Cisco Systems
2500 processor with 6144 Kbytes of main memory
F3: 7797768+96332+313248 at 0x3000060
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-J-L), Version 11.2(10a), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by Cisco Systems, Inc.
Compiled Tue 02-Dec-97 16:26 by ckralik
Image text-base: 0x0303EB6C, data-base: 0x00001000
Cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05523156, with hardware revision 00000000
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
TN3270 Emulation software.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Notice: NVRAM invalid, possibly due to write erase.
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes]: y
Would you like to enter basic management set up [yes/no]: n
(NOTE: If you type yes here, you will be able to configure each interface individually by choosing which interface you want to change (“Enter interface name used to connect to the management network from the above interface summary”. Note that the table appearing below will have been shown and you choose one of the interfaces, e.g., Ethernet0). The dialog is fairly similar to what you will see below, except not all questions are asked and the order of the question is slightly different.)
First, would you like to see the current interface summary? [yes]: y
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned NO unset up up
Ethernet1 unassigned NO unset up down
Serial0 unassigned NO unset down down
Serial1 unassigned NO unset down down
Configuring global parameters:
Enter host name [Router]: router1
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret: ics
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password: ics
(NOTE: since we are using the same password the system will prompt you twice for this password and warn you that you should not use the same password. Ignore and retype the same password “ics”)
Enter virtual terminal password: ics
Configure SNMP Network Management? [yes]: n
Configure IP? [yes]:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:
Configure bridging? [no]:
Do you want to configure Ethernet0 [yes]:
Configure IP on this interface? [yes]:
IP address for this interface[130.91.61.3]: 130.91.61.1
Subnet mask for this interface [255.255.0.0]:255.255.255.0
Class B network 130.91.0.0, 24 subnet bits, mask is /24
Do you want to configure Ethernet1 [no]: yes
Configure IP on this interface? [no]: yes
IP address for this interface: 130.91.62.2
Subnet mask for this interface [255.255.0.0]:255.255.255.0
Class B network 130.91.0.0, 24 subnet bits, mask is /24
Do you want to configure Serial0 [no]:
Do you want to configure Serial1 [no]:
The following configuration command script was created:
hostname router1
enable secret 5 $1$REqy$.vlByLc7Xi3ulx6bp.8dJ.
enable password ics
line vty 0 4
password ics
no snmp-server
ip routing
no bridge 1
!
interface Ethernet0
ip address 130.91.61.1 255.255.255.0
no mop enabled
!
interface Ethernet1
ip address 130.91.62.2 255.255.255.0
no mop enabled
!
interface Serial0
shutdown
no ip address
!
interface Serial1
shutdown
no ip address
!
end
[0] Go to IOS command prompt without saving this configuration
[1] Return back to set up without saving this configuration
[2] Save this configuration to NVRAM and exit
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started!
%LINK-3-UPDOWN: Interface Ethernet0, changed state to up
%LINK-3-UPDOWN: Interface Ethernet1, changed state to up
%LINK-3-UPDOWN: Interface Serial0, changed state to down
%LINK-3-UPDOWN: Interface Serial1, changed state to down
Unless you save the configuration changes to NVRAM (Nonvolatile RAM) permanently, the router will always reboot with the last saved configuration. Below we make changes to the router configuration and save it to NVRAM. The router will operate using the new configuration until changed.
Note that if the routers have been logged onto, then you will no longer see the initial configuration dialog come up. You will have to get into the privileged_level mode by typing enable at the router prompt (see section below for more details on enable command). It will then ask you for the password (“ics”) and then you have to type: setup. That will get you in the configuration mode and you follow the dialog as outlined above. Please note that is you answer “no” to any of the interface configuration questions it will delete whatever entries it had for that interface prior to the setup command. If you only want to change the parameters for one of the interfaces, best option is to use the basic management set-up.
Typing write at the privileged prompt will save whatever current configuration you have. Please use write often so as not to lose your settings. Also note that typing |”?” at any point with a command will give you all the options for that command, e.g., write ?, or bridge ?.
1.1.2 Bridge/Router Configuration Procedure
Move to the router consoles. The system shows the user-level prompt, which is the router name ending with an angle bracket “ >” as follows:
router_name>
There is also a privileged-level prompt available to the system administrator. You can enter the privileged-level by typing enable :
router_name>
enable
password: ics
After entering the enable password (see configuration notes above for the enable "secret" password), you will see the privileged-level prompt, which consists of the router name followed by the “#”, as follows:
router_name#
You may type write terminal to display the current configuration. To configure a router, enter configure at the privileged-level prompt.
router_name# configure
When you enter configure, the router prompts you for the source of the configuration commands. Since the default is the terminal, which is our option, just press the return key. The router will then display an explanation of the editing functions. You can now enter any changes you want to the configuration.
Router1, router2 and router3 display the following prompts, router1(config)#, router2(config)# and router3(config)#, respectively. Now you can type any configuration command, line by line.
In configuration mode, you can do various system-related tasks, for example, assigning IP addresses to the interfaces, specifying which protocols to support, etc. Since it is impossible to describe all the configuration commands here, we will state configuration commands whenever they are needed.
To end the configuration mode, type Ctrl-z. Then hit CR at the next question. You will get the privileged-level prompt. Please use the write command to save your settings. You can examine your configuration by typing write terminal. Enter the disable command to return to the user-level prompt. For more information on the configuration commands, refer to the router manuals online at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_r/index.htm
1.2 Simple Bridge Experiment
For this experiment we will only be using two PCs and one router acting as a bridge. They are connected as shown in figure 2.1 and table 2.1. Note that the subnet mask for this experiment is: 255.255.192.0. Please note that you need to use either a hub to connect the PCs to the bridge/router or a cross connect cable. You cannot just use a regular 10baseT cable (straight thru).
|
|
|
|
HOST_A (any one of the 4 PCs) |
HOST_B (any one of the 4 PCs) |
|
|
eth0 |
eth1 |
IP Address |
IP Address |
|
routerx |
135.88.129.1 |
135.88.129.2 |
135.88.129.101 |
135.88.129.102 |
Table 2.1: IP addresses for Figure 2.1
Figure 2.1: Using a transparent bridge
Figure 2.1 shows the simple case of a bridge configuration, which consists of two network segments connected by a bridge. (A bridge can also be used to connect two networks with different subnet IDs. If you want to connect 135.88.128.0 net and 135.88.64.0 net using a bridge, as an example, every PC in both subnets should have a route to the other subnet. A host in 135.88.128.0 net should have a routing entry that specifies the destination address of 135.88.64.0 using its own IP address as a gateway to the 135.88.64.0 net. The bridge/router’s interface address should not be used as a gateway to another subnet, since the bridge does not understand IP routing.).
With the simple topology of figure 2.1, we can easily capture initial Bridge Protocol Data Units (BPDUs) before each bridge is engaged in the spanning tree calculation.
To set the IP address of an interface in the bridge/router, go to the console of the router/bridge and enter the privileged-level by typing enable. Type configure to begin configuration mode. In the configuration mode, to specify an interface and start interface configuration, enter interface interface_type interface_number. For example, type interface ethernet 0 to configure the ethernet0 interface. Note that the prompt has changed to: router1(config-if)#, router2(config-if)# or router3(config-if)#, respectively. From the interface configuration mode, use the “ip address address net_mask” command to set the IP address of that interface (ethernet 0).
To configure the transparent bridge, the following steps are needed in the configuration mode. (Note: as mentioned above typing “?” at any prompt will give you a list of all possible commands that you can input at that level!)
· To bridge (as opposed to route) IP datagrams, disable IP routing: no ip routing
· Define the spanning-tree protocol: bridge group protocol protocol
· To choose an interface type: interface ethernet 0 or interface Ethernet 1
· Assign the network interfaces to a spanning-tree group: bridge-group group
· To bring an interface up (if in shutdown mode) type: no shutdown
- the argument group is a number between one and nine that you choose to refer to a particular set of bridged interfaces. Frames are bridged only among interfaces in the same group.
- protocol specifies the protocol to use. It can be either ieee for the ieee spanning-tree protocol, or dec for DEC spanning-tree protocol.
· Set the spanning-tree parameters, if necessary:
- Select the route bridge using priority;
- Adjust the interval between HELLO Bridge Protocol Data Units (BPDUs);
- Define the forward delay interval;
- Define the maximum idle interval;
- Assign path costs;
- Set an interface priority
To set the above parameters, you must configure the bridge. The following is an example of a basic bridge configuration (IP addressing and transparent bridging, i.e., no routing) on router1. Type the following (in this order) at the router_name(config)# prompt on the screen:
no ip routing
bridge 1 protocol ieee
interface ethernet 0
ip address 135.88.129.1 255.255.192.0
bridge-group 1
no shutdown
interface ethernet 1
ip address 135.88.129.2 255.255.192.0
bridge-group 1
no shutdown
Exit configuration mode using "Ctrl-z". Save your configuration using write and check your configuration using write terminal. For more information, refer to the bridge manual at Cisco’s online web site. After configuring transparent bridging as in figure 2.1 and table 2.1, do the following experiments.
Exercise 1
Configure the IP addresses of your PCs and the routers as shown in figure 2.1 and table 2.1. You can use tethereal –V on both machines for immediate detailed output. Use tethereal –V > /tmp/ex1.txt on your machine and tethereal –V > /tmp/ex1.txt on a machine on the other network segment concurrently to save your tethereal output to a file for further analysis. To see the output on the screen run tethereal –V in another window.
From one machine send ping messages to the other machine using the command, ping other_machine. After receiving the tenth echo reply, quit the ping process.
Questions #1: Answer the following questions:
· What is the subnet address of the network in figure 2.1?
· What will happen when the IP address of one of the PCs is changed to: 135.88.130.101 and we try to ping to it from the other_machine?
· When a packet is sent to a PC in the other segment, do the source and destination Ethernet addresses; change? Why?
· What are the IP and link-layer addresses of a packet that goes from your_machine to the bridge?
· What are the IP and link-layer addresses of a packet from the bridge to the other_machine?
· Answer the same questions, but for the echo reply that is returned from the other_machine.
Lab # 2 Part 2 - Experiments for the 4th Week
Read Ch 2.1.7 for this set of experiments.
Objectives
· Spanning Tree Algorithm
1.3 Spanning Tree Algorithm
In this section, we will use figure 2.2 as our network topology. Refer to section 1.2 on how to configure a bridge. You may want to create a table with the physical addresses of all the devices to facilitate your work in this section. The subnet mask is 255.255.255.0. For the bridges use IP addresses: 135.88.75.104 – 111 (i.e. host numbers 104, 105, 106 ….111 keeping the subnet ID at 135.88.75).
135.88.75.1000 135.88.75.101 Fig. 2.2 Bridge Experiment 135.88.75.102 135.88.75.103
Upon being initiated, a transparent bridge learns the network topology by analyzing the source address of incoming frames from all attached networks. The next exercise shows the process by which a transparent bridge builds a transparent bridging table.
(One recommendation: note down the ethernet MAC addresses for each interface as you will be using them a lot for the next exercises and labe reports.
Exercise 1
Run tethereal –V on the 4 PCs. The packets marked IEEE 802.3 are the BPDU messages generated by the bridges. Tethereal parses the BPDUs. Examine the packets and observe who is sending them (note some are loopback packets). Remember, if you want to save your tethereal output, use the”> filename” command.
Below is the BPDU table identifying the different fields. Using tcpdump –i eth0 -p –ex one can see all the fields too but you have to translate the hex output.
Exercise 2
After configuring the network in figure 2.2, move to the router console. Go to the privileged-prompt mode. Type show bridge to see the entries in the bridge forwarding database.
When you ping or telnet to the host that is not in the table, observe how the forwarding database is expanded.
You may need to clear bridge group command to remove any learned entries from the table.
Transparent bridges exchange the configuration information in the form of Bridge Protocol Data Units (BPDUs). When the bridge is powered up and whenever a topology change is detected, the spanning-tree calculation occurs, based upon exchanged BPDU information. The BPDU format is shown below:
|
bytes |
field |
|
2 |
protocol identifier |
|
1 |
version |
|
1 |
message type |
|
1 |
flags |
|
8 |
root ID |
|
4 |
root path cost |
|
8 |
bridge ID |
|
2 |
port ID |
|
2 |
message age |
|
2 |
maximum age |
|
2 |
hello time |
|
2 |
forward delay |
protocol identifier 0
version 0
message type 0
flags The least significant bit (Topology Change bit) is set to signal a topology change. The most significant bit is to acknowledge receipt of a BPDU with the TC bit set. The remaining six bits are not used.
root ID identifies the root bridge by listing its 2-byte priority followed by its 6-byte ID (ethernet address). We can set the value of the 2-byte priority in the configuration mode. Thus the bridge can be selected as the root bridge. The default priority is 128.
root path cost The cost of the path from the bridge sending the configuration message to the root bridge. This cost is related to the cost of each interface. The default cost for ethernet interface is 100, which we can change. Usually the cost of interface is inversely proportional to the speed of the attached network.
bridge ID identifies the priority and IC of the bridge sending the message.
port ID The first byte is the priority value of an interface, which is configurable. The default value of this port priority is 0. The second byte is assigned by the bridge to the port from which the BPDU was sent. This field is used to detect the situation when a bridge has two ports attached on a loop.
message age (in 1/256ths of a second) indicates when the spanning tree topology is recalculated if a bridge does not hear BPDUs from the root bridge. The default value is 15 seconds.
hello time (in 1/256ths of a second) provides the time period between BPDUs from the root bridge. The default value is 1 second.
forward delay (in 1/256ths of a second) provides the amount of time that bridges should wait before transiting a port from blocking to forwarding. If a bridge transitions too soon, not all network links may be ready to change their state, and loops can result. The default value is 30 seconds.
Exercise 3
Using tethereal –V or tcpdump –i eth0 –p -ex, capture the BPDU packet
flowing on your network segment and the other network segments. Login to each
bridge (or use the console) and collect the outputs of the show interface command, show bridge command, and show spanning-tree command.
Questions #1 :
Based upon what you saved from Exercise 1, 2 and 3:
- Draw the spanning tree as seen by the bridges. Include all relevant output data to justify your solution, give a network diagram identifying all the MAC addresses and how they fit into the spanning tree.
- Identify the root ports, designated ports, and blocking ports.
- Identify who is sending the BPDUs related to the spanning tree protocol (i.e., the non loopback packets) on each segment.
Exercise 4
Disconnect the cable connecting B1 to Eth1.
Questions #2:
· Repeat Questions #1 for the new configuration.
Exercise 5 Connect the cable that you disconnected above. Clear all arp tables in the PCs and bridges (use clear arp command at the priviledged prompt). Clear the bridge tables using the clear bridge command on the bridges. Change the priority on one of the bridges that was not the root bridge before, forcing it to be the root bridge now. Use the following command on the newly designated root bridge: bridge 1 priority 64. Run tethereal –V or tcpdump –i eth0 –p –ex on a PC on each segment and capture your output to a file for further analysis. Ping from PC1 to PC4.
Questions # 3:
·
Show the
spanning tree. Is it different from the one you traced in Questions #1 above?
· Trace the flow of packets resulting from the ping command starting from the ARP request and terminating with the ICMP echo reply. Pick and print the relevant data from your tethereal or tcpdump output file, the ARP tables and bridge tables to justify the flow of packets as you observed it.
Example of a tcpdump for a BPDU
BPDU
----------------------
Source Multicast
13:31:57.405568 0:e0:b0:63:e4:e6 1:80:c2:0:0:0 0026 60: 802.1d ui/C len=43
0000 0000 0080 0000 000c 39d0 6400 0000
6480 0000 e0b0 63e4 e680 0201 0014 0002
000f 0000 0000 0000 0000 00
13:31:59.405568 0:e0:b0:63:e4:e6 1:80:c2:0:0:0 0026 60: 802.1d ui/C len=43
0000 0000 0080 0000 000c 39d0 6400 0000
6480 0000 e0b0 63e4 e680 0201 0014 0002
000f 0000 0000 0000 0000 00
13:31:59.915568 0:e0:b0:63:e4:e6 0:e0:b0:63:e4:e6 loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000