JohnF
24-11-15, 22:05
Καλησπέρα ,
προσπαθώ να κάνω μια προσωμοίωση σε GNS3. H τοπολογία είναι η εξής και το config είναι πολύ απλό και είναι το εξής:
164057
ALS1:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ALS1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel3
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
switchport access vlan 100
!
interface FastEthernet1/7
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/8
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 172.16.1.101 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
ALS2 :
Building configuration...
Current configuration : 1920 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ALS2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel3
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/10
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/11
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 172.16.1.102 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
mac-address-table static c203.0c0c.0000 interface FastEthernet1/9 vlan 1
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
DSW1 :
Building configuration...
Current configuration : 2009 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DSW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/8
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/9
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/10
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
!
interface Vlan100
ip address 172.16.100.1 255.255.255.0
!
interface Vlan200
ip address 172.16.200.1 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
mac-address-table static c201.10bc.0000 interface FastEthernet1/8 vlan 1
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
To θέμα είναι πως δεν μπορώ να κάνω ping μεταξύ των management vlan interfaces (VLAN1 - 172.16.1.0/24) κάποιες φορες. Πχ δουλεύει το ping μεταξύ ALS1 και DSW1 αλλά όχι μεταξύ ALS1-ALS2 και ALS2-DSW1 ή το αντίθετο. Δουλεύει μεταξύ ALS2-DSW1 αλλά όχι ALS1-ALS2 και DSW1-ALS2. Aυτή την στιγμή συμβαίνει το 2ο.
Tα trunk links είναι οκ , το vtp , cdp και το spanning tree δουλεύουν όπως αναμένεται.
Ping from ALS2 --> DLS1 :
ALS2#ping 172.16.1.1 source vlan 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.102
*Mar 1 03:25:33.839: IP: tableid=0, s=172.16.1.102 (local), d=172.16.1.1 (Vlan1), routed via RIB
*Mar 1 03:25:33.843: IP: s=172.16.1.102 (local), d=172.16.1.1 (Vlan1), len 100, sending
*Mar 1 03:25:33.843: IP ARP: creating incomplete entry for IP address: 172.16.1.1 interface Vlan1
*Mar 1 03:25:33.843: IP ARP: sent req src 172.16.1.102 c203.0c0c.0000,
dst 172.16.1.1 0000.0000.0000 Vlan1
*Mar 1 03:25:33.847: IP: s=172.16.1.102 (local), d=172.16.1.1 (Vlan1), len 100, encapsulation failed.
ALS2#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.1.102 - c203.0c0c.0000 ARPA Vlan1
Φαίνεται πως στέλνει ARP request αλλά δεν πέρνει απάντηση. Το περίεργο είναι πως το DSW1 φαίνεται να στέλνει ARP Reply!!
DSW1#
*Mar 1 03:25:33.863: IP ARP: rcvd req src 172.16.1.102 c203.0c0c.0000, dst 172.16.1.1 Vlan1
*Mar 1 03:25:33.863: IP ARP: sent rep src 172.16.1.1 c201.10bc.0000,
dst 172.16.1.102 c203.0c0c.0000 Vlan1
Eπίσης όταν συμβαίνει αυτό το sh adjacency vlan 1 δεν γυρνάει τπτ στο ΑLS ενώ στο DSW έχει κανονικά entries. Στα trunk links είναι allowed όλα τα vlans δεν έχω pruning.
Δοκίμασα να κάνω disable το CEF , τα ίδια. Απενεργοποίησα/Ενεργοποίησα IP routing στα ΑLS τα ίδια. Έσβησα τα etherchannels same . Eπίσης έσβησα το mac-address-table static entry που φαίνεται στο config ( το οποίο δεν ξέρω πως εμφανίστηκε αφού δεν είχα βάλει κανένα static entry).
Κάτι περίεργο παίζει με το CEF ή bug του IOS/GNS ?
Kαμιά ιδέα ? Έχω καιρό να ασχοληθώ με cisco και μου φαίνεται ενδιαφέρον :hmm:.
προσπαθώ να κάνω μια προσωμοίωση σε GNS3. H τοπολογία είναι η εξής και το config είναι πολύ απλό και είναι το εξής:
164057
ALS1:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ALS1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel3
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
switchport access vlan 100
!
interface FastEthernet1/7
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/8
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 172.16.1.101 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
ALS2 :
Building configuration...
Current configuration : 1920 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ALS2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel3
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/10
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/11
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 3 mode on
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 172.16.1.102 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
mac-address-table static c203.0c0c.0000 interface FastEthernet1/9 vlan 1
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
DSW1 :
Building configuration...
Current configuration : 2009 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DSW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Port-channel1
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/8
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/9
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/10
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
!
interface Vlan100
ip address 172.16.100.1 255.255.255.0
!
interface Vlan200
ip address 172.16.200.1 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
mac-address-table static c201.10bc.0000 interface FastEthernet1/8 vlan 1
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
To θέμα είναι πως δεν μπορώ να κάνω ping μεταξύ των management vlan interfaces (VLAN1 - 172.16.1.0/24) κάποιες φορες. Πχ δουλεύει το ping μεταξύ ALS1 και DSW1 αλλά όχι μεταξύ ALS1-ALS2 και ALS2-DSW1 ή το αντίθετο. Δουλεύει μεταξύ ALS2-DSW1 αλλά όχι ALS1-ALS2 και DSW1-ALS2. Aυτή την στιγμή συμβαίνει το 2ο.
Tα trunk links είναι οκ , το vtp , cdp και το spanning tree δουλεύουν όπως αναμένεται.
Ping from ALS2 --> DLS1 :
ALS2#ping 172.16.1.1 source vlan 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.102
*Mar 1 03:25:33.839: IP: tableid=0, s=172.16.1.102 (local), d=172.16.1.1 (Vlan1), routed via RIB
*Mar 1 03:25:33.843: IP: s=172.16.1.102 (local), d=172.16.1.1 (Vlan1), len 100, sending
*Mar 1 03:25:33.843: IP ARP: creating incomplete entry for IP address: 172.16.1.1 interface Vlan1
*Mar 1 03:25:33.843: IP ARP: sent req src 172.16.1.102 c203.0c0c.0000,
dst 172.16.1.1 0000.0000.0000 Vlan1
*Mar 1 03:25:33.847: IP: s=172.16.1.102 (local), d=172.16.1.1 (Vlan1), len 100, encapsulation failed.
ALS2#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.1.102 - c203.0c0c.0000 ARPA Vlan1
Φαίνεται πως στέλνει ARP request αλλά δεν πέρνει απάντηση. Το περίεργο είναι πως το DSW1 φαίνεται να στέλνει ARP Reply!!
DSW1#
*Mar 1 03:25:33.863: IP ARP: rcvd req src 172.16.1.102 c203.0c0c.0000, dst 172.16.1.1 Vlan1
*Mar 1 03:25:33.863: IP ARP: sent rep src 172.16.1.1 c201.10bc.0000,
dst 172.16.1.102 c203.0c0c.0000 Vlan1
Eπίσης όταν συμβαίνει αυτό το sh adjacency vlan 1 δεν γυρνάει τπτ στο ΑLS ενώ στο DSW έχει κανονικά entries. Στα trunk links είναι allowed όλα τα vlans δεν έχω pruning.
Δοκίμασα να κάνω disable το CEF , τα ίδια. Απενεργοποίησα/Ενεργοποίησα IP routing στα ΑLS τα ίδια. Έσβησα τα etherchannels same . Eπίσης έσβησα το mac-address-table static entry που φαίνεται στο config ( το οποίο δεν ξέρω πως εμφανίστηκε αφού δεν είχα βάλει κανένα static entry).
Κάτι περίεργο παίζει με το CEF ή bug του IOS/GNS ?
Kαμιά ιδέα ? Έχω καιρό να ασχοληθώ με cisco και μου φαίνεται ενδιαφέρον :hmm:.