Pages

Sunday, February 27, 2011

EIGRP Neighbor

EIGRP sends hello packets every 5 seconds on high bandwidth links and every 60 seconds on low bandwidth multipoint links.


Common reasons of eigrp neighbor adjacency are as followings.

  • Unidirectional link
  • Uncommon subnet, primary, and secondary address mismatch
  • Mismatched masks
  • K value mismatches
  • Mismatched AS numbers
  • Stuck in active
  • Layer 2 problem
  • Access list denying multicast packets
  • Manual change (summary router, metric change, route filter)


***For this post, we will talk about K-value mismatch****


Example

R1#show ip protocols
Routing Protocol is "eigrp 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
  EIGRP maximum hopcount 100
  EIGRP maximum metric variance 1
  Redistributing: eigrp 1
  EIGRP NSF-aware route hold timer is 240s
  Automatic network summarization is in effect
  Automatic address summarization:
    192.168.2.0/24 for FastEthernet0/0, Loopback0
    192.168.1.0/24 for FastEthernet0/1, Loopback0
    1.0.0.0/8 for FastEthernet0/0, FastEthernet0/1
      Summarizing with metric 128256
  Maximum path: 4
  Routing for Networks:
    1.0.0.0
    192.168.1.0
    192.168.2.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    Gateway         Distance      Last Update
    (this router)         90      00:11:26
    192.168.2.2           90      00:07:45
    192.168.1.2           90      00:07:45
  Distance: internal 90 external 170


Change Metric to mismatch condition

router eigrp 1
 network 1.0.0.0
 network 192.168.1.0
 metric weights 0 1 1 1 0 0

Logging  (Neighbor relationship down)

3w2d: EIGRP: Received HELLO on Ethernet0 nbr 192.168.1.2
3w2d:   AS 100, Flags 0x0, Seq 0/0 idbQ 0/0
3w2d:        K-value mismatch
3w2d: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 192.168.1.2 (Ethernet0) is down:
 K-value mismatch

In sum, the K-value of these eigrp processes need to be matched.

Reference


Posted by BBru at 11:40 PM 0 comments
Labels:

Thursday, February 24, 2011

Private VLAN (Layer 2)

The concept of private VLAN is to divide 1 broadcast domain into subdomains so called Private VLAN (PVLAN). To be able to route between PVLAN, it is the same concept as routing between different VLANs.  Hosts in each Private VLAN are in the same IP subnet but they cannot communicate with layer 2 among themselves. Instead. they need to pass traffic through the router (layer 3 devices) first.

We have 3 kinds of ports of the PVLAN
  • Promiscuous port - allow communication between different PVLAN
  • Isolated port   - do not allow to communicate between host inside PVLAN except Promiscuous port
  • Community port  - allow communication between host inside PVLAN but not to hosts in other PVLANs.
Configuration Example




Configure VLAN 100 as a primary, VLAN 101 as an isolated VLAN, and VLAN 102 as a community VLAN.


**Note** 
Private VLANs can only be configured when VTP is in transparent mode.
vtp mode transparent

vlan 100
 private-vlan primary

vlan 101
 private-vlan isolated

vlan 102
 private-vlan community

Associate each private VLAN to primary VLAN

vlan 100
 private-vlan association 101-102

Assign Private VLAN to ports

//Assign f0/2 as a host port in sub VLAN 101 (Isolated)
interface f0/2
switchport mode private-vlan host
switchport private-vlan host-association 100 101

//Assign f0/3 as a host port in sub VLAN 102 (Community)
interface f0/3
 switchport mode private-vlan host
 switchport private-vlan host-association 100 102

//Assign f0/1 (Uplink port to the router) as a promiscuous
interface f0/1
 switchport mode private-vlan promiscuous
 switchport private-vlan mapping 100 101-102



Verify Configuration


Switch#sh vlan private-vlan

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
100     101       isolated              Fa0/1, Fa0/2
100     102       community         Fa0/1, Fa0/3




Switch#sh int status

Port      Name               Status       Vlan          Duplex  Speed Type
Fa0/1                        notconnect   100             auto   auto 10/100BaseTX
Fa0/2                        notconnect   100,101      auto   auto 10/100BaseTX
Fa0/3                        notconnect   100,102      auto   auto 10/100BaseTX
Fa0/4                        notconnect   1                 auto   auto 10/100BaseTX
Fa0/5                        notconnect   1                 auto   auto 10/100BaseTX



Reference 
Posted by BBru at 9:52 AM 0 comments
Labels:

Tuesday, February 15, 2011

802.1x

We can use 802.1x to perform user authentication to the access layer switch. The authentication requires users to provide the username and password. The client communicates with the switch ( Authenticator ) by EAP over LAN. Switch will send the Radius message with EAP Attribute to the Authentication Server ( Radius Server). If the authentication process is successful. The switch will give client an access to the network. Otherwise, it will put client to the restricted access VLAN or even deny all access to the network

Configuration Example

Enable AAA

aaa new-model
aaa authentication dot1x default group radius

dot1x system-auth-control


!
!

radius-server host 1.1.1.1 auth-port 1645 acct-port 1646 key test

Enable port 802.1x authentication 
interface FastEthernet0/1
 duplex auto
 speed auto
 dot1x port-control auto




**Note**
There are 3 options in dot1x port control 

SW(config-if)#dot1x port-control ?
  auto                PortState will be set to AUTO
  force-authorized    PortState set to Authorized
  force-unauthorized  PortState will be set to UnAuthorized

We can change the attribute of authentication process in the interface subcommand. Use '?' for help tuning configuration






Posted by BBru at 10:55 PM 0 comments
Labels:

Monday, February 14, 2011

EIGRP Stub feature

EIGRP Stub routing is one of the feature of EIGRP routing protocol to improve the stability and reduce resource utilization. EIGRP stub routing is often used in the hub and spoke topology where the eigrp stub is enabled on the spoke routers. Also, EIGRP stub can limit the query when the upstream routers go to Active state searching for the route.

When configuring EIGRP stub, the default value of cisco IOS is "eigrp stub connected summary" which means the stub router will advertise only connected and summary routes to the upstream routers. However, we can change this setting by adding the following option to the eigrp stub.

eigrp stub[receive-only | connected | static |summary]

Example
In this example, we will have 2 scenarios. 

Scenario 1
R1 is configured as a stub router and use the default value which is connected and summary. All of the routers in this scenario are in the EIGRP domain. 


Before EIGRP stub enabled on R1, we can see the routing table of R3 that it has route to network 10.1.1.0/24. However, when we configure stub on R1, because 10.1.1.0/24 network is not connected or summary on R1, it will not be advertised to R3. Therefore, after enabling stub command, we do not see 10.1.1.0/24 network on R3

Before enabling eigrp stub on R1
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       1.1.1.0/24 is directly connected, Loopback0
D       1.0.0.0/8 is a summary, 00:14:46, Null0
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       2.2.2.0/24 is directly connected, Loopback1
D       2.0.0.0/8 is a summary, 00:14:46, Null0
D    10.0.0.0/8 [90/435200] via 192.168.1.2, 00:01:25, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
D    192.168.2.0/24 [90/307200] via 192.168.1.2, 00:12:05, FastEthernet0/0

Enabling EIGRP Stub

R1
router eigrp 1
 network 0.0.0.0
 auto-summary
 eigrp stub connected summary

R3 routing table  ( no network 10.1.1.0/24 in its routing table )
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       1.1.1.0/24 is directly connected, Loopback0
D       1.0.0.0/8 is a summary, 00:15:44, Null0
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       2.2.2.0/24 is directly connected, Loopback1
D       2.0.0.0/8 is a summary, 00:15:44, Null0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
D    192.168.2.0/24 [90/307200] via 192.168.1.2, 00:00:24, FastEthernet0/0


Scenario 2:
We enable EIGRP stub on R2. However this time, we configured EIGRP stub on R2. but we chose option received-only, which means R2 will not advertise any of its route to R1 (upstream router) 


Before configuring EIGRP stub received-only on R2

R1 routing table
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D    1.0.0.0/8 [90/409600] via 192.168.1.1, 00:02:51, FastEthernet0/0
D    2.0.0.0/8 [90/409600] via 192.168.1.1, 00:02:51, FastEthernet0/0
D    10.0.0.0/8 [90/409600] via 192.168.2.2, 00:00:11, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    192.168.2.0/24 is directly connected, FastEthernet0/1



After configuring EIGRP stub receive-only on R2

router eigrp 1
 network 10.0.0.0
 network 192.168.2.0
 auto-summary
 eigrp stub receive-only


R1 routing table. As expected, we do not have 10.1.1.0/24 in R1 routing table
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D    1.0.0.0/8 [90/409600] via 192.168.1.1, 00:01:08, FastEthernet0/0
D    2.0.0.0/8 [90/409600] via 192.168.1.1, 00:01:08, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    192.168.2.0/24 is directly connected, FastEthernet0/1




Posted by BBru at 11:18 PM 0 comments
Labels:

Error Disable

Error-disable can occur from many different ways. Here are various reason that makes interface go to errdisable state.

  • Duplex mismatch
  • Port channel misconfiguration
  • BPDU guard violation
  • UniDirectional Link Detection (UDLD) condition
  • Late-collision detection
  • Link-flap detection
  • Security violation
  • Port Aggregation Protocol (PAgP) flap
  • Layer 2 Tunneling Protocol (L2TP) guard
  • DHCP snooping rate-limit
  • Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
  • Address Resolution Protocol (ARP) inspection
  • Inline power

When the interface goes into error-disable state, the only way to bring it back up after fixing the issue is to "no shutdown" it. However, there is an IOS command which helps network devices automatically enable the port from err-disable. The command is as followings

R1(config)# errdisable recovery cause ?


 all                                   Enable timer to recover from all error causes
  arp-inspection            Enable timer to recover from arp inspection error disable state
  bpduguard                  Enable timer to recover from BPDU Guard error
  channel-misconfig    Enable timer to recover from channel misconfig error
  dhcp-rate-limit            Enable timer to recover from dhcp-rate-limit error
  dtp-flap                         Enable timer to recover from dtp-flap error
  gbic-invalid                  Enable timer to recover from invalid GBIC error
  inline-power               Enable timer to recover from inline-power error
  l2ptguard                     Enable timer to recover from l2protocol-tunnel error
  link-flap                       Enable timer to recover from link-flap error
  loopback                    Enable timer to recover from loopback error
  mac-limit                    Enable timer to recover from mac limit disable state
  pagp-flap                   Enable timer to recover from pagp-flap error
  port-mode-failure     Enable timer to recover from port mode change failure
  psecure-violation     Enable timer to recover from psecure violation error
  security-violation      Enable timer to recover from 802.1x violation error
  sfp-config-mismatch  Enable timer to recover from SFP config mismatch error
  storm-control            Enable timer to recover from storm-control error
  udld                            Enable timer to recover from udld error
  vmps                          Enable timer to recover from vmps shutdown error


Example 

We configure R1 to automatically re-enable the port if the cause of err-disable was from link flap. We can use following command to accomplish this obejctive.

R1(config)#errdisable recovery cause link-flap

When the event occurs we will see that the router automatically enable the port after specific interval ( in this case, it is default )

Show Logging buffered

Feb  5 20:21:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
Feb  5 20:21:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Feb  5 20:21:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
Feb  5 20:21:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Feb  5 20:22:09: %PM-4-ERR_DISABLE: link-flap error detected on Gi0/1, putting Gi0/1 in err-disable state
Feb  5 20:22:10: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Feb  5 20:27:09: %PM-4-ERR_RECOVER: Attempting to recover from link-flap err-disable state on Gi0/1
Feb  5 21:41:35: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
Feb  5 21:41:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

Posted by BBru at 2:20 PM 0 comments
Labels:

Trap CPU Utilization

A lot of times, there are problems when you try to connect to the switch by telnet or ssh, the connection is really slow. In some cases, the icmp traffic is dropped. One minute later, the device is back to normal. It is somehow related to the CPU Utilization.  In order to trap the CPU Utilization in syslog. Here is the command to enable it.

Configuration Steps


Make sure that the logging time is accurate.

  • service timestamps log datetime localtime

Enable cpu utilization traps.
  • process cpu threshold type{interrupt | process | total}rising  <number>  interval <interval>falling <number>

Check CPU Utilization
  • show process cpu 



Posted by BBru at 10:30 AM 0 comments
Labels:

Wednesday, February 9, 2011

QoS Nest Configuration

Example of QoS nest 






Task: 


  • Provider needs to limit the traffic from client not to exceed 1Gbps
  • Voice is in 172.16.1.0/24 network
  • Data is in 192.168.1.0/24 network
  • Provider guaranteed Voice traffic to have minimum bandwidth of 20Mbps
  • Use nest configuration and apply on R2 (Provider)
Configuration

Create Access-list for Voice traffic
ip access-list standard VOICE
 permit 172.16.1.0 0.0.0.255
!



Create Class for Voice traffic
class-map match-all VOICE
 match access-group name VOICE
!



Apply policy to guaranteed 20M for Voice traffic
policy-map VOICE-20M
 class VOICE
  bandwidth 20000



Nest QoS Configuration
policy-map INTERFACE-POLICY
 class class-default
  fair-queue
    police 20000000 conform-action transmit  exceed-action drop
  service-policy VOICE-20M
!



Apply Policy to interface
interface FastEthernet0/0
 ip address 10.10.10.2 255.255.255.0
 service-policy input INTERFACE-POLICY
 duplex auto
 speed auto
!


Posted by BBru at 5:07 PM 0 comments
Labels:

Tuesday, February 8, 2011

NAT Load Balancing

NAT can be used for load balancing purpose as well. We do a translation from the destination IP address of the outside packet to multiple inside IP addresses which are load-balance. 

The command which serves this purpose is below
ip nat inside destination list <access-list of global IP address> pool <pool of internal IP address range>
ip nat pool <name> <IP address start> <IP address stop> type rotary


Configuration Example


Task:
  • R3 is in nat outside network trying to connect to servers inside. 
  • R3 uses 172.16.1.10 to connect to the servers.
  • R2 and R4, in this example, are served as servers inside the nat network
  • R2 and R4 are required to load balancing with each other
  • Configure only on R1.
Configuration


R1
!
interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
 ip nat outside
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
!
ip nat pool net-192 192.168.1.2 192.168.1.3 prefix-length 24 type rotary
ip nat inside destination list 1 pool net-192
!
access-list 1 permit 172.16.1.10
!


Verify Configuration

R1#sh ip nat translations

Pro Inside global      Inside local       Outside local      Outside global
tcp 172.16.1.10:23     192.168.1.2:23     172.16.1.2:43480   172.16.1.2:43480
tcp 172.16.1.10:23     192.168.1.3:23     172.16.1.2:48533   172.16.1.2:48533




We see from the translation table that 172.16.1.10 was translated in to 2 ip addresses which are 192.168.1.2 and 192.168.1.3. Now we will test the configuration by trying to telnet to 172.16.1.10 from R3. The correct result will be R3 telnet to R2 and then telnet to R4 when create another session.


R3#
R3#telnet 172.16.1.10
Trying 172.16.1.10 ... Open


User Access Verification

Password:
R2>exit

[Connection to 172.16.1.10 closed by foreign host]
R3#
R3#
R3#telnet 172.16.1.10
Trying 172.16.1.10 ... Open

User Access Verification

Password:
R4>

Posted by BBru at 6:59 PM 0 comments
Labels:

Monday, February 7, 2011

Multicast Boundary

There are many ways to control the size of the multicast domain: In this article, we will talk about TTL and multicast boundary command.

  • TTL :  we use " ip multicast ttl-threshold  x "  command. When the router receives the multicast packet, it will compare the TTL to the configured value. If the packet TTL is greater than configured TTL, the router will pass the multicast traffic. If not, it will drop. And that is the boundary of the multicast domain.
    • Example:   ip multicast ttl-threshold  240
    • It will not forward any multicast packet with TTL less than 240

  • Multicast Boundary : we use  "ip multicast boundary <access-list>" command at the interface level of the router stating that this interface is the multicast boundary. The router will not send any multicast traffic (matched the access-list) to the downstream router
    • Example :   ip mutlicast boundary 15
    • Configured the multicast boundary of the access-list 15

Posted by BBru at 10:40 PM 0 comments
Labels:

EIGRP leak-map

EIGRP leak-map allows sub-networks in the summary address of EIGRP leaked. The command we use is "ip summary eigrp x.x.x.x y.y.y.y leak-map <route-map>

Example


R2 will advertise summary address (192.168.0.0/22) to R1. However, 192.168.2.0 is required to leaked out from the summary address.



Configuration


R2

ip summary-address eigrp 1 192.168.0.0 255.255.252.0 5 leak-map allow-2


ip access-list standard allow-2
 permit 192.168.2.0
!
route-map allow-2 permit 10
 match ip address allow-2
!




Verify Configuration


R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, FastEthernet0/0
D    192.168.2.0/24 [90/409600] via 172.16.1.2, 00:00:08, FastEthernet0/0
D    192.168.0.0/22 [90/409600] via 172.16.1.2, 00:03:25, FastEthernet0/0

Posted by BBru at 10:29 PM 1 comments
Labels:

Friday, February 4, 2011

NAT-PT Dynamic

Sample configuration
Based on previous network diagram
http://network-101.blogspot.com/2011/02/nat-pt.html





NAT-PT Configuration section


ipv6 nat v4v6 source 1.1.1.1 777::1
ipv6 nat v4v6 source 2.2.2.1 777::2

ipv6 nat v6v4 source list pt-list pool v4pool

ipv6 nat v6v4 source 2002::1 125.249.1.10
ipv6 nat v6v4 pool v4pool 125.249.1.100 125.249.1.150 prefix-length 24

ipv6 nat prefix 777::/96
!
ipv6 access-list pt-list
 permit ipv6 3001::/64 any

Verify Configration

R1#ping 777::1 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 777::1, timeout is 2 seconds:
Packet sent with a source address of 3001::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/69/108 ms


R3#ping 125.249.1.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 125.249.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/72/104 ms

Posted by BBru at 9:22 AM 0 comments
Labels:

Thursday, February 3, 2011

NAT-PT

Sample Configuration of NAT-PT








Configuration
Download
http://ge.tt/4gnGkNu

R2
interface FastEthernet0/0
 no ip address
 ipv6 address 2002::2/64
 ipv6 nat
 ipv6 ospf 1 area 0
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ipv6 nat
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
ipv6 router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 redistribute connected
!
ipv6 nat v4v6 source 1.1.1.1 777::1
ipv6 nat v4v6 source 2.2.2.1 777::2
ipv6 nat v4v6 source 192.168.1.2 777::1:2
ipv6 nat v6v4 source 2002::1 10.12.1.1
ipv6 nat v6v4 source 3001::1 10.12.2.1
ipv6 nat v6v4 source 4001::1 10.12.2.2
ipv6 nat prefix 777::/96
!

Checking Interface address

IPv4 
R2#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  up                    up
FastEthernet0/1            192.168.1.1     YES manual up                    up
NVI0                       192.168.1.1     YES unset  up                    up

IPv6
R2#sh ipv6 int brief
FastEthernet0/0            [up/up]
    FE80::C001:11FF:FEFC:0
    2002::2
FastEthernet0/1            [up/up]
    FE80::C001:11FF:FEFC:1
NVI0                       [up/up]
    FE80::C001:11FF:FEFC:0
    unnumbered (FastEthernet0/0)


Routing table

R2#sh ipv6 route
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
C   777::/96 [0/0]
     via ::, NVI0
C   2002::/64 [0/0]
     via ::, FastEthernet0/0
L   2002::2/128 [0/0]
     via ::, FastEthernet0/0
O   3001::1/128 [110/10]
     via FE80::C000:11FF:FEFC:0, FastEthernet0/0
O   4001::1/128 [110/10]
     via FE80::C000:11FF:FEFC:0, FastEthernet0/0
L   FF00::/8 [0/0]
     via ::, Null0


Verify Configuration

R1#ping 777::1 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 777::1, timeout is 2 seconds:
Packet sent with a source address of 3001::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/245/352 ms



R3#ping 10.12.2.1 source lo0 repeat 5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.12.2.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 196/292/384 ms


Troubleshooting


Useful command 
show ipv6 nat translation
show ipv6 nat statistics
debug ipv6 nat
debug ipv6 nat detail

Posted by BBru at 10:18 PM 1 comments
Labels:
Subscribe to: Posts (Atom)