Wednesday, November 28, 2007

Frame-Relay Point-to-point with '% Unrecognized command'

I want to make point-to-point subinterface with Frame-Relay encapsulation in main link serial interface but there is a little confuse, here is

R3(config)#int s1/0
R3(config-if)#encapsulation frame-relay 
R3(config-if)#int s1/0.1 poin
R3(config-if)#int s1/0.1 point
R3(config-if)#int s1/0.1 point-to
R3(config-if)#int s1/0.1 ?       
% Unrecognized command

R3(config-if)#do sh run int s1/0
Building configuration...

Current configuration : 134 bytes
!
interface Serial1/0
 no ip address
 encapsulation frame-relay
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
end

R3(config-if)#no shut
R3(config-if)#
*Mar  1 00:02:51.583: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up

R3(config-if)#int s1/0.1 poin
R3(config-if)#int s1/0.1 ?   
% Unrecognized command

R3(config-if)#int s1/0.1 
*Mar  1 00:03:02.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
% Incomplete command.

R3(config)#int s1/0.1 ?
  multipoint      Treat as a multipoint link
  point-to-point  Treat as a point-to-point link

R3(config)#int s1/0.1 poin
R3(config)#int s1/0.1 point-to-point 
R3(config-subif)#ip add 10.10.10.3 255.255.255.0


So before the main link serial interface up and line protocol up too, can't make a subinterface point-to-point or multipoint ;).

---update---

This correction about my post.

Posted by Hermawan Widiyanto at 5:55 AM 2 comments

Wednesday, November 21, 2007

Juniper NetScreen 5GT (NetScreen-5 Series)


My company implement small office router for customer equipment / CE plus value add firewall appliance that is Juniper NetScreen 5GT.

First time look at the device, not sure with small dimension can handle routing table & firewall applicance, ok let see

1. 5GT devide 2 segment 'trust' & 'untrust', trust is segment local / LAN, untrust is segment public / internet
2. default these segment Juniper have default config, for untrust with static IP & trust with DHCP IP + NAT enable

I have example step by step config for simple gateway 5GT without NAT & DHCP

1. set interface utrust with public IP from service provider for back to back allocation (172.16.0.0/30)
2. make interface utrust disable NAT & DHCP
3. set interface trust with public IP for host allocation (172.16.0.4/28)
4. set default route 0.0.0.0/0 to get destination to back to back IP in service provider
5. test ping & save configuration

Here the capture :

ns5gt-> set interface untrust ip 172.16.0.2 255.255.255.252
ns5gt-> set interface untrust manage ping
ns5gt-> get interface

A - Active, I - Inactive, U - Up, D - Down, R - Ready 

Interfaces in vsys Root: 
Name           IP Address         Zone        MAC            VLAN State VSD      
trust          192.168.1.1/24     Trust       0017.cbef.48b2    -   U   -  
untrust        172.16.0.2/30  Untrust     0017.cbef.48b1    -   U   -  
serial         0.0.0.0/0          Null        0017.cbef.48b6    -   D   -  
vlan1          0.0.0.0/0          VLAN        0017.cbef.48bf    1   D   -  
null           0.0.0.0/0          Null        N/A               -   U   0  

ns5gt-> set interface trust route
ns5gt-> unset interface trust dhcp server service
ns5gt-> set interface trust ip 172.16.0.5 255.255.255.240
ns5gt-> get route

IPv4 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2

IPv4 Dest-Routes for  (4 entries)
--------------------------------------------------------------------------------
   ID          IP-Prefix      Interface         Gateway   P Pref    Mtr     Vsys
--------------------------------------------------------------------------------
*   5    172.16.0.4/28          trust         0.0.0.0   C    0      0     Root
*   6    172.16.0.5/32          trust         0.0.0.0   H    0      0     Root
*   4  172.16.0.2/32        untrust         0.0.0.0   H    0      0     Root
*   3  172.16.0.0/30        untrust         0.0.0.0   C    0      0     Root

ns5gt-> set route 0.0.0.0 0.0.0.0 interface untrust
ns5gt-> get route

IPv4 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2

IPv4 Dest-Routes for  (5 entries)
--------------------------------------------------------------------------------
   ID          IP-Prefix      Interface         Gateway   P Pref    Mtr     Vsys
--------------------------------------------------------------------------------
*   7          0.0.0.0/0        untrust         0.0.0.0   S   20      1     Root
*   5    172.16.0.4/28          trust         0.0.0.0   C    0      0     Root
*   6    172.16.0.5/32          trust         0.0.0.0   H    0      0     Root
*   4  172.16.0.2/32        untrust         0.0.0.0   H    0      0     Root
*   3  172.16.0.0/30        untrust         0.0.0.0   C    0      0     Root

or 

ns5gt-> set route 0.0.0.0 0.0.0.0 interface untrust gateway 172.16.0.1
ns5gt-> get route

IPv4 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2

IPv4 Dest-Routes for  (5 entries)
--------------------------------------------------------------------------------
   ID          IP-Prefix      Interface         Gateway   P Pref    Mtr     Vsys
--------------------------------------------------------------------------------
*   8          0.0.0.0/0        untrust  172.16.0.1   S   20      1     Root
*   5    172.16.0.4/28          trust         0.0.0.0   C    0      0     Root
*   6    172.16.0.5/32          trust         0.0.0.0   H    0      0     Root
*   4  172.16.0.2/32        untrust         0.0.0.0   H    0      0     Root
*   3  172.16.0.0/30        untrust         0.0.0.0   C    0      0     Root

ns5gt-> get interface
A - Active, I - Inactive, U - Up, D - Down, R - Ready 
Interfaces in vsys Root: 
Name           IP Address         Zone        MAC            VLAN State VSD      
trust          172.16.0.5/28    Trust       0017.cbef.48b2    -   U   -  
untrust        172.16.0.2/30  Untrust     0017.cbef.48b1    -   U   -  
serial         0.0.0.0/0          Null        0017.cbef.48b6    -   D   -  
vlan1          0.0.0.0/0          VLAN        0017.cbef.48bf    1   D   -  
null           0.0.0.0/0          Null        N/A               -   U   0  

ns5gt-> save
Save System Configuration  ... 
Done
ns5gt->
Posted by Hermawan Widiyanto at 11:24 PM 0 comments

Monday, November 19, 2007

'Typer Shark' Game for Cisco Engineering


Why Cisco Engineering need to play game. It's different game with other. Beside to refresh your mine about IOS command, this game improve your skill to type word emm increase your speed to type IOS command. Let's try it, it's online game from PopCap

"Sink your teeth into this action-packed educational adventure. Hungry sharks and piranhas are on the hunt as you SCUBA dive around them. Type words fast to zap the predators... before they turn you into lunch!"
Posted by Hermawan Widiyanto at 4:22 AM 0 comments

Friday, November 9, 2007

Not all config may be removed and ...

The complete warning is 'Not all config may be removed and may reappear after reactivating the sub-interface', this case almost the same with previous post about subinterface Frame Relay. But this is work but if verify still appear previous subinterface with status deleted. Work that I mean, if I attach new IP address is OK, but I don't know may be there is other feature doesn't work. Finnally I still use with status deleted in subinterface, so far it's ok.

#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up      
FastEthernet0/0.1          10.10.100.1     YES NVRAM  up                    up      
FastEthernet0/0.2          10.10.200.1     YES NVRAM  up                    up      

#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
(config)#no int f0/0.1
Not all config may be removed and may reappear after reactivating the sub-interface
(config)#no int f0/0.2
Not all config may be removed and may reappear after reactivating the sub-interface

(config)#default int f0/0.1
Building configuration...
Interface FastEthernet0/0.1 set to default configuration
(config)#default int f0/0.2
Building configuration...
Interface FastEthernet0/0.2 set to default configuration

(config)#do sh ip int b    
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up      
FastEthernet0/0.1          unassigned      YES NVRAM  deleted               down    
FastEthernet0/0.2          unassigned      YES NVRAM  deleted               down    

(config)#default int f0/0
Building configuration...
Interface FastEthernet0/0 set to default configuration

(config)#do sh ip int b  
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES TFTP   up                    up      
FastEthernet0/0.1          unassigned      YES NVRAM  deleted               down    
FastEthernet0/0.2          unassigned      YES NVRAM  deleted               down    

(config)#int f0/0
(config-if)#ip add 10.10.10.1 255.255.255.0

(config-if)#do sh ip int b                 
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.10.10.1      YES manual up                    up      
FastEthernet0/0.1          unassigned      YES NVRAM  deleted               down    
FastEthernet0/0.2          unassigned      YES NVRAM  deleted               down
Posted by Hermawan Widiyanto at 10:30 AM 0 comments

Tuesday, November 6, 2007

Gateway of last resort

The Gateway of last resort, what is it ? do ever hear that. Complete statement is 'Gateway of last resort is not set' still never seen before ?

Here it is complete capture about that

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set


or 

Gateway of last resort is x.x.x.x to network 0.0.0.0


The Gateway of last resort is next hop of default route, router mention of about information default route or 0.0.0.0 0.0.0.0 or 0.0.0.0/0 and next hop is x.x.x.x.
Posted by Hermawan Widiyanto at 5:55 AM 0 comments

Friday, November 2, 2007

Frame-Relay Subinterface 'cannot change link type' (part 2)

I want to corection last posting about Frame-Relay Subinterface 'cannot change link type'. Last posting I mention about solution 'Now to solve this problem make default configuration subinterface, do write memory and reload the router'. The solution to this problem should be :
- make disable subinterface with 'no interface s1/0.1'
- do 'write memory' save configuration to startup-config
- reload router

R1#sh run int s1/0.1
Building configuration...
Current configuration : 114 bytes
!
interface Serial1/0.1 multipoint
ip address 10.0.0.1 255.0.0.0
frame-relay map ip 10.0.0.2 102 broadcast
end

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#do sh ip int b
Interface IP-Address OK? Method Status Protocol
Serial1/0 unassigned YES NVRAM up up
Serial1/0.1 10.0.0.1 YES NVRAM up up
R1(config)#no int s1/0.1
Not all config may be removed and may reappear after reactivating the sub-interface

R1(config)#do sh ip int b
Interface IP-Address OK? Method Status Protocol
Serial1/0 unassigned YES NVRAM up up
Serial1/0.1 unassigned YES NVRAM deleted down
R1(config)#int s1/0.1 point-to-point
% Warning: cannot change link type
Posted by Hermawan Widiyanto at 1:35 PM 0 comments

Thursday, November 1, 2007

Frame-Relay Subinterface 'cannot change link type'

I have problem with Frame Relay enable on subinterface, set 'frame-relay encapsulation' on main interface and enable subinterface with multipoint, configure use static layer 3 to layer 2 with 'frame-relay map ip'. Then a few minutes later I change point-to-point type subinterface with point-to-point, what happen ? let's check it out.

R1#
interface Serial1/0
 no ip address
 encapsulation frame-relay
 serial restart-delay 0
 no dce-terminal-timing-enable
end

R1#
interface Serial1/0.1 multipoint
 ip address 10.0.0.1 255.0.0.0
 frame-relay map ip 10.0.0.2 102 broadcast
end

R1#sh frame-relay map
Serial1/0.1 (up): ip 10.0.0.2 dlci 102(0x66,0x1860), static,
              broadcast,
              CISCO, status defined, active

R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/33/60 ms


R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int s1/0.1 ?        
  multipoint      Treat as a multipoint link
  point-to-point  Treat as a point-to-point link
  

R1(config)#int s1/0.1 point-to-point 
% Warning:  cannot change link type

R1(config-subif)#do sh run int s1/0.1
Building configuration...

Current configuration : 114 bytes
!
interface Serial1/0.1 multipoint
 ip address 10.0.0.1 255.0.0.0
 frame-relay map ip 10.0.0.2 102 broadcast
end
R1(config-subif)#exit


R1(config)#default interface serial1/0.1 multipoint
Building configuration...
Interface Serial1/0.1 set to default configuration

R1(config)#do sh run int s1/0.1                    
Building configuration...
Current configuration : 40 bytes
!
interface Serial1/0.1 multipoint
end

R1(config)#int s1/0.1 point-to-point               
% Warning:  cannot change link type
R1(config-subif)#exit


R1(config)#default interface serial1/0             
Building configuration...
Interface Serial1/0 set to default configuration

R1(config)#do sh run int s1/0         
Building configuration...
Current configuration : 73 bytes
!
interface Serial1/0
 no ip address
 no dce-terminal-timing-enable
end

R1(config)#int s1/0
R1(config-if)#encapsulation frame-relay 
R1(config-if)#exit

R1(config)#int s1/0.1 point-to-point
% Warning:  cannot change link type


R1(config-subif)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/0                  unassigned      YES TFTP   up                    up      
Serial1/0.1                unassigned      YES NVRAM  up                    up      
  
R1(config-subif)#exit

R1(config)#default interface serial1/0.1 multipoint
Building configuration...
Interface Serial1/0.1 set to default configuration

R1(config)#do sh run int s1/0.1                    
Building configuration...
Current configuration : 40 bytes
!
interface Serial1/0.1 multipoint
end


I don't know why, is it bug from IOS or may be have something purpose to this condition. Now to solve this problem make default configuration subinterface, do write memory and reload the router.
Posted by Hermawan Widiyanto at 8:49 PM 1 comments
Subscribe to: Posts (Atom)