Introduction
1-0 Why IPFR
2-0 Our Lab
3-0 Basic Router Configuration
3-1 Name Your Router
3-2 Enable Logging
3-3 Set Timestamps
3-4 Set Time Zones
3-5 Set Time Servers
3-6 Saving Your Configuration
4-0 Passwords
4-1 Enable Secret Password
4-2 VTY Line Password
4-3 Encrypting Service Passwords
5.0 Configuring Interfaces
5-1 Serial Interfaces
5-2 Sub-Interfaces
6-0 IP Routing
6-1 Default Route
7-0 Turning Up Your Interfaces
Introduction
This is a tutorial on how to configure a Cisco router for use on an IP enabled Frame Relay (IPFR) network. It is not in the scope of this tutorial to explain the complete topology of the IPFR network, however there is a brief overview of the basic topology of IPFR versus a traditional fully meshed Frame Relay network. I will try to give tips that they will never tell you about in school. Stuff you only seem to learn once you get out there and work with a router a few times. Or maybe I just went to the wrong school. Either way, it is from my point of view and as I understand the workings of the IOS—Cisco has not blessed this tutorial in any way. If these methods are used, the router will communicate with and transfer data across your Wide Area Network (WAN).
For the purpose of this tutorial, I will assume three things:
(1) That you have admin level privileges to the router (i.e. have the "enable secret" password if one is set), and are able to connect to the router via the console, telnet, or out-of-band access,
(2) That you know which routing protocol, IP addresses and Autonomous System Numbers (ASN) are being used by your provider, or
(3) That you just have a desire to learn some of the techniques implemented here.
1-0 Why IPFR
In a traditional fully meshed Frame Relay network, each node on the network has to have Permanent Virtual Circuits (PVC) linking every node on the WAN. This can become a very expensive topology as the provider usually charges per PVC.
In an IP enable Frame Relay (IPFR) network, each node on the WAN needs to have only one PVC to the provider's router. The provider knows your router as the Customer Edge Router (CER). Their router they call the Provider Edge Router (PER). Once connectivity to the PER is achieved, data is then routed through the provider's network over TCP/IP. Instead of having to rely on Layer 2 switching and pinned up PVCs, the transfer of data to the remote sites are handled by Layer 3 addressing and the routing protocol in use. The service provider is responsible for getting your data to cross the WAN without having to have costly PVCs to each site.
In my opinion, the IPFR model is much more efficient in terms of ease of provisioning and deployment, use of bandwidth, and overhead on the router.
2-0 Our Lab
For the example configuration here, we will be configuring our router (a Cisco 1720) using the Border Gateway Protocol version 4 (BGPv4). From my experience, the provider will assign you an Autonomous System Number (ASN), but I have run into cases where the provider requires you to register your own ASN. Our ASN number will be 63772. Our Service Provider's ASN will be 15365.
Your provider will assign the IP address of your serial interface, but this rule is not etched in stone and may vary from provider to provider. Since the PVC in this example is a point-to-point connection, we'll be using the 10.10.10.0 subnet with a 30-bit subnet mask (or 255.255.255.252). On our Ethernet interface we'll be using the private 172.16.1.0 subnet with a 24-bit subnet mask (or 255.255.255.0).
You will also need to know what the LMI type your connection will use. As a rule, if all your routers in your WAN are Cisco, then you can leave the LMI type as Cisco, which is the default. If other than Cisco, use Annex-D as your LMI type. For this lab, we'll use Annex-D.
Our connection is a T1.
Our PVC will be coming over DLCI 150
Our router will be named Losangeles-R1.
3-0 Basic Router Configuration
I will take you from a router with only the default configuration on it, to a router that will peer with a service provider router at the edge of an IP-enabled Frame Relay network and offer connectivity to all other sites on your WAN, utilizing a single PVC.
Once you are connected to your router, press return (or enter) until you get to the command prompt. If prompted for a password, I hope you know it. If your router has only the default configuration, then your command prompt should look like this:
router>
This is the User Exec prompt. You can't configure a router at this prompt. You will need to be at the Enable Exec prompt to configure. To get to the Enable Exec prompt enter:
router>enable
Your Enable Exec prompt now looks like this:
router#
To configure a Cisco router, you have to be in configuration mode, or better stated, at the configuration prompt. To get there you must type "configure terminal" or "config t". So it will go like this:
router#config t
Notice the change in your prompt:
router(config)#
3-1 Name Your Router
We'll give your router its name by entering:
router(config)#hostname Losangeles-R1
Your prompt will then change to:
Losangeles-R1(config)#
Your router now has a name. Now to get back to the Enable Exec prompt, you would push and hold the ctrl button, then the Z button (^Z). This would save what you have configured so far to the running configuration, but don't do that right now as there are other types of basic router features that you might want to enable now.
3-2 Enable Logging
I always enable logging so that you can view different types of logging events that happen on the router. I will not try to describe the different kinds of events logged, but it remains good practice to enable this feature of the Cisco IOS (Internetworking Operating System).
To enable logging on your router, at the configuration prompt enter:
Losangeles-R1(config)#logging buffered 4096
This enables logging and sets the buffer size to 4096KB.
3-3 Set Timestamps
I also like to set the timestamps in the logging buffer and debugging output, to log the date, time, and time zone. To do this, issue the following two commands:
Losangeles-R1(config)#service timestamps debug datetime localtime show-timezone
Losangeles-R1(config)#service timestamps log datetime localtime show-timezone
3-4 Set Time Zones
Next set the time zone of the router and set the router to change time as daylight savings time comes and goes. (Disregard the latter if you don't participate in the whole daylight savings time thing.)
Losangeles-R1(config)#clock timezone PST -8
Losangeles-R1(config)#clock summer-time PDT recurring
Tip: The -8 means the location of the router is 8 hours earlier than UTC time. The converse it true, +8, if the location is 8 hours later than UTC time.
3-5 Set Time Servers
If you want the router's clock to automatically sync up to a timeserver running the Network Time Protocol (NTP), enter this command:
Losangeles-R1(config)#sntp server 129.7.1.66
Tip: use "ntp server" on Cisco 1751s and higher. The IP address in this example is a public timeserver that was active at the time of writing this tutorial. You can enter the IP address of any timeserver you wish, but just remember that for security reasons, your WAN router should not be getting its time from the Internet. On the IPFR you should set up a server or two on one of your Ethernet segments to provide NTP services. These servers will have to be pingable from all remote routers on your WAN that expect time.
3-6 Saving Your Configuration
At this point, let's save our current configuration - or running configuration - to the startup configuration. The startup configuration is loaded into memory when the router is booted. Now do a ^Z (cntrl + Z), and then enter this:
Losangeles-R1#write memory
When you write to memory you will see this:
Losangeles-R1#write memory
Building configuration...
[OK]
Losangeles-R1#
Tip: You can also enter "copy running-config startup-config". No matter which one you choose, do this often. Do this, then do it again. Then whenever you think about it, do it again. I can't stress enough the importance of saving your running configuration to startup configuration. Besides the more obvious reasons, there's nothing worse than deploying a router to a site and it booting up with no running configuration. You worked to create it, don't let it disappear because you forgot to save it!
4-0 Passwords
It is not my intention to get into a discussion of how to create or secure passwords, but rather to instruct you how to install the password fabric of the Cisco IOS.
If you haven't already, enter:
Losangeles-R1#config t
4-1 Enable Secret Password
The enable secret password is the password that you use to access the Enable Exec prompt of your router. Be sure you remembered exactly how you entered this one, because if you forget it - and it is case sensitive - you can't gain admin level privileges to your router. At the configuration prompt, enter:
Losangeles-R1(config)#enable secret [your password here]
4-2 VTY Line Password
When you open a telnet session with the router, it comes through what is known as VTY lines. A Cisco router comes with 5 VTY lines (vty 0 4) by default. The VTY password is the one used when telnetting to the router.
Enter the next three lines:
Losangeles-R1(config)#line vty 0 4
Losangeles-R1(config-line)#password [your password here]
Losangeles-R1(config-line)#login
Notice that the configuration prompt changed from "config" to "cofig-line".
Tip: You can also configure your console port and auxiliary port in the same fashion by entering "console 0" or "aux 0" as the first command of the preceding three commands. These, including the vty line password, are said to be service passwords.
4-3 Encrypting Service Passwords
I always like to encrypt the service passwords on the routers I deploy. However, if someone has gained enough access to your router to see the running configuration, the encryption of your service passwords has already been compromised. There are many tools out there that will easily decrypt these passwords. When viewing the running configuration, the service passwords will be encrypted if you enter:
Losangeles-R1(config)#service password-encryption
Losangeles-R1(config)#^Z
Now save your config to the startup config:
Losangeles-R1#write memory
Tip: This command can be abbreviate when you enter it with "wr mem". As you may have already discovered, you don't have to type out every letter in every word in the commands. The Cisco IOS is very intuitive in this respect.
5.0 Configuring Interfaces
First off, we will configure the Ethernet interface on your router. To configure an interface on a Cisco router, you must be at the interface configuration prompt. Note the change in the prompt when you enter the following commands:
Losangeles-R1#conf t
Losangeles-R1(config)#interface fastEthernet 0
Losangeles-R1(config-if)#ip address 172.16.1.1 255.255.255.0
What we did, in order: entered configuration mode, entered interface configuration mode, then entered the IP address and subnet mask of your router's Ethernet interface. Now if you have a machine on the 172.16.1.0 subnet, you should be able to telnet to your router. Hope you remembered you VTY line password.
5-1 Serial Interfaces
This is the meat of the IPFR configuration. Enter the following commands to configure the serial interface of your router:
Losangeles-R1(config-if)#interface serial 0
Losangeles-R1(config-if)#encapsulation frame-relay ietf
Losangeles-R1(config-if)#service-modudle t1 timeslots 1-24
Losangeles-R1(config-if)#frame-relay lmi-type ansi
What we just did was: enter serial line 0 interface for configuration, set our packet encapsulation as frame relay. Enter ietf only if you have routers on the network that aren't Cisco. Then we named which time slots that we will be using. Since our connection is a full T1, we use all 24 channels of the circuit. Next, we set the LMI type to Annex-D. This one is very important: if your provider isn't using Annex-D as their LMI type, the circuit will not come up.
5-2 Sub-Interfaces
I will not attempt to explain why you need a sub-interface, but this is very common in most frame relay configurations that I have ever seen. This is where you assign the IP address and DLCI (Data Link Connection Identifier) information. The DLCI is the PVC number associated with your circuit. To configure your sub-interface enter:
Losangeles-R1(config-if)#interface serial0.150 point-to-point
Losangeles-R1(config-subif)#ip address 10.10.10.1 255.255.255.252
Losangeles-R1(config-subif)#frame-relay interface-dlci 150 ietf
We just created the sub-interface number by entering our serial interface (s0) followed by a dot, then the number we chose. I like to keep my sub-interfaces name the same as my DLCI number for that interface. This makes it easier to find if you add other sub-interfaces to the configuration later. Next we named the DLCI that we will be using.
6-0 IP Routing
It is vital that you know which routing protocol you will be using on your network. I will not attempt to explain routing protocols here. Our chosen protocol will be BGP participating in the 63772 Autonomous System (AS) peering with the remote AS 15365.
Enter the following to configure the BGP routing protocol:
Losangeles-R1(config-subif)#router bgp 63772
Losangeles-R1(config-router)#network 172.16.1.0 mask 255.255.255.0
Losangeles-R1(config-router)#neighbor 10.10.10.2 remote-as 15365
We entered the routing protocol (bgp) followed by the ASN (63772). Then we entered our Ethernet segment that we want to advertise over our WAN (172.16.1.0), followed by our service provider's IP address and ASN.
6-1 Default Route
The default route (or gateway of last resort) is a static route on your router that you enable to tell the router, "If you don't know where the packet goes, send it here." To name the default route enter:
Losangeles-R1(config-router)#ip route 0.0.0.0 0.0.0.0 10.10.10.2
This tells the router to send any packets that it doesn't know what to do with to the provider's router. Hopefully it will have the destination of your packet in its routing table.
Now enter:
Losangeles-R1(config-router)#^Z
Losangeles-R1#wr mem
7-0 Turning Up Your Interfaces
Your interfaces are down by default. Before you can transfer data through these interfaces, you must turn them up. The following commands should be self-explanatory:
Losangeles-R1#conf t
Losangeles-R1(config)#int f0
Losangeles-R1(config-if)#no shutdown
Losangeles-R1(config-if)#int s0
Losangeles-R1(config-if)#no shutdown
Losangeles-R1(config-if)#int s0.150
Losangeles-R1(config-if)#no shutdown
Losangeles-R1(config-if)#^Z
Losangeles-R1#wr mem
Tip: Be sure to turn up all interfaces you intend to use on the router, then save your running configuration to startup configuration. If you deploy a router, and you didn't "write memory" before you turned the router off, the interfaces will not come up when the router is installed. This can be costly if there is no one at the site that can console into the router and manually turn them up.
Now your router is ready to participate in your IPFR network. There are other commands that can be issued to view your running or startup configurations, logs, status of your PVC, etc., however, that is another tutorial entirely. Maybe I'll add them later.
Written by shrapnelsack
Former member of CAU Knowledge-Bank Tutorial Writers
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|