IP Networks | Tech Blog

How to use a Cisco router as Frame-Relay switch

For this tutorial you can use a low cost Cisco router and of course you need some serial interfaces available on this router. I will use a 7206 with 3 serial interfaces. This router I will call R6 and the rest of the three routers connected to R6, will be R2, R5 and R9. In this way it will be easier for you to understand how the frame-relay routing is achieved.

If we have a look to R6’s (the router used as frame-relay switch) interfaces:

r6-c7206#sh int desc
Interface                      Status         Protocol Description
Fa0/0                            up                down
Fa0/1                             up                down
Se5/0:1                         up          up                TO_R2
Se5/1:2                         up            up    TO_R5
Se6/0                            down          down
Se6/1                         up                up    TO_R9

you’ll notice that we have 3 active serial interfaces, each being connected to one of the three routers R2, R5 and R9.

Very important, before you begin define a scalable range for your DLCI numbers, otherwise you will have a complete mess when troubleshooting is needed. I like to define them after formula Rx0Ry. In the middle you have the number zero. In this idea, we will have something like R20R5 and from this resul the DLCI 205 for the Frame-Relay connection between R2 and R5. Below you have the DLCI numbers used in this tutorial:

R2 -> R5: DLCI 205
R2 -> R9: DLCI 209
R5 -> R2: DLCI 502
R5 -> R9: DLCI 509
R9 -> R2: DLCI 902
R9 -> R5: DLCI 905

Now that we have defined the DLCI numbers lets configure R6 router as frame-relay switch.

First of all, you need to enable frame relay switching on the router:

r6-c7206#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r6-c7206(config)#frame-relay switching

This command enable the switching of packets based on the data?link connection identifier (DLCI) inside your router.

Next, we have to configure the frame-relay routing on the physical interface. We will start with interface S5/0:1 where R2 router is connected and apply the following configuration

interface Serial5/0:1
description TO_R2
no ip address
encapsulation frame-relay
! the frame-relay switch is the DCE and the other end is the DTE
frame-relay intf-type dce
frame-relay route 205 interface Serial5/1:2 502
frame-relay route 209 interface Serial6/1 902

With frame-relay route command we tell to frame-relay switch where to forward the packets based on the DLCI number. If we take a look to the first frame-relay route command, than the path to DLCI 502 is interface Serial5/1:2. If you feel confuse, please check again above the interface connection to the router and the assigment scheme for DLCI numbers.

The same like for interface S5/0:1, we will configure the interfaces connected to R5 and R9:

interface Serial5/1:2
description TO_R5
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 502 interface Serial5/0:1 205
frame-relay route 509 interface Serial6/1 905

interface Serial6/1
description TO_R9
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 902 interface Serial5/0:1 209
frame-relay route 905 interface Serial5/1:2 509

Having a look to S5/1:2, first frame-relay route command, here we configure the path back from R5 to R2, by telling the frame-relay switch to chose interface S5/0:1 to send packets to DLCI 205 (R2).

This is the basics of how to configure a Cisco router as a frame-relay switch. If you need help, please don’t hesitate to use the comment form below.

Core Knowledge Questions Removed for CCIE R&S and Voice Lab Exams

Cisco removed the Core Knowledge Questions section from the CCIE R&S and Voice Lab exams.

This sections STILL exist on CCIE Service Provider, CCIE Security, CCIE Storage Networking and CCIE Wireless Lab.

Please find below the official announcement and the reasons regarding this section removal from R&S and Voice lab exams:

With more than six months of exam results now available, Cisco is able to report that the troubleshooting components of the CCIE R&S v4.0 and CCIE Voice v3.0 lab exams are performing well in validating expert level networking skills. Considering these results, Cisco has decided to eliminate the Core Knowledge questions from the current CCIE R&S v4.0 and CCIE Voice v3.0 Lab Exams. Beginning on May 10, 2010, CCIE R&S and CCIE Voice Lab Exams, in all global locations, will no longer include the four open-ended Core Knowledge questions. The total lab time will remain eight hours. For the CCIE R&S Lab Exam, this means candidates will begin with the two-hour Troubleshooting section, followed by a six-hour Configuration section. For CCIE Voice, candidates will have the full eight hours to complete the integrated exam. At this time, only the R&S and Voice tracks will be eliminating the Core Knowledge questions.
You can read more here:

https://learningnetwork.cisco.com/docs/DOC-6484

What does it take to pass the CCIE exam? (colinmcnamara.com)
A Quick Look at what I’m using to Study for R&S. (globalconfig.net)

New Service Provider Operations Track Training and Exams

The Cisco CCNA Service Provider (SP) Operations certification and the written exam for the CCIE Service Provider (SP) Operations certification are now available.
The Cisco CCNA SP Operations certification targets entry-level students with a foundation of network operations skills in SP IP NGN environments required of associate-level operations personnel. Both the Supporting Cisco Service Provider IP NGN Operations (SSPO) course and required # 640-760 exam are now available. Interested students should access the CCNA SP Operations home page for more information.

The Cisco CCIE® SP Operations certification assesses and validates core IP NGN service provider network operations expertise and broad theoretical knowledge of operations management processes, frameworks and network management systems. Registration for the for CCIE SP Operations written exam is now available. In addition, students may download the blueprint for the CCIE SP Operations practical exam from the CCIE SP Operations practical exam overview page. The practical exam for the CCIE SP Operations certification is scheduled to be made available in the third quarter of 2010.

For more info:
https://learningnetwork.cisco.com/community/certifications/ccna_sp_operations
https://learningnetwork.cisco.com/index.jspa?ciscoHome=true
https://learningnetwork.cisco.com/community/certifications/ccie_sp_operations/practical_exam

CCNA Certification Introduction (recycleemail.com)
What does it take to pass the CCIE exam? (colinmcnamara.com)
Why the CCIE Program Is More Useful Than the Certification Itself. (etherealmind.com)

Cisco: Mark voice packets at the network edge

You know how Cisco always advise to mark the packet as close to the your network edge as you can? Even more you can find a lot of example where Cisco show how to trust the packets directly on the access switch, but not all the time you can do this.

First because not everybody has devices that mark correct packets (like Cisco IP Phones) but we still have to deal somehow with packet marking as maybe your provider treat packets different on their backbone based on their marking.

In this idea what I’m taking care the most are the voice packets as usually this has to be prioritized on the network. Let’s face it, if you have a TCP connection and some FTP packet are retransmitted you don’t notice this too much, but if you have delay on your phone conversation with your boss, that it’s not so good.

Please have a look at the topology below:

In this scenario we have a Voice server and some IP Phones (I know they look like Cisco IP phone, but pretend they are not) connected to the access switch. Let’s assume that we cannot trust marking on this packets as they arrive from this devices.

Here we run into one of the two issues. First if we trust the marking on the access port, than we don’t know what we are stuck with. If we don’t trust them, then the packets header DiffServ (TOS) bits are rewrite with a value of zero making no difference between voice packets and regular ones.

My solution is the following. I’m not saying that’s the only solution or the best, but it’s working:

On the access switch:

1. enable globally:

mls qos

2. configure and access-list that match the voice packet; this is a very general list:

access-list 101 permit udp any any range 16384 32767
access-list 101 permit udp any range 16384 32767 any
access-list 101 permit udp any any range 5060 5061
access-list 101 permit udp any range 5060 5061 any

3. match the access-list in a class-map

class-map match-all VOIP
match access-group 101

4.configure a policy-map with the class-map above and set the DSCP value to EF (decimal 46) or COS or whatever you need

policy-map ASTERISK
class VOIP
set dscp ef

5.on the access port configure the service-policy direction inbound

int x/y
service-policy input ASTERISK

6.on all trunks from your access switch to your first Layer 3 device trust this DSCP value (or what you have set, as now we are sure what values we set) with:

mls qos trust dscp

Let me know if it’s working!

Average IP Packet Size | Slaptijack (etherealmind.com)
Announcing the Packet Pushers Podcast – “Lab Scenario 1? (etherealmind.com)
Blog – How to Spot Suspicious VoIP signals (technologyreview.com)
Simple VOIP test calls and Toll Fraud (blindhog.net)

INE released GNS3 config for v5 topology

A few days ago one friend on mine announced me that InternetworkExpert released a GNS3 configuration for their v5 topology.

When I had check INE’s website, I could not found the link to GNS3 topology. To be honest I was expecting INE to announce with big letters this new development, but I was quite silent (or I’m not reading carefully enough their website).

To fin GNS3 configuration, there is a small catch. You have to go to INE resources webpage, and from there to Dynamips (there is no GNS3 link). If you ever used the INE’s Dynamips config, that this page is familiar for you. Somewhere in the middle there is a link with “Click here to download the INE Topologies for Dynagen“. You download this archive file and inside you’ll find among other configuration a file called ine.routing.and.switching.topology.5.00.gns3.net:

INE V5 GNS3 topology config

This is the file which you are looking for. Of course you need to edit and adapt it to your local configuration (IOS, path location…). What is different from Dynamips file? Almost nothing, but you have a graphical view of the topology and if you put your mouse over a link, you’ll see where is the connection pointing too. It can help you spare some time in the configuration, but there is a drawback. Don’t get used too much with this feature, as in the CCIE lab exam you don’t have where to point your mouse to show the connection and you have to figure it by your own from the paper (or lately computer screen).

If you don’t want to follow the steps above, then:

Download the INE’s v5 topology GNS3 configuration

Reloading IOS Config at CLI for Dynamips/Dynagen (etherealmind.com)
RIP – Dynamips, We’ll Miss You… (etherealmind.com)
Dynamips, Dynagen, GNS3 0.7, IOS15.0 and Snow Leopard OSX (etherealmind.com)
Tutorial: OSPF Network Types and Frame Relay Part 5 (ardenpackeer.com)

You might be interested in:

You might be interested in:

Other articles that you might be interested in:

Download the INE’s v5 topology GNS3 configuration

Other articles that you might be interested in: