Archive for May, 2011

Lightweight AP – DHCP Configuration

Posted on May 24, 2011. Filed under: Uncategorized | Tags: , , , , |

Just some findings on lightweight access points, and configuration of DHCP pools.  DHCP is used to tell the LAPs what the wireless controller(s) ap-mgmt address is on boot up.

Option 60 is specified in  a DHCP discover packet by lightweight APs requesting an IP address, it’s used to tell the server what type of device it is, for example a client may set option 60 to ‘Cisco AP c1140’.

The DHCP server can be configured to provide additional options in a DHCP offer packet, only to those client’s that need it.  In this case, if option 60 is ‘Cisco AP c1140’, the server will return option 43, which has the address of the wlc ap-mgmt interface IP addresses in hex format.

!
ip dhcp pool ap_manager
   network 128.58.172.128 255.255.255.224
   default-router 128.58.172.129
   dns-server 192.23.23.192 192.23.23.193
# Identifies type of device
 option 60 ascii "Cisco AP c1140"
# Specifies IP of WLC controllers 192.168.10.5|192.168.10.20
 option 43 hex f108c0a80a05c0a80a14
   domain-name eur.slb.net
   lease 8
!

The hex value is made up as follows:

f1 = 0xf1 (type)
08= 0x8 (total number of octets in both IP addresses 2×4)
c0a80a05=192168105 (first IP)
c0a80a14=1921681020 (second IP)

It should be noted that there is a bug on 3750 switches running 12.2(46)SE which prevents option 60 from being specified. “% Invalid input detected at ‘^’ marker.”  is returned because there is a space in the text ‘Cisco AP c1140’.  To resolve this change to a different version of code.

Read Full Post | Make a Comment ( None so far )

Making IP Helper (UDP forwarding) HSRP Aware

Posted on May 23, 2011. Filed under: Uncategorized | Tags: , , , , |

This scenario involves multiple gateway routers using first-hop redundancy protocols like HSRP.  The  routers are using IP helper commands to forward DHCP requests to a central server, however the server is receiving many DHCP requests from the same client, as shown below:

dhcpserver#sh log | i through relay
*Mar  1 00:20:41.291: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63 through relay 192.168.1.2
*Mar  1 00:20:43.819: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63 through relay 192.168.1.3

It must be understood that DHCP discover packets are broadcast, and thus received and forwarded by all routers configured with IP helper addresses.  To prevent all routers from forwarding the request, the solution is to only allow the active HSRP router to do this.

Below is overall topology:

Configuration for R1:

interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip helper-address 10.1.1.1 redundancy HSRP-Data
duplex auto
speed auto
standby 10 ip 192.168.1.1
standby 10 preempt
standby 10 name HRSP-Data

Configuration for R2:

interface FastEthernet0/0
ip address 192.168.1.3 255.255.255.0
ip helper-address 10.1.1.1 redundancy HSRP-Data
duplex auto
speed auto
stand 10 ip 192.168.1.1
standby 10 priority 90
standby 10 preempt
standby 10 name HSRP-Data

By linking the IP helper command to HSRP ‘ip helper-address 10.1.1.1 redundancy HSRP-Data’ it is now able to track the HSRP state.  The IP helper redundancy name must match the HSRP name, in this case ‘HSRP-Data’.   Now when the DHCP client requests an IP configuration, it can be observed that only the active HSRP router replies:

dhcpserver#sh log | i through relay
*Mar  1 00:20:41.291: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63 through relay 192.168.1.2
Read Full Post | Make a Comment ( None so far )

802.1Q (Q-In-Q) Tunnelling

Posted on May 13, 2011. Filed under: Uncategorized | Tags: , , , , , |

Commonly used by service providers when providing L2 products, 802.1Q tunnel (aka Q-in-Q) can be used to allow multiple customers to trunk multiple VLANs over the service providers  switched infrastructure.  As a customer you can trunk your existing vlan numbering scheme, the VLAN tag you select is transparent to the service provider as they apply and use their own additional tag to identify you.

On receipt of a frame from the customer, the SP adds a second tag, in this case ’55’ , the ID must be unique for each customer.   After potentially traversing multiple SP switches the second tag is removed on egress to the respective customer. Refer to this link to see a packet capture highlighting the two 802.1Q headers.

To configure, the first step is to increase the switch system MTU by 4 bytes in order to accomodate the additional tag:

system mtu 1504

Secondly, to avoid potential clashing of customer and provider native untagged vlans, enable tagging of the native vlan:

vlan tag dot1q native

Enable dot1q tunnel on the customer facing interface, and L2 protocol tunnelling

!
interface FastEthernet0/16
 description SWP | Customer 1 Site
 switchport access vlan 55
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
!

Interconnections between the providers switchs are configured as trunk links, in this case permitting VLAN 55 for customer 1.

Layer 2 protocol tunnel (not to be confused with L2 tunnelling protocol) has been activated on the interface. This feature provides the customer with transparency between their sites, they see their remote switches in CDP, VTP information can be propagated across their WAN along with STP information. It looks like the sites are directly connected, despite the providers switches being in the switching path.

As you can see below the CDP, VTP and STP information is fowarded over the providers infrastructure:

S1#show l2protocol-tunnel

Port       Protocol Shutdown  Drop      Encapsulation Decapsulation Drop
                    Threshold Threshold Counter       Counter       Counter
---------- -------- --------- --------- ------------- ------------- -------------
Fa0/16              cdp           ----      ----        40        38         0
                    stp           ----      ----      5139       596         0
                    vtp           ----      ----         7         3         0
Read Full Post | Make a Comment ( None so far )

Disabling DHCP client default route

Posted on May 7, 2011. Filed under: Uncategorized | Tags: , , |

If you do not wish for your router to install the default route it receives when DHCP client is enabled on an interface,  use the command below to raise the AD so it’s not entered into RIB.  This is useful if you are using dynamic routing on a WAN interface, and want to use object tracking to detect lack of default routing.

!
interface FastEthernet0/0
description WAN LINK
bandwidth 1000000
ip dhcp client default-router distance 255 
ip address dhcp
Read Full Post | Make a Comment ( None so far )

Ethernet – Collisions

Posted on May 6, 2011. Filed under: Uncategorized | Tags: , |

Interfaces operate at half-duplex when connected to a shared ethernet segment (collision domain).

When an inteface in half-duplex mode is receiving a frame, it may buffer a frame being transmitted at the same time.  This will be displayed as a deferred frame when looking at the interface statistics.

Auto speed/duplex negotiation is the default, to deactivate it you can manually set speed/duplex.  Speed must be set before duplex otherwise an error is displayed.

If auto-negotiation is disabled on one end, the Cisco switch will default to half duplex for 10/100M, and full duplex for 1G.

Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...