Routerlab – FAQ

Last modification Friday, 08-May-2009 09:48:47 CEST

Color System

We try to use the following colors in the FAQ (only visible in graphical browsers).

• This item has been recently inserted

• This item has been recently modified

• This item has been existing for a while and has not been changed recently

Questions

General

• What are the requirements for your solutions?

• What does a solution consist of?

• How do we submit our solution?

• What should I do if I have questions?

• What is needed to pass the course?

• Which password do I need for ham-rj1, muc-rj1 or ber-rj1

• What should I if a ping between two routers does not work?

• What is the difference between port-based VLAN and tagged VLAN and how is it configured?

• How to configure tagged VLAN (802.1Q) on Juniper and Cisco router?

• How can I reset a device to default configuration?

• How to save and restore a configuration on Juniper and Cisco devices?

• What do I have to do if I can't attend my debriefing session and what are the consequences?

Answers

General

What are the requirements for your solutions?

• The solution consists of multiple parts (see What does a solution consist of?). You have to provide all configuration inputs on routers, switches and loadgens and the output of all commands such as tcpdump. Sometimes, you will also have to answer questions with a few sentences or to provide a topology map of your configuration.

• The written part of your solution must be comprehensible. In terms of language you can use German or English

• The implementation part needs to work on the devices that have been assigned to you.

• You need to submit your solutions on time. In general, this will be Friday, at 8.00 am. If you submit multiple times, only the last solution will be considered for grading.

• Both team partner need to understand the common solution and should be able to explain it.

• Cheating (e.g., copying solutions from other teams) will be severly punished.

What does a solution consist of?

A solution consists of the following files:

Main solution:

This file can either be in PDF format or it can be an ASCII text file. It should be named either "solution.pdf" or "solution.txt". The solution file should contain all written parts of your solution. For example, if we ask you to explain what you see in the debug output of a router or how a routing protocol works, you should explain this in the "main solution". In addition to that, the main solution must contain references to all other files of your solutions (see below). Do not include complete router configurations etc. in this file! However, you may include short snippets of your configuration that illustrate your answers!

Configurations of routers/switches:

Configurations of a router or switch need to be provided as text files that obey to our naming convention. Assume that you want to submit the configuration of ham-rc1 and the configuration is related to Question 2, then use the following name:
2.ham-rc1.configuration.txt

Output of commands:

Output of commands such as tcpdump can either be included in the main solution or they can be provided in extra text files. Assume that tcpdump creates output for Question 4 on Loadgen 101, then use the following name:
4.loadgen4.tcpdump.output.txt

Topology maps:

Frequently, you will be asked to provide a topology map that shows the assignment of IP addresses etc. The topology can be created with any tool (e.g., Visio, Dia, XFig). Convert the generated plot into PDF! We will only accept PDFs with the following name:
topology.map.pdf

How to submit solutions?

• Your solution should be complete and the files should follow the naming conventions specified in What does a solution consist of?.

• Copy all files that you submit into a new directory on Cheetah.

• Then use the following command on Cheetah:
  submit-assignment "src_dir" "number"
  All the files inside directory "src_dir" will be submitted. "number" specifies the current work sheet number (e.g., 1 for the first work sheet). It is possible to submit multiple solutions. The last one you submit will be considered for grading.

What should I do if I have questions?

1. First read the FAQ!!

2. Use means such as the web, online documents, etc.

3. It is also allowed to talk with other students on how to approach the problems of the work sheets. However, you are not allowed to copy solutions from other teams.

4. If you still have problems, please send an e-mail to the "praktikum" mailing list (praktikumlists.net.t-labs.tu-berlin.de). Then all tutors of the lab course will read your e-mail and you will get a fast reply).

What is needed to pass the course?

• You need to obtain at least 25% for each work sheet (one exception!).

• You need to obtain at least 75% of the total points throughout the semester.

• Attendance to all debriefing sessions.

Which password do I need for ham-rj1, muc-rj1, or ber-rj1?

Recent version of JUNOS require to configure a password. To access ham-rj1, muc-rj2 or ber-rj1 use the login "root" and the password "Router". ham-rj2, muc-rj2 and ber-rj2 don't ask for a password as they use an older JUNOS version.

What should I do if a ping between two routers does not work?

• Check that the required interfaces are enabled. On Cisco routers, have a look at the configuration and if you see for an interface the statement "shutdown", then execute in interface configuration mode the command "no shutdown". Currently, the default configurations that are loaded at the beginning of each new reservation have all interfaces automatically disabled. We may change this in the future! For Juniper routers, interfaces can be enabled with the command "delete interfaces ge-x/x/x disable". However, by default all interfaces should be enabled on Juniper routers.

• Check that the IP addresses are correctly configured (e.g., IP addresses of adjacent interfaces are in same subnet).

• Check that the VLAN configuration on the routers and switches(!) is correct (not necessary for work sheet 1).

• Check the status of all physical links needed for connectivity between the two routers. On Cisco routers and switches use the command switch#show interface status, on Juniper use root@router>show interfaces terse. If you find that a certain physical links is not "up" or "not connected", try the command switch#clear interface <interface-name> on Cisco devices (in particular on switches!) to reset the hardware logic on an interface. If the link is still down and if it connects to a Juniper device, try to delete the interface (delete) before you add it again (edit).

What is the difference between port-based VLAN and tagged VLAN and how is it configured?

Port-based VLAN:

The rule of thumb is that port-based VLAN (access mode) is used if a physical link corresponds to a single VLAN. Basically port-based VLANs virtually partition a switch. Individual ports of a switch can be assigned to a certain VLAN (not to multiple VLANs!). After a port has been assigned to a VLAN, the port generally cannot send to or receive from devices in another VLAN. For port-based VLANs you only need to configure the switch. You don't need to add logical interfaces (sub-interfaces or units) to a router. The following commands are needed to assign a VLAN ID to a specific port of a switch:

switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan "vlan-id"

Tagged VLAN (802.1Q):

Contrary to port-based VLANs, tagged VLANs should be used if multiple VLANs share the same physical link. On our work sheets, tagged VLAN is needed if a certain physical link is used by multiple (!) VLANs (e.g., a and b). In this case, it is not possible to exclusively assign a certain switch port to a VLAN as port-based VLAN does. In such a situation, you should use trunk mode (and not access mode) for all switch ports that need to receive or forward traffic for VLANs a and b. The following commands are needed to configured tagged VLAN for a switch interface:

switch(config-if)# switchport trunk allowed vlan add "vlan-id"
switch(config-if)# switchport mode trunk

Make sure that the vlan-id has been added to the VLAN database. To check use the following command:

switch#show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4, ...
403  VLAN0403                         active

In this example, VLAN ID 403 is already stored in the VLAN database. If your vlan-id is not show in this output, use the following commands to add it:

switch(config)# vlan "vlan-id"
switch(config-vlan)# exit

Whenever you configure tagged VLAN (trunk mode) on a switch port, you also need to configure a logical interface (sub-interface or unit) on routers that are connected to such switch ports. Read How to configure tagged VLAN (802.1Q) on Juniper and Cisco router? to find out how this is done.

Let's assume that VLAN A uses port 1 and port 2 of a certain switch. Port 2 is also used by another VLAN B, while port 1 is exclusively assigned to VLAN A. In this case, it is possible to used port-based VLAN for port 1 (access mode), while using tagged VLAN for port 2 (trunk mode). Make sure that you don't configure subinterfaces on routers if access mode mode is configured on the incident switch ports.

How to configure tagged VLAN (802.1Q) on Juniper and Cisco router

In order to use tagged VLAN, you need to configure "logical interfaces" for both Cisco and Juniper. While Cisco calls such "logical interfaces" subinterfaces, Juniper calls them units. You can define multiple units or subinterfaces per physical interface, e.g., if the same physical interface is attached to different VLANs. For example, this is the case for rj2 on work sheet 2, as it is connected to 2 tagged VLANs (one to rc1, one to rj1). The following examples illustrate how units and subinterfaces are configured:

Cisco:

To create a new sub-interface for the physical interface f0/1, use the following commands:

router(config)# int f0/1.X
router(config-subif)# encapsulation dot1Q "vlan-ID"
router(config-subif)# ip address 192.168.0.1 255.255.255.0

In this example, X is an integer number that you can choose. We recommend that you select X to be the same number as your VLAN-ID. The configuration of the "logical interface" is done in subinterface configuration mode. There you need to specify the vlan-ID with the encapsulation command. IP addresses can be configured as for physical interfaces. Always make sure that the corresponding physical interface is not administratively shutdown!

Juniper:

To configured tagged VLAN on Juniper routers, you need to add multiple units for a physical interfaces. This is illustrated by the following example:

interfaces {
    ge-x/x/x {
        vlan-tagging;
        unit 100 {
            vlan-id 100;
            family inet {
                address 10.1.2.1/16;
            }
        }
        unit 200 {
            vlan-id 200;
            family inet {
                address 192.168.0.2/24; }
            }
        }
}

The example above configures two "logical interfaces" (units) for the physical interface ge-x/x/x. VLAN tagging is enabled with the command vlan-tagging. As soon as you use this command, you need to specify a VLAN ID for all units with the command vlan-id. If you don't to this, you won't be able to commit the configuration. In this lab course, we will not ask you to configure a VLAN-ID for one unit while using no VLAN-ID for another unit of the same physical interface. Therefore, the simplest solutions are to delete unused units or to configure an arbitrary VLAN ID for unused units. However, do not configure the VLAN-ID 0 on Juniper routers.

How to save and restore a configuration on Juniper and Cisco devices using Copy and Paste?

We recommend that you manually dump your configuration on Cisco and Juniper devices from time to time. This is done by accessing the router, displaying the complete configuration of the router, marking the configuration text in your terminal window and pasting it into a text file. To display the configuration on Cisco use show running-config in privileged EXEC mode, on Juniper use show configuration on the CLI operational mode.

For Cisco devices, you can reload the stored configuration by just pasting the content of the text file into the global configuration mode. Note that this approach only merges the current configuration with the configuration you are restoring. Certain statements of the current configuration such as secondary IP addresses or static routes may not disappear, after having reloaded a configuration. Therefore, you should always have a look at the result of your manual reload.

For Juniper routers, you can reload a dumped configuration with the command load override terminal. Afterwards you can paste your dumped configuration, followed by a CTRL + d. In constrast to Cisco, all existing configuration entries are deleted with the key word override.

Finally, we point to the command lab --cx that prints a configuration, dumped with the Labtool, to STDOUT.

How can I reset a device to default configuration?

By default an empty configuration is loaded for your routers and switches at the beginning of your time slot. Unfortunately, due to a bug in the Labtool, this sometimes does not work properly. In the following, we explain how to quickly obtain an empty configuration on your device.

Please follow the steps below to reset to an empty configuration if you find that you do not have an empty configuration at the beginning of your time slot.

Loadgens:

To work with a clean configuration on the Loadgen either powercycle the device via Labtool or use the command:

shutdown -r now

Cisco router and switches:

If you only want to remove all configuration settings from a specific interface, we recommend to use the following command:

cisco-device(config)# default interface "interface name"

Note that this command removes all subinterfaces of the specified physical interface, too. If you encounter a situation where only deleting interface settings is not sufficient, you can reset the Cisco device to factory defaults as follows:

cisco#erase nvram
...
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
...
cisco#reload

System configuration has been modified. Save? [yes/no]: no
...
Proceed with reload? [confirm]
...
Would you like to enter the initial configuration dialog? [yes/no]: no
...
Would you like to terminate autoinstall? [yes]:
...
Press RETURN to get started!
...
router(config)#hostname "hostname"

Please don't forget to configure the appropriate hostname for the Cisco device!

Note that in order to delete VLAN state from switches, you need to do the following before you start with the command erase nvram (see above).

switch# delete flash:vlan.dat
Delete filename [vlan.dat]? vlan.dat
Delete flash:vlan.dat? [confirm]

Juniper router:

To delete all interface configuration settings, delete the complete interface:

delete interfaces ge-x/x/x
commit

Then recreate it with:

edit interfaces ge-x/x/x
commit

If you encounter a situation where only deleting interface settings is not sufficient, you can reset Juniper routers to factory defaults as follows:

root@router# load factory-default
root@router#  set system host-name "host-name"
...
root@router# commit

Please, don't forget to configure the appropriate hostname! On rj1 routers set the password "Router" before you commit:

root@router# set system root-authentication plain-text-password
New password: Router
Retype new password: Router

To obtain the default configuration of this router use the following command:

load override default-config
commit

Please note that our default configurations (which the Labtool is supposed to load at the beginning of new time slots) are not identical to the factory defaults.

What do I have to do if I can't attend my debriefing sessions and what are the consequences?

The purpose of having debriefing sessions is to check if both members of each group contributed to the solution of a work sheet. We want to avoid that individual group members obtain points for a work sheet, although they have not contributed at all. For this reason, attendance to debriefings is mandatory for everyone! From now on, we will enforce this policy more strictly to guarantee fairness.

From now on, you will only obtain points for a work sheet, if you have been "debriefed" on this work sheet. Not having attended the debriefings, means not to pass the work sheet (0 points). Note that we differentiate between individual group members. It is not sufficient if only one group member participates in the debriefing sessions. In cases where one group member turns up in the debriefing while the other one is absent without obeying to the rules described below, we will assign 0 points for the person who is absent (and up to full points for the person who is present). There may be emergencies which prevent you from attending your debriefing session. In this case, the following rules apply if you want to obtain points for your work sheet:

Send an e-mail to all tutors and not to an individual tutor, using the praktikum mailing list at least one day before your debriefing session takes place. In this e-mail, indicate the reason for your absence. Note that high workload in other university courses or obligations at another job are generally not valid excuses. We will reply to your e-mail and inform you whether we accept the reason for your absence. If not, you won't obtain any points for the work sheet unless you participate in your debriefing session. If yes, it is your responsibility to contact us and to organize an alternative appointment (i.e., in the other debriefing session or after the debriefing session next week). Before someone has not successfully been debriefed, he has not passed the work sheet (0 points).