Routerlab – FAQ

Last modification

Color System

We try to use the following colors in the FAQ (only visible in graphical browsers).



Work Sheet 2

Work Sheet 9



What are the host names of the machines in Asterix?

The host names are: adder, boa, catsnake, cobra, copperhead, cottonmouth, keelback, kingsnake, lancehead, mudsnake, python, rattlesnake, seakrait, seasnake, seapython, cottonmouth, copperhead, cobra, boa, and viper, the domain is

An example for a complete hostname is

What are the requirements for your solutions?

What does a solution consist of?

A solution consists of the following files:

Main solution:

This file can either be in PDF format or it can be an ASCII text file. It should be named either "solution.pdf" or "solution.txt". The solution file should contain all written parts of your solution. For example, if we ask you to explain what you see in the debug output of a router or how a routing protocol works, you should explain this in the "main solution". In addition to that, the main solution must contain references to all other files of your solutions (see below).

Configurations of routers/switches:

Configurations of a router or switch need to be provided as text files that obey to our naming convention. Assume that you want to submit the configuration of ham-rc1 and the configuration is related to Question 2, then use the following name:

Output of commands:

Output of commands such as tcpdump can either be included in the main solution or they can be provided in extra text files. Assume that tcpdump creates output for Question 4 on Loadgen 101, then use the following name:

Topology maps:

Frequently, you will be asked to provide a topology map that shows the assignment of IP addresses etc. The topology can be created with any tool (e.g., Visio, Dia, XFig). Convert the generated plot into PDF! We will only accept PDFs with the following name:

How to submit solutions?

What should I do if I have questions?

  1. First read the FAQ!!

  2. Use means such as the web, online documents, etc.

  3. It is also allowed to talk with other students on how to approach the problems of the work sheets. However, you are not allowed to copy solutions from other teams.

  4. If you still have problems, please send an e-mail to the "praktikum" mailing list ( Then all tutors of the lab course will read your e-mail and you will get a fast reply).

What is needed to pass the course?

Which password do I need for ham-rj1, muc-rj1, or ber-rj1?

Recent version of JUNOS require to configure a password. To access ham-rj1, muc-rj2 or ber-rj1 use the login "root" and the password "Router". ham-rj2, muc-rj2 and ber-rj2 don't ask for a password as they use an older JUNOS version.

What should I do if I can't connect to a device via lab -c?

Frequently, this is due to the fact that there are too many open connections to the terminal server. If you find that you can't connect to a device via lab -c, first try to kill all existing Telnet sessions: lab -k "device name" -u "login". If this does not work, sent e-mail to the praktikums mailing list! We will come back to you as soon as possible. Don't come to our desks for this reason!

What should I do if a ping between two routers does not work?

What is the difference between port-based VLAN and tagged VLAN and how is it configured?

Port-based VLAN:

The rule of thumb is that port-based VLAN (access mode) is used if a physical link corresponds to a single VLAN. Basically port-based VLANs virtually partition a switch. Individual ports of a switch can be assigned to a certain VLAN (not to multiple VLANs!). After a port has been assigned to a VLAN, the port generally cannot send to or receive from devices in another VLAN. For port-based VLANs you only need to configure the switch. You don't need to add logical interfaces (sub-interfaces or units) to a router. The following commands are needed to assign a VLAN ID to a specific port of a switch:

switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan "vlan-id"
Tagged VLAN (802.1Q):

Contrary to port-based VLANs, tagged VLANs should be used if multiple VLANs share the same physical link. On our work sheets, tagged VLAN is needed if a certain physical link is used by multiple (!) VLANs (e.g., a and b). In this case, it is not possible to exclusively assign a certain switch port to a VLAN as port-based VLAN does. In such a situation, you should use trunk mode (and not access mode) for all switch ports that need to receive or forward traffic for VLANs a and b. The following commands are needed to configured tagged VLAN for a switch interface:

switch(config-if)# switchport trunk allowed vlan add "vlan-id"
switch(config-if)# switchport mode trunk

Make sure that the vlan-id has been added to the VLAN database. To check use the following command:

switch#show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4, ...
403  VLAN0403                         active

In this example, VLAN ID 403 is already stored in the VLAN database. If your vlan-id is not show in this output, use the following commands to add it:

switch(config)# vlan "vlan-id"
switch(config-vlan)# exit

Whenever you configure tagged VLAN (trunk mode) on a switch port, you also need to configure a logical interface (sub-interface or unit) on routers that are connected to such switch ports. Read How to configure tagged VLAN (802.1Q) on Juniper and Cisco router? to find out how this is done.

Let's assume that VLAN A uses port 1 and port 2 of a certain switch. Port 2 is also used by another VLAN B, while port 1 is exclusively assigned to VLAN A. In this case, it is possible to used port-based VLAN for port 1 (access mode), while using tagged VLAN for port 2 (trunk mode). Make sure that you don't configure subinterfaces on routers if access mode mode is configured on the incident switch ports.

How to configure tagged VLAN (802.1Q) on Juniper and Cisco router

In order to use tagged VLAN, you need to configure "logical interfaces" for both Cisco and Juniper. While Juniper calls such "logical interfaces" subinterfaces, Juniper calls them units. You can define multiple units or subinterfaces per physical interface, e.g., if the same physical interface is attached to different VLANs. For example, this is the case for rj2 on work sheet 2, as it is connected to 2 tagged VLANs (one to rc1, one to rj1). The following examples illustrate how units and subinterfaces are configured:


To create a new sub-interface for the physical interface f0/1, use the following commands:

router(config)# int f0/1.X
router(config-subif)# encapsulation dot1Q "vlan-ID"
router(config-subif)# ip address

In this example, X is an integer number that you can choose. We recommend that you select X to be the same number as your VLAN-ID. The configuration of the "logical interface" is done in subinterface configuration mode. There you need to specify the vlan-ID with the encapsulation command. IP addresses can be configured as for physical interfaces. Always make sure that the corresponding physical interface is not administratively shutdown!


To configured tagged VLAN on Juniper routers, you need to add multiple units for a physical interfaces. This is illustrated by the following example:

interfaces {
    ge-x/x/x {
        unit 100 {
            vlan-id 100;
            family inet {
        unit 200 {
            vlan-id 200;
            family inet {
                address; }

The example above configures two "logical interfaces" (units) for the physical interface ge-x/x/x. VLAN tagging is enabled with the command vlan-tagging. As soon as you use this command, you need to specify a VLAN ID for all units with the command vlan-id. If you don't to this, you won't be able to commit the configuration. In this lab course, we will not ask you to configure a VLAN-ID for one unit while using no VLAN-ID for another unit of the same physical interface. Therefore, the simplest solutions are to delete unused units or to configure an arbitrary VLAN ID for unused units. However, do not configure the VLAN-ID 0 on Juniper routers.

How to save and restore a configuration on Juniper and Cisco devices using Copy and Paste?

We recommend that you manually dump your configuration on Cisco and Juniper devices from time to time. This is done by accessing the router, displaying the complete configuration of the router, marking the configuration text in your terminal window and pasting it into a text file. To display the configuration on Cisco use show running-config in privileged EXEC mode, on Juniper use show configuration on the CLI operational mode.

For Cisco devices, you can reload the stored configuration by just pasting the content of the text file into the global configuration mode. Note that this approach only merges the current configuration with the configuration you are restoring. Certain statements of the current configuration such as secondary IP addresses or static routes may not disappear, after having reloaded a configuration. Therefore, you should always have a look at the result of your manual reload.

For Juniper routers, you can reload a dumped configuration with the command load override terminal. Afterwards you can paste your dumped configuration, followed by a CTRL + d. In constrast to Cisco, all existing configuration entries are deleted with the key word override.

Finally, we point to the command lab -x that prints a configuration, dumped with the Labtool, to STDOUT.

How can I reset a device to default configuration?

By default an empty configuration is loaded for your routers and switches at the beginning of your time slot. Unfortunately, due to a bug in the Labtool, this sometimes does not work properly. In the following, we explain how to quickly obtain an empty configuration on your device. Also we will soon provide the default (empty) configurations for all routers and switches on the following Wiki page. Compare to those if you are not sure whether the current configuration of a router or switch corresponds to the default configuration.

Please follow the steps below to reset to an empty configuration if you find that you do not have an empty configuration at the beginning of your time slot.


To work with a clean configuration on the Loadgen either powercycle the device via Labtool or use the command:

shutdown -r now
Cisco router and switches:

If you only want to remove all configuration settings from a specific interface, we recommend to use the following command:

cisco-device(config)# default interface "interface name"

Note that this command removes all subinterfaces of the specified physical interface, too. If you encounter a situation where only deleting interface settings is not sufficient, you can reset the Cisco device to factory defaults as follows:

cisco#erase nvram
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]

System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
Would you like to enter the initial configuration dialog? [yes/no]: no
Would you like to terminate autoinstall? [yes]:
Press RETURN to get started!
router(config)#hostname "hostname"

Please don't forget to configure the appropriate hostname for the Cisco device!

Note that in order to delete VLAN state from switches, you need to do the following before you start with the command erase nvram (see above).

switch# delete flash:vlan.dat
Delete filename [vlan.dat]? vlan.dat
Delete flash:vlan.dat? [confirm]
Juniper router:

To delete all interface configuration settings, delete the complete interface:

delete interfaces ge-x/x/x

Then recreate it with:

edit interfaces ge-x/x/x

If you encounter a situation where only deleting interface settings is not sufficient, you can reset Juniper routers to factory defaults as follows:

root@router# load factory-default
root@router#  set system host-name "host-name"
root@router# commit

Please, don't forget to configure the appropriate hostname! On rj1 routers set the password "Router" before you commit:

root@router# set system root-authentication plain-text-password
New password: Router
Retype new password: Router

Please note that our default configurations (which the Labtool is supposed to load at the beginning of new time slots) are not identical to the factory defaults. You can obtain the default configurations from the Wiki and load them using the steps described in How to save and restore a configuration on Juniper and Cisco devices?. However, in most cases this should not be necessary.

What do I have to do if I can't attend my and what are the consequences?

The purpose of having debriefing sessions is to check if both members of each group contributed to the solution of a work sheet. We want to avoid that individual group members obtain points for a work sheet, although they have not contributed at all. For this reason, attendance to debriefings is mandatory for everyone! From now on, we will enforce this policy more strictly to guarantee fairness.

From now on, you will only obtain points for a work sheet, if you have been "debriefed" on this work sheet. Not having attended the debriefings, means not to pass the work sheet (0 points). Note that we differentiate between individual group members. It is not sufficient if only one group member participates in the debriefing sessions. In cases where one group member turns up in the debriefing while the other one is absent without obeying to the rules described below, we will assign 0 points for the person who is absent (and up to full points for the person who is present). There may be emergencies which prevent you from attending your debriefing session. In this case, the following rules apply if you want to obtain points for your work sheet:

Send an e-mail to all tutors and not to an individual tutor, using the praktikum mailing list at least one day before your debriefing session takes place. In this e-mail, indicate the reason for your absence. Note that high workload in other university courses or obligations at another job are generally not valid excuses. We will reply to your e-mail and inform you whether we accept the reason for your absence. If not, you won't obtain any points for the work sheet unless you participate in your debriefing session. If yes, it is your responsibility to contact us and to organize an alternative appointment (i.e., in the other debriefing session or after the debriefing session next week). Before someone has not successfully been debriefed, he has not passed the work sheet (0 points).

Work Sheet 2

Juniper: How to advertize RIP routes learned from a certain neighbor to another neighbor?

By default, the RIP implementation on Juniper routers does not export routes it has learned from a certain neighbor to other neighbors. To have RIP export routes, you need to define an export policy. The following code shows that you need to define inside policy-options a new policy that applies and accepts all RIP packets. Furthermore, you need to specify inside the RIP configuration that this policy should be used for exporting routes (export "policy-name").

policy-options {
    policy-statement "policy-name" {
        from protocol rip;
        then accept;
protocols {
    rip {
        group rip {
        export "policy-name";
        neighbor ge-x/x/x;
        neighbor ...;

How to restore the state of the Loadgen?

Due to the deadline extension for work sheet 2, the Loadgens may not be in the state that is needed to solve the problems of work sheet 2. Groups that have already started to work on exercise sheet 3 may have already changed the Quagga configuration. However, you learn on work sheet 3 how to configure the Quagga software routers. Therefore, it is now your responsibility to check if Quagga is in the appropriate state that is needed for the RIP problems of work sheet 2. We do not pre-configure the software router on the Loadgen any more for you.

To reset the Loadgen to the state that is required for work sheet 2, please following these steps:

I don't see any debug output in Question 2e) on the Cisco router!

If you don't see any debug output after applying the command debug ip rip in Question 2e), then apply the following command:

logging console debugging

Work Sheet 9

What should I do if Harpoon does not start?

If you have problems with Harpoon, first check with the following command that LD_LIBRARY_PATH is set.
       printenv | grep 'harpoon'
If you do not see the last line, use the following command before starting any Harpoon process.
 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/harpoon/plugins