2017年11月6日 星期一

Cisco L2 Bridging Across an L3 Network(L2TPv3,GRE)



R7設定
pseudowire-class test
 encapsulation l2tpv3
 ip local interface Ethernet0/0

interface Ethernet0/1
 no ip address
 xconnect 1.1.1.2 1 encapsulation l2tpv3 pw-class test

R9設定
pseudowire-class test1111
 encapsulation l2tpv3
 ip local interface Ethernet0/0
interface Ethernet0/1
 no ip address
 xconnect 1.1.1.1 1 encapsulation l2tpv3 pw-class test1111

在R7與R9輸入show xconnect all
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  HS=Hot Standby     RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP pri   ac Et0/1:4(Ethernet)            UP l2tp 1.1.1.2:1                    UP

Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  HS=Hot Standby     RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP pri   ac Et0/1:4(Ethernet)            UP l2tp 1.1.1.1:1                    UP

以及在R7與R9輸入show L2tun tunnel all


L2TP Tunnel Information Total tunnels 1 sessions 1

Tunnel id 1977738540 is up, remote id is 1914104780, 1 active sessions
  Remotely initiated tunnel
  Tunnel state is established, time since change 00:09:43
  Tunnel transport is IP  (115)
  Remote tunnel name is Router
    Internet Address 1.1.1.2, port 0
  Local tunnel name is Router
    Internet Address 1.1.1.1, port 0
  L2TP class for tunnel is l2tp_default_class
  Counters, taking last clear into account:
    81 packets sent, 81 received
    8795 bytes sent, 8795 received
    Last clearing of counters never
  Counters, ignoring last clear:
    81 packets sent, 81 received
    8795 bytes sent, 8795 received
  Control Ns 12, Nr 5
  Local RWS 1024 (default), Remote RWS 1024
  Control channel Congestion Control is disabled
  Tunnel PMTU checking disabled
  Retransmission time 1, max 1 seconds
  Unsent queuesize 0, max 0
  Resend queuesize 0, max 1
  Total resends 0, ZLB ACKs sent 3
  Total out-of-order dropped pkts 0
  Total out-of-order reorder pkts 0
  Total peer authentication failures 0
  Current no session pak queue check 0 of 5
  Retransmit time distribution: 0 0 0 0 0 0 0 0 0
  Control message authentication is disabled

底下R8與R10就可以互通了。

需要注意→範例在R7 interface下xconnect指令,R9就一樣要在interface。
如果R7是使用vlan interface,那R9一樣要用vlan interface,也就是兩邊的interface type要一樣。


參考連結
https://www.byteworks.com/blog/layer-2-extensibility-options-for-business-networks/
https://www.cisco.com/c/zh_cn/support/docs/ip/layer-two-tunnel-protocol-l2tp/116266-configure-l2-00.html
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv325.html

Fortigate HA Active-standby腳色切換

Fortigate HA Active-standby腳色切換。
除了將其中一台拔port(有監控的介面),或是關機(重開)。
還可以在Active那台輸入:
diag sys ha reset-uptime

這樣原本Active那台的ha uptime就會被reset,變成比standby的那台低。
腳色就會切換。

可參考底下原廠的圖