EIGRP Matrix Calculation(Part-2)

In Above Topology,
Outgoing interfaces for remote networks 172.16.0.0/23,172.16.2.0/23,172.16.4.0/23 from Snoe Router is Snoe's f0/0 and Sophia's Lo0,Lo1,Lo2.
Outgoing interfaces for remote networks 200.0.0.8/29 from Snoe Router is Snoe's f0/0 and Sophia's f0/1.
Outgoing interfaces for remote networks 200.0.0.16/30,200.0.0.20/30 from Snoe Router is Snoe's f0/0,Sophia's f0/1 and Kasi's Lo0,Lo1.

Router        Outgoing Interface         Bandwidth                   Delay    
Snoe                  f0/0                        100000 Kbits         100 microsecond
Sophia               f0/1                        10000 Kbits           1000 microsecond
Sophia               Lo0                        8000000 Kbits       5000 microsecnond
Kasi                   Lo0                        8000000 Kbits       5000 microsecnond

Snoe>enable
Snoe#show ip route eigrp
  200.0.0.0/24 is variably subnetted,4 subnets,2 masks
D   200.0.0.8/29 [90/284160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   200.0.0.16/30 [90/412160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   200.0.0.20/30 [90/412160] via 200.0.0.3, 1:44:39, FastEthernet0/0
  172.16.0.0/23 is subnetted,3 subnets
D   172.16.4.0 [90/156160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   172.16.0.0 [90/156160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   172.16.2.0 [90/156160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   192.168.4.0/23 [90/156160] via 200.0.0.2, 1:44:39, FastEthernet0/0
D   192.168.6.0/23 [90/156160] via 200.0.0.2, 1:44:39, FastEthernet0/0
D   192.168.0.0/22 [90/156160] via 200.0.0.2, 1:44:39, FastEthernet0/0

EIGRP Matrix Formula

metric = [K1 * bandwidth+(K2 * bandwidth)/(256 - load)+K3 * delay] * [K5/(reliability + K4)]

Eigrp matrix weight K1=1,K2=0,K3=1,K4=0,K5=0.
Metric = bandwidth + delay 

The lest Metric Formula for Cisco's Router,
Metric={(10,000,000/slowest bandwidth in kbps)+(total delay in microsecond /10)}*256
Slowest bandwidth in kbps=Only one interface's bandwidth that have lowest bandwidth among all                      outgoing interfaces to desire remote
Total delay in microsecond=The sum of the all outgoing interface's delay.

D   200.0.0.8/29 [90/284160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   200.0.0.8/29 [90/412160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   200.0.0.8/29 [90/412160] via 200.0.0.3, 1:44:39, FastEthernet0/0

Sophia's f0/0 has lowest bandwidth,
Metric={(10,000,000/slowest bandwidth in kbps)+(total delay in microsecond /10)}*256
Metric={(10,000,000/10000)+(1100 /10)}*256
Metric={1000+110}*256
Metric={1110}*256 = 284160

Metric={(10,000,000/slowest bandwidth in kbps)+(total delay in microsecond /10)}*256
Metric={(10,000,000/10000)+(6100 /10)}*256
Metric={(1000)+(610)}*256 
Metric=(1610)*256  =412160

D   172.16.4.0 [90/156160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   172.16.0.0 [90/156160] via 200.0.0.3, 1:44:39, FastEthernet0/0
D   172.16.2.0 [90/156160] via 200.0.0.3, 1:44:39, FastEthernet0/0

Total delay=Snow's f0/0+Sophia's Lo0 = 100 +5000=5100 microsecond
Lowest Bandwidth Interface=Snow's Interface =100000 Kbits
Metric={(10,000,000/slowest bandwidth in kbps)+(total delay in microsecond /10)}*256
Metric={(10,000,000/100000)+(5100/10)}*256
Metric={(100)+(510)}*256
Metric={610}*256 = 156160

 ေလးစားစြာျဖင့္

WinTunHlaing

EIGRP Metric Calculation(Part-1)

EIGRP Routing Protocol က Cisco Proprietary ျဖစ္ျပီး အျခားေသာ routing protocol ေတြနဲ႔မတူတဲ့ အခ်က္ကေတာ့ Bandwidth,Delay,Reliability,Load တို႔ကို Metric တြက္ရာမွာသံုးပါတယ္..။ EIGRP Metric မတြက္မီေအာက္ပါတို႔ကိုေသခ်ာနားလည္ဖို႔ေတာ့လိုအပ္ပါတယ္..။

1.Feasible distance(FD)

2.Advertised distance(AD)

3.Successor

4.Feasible Successor

5.Neighborship Table

6.Topology table

7.Routing Table

EIGRP Metric တြက္တဲ့အေႀကာင္းကိုပဲအဓိကေရးမွာျဖစ္လုိ႔ Metric တြက္ရာမွာအဓိကအေရးပါတာေလးေတြ ကိုပဲေရးပါ့မယ္။ Successor ဆိုတာသည္ Primary Route ျဖစ္ျပီး Remote Network တစ္ခုအတြက္ the best route ရွိတဲ့ path ျဖစ္ပါတယ္။Routing Table မွာ တိုက္ရိုက္ေတြ႕ရတဲ့ Route မ်ားသည္ Successor Route မ်ားျဖစ္ပါတယ္။Feasible Successor ကေတာ့ Buckup Route ျဖစ္ျပီး Topology Table ထဲမွာသိမ္းထား ပါတယ္။EIGRP က Feasible Successor 16 ခုထိသိမ္းထားေပးနိုင္ျပီး အေကာင္း ဆံုး Metric ရွိတဲ့ Route ကို Routing table ထဲသို႔ဆြဲတင္ျပီး Successor ျဖစ္လာေစပါတယ္။
Advertised Distance ကေတာ့ Neighbor Router ကေန Report လုပ္တဲ့ Remote Network ရဲ့ Metric ျဖစ္ပါ တယ္။တစ္နည္းအားျဖင့္ Neighbor Router မွသည္ target Destination network ရဲ့ cost လို႔ လည္းေျပာလို႔ရ ပါတယ္။Feasible Distance ဆိုတာကေတာ့ Local Router နွင့္ Next-hop Router မ်ားႀကားမွာရွိတဲ့ Advertised Distance မ်ားေပါင္းလဒ္ျဖစ္ျပီး EIGRP Metric လည္းျဖစ္ပါတယ္။တစ္နည္းအား ျဖင့္ Feasible Distance သည္ EIGRP Metric ျဖစ္ပါတယ္။
 
EIGRP Metric ကိုေအာက္ပါ Formula အတိုင္းတြက္ယူရမွာျဖစ္ပါတယ္။

metric = [K1 * bandwidth+(K2 * bandwidth)/(256 - load)+K3 * delay] * [K5/(reliability + K4)]
 

အထက္ပါ Topology ေလးမွ Sophia Router မွသည္ 172.16.1.0/24သို႔လည္းေကာင္း၊ 200.0.0.132/30 သို႔လည္းေကာင္း၊200.0.0.136/30 သို႔လည္းေကာင္း FD မ်ားကိုအသီးသီးတြက္ႀကည့္ ပါမယ္။Sophia မွ 200.0.0.136/30 သို႔ Sophia’s s0/0,Kaylar’s s1/1,Mable’s Lo0 Interfaces မ်ား သည္ outgoing interfaces မ်ားျဖစ္ပါတယ္။ထို႔အတူ Sophia မွ 200.0.0.132/32 Remote network အတြက္ Sophia’s s0/0 နွင့္ Kaylar s1/1 တို႔သည္ Outgoing interface မ်ားျဖစ္ပါတယ္။သက္ဆိုင္ရာ outgoing interface မ်ားကို မွင္ေရာင္မ်ားျဖင့္ highlight ျပထားပါတယ္။

ကြ်န္ေတာ္တုိ႔ Metric Formula ထဲမွာ K Value ေတြပါတယ္။အဲ့ဒါေတြကေတာ့ Metric Weight ေတြပါ။အ ခု Sophia ကေန Remote Network ေတြကို Metric တြက္မွာျဖစ္လို႔ Show ip protocol ဆိုတဲ့ command နဲ႔ K value ေတြႀကည့္နုိင္ပါတယ္။အဲ့မွာ EIGRP metric weight K1=1,K2=0,K3 =1, K4=0,K5=0 ဆိုျပီးေတြ႕ရပါ မယ္။ေအာက္ပါပံုေလးကအတုိင္းျဖစ္ပါတယ္.။

ဒါေႀကာင့္ K တန္ဖိုးေတြအစားသြင္းလုိက္ရင္ေအာက္ပါအတုိင္း Summarize ျဖစ္သြားမွာပါ

metric = bandwidth + delay 

Bandwidth ဆိုရာမွာ Remote Network သုိ႔ Outgoing Interface မ်ားစြာရွိသည့္အနက္မွ Bandwidth အနည္းဆံုး Interface ရဲ့ Bandwidth တစ္ခုကိုသာလွ်င္ယူရမွာပါ။Delay ဆိုတဲ့ ေနရာမွာေတာ့ ရွိသမွ် Outgoing Interface အားလံုးရဲ့ စုစုေပါင္းကိုယူရမွာျဖစ္ပါတယ္။Cisco Router မ်ားအတြက္ EIGRP Metric ကိုေအာက္ပါအ တုိင္းတြက္ထုတ္နုိင္ပါတယ္။

Metric={(10,000,000/slowest bandwidth in kbps)+(total delay in microsecond /10)}*256
 

Metric ကိုတြက္ဖို႔ရာ သက္ဆိုင္ရာ outgoing interface မ်ားရဲ့ Delay နဲ႔ Bandwidth ကိုသိရွိဖို႔ လိုပါတယ္။show interface interface-number command ကိုသံုးပါမယ္။ Show ip interface မဟုတ္ပါ။show interface ျဖစ္ပါ သည္။ကြာျခားခ်က္ကေတာ့ show ip interface command က Interface ေတြရဲ့ Layer3 information ေတြကို အဓိကျပတာျဖစ္ပါတယ္။အထက္ပံုေလးထဲကအတိုင္း Remote Network ရဲ့ Feasible Distance ေတြကိုတြက္ ႀကည့္ပါမယ္။

D      200.0.0.136/30  [90/2809856] via 200.0.0.130, 00:05:19, Serial0/0

D      200.0.0.140/30  [90/2809856] via 200.0.0.130, 00:05:19, Serial0/0

D      200.0.0.132/30  [90/2681856] via 200.0.0.130, 00:06:07, Serial0/0

Router       Outgoing Interface          Bandwidth(kbps)          Delay(microsecond)

Sophia            s0/0                                  1544                            20000

Kayla             s1/1                                  1544                            20000

Kayla             Lo0                               8000000                             5000

Mable            Lo0                               8000000                             5000

200.0.0.132/30 Remote Network ရဲ့ Metric ကိုတြက္ဖုိ႔ရာ Sopia ရဲ့ s0/0 နဲ႔ Kayla ရဲ့ s1/1 ဆိုတဲ့ outgoing နွစ္ခုရွိပါတယ္။နွစ္ခုလံုးက Bandwidth တူေနတဲ့အတြက္ တစ္ခုကိုပဲယူပါမယ္။သို႔ေသာ္တစ္ခု ကငယ္ေနခဲ့မယ္ဆို ရင္ငယ္တဲ့ေကာင္ကိုပဲယူပါမယ္။ Delay က်ေတာ့နွစ္ခုလံုးရဲ့ေပါင္းလဒ္ျဖစ္ပါတယ္။

Metric={(10,000,000/1544)+[(20000+20000)]/10}*256

         ={6476.683937823834+4000)*256

         ={6476+4000}*256 = 2681856

200.0.0.136/30 အတြက္ကေတာ့ Mable ရဲ့ Lo0 interface ကိုပါ Outgoing အေနနဲ႔ယူရမွာပါ။ Delay ကေတာ့ အားလံုးေပါင္းလဒ္ျဖစ္ပါတယ္။Bandwidth ကေတာ့ထံုးစံတအတိုင္းအေသးဆံုးတစ္ခုကိုပဲယူ ပါမယ္။:)

Metric = {(10,000,000/1544)+[(20000+20000+5000)/10]}*256

          = {6476.683937823834+4500}*256

          = {6476+4500}*256 = 2809856 

172.16.1.0/24 အတြက္ကေတာ့ Sophia ရဲ့ s0/0 နဲ႔ Kayla ရဲ့ Lo0 interface မ်ားက outgoing interface မ်ားျဖစ္ပါတယ္။ဒါေႀကာင့္သူ႔ရဲ႕ Metric ကိုေအာက္ပါအတုိင္းတြက္ယူနုိင္ပါတယ္။

D     172.16.2.128/26 [90/2297856] via 200.0.0.130, 00:06:51, Serial0/0

D     172.16.1.0/24 [90/2297856] via 200.0.0.130, 00:06:51, Serial0/0

D     172.16.2.64/26 [90/2297856] via 200.0.0.130, 00:06:51, Serial0/0
 

Metric = { (10,000,000/1544)+[(20000+5000)/10)]}*256

         = {6476.683937823834 + 2500}*256

         = {6476+2500}*256 = 2297856

အထက္ပါ Metric တန္ဖိုးမ်ားသည္ Interface ၏ Bandwidth ေပၚတြင္အေျခခံကာတြက္ခ်က္ထားျခင္းျဖစ္ပါ သည္။သို႔ရာတြင္လက္ေတြ႕တြင္ Manual တြက္ယူရျခင္းမ်ိဳးလည္းရွိနုိင္ပါသည္။ဥပမာအားျဖင့္ Interface Bandwidth သည္ T1(1544Kb/s) ရွိေသာ္ လည္း actual bandwidth တန္ဖိုးက 1024Kb/s ျဖစ္ေနျခင္းမ်ိဳးျဖစ္ နိုင္ပါသည္။EIGRP Metric Calculation ကို ပိုမိုအကြ်မ္း၀င္ေစရန္ ေနာက္ထပ္ Topology ပံုစံတစ္မ်ိဳးျဖင့္ EIGRP Calculation(Part-2) ကိုထပ္မံေရးသားေပးပါမည္ခင္ဗ်ား...။:)

ေလးစားစြာျဖင့္
WinTunHlaing

 

Cisco Tunneling Basic

Network တစ္ခုေပၚမွာ Tunnel ေဖာက္တယ္ဆိုတာကေတာ့ အရွင္းဆံုး Definition ဖြင့္ရရင္ physical Network တစ္ ခုေပၚမွာ Logical Network တစ္ခုသုိ႔မဟုတ္တစ္ခုထက္ပိုေသာ Logical Network မ်ားကိုတည္ေဆာက္ျခင္းပဲျဖစ္ပါ တယ္။Tunnel တစ္ခု သို႔ တစ္ခုထက္ပို တဲ့ Tunnel ေတြကို physical Network တစ္ခုမွာတည္ေဆာက္နုိင္ပါတယ္။ Tunnel တည္ေဆာက္ရန္ အတြက္ေတာ့ Tunneling Protocol ေတြကိုသံုးရ မွာပါ။အခုေအာက္ေဖာ္ျပပါ Topology ပံုေလးထဲကအတိုင္း Basic Tunnel တစ္ခုကိုတည္ေဆာက္ႀကည့္ပါမယ္။

Topology ထဲမွာ 200.0.0.32/30,172.16.0.0/27,10.0.0.0/24,200.0.0.36/30 Network ေလးခုက EIGRP နဲ႔ Route လုပ္ထားျပီး လုပ္ထားျပီး physical links ေတြျဖစ္ပါတယ္။ဆိုလိုတာက Real Network Interface ကိုအသံုးျပဳ ထားတဲ့ Network ေတြျဖစ္ပါတယ္။ေနာက္တစ္စုျဖစ္တဲ့ 172.16.0.32/30,200.0.0.0/27, 172.16.0.64/30 Network ေတြကေတာ့ Tunnel ေပၚကေနတစ္ဆင့္ Route လုပ္မွာပါ။

Sophia Router Configuration *Mar 1 00:11:59.679: %SYS-5-CONFIG_I: Configured from console by console Sophia#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Sophia(config)#interface serial 0/0 Sophia(config-if)#ip address 172.16.0.1 255.255.255.224 Sophia(config-if)#no shutdown *Mar 1 00:13:36.591: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up Sophia(config)#interface serial0/1 Sophia(config-if)#ip address 10.0.0.1 255.255.255.0 Sophia(config-if)#no shut *Mar 1 00:19:26.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up Sophia(config-if)#router eigrp 10 Sophia(config-router)#network 172.16.0.0 Sophia(config-router)#network 10.0.0.0 Sophia(config-router)#no auto-summary Mable Router Configuration Mabel#config t Enter configuration commands, one per line. End with CNTL/Z. Mabel(config)#int s0/0 Mabel(config-if)#ip addr 172.16.0.2 255.255.255.252 Mabel(config-if)#no shut *Mar 1 00:32:03.895: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up Mabel(config-if)#exit Mabel(config)#interface loopback 0 *Mar 1 00:32:40.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up Mabel(config-if)#ip address 200.0.0.33 255.255.255.252 Mabel(config-if)#interface loopback 1 *Mar 1 00:34:58.679: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up Mabel(config-if)#ip address 172.16.0.33 255.255.255.252 Mabel(config)#router eigrp 10 Mabel(config-router)#network 200.0.0.32 Mabel(config-router)#network 172.16.0.32 Mabel(config-router)#network 172.16.0.0 *Mar 1 00:45:38.319: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.16.0.1 (Serial0/0) is up: new adjacency Mabel(config-router)#end Mabel#write memory Building configuration... [OK] Kayla Router Configuration Kayla#config t Enter configuration commands, one per line. End with CNTL/Z. Kayla(config)#int s1/0 Kayla(config-if)#ip address 10.0.0.2 255.255.255.0 Kayla(config-if)#no shut *Mar 1 00:56:47.827: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up Kayla(config-if)#int lo0 *Mar 1 00:56:58.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up Kayla(config-if)#ip address 200.0.0.37 255.255.255.252 Kayla(config-if)#int lo1 *Mar 1 00:57:34.535: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up Kayla(config-if)#ip address 172.16.0.65 255.255.255.252 Kayla(config-if)#router eigrp 10 Kayla(config-router)#network 200.0.0.36 Kayla(config-router)#network 172.16.0.64 Kayla(config-router)#network 10.0.0.0 Kayla(config-router)#no auto-summary *Mar 1 00:58:47.555: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.0.0.1 (Serial1/0) is resync: summary configured Kayla(config-router)#end *Mar 1 00:58:57.519: %SYS-5-CONFIG_I: Configured from console by console Kayla#wr mem Building configuration... [OK]
အခုဆိုရင္ Mabel၊Sophia နဲ႔ Kayla Router သံုးလံုးကို EIGRP Routing Protocol ျဖင့္ခ်ိတ္ဆက္ထားျပီး Router တစ္လံုးနဲ႔တစ္လံုး ping လုပ္လို႔ရေနမွာပါ။အခု Mable နဲ႔ Kayla Router ႏွစ္လံုးကို Basic Logical Tunnel Network တည္ေဆာက္ႀကည့္ပါမယ္။Tunnel Network တစ္ခုတည္ေဆာက္ရန္အနည္းဆံုးေတာ့ Physical Network တစ္ခု ရွိေနရမည္ျဖစ္ျပီး 200.0.0.0/32 သည္ Logical Tunnel အတြက္ Subnet ျဖစ္ပါတယ္။ထို႔ေႀကာင့္ Topology ပံုအရ...

Router	Tunnel Physical Interface	Tunnel Source Address	Tunnel Destination Address
Mabel	s0/0	200.0.0.1	10.0.0.2
Kayla	s1/0	200.0.0.2	172.16.0.2

Tunnel Configuration on Mable Router Mabel(config)#do show ip int brief Interface IP-Address OK? Method Status Protocol Serial0/0 172.16.0.2 YES manual up up Serial0/1 unassigned YES unset administratively down down Serial0/2 unassigned YES unset administratively down down Serial0/3 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset administratively down down Loopback0 200.0.0.33 YES manual up up Loopback1 172.16.0.33 YES manual up up Mabel(config)#interface tunnel ? <0-2147483647> Tunnel interface number Mabel(config)#interface tunnel 0 *Mar 1 03:04:03.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down Mabel(config-if)#ip address 200.0.0.1 255.255.255.252 Mabel(config-if)#tunnel source s0/0 Mabel(config-if)#tunnel destination ? Hostname or A.B.C.D ip address or host name X:X:X:X::X IPv6 address Mabel(config-if)#tunnel destination 10.0.0.2 *Mar 1 03:08:06.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up Mabel(config-if)#exit Mabel(config)#router ospf 5 Mabel(config-router)#network 172.16.0.32 0.0.0.3 area 0 Mabel(config-router)#network 200.0.0.0 0.0.0.3 area 0 *Mar 1 04:13:05.886: %OSPF-5-ADJCHG: Process 5, Nbr 200.0.0.37 on Tunnel0 from LOADING to FULL, Loading Done Mabel(config-router)#end Mabel#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 200.0.0.0/30 is subnetted, 3 subnets C 200.0.0.0 is directly connected, Tunnel0 C 200.0.0.32 is directly connected, Loopback0 D 200.0.0.36 [90/2809856] via 172.16.0.1, 00:44:14, Serial0/0 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.16.0.32/30 is directly connected, Loopback1 C 172.16.0.0/30 is directly connected, Serial0/0 O 172.16.0.65/32 [110/11112] via 200.0.0.2, 00:44:01, Tunnel0 10.0.0.0/24 is subnetted, 1 subnets D 10.0.0.0 [90/2681856] via 172.16.0.1, 00:44:15, Serial0/0 Tunnel Configuration on Kayla Router Kayla#config t Enter configuration commands, one per line. End with CNTL/Z. Kayla(config)#int tunn ? <0-2147483647> Tunnel interface number Kayla(config)#int tunn 1 Kayla(config-if)#ip address *Mar 1 03:18:49.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down Kayla(config-if)#ip address 200.0.0.2 255.255.255.252 Kayla(config-if)#tunnel source s1/0 Kayla(config-if)#tunnel destination 172.16.0.2 *Mar 1 03:19:59.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up Kayla#ping 200.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds: !!!!! Kayla(config-if)#exit Kayla(config)#router ospf 5 Kayla(config-router)#network 172.16.0.64 0.0.0.3 area 0 Kayla(config-router)#network 200.0.0.0 0.0.0.3 area 0 Kayla(config-router)#end Kayla#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 200.0.0.0/30 is subnetted, 3 subnets C 200.0.0.0 is directly connected, Tunnel1 D 200.0.0.32 [90/2809856] via 10.0.0.1, 00:39:09, Serial1/0 C 200.0.0.36 is directly connected, Loopback0 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks D 172.16.0.32/30 [90/2809856] via 10.0.0.1, 00:39:09, Serial1/0 O 172.16.0.33/32 [110/11112] via 200.0.0.1, 00:38:57, Tunnel1 D 172.16.0.0/30 [90/2681856] via 10.0.0.1, 00:39:09, Serial1/0 C 172.16.0.64/30 is directly connected, Loopback1 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Serial1/0

OSPF Authentication

Authentication လုပ္တယ္ဆိုတာ Traffic ေတြကိုပိုျပီး Secure ျဖစ္ေအာင္လုပ္ျခင္းပဲျဖစ္ပါတယ္။Network ေပၚက traffic ေတြဟာ Authentication လုပ္ထားခဲ့ရင္ ပံုမွန္ထက္စာလွ်င္ေတာ့ပိုလံုျခံဳမွာပါ။Authentication လုပ္တယ္ဆို တဲ့ေနရာမွာလည္း အမ်ိဳးမ်ိဳးရွိပါတယ္။အခုဒီမွာေတာ့ Network Level Authentication ျဖစ္ပါတယ္။

အေပၚကပံုေလးအတိုင္း OSPF Topology ကို Authentication လုပ္မွာပါ။ ေနာက္ျပီးဒီမွာ VLSM သေဘာတ ရားေလးလည္းအနည္းငယ္ထည့္ထားပါတယ္။ဘာလို႔လဲဆိုေတာ့အခ်ိဳ႕ခ်ိဳ႕ေသာ ညီမငယ္၊ညီငယ္ေလးေတြ VLSM နဲ႔ CIDR ကိုမသဲကြဲဘူးျဖစ္ေနလို႔ပါ။နွစ္ခုလံုးက Class Full မဟုတ္တာေတာ့မွန္ပါတယ္။Subnet ႀကီးတစ္ခုကို Split လုပ္တဲ့အခါမွာ Class Full မဟုတ္ခဲ့ရင္ CIDR ျဖစ္ပါတယ္။သို႔ေသာ္ CIDR တိုင္း Variable Length ျဖစ္ခ်င္မွျဖစ္မွာ ပါ။အေပၚက Topology ပံုထဲမွာ 201.0.0.0/24 ဆိုတဲ့ Subnet ႀကီးကို 201.0.0.0/26 တစ္ခု၊201.0.0.128/30 201.0.0.132/30,201.0.0.136/30 ဆိုျပီးယူသံုးထားပါတယ္။အေသးစိတ္တြက္ပံုကိုေတာ့ ေအာက္မွာျပထားပါ တယ္။

  Network       Subnet Mask                                Binary Form                                   CIDR
 201.0.0.0     255.255.255.0       11111111.11111111.11111111.00000000           /24

အထက္က Network ကို ေအာက္ကပံုစံ အတုိင္း Split လုပ္လုိ္က္ပါမယ္။(*) ျပထားတဲ့ Split Subnet ေတြကိုပဲ Topology မွာသံုးမွာပါ။က်န္တာေတြကေတာ့ Reserve ေပါ့။

  Network        Subnet Mask                          Binary Form                                      CIDR
* 201.0.0.0      255.255.255.192      11111111.11111111.11111111.11000000   /26
   201.0.0.64    255.255.255.192      11111111.11111111.11111111.11000000   /26
* 201.0.0.128  255.255.255.192      11111111.11111111.11111111.11000000   /26
   201.0.0.192  255.255.255.192      11111111.11111111.11111111.11000000   /26

အေပၚမွာ(*) mark ျပထားတဲ့ Subnet ေတြထဲကမွ 201.0.0.0/26 ကို Routing လုပ္ရာမွာသံုးျပီး 201.0.0.128/26 Subnet ကိုေတာ့ ေအာက္မွာျပထားတဲ့ပံုစံအတိုင္းထပ္ခြဲပါအံုးမယ္။အဲ့ထဲကမွ (*) mark ျပထား တဲ့သံုးခုကိုပဲ Loopback အတြက္သံုးမွာျဖစ္ျပီးက်န္တာေတြကေတာ့ Reserve အေနနဲ႔ပဲထားလိုက္မွာပါ။ISP မွာ လိုအပ္ခ်က္အရ public IP ေတာင္းခံခဲ့ရင္လည္းအဲ့လိုမ်ိဳး Reserve လုပ္ထားတဲ့ Address ေတြထဲကပဲေပးတာျဖစ္ ပါတယ္။

        Network         Subnet Mask                           Binary Form                                   CIDR
      201.0.0.128  255.255.255.192      11111111.11111111.11111111.11000000            /26

     Network         Subnet Mask                         Binary Form                                       CIDR
 * 201.0.0.128    255.255.255.252      11111111.11111111.11111111.11111100            /30
 * 201.0.0.132    255.255.255.252      11111111.11111111.11111111.11111100            /30
 * 201.0.0.136    255.255.255.252      11111111.11111111.11111111.11111100            /30

   201.0.0.140    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.144    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.148    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.152    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.156    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.160    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.164    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.168    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.172    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.176    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.180    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.184    255.255.255.252      11111111.11111111.11111111.11111100            /30
   201.0.0.188    255.255.255.252      11111111.11111111.11111111.11111100            /30

အေပၚကပံုေလးမွာ OSPF Routing Process အသက္၀င္ေနပါျပီ။သို႔ေသာ္ Authentication တာ့မလုပ္ထားေသးပါ။
OSPF Routing ကို Authentication လုပ္မယ္ဆိုရင္ OSPF Authentication Password လိုအပ္မွာျဖစ္ပါတယ္။ ဒီေနရာမွာေတာ့ Topology ထဲမွာကအတိုင္းပဲသံုးမွာပါ။။Topology မွာ Router သံုးလံုးရွိတဲ့အနက္ Nika နဲ႔ Mabel ဆိုတဲ့ Router ႏွစ္လံုးႀကားက Link ကို Authentication အရင္လုပ္ပါမယ္။သက္ဆိုင္ရာ Interface ထဲကို၀င္ျပီး Interface Configuration Mode မွာ Configure လုပ္ရမွာပါ။ေအာက္ပါပံုစံအတုိင္းျဖစ္ပါတယ္။

Nika(config)#interface serial s1/0                                //entering to the serial 1/0 interface

Nika(config-if)#ip ospf authentication message-digest   //set the authentication

Nika(config-if)#ip ospf authentication-key BabyLay       //set the authentication password

အေပၚကပံုေလး မွာ Nika Router ကို MD5(message digest 5) နဲ႔ Authenticate လုပ္ထားတာပါ။သို႔ေသာ္တ ဖက္ Neighbor Router မွာ Configure မခ်ရေသးမီ(confirm) မျဖစ္မီမွာ Routing Process ဟာခဏတာ Down သြားမွာပါ။ေနာက္တစ္ဆင့္ကေတာ့ Neighbor Router ျဖစ္တဲ့ Mabel မွာ Configure ခ်ရမွာပါ။။ေအာက္ပါအတိုင္း ပဲျဖစ္ပါတယ္။

Mable(config)#interface serial s0/0                              //entering to the serial 0/0 interface

Mable(config-if)#ip ospf authentication message-digest        //set the authentication

Mable(config-if)#ip ospf authentication-key BabyLay         //set the authentication password

အထက္ပါအတိုင္း Confirm ျဖစ္ျပီးေနာက္မွာ Routing Process ဟာတစ္ဖန္အသက္ျပန္၀င္လာမွာပါ။သို႔ေသာ္ MD5 နဲ႔ Authenticate လုပ္ထားတဲ့ Secure Connection ျဖစ္ေနပါျပီ။က်န္တဲ့ connection တစ္ဖက္ကိုလည္း အထက္ပါအတိုင္းပဲ Configure ခ်ေပးရမွာပါ။Authentication Password ပဲကြာပါလိမ့္မယ္။က်န္တာကေတာ့ အတူတူပဲျဖစ္ပါတယ္။

ေလးစားစြာျဖင့္
Win Tun Hlaing

EIGRP Authentication

ဒီ Topology ေလးမွာ EIGRP ကို MD5(message digest 5) နဲ႔ Authentication လုပ္ပံုကို Configure ခ်မွာပါ။။ဒါေပ မယ့္ဒီမွာကြ်န္ေတာ္ VLSM သေဘာတရားေလးနည္းနည္းထည့္ထားပါတယ္။ပံုမွာ 200.0.0.0/24 Network ကိ္ု VLSM နဲ႔ ခြဲျပီး 200.0.0.0/30 တစ္ခု၊200.0.0.4/30 တစ္ခု၊200.0.0.8/30 နဲ႔ 200.0.0.128/25 ဆိုျပီးခြဲထားပါတယ္။ဒီေနရာ မွာ /30(255.255.255.252) Network မ်ားက ေတာ့ loopback Address ေတြအတြက္ျဖစ္ျပီး /25 ကေတာ့ Routing အတြက္သံုးမွာပါ။ေနာင္လာမယ့္ IP Next Generation(IPv6) မွာေတာ့ Subnet Mask ေတြကို IPv4 မွာလို Numeral ေတြနဲ႔သံုးမွာမဟုတ္ေတာ့ပဲ slap(/) Notation နဲ႔ပဲသာလွ်င္အသံုးျပဳမွာပါ။ဒါေႀကာင့္ IPv6 ကိုမေလ့လာမီ IPv4 ရဲ့ VLSM နဲ႔ CIDR သေဘာကိုေသခ်ာသိေနရမွာပဲျဖစ္ပါတယ္။ေအာက္မွာကြ်န္ေတာ္ VLSM ကိုအေသးစိတ္ တြက္ပါမယ္။

    Network        Subnet Mask                   Binary Form                                        CIDR
 200.0.0.0      255.255.255.0        11111111.11111111.11111111.00000000              /24

အေပၚက Network ကိုေအာက္ပါအတုိင္းျပင္လုိက္ပါတယ္။ဒါဆိုရင္ Network နွစ္ခုျဖစ္သြားပါျပီ။တစ္ေနရာပဲေရြ႕ လိုက္တာပါ။သို႔ေသာ္လက္ေတြ႕မွာ Infrastructure ရဲ့လိုအပ္ခ်က္ေပၚမူတည္ျပီးႀကိဳက္သလိုေရြ႕နိုင္ပါတယ္။ဒီမွာ Topology ထဲကအတိုင္းခြဲလိုက္တာျဖစ္ပါတယ္။ရလာတဲ့ Network Range နွစ္ခုထဲက 200.0.0.128(/25) ကို Routing အတြက္သံုးမွာျဖစ္ျပီး၊ 200.0.0.0/25(255.255.255.128) ကို LoopBakck ေတြအတြက္ ထပ္ျပီးခြဲမွာပါ။ အေရာင္ေလးနဲ႔ Highlight လုပ္ထားတဲ့ (1)  ေတြကေတာ့ ေရြ႕ထားတဲ့ေကာင္ေတြပဲျဖစ္ပါတယ္။


  Network        Subnet Mask                      Binary Form                                          CIDR
 200.0.0.0       255.255.255.128        11111111.11111111.11111111.10000000            /25
 200.0.0.128    255.255.255.128        11111111.11111111.11111111.10000000            /25


အခုတစ္ခါ 200.0.0.0/25 ကိုယူျပီး (/30) ျဖစ္ေအာင္ခြဲပါမယ္။/30 ျဖစ္ဖို႔ဆိုရင္ /25 ကို 5-digit ေရြ႕ရမွာပါ။5-digit ကို hightlight လုပ္ထားပါတယ္။ဒါဆုိရင္ Network အေရတြက္က (2^5=32) ခုထြက္လာမွာျဖစ္ျပီး။ သုညအေရ တြက္ကေတာ့ Network တစ္ခုစီမွာရွိမယ့္ host ပမာဏပဲျဖစ္ပါတယ္။loopback အတြက္ရလာတဲ့ Network 32 ခု ထဲက ေအာက္မွာ (*) အမွတ္ျပထားတဲ့သံုးခုကိုပဲအသံုးျပဳမွာျဖစ္ျပီး က်န္တာေတြကိုေတာ့ Reserve အေနနဲ႔ခ်န္ ထားခဲ့ပါမယ္။CIDR ကိုအေသးစိတ္ေလ့လာခ်င္ေသးတယ္ဆိုရင္ေတာ့ ဒီမွာ ေလ့လာနိုင္ပါတယ္။


    Network         Subnet Mask                      Binary Form                                       CIDR
   200.0.0.0       255.255.255.128        11111111.11111111.11111111.10000000           /25

    Network         Subnet Mask                      Binary Form                                       CIDR
 * 200.0.0.0       255.255.255.252       11111111.11111111.11111111.11111100           /30
 * 200.0.0.4       255.255.255.252       11111111.11111111.11111111.11111100           /30
 * 200.0.0.8       255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.12     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.16     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.20     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.24     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.28     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.32     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.36     255.255.255.252       11111111.11111111.11111111.11111100           /30
    200.0.0.40     255.255.255.252       11111111.11111111.11111111.11111100           /30
    |||||||||||||||||||||||||      |||||||||||||||||||||||||||||||||||||         |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||              ||||||||
    200.0.0.124     255.255.255.252      11111111.11111111.11111111.11111100           /30

အခု Topology မွာ EIGRP Authentication လုပ္ပံုကိုအဓိကေျပာခ်င္တာျဖစ္လို႔ Interface ေတြကို IP Set-up လုပ္တာေတြ၊Routing လုပ္တာေတြ စသည္တို႔ကိုထားခဲ့ပါမယ္။

အေပၚကပံုေလးမွာ EIGRP Routing ကို AS Number 10 နဲ႔ Configure ခ်ထားတဲ့ပံုျဖစ္ျပီး၊Routing Process အ သက္၀င္ေနျပီျဖစ္ပါတယ္။သို႔ေသာ္အခုခ်ိန္ထိ Authentication မလုပ္ရေသးပါ။Authenticate လုပ္ရတဲ့အဓိက အေႀကာင္းရင္းကေတာ့ Secure ျဖစ္ေအာင္လို႔ပါ။EIGRP မွာ Authenticate လုပ္မယ္ဆိုရင္သံုးခုလိုပါတယ္။
1.Key Chain
2.Key Number
3.Key String
တို႔ျဖစ္ပါတယ္။အထက္ပါလိုအပ္ခ်က္မ်ားကို Router ရဲ့ global configuration mode မွာသတ္မွတ္ေပးျပီး၊ သက္ ဆိုင္ရာ Interface ေတြေပၚမွာ Apply လုပ္ေပးရမွာျဖစ္ပါတယ္။ေအာက္မွာအေသးစိတ္ Configuration ခ်ပံုပါ။
Yaymon နဲ႔ Kaylar ဆိုတဲ့ Router နွစ္လံုးႀကားမွာရွိတဲ့ Link ကို Authenticate လုပ္ရန္အတြက္-

Yaymon(config)#key chain ChitThuLay                                        //Assign the key chain

Yaymon(config-keychain)#key 1                                                 //Assign the key number for key-chain

Yaymon(config-keychain-key)#key-string 12!@ilu                     //Assign the key string for key chain number

Yaymon(config)#interface serial 0/0                                                      //Entering to the Serial Interface 0/0  

Yaymon(config-if)#ip authentication mode eigrp 10 md5                       //Setting up the authentication mode

Yaymon(config-if)#ip authentication key-chain eigrp 10 ChitThuLay     //Applying key-chain to the interface

အထက္ပါအတိုင္း Apply လုပ္ျပီးခ်ိန္တြင္ Routing Process ဟာခဏတာ Down သြားမွာပါ၊ဘာလို႔လဲဆိုေတာ့တ ဖက္က Neighbor Interface မွာ Apply မလုပ္ရေသးလို႔ပါ။ေအာက္ေဖာ္ျပပါပံုေလးအတုိင္းျဖစ္ပါတယ္။

Kaylar(config)#key chain ChitThuLay                                        //Assign the key chain

Kaylar(config-keychain)#key 1                                                 //Assign the key number for key-chain

Kaylar(config-keychain-key)#key-string 12!@ilu                     //Assign the key string for key chain number

Kaylar(config)#interface serial 1/0                                                      //Entering to the Serial Interface 1/0  

Kaylar(config-if)#ip authentication mode eigrp 10 md5                       //Setting up the authentication mode

Kaylar(config-if)#ip authentication key-chain eigrp 10 ChitThuLay     //Applying key-chain to the interface

အထက္ပါအတုိင္း Apply လုပ္ျပီးေနာက္မွာ Yaymon နဲ႔ Kaylar ႀကားမွာ Routing Process ကတစ္ဖန္ျပန္ျပီးအ သက္၀င္လာမွာပါ။သို႔ေသာ္ MD5 နဲ႔ Authenticate လုပ္ထားတဲ့ Secure Connection ျဖစ္ေနပါျပီ။ေအာက္ပါပံု ကိုႀကည့္နုိင္ပါတယ္။

အျခား Suse နဲ႔ Kaylar ႀကား Link ကိုလည္း Topology ပံုထဲကအတုိင္း အထက္မွာ Configure ခ်သလိုမ်ိဳးျပဳ လုပ္ေပးရပါမယ္။Key Chain,Key Number,Key-String ေတြပဲကြာမွာပါ။က်န္တာကေတာ့အတူတူပါပဲ။အား လံုးျပီးသြားရင္း Routing Process ကို Vertify လုပ္ရပါမယ္။EIGRP က Table သံုးမ်ိဳးနဲ႔အလုပ္လုပ္ပါတယ္။
 1.Neighbor Table
 2.Topology Table
 3.Routing Table    တို႔ျဖစ္ပါတယ္။
အဲ့အထဲမွာမွ Neighbor Table ရဲ့အလုပ္လုပ္ပံုကို Cisco Official စာအုပ္ထဲကအတိုင္းေဖာ္ျပေပးလိုက္ပါတယ္။

H       -    indicate the order in which the neighbor was discovered

Hold   -   the hold time how long this router will wait for a Hello Packet to arrive from a specific neighbor

Uptime - indicate how long the neighborship has been established

SRTT  - An indication of the time it take for a round-trip from this router to its neighbor and back and It's

             called Smooth Round-trip Timer.It is used to determine how long to wait after a multicast for a

             reply from this neighbor.If a reply isn't received in time,the router will switch to using unicasts in an

             attempt to complete the communication.

RTO -   the amount of time EIGRP waits before retransmitting a packet from the retransmission queue to a

             neighbor and It's called Retransmission Time Out.

 Q -      Indicate whether there are any outstanding message in the Queue.Large Number in Queue indicate a

             certain problem.

Seq -    the sequence number of the last update from the neighbor.That's used to maintain synchronization 

            and avoid duplicate or out-of-sequence processing of message.

ေလးစားစြာျဖင့္
Win Tun Hlaing

VTP Trunking with InterVlan Routering

အခုTopology ေလးမွာ Vlan ခြဲတာရယ္၊VTP သေဘာတရားရယ္ ၊ Internal Lan အခ်င္းခ်င္း Route လုပ္တာေတြရယ္တစ္ခါတည္းပါမွာပါ။ဒီေနရာမွာကြ်န္ေတာ္တို႔ VTP ကိုပဲအနည္းငယ္သတိထားရမွာပါ။VTP ကို တစ္လံုးထက္ပိုေသာ switch ေတြကို တစ္ခုနွင့္တစ္ခုခ်ိတ္ဆက္တဲ့ေနရာမွာအသံုးျပဳရမွာပါ။ပံုထဲက Topology ထဲမွာဆုိရင္ Vlan Switch သံုးလံုးရွိပါမယ္။အဲလိုပဲ Vlan သံုးခုရွိပါမယ္။Vlan ခြဲရျခင္းရဲ့ေကာင္း က်ိဳးေတြကိုေတာ့သက္ဆိုင္ရာေနရာေရာက္မွပဲေရးပါ့မယ္။ဒီTopology ထဲကပံုက Business Flow အရ structure က်ခ်င္မွက်ပါလိမ့္မယ္။Vlan နဲ႔ VTP ရဲ့သေဘာတရားကိုနားလည္ေအာင္သာရည္ရြယ္ျခင္းျဖစ္ပါ တယ္။ဒီTopology ကိုအဆင့္ေလးဆင့္ခြဲျပီး Configure ခ်ပါမယ္။

1.Basic Switch Configuration
2.VTP configuraiton
3.Vlan Router Configuration
4.Inter Vlan Routing

Basic Switch Configuration  

 ဒီconfiguration အဆင့္မွာဘာေတြပါမလဲဆိုရင္ switch အတြက္ host name,user name,password, enable secret,Telnet (or) SSH အတြက္ Virtual Terminal Line Configuration ေတြပါ၀င္ပါမယ္။
ေအာက္မွာConfiguration ခ်ပံုကိုေရးေပးထားပါတယ္...။

Switch>en
Switch#config t                                             //Entering to Global Configuration Mode
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#host Sw0                              //Setting the switch to Host Name
Sw0(config)#username Suse pass abcd         //Setting the Username and Password            Sw0(config)#enable secret ?
  0      Specifies an UNENCRYPTED password will follow
  5      Specifies an ENCRYPTED secret will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' secret
  level  Set exec level password
Sw0(config)#enable secret sw0               //setting the enable secret         
Sw0(config)#line vty 0 10                      //Assign the Virtual Terminal Lines
Sw0(config-line)#login local         

က်န္တဲ့ switch နွစ္လံုးသည္လည္းထို႔အတူပဲျဖစ္ပါတယ္။Username,Password နဲ႔ Enable Secret ေတြ သာကြာသြားမွာပါ။ဒါဆိုရင္ေတာ့ Basic Switch Configuration ျပီးျပီလို႔ေျပာလို႔ရပါတယ္။ေနာက္တစ္ခုက VTP နဲ႔ switch port ေတြပါ။switch port ေတြမွာ Access mode ရယ္၊Trunk mode ရယ္ကိုေယဘုယ် အားျဖင့္ႏွစ္မ်ိဳးခြဲနိုင္ပါတယ္။Access Mode Switch Port ေတြကေတ့ာ IP Device(Computer,VOIP Phone,etc..)ေတြကိုခ်ိတ္ဆက္တဲ့ port ေတြျဖစ္ပါတယ္။Trunk Mode Switch Port ေတြကေတာ့ switch to switch (or) switch to Router (or) switch to firewall စသည္ျဖင့္ခ်ိတ္ဆက္တဲ့ Switch Port မ်ား
ျဖစ္ပါတယ္။

VTP configuraiton 

VTP ဆိုတာ Vlan Trunking Protocol ျဖစ္ပါတယ္။Switch Port ေတြႀကားမ်ာ Trunking လုပ္ ဖို႔ရန္အသံုးျပဳတာျဖစ္ပါတယ္။Theory အရဆိုရင္ သူ႔ကို Layer 2 messaging protocol လို႔ေခၚဆိုနိုင္ျပီး Vlan ေတြ adding လုပ္တာ Deleting လုပ္တာ modify လုပ္တာေတြကို VTP Server mode ရွိရာ switch ကေနလုပ္ရံုနဲ႔ Client Switch ေတြကို အက်ိဳးသက္ေရာက္မွုရွိေစမွာျဖစ္ပါတယ္။VTP ကိုသာ configure ခ်မထားခဲ့ရင္ အထက္ပါအခ်က္ေတြကို Switch တစ္ခုစီကေန Manual Configure ခ်ေပးရမွာ ပဲျဖစ္ပါတယ္။Topology မွာ switch သံုးခုရွိတဲ့အနက္ Router နဲ႔အနီးဆံုး Switch ကို VTP server mode မွာထား ပါမယ္။က်န္တဲ့နွစ္ခုကိုေတာ့ VTP client mode မွာပဲထားပါမယ္။Default အားျဖင့္ေတာ့ Cisco Catalyst Switch မ်ားဟာ Server Mode ျဖစ္ပါတယ္။VTP ကိုအသံုးျပဳဖုိ႔ရန္ VTP Domain နဲ႔ VTP Password လုိပါတယ္။ဆိုလိုတာကကိုယ့္ ရဲ့ Internal Structure မွာရွိေနတဲ့ Switch မ်ားအားလံုးသည္တူ ညီတဲ့ VTP Domain ေအာက္မွာရွိရမွာျဖစ္ျပီး VTP password လည္းတူရမွာျဖစ္ပါတယ္။Configuration ခ်ပံုကိုေအာက္မွာႀကည့္နုိင္ပါတယ္။

Sw0(config)#vtp mode server                            //setting vtp mode to server
Device mode already VTP SERVER.

Sw0(config)#vtp domain mmuak                       //setting up vtp domain
Changing VTP domain name from NULL to mmuak
Sw0(config)#vtp pass @@uak                          //setting up vtp password
Setting device VLAN database password to @@uak

Sw1(config)#vtp domain mmuak                     //setting up vtp domain
Domain name already set to mmuak.
Sw1(config)#vtp pass @@uak                        //setting up vtp password
Setting device VLAN database password to @@uak
Sw1(config)#vtp mode ?
  client       Set the device to client mode.
  server       Set the device to server mode.
  transparent  Set the device to transparent mode.
Sw1(config)#vtp mode client                           //setting the vtp mode to client
Setting device to VTP CLIENT mode.

VTP Server နဲ႔ Client ကိုConfigure ခ်လို႔ျပီးသြားပါျပီ။show vtp status ဆိုတဲ့ command ကိုသံုးျပီး VTP ကိုျပန္ႀကည့္နိုင္ပါတယ္။

အေပၚကပံုေလးကေတာ့ VTP Status ကိုျပန္ႀကည့္ထားျခင္းျဖစ္ပါတယ္။အခု Trunk ေတြကုိ Configuration ခ်ဖို႔က်န္ေနပါေသးတယ္။Switch Port ရဲ့ mode မွာ access,dynamic,trunk ေတြရွိတဲ့အ နက္ trunk ကိုေရြးေပးရမွာပါ။Trunk ကို Configuration ခ်ျပီးတာနဲ႔ trunking အတြက္ encapsulation method ကိုပါတစ္ခါတည္း Configure ခ်ေပးရပါမယ္။Cisco Inter Switch Link(ISL),IEEE802.1q Trunking,LAN Emulation Trunking တို႔အနက္မွာ Multi Vendor Support လုပ္တဲ့ IEEE802.1q ကိုပဲ သံုးပါမယ္။ေအာက္မွာ Configuration ခ်ပံုျဖစ္ပါတယ္။

Sw0(config)interface gig0/1

Sw0(config-if)#switchport mode ?
  access          Set trunking mode to ACCESS unconditionally
  dynamic       Set trunking mode to dynamically negotiate access or trunk mode
  trunk           Set trunking mode to TRUNK unconditionally

Sw0(config-if)#switchport mode trunk

Sw0(config-if)#switchport trunk ?
  allowed                 Set allowed VLAN characteristics when interface is in trunking mode
  encapsulation         Set trunking encapsulation when interface is in trunking mode
  native                    Set trunking native characteristics when interface is in trunking mode

Sw0(config-if)#switchport trunk encapsulation ?

dot1q                      Interface uses only 802.1q trunking encapsulation when trunking

Sw0(config-if)#switchport trunk encapsulation dot1q

က်န္တဲ့ Trunking switch port မ်ားကိုလည္းအထက္ပါအတိုင္းပဲ Configuration ခ်ေပးရမွာျဖစ္ပါတယ္။

ေနာက္တစ္ခုကေတာ့ Vlan access port မ်ား Assign လုပ္ရမွာပါ။Topology ပံုထဲကအတိုင္းပဲ Assign လုပ္ပါမယ္။

 Sw0(config)#vlan 20                                                  //adding Vlan 20 to switch Sw0

 Sw0(config-vlan)#name AA_Department                                         //Naming Vlan 20

 Sw0(config-vlan)#exit                               

 Sw0(config)#vlan 30                                                  //adding Vlan 30 to switch Sw0

 Sw0(config-vlan)#name BB_Department                                          //Naming Vlan 30

 Sw0(config-vlan)#exit

 Sw0(config)#vlan 40                                                  //adding Vlan 40 to switch Sw0

 Sw0(config-vlan)#name CC_Department                                          //Naming Vlan40

Sw0 switch ဟာ VTP Server ျဖစ္တာေႀကာင့္ အျခား Client switch ေတြကိုပါ အက်ိဳးသက္ေရာက္မႈရွိ မွာျဖစ္ပါတယ္။Sw0 မွာ VLan ေတြကို adding လုပ္လိုက္တာေႀကာင့္ ထို Vlan မ်ားကိုအျခား client switch ေတြျဖစ္တဲ့ Sw1 နဲ႔ Sw2 တို႔မွာပါ Automatic သိသြားမွာပါ။အဲ့ေနာက္မွာ switch အသီးသီးကို Vlan Access Port ေတြ Assign လုပ္ေပးရပါမယ္။Topology Diagram ထဲကအတိုင္း Assign လုပ္ပါ မယ္။

Sw0#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Sw0(config)#interface f0/2
Sw0(config-if)#switchport mode access
Sw0(config-if)#switchport access vlan ?
  <1-1005>  VLAN ID of the VLAN when this port is in access mode
Sw0(config-if)#switchport access vlan 20

Sw0(config-if)#interface f0/3
Sw0(config-if)#switchport mode access
Sw0(config-if)#switchport access vlan 20

Sw0(config-if)#int range f0/4-5
Sw0(config-if-range)#switchport mode access
Sw0(config-if-range)#switchport access vlan 30

Sw0(config-if-range)#int range f0/6-7
Sw0(config-if-range)#switchport mode access
Sw0(config-if-range)#switchport access vlan 40

က်န္တဲ့ switch မ်ားမွာရွိတဲ့ switch port မ်ားကိုလည္း အထက္ပါအတိုင္းပဲအသီးသီးသတ္မွတ္ေပးရမွာပါ။ switch ေတြမွာ switch port မ်ားကို Direct IP Address သတ္မွတ္တာမ်ိဳးလုပ္လို႔ရမွာမဟုတ္ပါ။သို႔ရာ တြင္ switch ကို manage လုပ္ရန္(သို႔မဟုတ္) gateway Address သတ္မွတ္ရန္ logical Vlan interface မ်ားကိုေတာ့ IP သတ္မွတ္လို႔ရပါတယ္။ေအာက္ပါအတိုင္းျဖစ္ပါတယ္။

Sw0(config)#int vlan ?
<1-1005>       Vlan interface number

Sw0(config)#int vlan 1

Sw0(config-if)#ip addr 192.168.0.2 255.255.255.0

Vlan Router Configuration 

Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname VlanRouter                         //setting up the host name to Router

VlanRouter(config)#username Admin password @dmi@

VlanRouter(config)#enable secret @vlan                 //setting up the enable secret to Router

VlanRouter(config)#line vty 0 10                   //setting up the virtual terminal line to Router

VlanRouter(config-line)#login local

VlanRouter(config)#int f0/0                                                   //entering the interface f0/0

VlanRouter(config-if)#no shutdown                                              //doing the interface up

VlanRouter(config-if)#int f0/0.1                                //configure the sub-interface for Vlan

VlanRouter(config-if)#encapsulation dot1q 20            //configure encapsulation for Vlan 20

VlanRouter(config-if)#ip addr 192.168.20.1 255.255.255.0              //gate-way for Vlan 20

VlanRouter(config-if)#int f0/0.2                         //configure the sub-interface for next Vlan

VlanRouter(config-if)#encapsulation dot1q 30            //configure encapsulation for Vlan 30

VlanRouter(config-if)#ip addr 192.168.30.1 255.255.255.0              //gate-way for Vlan30

VlanRouter(config-if)#int f0/0.3                         //configure the sub-interface for next Vlan

VlanRouter(config-if)#encapsulation dot1q 40            //configure encapsulation for Vlan 40

VlanRouter(config-if)#ip address 192.168.40.1 255.255.255.0          //gate-way for Vlan40

VlanRouter(config-if)#int f0/0.4                       //configure the sub-interface for native Vlan

VlanRouter(config-if)#encapsulation dot1q 1     //configure the sub-interface for native Vlan

VlanRouter(config-if)#ip address 192.168.0.1 255.255.255.0      //gate-way for native Vlan

 
အခုဆိုရင္ Vlan တစ္ခုခ်င္းစီအတြက္ Gate-way နဲ႔ Sub-interface ေတြသတ္မွတ္ျပီးပါျပီ။လက္ရွိအေျခေနမွာ host တစ္ခုခ်င္းစီကို static IP ေပးျပီးေတာ့ပဲျဖစ္ေစ၊DHCP နဲ႔ပဲျဖစ္ေစသံုးလို႔ရပါျပီ။သို႔ေသာ္ DHCP အတြက္ Vlan Router မွာထပ္ျပီး Configuration ခ်ေပးရအံုးမွာပါ။ေအာက္မွာေရးေပးထားတဲ့ပံုစံအတုိင္းပါပဲ။  
         

VlanRouter(config)#ip dhcp pool ?        

 WORD               Pool name

VlanRouter(config)#ip dhcp pool Vlan20_DHCP                                           //Pool Name for Vlan 20  

VlanRouter(dhcp-config)#network 192.168.20.0 255.255.255.0                         //Network for Vlan 20

VlanRouter(dhcp-config)#default-router ?                                

 A.B.C.D                       Router's IP address

VlanRouter(dhcp-config)#default-router 192.168.20.1                         //Default gate-way for Vlan 20

VlanRouter(dhcp-config)#exit

VlanRouter(config)#ip dhcp ?

 excluded-address           Prevent DHCP from assigning certain addresses 

 pool                               Configure DHCP address pools

VlanRouter(config)#ip dhcp exc 192.168.20.1 192.168.20.100                //Excluded-address for Vlan 20

Inter Vlan Routing

က်န္တဲ့ Vlan မ်ားကိုလည္း အထက္ပါအတိုင္း DHCP ကို Configure ခ်ေပးနိုင္ပါတယ္။သို႔မဟုတ္ IP Address မ်ားကို Manual Assign လုပ္ခ်င္လည္းလုပ္နိုင္ပါတယ္။ဒီေနရာမွာ excluded-address ကို 100 လို႔ထားခဲ့တဲ့အ တြက္ DHCP ေတာင္းတဲ့အခ်ိန္မွာ 192.168.20.101 ကေနစျပီးအလုပ္လုပ္မွာျဖစ္ပါတယ္။သို႔ရာတြင္လက္ရွိ အေျခေနထိ Vlan တစ္ခုနဲ႔တစ္ခု Route လုပ္နုိင္ျခင္းမရွိေသးပါ။ထို႔အတြက္ Vlan တစ္ခုနဲ႔တစ္ခု Route နုိင္ ရန္ျပဳလုပ္ေပးရပါအံုးမယ္။ထို႔အတြက္ switch တစ္ခုခ်င္းစီမွာ Default Gate Way ေတြလုိပါတယ္။Default Gate Way ကို Native VLan ထဲမွာပဲထားပါမယ္။

Sw0(config)#int vlan 1                                                             //Native  Vlan Interface for Sw0 Switch

Sw0(config-if)#ip addr 192.168.0.2 255.255.255.0              //Native  Vlan Interface Address(gate way)

Sw0(config-if)#no shut                                                           //doing up  Vlan Interface for Sw0 Switch     

%LINK-5-CHANGED: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

Sw1(config)#int vlan 1                                                                 //Native  Vlan Interface for Sw1 Switch

Sw1(config-if)#ip addr 192.168.0.3 255.255.255.0                 //Native  Vlan Interface Address(gate way)

Sw1(config-if)#no shut                                                               //doing up  Vlan Interface for Sw0 Switch

%LINK-5-CHANGED: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

Sw2(config)#int vlan 1                                                              //Native  Vlan Interface for Sw0 Switch

Sw2(config-if)#ip addr 192.168.0.4 255.255.255.0                //Native  Vlan Interface Address(gate way)

Sw2(config-if)#no shut                                                            //doing up  Vlan Interface for Sw0 Switch

%LINK-5-CHANGED: Interface Vlan1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up    
                
Switch ေတြအတြက္ လိုအပ္တဲ့ Gate way ေတြကိုသတ္မွတ္ေပးျပီးျပီျဖစ္လို႔ Vlan အခ်င္းခ်င္း Route ဖို႔ပဲက်န္ပါေတာ့တယ္။Route တဲ႔ေနရာမွာ အနီးဆံုး switch ရဲ့ gate-way ကိုပဲ Next Host Address အျဖစ္ ယူပါ့မယ္..။ေအာက္ပါ command အတုိင္းပါပဲ။

VlanRouter(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2        //Route configuration for Inter Vlan Routing

ဒါဆိုရင္ Vlan ခ်င္းခ်င္း Route ႏိုင္ပါျပီ။Vlan Router မွာ Routing Table ရဲ့ Status ကိုေအာက္ပါအတုိင္းျပန္ ႀကည့္နိုင္ပါတယ္။

VlanRouter#sh ip route

Gateway of last resort is 192.168.0.2 to network 0.0.0.0

C    192.168.0.0/24 is directly connected, FastEthernet0/0.4

C    192.168.20.0/24 is directly connected, FastEthernet0/0.1

C    192.168.30.0/24 is directly connected, FastEthernet0/0.2

C    192.168.40.0/24 is directly connected, FastEthernet0/0.3

S*   0.0.0.0/0 [1/0] via 192.168.0.2

Vlan မ်ားကို 192.168.0.2 မွတစ္ဆင့္ Route လုပ္ထားတာကိုေတြ႕ရမွာပါ။ဒါဆိုရင္ေတာ့ InterVlan Routing ပီးပါျပီ။ေနာက္ Access-list  ေတြကိုသံုးျပီး ဘယ္ Vlan ကေတာ့ျဖင့္ Internet မသံုးနုိင္ပါ၊Telnet ကို Access မလုပ္ေစခ်င္ပါ၊အျခား Vlan တစ္ခုခုအား Access မလုပ္ေစခ်င္ပါ စသည္ျဖင့္သတ္မွတ္နုိင္ပါတယ္။

ေလးစားစြာျဖင့္
Win Tun Hlaing