The goal of this lab scenario is for you to learn about Ethernet frame formats and how to configure them using the Cisco Internetwork Operating System (IOS) software. You will be presented with protocol analysis output of a frame format and be challenged to enter IOS configuration commands that would cause an analyzer to see the frames shown in the output. You can check your work by capturing packets yourself with a protocol analyzer. You will also be given the output of a relevant Cisco debug command as an additional hint.
The setup for the lab scenario is very simple. You need only one router that is connected to a shared Ethernet. You can also connect your protocol analyzer to the shared Ethernet. For example, you could connect your router and a PC running a software protocol analyzer to a hub, as shown in Figure 1.
The output shown in this scenario was produced using the WildPackets EtherPeek software, which is one of the easiest analyzers to use. For recommendations of other protocol analyzers, see the list provided by Charles Spurgeon at his Ethernet Web site.
On the Cisco router, configure the IOS commands that resulted in the following protocol analyzer output.
Flags: 0x80 802.3
Status: 0x00
Packet Length:82
Timestamp: 13:02:34.774000 04/27/2001
802.3 Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:00:0C:05:3E:80
LLC Length: 64
802.2 Logical Link Control (LLC) Header
Dest. SAP: 0xAA SNAP
Source SAP: 0xAA SNAP
Command: 0x03 Unnumbered Information
Protocol: 0x0000008137 Novell Netware
IPX - NetWare Protocol
Checksum: 0xFFFF
Length: 56
Transport Control:
Reserved: %0000
Hop Count: %0000
Packet Type: 1 RIP
Destination Network: 0x00000400
Destination Node: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Destination Socket: 0x0453 Routing Information Protocol
Source Network: 0x00000400
Source Node: 00:00:0C:05:3E:80
Source Socket: 0x0453 Routing Information Protocol
RIP - Routing Information Protocol
Operation: 2 Response
Network Number Set # 1
Network Number: 0x00000100
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 2
Network Number: 0x00000200
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 3
Network Number: 0x00000300
Number of Hops: 1
Number of Ticks: 1
Frame Check Sequence: 0x00000000
Flags: 0x00
Status: 0x00
Packet Length:74
Timestamp: 13:02:34.777000 04/27/2001
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:00:0C:05:3E:80
Protocol Type:0x8137 Novell NetWare
IPX - NetWare Protocol
Checksum: 0xFFFF
Length: 56
Transport Control:
Reserved: %0000
Hop Count: %0000
Packet Type: 1 RIP
Destination Network: 0x00000100
Destination Node: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Destination Socket: 0x0453 Routing Information Protocol
Source Network: 0x00000100
Source Node: 00:00:0C:05:3E:80
Source Socket: 0x0453 Routing Information Protocol
RIP - Routing Information Protocol
Operation: 2 Response
Network Number Set # 1
Network Number: 0x00000400
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 2
Network Number: 0x00000200
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 3
Network Number: 0x00000300
Number of Hops: 1
Number of Ticks: 1
Frame Check Sequence: 0x00000000
Flags: 0x80 802.3
Status: 0x00
Packet Length:78
Timestamp: 13:02:34.778000 04/27/2001
802.3 Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:00:0C:05:3E:80
LLC Length: 60
802.2 Logical Link Control (LLC) Header
Dest. SAP: 0xE0 Novell Netware
Source SAP: 0xE0 Novell Netware
Command: 0x03 Unnumbered Information
IPX - NetWare Protocol
Checksum: 0xFFFF
Length: 56
Transport Control:
Reserved: %0000
Hop Count: %0000
Packet Type: 1 RIP
Destination Network: 0x00000200
Destination Node: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Destination Socket: 0x0453 Routing Information Protocol
Source Network: 0x00000200
Source Node: 00:00:0C:05:3E:80
Source Socket: 0x0453 Routing Information Protocol
RIP - Routing Information Protocol
Operation: 2 Response
Network Number Set # 1
Network Number: 0x00000400
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 2
Network Number: 0x00000100
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 3
Network Number: 0x00000300
Number of Hops: 1
Number of Ticks: 1
Extra bytes (Padding):
. 01
Frame Check Sequence: 0x00000000
Flags: 0x80 802.3
Status: 0x00
Packet Length:74
Timestamp: 13:02:34.782000 04/27/2001
802.3 Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:00:0C:05:3E:80
Length: 56
IPX - NetWare Protocol
Checksum: 0xFFFF
Length: 56
Transport Control:
Reserved: %0000
Hop Count: %0000
Packet Type: 1 RIP
Destination Network: 0x00000300
Destination Node: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Destination Socket: 0x0453 Routing Information Protocol
Source Network: 0x00000300
Source Node: 00:00:0C:05:3E:80
Source Socket: 0x0453 Routing Information Protocol
RIP - Routing Information Protocol
Operation: 2 Response
Network Number Set # 1
Network Number: 0x00000400
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 2
Network Number: 0x00000100
Number of Hops: 1
Number of Ticks: 1
Network Number Set # 3
Network Number: 0x00000200
Number of Hops: 1
Number of Ticks: 1
Frame Check Sequence: 0x00000000
The following text shows the results of the debug ipx routing command.
IPXRIP: positing full update to 400.ffff.ffff.ffff via Ethernet0 (broadcast)
IPXRIP: positing full update to 100.ffff.ffff.ffff via Ethernet0 (broadcast)
IPXRIP: positing full update to 200.ffff.ffff.ffff via Ethernet0 (broadcast)
IPXRIP: positing full update to 300.ffff.ffff.ffff via Ethernet0 (broadcast)
IPXRIP: sending update to 400.ffff.ffff.ffff via Ethernet0
IPXRIP: sending update to 100.ffff.ffff.ffff via Ethernet0
IPXRIP: sending update to 200.ffff.ffff.ffff via Ethernet0
IPXRIP: sending update to 300.ffff.ffff.ffff via Ethernet0
IPXRIP: src=400.0000.0c05.3e80, dst=400.ffff.ffff.ffff, packet sent
network 100, hops 1, delay 1
network 200, hops 1, delay 1
network 300, hops 1, delay 1
IPXRIP: src=100.0000.0c05.3e80, dst=100.ffff.ffff.ffff, packet sent
network 400, hops 1, delay 1
network 200, hops 1, delay 1
network 300, hops 1, delay 1
IPXRIP: src=200.0000.0c05.3e80, dst=200.ffff.ffff.ffff, packet sent
network 400, hops 1, delay 1
network 100, hops 1, delay 1
network 300, hops 1, delay 1
IPXRIP: src=300.0000.0c05.3e80, dst=300.ffff.ffff.ffff, packet sent
network 400, hops 1, delay 1
network 100, hops 1, delay 1
network 200, hops 1, delay 1
After successfully configuring the router and optionally proving to yourself with a protocol analyzer that you did it correctly, take a look at the analyzer output and answer the following questions:
On the Cisco router, configure the IOS commands that resulted in the following protocol analyzer output.
Flags: 0x80 802.3 Status: 0x00 Packet Length:64 Timestamp: 12:53:45.787000 04/27/2001 802.3 Header Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast Source: 00:00:0C:05:3E:80 LLC Length: 36 802.2 Logical Link Control (LLC) Header Dest. SAP: 0xAA SNAP Source SAP: 0xAA SNAP Command: 0x03 Unnumbered Information Protocol: 0x0000000806 IP ARP ARP - Address Resolution Protocol Hardware: 6 IEEE 802 Network Protocol: 0x0800 IP Hardware Address Length: 6 Protocol Address Length: 4 Operation: 1 ARP Request Sender Hardware Address: 00:00:0C:05:3E:80 Sender Internet Address: 172.16.10.1 Target Hardware Address: 00:00:00:00:00:00 (ignored) Target Internet Address: 172.16.10.100 Extra bytes (Padding): .......... 00 00 00 00 00 00 00 00 00 00 Frame Check Sequence: 0x00000000
Flags: 0x00 Status: 0x00 Packet Length:64 Timestamp: 12:53:45.787000 04/27/2001 Ethernet Header Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast Source: 00:00:0C:05:3E:80 Protocol Type:0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length: 6 Protocol Address Length: 4 Operation: 1 ARP Request Sender Hardware Address: 00:00:0C:05:3E:80 Sender Internet Address: 172.16.10.1 Target Hardware Address: 00:00:00:00:00:00 (ignored) Target Internet Address: 172.16.10.100 Extra bytes (Padding): ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .. 00 00 Frame Check Sequence: 0x00000000
The following text shows the results of the debug arp command after a ping command was entered. To help you see the timing of packets, the service timestamps debug datetime msec was first entered in global configuration mode.
May 17 05:26:26.123: IP ARP: creating incomplete entry for IP address: 172.16.10.100
May 17 05:26:26.123: IP ARP: sent req src 172.16.10.1 0000.0c05.3e80,
dst 172.16.10.100 0000.0000.0000 Ethernet0
May 17 05:26:26.127: IP ARP: sent req src 172.16.10.1 0000.0c05.3e80,
dst 172.16.10.100 0000.0000.0000 Ethernet0.
On the Cisco router, configure the IOS commands that resulted in the following protocol analyzer output.
Flags: 0x00 Status: 0x00 Packet Length:78 Timestamp: 14:04:02.880000 04/27/2001 Ethernet Header Destination: 01:00:5E:00:00:0A Source: 00:00:0C:05:3E:80 Protocol Type:0x0800 IP IP Header - Internet Protocol Datagram Version: 4 Header Length: 5 (20 bytes) Type of Service: %00000000 Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability Total Length: 60 Identifier: 0 Fragmentation Flags: %000 May Fragment Last Fragment Fragment Offset: 0 (0 bytes) Time To Live: 2 Protocol: 88 EIGRP Header Checksum: 0x224F Source IP Address: 172.16.10.1 Dest. IP Address: 224.0.0.10 No IP Options EIGRP - Enhanced Interior Gateway Routing Protocol Version: 2 Opcode: 5 Hello Checksum: 0xF06E Flags: 0x00000000 Sequence Number: 0 Ack Number: 0 Autonomous System #: 100 Remaining EIGRP Data: ................ 00 01 00 0C 01 00 01 00 00 00 00 0F 00 04 00 08 ........ 0B 00 00 00 00 00 00 00
Flags: 0x80 802.3
Status: 0x00
Packet Length:1518
Timestamp: 14:04:03.142000 04/27/2001
802.3 Header
Destination: 01:80:C2:00:00:14 Mcast OSI IS-IS L1
Source: 00:00:0C:05:3E:80
LLC Length: 1500
802.2 Logical Link Control (LLC) Header
Dest. SAP: 0xFE ISO Network Layer Protocol
Source SAP: 0xFE ISO Network Layer Protocol
Command: 0x03 Unnumbered Information
OSI - Open Systems Interconnection
Protocol ID: 131 IS-IS
IS-IS - Intermediate System To Intermediate System
Header Length: 27
Version: 1
ID Length: 0
Packet Type: 15 L1 Router Hello
Version: 1
Reserved: 0
Max Area Address: 0
Level 1 Router Hello
Reserved: %000000
Circuit Type: %11 Level 1 And Level 2
Source ID: 00:00:00:00:00:05
Holding Time: 9
Packet Length: 1497
Priority: 64
LAN ID: 00:00:00:00:00:05:04
Field Code: 129 Unknown Field Code
Field Length: 1
Unknown Field Data:
. CC
Field Code: 1 Area Addresses
Field Length: 4
Unused:
.I"" 03 49 22 22
Field Code: 132 Unknown Field Code
Field Length: 4
Unknown Field Data:
.... AC 10 0A 01
Field Code: 8 Padding
Field Length: 255
Padding Data: (omitted)
Frame Check Sequence: 0x00000000
The following text shows the results of the debug ip packet detail command.
IP: s=172.16.10.1 (local), d=224.0.0.10 (Ethernet0), len 28, sending broad/multicast, proto=88 IP: s=172.16.20.1 (local), d=224.0.0.10 (Ethernet1), len 28, sending broad/multicast, proto=88
The following text shows the results of the debug isis update-packets command.
ISIS-Update: Building L1 LSP ISIS-Update: TLV code mismatch (2, 84) ISIS-Update: Full SPF required ISIS-Update: Building L2 LSP ISIS-Update: TLV code mismatch (2, 84) ISIS-Update: Full SPF required
Challenge One demonstrates the different Ethernet frame types available for Novell NetWare. The following commands were used on the Cisco router:
Albany#config t Enter configuration commands, one per line. End with CNTL/Z. Albany(config)#ipx routing Albany(config)#int e0 Albany(config-if)#ipx network 400 encapsulation ? arpa Novell Ethernet_II hdlc HDLC on serial links novell-ether Novell Ethernet_802.3 sap IEEE 802.2 on Ethernet, FDDI, Token Ring snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI Albany(config-if)#ipx network 400 encapsulation snap Albany(config-if)#ipx network 100 encapsulation arpa secondary Albany(config-if)#ipx network 200 encapsulation sap secondary Albany(config-if)#ipx network 300 encapsulation novell-ether secondary
0x8137
0xE0
The first two bytes of an IPX header start with 0xFFFF.
Because of split horizon, the router does not advertise the route that is configured for the encapsulation. Instead, it advertises the other routes so that stations receiving the advertisement learn about the other networks.
Challenge Two demonstrates the capability to change the frame format used for ARPs. The following commands were used on the Cisco router:
Albany#config t Enter configuration commands, one per line. End with CNTL/Z. Albany(config)#int e0 Albany(config-if)#arp ? arpa Standard arp protocol frame-relay Enable ARP for a frame relay interface probe HP style arp protocol snap IEEE 802.3 style arp timeout Set ARP cache timeout Albany(config-if)#arp snap
0x0806
Most implementations of IP use Ethernet Version II, but a few implementations use SNAP. A Cisco router sends IP frames using the Ethernet Version II frame format, unless it receives IP frames in the SNAP format. If the router sees that a station is using SNAP frames for IP, the router sends SNAP frames. But, before the router can send an IP frame to a destination, it must find the MAC address using ARP. In order to reach a station configured for SNAP, the router must send the ARP using SNAP.
There was no reply from 172.16.10.100. The router automatically tried the Ethernet II ARP after getting no reply using the SNAP ARP. Nothing was reconfigured at the router.
Challenge Three shows routing protocol packets. The following commands were used on the Cisco router:
Albany#config t Enter configuration commands, one per line. End with CNTL/Z. Albany(config)#router eigrp 100 Albany(config-router)#network 172.16.0.0 Albany(config)#router isis 100 Albany(config-router)#net ? XX.XXXX. ... .XXX.XX Network entity title (NET) Albany(config-router)#net 49.2222.0000.0000.0005.00 Albany(config-router)#exit Albany(config)#int e0 Albany(config)#ip address 172.16.10.1 255.255.255.0 Albany(config-if)#ip router isis 100 Albany(config-if)#exit Albany(config#int e1 Albany(config-if)#ip address 172.16.20.1 255.255.255.0 Albany(config-if)#ip router isis 100
IP
Nothing. IS-IS runs directly on top of 802.2. Unlike other routing protocols, which are encapsulated in a network-layer, IS-IS is encapsulated in only a data-link-layer header.
0xFE
 |
|
 |
|
Back to the Troubleshooting Campus Networks home page.
Copyright © Priscilla Oppenheimer.
Hosted by Open Door Networks.