Thursday , December 26 2024

how to change the size of the history command buffer

I spent last week skiing in Polish winter capital – Zakopane. You probably noticed that I didn’t post any new article but weather was wonderful and I had no motivation to turn on my notebook ;).

As plenty of things, after my vacation, keeping me busy, today a short post about command buffer size.

By default the size of the history command buffer is 10. This means that last 10 commands entered by the user can be stored on the memory and repeated using the CLI “↑” key. The range of the command buffer can be tuned and its range is 0 to 256.

How to change the size of the history command buffer?
[labnarioR1]user-interface vty 1
[labnarioR1-ui-vty1] history-command max-size 50

Now, using the CLI “↑” key, we can repeat last 50 commands entered by the user. Command can be used on Console, VTY and TTY user terminal interfaces.

Read More »

L2TP LAC-auto-initiated tunnel mode

 Layer 2 tunneling protocol (L2TP) connection can be established in the following tree modes:

  • NAS-initializated
  • Client-initializated
  • LAC-auto-initializated.

This is not my job to tell you about the theory. You can find plenty of information about L2TP on the internet. Let’s focus today on the third mode.

In most cases, an L2TP user directly dials up to a LAC, and only PPP connection is established between the user and LAC. Unlike NAS and Client-initializated modes, in LAC-auto-initializated mode users can connect to the LAC by sending IP packets. At the same time LAC needs to have a PPP user created and a tunnel with the LNS established. The two ends of an L2TP tunnel reside on LAC and LNS respectively. As you can see from the topology below, in LAC-auto-initiated mode, LAN can be directly connected to LAC.

L2TP topology

Let’s look how to configure L2TP on Huawei routers.

Configure IP addresses for the user-side and public-network-side interfaces on LAC and LNS:

LAC
#
interface Ethernet4/0/0
 ip address 10.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 100.1.1.1 255.255.255.0 

LNS
#
interface Ethernet4/0/0
 ip address 172.16.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 100.1.1.2 255.255.255.0

Enable L2TP globally on LAC and configure parameters of L2TP group to establish an L2TP connection to LNS:

[LAC]l2tp enable 
[LAC]l2tp-group 1
[LAC-l2tp1]tunnel name lac
[LAC-l2tp1]tunnel password simple  labnario
[LAC-l2tp1]start l2tp ip 100.1.1.2 fullusername labnario

Configure authentication mode, user name and password for virtual-template interface. IP address will be negotiated:

[LAC]interface Virtual-Template 1
[LAC-Virtual-Template1]ppp authentication-mode chap 
[LAC-Virtual-Template1] ppp chap user labnario
[LAC-Virtual-Template1] ppp chap password simple labnario
[LAC-Virtual-Template1] ip address ppp-negotiate

Enable LAC to dial up and establish an L2TP tunnel:

[LAC-Virtual-Template1]l2tp-auto-client enable

Configure a static route so that packets sent to 172.16.1.0 are forwarded through L2TP tunnel:

[LAC]ip route-static 172.16.1.0 255.255.255.0 Virtual-Template1

Configure AAA on the LNS:

[LNS]display current-configuration configuration aaa
#
aaa 
 local-user labnario password cipher %$%$9\1U#=BaE-BjypW#.c8!8I$K%$%$
 local-user labnario service-type ppp

Configure an IP address pool to allocate an IP address to the dial-up interface of the LAC:

[LNS]ip pool 1
[LNS-ip-pool-1]gateway-list 192.168.1.1 
[LNS-ip-pool-1] network 192.168.1.0 mask 255.255.255.0

Create a virtual interface template and configure PPP negotiation parameters:

[LNS]interface Virtual-Template1
[LNS-Virtual-Template1] ppp authentication-mode chap 
[LNS-Virtual-Template1] remote address pool 1
[LNS-Virtual-Template1] ip address 192.168.1.1 255.255.255.0

Enable L2TP and configure parameters for an L2TP group:

[LNS]l2tp enable 
[LNS]l2tp-group 1
[LNS-l2tp1]allow l2tp virtual-template 1 remote lac
[LNS-l2tp1] tunnel password simple  labnario
[LNS-l2tp1] tunnel name lns

Configure a static route so that packets sent to 10.1.1.0 are forwarded through L2TP tunnel:

[LNS]ip route-static 10.1.1.0 255.255.255.0 Virtual-Template1

Verify if L2TP session was established properly:

[LAC]dis l2tp session 

 LocalSID  RemoteSID  LocalTID  
  1         1          1          

 Total session = 1

[LAC]dis l2tp tunnel 

 Total tunnel = 1
 LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
 1        1         100.1.1.2        42246  1        lns

Check communication between PCs:

PC>ping 172.16.1.1

Ping 172.16.1.1: 32 data bytes, Press Ctrl_C to break
From 172.16.1.1: bytes=32 seq=1 ttl=126 time=16 ms
From 172.16.1.1: bytes=32 seq=2 ttl=126 time=15 ms
From 172.16.1.1: bytes=32 seq=3 ttl=126 time=15 ms
From 172.16.1.1: bytes=32 seq=4 ttl=126 time=16 ms
From 172.16.1.1: bytes=32 seq=5 ttl=126 time<1 ms

--- 172.16.1.1 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 0/12/16 ms

Let’s catch packets on the link between LAC and LNS:

L2TP capture packets

Read More »

from Huawei CLI – user-interface current

Sometimes we want to change any parameter of our current user interface quickly, let’s say terminal length or idle timeout, but we don’t know which user interface we are currently using. To check that we use display user-interface command. Then we try to find the “+” mark in the command output, which means that this is our current user interface. After that we have to go back to our user interface configuration and change its parameters. Why not to do that in a quicker manner?

[labnario]display user-interface
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int
  0    CON 0    9600       -     15    -           P     -
  33   AUX 0    9600       -     0     -           P     -  	
 + 34   VTY 0              -     0     3           A     -  
 + 34   VTY 0              -     0     3           A     -
  35   VTY 1               -     0     -           A     -
  36   VTY 2               -     0     -           A     -
  37   VTY 3               -     0     -           A     -
  38   VTY 4               -     0     -           A     -
  50   VTY 16              -     15    -           A     -
  51   VTY 17              -     15    -           A     -
  52   VTY 18              -     15    -           A     -
  53   VTY 19              -     15    -           A     -
  54   VTY 20              -     15    -           A     -
UI(s) not in async mode -or- with no hardware support:
1-32
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.

In case we want to change any parameter of our current user terminal interface, without checking which user interface we are using, “current” option for the user-interface command can be used.

Let’s look at VTY configuration:

[labnario]dis current-configuration configuration user-interface
#
user-interface vty 0 4
 authentication-mode aaa
 idle-timeout 15 0
 protocol inbound ssh

Now we can change configuration of current user-interface:

[labnario]user-interface current
[labnario-ui-vty0]screen-length 0
[labnario-ui-vty0]idle-timeout 20 0

[labnario-ui-vty0]dis this
#
user-interface vty 0
 authentication-mode aaa
 idle-timeout 20 0
 screen-length 0
 protocol inbound ssh
user-interface vty 1 4
 authentication-mode aaa
 idle-timeout 15 0
 screen-length 40
 protocol inbound ssh

Read More »

BGP MED attribute on Huawei router

Some time ago I published article about BGP local preference attribute. Today I’d like to show you how to configure BGP MED attribute.

What is it for?

The multi-exit discriminator MED determines an optimal route for incoming traffic of an AS. When a BGP device obtains multiple routes to the same destination but with different next hops from EBGP peers, the BGP device selects the route with the smallest MED value as the optimal route. Simply saying, configuring MED attribute, we would like to show the next hop for traffic coming from EBGP peer. The MED attribute is exchanged only between two neighboring ASs. The AS that receives the MED attribute does not advertise it to any other ASs.

Let’s look at typical scenario for MED attribute configuration:

BGP MED topology

If you want to recall the BGP configuration, just go to “basic BGP in Huawei CLI” article.

What we want to do in this lab is to force Warsaw router to send traffic to network 4.4.4.4 through Krakow router. Of course we will use BGP MED attribute to achieve this.

Configure IGP for AS200:

[Wroclaw]dis cur config ospf
#
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 150.1.1.0 0.0.0.3

[Krakow]dis cur config ospf
#
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 150.2.2.0 0.0.0.3

[Lublin]dis cur config ospf
#
ospf 1
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 150.1.1.0 0.0.0.3
  network 150.2.2.0 0.0.0.3

Configure IBGP and BGP:

[Warsaw]dis cur config bgp
#
bgp 100
 router-id 1.1.1.1
 peer 200.1.1.2 as-number 200
 peer 200.2.2.2 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  network 1.1.1.1 255.255.255.255
  peer 200.1.1.2 enable
  peer 200.2.2.2 enable

[Wroclaw]dis cu config bgp
#
bgp 200
 router-id 2.2.2.2
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 connect-interface LoopBack0
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack0
 peer 200.1.1.1 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 3.3.3.3 next-hop-local
  peer 4.4.4.4 enable
  peer 4.4.4.4 next-hop-local
  peer 200.1.1.1 enable

[Krakow]dis cur config bgp
#
bgp 200
 peer 2.2.2.2 as-number 200
 peer 2.2.2.2 connect-interface LoopBack0
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack0
 peer 200.2.2.1 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 2.2.2.2 next-hop-local
  peer 4.4.4.4 enable
  peer 4.4.4.4 next-hop-local
  peer 200.2.2.1 enable

[Lublin]dis cur config bgp
#
bgp 200
 peer 2.2.2.2 as-number 200
 peer 2.2.2.2 connect-interface LoopBack0
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable

Configure Loopback100 on Lublin router and add its address 100.100.100.100/32 to BGP:

[Lublin]interface LoopBack 100
[Lublin-LoopBack100]ip add 100.100.100.100 32

[Lublin-bgp]ipv4-family unicast 
[Lublin-bgp-af-ipv4]network 100.100.100.100 255.255.255.255

View BGP routing table of Warsaw router:

<Warsaw>dis bgp routing-table

 BGP Local router ID is 1.1.1.1 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 Total Number of Routes: 3
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   1.1.1.1/32         0.0.0.0         0                     0      i
 *>   100.100.100.100/32 200.1.1.2                             0      200i
 *                       200.2.2.2                             0      200i

<Warsaw>dis bgp routing-table 100.100.100.100

 BGP local router ID : 1.1.1.1
 Local AS number : 100
 Paths:   2 available, 1 best, 1 select
 BGP routing table entry information of 100.100.100.100/32:
 From: 200.1.1.2 (2.2.2.2)
 Route Duration: 00h00m29s  
 Direct Out-interface: GigabitEthernet0/0/0
 Original nexthop: 200.1.1.2
 Qos information : 0x0
 AS-path 200, origin igp, pref-val 0, valid, external, best, select, active, pre 
255
 Advertised to such 2 peers:
    200.1.1.2
    200.2.2.2
 BGP routing table entry information of 100.100.100.100/32:
 From: 200.2.2.2 (3.3.3.3)
 Route Duration: 01h21m00s  
 Direct Out-interface: GigabitEthernet0/0/1
 Original nexthop: 200.2.2.2
 Qos information : 0x0
 AS-path 200, origin igp, pref-val 0, valid, external, pre 255, not preferred for
 router ID
 Not advertised to any peer yet

As you can see from the output, there are 2 valid routes to 100.100.100.100. The route with the next hop 200.1.1.2 is the optimal route, because of a smaller router ID. A default value of MED is 0.

Now we can set MED attribute for routes advertised by Wroclaw router to Warsaw:

[Wroclaw]route-policy med permit node 10
Info: New Sequence of this List.
[Wroclaw-route-policy] apply cost 200

[Wroclaw]bgp 200
[Wroclaw-bgp]ipv4-family unicast
[Wroclaw-bgp-af-ipv4]peer 200.1.1.1 route-policy med export

Look at BGP routing table of Warsaw router once again:

[Warsaw]dis bgp routing-table 

 BGP Local router ID is 1.1.1.1 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 Total Number of Routes: 3
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   1.1.1.1/32         0.0.0.0         0                     0      i
 *>   100.100.100.100/32 200.2.2.2                             0      200i
 *                       200.1.1.2       200                   0      200i

[Warsaw]dis bgp routing-table 100.100.100.100

BGP local router ID : 1.1.1.1
Local AS number : 100
Paths: 2 available, 1 best, 1 select
BGP routing table entry information of 100.100.100.100/32:
From: 200.2.2.2 (3.3.3.3)
Route Duration: 01h30m40s
Direct Out-interface: GigabitEthernet0/0/1
Original nexthop: 200.2.2.2
Qos information : 0x0
AS-path 200, origin igp, pref-val 0, valid, external, best, select, active, pre
255
Advertised to such 2 peers:
200.1.1.2
200.2.2.2
BGP routing table entry information of 100.100.100.100/32:
From: 200.1.1.2 (2.2.2.2)
Route Duration: 00h00m29s
Direct Out-interface: GigabitEthernet0/0/0
Original nexthop: 200.1.1.2
Qos information : 0x0
AS-path 200, origin igp, MED 200, pref-val 0, valid, external, pre 255, not pref
erred for MED
Not advertised to any peer yet

As you can see, the router with the next hop 200.2.2.2 is the optimal route to 100.100.100.100. It was chosen because of MED attribute (smaller MED = best route).

To be sure just use tracert command on Warsaw router:

<Warsaw>tracert -a 1.1.1.1 100.100.100.100

traceroute to 100.100.100.100(100.100.100.100), max hops: 30 ,packet length: 40,press CTRL_C to break

1 200.2.2.2 60 ms 50 ms 30 ms

2 150.2.2.2 80 ms 60 ms 60 ms

Anyway, traffic from Lublin router to Warsaw still goes through Wroclaw router:

<Lublin>tracert -a 100.100.100.100 1.1.1.1

traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 150.1.1.1 50 ms 50 ms 40 ms

2 200.1.1.1 70 ms 60 ms 40 ms

At the end I have a question for you. Is it possible to compare MED attributes of routes, received from different EBGP peers? If yes, how to do this? Waiting for your comments.

Read More »

assigning multiple IP addresses to network interface

Why might we want to assign multiple IP addresses to the same interface? The following are the most common scenarios:

  • hosts in the network segment use IP addresses on different networks
  • there are not enough host addresses on a logical network segment, suppose a /24 address space and 300 hosts
How to configure multiple IP addresses on Huawei devices?

Let’s configure a pair of routers connected via a Gigabit Ethernet link and use four different logical networks.

[labnarioR1]int gi 0/0/0
[labnarioR1-GigabitEthernet0/0/0]ip add 192.168.12.1 255.255.255.0
[labnarioR1-GigabitEthernet0/0/0]ip add 10.0.12.1 255.255.255.0 sub
[labnarioR1-GigabitEthernet0/0/0]ip add 10.0.22.1 255.255.255.0 sub
[labnarioR1-GigabitEthernet0/0/0]ip add 10.0.32.1 255.255.255.0 sub

[labnarioR2]int gi 0/0/0
[labnarioR1-GigabitEthernet0/0/0]ip add 192.168.12.2 255.255.255.0
[labnarioR2-GigabitEthernet0/0/0]ip add 10.0.12.2 255.255.255.0 sub
[labnarioR2-GigabitEthernet0/0/0]ip add 10.0.22.2 255.255.255.0 sub
[labnarioR2-GigabitEthernet0/0/0]ip add 10.0.32.2 255.255.255.0 sub

Now ping test can be done to check connectivity:

[labnarioR1-GigabitEthernet0/0/0]ping 192.168.12.2
  PING 192.168.12.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.12.2: bytes=56 Sequence=1 ttl=255 time=50 ms

[labnarioR1-GigabitEthernet0/0/0]ping 10.0.12.2
  PING 10.0.12.2: 56  data bytes, press CTRL_C to break
    Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=50 ms

[labnarioR1-GigabitEthernet0/0/0]ping 10.0.22.2
  PING 10.0.22.2: 56  data bytes, press CTRL_C to break
    Reply from 10.0.22.2: bytes=56 Sequence=1 ttl=255 time=50 ms

[labnarioR1-GigabitEthernet0/0/0]ping 10.0.32.2
  PING 10.0.32.2: 56  data bytes, press CTRL_C to break
    Reply from 10.0.32.2: bytes=56 Sequence=1 ttl=255 time=50 ms

Read More »