1- ISO image of CUCM, it can be found at www.cisco.com

2- VMware workstation, as it is the compatible virtualization tool.

3- GNS3 with a router IOS.

For the setup of CUCM there are few components that are required, there is the essential part that without it CUCM will not install. It is NTP. We would use GNS3, to connect the CUCM to Router with NTP configurations on it. Figure one shows the essential configurations, and the connectivity.

Figure 1: GNS3

The Cloud would be configured with port that is connecting to the VMware network. Alternately, a Windows Server can be installed in VMware, configured as Domain Controller, DNS server, and NTP server.

Second component that might require is DNS. While configuring CUCM there is the option of installing DNS client, if you isntall it. then the hostname of CUCM should be resolvable. For this tutorial i have not done that. Although, for a real practice it is best to configure the Windows Server. As other operations can be practiced as well. Such as user authentications, and user related activities.

In part two, We would look into how to create the VMware machine, as that is the second step. Mistakes in creating the VM is equal to many hours wasted in trial and error solution.

Lets see a sample configuration of how to do it. First, configure one Router to be the client (dialer) that will ask for ip address through DHCP. We have configured Chap Authentication as well. Remember, that since we are running PPPoE, a virtual Dialer (interface) has to be configured with all the details, and lastly applied to the Ethernet interface.

R4(config)#interface Dialer1

R4(config-if)# ip address dhcp

R4(config-if)# encapsulation ppp

R4(config-if)# dialer pool 6

R4(config-if)# ppp chap hostname R4

R4(config-if)# ppp chap password 0 cisco

R4(config-if)#exit

R4(config)#interface Ethernet0/1

R4(config-if)# no ip address

R4(config-if)# pppoe enable

R4(config-if)# pppoe-client dial-pool-number 6

Second, we would configure the other Router with DCHP scope, and to be the server for PPPoE. We would also configure local username and password for chap authentication.

R6(config)#interface Virtual-Template1

R6(config-if)# ip address 155.1.146.6 255.255.255.0

R6(config-if)# peer default ip address dhcp-pool VLAN146

R6(config-if)# ppp authentication chap

R6(config-if)# exit

R6(config)#ip dhcp pool VLAN146

R6(dhcp-config)#   network 155.1.146.0 255.255.255.0

R6(dhcp-config)#exit

R6(config)#bba-group pppoe MYPPP

R6(config-bba-group)# virtual-template 1

R6(config-bba-group)#exit

R6(config)#interface Ethernet0/1

R6(config-if)# no ip address

R6(config-if)# pppoe enable group MYPPP

Lets try some pings

R6(config)#bba-group pppoe MYPPP

R6(config-bba-group)# virtual-template 1

R6(config-bba-group)#e

*Sep 22 18:30:41.911: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

*Sep 22 18:30:42.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

R6(config-bba-group)#exit

We notice that the ping command for size 1500 failed. Lets find out why.

R6#show int virtual-access 2.1

Virtual-Access2.1 is up, line protocol is up

Hardware is Virtual Access interface

Internet address is 155.1.146.6/24

MTU 1492 bytes, BW 100000 Kbit/sec, DLY 100000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Open

Open: IPCP

PPPoE vaccess, cloned from Virtual-Template1

Vaccess status 0×0

Keepalive set (10 sec)

72 packets input, 11972 bytes

70 packets output, 9604 bytes

Last clearing of “show interface” counters never

While at R4 we have.

R4#show int dialer 1

Dialer1 is up, line protocol is up (spoofing)

Hardware is Unknown

Internet address is 155.1.146.2/24

MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Closed, loopback not set

Keepalive set (10 sec)

DTR is pulsed for 1 seconds on reset

Interface is bound to Vi1

Last input never, output never, output hang never

Last clearing of “show interface” counters 00:09:56

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations  0/0/16 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 42 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

18 packets input, 8890 bytes

77 packets output, 27485 bytes

Bound to:

Virtual-Access1 is up, line protocol is up

Hardware is Virtual Access interface

MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Open

Stopped: CDPCP

Open: IPCP

PPPoE vaccess, cloned from Dialer1

Vaccess status 0×44, loopback not set

Keepalive set (10 sec)

DTR is pulsed for 5 seconds on reset

Interface is bound to Di1 (Encapsulation PPP)

Last input 00:00:08, output never, output hang never

Last clearing of “show interface” counters 00:04:29

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

76 packets input, 9688 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

88 packets output, 27611 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

It is shown that the MTU is 1492. Lets configure the MTU size at the dialer interface.

R4(config)#interface Dialer1

R4(config-if)# ip mtu 1492

Test ping again…

4#ping 155.1.146.6 size 2000

Type escape sequence to abort.

Sending 5, 2000-byte ICMP Echos to 155.1.146.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/16 ms

R4#

And it is working. Well, this is how PPPoE is configured, i hope this will help you when you configuring it.

While i was configuring the BGP VPN section i got the following error.

R6(config-router)# neighbor 150.1.4.4 remote-as 100

R6(config-router)# neighbor 150.1.4.4 update-source Loopback0

R6(config-router)# address-family vpnv4

R6(config-router-af)#  neighbor 150.1.4.4 activate

R6(config-router-af)#  neighbor 150.1.4.4 send-community extended

R6(config-router-af)# exit-address-family

*Mar  1 02:08:59.455: %BGP-5-ADJCHANGE: neighbor 150.1.4.4 Up

*Mar  1 02:08:59.463: %BGP-4-VPNV4NH_MASK: Nexthop 150.1.6.6 may not be reachable from neigbor 150.1.4.4 – not /32 mask

Then, i did not mind the error (highlighted in bold) and carried on with configurations. At the end, i had a full working network with proper routing updates in the MPLS-VPN plan. But no traffic is going. I had to troubleshoot many things. Till the end, i decided to re-configure the routers all over. Then i noticed the error. decided to fix it. Changed the loopback address from /24 to /32. The moment i did that, the traffic started passing.

What i learned, is that “Don’t ignore any messages the IOS gives you while configuring”

This is one of the nice features that i just discovered yesterday. It is the ability to make sure an end-to-end frame-relay connectivity between Cisco routers.

In the local router, we can see the PVC status.

Rack1R3#show frame-relay pvc

PVC Statistics for interface Serial1/0 (Frame Relay DTE)

Active     Inactive      Deleted       Static

Local          1            0            0            0

Switched       0            0            0            0

Unused         3            0            0            0

Rack1R3#conf t

Rack1R3(config)#map-class frame-relay END-END

Rack1R3(config-map-class)#frame-relay end-to-end keepalive mode bidirectional

Rack1R3(config-map-class)#exit

Rack1R3(config)#int serial 1/0.1

Rack1R3(config-subint)#frame-relay class END-END

Rack1R3(config-subint)#end

Rack1R3#

Rack1R3#show frame-relay end-to-end keepalive

End-to-end Keepalive Statistics for Interface Serial1/0 (Frame Relay DTE)

DLCI = 305, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP)

SEND SIDE STATISTICS

Send Sequence Number: 34,       Receive Sequence Number: 35

Configured Event Window: 3,     Configured Error Threshold: 2

Total Observed Events: 37,      Total Observed Errors: 0

Monitored Events: 3,            Monitored Errors: 0

Successive Successes: 3,        End-to-end VC Status: UP

RECEIVE SIDE STATISTICS

Send Sequence Number: 34,       Receive Sequence Number: 33

Configured Event Window: 3,     Configured Error Threshold: 2

Total Observed Events: 36,      Total Observed Errors: 0

Monitored Events: 3,            Monitored Errors: 0

Successive Successes: 3,        End-to-end VC Status: UP

So after various troubleshooting. It was concluded that these log messages were nothing but cosmetic. Meaning although they are showing, they don’t change the behavior of the operation. It was stated that the bug causing this is CSCsa83049.

duplicate ip addr message seen on tunnel due to ARP entry not aged out

A mGRE tunnel on a sup720 may report ARP entries that never age out. This can happen when a mobile node sends a unicast ARP directed to the default gateway, a.k.a sup720. These entries are not used by the switch to make a forwarding decision therefore can be ignored. Workaround: Clear the ARP table using the “clear arp” command. Solution: – A solution to prevent the tunnel from either receiving or learning the ARP entries is been investigated.

We have thought of using Automated “clear arp” using scripts. but, the issue is. “clear arp” will not work for cause we have bug CSCtf16300.

clear arp-cache is not working correctly

Symptom: “clear arp-cache” command is not removing the stale entries from arp table. Condition: -Use cat6500 on 12.2(18)SXF16 or later. Workaround: -Use “clear ip arp x.x.x.x” command.

The solution is to change the IOS. But we do required the (SFX) IOS version to run the WLSM.

Anywho, Cisco said that they are investigating and planning on resolving bug CSCsa83049 By end of July, start of Aug. We shall wait till then.

There are various things required to make things work. I would list them down here so they are easy to find. VMware Player, GNS3, Cisco router IOS, and VMware Olive (Google is your friend). Once you have all these, you are ready to start!

Running the VMware machine will be an easy task, but connecting the VMware Olive with Cisco in GNS3 is the one requiring some work. But with my guide, it should be as easy as 1,2 and 3.

After installing VMware Player, check for adapter settings in windows.

By default VMware player will install to VMware virtual Ethernet adapters, i’m not sure what are their numbers. but for my case, they were vmnet1 and vmnet8. These are significant to know how to connect VMware machine to Cisco router in GNS3.

Open the .vmx file in notepad. Here we can edit the fields in order to make VMware Olive machine use the virtual Ethernet adapters in windows.

The Olive VMware has three network interfaces, two are bridged and first one is in “costum” we change the adapter to the one to fit the Ethernet adapter in our network devices (from the first figure). I already highlighted it in red. Ethernet 0 will be reflected as interface em0 in Junos. ethernet1, and ethernet2 will be bridge on the virtual Interface, so you can connect to other Olive Machines to ethernet1, ethernet2 (em1, em2). my assumption is, if you want to connect say Olive1 and Olive 3 using em2 then you change ethernet2 in vmx file of both olive 1 and 3 to a bridge mode with a common adapter.

That is the topology i created for the simulation. basic two Juniper routers connected to a Cisco router. and the two Juniper routers are connected as well (virtually in VMware). It was tested, and pings were working.

In GNS3, add the VMware as a Cloud, of course the cloud will be not associated with the VMware Olive till you select the adapter that you set up in the vmx file. In a screen shot, you will see that i have Chosen Vmnet1 for this particular Olive.

Last step, would be to do the appropriate configurations in the Olives, and Cisco Router, here is the screenshot of the sample configuration i used to ping.

Don’t forget to add the following before you can commit any configuration into Juniper Router

set system root-authentication plain-text-password

Cisco’s Configuration as simple:

interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.1.10 255.255.255.252
duplex auto

Switch#show errdisable recovery
ErrDisable Reason            Timer Status
—————–            ————–
arp-inspection                       Disabled
bpduguard                             Disabled
channel-misconfig (STP)        Disabled
dhcp-rate-limit                     Disabled
dtp-flap                                 Disabled
gbic-invalid                           Disabled
inline-power                          Disabled
l2ptguard                               Disabled
link-flap                                Disabled
mac-limit                              Disabled
loopback                               Disabled
pagp-flap                              Disabled
port-mode-failure                 Disabled
pppoe-ia-rate-limit              Disabled
psecure-violation                 Disabled
security-violation                 Disabled
sfp-config-mismatch          Disabled
small-frame                         Disabled
storm-control                      Disabled
udld                                     Disabled
vmps                                    Disabled

Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
Switch#

Since, we have implemented port security, that we limited the number of mac addressed connected to a port (port-security). we wanted to make it possible to recover automatically.  we have added the following commands.

errdisable recovery cause psecure-violation

errdisable recovery interval 14400

This will insure that the port will be automatically up in 4 hrs. which is good enough to shut down the port so the user knows he is doing something wrong. and short enough that it will recover in time so it will not be required for him to contact the administrators.

here is the output as can be seen from the switch after adding the commands.

ErrDisable Reason    Timer Status
—————–    ————–
udld                               Disabled
bpduguard                     Disabled
security-violatio            Disabled
channel-misconfig        Disabled
vmps                             Disabled
pagp-flap                      Disabled
dtp-flap                        Disabled
link-flap                       Disabled
psecure-violation         Enabled
sfp-config-mismat      Disabled
gbic-invalid                 Disabled
dhcp-rate-limit           Disabled
unicast-flood              Disabled
storm-control             Disabled
loopback                    Disabled

Timer interval: 14400 seconds