Documente Academic
Documente Profesional
Documente Cultură
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel
Practical works manual 8AS 90200 1317 VA ZZA Ed.02 Edition 2004
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 1
1 2 3 4 5 6 7 8 9 10 11 12 13
DNS server : Server handling DNS server : New direct translation zone DNS server : Inverse translation zones DNS server : HostS declaration DNS server : Secondary zone DNS server : Roaming inter PLMN DNS server : Friendly apn name declaration DHCP server : Address pool APN configuration: IP backbone message analysys APN configuration: GRE tunneling APN configuration: NAT & PAT APN configuration: APN access via 2 GGSNs MNM-net configuration
Objective: to be able to :
w w
Display the current configuration of the DNS server Display the configuration files of the DNS server
w1- Restart the DNS process daemon In a terminal window type : Type: # /etc/rc.d/init.d/named restart
w3- .Verify that the DNS module is correctly configured : Verify that the dnsconf is on
n n
Resolver configuration
w4- .Go to Network configuration mode Click on <Host name and IP network device>
Host name : ... IP address : ...
Check :
the IP@ of Name Server search domain:
1 DNS server : Server handling Display the current Name Server configuration
w7- Server configuration Select tab : <Server tasks> w8- Edit the already created zones Select tab : <config> Select <domains>
A window appears : Primaries possibly displaying the created direct translation zones.
w9 Edit the already created inverse IP zones Select <IP reverse mappings>
n n
w10-Display the main DNS configuration files Start Linux file manager Display the file : /etc/named.conf
Where is the directory that homes the zone files? .. What is the file name of the root zone? ..
Display the directory : /var/named Display the various files Display the file : /var/named/named.ca
What is the role of this file?..
Session presentation
Objective: to be able to :
w
Add new direct translation primary zones. Operator group 1 : mnc111.mcc777.gprs Operator group 2 : mnc222.mcc777.gprs Operator group 3 : mnc333.mcc777.gprs Operator group 4 : mnc444.mcc777.gprs
l l l l
11
Characteristics
gprs
DNS-DHCP21
mcc777
mnc111
mnc222
mnc333
mnc444
DNS-DHCP1
DNS-DHCP2
DNS-DHCP1
DNS-DHCP2
12
Zone name :
Operator group 1 : mnc111.mcc777.gprs Operator group 2 : mnc222.mcc777.gprs Operator group 3 : mnc333.mcc777.gprs Operator group 2 : mnc444.mcc777.gprs
e-mail of the responsible of the zone: Operator group 1 : admin@mnc111.mcc777.gprs Operator group 2 : admin@mnc222.mcc777.gprs Operator group 3 : admin@mnc333.mcc777.gprs Operator group 4 : admin@mnc444.mcc777.gprs Period between two updates of the secondary server : 2 hours If there is no response to the secondary update request, the retry period will be : 30 minutes Delete zone of the secondary name server if no update during : 10 days Negative caching value: 1 hours Default TTL provided in the DNS response when the TTL is absent in a RR : 5 hours Mail box for the zone none Restriction to access to the zone : None Modification of the Primary server: Must be immediately notified to secondary
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 12
Create a zone
Note: do not end the zone domain name with .
13
w1- Start the LINUX configuration software In a terminal window type : # linuxconf&)
w2- Go to DNS configuration Select tab <Config> Select tab <Server tasks>
Click on <Domain name server (DNS)> Select tab <Config>
w3- .Add a new zone Click on <domains> Fill-in the various field according to the characteristics given at the beginning of the practical work. Click on <Accept> Quit the parent windows of the Linux configuration. w4- Complete the DNS tree at the beginning of the practical work, show the location of the Name server of your new created zone
n n n
Checks
#nslookup {to start nslookup in interactive mode} {to set the default server}
> mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot) }
>set deb >set d2 >mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot)
14
w5- Verify the generated file Check the updating of the DNS configuration file : /etc/named.conf
display the new zone file in the directory (/var/named ) and verify the Resource Records. (possibly, correct them) w6- Test the access to this new zone. From a computer connected to the IP backbone, in a terminal window, run nslookup (see annex for nslookup explanations) and send a Request for SOA Record over this zone.
Objective: to be able to :
w
15
NTP
e-mail of the responsible of the zone Operator group 1 : admin@mnc111.mcc777.gprs Operator group 2 : admin@mnc222.mcc777.gprs Operator group 3 : admin@mnc333.mcc777.gprs Operator group 4 : admin@mnc444.mcc777.gprs Period between two updates of the secondary server : 2 hours If there is no response to the secondary update request, the retry period will be : 30 minutes Delete zone of the secondary name server if no update during : 10 days Negative caching value: 1 hours Default TTL provided in the DNS response when the TTL is absent in a RR : 5 hours Mail box for the zone none Restriction to access to the zone : None Modification of the Primary server Must be immediately notified to secondary Subnet range No range
2NSGG
4. 4
4. .
.01.1.n
2. 2.
452.
NAL OI
1.
DS10 A
3. 3.
2. 2.
retuoR
452. 452.
1. 1.
2. 2.
DS10 B
1NSGG
012. 012.
3. 3.
enobkcaB PI
.1.1.n
1. 1.
1. 1.
452.
452. 452.
2. 2.
3. 3.
DS10 C
452. 452.
9n.168.2.
.03.1.n .03.1.n 5. 5.
1. 1.
DNS-DHCP1
retuoR
3. 3.
n.
DS10 n
NSGS
n. n.
16
gprs
mcc777
mnc111
mnc222
mnc333
mnc333
17
w1- Complete the DNS tree with the zones to be created w2- Start the LINUX configuration software in a terminal window type : # linuxconf&)
w3- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
Click on <Domain name server (DNS)> Select tab <Config>
w4- Add a new zone Click on <IP reverse mapping> Click on <Add> Fill-in the various fields Click on <Accept> w5- Quit the parent windows of the Linux ZZA Ed.02 Alcatel University - 8AS 90200 1317 VA configuration.
17
n n n
#nslookup
>zonename.in-addr.arpa. {to apply the domain name. Dont forbid the last dot) }
>set deb >set d2 >zonename.in-addr.arpa. {to apply the domain name. Dont forbid the last dot) }
18
w6- Verify the generated file Check the updating of the DNS configuration file : /etc/named.conf
display the new zone file in the directory (/var/named ) and verify the Resource Records. (possibly, correct them) w7- Test the access to this new zone. From a computer connected to the IP backbone, in a terminal window, run nslookup (see annex for nslookup explanations) and send a Request for SOA Record over this zone.
19
NTP
VT: n.1.102.2
Host domain name ggsn1 ggsn2 ggsn1-v Cisco router ggsn2-v ggsn12-v GGSN1 sgsn-r1B sgsn-r2B sgsn-r1
sgsn-r2 Default station-n Default interfaces. n: station number (a, b, c, ) Router-omc Default omc-ps apn1 apn2 apn1 Default Note 1 Note 1 Note 1
IP addresses of the OMC-Router physical interfaces IP address of the OMC-PS Reachable through GGSN1 only (use CNAME) Reachable through GGSN2 only (use CNAME) Reachable through GGSN1 and GGSN2 (use CNAME)
Note 1 : for training raison, TTL will get the value 10 secondes
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 20
2NSGG
4. 4
4. .
.01.1.n
2. 2.
452.
NAL OI
1.
DS10 A
3. 3.
2. 2.
retuoR
452. 452.
1. 1.
2. 2.
DS10 B
VT: n.1.101.1
1NSGG
012. 012.
3. 3.
enobkcaB PI
.1.1.n
1. 1.
1. 1.
452.
452. 452.
2. 2.
3. 3.
DS10 C
452. 452.
9n.168.2.
012. 012.
.03.1.n .03.1.n
5. 5.
1. 1.
DNS-DHCP1
retuoR
3. 3.
n.
DS10 n
512. 512.
DNS-DHCP2
NSGS
n. n.
20
21
w1- What should be the TTL value for the RRs concerning the Virtual template IP addresses? Response: ..
w2- Start the LINUX configuration software (# linuxconf&) w3- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
Click on <Domain name server (DNS)>, a window DNS configurator appears: Select tab <Add/edit>
w4- In the window Edit hosts by domain Select the zone to be modified w5- In the window hosts to edit, Click on <Add> w6- In the window Host or domain specification Enter the name of the host in front Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 of the zone name and Click <Accept> 21
n n
#nslookup
{to start nslookup in interactive mode} {to set the default server}
>server [IP@ of the name server] >set deb >set d2 >set type=A {to set on the debug}
>domain-name.mnc111.mcc777.gprs. {to apply the domain name. Dont forbid the last dot) } >set type=NS {to request the NS Resource Record} {to apply the domain name. Dont forbid the last dot) } >ls mnc11.mcc777.gprs. {to display the zone}
>mnc111.mcc777.gprs.
22
w7- In the window Host information Fill-in the IP address(es) corresponding to the domain name and the TTL value if different from the default
w8- Quit the Linux configuration mode w9- Verify the concerned file display the zone file (direct and inverse translation) in the directory : /var/named
w10- Test the DNS translation By means of nslookup, interrogate the DNS (advice: set the debug mode) Check the direct translation as well as reverse translation.
n n n
Objective: to be able to : Create secondary zones in a second Name Server for all created zones
23
gprs
mcc777 mnc222
Primary zone for PLMN mnc111.mcc777 Primary zone for PLMN mnc333.mcc777 Secondary zone for PLMN mnc222.mcc777 Secondary zone for PLMN mnc444.mcc777
mnc333 mnc444
Primary zone for PLMN mnc222.mcc777 Primary zone for PLMN mnc444.mcc777 Secondary zone for PLMN mnc111.mcc777 Secondary zone for PLMN mnc333.mcc777
DNS-DHCP1
w1- Start protocol analyser on the DNS server (primary or secondary) w2- Start the LINUX configuration software ( # linuxconf& ) w3- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
DNS-DHCP2
24
n n
Click on <Domain name server (DNS)>, a window DNS configurator appears: Click on <secondary>
25
w5- In the window Secondary specification Fill in the necessary fields Click on <Accept>
w6-Quit the Linux configuration mode w7- Stop and display the trace on the protocol analyser. Explain the procedure.
Note: To replay the dialog between servers, you can restart the secondary server. w8- Display the the DNS configuration file (/etc/named.conf) as well as secondary zones (directory: /var/named/sec ). From the menu secondary zone of Linuxconf, how can we know if the secondary has been updated ?
w9- Start a capture on your protocol analyser and add a new RR in the Primary zone. Check if the update of the secondary is immediate? If not, check the set of notification tag. Describe the notification procedure.
w10- With nslookup, submit the secondary zone a domain name translation.
n n
Session presentation
Objective: to be able to :
w
27
Characteristics
FPLMN mncxxx.mccyyy.gprs
FPLMN mnczzz.mccnnn.gprs
28
. dna :sniamod eht rof ylno tub ,sredrawrof osla era SND lanretxE (NMLPF owt ehT n .SND XRG owt eht era sredrawrof tluafed eht n ,elpmaxe siht nI ,SND evals dna yramirp NMLPH roF
mnc001.mcc123.gprs)
mnc001.mcc123.gprs
mnc0001.mcc0123.gprs
Forwarder configuration
29
Only two groups of operators working on DNS-DHCP1 and DNS-DHCP2 w1- Start the LINUX configuration software (# linuxconf&)
w2- Go to DNS configuration Select tab <Config> Click on <Networking> Select tab <Server tasks>
Click on <Domain name server (DNS)>, a window DNS configurator appears:
w3- Select Forwarder Enter the IP addresses of the GRX DNS servers
w4- Select Forward zones Enter the concerned domain name Enter IP addresses of the concerned FPLMN DNS servers
n n n n
Session presentation
Objective: to be able to :
w
31
gprs
<subnet2>
mcc777
mnc111 mnc222
32
wCharacteristics : Note : Normally, only one Friendly apn name per PLMN for training raison Operator group 1 : apn1.fr.gprs. Operator group 2 : apn2.ca.gprs. Operator group 3 : apn3.uk.gprs. Operator group 4 : apn1.cn.gprs.
w1- Set correctly this domain name in the DNS tree. Draw the zone to be created. w2- Perform all the essential operations to get this friendly domain name available. w3- Carry out tests to check the correct operation
n n
Session presentation
34
35
wNetwork number Operator group 1 : 11.11.11.0 / 24 Operator group 2 :22.22.0.0/16 Operator group 3 : 33.33.33.0/24 Operator group 4 : 44.44.0.0/16 wPool characteristics Operator group 1 :100 IP@ available for MS from 11.11.11.1 with the IP@ 11.11.11.50 excluded of the pool Operator group 2 : 1000 IP@ available for MS from 22.22.0.1 with the IP@ 22.22.0.50 excluded of the pool Operator group 3 : 100 IP@ available for MS from 33..33.33.1 with the IP@ 11.11.11.50 excluded of the pool Operator group 4 : 1000 IP@ available for MS from 44.44.0.1 with the IP@ 22.22.0.50 excluded of the pool wLease time allocated to the client if it does not require any lease time wMaximum lease time allocated to a client which requires a lease time wInformation provided in the response Netmask Operator group 1 Operator group 2 Operator group 3 Operator group 4 255.255.255.0 255.255.0.0 255.255.255.0 255.255.0.0 DNS IP address 11.11.11.50 22.22.22.50 33.33.33.50 44.44.44.50 1 hour 8 hours
36
w1- Start the LINUX configuration software in a terminal window type : # linuxconfig &) a window appears hostname: Linuxconf
w3- Fill-in the various fields according to defined characteristics Note: if the pool is composed of several ranges of IP addresses within the same subnet : enter one range, click on <accept>, then select the just created subnet, introduce the next range, and so on. w4- Quit all parent windows w5- In the window status of the system, click on <Do it>
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 36
n n n n
File : /etc/dhcpd.conf
37
w6- Check the DHCP configuration file Start a file manager Display the file : /etc/dhcpd.conf
Session presentation
Objective: to be able to : Create an APN in order to analyse the protocols (DNS, DHCP, GTP) on Gn interface. .
Each operator group create an APN TEST-g11 (group1 on GGSN1) TEST-g22 (group2 on GGSN2) TEST-g31 (group3 on GGSN1) TEST-g42 (group4 on GGSN2)
l l l l l
39
SGSN IP backbone
tenartnI
GGSN1
172.16.11.251
wDHCP IP@ pool Private pool from 172.16.11.2/24 to 172.16.11.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.11.252 Secondary DNS : 172.16.11.253 Domain : Intra-g11.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.11.251 (loopback interface of GGSN1
1 PCHD/SND
n n n n n n n n n n n
40
IP backbone
interface Loopback
description IP@ used as called address by TEST-g11
router ospf1
network 41
w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers. Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-1 w4- Create the APN configuration in the GGSN1 w5- Display the routing table and save it for future comparison
1NSGG
SN D
1PCHD
10.1.1.101
24
Switch 3Com
f
6
10.1.1.210 Analyser (DNS/DHCP1 server)
42
w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. So, all messages will use the interface 10.1.1.101 Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server (see procedure further) . Start the analyser on the of the DNS-DHCP1-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g11 of the GGSN1 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 42
n n n
SGSN IP backbone
tenartnI
GGSN2
172.16.22.251
wDHCP IP@ pool Private pool from 172.16.22.2/24 to 172.16.22.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.22.252 Secondary DNS : 172.16.22.253 Domain : Intra-g22.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.22.251 (loopback interface of GGSN1
2 PCHD/SND
n n n n n n n n n n n
44
IP backbone
interface Loopback
description IP@ used as called address by TEST-g22
router ospf1
network 45
w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers. Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-2 w4- Create the APN configuration in the GGSN2 w5- Display the routing table and save it for future comparison
2NSGG
SN D
1PCHD
http://10.1.10.250
10.1.10.102
24
Switch 3Com
f
6
10.1.10.210 Analyser (DNS/DHCP2 server)
46
w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.1.102 of the GGSN1 leading to IP backbone 1. So, all messages will use the interface 10.1.10.102 Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP21-server (see procedure further) . Start the analyser on the of the DNS-DHCP2-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g22 of the GGSN2 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 46
n n n
SGSN IP backbone
tenartnI
GGSN1
172.16.31.251
wDHCP IP@ pool Private pool from 172.16.31.2/24 to 172.16.31.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.31.252 Secondary DNS : 172.16.31.253 Domain : Intra-g31.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.31.251 (loopback interface of GGSN)
1 PCHD/SND
n n n n n n n n n n n
47
IP backbone
interface Loopback
description IP@ used as called address by TEST-g31
router ospf1
network 48
w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers . Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-1 w4- Create the APN configuration in the GGSN1 w5- Display the routing table and save it for future comparison
1NSGG
SN D
1PCHD
10.1.1.101
24
Switch 3Com
f
6
10.1.1.210 Analyser (DNS/DHCP1 server)
49
w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. So, all messages will use the interface 10.1.1.101 Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server (see procedure further) . Start the analyser on the of the DNS-DHCP1-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g31 of the GGSN1 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 49
n n n
SGSN IP backbone
tenartnI
GGSN2
172.16.42.251
wDHCP IP@ pool Private pool from 172.16.42.2/24 to 172.16.42.100/24 Additional informations provided by DHCP: Primary DNS: 172.16.42.252 Secondary DNS : 172.16.42.253 Domain : Intra-g42.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.16.42.251 (loopback interface of GGSN1)
2 PCHD/SND
n n n n n n n n n n n
50
IP backbone
interface Loopback
description IP@ used as called address by TEST-g42
router ospf1
network 51
w1- Prepare your work and fill in the diagram on the next page w2-Configure the Name Servers . Apply a TTL= 1 minute to the APN domain name for training raison only. w3- Configure IP address pool in DHCP-2 w4- Create the APN configuration in the GGSN2 w5- Display the routing table and save it for future comparison
1NSGG
SN D
1PCHD
http://10.1.10.250
10.1.10.102
24
Switch 3Com
f
6
10.1.10.210 Analyser (DNS/DHCP2 server)
52
w6- To facilitate the capture of frames (GTP, DHCP), disconnect the interface 10.1.1.102 of the GGSN1 leading to IP backbone 1. So, all messages will use the interface 10.1.10.102 Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP21-server (see procedure further) . Start the analyser on the of the DNS-DHCP2-server with a display filter to see only GTP, DNS and Bootp protocols. w7- Activate the debug DHCP on the GGSN1 #debug gprs dhcp detail #terminal monitor w8- Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry. Analyse the debug messages Analyses the protocols on various analysers w9- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many new entries in the routing table (show ip route) w10- Make a route aggregation in the apn : Test-g42 of the GGSN2 w11- Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp)
Alcatel University - 8AS 90200 1317 VA in the routing table (show ip route) How many new entries ZZA Ed.02 52
n n n
Session presentation
Each operator group create an APN Alcatel-g11 (group1 on GGSN1) Alcatel -g22 (group2 on GGSN2) Alcatel -g31 (group3 on GGSN1) Alcatel -g42 (group4 on GGSN2)
l l l l l
53
GGSN1
interface Loopback.. ip address . router ospf1 network . 255.255.255.0
VPN
ip cef
To GGSN2
DNS
Characteristics wAPN name Alcatel-g11 (operator Group 1- GGSN1) wGateway GGSN1 only wMS IP@
wDHCP IP@ pool Private pool from 172.17.11.2/24 to 172.17.11.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr
Lease time : 10 hours wVPN reference vpn_alcatel-g11 rd 101:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 54
tenretnI
n n n n n n n n n n n n
Alcatel
198.91.23.254 198.91.23.253 Tunnel GRE alcatel-g11
172.17.51.2
172.17.50.0/24
172.17.50.2
DNS
Public IP@
54
55
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers
GGSN2
interface Loopback.. ip address . router ospf1 network .
VPN
ip cef
To GGSN1 172.17.50.3
DNS
165. 32.15.254
172.17.50.1 172.17.50.254
Characteristics wAPN name Alcatel-g22 (operator Group 2- GGSN2) wGateway GGSN2 only wMS IP@
wDHCP IP@ pool Private pool from 172.17.22.2/24 to 172.17.22.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr
Lease time : 10 hours wVPN reference vpn_alcatel-g22 rd 102:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 56
tenretnI
n n n n n n n n n n n n
Alcatel
198.91.23.254 198.91.23.253 Tunnel GRE alcatel-g22
172.17.51.10
172.17.50.0/24
172.17.50.2
DNS
Public IP@
56
57
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers
GGSN1
interface Loopback.. ip address . router ospf1 network .
Private IP@
172.17.31.2
to
172.17.31.100
VPN
ip cef
165.32.15.4
analyser
Characteristics wAPN name Alcatel-g31 (operator Group 3- GGSN1) wGateway GGSN1 only wMS IP@
wDHCP IP@ pool Private pool from 172.17.31.2/24 to 172.17.311.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr
Lease time : 10 hours wVPN reference vpn_alcatel-g31 rd 103:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 58
tenretnI
198.91.23.254
172.17.50.0/24
172.17.50.2
DNS
58
n n n n n n n n n n n n
59
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers
GGSN2
interface Loopback.. ip address . router ospf1 network .
VPN
ip cef
To GGSN1 172.17.50.3
DNS
172.17.50.1 172.17.50.254
Characteristics wAPN name Alcatel-g42 (operator Group 4- GGSN2) wGateway GGSN2 only wMS IP@
wDHCP IP@ pool Private pool from 172.17.42.2/24 to 172.17.42.100/24 Additional Information provided to MS: Primary DNS : 172.17.50.1 Secondary DNS : 172.17.50.2 Domain: alcatel.fr
Lease time : 10 hours wVPN reference vpn_alcatel-g42 rd 104:1 wGi interface GRE Tunnelling over Internet wConnection parameters See diagram above wNote : Take care of subnet mask for tunnels because the other groups uses the same physical link for Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 their GRE tunnels 60
tenretnI
198.91.23.254 198.91.23.253
172.17.50.0/24
172.17.50.2
DNS
60
n n n n n n n n n n n n
61
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface and on a PC of Alcatel network w6.From GGSN, ping a PC of Alcatel network (the ping must use the routing table of the vpn: #ping vrf .) and analyse the trace on various analysers. w7.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w8.Test the correct operation. Analyse the protocols on various analysers
Session presentation
Objective: to be able to : Create an APN leading to Internet and using NAT function
Each operator group create an APN Internet-g11 (group1 on GGSN1) Internet-g22 (group2 on GGSN2) Internet-g31 (group3 on GGSN1) Internet-g42 (group4 on GGSN2)
l l l l l
63
Private IP@
172.18.11.2 to 172.18.11.100
ip nat inside
interface FastEthernet.. ip address 165.32.15.1 255.255.255.0 ip nat ..
165.32.15.1
165.32.15.4
Analyzer Public IP@ 165. 32.15.254
To GGSN2
198.91.23.254 Tunnel
to
Intranet
Characteristics wAPN name Internet-g11 wGateway GGSN1 only wMS IP@ Dynamic, provided by DHCP1-server wDHCP IP@ pool
Private pool from 172.18.11.2/24 to 172.18.11.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6
Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.1 to 165.32.16.3 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1
1 NSGG
interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .
198.91.23.1
198.91.23.253
tenretnI
n n n n n n n n n n
Alcatel (Intranet)
64
65
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN1 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
65
Private IP@
172.18.22.2 to 172.18.22.100
ip nat inside
interface FastEthernet.. ip address 165.32.15.2 255.255.255.0 ip nat ..
165.32.15.2
165.32.15.4
Analyzer Public IP@ 165. 32.15.254
To GGSN1
198.91.23.254 Tunnel
to
Intranet
Characteristics wAPN name Internet-g22 wGateway GGSN2 only wMS IP@ Dynamic, provided by DHCP2-server wDHCP IP@ pool
Private pool from 172.18.22.2/24 to 172.18.22.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6
Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.9 to 165.32.16.11 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1
2 NSGG
interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .
198.91.23.1
198.91.23.253
tenretnI
n n n n n n n n n n
Alcatel (Intranet)
66
67
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-2 w3.Create the configuration in the GGSN2 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN2 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
67
Private IP@
172.18.31.2 to 172.18.31.100
ip nat inside
interface FastEthernet.. ip address 165.32.15.1 255.255.255.0 ip nat ..
165.32.15.1
165.32.15.4
Analyzer Public IP@ 165. 32.15.254
To GGSN2
198.91.23.254 Tunnel
to
Intranet
Characteristics wAPN name Internet-g31 wGateway GGSN1 only wMS IP@ Dynamic, provided by DHCP1-server wDHCP IP@ pool
Private pool from 172.18.31.2/24 to 172.18.31.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6
Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.5 to 165.32.16.7 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1
1 NSGG
interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .
198.91.23.1
198.91.23.253
tenretnI
n n n n n n n n n n
Alcatel (Intranet)
68
69
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-1 w3.Create the configuration in the GGSN1 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.1.0 to have the mirroring of the port connected to the GGSN1 (Interface 10.1.1.101) towards the port of the DHCP1-server. Disconnect the interface 10.1.10.101 of the GGSN1 leading to IP backbone 2. Start the analyser on the of the DHCP1-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN1 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
69
Private IP@
172.18.42.2 to 172.18.42.100
ip nat inside
interface FastEthernet.. ip address 165.32.15.2 255.255.255.0 ip nat ..
165.32.15.2
165.32.15.4
Analyzer Public IP@ 165. 32.15.254
To GGSN1
198.91.23.254 Tunnel
to
Intranet
Characteristics wAPN name Internet-g42 wGateway GGSN2 only wMS IP@ Dynamic, provided by DHCP2-server wDHCP IP@ pool
Private pool from 172.18.42.2/24 to 172.18.42.100/24 Additional informations provided by DHCP: Primary DNS server : 195.5.5.5 Secondary DNS server :196.6.6.6
Lease time : 10 hours wGi interface NAT Public IP@ pool 165.32.16.13 to 165.32.16.15 wConnection parameters See diagram above wInternet IP@ for testing 198.91.23.1
2 NSGG
interface Loopback description giaddr for apn router ospf1 network interface Virtual-Template1 description Virtual Interface GTP ip address loopback 1 ip nat .
198.91.23.1
198.91.23.253
tenretnI
n n n n n n n n n n
Alcatel (Intranet)
70
71
w1.Configure the DNS. Apply a TTL= 1 minute to the APN domain name for training raison only. w2.Configure the DHCP-2 w3.Create the configuration in the GGSN2 w4.Make the connections, configure PCs and other routers. w5.Start the analyser on the Gi interface w6.Configure the 3com Switch of the IP backbone 10.1.10.0 to have the mirroring of the port connected to the GGSN2 (Interface 10.1.10.102) towards the port of the DHCP2-server. Disconnect the interface 10.1.1.102 of the GGSN2 leading to IP backbone 1. Start the analyser on the of the DHCP2-server with a display filter to see only GTP, DNS and Bootp protocol. w7.Activate the debug ip nat on the GGSN2 w8.Test the correct operation with a script test simulating only one MS. Display the activated PDP contexts (shpdp) Display the routing table (show ip route). What is the new entry? Display the NAT translation table (show ip nat translation) Analyses the protocols on various analysers w9.Test the correct operation with a script test simulating several MS. How many activated PDP contexts. (shpdp) How many MS can access to Internet (show ip nat translation), perform a debug ip nat details w10. Implement the PAT function. w11.Test the correct operation of PAT with a script test simulating several MS. Display the NAT translation table (show ip nat translation). Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
71
Session presentation
Each operator group create an APN apn-g1 (group1) apn-g2 (group2) apn-g3 (group3) apn-g4 (group4)
l l l l l
72
SGSN
wDHCP IP@ pool Private pool from 172.30.0.2/16 to 172.30.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.30.255.252 Secondary DNS : 172.30.255.253 Domain : group1.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.30.0.1 (loopback interface of GGSN1also used as giaddr)
2 PCHD/SND
1 PCHD/SND
172.30.0.1
n n n n n n n n n n n
router ospf1
router ospf1
2NSGG
75
1NSGG
SGSN
wDHCP IP@ pool Private pool from 172.31.0.2/16 to 172.31.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.31.255.252 Secondary DNS : 172.31.255.253 Domain : group2.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.31.0.1 (loopback interface of GGSN1also used as giaddr)
2 PCHD/SND
1 PCHD/SND
172.31.0.1
n n n n n n n n n n n
router ospf1
router ospf1
2NSGG
77
1NSGG
SGSN
wDHCP IP@ pool Private pool from 172.32.0.2/16 to 172.32.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.32.255.252 Secondary DNS : 172.32.255.253 Domain : group3.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.32.0.1 (loopback interface of GGSN1also used as giaddr)
2 PCHD/SND
1 PCHD/SND
172.32.0.1
n n n n n n n n n n n
router ospf1
router ospf1
2NSGG
79
1NSGG
SGSN
wDHCP IP@ pool Private pool from 172.33.0.2/16 to 172.33.255.250/16 Additional informations provided by DHCP: Primary DNS: 172.33.255.252 Secondary DNS : 172.33.255.253 Domain : group4.com
Lease time : 10 hours wGi interface Not used , the IP@ destination will be created inside the GGSN (loopback interface) wCalled IP address 172.33.0.1 (loopback interface of GGSN1also used as giaddr)
2 PCHD/SND
1 PCHD/SND
172.33.0.1
n n n n n n n n n n n
router ospf1
router ospf1
2NSGG
81
1NSGG
Objective: to be able to configure and manage GPRS IP backbone from NNM-net of OMC-PS program: 1 2 3 4 5 6 7 8 9 Configure auto-discovery Perform a first discover Extend the discovery Move symbols through the various submaps Test device reachability Display device configuration Display performances Browse the GGSN MIB Collect performances
83
l l l l l l l l l
84
Note : The trainer delete all devices of the NNM-net NNM-NET> double click on icon Internet > Edit > Delete >From All Submap > OK With vi editor, in the file /etc/opt/OV/share/conf/seedfile, delete all lines With vi editor, in the file /etc/opt/OV/share/conf/netmon.noDiscover, write down a # at the beginning of the line *.*.*.* ______________________________________________________________________________________ _ w1- Start NNM-Net w2- Double click on icon Internet
No auto discovery. Why?
w3- Display netmon.noDiscover Start a Terminal, login as su (default password : install10) # more /etc/opt/OV/share/conf/ntemon.noDiscover w4- Operator group 2 only - Configure netmon.noDiscover to allow the auto-discover of all devices. With vi editor, in the file /etc/opt/OV/share/conf/ntemon.noDiscover, delete the # at the beginning of the line *.*.*.* w5- Operator group 2 only - Restart OV Stop OV /opt/OV/bin/ovstop netmon delete all devices in the submap, select all symbols
Alcatel tart OV - 8AS 90200 1317 VA ZZA Ed.02 SUniversity 84
n n n n n n
/opt/OV/bin/ovstart netmon
a C
85
w1- Display the network where OMC-PS is connected to. Double click on icon Internet (a) a submap displays the network where OMC-PS is connected to.
Display the legend Help > Display legend > operational Status Colors (use help on the window to get more information) Help > Display legend > Administrative Status Colors (use help on the window to get more information) w2- Perform a zoom on the network Double click on the icon representing the network where OMC-PS is connected to. (b) Double click on the icon representing the LAN segment where OMC-PS is connected to. (c) A submap displays the IP devices connected to this LAN. w3- Modify the label of symbol : Operator group 1 : CiscoWorks Operator group 2 : Mgt_Lan Operator group 3 : SGSN_craft1 Operator group 4 : SGSN_craft2 To modify the name assigned to symbols representing an IP device
n n n n n n
Knowing the theory can you imagine what is the meaning of white color for icon? .. Why these icons are white?.
vi netmon.noDiscover
vi seedfile
a
86
w1- Opertor group 3 only - Extend the discovery Start a Terminal, login as su (default password : install10) With vi editor, in the file /etc/opt/OV/share/conf/seedfile (a) add at least one router of each network to be discovered w2- Opertor group 3 only - Restart OV Stop OV /opt/OV/bin/ovstop netmon delete all devices in the submap, select all symbols Start OV /opt/OV/bin/ovstart netmon w3- Check the correct discovery w4- Opertor group 4 only - Prevent the discovery of the LSN (1.1.1.0, 2.2.2.0, loopbacks, MS IP@ pool) Start a Terminal, login as su (default password : install10) With vi editor, in the file /etc/opt/OV/share/conf/ntemon.noDiscover (b) add netid of these networks Stop OV /opt/OV/bin/ovstop netmon delete all devices in the submap, select all symbols
Alcatel the correct operation w5- Check University - 8AS 90200 1317 VA ZZA Ed.02 86
n n n n n n n n n n
87
w1- Each operator group creates a new map Map > Maps > New the name will be GROUPn w2- Arrange the location of the various devices and networks Move to Internet submap drag and drop symbols to the correct position Keep this arrangement View > Automatic Layout > Off For This Submap w3- In order to have a complete view of all objects of the CN backbone (SGSN stations, OMC-PS, CG, PCcraft, links, ) in only one submap, add objects in the Internet submap. Zoom to various submaps, Select object(s) (press <Ctl> key to select several objects)
n n n n n n n n
Drag and drop objects to the correct location. Draw the connections Edit > Add Connection
Select a connection class Select a connection subclass Click on the source symbol of this link then, click on the destination symbol A Add Object window appears. Enter Selection Name. To know the correct name of a link, go to submap where the symbol has been copied, select the link then click right > Describe/Modify object select the Selection name go back to the add object window and past the selection name (middle button) a Warning message indicate that selection name already exist. Click OK
88
w1- Test reachability from OMC-PS select a router Fault > Ping select a station of SGSN server Fault > Ping w2- Test IP/TCP/SNMP select a device Fault > Test IP / TCP / SNMP w3- Test network connectivity of a device select a device Fault > Network Connectivity: Poll Node
w4- Trace the route between devices Fault > Locate Route : via SNMP enter the IP@ of the source device managing SNMP (e.g. OMC-PS IP@) in From Name or IP Address enter the IP@ of the remote device (e.g. station of sgsn server) in To Name or IP Address
n n n n n
89
w1- Display information about system Select a router Configuration > System Information When was the last reboot ? w2- Display information about network Select a router Configuration > Network configuration Display Addresses Display Routing Table Display ARP Cache Display Services
n n n n
90
w1- Perform Statistics on the interfaces and on their traffic Select an SNMP device (router, DNS/DHCP, ) Performance > Network Activity > Interface Statistics Performance > Network Activity > Interface Traffic
91
w1- Display interfaces by means of SNMP browser Select a router Misc > SNMP MIB Browser Select : mgmt > mib-2 > interfaces > ifTable > ifEntry > ifDescr Click on Describe, what is the Object ID in the MIB? ..
w2- Display ARP table by means of SNMP browser Select a router Misc > SNMP MIB Browser Select : iso. org. dod. Internet. mgmt. mib-2. Ip. pNetToMediaTable. ipNetToMediaEntry ipNetToMediaPhysAddess Click on Start Query w3- Display APN configuration of a GGSN Select a GGSN Misc > SNMP MIB Browser Select : iso. org. dod. Internet. Privat. Entreprises. Cisco. ciscoMgmt. ciscoGprsAccPtMib. ciscoGprsAccPtMBObjects. ciscoGprsAccPtConfig. cgprsAccPtTable. cgprsAccPtEntry. cgprsAccPtName Click on Start Query perform a Start Query of the other MIB object ID of the APN Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
n n n n n n n n n
Close
91
The GGSN is a generic IP device (standard router functions), implementing GPRS functions. As a consequence, GGSN supports both MIB's of a generic IP device and GPRS MIB's. CISCO-GTP-MIB, CISCO-GGSN-MIB, CISCO-GGSN-QOS-MIB, CISCO-GPRS-ACC-PT-MIB and CISCO-GPRSCHARGING-MIB are specific GPRS MIBs. w1- Select MIB counters. From NNM view Options (a) ->Data Collection & thresholds: SNMP (b) (a window Data Collection & thresholds appears) Edit->Add->MIB objects (c) (a window Data Collection & thresholds : MIB object selection appears)
Navigate in the MIB to select the desired MIB object ID of the requested counter: (d)
.iso.org.dod. internet. private. enterprises. cisco. ciscoMgmt. ciscoGprsAccPtMib. ciscoGprsAccPtMBObjects. ciscoGprsAccPtStatistics. cgprsAccPtStatisticsTable. cgprsAccPtMsActivatedPdps Click on Describe . What is the function of this counter? . Click on Apply (e) (a window Add cgprsCollection for appears ) see next page
f g h i
93
w1- Configure the collection. from the window Add cgprsCollection for
Source : enter the VT ip@ of GGSN then Add . Repeat for the second GGSN (f) Collection Mode : Store, No Thresholds (g) Polling Interval : 15m (h) Instances: All (means all APNs) ( i ) OK ( j )
w2- Repeat these operations (select MIB counters and Configure the collection) for the counter : (d- j) .iso.org.dod. internet. private. enterprises. cisco. ciscoMgmt. ciscoGprsAccPtMib. ciscoGprsAccPtMBObjects. ciscoGprsAccPtStatistics. cgprsAccPtStatisticsTable. cgprsAccPtSuccMsActivatedPdps
What is the function of this counter?
w3- Save and start the collection. From window Data Collection & thresholds : SNMP ) File > Save (k)
wGenerate a GPRS nominal traffic during over one day (attach, activate, PDU traffic, detach...)
94
w1- Deactivate the collection of observations . From the window Data Collection & thresholds Select MIB objects (a) (use <ctrl> key to select several objects) Actions (b) -> Suspend Collection (c)
w2- Display these observations from SNMP Data Collector. From the window Data Collection & thresholds Select a MIB object Actions -> Show Data (d)
The counter values are displayed.
n n
LNS
Name :
Username :
GPRS
IP@ :
L2TP
Domain :..
Session ID :
RADIUS server
95
wCharacteristics : Given the following analysis trace of the Gi interface where L2TP has been implemented
n n
Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=0 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 128, Tunnel ID: 0, Session ID: 0, Ns: 0, Nr: 0 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (1) Start_Control_Request AVP Type Protocol Version Mandatory:True, Hidden:False, Length:8 Version: 1 Revision: 0 AVP Type Framing Capabilities Mandatory:True, Hidden:False, Length:10 ASYNC FRAMING: False SYNC FRAMING: False AVP Type Bearer Capabilities Mandatory:True, Hidden:False, Length:10 Analog Access: False Digital Access: False AVP Type Firmware Revision Mandatory:False, Hidden:False, Length:8 Firmware Revision: 4400 0x1130 AVP Type Host Name Mandatory:True, Hidden:False, Length:9 Host Name: nas AVP Type Vendor Name Mandatory:False, Hidden:False, Length:25 Vendor Name: Cisco Systems, Inc. AVP Type Assigned Tunnel ID Mandatory:True, Hidden:False, Length:8 Tunnel ID: 15708 AVP Type Receive Window Size Mandatory:True, Hidden:False, Length:8 Receive Window Size: 10000 AVP Type Challenge Mandatory:True, Hidden:False, Length:22 CHAP Challenge: ==========================================================================
Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 150, Tunnel ID: 15708, Session ID: 0, Ns: 0, Nr: 1 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (2) Start_Control_Reply AVP Type Protocol Version Mandatory:True, Hidden:False, Length:8 Version: 1 Revision: 0 AVP Type Framing Capabilities Mandatory:True, Hidden:False, Length:10 ASYNC FRAMING: False SYNC FRAMING: False AVP Type Bearer Capabilities Mandatory:True, Hidden:False, Length:10 Analog Access: False Digital Access: False AVP Type Firmware Revision Mandatory:False, Hidden:False, Length:8 Firmware Revision: 4384 0x1120 AVP Type Host Name Mandatory:True, Hidden:False, Length:9 Host Name: hgw AVP Type Vendor Name Mandatory:False, Hidden:False, Length:25 Vendor Name: Cisco Systems, Inc. AVP Type Assigned Tunnel ID Mandatory:True, Hidden:False, Length:8 Tunnel ID: 11868 AVP Type Receive Window Size Mandatory:True, Hidden:False, Length:8 Receive Window Size: 3000 AVP Type Challenge Mandatory:True, Hidden:False, Length:22 CHAP Challenge: AVP Type Challenge Response Mandatory:True, Hidden:False, Length:22 CHAP Challenge Response: ==========================================================================
Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=11868 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 42, Tunnel ID: 11868, Session ID: 0, Ns: 1, Nr: 1 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (3) Start_Control_Connected AVP Type Challenge Response Mandatory:True, Hidden:False, Length:22 CHAP Challenge Response: ========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=11868 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 70, Tunnel ID: 11868, Session ID: 0, Ns: 2, Nr: 1 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (10) Incoming_Call_Request AVP Type Assigned Session Mandatory:True, Hidden:False, Length:8 Assigned Session: 15 AVP Type Call Serial Number Mandatory:True, Hidden:False, Length:10 Call Serial Number: 4022 AVP Type Bearer Type Mandatory:True, Hidden:False, Length:10 Bearer Type: AVP Type Unknown Mandatory:False, Hidden:False, Length:22 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 12, Tunnel ID: 15708, Session ID: 0, Ns: 1, Nr: 2 Zero Length8AS 90200 1317 VA ZZA Ed.02 Bit message Alcatel University 98
========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=15 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 28, Tunnel ID: 15708, Session ID: 15, Ns: 1, Nr: 3 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (11) Incoming_Call_Reply AVP Type Assigned Session Mandatory:True, Hidden:False, Length:8 Assigned Session: 29 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=11868 Session Id=29 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 110, Tunnel ID: 11868, Session ID: 29, Ns: 3, Nr: 2 AVP Type Control Message Mandatory:True, Hidden:False, Length:8 Control Message Type: (12) Incoming_Call_Connected AVP Type Connect Speed Mandatory:True, Hidden:False, Length:10 Connect Speed: AVP Type Framing Type Mandatory:True, Hidden:False, Length:10 Framing Type: AVP Type Last Send LCP CONFREQ Mandatory:False, Hidden:False, Length:16 Last Sent LCP Conf REQ: AVP Type Last Received LCP CONFREQ Mandatory:False, Hidden:False, Length:16 Last Received LCP Conf REQ: AVP Type Proxy Authen ID Mandatory:False, Hidden:False, Length:8 Paorx Authen ID: AVP Type Proxy Authen Name Mandatory:False, Hidden:False, Length:13 Proxy Authen Name: AVP Type Proxy Authen Response Mandatory:False, Hidden:False, Length:9 Proxy Authen Response: AVP Type Proxy Authen Type Mandatory:False, Hidden:False, Length:8 Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 Proxy Authen Type: PPP PAP 99
========================================================================== Layer 2 Tunneling Protocol Packet Type: Control Message Tunnel Id=15708 Session Id=0 1... .... .... .... = Type: Control Message (1) .1.. .... .... .... = Length Bit: Length field is present .... 1... .... .... = Sequence Bit: Ns and Nr fields are present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 12, Tunnel ID: 15708, Session ID: 0, Ns: 2, Nr: 4 Zero Length Bit message ========================================================================== Radius Protocol Code: Access Request (1) Packet identifier: 0x16 (22) Length: 77 Authenticator Attribute value pairs t:NAS IP Address(4) l:6, Value:10.20.1.103 t:NAS Port(5) l:6, Value:6 t:NAS Port Type(61) l:6, Value:Virtual t:User Name(1) l:9, Value:"ms1@ppp" t:User Password(2) l:18, Value:"B\026}\144Geu\127i" t:Service Type(6) l:6, Value:Framed t:Framed Protocol(7) l:6, Value:PPP ========================================================================== Radius Protocol Code: Access Accept (2) Packet identifier: 0x16 (22) Length: 86 Authenticator Attribute value pairs t:Service Type(6) l:6, Value:Framed t:Framed IP Address(8) l:6, Value:10.0.0.15 t:Class(25) l:54, Value:"SBR-CL DN="MS1@PPP" AT="0" IP="10.0.0.15" SI="2429"\000" ========================================================================== Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=15708 Session Id=15 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 17, Tunnel ID: 15708, Session ID: 15 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: Password Authentication Protocol (0xc023) Data (5 bytes) 0 0201 0005 00 ..... ========================================================================== Alcatel University - 8AS 90200 1317 VA ZZA Ed.02
100
Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=11868 Session Id=29 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq. Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 11868, Session ID: 29 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Request (0x01) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 0.0.0.0 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=15708 Session Id=15 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq. Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 15708, Session ID: 15 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Nak (0x03) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 10.0.0.15 ========================================================================== Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=11868 Session Id=29 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Sequence Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 11868, Session ID: 29 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Request (0x01) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 10.0.0.15 ==========================================================================
Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 101
Layer 2 Tunneling Protocol Packet Type: Data Message Tunnel Id=15708 Session Id=15 0... .... .... .... = Type: Data Message (0) .1.. .... .... .... = Length Bit: Length field is present .... 0... .... .... = Seq. Bit: Ns and Nr fields are not present .... ..0. .... .... = Offset bit: Offset size field is not present .... ...0 .... .... = Priority: No priority .... .... .... 0010 = Version: 2 Length: 22, Tunnel ID: 15708, Session ID: 15 (Point-to-Point Protocol) Address: ff, Control: 03 Protocol: IP Control Protocol (0x8021) Code: Configuration Ack (0x02) Identifier: 0x00, Length: 10 Options: (6 bytes) IP address: 10.0.0.15
LNS
Session ID Message:
Session ID Message:
Session ID Message:
RADIUS Server
Session ID Message:
Session ID Message:
Session ID Message:
Session ID Message:
PC-NT: nslookup
SYNOPSIS nslookup [-option ...] [computer-to-find | - [server]] DESCRIPTION This diagnostic tool displays information from Domain Name System (DNS) name servers. Before using this tool, you should be familiar with how DNS works. Nslookup is available only if the TCP/IP protocol has been installed.
MODES Nslookup has two modes: interactive and non-interactive. If you only need to look up a single piece of data, use non-interactive mode. For the first argument, type the name or IP address of the computer to be looked up. For the second argument, type the name or IP address of a DNS name server. If you omit the second argument, the default DNS name server will be used. If you need to look up more than one piece of data, you can use interactive mode. Type a hyphen (-) for the first argument and the name or IP address of a DNS name server for the second argument. Or, omit both arguments (the default DNS name server will be used).
ls [option] dnsdomain [> file_name] | [>> file name] Lists information for a DNS domain. The default output contains computer names and their IP addresses. (When output is directed to a file, hash marks are printed for every 50 records received from the server.) ls [option] dnsdomain [> filename] | [>> filename] -t querytype Lists all records of the specified type. (For a description of querytype, see the set querytype topic.) -a Lists aliases of computers in the DNS domain. (It is a synonym for -t CNAME.) -d Lists all records for the DNS domain. (It is a synonym for -t ANY.) -h Lists CPU and operating system information for the DNS domain. (It is a synonym for -t HINFO.) -s Lists well-known services of computers in the DNS domain. (It is a synonym for -t WKS.) dnsdomain: DNS domain for which you want information. filename : Specifies a filename in which to save the output. (You can use the > and >> characters to redirect the output in the 8AS manner.) Alcatel University -usual 90200 1317 VA ZZA Ed.02 105
q q
-option ... Specifies one or more nslookup commands as a command-line option. For a list of commands, see Nslookup Commands. Each option consists of a hyphen (-) followed immediately by the command name and, in some cases, an equal sign (=) and then a value. For example, to change the default query type to host (computer) information and the initial timeout to 10 seconds, you would type: nslookup -querytype=hinfo -timeout=10 The command line length must be less than 256 characters. PARAMETERS help Displays a brief summary of nslookup commands. The ? is a synonym for the help command. help | ? computer-to-find Look up information for computer-to-find using the current default server or using server if specified. If computerto-find is an IP address and the query type is A or PTR, the name of the computer is returned. If computer-to-find is a name and does not have a trailing period, the default DNS domain name is appended to the name. (This behavior depends on the state of the set options: domains, srchlist, defname, and search.) To look up a computer not in the current DNS domain, append a period to the name. If you type a hyphen (-) instead of computer-to-find, the command prompt changes to nslookup interactive mode. server Use this server as the DNS name server. If you omit server, the default DNS name server is used.
PC-NT: nslookup
lserver dnsdomain Changes the default server to the specified DNS domain. Lserver uses the initial server to look up the information about the specified DNS domain. (This is in contrast to the server command, which uses the current default server.) Dnsdomain New DNS domain for the default server. Server dnsdomain Changes the default server to the specified DNS domain. Server uses the current default server to look up the information about the specified DNS domain. (This is in contrast to the lserver command, which uses the initial server.) dnsdomain New DNS domain for the default server. root Changes the default server to the server for the root of the DNS domain name space. Currently, the computer ns.nic.ddn.mil is used. (This command is a synonym for lserver ns.nic.ddn.mil.) The name of the root server can be changed with the set root command. set all Prints the current values of the configuration settings. Also prints information about the default server and computer (host). set [no]deb[ug] Turn debugging mode on or off. With debugging on, more information is printed about the packet sent to the server and the resulting answer. Default = nodebug. set [no]d2 Turn exhaustive debugging mode on or off. Essentially all fields of every packet are printed Default = nod2. set [no]def[name] If set, append the default DNS domain name to a single-component lookup request. (A single component is a component that contains no periods.) Default = defname. set do[main] =name Change the default DNS domain to the name specified. The default DNS domain name is appended to a lookup request depending on the state of the defname and search options. The DNS domain search list contains the parents of the default DNS domain if it has at least two components in its name. For example, if the default DNS domain is mfg.widgets.com, the search list is mfg.widgets.com and widgets.com. Use the set srchlist command to specify a different list. Use the set all command to display the list. Default = value from hostname. Name : New name for the default DNS domain. set q[uerytype] =value Changes the type of information query. More information about types can be found in Request For Comment (RFC) 1035. (The set type command is a synonym for set querytype.) Default = A. value A : computers IP address. ANY : All types of data. CNAME : Canonical name for an alias. GID : Group identifier of a group name. HINFO : Computers CPU and operating system type. MB : Mailbox domain name. MG : Mail group member. MINFO : Mailbox or mail list information. MR : Mail rename domain name. MX : Mail exchanger. Alcatel University - 8AS 90200 1317 VA ZZA Ed.02 NS : DNS name server for the named zone. 106
PC-NT: nslookup
PTR : Computer name if the query is an IP address, otherwise the pointer to other information. SOA : DNS domains start-of-authority record TXT : :Text information. UID : User ID. UINFO : User information. WKS : Well-known service description. set [no]rec[urse] If set, tells the DNS name server to query other servers if it does not have the information. Default = recurse. set ret[ry] =number Sets the number of retries. When a reply to a request is not received within a certain amount of time (changed with set timeout), the timeout period is doubled and the request is resent. The retry value controls how many times a request is resent before giving up. Default = 4. Number : New value for the number of retries. set ro[ot]=computer Changes the name of the root server. This affects the root command. Default = ns.nic.ddn.mil. Computer : New name for the root server. set [no]sea[rch] If set and the lookup request contains at least one period but does not end with a trailing period, append the DNS domain names in the DNS domain search list to the request until an answer is received. set [no]sea[rch] Default = search. Set srchl[ist] name1/name2/... Changes the default DNS domain name and search list. A maximum of 6 names separated by slashes (/) can be specified. This command overrides the default DNS domain name and search list of the set domain command. Use the set all command to display the list. Default = value based on hostname. name1/name2/...: New names for the default DNS domain and search list. For example : set srchlist=mfg.widgets.com/mrp2.widgets.com/widgets.com : sets the DNS domain to mfg.widgets.com and the search list to the three names. set ti[meout]=number Changes the initial number of seconds to wait for a reply to a request. When a reply to a request is not received within this time period, the timeout is doubled and the request is resent. (The number of retries is controlled with the set retry option.) Default = 5. Number : New value for the number of seconds to wait for a reply. view filename Sorts and lists the output of previous ls command(s). filename : Name of the file containing output from the previous ls command(s). exit Exits nslookup.
PC-NT: nslookup
Nslookup Notes Interactive Commands 1 2 3 4 5 Diagnostics If the lookup request fails, an error message prints. Possible errors are: Timed out The server did not respond to a request after a certain amount of time (changed with set timeout=value) and a certain number of retries (changed with set retry=value). No response from server No DNS name server is running on the server computer. No records The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command. Non-existent domain The computer or DNS domain name does not exist. Connection refused or Network is unreachable The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests. Server failure The DNS name server found an internal inconsistency in its database and could not return a valid answer. Refused The DNS name server refused to service the request. Format error The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup. To interrupt interactive commands at any time, type CTRL+C. To exit, type exit. The command line length must be less than 256 characters. To treat a built-in command as a computer name, precede it with the escape character (\). An unrecognized command is interpreted as a computer name.