CertificationZone Page 1 of 14
11/06/01
Date of Issue: 01-01-2000
Bridging Lab Scenarios
by David Wolsefer
Introduction
Scenario 1 - A LAT Challenge
Equipment
The Setup
Objectives
Solution
R4's Configuration
R6's Final Configuration
Scenario 2 - Troubleshooting IRB
Equipment
Objectives
The Setup
R1:
R2:
R3:
R4:
Hints
Bugs Revealed
Solution
R2 Final Configuration:
R3 Final Configuration:
R4 Final Configuration:
R1 Final Configuration:
Introduction
I developed these scenarios during my own preparation for the CCIE laboratory exam. The first scenario is designed
to demonstrate how to configure a LAT service and use both one and two step LAT translation. The second scenario

is a complex IRB scenario requiring the reader to troubleshoot numerous routers and illustrates a number of key
issues one might encounter when configuring both transparent bridging and IRB.
Scenario 1 - A LAT Challenge
Equipment
This scenario requires 3 routers and the proper version of IOS. I suggest you use Enterprise or Enterprise Plus IOS.
The actual routers I used were a 2511 for R1, a 2513 for R4, and a 2524 for R6.
The Setup
CertificationZone Page 2 of 14
11/06/01
Objectives
Disable IP routing on R6 and remove all IP addresses from R6. Enable LAT on the E0 interface of R6 and configure a
LAT service named CCIE. Verify using appropriate debug and show commands. Configure R4 to translate the
160.10.1.2 address to the LAT CCIE service. Verify one-step translation by Telnetting to 160.10.1.2 from R1. If the
translation is configured correctly, you will find yourself at R6 as seen below:
r1#160.10.1.2
Trying 160.10.1.2 ... Open
Trying CCIE...Open
Notice that you in effect Telnetted to R4, where one-step translation LATed you to R6.
Now try two-step translation. Telnet into R4 and then LAT to CCIE as shown below:
r4#lat CCIE
Trying CCIE...Open

r6#
Solution
R4's Configuration
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime

no service password-encryption
!
hostname r4
!
!
ip tcp synwait-time 5
no ip domain-lookup
!
interface Loopback0
ip address 160.10.1.1 255.255.255.0
!
interface Ethernet0
ip address 172.16.40.4 255.255.255.0
lat enabled
!
interface Serial0
no ip address
encapsulation frame-relay
no ip mroute-cache
lat enabled
no fair-queue
clockrate 56000
no frame-relay inverse-arp
!
interface Serial0.1 point-to-point
ip address 172.16.60.4 255.255.255.0
ip ospf network non-broadcast
frame-relay interface-dlci 201
!
interface Serial1

no ip address
shutdown
!
interface TokenRing0
CertificationZone Page 3 of 14
11/06/01
ip address 172.16.240.4 255.255.255.0
ring-speed 16
!
router ospf 1
redistribute connected subnets
passive-interface TokenRing0
network 172.16.40.0 0.0.0.255 area 0
network 172.16.60.0 0.0.0.255 area 0
!
ip classless
!
translate tcp 160.10.1.2 lat CCIE
alias exec r show run
alias exec i show ip route
alias exec br show ip int brief
!
line con 0
exec-timeout 0 0
privilege level 15
line aux 0
line vty 0 4
privilege level 15
no login
!

end
R6's Final Configuration
r6#r
Building configuration...

Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r6
!
!
no ip routing <--------- IP routing completely disabled
ip tcp synwait-time 5
no ip domain-lookup
!
!
!
interface Ethernet0
no ip address
no ip route-cache
lat enabled <---------- LAT enabled on E0 interface
!
ip classless
!
lat service CCIE enabled <-- LAT service "CCIE" enabled
lat service SHOWRUN autocommand show run

lat service SHOWRUN enabled
!
alias exec r show run
alias exec i show ip route
alias exec br sho ip int brief
!
line con 0
privilege level 15
line aux 0
line vty 0 4
privilege level 15
no login
!
end
Scenario 2 - Troubleshooting IRB
CertificationZone Page 4 of 14
11/06/01
Equipment
This scenario requires 4 routers to complete as is. R5 is not really necessary since we are just pinging the BVI
interface, which would route to R5.
Objectives
The objective of this lab is to troubleshoot a complex scenario using multiple routers configured for transparent
bridging and IRB. When the network is configured correctly, you should be able to ping from the S0.1 interface of R2
to the BVI interface of R3. The IP address of R2's sub-interface S0.1 is 172.16.70.2 and the IP address of R3's BVI
Interface is 172.16.70.3. You need to make sure that R1 is always the root bridge and that all bridging loops are
eliminated. Use the IEEE spanning tree protocol. You may only use the "bridge 1 route IP" statement on a single
router. All traffic must traverse the R4 router. You should remove all IP routing on R1 and R4 and all IP addresses on
R1, R4, and R3's Serial 0.1 and Ethernet 1 Interfaces. R3 may only route on the E 0 interface. All other interfaces on
R3 should be configured for bridging only.
The Setup

The following configurations should be cut and pasted into your routers before beginning troubleshooting. If you do
not have routers that have the same interfaces as depicted in the diagram, adjust your configurations as necessary.
Here are the configurations:
R1:
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
!
no ip routing
ip tcp synwait-time 5
no ip domain-lookup
ip host frsw 2001 1.1.1.1
CertificationZone Page 5 of 14
11/06/01
ip host r2 2004 1.1.1.1
ip host r3 2003 1.1.1.1
ip host r4 2002 1.1.1.1
ip host r6 2006 1.1.1.1
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
no ip route-cache

no ip mroute-cache
!
interface Loopback10
description DO NOT DISTURB - for use by golab scripts
ip address 10.255.255.254 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Ethernet0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no lat enabled
!
interface Serial0
no ip address
encapsulation frame-relay
no ip route-cache
no ip mroute-cache
lat enabled
clockrate 56000
no frame-relay inverse-arp
!
interface Serial0.1 point-to-point
no ip route-cache
no ip mroute-cache
frame-relay interface-dlci 102
bridge-group 1
!

interface Serial0.2 multipoint
no ip route-cache
no ip split-horizon
no ip mroute-cache
bridge-group 1
bridge-group 1 priority 255
!
interface Serial1
ip address 192.168.4.1 255.255.255.0
encapsulation x25 dce
no ip route-cache
no ip mroute-cache
shutdown
x25 address 112233
x25 map ip 192.168.4.2 556677 broadcast
clockrate 56000
!
ip classless
!
!
bridge irb
bridge 1 protocol ieee
bridge 1 priority 128
alias exec r show run
alias exec i show ip route
alias exec br show ip int brief
alias exec s show ses
!
line con 0
exec-timeout 0 0

privilege level 15
line 1 8
modem Host
transport input all
line 9 16
line aux 0