We have successfully been using IBM 2212 routers for a couple of years. The routers are used to connect branch offices to the headquarters providing both IP and SNA connectivity using DLSw.
DLSw is used to connect remote Ethernet attached Microsoft SNA servers and SDLC attached 3174 communications controllers.
With the withdrawal from marketing of the IBM routers, Cisco routers are now the order of the day.
While there is an excellent IBM Redbook (SG24-5865 IBM Router Interoperability and Migration Examples) on the subject, the examples given, especially for DLSw, were too complex for our needs.
In this document, a Cisco router configuration that provides for both IP and DLSw connectivity to a central 2212 router is described. It is assumed that the reader is conversant with the IBM 2212 series configuration.
What is a Loopback Interface
Lots of people google to this web page looking for information on what a loopback interface is and what it is used for. A loopback interface is a special virtual interface created in software. It has no associated hardware interface and is therefore always up. One use of such an interface is to simply assign an IP address to the router as a whole rather than to a specific hardware interface. This allows the assigned IP address to be used to access the router (telnet for example) regardless of which real interfaces are up or down. Loopback interfaces are also used by some protocols. For example, the Loopback IP address can be used to assign the OSPF Router ID. In the example below, I use the loopback IP address to assign the DLSw local peer-id - because the loopback interface is always up, the DLSw local peer-id is always available.These global statements are used to define the local and remote DLSw peers and to enable bridging, giving a bridge group number.
The local-peer statement defines the IP address that is to be used as the local DLSw peer. For 2212 routers this would be the internal IP address. Cisco routers do not have an Internal IP address, so we must use another IP address. The address used can be any IP address that has been defined on an interface. So, for example, we could use the IP address defined for the Ethernet interface. However, this would mean that DLSw would only work when the Ethernet interface was active - This may not always be true. A solution is to define a loopback interface and use its IP address for the local-peer id. A loopback interface is always active. The only complication is that the IP address for the loopback interface must be in a unique subnet - that is we can't use the same subnet as the Ethernet interface (like we can for the internal 2212 IP address). The convention we used is to take the Ethernet network, in this case 10.20.0 and make the last number 255 and use a host address of 1. This makes the loopback address 10.20.255.1. Another option is to use the IP address of the serial connection, in our case 10.240.11.2.
The remote-peer statement defines the id of the remote peer (the 2212) and what protocol should be used to transfer the DLSw packets. For connection to a non Cisco box, we can only use TCP. The IP address given is the internal IP address of the central 2212 in this example 10.1.0.29
Finally, to activate DLSw on a LAN interface (Ethernet or Token Ring), we must enable bridging (on the 2212 we do this by enabling ASRT). We give the bridge group a number, which we will use later. Note that if we only wanted to provide DLSw to serial attached devices, such as a 3174, we would not need to activate bridging.
Warning When you turn on bridging, the IOS sometimes makes the assumption that you don't want routing and turns it off (with a no ip routing statement), you need to turn it back on (ip routing).
If you want to restrict traffic to SNA and not send Netbios packets, there are various ways to do this. One way is to filter by SAP. First create an access list:
access-list 200 permit 0x0000 0x0d0d
Then reference the list from the dlsw remote-peer statement:
dlsw remote-peer 0 tcp 10.1.0.29 lsap-output-list 200
interface Loopback0
ip address 10.20.255.1 255.255.255.255
These statements enable a loopback interface and assign an IP address for use as the DLSw local peer - note the mask of 255.255.255.255
ip mroute-cache
The 2nd most popular google search for this page is 'mroute-cache'.
The 'ip mroute-cache' command enables fast switching of multicast packets on the interface. The 'no ip mroute-cache' command turns it off and all multicast packets on the interface are process switched. One reason to turn off fast swtiching of multicast (or unicast packets for that matter) is to log debug messages.
Interface Ethernet0/0
ip address 10.20.0.30 255.255.255.0
ip helper-address 10.1.0.5
no ip mroute-cache
bridge-group 1
These statements define the Ethernet interface. The 'no ip mroute-cache' was added by IOS. The bridge-group statement defines the bridge group that this interface belongs to. This should match the group defined above for DLSw. If you are not using DLSw on the Ethernet interface, you will not need this.
The ip helper-address statement defines the address of a server where broadcast packets are to be forwarded. The global forward-protocol statement is used to define what packets are forwarded. In our case we want to forward bootp packets to the backup dhcp server running on the mainframe at the central site.
Note:the default is to forward a number of UDP packets, including netbios, dns and bootp. To only forward bootp packets, we have to specify the port numbers we don't want forwarded by using 'no forward-protocol statements'. See the full configuration for details.
interface serial0/0
mtu 2048
ip address 10.240.11.2 255.255.255.0
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
These statements define the serial interface that connects to the central 2212 router. Note that this router has a two port serial module with serial interfaces serial0/0 and serial0/1.
The MTU statement is required to make the MTU (Maximum Transmission Unit) match that of the 2212. The Cisco default is 1500, while the 2212 defaults to 2048. (Note: When I displayed the PPP MTU in use from the 2212 it was 1500 - go figure).
By default, Cisco routers use the HDLC protocol, with some Cisco specific protocol changes. To talk to a non Cisco router, such as a 2212, we must use PPP and not HDLC. The encapsulation statement changes the protocol to PPP.
To improve performance, we have requested that the TCP header be compressed. On slow connections, we could also use packet compression (compress stac).
interface serial0/1
mtu 4400
no ip address
encapsulation sdlc
no ip mroute-cache
no keepalive
nrzi-encoding
clockrate 19200
sdlc role primary
sdlc vmac 4000.3174.2000
sdlc address C1
sdlc sdlc-largest-frame C1 521
sdlc xid c1 05d20010
sdlc partner 0800.5a8b.0761 c1
sdlc dlsw c1
These statements define the serial interface that is used to connect a 3174 using SDLC. The MTU statement is used to set the MTU size required (this was taken from the IBM red book).
nrzi-encoding is used to change from the default of nrz encoding. This should match the option used when the 3174 was customized.
The clockrate statement is used to specify the speed that we will connect to the 3174 with. This value depends on the cable used to connect the 3174. For RS-232, 19200 is the maximum. For V35, 64000 could be used. Note that for the Cisco, we don't have to define the cable type as we do for the 2212, this is discovered automatically by the smart serial module.
The various SDLC statements are used to define SDLC specific information, and DLSw related details. Most are self explanatory and have a direct relation to the set link commands used on the 2212.
The sdlc vmac statement (sdlc vmac 4000.3174.2000) defines the virtual mac address that will be used by DLSw to connect to the central site. We have used a naming convention of 3174 followed by the IP subnet number 20. The final 00 will be changed by the IOS software to match the SDLC address of the connecting 3174. This will result in a mac address of 4000317420C1. Just be sure to pick an address that is not used anywhere else on the network.
The sdlc xid statement (sdlc xid C1 05D20010) defines the XID idnum and idblk to be used by the specified SDLC address (C1).These values must match those specified in the VTAM switched network major node.
The sdlc partner statement defines the target mac address. In this case, the address of the OSA (Open Systems Adapter) port on the mainframe.
ip route 0.0.0.0 0.0.0.0 10.240.11.1
Because we are not using a dynamic routing protocol (such as OSPF) we must define a default route. This sets the default route to the matching 2212 serial port.
add route 10.20.0.0 255.255.255.0 1
add route 10.20.255.0 255.255.255.0 1
Below is the complete listing of the configuration for the Cisco 2610 router. While it should not be considered the definitive solution, it has been successfully implemented on our network.
version 12.1 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname my2610 ! enable secret 5 xxx enable password 7 xxx ! ! ip subnet-zero no ip finger ! ! dlsw local-peer peer-id 10.20.255.1 dlsw remote-peer 0 tcp 10.1.0.29 lsap-output-list 200 dlsw bridge-group 1 ! ! interface Loopback0 ip address 10.20.255.1 255.255.255.255 ! interface Ethernet0/0 ip address 10.20.0.30 255.255.255.0 ip helper-address 10.1.0.5 no ip mroute-cache bridge-group 1 ! interface Serial0/0 mtu 2048 ip address 10.240.11.2 255.255.255.0 encapsulation ppp ip tcp header-compression no ip mroute-cache no fair-queue ! interface Serial0/1 mtu 4400 no ip address encapsulation sdlc no ip mroute-cache no keepalive nrzi-encoding clockrate 19200 sdlc role primary sdlc vmac 4000.3174.2000 sdlc address C1 sdlc sdlc-largest-frame C1 521 sdlc xid C1 05D20010 sdlc partner 0800.5a8b.0761 C1 sdlc dlsw C1 ! ip classless no ip forward-protocol udp tftp no ip forward-protocol udp domain no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm ip route 0.0.0.0 0.0.0.0 10.240.11.1 ip http server ! snmp-server community public RO snmp-server community netman RO snmp-server host 10.1.0.50 netman bridge 1 protocol ieee access-list 200 permit 0x0000 0x0d0d ! line con 0 transport input none line aux 0 line vty 0 4 password 7 xxx login ! end