SPNGN2101LG

SPNGN2
Building Cisco Service

Provider Next-Generation
Networks, Part 2
Version 1.01
Lab Guide
Text Part Number: 97-3132-02
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Asia Pacific Headquarters

Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV Amsterdam,
The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Lab Guide
2012 Cisco and/or its affiliates. All rights reserved.
Table of Contents
Lab Guide ........................................................................................................................... 1
Overview ............................................................................................................................................... 1
Outline ............................................................................................................................................ 1
Job Aids................................................................................................................................................. 2
Pod Access Information .................................................................................................................. 2
Device Information .......................................................................................................................... 2
IP Addressing ................................................................................................................................. 4
Lab 2-1: Configure Advanced Switching ............................................................................................... 7
Activity Objective ............................................................................................................................ 7
Visual Objective .............................................................................................................................. 7
Required Resources ....................................................................................................................... 7
Command List................................................................................................................................. 8
Task 1: Configure VLANs ............................................................................................................... 9
Task 2: Configure Trunking .......................................................................................................... 10
Task 3: Configure RSTP ............................................................................................................... 12
Task 4 (Optional): Configure MSTP ............................................................................................. 13
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy .................................................. 16
Activity Objective .......................................................................................................................... 16
Visual Objective ............................................................................................................................ 16
Required Resources ..................................................................................................................... 16
Command List............................................................................................................................... 17
Task 1: Configure and Verify Inter-VLAN Routing ........................................................................ 19
Task 2: Configure HSRP .............................................................................................................. 21
Task 3: Configure VRRP .............................................................................................................. 24
Lab 3-1: Implement OSPF .................................................................................................................. 27
Command List............................................................................................................................... 28
Task 1: Configure OSPFv2 ........................................................................................................... 30
Task 2: Configure OSPFv3 ........................................................................................................... 31
Task 3 (Optional): Configure OSPFv2 Authentication .................................................................. 32
Lab 3-2: Implement IS-IS .................................................................................................................... 33
Command List............................................................................................................................... 34
Task 1: Configure IS-IS for IPv4 ................................................................................................... 36
Task 2: Configure IS-IS for IPv6 ................................................................................................... 37
Task 3 (Optional): Configure IS-IS Authentication ....................................................................... 39
Lab 4-1: Configure Basic BGP ............................................................................................................ 40
Command List............................................................................................................................... 41
Task 1: Configure BGP Process and BGP Peering ..................................................................... 43
Task 2: Configure BGP to Advertise a Network ........................................................................... 44
Task 3 (Optional): Configure BGP Neighbor Authentication ........................................................ 45
Lab 5-1: Implement ACLs ................................................................................................................... 47
Command List............................................................................................................................... 48
Task 1: Configure IPv4 Filtering ................................................................................................... 49
Task 2: Configure IPv6 Filtering ................................................................................................... 50
Task 3 (Optional): Configure Antispoofing ACLs .......................................................................... 52
Lab 6-1: Manage Cisco IOS XR Package .......................................................................................... 54

Command List .............................................................................................................................. 55
Task 1: Uninstall Cisco IOS XR Package..................................................................................... 56
Task 2: Install Cisco IOS XR Package ......................................................................................... 57
Task 3: Configuration Management ............................................................................................. 58
Answer Key ......................................................................................................................................... 59
Lab 2-1 Answer Key: Configure Advanced Switching .................................................................. 59
Lab 2-2 Answer Key: Configure Inter-VLAN Routing and Gateway Redundancy ....................... 61
Lab 3-1 Answer Key: Implement OSPF ....................................................................................... 66
Lab 3-2 Answer Key: Implement IS-IS ......................................................................................... 68
Lab 4-1 Answer Key: Configure Basic BGP ................................................................................. 73
Lab 5-1 Answer Key: Implement ACLs ........................................................................................ 76
Lab 6-1 Answer Key: Manage Cisco IOS XR Package................................................................ 79
Appendix A .......................................................................................................................................... 84
ii
Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01
2012 Cisco Systems, Inc.
SPNGN2
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Job Aids
Lab 2-1: Configure Advanced Switching
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy
Lab 3-1: Implement OSPF
Lab 3-2: Implement IS-IS
Lab 4-1: Configure Basic BGP
Lab 5-1: Implement ACLs
Lab 6-1: Manage Cisco IOS XR Package
Answer Key
Appendix A (Tear-Out)
Job Aids
These job aids are available to help you complete lab activities.
Pod Access Information

The instructor will provide you with the team and pod numbers as well as other team and pod
access information. Write down the information in the table for future reference.
Parameter
Default value
Team number
z =14
Pod number
x = 1, 3, 5, 7
or
Value
y = 2, 4, 6, 8
Remote lab SSH access IP address
128.107.245.9
Remote lab SSH access username
instr
Remote lab SSH access password
testMe
Pod PE (Cisco IOS XR Software) router

username
root
Pod PE (Cisco IOS XR Software) router

password
1ronMan
Pod CE, SW, and PE privileged level password
cisco
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in one
pod, and two pods will work in one team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
The CE routers in both pods are running Cisco IOS Software. The first pod within a team (pods
1, 3, 5, or 7) will work on the PE router running Cisco IOS XR Software, and the second pod
within the same team (pods 2, 4, 6, or 8) will work on the PE router running Cisco IOS XE
Software.
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have redundant POS connections, as shown in the following topology:
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Legend:
GE
FE
OC3 POS
Team 1
CE1
Pod 1
SW1
Team 2
PE1
PE3
SW3
Pod 3
CE3
P1
SW12
SW34
CE2
Pod 2
SW2
PE2
PE4
SW4
Pod 4
CE4
CE5
Pod 5
SW5
PE5
PE7
SW7
Pod 7
CE7
SW56
CE6
Pod 6
P2
SW6
PE6
Team 3
SW78
PE8
SW8
Pod 8
CE8
Team 4
SPNGN2 v1.01LG-4
Note: FE = Fast Ethernet; GE = Gigabit Ethernet.

Device Roles and Loopback IP Addresses
Device Name
Device Role
Lo0 IPv4 Address
Lo0 IPv6 Address
CEx
Cisco 2900 pod router
10.x.10.1/32
2001:db8:10:x:10::1/128
10.y.10.1/32
2001:db8:10:y:10::1/128
CEy
Cisco ASR 9000 or Cisco
ASR 1000 pod router
10.x.1.1/32
2001:db8:10:x:1::1/128
PEy
10.y.1.1/32
2001:db8:10:y:1::1/128
SWx
Cisco ME340x pod switch
10.x.0.1/32
2001:db8:10:x:0::1/128
10.y.0.1/32
2001:db8:10:y:0::1/128
10.xy.0.1/32
2001:db8:10:xy:0::1/128
PEx
SWy
SWxy
Cisco ME340x pod switch

that is shared inside a team
P1
Cisco ASR 9000 core router 10.0.1.1/32
2001:db8:10:0:1::1/128
P2
Cisco ASR 9000 core router 10.0.2.1/32
2001:db8:10:0:2::1/128
The following figure illustrates the interface identification that is used in this lab setup.
Lab Guide
Team z
Pod x
CEx
SWx
FE0/1
GE0/0
PEx
FE0/2
SWxy
FE0/23
FE0/24
FE0/23
FE0/24
GE0/1
GE0/0
CEy
GE0/0/0/
1 GE0/0/0/
3
FE0/21
FE0/22
FE0/21
FE0/22
FE0/1
FE0/21
FE0/22
GE0/0/
1
GE0/0/
2
GE0/0/3
FE0/2
FE0/1
P2
GE0/0/0
SWy
Pod y
P1
GE0/0/0/0
FE0/23
FE0/24
GE0/1
GE0/0/0/
2
FE0/2
PEy
POS0/2/0
POS0/2/1
POS0/2/0
GE
FE
OC3 POS
Legend:
POS0/2/1
Connections to
PE(y+2)
SPNGN2 v1.01LG-5
IP Addressing
The following figure illustrates the IP addressing scheme that is used in this lab setup.
Team z
10.0.1.1
SWx
PEx
192.168.10x.0/24
192.168.10x.0/24
.x1
192.168.x1.0/24
.x0
.x0
10.xy.0.1
.x0
10.x.0.1
.1
SWxy
10.y.0.1
10.x.1.1
10.y.1.1
.y0
.y1
.y0
CEy
Pod y
SWy
.y0
.y0
192.168.10y.0/24
192.168.10y.0/24
PEy .y0
.1
.1
192.168.1xy.0/24
10.y.10.1
P1
.1
192.168.2.0/24
10.x.10.1
.x0
192.168.1.0/24
Pod x
CEx
.2
.2
.2
.2
P2
192.168.y2.0/24
.y0
10.0.2.1
Legend:
GE
FE
OC3 POS
Loopback
z = 1,2,3,4
x = 1,3,5,7
y = 2,4,6,8
w = 1 (for teams 1 and 2)
2 (for teams 3 and 4)
192.168.2w2.0/24
192.168.2w1.0/24
Connections to
PE(y+2)
SPNGN2 v1.01LG-6
The following figure illustrates the management IP addresses used in this lab setup.
Team 1
Pod 1
CE1
10.10.10.14
Team 2
Pod 3
SW1
PE1
PE3
SW3
10.10.10.11
10.10.10.17
10.10.10.25
10.10.10.19
CE3
10.10.10.22
P1
10.10.10.13
10.10.10.18
10.10.10.21
SW12
10.10.10.15
SW34
10.10.10.12
10.10.10.16
10.10.10.24
10.10.10.20
SW2
PE2
PE4
SW4
Pod 4
Pod 7
CE2
Pod 2
CE5
Pod 5
10.10.10.30
SW5
PE5
PE7
SW7
10.10.10.27
10.10.10.33
10.10.10.40
10.10.10.34
10.10.10.29
10.10.10.26
SW56
10.10.10.31
10.10.10.28
CE6
SW6
10.10.10.32
PE6
Team 3
CE7
10.10.10.37
SW78
10.10.10.39
10.10.10.35
PE8
SW8
10.10.10.38
Pod 8
CE8
Team 4
Note
CE4
10.10.10.36
P2
Pod 6
10.10.10.23
SPNGN2 v1.01LG-7
Replace the x or y with your pod number to get the IP addresses within your pod (for
example, x is for odd number pods 1, 3, 5, and 7; y is for even number pods 2, 4, 6, and 8).
Replace the xy (where x < y) with numbers of the pods within the same team (for example,
12, 34, 56, or 78) to get IP addresses on the link between those pods.
Pod IP Addressing
Device
Interface
IPv4 Address
IPv6 Address
CEx
GE0/0
192.168.10x.x1/24
2001:db8:192:168:10x::x1/80
CEy
GE0/0
192.168.10y.y1/24
2001:db8:192:168:10y::y1/80
192.168.x1.1/24
2001:db8:192:168:x1::1/80
192.168.y1.1/24
2001:db8:192:168:y1::1/80
192.168.x2.2/24
2001:db8:192:168:x2::2/80
192.168.y2.2/24
2001:db8:192:168:y2::2/80
POS0/2/0
192.168.211.20/24
2001:db8:192:168:211::20/80
POS0/2/1
192.168.212.20/24
2001:db8:192:168:212::20/80
POS0/2/0
192.168.211.40/24
2001:db8:192:168:211::40/80
POS0/2/1
192.168.212.40/24
2001:db8:192:168:212::40/80
POS0/2/0
192.168.221.60/24
2001:db8:192:168:221::60/80
POS0/2/1
192.168.222.60/24
2001:db8:192:168:222::60/80
POS0/2/0
192.168.221.80/24
2001:db8:192:168:221::80/80
POS0/2/1
192.168.222.80/24
2001:db8:192:168:222::80/80
GE0/0/0/0
192.168.10x.x0/24
2001:db8:192:168:10x::x0/80
GE0/0/0/1
192.168.1xy.x0/24
2001:db8:192:168:1xy::x0/80
P1
P2
PE2
PE4
PE6
PE8
PEx
Lab Guide
Device
PEy
Interface
IPv4 Address
IPv6 Address
GE0/0/0/2
192.168.x1.x0/24
2001:db8:192:168:x1::x0/80
GE0/0/0/3
192.168.x2.x0/24
2001:db8:192:168:x2::x0/80
GE0/0/0
192.168.10y.y0/24
2001:db8:192:168:10y::y0/80
GE0/0/1
192.168.1xy.y0/24
2001:db8:192:168:1xy::y0/80
GE0/0/2
192.168.y1.y0/24
2001:db8:192:168:y1::y0/80
GE0/0/3
192.168.y2.y0/24
2001:db8:192:168:y2::y0/80
Note: GE = Gigabit Ethernet.

Core IP Addressing
Device
P1
Device IP Address
Peer
192.168.1.1/24
P2
Peer IP Address
192.168.1.2/24
2001:db8:192:168:1::1/80
2001:db8:192:168:1::2/80
192.168.2.1/24
192.168.2.2/24
2001:db8:192:168:2::1/80
2001:db8:192:168:2::2/80
Lab 2-1: Configure Advanced Switching

Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify advanced switching features. After completing
this activity, you will be able to meet these objectives:
Configure VLANs
Configure trunking
Configure RSTP
Configure MSTP
Note
Students from two different pods are working in teams. Students in the same team should
coordinate their lab activity and proceed through steps simultaneously (step by step).
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod x
GE0/0 VLAN x0
TRUNK
1, x0, y0
FE0/1
SWxy
FE0/2
Configure trunking
FE0/23
TRUNK
1, x0, y0
FE0/23
GE0/1
GE0/0
CEy
GE0/0/0/0
FE0/21
FE0/21
Configure VLANs
PEx
FE0/2
FE0/1
FE0/23
TRUNK
1, x0, y0
GE0/1
Optimize RSTP
SWx
VLAN y0
Pod y
FE0/21
GE0/0/0
FE0/2
FE0/1
SWy
PEy
Configure MSTP
SPNGN2 v1.01LG-8
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
Lab Guide
Command List
The table describes the Cisco IOS Software commands that are used in this activity.
Command
Description
configure terminal
Enters configuration mode
interface interface
Enters interface configuration mode
ip address ip_address mask
Sets an IPv4 address for an interface and the subnet mask
ipv6 address
ip_address/mask
ping destination_address
source interface
Pings the specified address (IPv4 or IPv6) from the

specified interface
show interfaces interface

switchport
Displays the administrative and operational status of a

switching port
show interfaces interface

trunk
Displays interface trunk information
show spanning-tree vlan

vlan
Displays spanning-tree information for the specified VLAN
show spanning-tree
Displays spanning-tree information
show spanning-tree mst

configuration
Displays the MSTP region configuration and status
vlan vlan_number
Creates a VLAN and enters VLAN configuration mode
switchport mode access |

trunk
Configures the VLAN membership or trunking mode of a

port
switchport access vlan

vlan
Configures VLAN membership on an access port
port-type nni
Sets a port type to nni
switchport trunk allowed

vlan vlans
Specifies allowed VLANs on a trunk port
spanning-tree vlan vlan

root primary
Configures a switch to be primary root for specified VLAN
spanning-tree vlan vlan

root secondary
Configures a switch to be secondary root for specified

VLAN
spanning-tree mode mst
Sets STP mode to MSTP
spanning-tree mst
configuration
Enters MST configuration mode
name name
Sets the MSTP configuration name
revision number
Sets the MSTP revision number
instance instance_id vlan

vlan
Maps VLANs to an MST instance
spanning-tree mst 1 root

primary
Configures a switch to be root for specified MSTP instance
Task 1: Configure VLANs

In this task, you will first create additional VLANs. Then you will configure router facing
switch ports for access mode and put them into proper VLANs. You will have to coordinate
your activities with another pod in your team.
Note
For a port and interface identification as well as an IP addressing scheme, use Job Aids.
Activity Procedure
Complete these steps:
Step 1
On the pod CE router, remove any IP addressing from the GigabitEthernet0/1

interface.
Step 2
On the pod CE router, remove any IP addresses from the GigabitEthernet0/0

interface. Assign the removed IP addresses to the GigabitEthernet0/1 interface.
Step 3
On the pod and shared switches, create two VLANs, one for your pod VLAN x0
and one for another pod in your team VLAN y0 (where x is 1, 3, 5, or 7, and y is
2, 4, 6, and 8).
Step 4
On the shared switch, configure CE facing port access and put it into your pod
VLAN. Make sure that the port is NNI type.
Step 5
On the pod switch, configure CE and PE facing ports access and put them into your
pod VLAN. Make sure that the ports are NNI type.
Activity Verification
You have completed this task when you attain these results:
Note
Outputs in the verification section are taken from team 1 and pod 1 and may differ from your
outputs.
On the pod switch, verify administrative and operational mode and access VLAN:
SW1#show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
< output omitted >
On the shared switch, verify administrative and operational mode and access VLAN:
SW12# show interfaces FastEthernet0/1 switchport
Name: Fa0/1
Switchport: Enabled
Lab Guide

< output omitted >
SW12# show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
< output omitted >
Task 2: Configure Trunking

In this task, you will enable trunking on links between the pod and shared switches. You will
have to coordinate your activities with another pod in the team.
Activity Procedure
Step 1
On the pod switch, enable trunking on the ports that are facing the shared switch
(FastEthernet0/23) and the pod switch of the other (FastEthernet0/21). Allow only
VLANs 1, x0, and y0 to pass the trunk. Make sure that the switch ports are NNI
type.
Step 2
On the shared switch, enable trunking on the ports that are facing pod switches
(FastEthernet0/21 and FastEthernet0/23). Allow only VLANs 1, x0, and y0 to pass
the trunk. Make sure that the switch ports are NNI type.
You have completed this task when you attain this result:
From the CE router, ping the PE router:

CE1# ping 192.168.101.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
On the pod switch, verify trunk interfaces:

SW1#show interfaces FastEthernet0/21 trunk
Port
Mode
Native vlan
Fa0/21
on
10
Encapsulation
Status
802.1q
trunking
Port
Fa0/21
Vlans allowed on trunk

1,10,20
Port
Fa0/21
Vlans allowed and active in management domain

1,10,20
Port
pruned
Fa0/21
Vlans in spanning tree forwarding state and not

none

Port
Mode
Native vlan
Fa0/23
on
Encapsulation
Status
802.1q
trunking
Port
Fa0/23

1,10,20
Port
Fa0/23

1,10,20
Port
pruned
Fa0/23

1,10,20
On the shared switch, verify trunk interfaces:

Port
Mode
Native vlan
Fa0/21
on
Encapsulation
Status
802.1q
trunking
Port
Fa0/21

1,10,20
Port
Fa0/21

1,10,20
Port
pruned
Fa0/21

1,10,20

Port
Mode
Native vlan
Fa0/23
on
Encapsulation
Status
802.1q
trunking
Lab Guide
11
Port
Fa0/23

1,10,20
Port
Fa0/23

1,10,20
Port
pruned
Fa0/23

1,10,20
Task 3: Configure RSTP

In this task, you will verify and optimize RSTP operations.
Activity Procedure
Step 1
On the pod switch, verify STP mode for VLAN x0 and y0. STP mode should be
RSTP by default.
SW1#show spanning-tree vlan 10 |
Spanning tree enabled protocol
SW1#show spanning-tree vlan 20 |
Spanning tree enabled protocol
Step 2
include Spanning
rstp
include Spanning
rstp
Find the root switch for both VLANs. Note the root switch bellow:
SW1#show spanning-tree vlan 10 | include root
!
!
This bridge is the root
This bridge is the root
VLAN x0 root switch: ___________________________

VLAN y0 root switch: ___________________________
Step 3
Find the blocking port for each VLAN. Note the ports bellow:
SW1#show spanning-tree vlan 10 | include BLK
Fa0/21
Altn BLK 19
128.23
Fa0/21
Altn BLK 19
128.23
!
!
P2p
P2p
VLAN x0 blocking port: Port:______________Switch:____________

VLAN y0 blocking port: Port:______________Switch:____________
12
Note
You should find out that the same switch is designated as a root for both VLANs, and that
the same port is blocking for both VLANs. Thus, not all of the links are utilized.
Step 4
Optimize RSTP operations by assigning pod SWx switch as the root for VLAN x0
and pod SWy switch as the root for VLAN y0. The pod switches also should be
backup root switches for the pod switch of the other.
Step 5
Find the blocking port for each VLAN. Note the ports bellow:
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________
Note
Note the difference. You should see that traffic from different VLANs takes different paths
now. All available links between switches should be utilized now.
Blocking ports after the RSTP optimization:

!
!
Fa0/21
Altn BLK 19
128.23
Fa0/23
Altn BLK 19
128.25
P2p
P2p
Task 4 (Optional): Configure MSTP

In this task, you will enable the MSTP protocol. You will create two instances of MSTP and
associate one VLAN with each instance.
The main advantage of MSTP is that you can associate several VLANs with one instance.
However, in the lab, there are only two VLANs that are created and one VLAN that will be
associated with one MSTP instance.
Activity Procedure
Step 1
On the pod and shared switches, set the spanning tree mode to MSTP.
Step 2
Set the name of the MSTP configuration to LAB. Set the revision number of MSTP
to 1. Create instance 1 and associate VLAN x0 with the instance. Create instance 2
and associate VLAN y0 with the instance.
Step 3
Configure your pod switch to be the root for the MST instance supporting your
VLAN.
On the pod and shared switches, verify that MSTP is running:
Lab Guide
13
SW1#show spanning-tree | include MST|Spanning

MST0
Spanning tree enabled protocol mstp
MST1
MST2
!
MST0
MST1
MST2
!
MST0
MST1
MST2
On the pod and shared switches, verify the MST instance to VLAN mapping:
SW1#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
-----------------------------------------------------------------------------!
Name
[LAB]
Revision 1
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
14
-----------------------------------------------------------------------------!
Name
[LAB]
Revision 1
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
------------------------------------------------------------------------------
Lab Guide
15
Lab 2-2: Configure Inter-VLAN Routing and

Gateway Redundancy
Activity Objective
In this activity, you will configure inter-VLAN routing on the PE routers. Then you will
configure HSRP and VRRP between PE routers. After completing this activity, you will be able
to meet these objectives:
Configure and verify inter-VLAN routing.
Configure and verify HSRP.
Configure and verify VRRP.
Visual Objective
Team z
Pod x VLAN x0
CEx
192.168.10x.x0/24
192.168.10y.y2/24
SWx
FE0/2
FE0/23
HSRP
VRRP
FE0/21
GE0/1
192.168.10x.x1/24
192.168.10x.x3/24
192.168.10y.y3/24
FE0/21
SWxy
FE0/2
FE0/23
VLANs 1,x0, y0
FE0/1
192.168.10y.y1/24
GE0/1
FE0/21
FE0/23
FE0/2
CEy
PEx
GE0/0/0/0
VLANs x0, y0
Pod y VLAN y0
SWy
VLANs x0, y0
GE0/0/0
192.168.10x.x2/24
192.168.10y.y0/24
PEy
Legend:
TRUNK
GE
FE
SPNGN2 v1.01LG-9
Required Resources
16
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command
Description
configure terminal
encapsulation dot1q vlan
Enables IEEE 802.1Q encapsulation of traffic on a

specified subinterface in a VLAN
interface
interface[.subinterface]
Enters interface configuration mode; used also to create

subinterface
ip route subnet mask

next_hop_IP_address
Configures static route
ipv6 address
ip_address/mask
source interface

specified interface
show standby
Displays Hot Standby Router Protocol (HSRP) information
show vrrp
Displays a brief or detailed status of one or all configured

Virtual Router Redundancy Protocol (VRRP) groups on the
router
standby group_ID ip
virtual_IP_address
Activates the HSRP
standby group_ID preempt
Enables HSRP pre-emption
standby group_ID priority
Sets the HSRP priority

trunk

port
switchport trunk allowed

vlan vlans
Specifies allowed VLANs on a trunk port
vrrp group_ID ip
ip_address
Enables the VRRP on an interface and identification of the

IP address of the virtual router
vrrp group_ID priority

priority
Sets the VRRP priority
Cisco IOS XR Software Commands

Command
Description
address
Sets VRRP address
address-family ipv4
Enters IPv4 address family VRRP configuration mode
commit
Commits changes to the running configuration
configure terminal
encapsulation dot1q 20
Enables IEEE 802.1Q encapsulation of traffic on a specified

subinterface in a VLAN
hsrp group_ID ipv4 address
Activates the HSRP
hsrp group_ID preempt
Configures HSRP pre-emption
Lab Guide
17
18
hsrp group_ID priority

priority
Configures HSRP priority
interface interface
Enters interface HSRP or VRRP configuration mode
interface
interface[.subinterface]
Enters interface configuration mode; used also to create

subinterface
ipv4 address ip_address

mask
ipv6 address
ip_address/mask
source interface
Pings the specified address (IPv4 or IPv6) from the specified

interface
priority priority
Sets VRRP priority
router hsrp
Enables the HSRP
router vrrp
Enables the VRRP
show hsrp
Displays HSRP information
show route ipv6
Displays IPv6 routing table
show vrrp
Displays a brief or detailed status of one or all configured

VRRP groups on the router
shutdown
Shuts down an interface
vrrp group_ID
Enables VRRP virtual router mode
Task 1: Configure and Verify Inter-VLAN Routing

In this task, you will configure inter-VLAN routing between VLANs x0 and y0. You will have
to reconfigure the PE pod router and pod switch to support inter-VLAN routing. You will have
to coordinate your activities with another pod in the team.
Activity Procedure
Step 1
On the pod switch, configure the PE facing port as a trunk. Allow only VLANs x0
and y0 on the trunk. For port identification, use Job Aids.
Step 2
On the pod PE router, note the IPv4 and IPv6 address on the first Gigabit Ethernet
interface below:
IPv4:_______________________________
IPv6:_______________________________
Step 3
On the pod PE router, remove the IPv4 and IPv6 addresses from the first Gigabit
Ethernet interface.
Step 4
On the pod PE router, create two subinterfaces on the first Gigabit Ethernet
interface. Use x0 or y0 (where x is 1, 3, 5, or 7, and y is 2, 4, 6, or 8) as interface
identifiers. Assign the x0 or y0 VLAN tag to the subinterface. Assign IPv4 and IPv6
addresses to the subinterfaces.
Device
Subinterface
VLAN
PEx
GE0/0/0/0.x0
x0
IPv4 and IPv6 Address

192.168.10x.x0/24
2001:db8:192:168:10x::x0/80
GE0/0/0/0.y0
y0
192.168.10y.y2/24
2001:db8:192:168:10y::y2/80
PEy
GE0/0/0.x0
x0
192.168.10x.x2/24
2001:db8:192:168:10x::x2/80
GE0/0/0.y0
y0
192.168.10y.y0/24
2001:db8:192:168:10y::y0/80
Step 5
On the pod CE router, create a static default IPv6 route using the ipv6 route ::/0
interface next-hop-IPv6-address command that will point to the subinterface that is
configured on the pod PE router.
From the pod CE router, ping the other pod CE router using IPv6:
CE1#ping 2001:DB8:192:168:102::21
Sending 5, 100-byte ICMP Echos to 2001:DB8:192:168:102::21,
timeout is 2 seconds:
!!!!!
0/1/8 ms
!
CE2#ping 2001:DB8:192:168:101::11
Lab Guide
19

!!!!!
0/0/0 ms
Note
Your ping will not be successful until the other pod finished the configuration in this task.
On the pod PE router, verify the IPv6 routing table:

RP/0/RSP0/CPU0:PE1#show route ipv6
< output omitted >
Gateway of last resort is not set
C
L
C
L
2001:db8:192:168:101::/80 is directly connected,

01:06:22, GigabitEthernet0/0/0/0.10
2001:db8:192:168:101::10/128 is directly connected,
2001:db8:192:168:102::/80 is directly connected,
2001:db8:192:168:102::22/128 is directly connected,
!
PE2#show ipv6 route
< output omitted >
C
2001:DB8:192:168:101::/80 [0/0]
via GigabitEthernet0/0/0.10, directly connected
L
2001:DB8:192:168:101::12/128 [0/0]
via GigabitEthernet0/0/0.10, receive
C
2001:DB8:192:168:102::/80 [0/0]
via GigabitEthernet0/0/0.20, directly connected
L
2001:DB8:192:168:102::20/128 [0/0]
via GigabitEthernet0/0/0.20, receive
L
FF00::/8 [0/0]
via Null0, receive
20
Task 2: Configure HSRP

In this task, you will enable HSRP on the pod PE router for your pod VLAN. You will have to
coordinate your activities with another pod in the team.
The figure illustrates what you will accomplish in this task.
Team z
Pod x VLAN x0
CEx
Active router for VLAN x0

Backup router for VLAN y0
Pod y VLAN y0
PEx
GE0/0/0/0.x0
192.168.10x.x0/24
GE0/0/0/0.y0
192.168.10y.y2/24
192.168.10x.x1/24
192.168.10x.x3/24
192.168.10y.y3/24
192.168.10y.y1/24
GE0/0/0.x0
192.168.10x.x2/24
GE0/0/0.y0
192.168.10y.y0/24
PEy
CEy
Active router for VLAN y0

Backup router for VLAN x0
SPNGN2 v1.01LG-10
Activity Procedure
Step 1
On your pod and the neighbor pod, PE routers enable HSRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Enable HSRP preemption. Make sure that your pod PE router is active for your VLAN. Use the
following IP addresses as virtual IP addresses:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
Step 2
On the pod CE router, configure a static default IPv4 route that will point to your
pod HSRP address.
On the pod PE router, verify HSRP configuration:

RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:42:34.591 UTC
P indicates configured to preempt.
|
Lab Guide
21
Interface
Grp Pri P State
Active addr
Standby addr
Group addr
Gi0/0/0/0.10
1 150 P Active local
192.168.101.12 192.168.101.13
Gi0/0/0/0.20
2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
GigabitEthernet0/0/0.10 - Group 1
State is Standby
1 state change, last state change 00:04:02
Virtual IP address is 192.168.101.13
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.184 secs
Preemption enabled
Active router is 192.168.101.10, priority 150 (expires in
9.632 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.10-1" (default)
State is Active
Preemption enabled
Active router is local
Standby router is 192.168.102.22, priority 100 (expires in
10.640 sec)
Priority 150 (configured 150)
From pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!
PE1 (Cisco IOS XR):

interface GigabitEthernet0/0/0/0.10
shutdown
22
!
commit
PE2 (Cisco IOS XE):

interface GigabitEthernet0/0/0.20
shutdown
Minimal disruption in the ping from pod CE router:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
On the pod PE router, verify HSRP configuration:

RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:53:12.356 UTC
P indicates configured to preempt.
|
Interface
Grp Pri P State
Active addr
Standby addr
Group addr
Gi0/0/0/0.10
1 150 P Init
unknown
unknown
192.168.101.13
Gi0/0/0/0.20
2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
State is Active
2 state changes, last state change 00:05:01
Preemption enabled
Standby router is unknown
Priority 100 (default 100)
State is Active
Preemption enabled
Standby router is 192.168.102.22, priority 100 (expires in
9.920 sec)
Priority 150 (configured 150)
Lab Guide
23
Step 3
Enable the previously disabled interface and remove HSRP configuration from the
PE router.
Task 3: Configure VRRP

In this task, you will enable VRRP on your pod and the neighbor pod PE routers for your
VLAN. You will have to coordinate your activities with another pod in the team.
Activity Procedure
Step 1
On your pod and the neighbor pod, PE routers enable VRRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Make sure that your pod
PE router is active for your VLAN. Use the following IP addresses as a virtual IP
address:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
On the pod PE router, verify the VRRP configuration:

RP/0/RSP0/CPU0:PE1#show vrrp
Sun Jul 9 11:07:10.700 UTC
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface
vrID Prio A P State
Master addr
VRouter
addr
Gi0/0/0/0.10
1 150
P Master
local
192.168.101.13
Gi0/0/0/0.20
2 100
P Backup
192.168.102.20
192.168.102.23
A indicates IP address owner
| P indicates configured to preempt
| |
Interface
vrID Prio A P State
Master addr
VRouter
addr
!
PE2#show vrrp
State is Backup
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
24
Master Router is 192.168.101.10, priority is 150

Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.127 sec)
State is Master
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Down interval is 3.414 sec
From the pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!
PE1 (Cisco IOS XR):

shutdown
!
commit
PE2 (Cisco IOS XE):

shutdown
Minimal disruption in the ping from the pod CE router:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
On the pod PE router, verify VRRP configuration:

RP/0/RSP0/CPU0:PE1#show
Sun Jul 9 11:10:19.654
A
|
|
Interface
vrID Prio A
addr
Gi0/0/0/0.10
1 150
192.168.101.13
Gi0/0/0/0.20
2 100
192.168.102.23
vrrp
UTC
indicates IP address owner
P indicates configured to preempt
|
P State
Master addr
VRouter
P Init
unknown
P Backup
192.168.102.20
Lab Guide
25

A
|
|
vrID Prio A
indicates IP address owner

P indicates configured to preempt
|
P State
Master addr
VRouter
Interface
addr
!
PE2#show vrrp
State is Master
Preemption enabled
Priority is 100
State is Master
Preemption enabled
Priority is 150
26
Step 2
Enable the previously disabled interface and remove the VRRP configuration from
the PE router.
Step 3
On the PE router, remove subinterfaces that are configured in this lab activity and
configure IPv4 and IPv6 addresses on the first Gigabit Ethernet interface.
Step 4
On the pod switch, configure the PE facing port as access and assign port into
VLANx0 or VLANy0 (where x or y is your pod number). For port identification,
use Job Aids.
Step 5
On the pod CE router, disable the second Gigabit Ethernet interface and configure IP
addresses that are found on the second Gigabit Ethernet interface to the first Gigabit
Ethernet interface.
Lab 3-1: Implement OSPF

Activity Objective
In this activity, you will configure and verify the OSPFv2 and OSPFv3 routing protocols. You
will also configure OSPFv2 authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Configure and verify OSPFv2 and OSPFv3
Configure and verify OSPFv2 authentication
Visual Objective
Team z
CEx
Pod x
OSPF Area 0
Enable OSPFv2
and OSPFv3
Pod y
PEx
Enable OSPFv2
authentication
OSPF Area 0
CEy
PEy
SPNGN2 v1.01LG-11
Required Resources
Lab Guide
27
Command List
Command
Description
configure terminal
debug ip ospf packet
Enables debugging of OSPFv2 packets
interface interface
ip ospf authentication
message-digest
Enables MD5 OSPFv2 authentication on an interface
ip ospf message-digest-key
key-id md5 key
Specifies MD5 key ID and key
ipv6 address
ip_address/mask
ipv6 ospf process_id area

area_id
Enables OSPFv3 on an interface
ipv6 router ospf

process_id
Enters OSPFv3 router configuration mode
network ip_address
wildcard_mask area area_id
Enables OSPFv2 for specified networks
router ospf process_id
show ip ospf neighbors
Displays OSPFv2 neighbors
show ip route
show ipv6 ospf neighbors
show ipv6 route
28
Command
Description
area area
Configures OSPF area
authentication message-digest
Enables MD5 OSPF authentication
commit
configure terminal
debug ospf process_id packet
Enables debugging of OSPFv2 packets for specified

process
interface interface
interface interface
Enables interface for OSPF under specified area
ipv4 address ip_address mask
Sets an IPv4 address for an interface and the subnet

mask
ipv6 address ip_address/mask
Sets an IPv6 address for an interface and the subnet

mask
message-digest-key key-id md5

key
Specifies MD5 key ID and key
Command
Description
router ospf process_id
router ospfv3 process_id
show ospf neighbors
show ospfv3 neighbors
show route
show route ipv6
Lab Guide
29
Task 1: Configure OSPFv2

In this task, you will configure OSPFv2 routing protocol between your pod CE and PE routers.
Activity Procedure
Step 1
On the pod CE and PE routers, configure Loopback0 interface assign IPv4 address
that is as documented in the Job Aids.
Step 2
On the pod CE and PE routers, enable the OSPFv2 routing process. Enable OSPFv2
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0 and process ID 1.
On the pod CE and PE routers, verify OSPFv2 neighbors. Adjacency should be established
and loopback interfaces should be used as OSPF router ID.
CE1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/BDR
00:00:31
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1
Address
Neighbor ID
Interface
10.1.10.1
192.168.101.11
Neighbor is
Address
Pri
State
Dead Time
1
FULL/DR
00:00:37
GigabitEthernet0/0/0/0
up for 00:00:56
Total neighbor count: 1
On the pod CE and PE routers, verify the IPv4 routing table. You should see the
neighboring router loopback interfaces in the routing table.
CE1#show ip route ospf
< text omitted >
10.0.0.0/32 is subnetted, 2 subnets
O
10.1.1.1 [110/2] via 192.168.101.10, 00:03:39,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ospf
O
10.1.10.1/32 [110/2] via 192.168.101.11, 00:03:37,
30

In this task, you will configure the OSPFv3 routing protocol between pod CE and PE routers.
Activity Procedure
Step 1
On the pod CE and PE routers, configure IPv6 address on the Loopback0 interface
as defined in Job Aids.
Step 2
On the pod CE and PE routers, enable the OSPFv3 routing process. Enable OSPFv3
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0.
On the pod CE and PE routers, verify the OSPFv3 neighbors. Adjacency should be
established and Loopback0 interfaces should be used as OSPF router ID.
CE1#show ipv6 ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/BDR
00:00:31
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospfv3 neighbor
Neighbors for OSPFv3 1
Neighbor ID
Pri
State
Interface
10.1.10.1
1
FULL/DR
Neighbor is up for 00:01:58
Interface ID
7
Dead Time
Interface ID
00:00:33
On the pod CE and PE routers, verify the IPv6 routing table. You should see neighboring
router Loopback0 interfaces in the routing table.
CE1#show ipv6 route ospf
< text omitted >
O
2001:DB8:10:1:1::1/128 [110/1]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 ospf
O
2011:db8:10:1:10::1/128
[110/1] via fe80::eab7:48ff:fe2c:a180, 00:03:33,
Lab Guide
31
Task 3 (Optional): Configure OSPFv2 Authentication

In this task, you will enable OSPFv2 MD5 authentication between the pod PE and CE routers.
Activity Procedure
Step 1
On the pod PE and CE routers, enable OSPFv2 MD5 authentication on the first
Gigabit Ethernet interface. Use key ID 1 and key Cisco. On the pod PE router,
enable authentication on the area level.
Verify that OSPF adjacencies are still up.

CE1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/DR
00:00:33
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1
Neighbor ID
Interface
10.1.10.1
192.168.101.11
Neighbor is
Pri
State
Dead Time
Address
Address
1
FULL/BDR
00:00:39
up for 00:06:25
Enable OSPF packet debugging and observe the exchange of authenticated hello packets.
RP/0/RSP0/CPU0:PE1#debug ospf 1 packet
RP/0/RSP0/CPU0:Jul 9 13:49:26.666 : ospf[1010]: Recv: HLO
l:48 rid:10.1.10.1 aut:2 auk: from 192.168.101.11 to 224.0.0.5
on GigabitEthernet0/0/0/0, vrf default vrfid 0x60000000
CE1#debug ip ospf packet
Jul 9 13:49:45.144: OSPF: rcv. v:2 t:1 l:48 rid:10.1.1.1
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x3968829A from
GigabitEthernet0/0
32
Use the Cisco IOS, IOS XE, and IOS XR undebug all command to disable debugging.
Lab 3-2: Implement IS-IS

Activity Objective
In this activity, you will configure and verify the IS-IS routing protocol for IPv4 and IPv6. You
will also configure IS-IS authentication to secure the exchange of routing information.
Configure and verify IS-IS for IPv4 and IPv6
Configure and verify IS-IS authentication
Visual Objective
Team z
CEx
Pod x
IS-IS Area 49.0000
Enable IS-IS for

IPv4 and IPv6
Pod y
PEx
Enable IS-IS
authentication
IS-IS Area 49.0000
CEy
PEy
SPNGN2 v1.01LG-12
Required Resources
Lab Guide
33
Command List
Command
Description
address-family ipv6
unicast
Enters IPv6 address family for IS-IS
authentication key-chain
key_chain_name
Specifies IS-IS LSP packet authentication key chain
authentication mode md5
Enables IS-IS LSP packet MD5 authentication
configure terminal
distance distance ip
Configures administrative distance for IS-IS
interface interface
ip router isis
process_name
Enables IS-IS for IPv4 on an interface
ipv6 router isis

process_name
Enables IS-IS for IPv6 on an interface
isis authentication keychain key_chain_name
Specifies IS-IS hello packet authentication key chain
isis authentication mode

md5
Enables IS-IS hello packet MD5 authentication
is-type level-2-only
Changes IS-IS router type to level 2
key chain key_chain_name
Creates a key chain
key key_id
Creates a key in a key chain and specifies key ID
key-string key_string
Specified key string in a key chain
metric-style wide
Enables wide-style metric for IS-IS
net net_address
Configures NET address for IS-IS
router isis process_name
Enters IS-IS router configuration mode
show ip route
show ipv6 route
show isis neighbors
Displays IS-IS neighbors
34
Command
Description
address-family ipv4|ipv6
unicast
Enters IPv4 or IPv6 address family for IS-IS and enables ISIS on an interface for IPv4 or IPv6 address family
commit
configure terminal
distance distance
Configures administrative distance for IS-IS
hello-password hmac-md5 key
Enables IS-IS hello packet MD5 authentication
interface interface
Enters interface configuration mode or enters interface

configuration mode under router IS-IS configuration mode
Command
Description
Changes IS-IS router type to level 2
lsp-password hmac-md5 key
Enables IS-IS LSP packet MD5 authentication
metric-style wide
Enables wide-style metric for IS-IS
net net_address
Configures NET address for IS-IS
router isis process_name
Enters IS-IS router configuration mode
show isis neighbors
Displays IS-IS neighbors
show route
show route ipv6
single-topology
Configures IS-IS single-topology
Lab Guide
35
Task 1: Configure IS-IS for IPv4

In this task, you will configure the IS-IS routing protocol for IPv4 between the pod CE and PE
routers.
Activity Procedure
Step 1
Create a NET address for the pod CE and PE routers. Use 49 as the AFI, 0000 as the
area ID, and extended Loopback0 IPv4 address as the system ID. Write down the
NET address:
PE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
CE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
Step 2
On the pod CE and PE routers, enable the IS-IS process and configure the NET
address on each router.
Step 3
On the pod CE and PE routers, enable IS-IS for Layer 2 routing only. Enable widestyle metrics for IPv4.
Step 4
On the pod CE and PE routers, change the IS-IS administrative distance for IPv4 to
105.
Step 5
On the pod CE and PE routers, enable IS-IS for IPv4 on Loopback0 and the first
Gigabit Ethernet interfaces.
Note
Changing of administrative distance is required for a router to prefer IS-IS routes. Otherwise,
OSPF routers would be seen in the routing table. Recall that OSPF by default uses
administrative distance 110, while IS-IS uses 115.
On the PE and CE routers, verify IS-IS neighbors. Adjacency should be established and the
type of routers should be Layer 2.
CE1#show isis neighbors
System Id
Type Interface
IP Address
State Holdtime
Circuit Id
PE1
L2
Gi0/0
192.168.101.10 UP
26
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id
Interface
SNPA
State Holdtime
Type IETF-NSF
CE1
Gi0/0/0/0
e8b7.482c.a180 Up
8
L2
Capable
36
On the PE and CE routers, verify the IPv4 routing table. You should see neighboring router
Loopback0 interfaces in the routing table. Observe the metric to reach Loopback0
networks.
CE1#show ip route isis

< text omitted >
Gateway of last resort is 192.168.101.13 to network 0.0.0.0
i L2
10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route isis
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:52,

In this task, you will configure the IS-IS routing protocol for IPv6 between the pod CE and PE
routers.
Activity Procedure
Step 1
Note
On the pod PE routers (Cisco IOS XR Software only), enable wide-style metrics for
IPv6.
Wide-style metrics are enabled separately per address family on Cisco IOS XR routers only.
On Cisco IOS and IOS XE routers, wide-style metrics are enabled for all address families.
Therefore, wide-style metrics on Cisco IOS and IOS XE routers already have been enabled
in the previous task.
Step 2
On the pod CE and PE routers, change the IS-IS administrative distance for IPv6 to
105.
Step 3
On the pod PE router (Cisco IOS XR Software only), configure the single-topology
IS-IS for IPv6.
Note
Step 4
Configuration of single-topology IS-IS is needed on Cisco IOS XR routers only. Cisco IOS
XR routers use multitopology IS-IS by default, while Cisco IOS and IOS XE routers use
single-topology IS-IS by default.
On the pod CE and PE routers, enable IS-IS for IPv6 on Loopback0 and the first
Gigabit Ethernet interfaces.
Lab Guide
37
On the pod CE and PE routers, verify the IPv6 routing table. You should see the
neighboring router Loopback0 interface in the routing table.
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
!
RP/0/RSP0/CPU0:PE1#show route ipv6 isis
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:01:33,
38
Task 3 (Optional): Configure IS-IS Authentication

In this task, you will enable IS-IS MD5 authentication between the pod PE and CE routers.
Recall that IS-IS is a multiprotocol routing protocol and that IS-IS authentication is enabled for
CLNP, not for IPv4 or IPv6.
Activity Procedure
Step 1
On the pod PE and CE routers, enable MD5 IS-IS LSP and hello packets
authentication. Use key ID 1 and key Cisco.
On the pod CE and PE routers, verify that IS-IS adjacencies are still up.
CE1#show isis neighbors
System Id
Type Interface
IP Address
State Holdtime
Circuit Id
PE1
L2
Gi0/0
192.168.101.10 UP
24
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id
Interface
SNPA
State Holdtime
Type IETF-NSF
CE1
Gi0/0/0/0
e8b7.482c.a180 Up
9
L2
Capable
On the pod CE and PE routers, verify that routes are still seen in the routing table. You can
either observe the IPv4 or IPv6 routing table.
CE1#show ip route isis
< text omitted >
i L2
10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
!
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:50,
!
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:03:55,
Lab Guide
39
Lab 4-1: Configure Basic BGP

Activity Objective
In this activity, you will configure and verify BGP routing. You will establish an EBGP session
between the CE and PE routers, and establish an IBGP session between PE routers. After
completing this activity, you will be able to meet these objectives:
Configure and verify the BGP process and BGP peering
Configure BGP to advertise a network
Configure BGP authentication
Visual Objective
Team z
CEx
Pod
x
AS
6450x
Pod x
PEx
AS 64500
AS 6450y
Enable BGP
authentication
IBGP
EBGP
EBGP
CEy
Pod y
PEy
SPNGN2 v1.01LG-13
Required Resources
40
Command List
Command
Description
address-family ipv4 | ipv6
Enters BGP address family configuration mode
clear ip bgp ip_address
Clears the BGP session with the specified neighbor
configure terminal
interface interface
ip address address mask
Configures IPv4 address on an interface
ipv6 address address mask
neighbor ip_address
activate
Activates BGP neighbor for an address family
neighbor ip_address
password password
Enables Message Digest 5 (MD5) authentication on a TCP

connection between two BGP peers
neighbor ip_address
remote-as as_number
Adds an entry to the BGP neighbor table
neighbor ip_address
update-source interface
Configures BGP to use specified interface as a source

interface
network network mask mask
Specifies the IPv4 networks to be advertised by the BGP
network network/prefix
Specifies the IPv6 networks to be advertised by the BGP
Pings the specified address (IPv4 or IPv6)
router bgp as_number
Configures the BGP routing process
show ip bgp
Displays entries in the BGP IPv4 routing table
show ip bgp ipv6 unicast
Displays entries in the BGP IPv6 routing table
show ip bgp ipv6 unicast

summary
Displays the status of all BGP IPv6 connections
show ip bgp summary
show ip route
show ipv6 route
switchport access vlan

vlan
Configures VLAN membership on an access port

trunk

port
Lab Guide
41
42
Command
Description
address-family ipv4|ipv6
unicast
Enables address family under BGP configuration or activates

BGP neighbor for an address family
commit
configure terminal
interface interface
ipv4 address address mask
ipv6 address address/mask
neighbor ip_address
Adds an entry to the BGP neighbor table
pass
Specifies that routes should be passed inside route policy
password
Enables MD5 authentication on a TCP connection between

two BGP peers
remote-as as_number
Specifies neighbor remote AS
route-policy name
Creates a route policy
route-policy name in | out
Applies a route policy to BGP neighbor in inbound or

outbound direction
router bgp as_number
Configures the BGP routing process
show bgp ipv4 unicast

summary
show bgp ipv6 unicast

summary
update-source interface
Configures BGP to use specified interface as a source

interface
Task 1: Configure BGP Process and BGP Peering

In this task, you will enable and verify the BGP process and IBGP and EBGP peering between
routers.
Activity Procedure
Complete these steps. On the pod PE and CE routers, use the following AS numbers:
CEx: AS 6450x
CEy: AS 6450y
PEx and PEx: AS 64500
Step 1
Between pod PE and CE routers, configure EBGP peering. Establish two sessions,
one using an IPv4 address and one using an IPv6 address. Activate an IPv4 session
for IPv4 routes and an IPv6 session for IPv6 routes.
Step 2
Between two PE routers in the team, enable a second Gigabit Ethernet interface, add
IP addresses, and start IS-IS Layer 2 routing.
Step 3
Between two PE routers in the team, configure IBGP peering. Establish two
sessions, one using an IPv4 address and one using an IPv6 address. Use Loopback0
interfaces for peering. Make sure that Loopback0 interfaces are used as the source
interface when establishing the IBGP sessions. Activate IPv4 session for IPv4 routes
and IPv6 session for IPv6 routes.
Verify CE to PE connectivity using the IPv4 and IPv6 addresses:

CE1#ping 192.168.101.10
seconds:
!!!!!
1/1/4 ms
CE1#ping 2001:db8:192:168:101::10
!!!!!
0/0/4 ms
On the pod PE and CE routers, verify that the BGP sessions for the IPv4 and IPv6
neighbors are up:
CE1#show bgp ipv4 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1
Neighbor
OutQ Up/Down
V
State/PfxRcd
AS MsgRcvd MsgSent
TblVer
Lab Guide
InQ
43
192.168.101.10 4
64500
52
58
1
0 00:50:42
0
!
CE1#show bgp ipv6 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1
Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
OutQ Up/Down State/PfxRcd
2001:DB8:192:168:101::10
4
64500
52
58
1
0
0 00:50:48
0
!
RP/0/RSP0/CPU0:PE1#show bgp ipv4 unicast summary
< text omitted >
Neighbor
Spk
AS MsgRcvd MsgSent
TblVer InQ OutQ
Up/Down St/PfxRcd
10.2.1.1
0 64500
13
10
1
0
0
00:07:59
0
192.168.101.11
0 64501
58
52
1
0
0
00:50:24
0!
!
RP/0/RSP0/CPU0:PE1#show bgp ipv6 unicast summary
< text omitted >
Neighbor
Spk
AS MsgRcvd MsgSent
TblVer InQ OutQ
Up/Down St/PfxRcd
2001:db8:10:2:1::1
0 64500
12
11
1
0
0
00:08:09
0
2001:db8:192:168:101::11
0 64501
58
52
1
0
0
00:50:32
0!
Task 2: Configure BGP to Advertise a Network

In this task, you will configure BGP to advertise a network on the CE router. You will also
verify how routes are propagated across the BGP-enabled networks.
Activity Procedure
Step 1
Enable the pod CE router to advertise IPv4 and IPv6 addresses of the Looback0
interface to the pod PE router using BGP.
Step 2
On the PE router running Cisco IOS XR Software, create a route policy that allows
all routing updates to pass. Apply the route policy to the IPv4 and IPv6 EBGP
neighbor (CE router) in inbound and outbound directions.
Note
44
Recall that on the platforms running Cisco IOS XR Software, BGP routing updates are not
automatically sent to and received from EBGP neighbors. A route policy has to be
configured, which allows sending and receiving routing updates to and from EBGP
neighbors.
On the pod CE router, verify the IPv4 and IPv6 BGP tables:
CE1#show ip bgp
< text omitted >
Network
Next Hop
Metric LocPrf Weight
Path
*> 10.1.10.1/32
0.0.0.0
0
32768 i
*> 10.2.10.1/32
192.168.101.10
0
64500 64502 i
!
CE1#show bgp ipv6 unicast
< text omitted >
Network
Next Hop
Metric LocPrf Weight
Path
*> 2001:DB8:10:1:10::1/128
::
0
32768 i
*> 2001:DB8:10:2:10::1/128
2001:DB8:192:168:101::10
0
64500 64502 i
On the pod CE router, verify the IPv4 and IPv6 routing tables:
CE1#show ip route bgp
< text omitted >
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B
10.2.10.1/32 [20/0] via 192.168.101.10, 00:04:30
!
CE1#show ipv6 route bgp
< text omitted >
B
2001:DB8:10:2:10::1/128 [20/0]
Task 3 (Optional): Configure BGP Neighbor Authentication

In this task, you will enable BGP neighbor authentication between pod CE and PE routers.
Activity Procedure
Step 1
Note
Between pod CE and PE routers, enable BGP authentication for the IPv4 session.
Use password Cisco.
An already established BGP session will not go down automatically. On the PE router, use
the Cisco IOS XR clear bgp * command or Cisco IOS XE clear ip bgp * command to clear
the BGP session. Verify that the IPv4 BGP session between routers establishes back.
Lab Guide
45
Verify that the IPv4 BGP session between the PE and CE routers has again established:
CE1#show ip bgp summary
< text omitted >
Neighbor
V
AS MsgRcvd MsgSent
OutQ Up/Down State/PfxRcd
192.168.101.10 4
64500
5
6
0 00:01:11
1
46
TblVer
InQ
Lab 5-1: Implement ACLs

Activity Objective
In this activity, you will configure and verify filtering using IPv4 and IPv6 access control lists
(ACLs). You will also configure antispoofing ACLs.
Configure and verify IPv4 ACL
Configure and verify IPv6 ACL
Configure and verify antispoofing
Visual Objective
Team z
CEx
Pod x
Configure IPv4
and IPv6 ACLs
Pod y
CEy
PEx
Configure and
verify antispoofing
PEy
SPNGN2 v1.01LG-14
Required Resources
Lab Guide
47
Command List
Command
Description
configure terminal
interface interface
ip router isis process_id
Enables IS-IS on an interface for IPv4
ipv6 address
ip_address/mask
ipv6 router isis

process_id
Enables IS-IS on an interface for IPv6
source interface

specified interface
telnet destination_address
Performs a Telnet to specified address of device (IPv4 or

IPv6)
traceroute
destination_address
Traces path to destination address (IPv4 or IPv6)
48
Command
Description
commit
configure terminal
deny protocol source

[operator] [port]
destination [operator]
[port]
Creates a deny ACL entry
interface interface
ipv4 access-group acl_name

ingress|egress
Applies an IPv4 ACL to an interface
ipv4 access-list acl_name
Creates an IPv4 ACL
ipv6 access-group acl_name

ingress|egress
Applies an IPv6 ACL to an interface
ipv6 access-list acl_name
Creates an IPv6 ACL
permit protocol source

[operator] [port]
destination [operator]
[port]
Creates a permit ACL entry
Task 1: Configure IPv4 Filtering

In this task, you will configure IPv4 filtering using ACL. You will configure an IPv4 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.
Activity Procedure
Step 1
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the
pod PE router using the ping and traceroute commands. From the pod CE router,
use the telnet command to connect to the pod PE router. The Telnet should be
successful.
CE1#ping 10.1.1.1
seconds:
!!!!!
1/1/4 ms
!
CE1#traceroute 10.1.1.1
Tracing the route to 10.1.1.1
1 192.168.101.10 32 msec 0 msec *
!
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Note
If the Telnet is not successful, enable Telnet on the PE router.
Step 2
On the pod PE router, configure an IPv4 access list that will allow only ICMP and
Telnet traffic to the Loopback0 interface of the PE router from the pod CE router.
Permit all traffic to other IPv4 addresses on the pod PE router.
Step 3
On the pod PE router, apply the ACL to the interface.

To which interface do you have to apply the ACL?
____________________________________________________________________
In which direction?
____________________________________________________________________
Lab Guide
49
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 10.1.1.1
seconds:
!!!!!
1/3/12 ms
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 10.1.1.1
Tracing the route to 10.1.1.1
1 192.168.101.10 !A
!A
router using the telnet command. The Telnet should be successful.
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#

In this task, you will configure IPv6 filtering using ACL. You will configure an IPv6 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.
Activity Procedure
Step 1
From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the
pod PE router using the ping, traceroute, and telnet commands.
CE1#ping 2001:db8:10:1:1::1
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
!!!!!
0/0/4 ms
50
!
CE1#traceroute 2001:db8:10:1:1::1
Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 28 msec 0 msec 0 msec
!
CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open

Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Note
If the Telnet is not successful, enable Telnet on the PE router.
Step 2
On the pod PE router, configure an IPv6 access list that will allow only ICMP and
Telnet traffic to the PE Loopback0 interface from the pod CE router. Permit all
traffic to other IPv6 addresses on the pod PE router.
Step 3
On the pod PE router, apply the ACL to the interface.
router using the ping command. Ping should be successful.
CE1#ping 2001:db8:10:1:1::1
is 2 seconds:
!!!!!
0/1/4 ms
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 2001:db8:10:1:1::1
Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 !A
!A
!A
From the pod CE route,r verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.
Lab Guide
51
CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Task 3 (Optional): Configure Antispoofing ACLs

In this task, you will configure antispoofing ACL to prevent IPv4 and IPv6 address spoofing
attacks. You will configure antispoofing ACLs on the pod PE router.
Activity Procedure
Step 1
On the pod PE router, remove the existing IPv4 ACL and create a new IPv4 ACL
(with same ACL name) to prevent IP spoofing from the pod CE router. Allow only
packets that have a source IP address either from the CE router Loopback0 or first
Gigabit Ethernet interface. The functionality of the existing ACL should remain the
same.
Step 2
On the pod PE router, edit the existing IPv6 ACL to prevent IP spoofing from the
pod CE router. Allow only packets that have a source IP address either from the CE
router Loopback0 or first Gigabit Ethernet interface. The functionality of the
existing ACL should remain the same.
Step 3
On the pod CE router, create a new loopback (Loopback10) interface on the CE

router. Add the Loopback10 interface to the IS-IS routing process for IPv4 and IPv6.
Configure the Loopback10 interface with the following addresses:
IPv4 address: 172.16.0.x 255.255.255.255
IPv6 address: 2001:db8:172:16::x/128
From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should not be successful
CE1#ping 10.1.1.1 source Loopback10
seconds:
Packet sent with a source address of 172.16.0.1
U.U.U
Success rate is 0 percent (0/5)
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10
52

is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
AAAAA
Success rate is 0 percent (0/5)
Step 4
Remove the IPv4 and IPv6 access list from the interface.
From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should be successful
CE1#ping 10.1.1.1 source Loopback10
seconds:
Packet sent with a source address of 172.16.0.1
!!!!!
1/1/4 ms
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10
is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
!!!!!
0/0/4 ms
Lab Guide
53
Lab 6-1: Manage Cisco IOS XR Package

Activity Objective
In this lab activity, you will perform software maintenance operations on the Cisco IOS XR
router.
Install the Cisco IOS XR Software package
Uninstall the Cisco IOS XR Software package
Perform configuration commit and configuration rollback
Visual Objective
Team z
CEx
Pod x
PEx
Manage Cisco
IOS XR Software
Commit and rollback
configuration
CEy
Pod y
PEy
SPNGN2 v1.01LG-15
Required Resources
54
Command List
The table describes the commands that are used in this lab activity.
Cisco IOS XR Commands
Command
Description
configure terminal
enable
Enters router privilege mode
install activate
Activates software package
install add
Upgrades or installs software package
install commit
Makes the package activation persistent across

reloads
install deactivate
Deactivates software package
install remove
Removes software package
ping ip_address
Verifies connectivity of IP address
show configuration commit changes

last <n>
Displays the details of all changes that are made

during a span of changes
show configuration commit list
Displays the commit IDs for the available rollback

points
show install active
Displays the active software on the router
show install inactive
Displays the inactive software on the router
show running-config
Displays running configuration
rollback configuration last <n>
Rolls back configuration to the last <n> commits

made
Lab Guide
55
Task 1: Uninstall Cisco IOS XR Package

In this task, you will deactivate and remove one of the Cisco IOS XR Software packages.
Activity Procedure
Complete these steps on the pod router PE (Cisco IOS XR Software only):
Step 1
Verify which software packages are active.
RP/0/RSP0/CPU0:PE1#show install active

Mon Jul 10 07:30:53.991 UTC
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mgbl-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Node 0/0/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Step 2
Deactivate software package asr9k-mgbl-p-4.1.0 located at disk0 and wait for the
process to end.
Step 3
Commit the deactivation of the package.
Step 4
Verify that software package asr9k-mgbl-p-4.1.0 is inactive.
RP/0/RSP0/CPU0:PE1(admin)#show install inactive

Mon Jul 10 07:37:17.840 UTC
Secure Domain Router: Owner
Boot Device: disk0:
Inactive Packages:
Step 5
Remove inactive software package asr9k-mgbl-p-4.1.0 and wait for the process to
end.
Complete lab activity verification:
56
On the pod PE router (Cisco IOS XR Software only), verify which software packages are
active.
On the pod PE router (Cisco IOS XR Software only), verify that software package asr9kmgbl-p-4.1.0 is inactive.
Task 2: Install Cisco IOS XR Package

In this task, you will install and activate one of the Cisco IOS XR software packages.
Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1
On the pod PE router, verify that PIE file asr9k-mgbl-p.pie-4.1.0 is located at disk0.
RP/0/RSP0/CPU0:PE1(admin)#dir disk0: | include mgbl

Mon Jul 10 08:16:30.505 UTC
5411168
-rwx 6215998
Mon Jul 10 08:16:17 2000
asr9k-mgbl-p.pie-4.1.0
Step 2
Install software package MGBL using PIE file asr9k-mgbl-p.pie-4.1.0 located at

disk0 and wait for the process to end.
Step 3
Activate software package disk0:asr9k-mgbl-p-4.1.0.
Step 4
Commit the activation of the package.
Verify that software package asr9k-mgbl-p-4.1.0 is installed and activated:
RP/0/RSP0/CPU0:PE1(admin)#show install active

Sun Sep 25 09:38:54.088 UTC
Secure Domain Router: Owner
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Node 0/0/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Lab Guide
57
Task 3: Configuration Management

In this task, you will perform the configuration commit and test configuration rollback
procedure.
Activity Procedure
Step 1
Change the hostname to Test and commit the configuration.
Step 2
Check the available configuration rollback points.
RP/0/RSP0/CPU0:Test(config)#show configuration
Mon Jul 10 08:03:38.893 UTC
SNo. Label/ID
User
Line
~~~~ ~~~~~~~~
~~~~
~~~~
1
1000000327 root
con0_RSP0_CPU0
2000
2
1000000326 root
con0/RSP0/CPU0
2000
3
1000000325 root
con0_RSP0_CPU0
2000
4
1000000324 root
con0_RSP0_CPU0
2000
5
1000000323 root
con0_RSP0_CPU0
2000
6
1000000322 root
con0_RSP0_CPU0
2000
< output omitted >
Step 3
commit list
Client
~~~~~~
CLI
Time Stamp
~~~~~~~~~~
Mon Jul 10 08:01:21
cfgmgr-ins
Mon Jul 10 07:33:26
CLI
Mon Jul 10 07:17:33
CLI
Mon Jul 10 06:59:42
CLI
Mon Jul 10 06:50:22
CLI
Mon Jul 10 06:34:18
Check the configuration details for last configuration commit.
RP/0/RSP0/CPU0:Test(config)#show configuration commit changes 1000000327

Mon Jul 10 08:04:51.028 UTC
Building configuration...
!! IOS XR Configuration 4.1.0
hostname Test
end
Step 4
Roll back configuration to the last commit made.
Check the available configuration rollback points.
Check the configuration details for last configuration commit.
Verify that the hostname of pod PE router is not Test anymore:
RP/0/RSP0/CPU0:PE1#
58
Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.
Lab 2-1 Answer Key: Configure Advanced Switching

When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:
Task 1: Configure VLANs

During this task, you need to enter the following commands:
Step 4
Remove IP addressing from the GigabitEthernet0/1 interface on the CE (Cisco IOS)

router:
interface GigabitEthernet0/1
no ip address
no ipv6 address
Step 5
Remove IP addressing from the GigabitEthernet0/0 interface and assign IP addresses

to the GigabitEthernet0/1 interface on the CE (Cisco IOS) router:
no ip address
no ipv6 address
!
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80
Step 6
Create VLANs on the pod and shared switches:

vlan 10
vlan 20
Step 7
On the shared switch, configure the CE facing ports:

interface FastEthernet0/1
switchport mode access
switchport access vlan 10
port-type nni
!
port-type nni
Step 6
On the pod switch, configure the CE and PE facing ports:

port-type nni
!
Lab Guide
59
port-type nni
Task 2: Configure Trunking

Step 1
Enable trunking on the pod switch:

interface FastEthernet 0/21
switchport mode trunk
switchport trunk allowed vlan 1,10,20
port-type nni
!
port-type nni
Step 2
Enable trunking on the shared switch:

port-type nni
!
port-type nni
Task 3: Configure RSTP

Step 3
Root switch for both VLANs:

VLAN 10 root switch: SW12
VLAN 20 root switch: SW12
Step 4
Blocking port for each VLAN:

VLAN 10 blocking port: Port: FastEthernet0/21 Switch: SW1
Step 5
Optimize RSTP operations:

SW1:
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary
SW2:
spanning-tree vlan 20 root primary
spanning-tree vlan 10 root secondary
Step 6
Find the blocking port for each VLAN:

60
Task 4 (Optional): Configure MST

Step 1
On the pod and shared switches, set MST mode:

spanning-tree mode mst
Step 2
On the pod and shared switches, configure MST:

spanning-tree mst configuration
name LAB
revision 1
instance 1 vlan 10
instance 2 vlan 20
Step 3
Configure the pod switch to be the root for the MST instance:
SW1
spanning-tree mst 1 root primary
SW2
spanning-tree mst 2 root primary
Lab 2-2 Answer Key: Configure Inter-VLAN Routing and

Gateway Redundancy
Task 1: Configure and Verify Inter-VLAN Routing

Step 1
Configure trunk:
SW1 and SW2 (Cisco IOS Software):
switchport trunk allowed vlan 10,20
Step 2
The IPv4 and IPv6 address assigned:

PE1 (Cisco IOS XR Software):
IPv4: 192.168.101.10
IPv6: 2001:db8:192:168:101::10
PE2 (Cisco IOS XE Software):
IPv4: 192.168.102.20
IPv6: 2001:db8:192:168:102::20
Step 3
Remove the IPv4 and IPv6 addresses from the interface:

interface GigabitEthernet0/0/0/0
no ipv4 address
no ipv6 address
!
commit
Lab Guide
61
PE2 (Cisco IOS XE):

interface GigabitEthernet0/0/0
no ip address
no ipv6 address
Step 4
Create subinterfaces on the pod PE router:

ipv4 address 192.168.101.10 255.255.255.0
ipv6 address 2001:db8:192:168:101::10/80
!
ipv4 address 192.168.102.22 255.255.255.0
ipv6 address 2001:db8:192:168:102::22/80
!
commit

ip address 192.168.101.12 255.255.255.0
ipv6 address 2001:db8:192:168:101::12/80
!
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 5
Create an IPv6 default route on the CE router:

CE1:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:101::10
CE2:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:102::20
Task 2: Configure HSRP

Step 1
On the pod PE routers, enable HSRP for IPv4:

PE1 (Cisco IOS XR):
router hsrp
hsrp 1 preempt
hsrp 1 ipv4 192.168.101.13
hsrp 1 priority 150
!
hsrp 2 preempt
hsrp 2 ipv4 192.168.102.23
62
!
commit
PE2 (Cisco IOS XE):

standby 1 ip 192.168.101.13
standby 1 preempt
!
standby 2 ip 192.168.102.23
standby 2 preempt
standby 2 priority 150
Step 2
Configure a static default route:

CE1:
ip route 0.0.0.0 0.0.0.0 192.168.101.13
CE2:
ip route 0.0.0.0 0.0.0.0 192.168.102.23
Step 3
Enable the interface and remove HSRP configuration:

no shutdown
!
no router hsrp
!
commit

no standby 1
!
no shutdown
no standby 2
Task 3: Configure VRRP

Step 1
Enable VRRP for IPv4:

router vrrp
address-family ipv4
vrrp 1
priority 150
address 192.168.101.13
!
address-family ipv4
vrrp 2
Lab Guide
63
address 192.168.102.23
!
commit
PE2 (Cisco IOS XE):

vrrp 1 ip 192.168.101.13
!
vrrp 2 ip 192.168.102.23
vrrp 2 priority 150
Step 2
Enable the interface and remove VRRP configuration:

PE1 (Cisco IOS XR):
no shutdown
!
no router vrrp
!
commit
PE2 (Cisco IOS XE):

no vrrp 1
!
no shutdown
no vrrp 2
Step 3
On the PE router, remove subinterfaces and configure IP addresses:

no ipv4 address
no ipv6 address
no encapsulation dot1q 10
no interface GigabitEthernet0/0/0/0.10
!
no ipv4 address
no ipv6 address
no interface GigabitEthernet0/0/0/0.20
!
ipv4 address 192.168.101.10 255.255.255.0
ipv6 address 2001:db8:192:168:101::10/80
!
commit

64
no ip address
no ipv6 address
no interface GigabitEthernet0/0/0.10
!
no ip address
no ipv6 address
no interface GigabitEthernet0/0/0.20
!
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 4
Configure access port:

SW1 (Cisco IOS Software):
SW2 (Cisco IOS Software):

Step 5
Reconfigure interfaces:
CE1 (Cisco IOS Software):
shutdown
no ip address
no ipv6 address
!
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80

shutdown
no ip address
no ipv6 address
!
ip address 192.168.102.21 255.255.255.0
ipv6 address 2001:DB8:192:168:102::21/80
Lab Guide
65
Lab 3-1 Answer Key: Implement OSPF


Step 1
Configure loopback interface:

interface Loopback0
ip address 10.1.10.1 255.255.255.255

interface Loopback0
ipv4 address 10.1.1.1 255.255.255.255
!
commit

interface Loopback0
ip address 10.2.10.1 255.255.255.255

interface Loopback0
ip address 10.2.1.1 255.255.255.255
Step 2
Enable OSPFv2 routing:

router ospf 1
network 10.1.10.1 0.0.0.0 area 0
network 192.168.101.0 0.0.0.255 area 0

router ospf 1
area 0
interface Loopback0
!
commit

router ospf 1
network 10.2.10.1 0.0.0.0 area 0
network 192.168.102.0 0.0.0.255 area 0

router ospf 1
network 10.2.1.1 0.0.0.0 area 0
network 192.168.102.0 0.0.0.255 area 0
66

Step 1
Configure the IPv6 address on the Loopback0 interface:

interface Loopback0
ipv6 address 2001:DB8:10:1:10::1/128

interface Loopback0
ipv6 address 2001:db8:10:1:1::1/128
!
commit

interface Loopback0
ipv6 address 2001:DB8:10:2:10::1/128

interface Loopback0
ipv6 address 2001:db8:10:2:1::1/128
Step 2
Enable OSPFv3 routing:

ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
ipv6 enable
ipv6 ospf 1 area 0

router ospfv3 1
area 0
interface Loopback0
!
commit

ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
ipv6 enable
ipv6 ospf 1 area 0
Lab Guide
67

ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
ipv6 ospf 1 area 0
Task 3 (Optional): Configure OSPFv2 Authentication

Step 1
Enable MD5 authentication on the PE router (Cisco IOS XR Software):

ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco

router ospf 1
area 0
authentication message-digest
message-digest-key 1 md5 cisco
!
commit

ip ospf authentication message-digest

router ospf 1
area 0 authentication message-digest
!
Lab 3-2 Answer Key: Implement IS-IS


Step 1
Create a NET address:

PE1: 49.0000.0100.0100.1001.00
CE1: 49.0000.0100.0101.0001.00
68
Step 2
Enable the IS-IS process and configure NET:

router isis 1
net 49.0000.0100.0101.0001.00

router isis 1
net 49.0000.0100.0100.1001.00
!
commit

router isis 1
net 49.0000.0100.0201.0001.00

router isis 1
net 49.0000.0100.0200.1001.00
Step 3
Change the IS-IS router type and enable wide-style metrics for IPv4:
router isis 1
metric-style wide

router isis 1
address-family ipv4 unicast
metric-style wide
!
commit

router isis 1
metric-style wide

router isis 1
metric-style wide
Step 4
Change IS-IS administrative distance for IPv4:

router isis 1
distance 105 ip

router isis 1
distance 105
!
Lab Guide
69
commit

router isis 1
distance 105 ip

router isis 1
distance 105 ip
Step 5
Enable IS-IS for IPv4 on interfaces:

interface Loopback0
ip router isis 1
!
ip router isis 1

router isis 1
interface Loopback0
!
!
commit

interface Loopback0
ip router isis 1
!
ip router isis 1

interface Loopback0
ip router isis 1
!
ip router isis 1

Step 1
Enable wide-style metrics for IPv6 on the PE1 router (Cisco IOS XR Software):
router isis 1
metric-style wide
!
commit
70
Step 2
Change IS-IS administrative distance for IPv6:

router isis 1
distance 105

router isis 1
distance 105
!
commit

router isis 1
distance 105

router isis 1
distance 105
Step 3
Configure single-topology IS-IS for IPv6 on the PE1 router (Cisco IOS XR
Software):
router isis 1
single-topology
!
commit
Step 4
Enable IS-IS for IPv6 on interfaces:

interface Loopback0
ipv6 router isis 1
!
ipv6 router isis 1

router isis 1
interface Loopback0
!
!
commit

interface Loopback0
ipv6 router isis 1
!
Lab Guide
71
ipv6 router isis 1

interface Loopback0
ipv6 router isis 1
!
ipv6 router isis 1
Task 3 (Optional): Configure IS-IS Authentication

Step 1
Enable MD5 IS-IS LSP and hello packets authentication:

key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
authentication key-chain ISIS
!
isis authentication mode md5
isis authentication key-chain ISIS

router isis 1
lsp-password hmac-md5 cisco
!
hello-password hmac-md5 cisco
!
commit

key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
!

72
key chain ISIS

key 1
key-string cisco
exit
!
router isis 1
!
Lab 4-1 Answer Key: Configure Basic BGP

Task 1: Configure BGP Process and BGP Peering

Step 1
Configure EBGP:

router bgp 64501
neighbor 2001:DB8:192:168:101::10 remote-as 64500
neighbor 192.168.101.10 remote-as 64500
!
address-family ipv4
no neighbor 2001:DB8:192:168:101::10 activate
neighbor 192.168.101.10 activate
!
address-family ipv6
neighbor 2001:DB8:192:168:101::10 activate

router bgp 64500
!
!
neighbor 192.168.101.11
remote-as 64501
!
!
neighbor 2001:db8:192:168:101::11
remote-as 64501
!
commit
Lab Guide
73

router bgp 64502
!
address-family ipv4
!
address-family ipv6

router bgp 64500
!
address-family ipv4
!
address-family ipv6
Step 2
Enable link and IS-IS routing between PE routers:

ipv4 address 192.168.112.10 255.255.255.0
ipv6 address 2001:db8:192:168:112::10/80
no shutdown
!
router isis 1
hello-password hmac-md5 cisco
!
commit

ip address 192.168.112.20 255.255.255.0
ipv6 address 2001:db8:192:168:112::20/80
no shutdown
ip router isis 1
ipv6 enable
ipv6 router isis 1
74
Step 3
Configure IBGP:

router bgp 64500
neighbor 10.2.1.1
remote-as 64500
update-source Loopback0
!
neighbor 2001:db8:10:2:1::1
remote-as 64500
update-source Loopback0
!
commit

router bgp 64500
neighbor 10.1.1.1 update-source Loopback0
neighbor 2001:DB8:10:1:1::1 update-source Loopback0
!
address-family ipv4
!
address-family ipv6
Task 2: Configure BGP to Advertise a Network

Step 1
Enable the CE router to advertise the IPv4 and IPv6 addresses:

router bgp 64501
address-family ipv4
network 10.1.10.1 mask 255.255.255.255
address-family ipv6
network 2001:DB8:10:1:10::1/128

router bgp 64502
address-family ipv4
network 10.2.10.1 mask 255.255.255.255
address-family ipv6
network 2001:DB8:10:2:10::1/128
Step 2
Create a route policy and apply it in inbound and outbound directions on the PE1
router (Cisco IOS XR Software):
route-policy ALLOW_ALL
Lab Guide
75
pass
end-policy
!
router bgp 64500
neighbor 192.168.101.11
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
neighbor 2001:db8:192:168:101::11
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
commit
Task 3 (Optional): Configure BGP Neighbor Authentication

Step 1
Enable BGP authentication:

router bgp 64501
neighbor 192.168.101.10 password cisco

router bgp 64500
neighbor 192.168.101.11
password cisco
!
commit

router bgp 64502

router bgp 64500
Lab 5-1 Answer Key: Implement ACLs


Step 1
Configure ACL:
PE1 (Cisco IOS XR):

ipv4 access-list FILTER
permit icmp any host 10.1.1.1
76
permit tcp any host 10.1.1.1 eq telnet

deny ipv4 any host 10.1.1.1
permit ipv4 any any
!
commit

ip access-list extended FILTER
permit icmp any host 10.2.1.1
permit tcp any host 10.2.1.1 eq telnet
deny ip any host 10.2.1.1
permit ip any any
Step 2
The ACL should be applied in the inbound direction to the first Gigabit Ethernet
interface.

ipv4 access-group FILTER ingress
!
commit

ip access-group FILTER in

Step 2
Configure ACL:

permit icmpv6 any host 2001:db8:10:1:1::1
permit tcp any host 2001:db8:10:1:1::1 eq telnet
deny ipv6 any host 2001:db8:10:1:1::1
permit ipv6 any any
!
commit

ipv6 access-list FILTERv6
permit icmp any host 2001:db8:10:2:1::1
permit tcp any host 2001:db8:10:2:1::1 eq telnet
deny ipv6 any host 2001:db8:10:2:1::1
permit ipv6 any any
Step 3
Apply the ACL to the interface:

ipv6 access-group FILTER ingress
!
commit
Lab Guide
77

ipv6 traffic-filter FILTERv6 in
Task 3 (Optional): Configure Antispoofing ACLs

Step 1
Edit the IPv4 ACL:

no ipv4 access-list FILTER
permit icmp host 192.168.101.11 host 10.1.1.1
permit tcp host 192.168.101.11 host 10.1.1.1 eq telnet
deny ipv4 host 192.168.101.11 host 10.1.1.1
deny ipv4 host 10.1.10.1 host 10.1.1.1
permit ipv4 host 192.168.101.11 any
permit ipv4 host 10.1.10.1 any
!
commit

no ip access-list extended FILTER
ip access-list extended FILTER
deny ip host 192.168.102.21 host 10.2.1.1
deny ip host 10.2.10.1 host 10.2.1.1
permit ip host 192.168.102.21 any
permit ip host 10.2.10.1 any
Step 2
Edit the IPv6 ACL:

no ipv6 access-list FILTER
permit icmpv6 host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1
permit icmpv6 host 2011:DB8:10:1:10::1 host
2001:db8:10:1:1::1
permit tcp host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1 eq telnet
permit tcp host 2011:DB8:10:1:10::1 host 2001:db8:10:1:1::1
eq telnet
deny ipv6 host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1
deny ipv6 host 2011:DB8:10:1:10::1 host 2001:db8:10:1:1::1
permit ipv6 host 2001:DB8:192:168:101::11 any
permit ipv6 host 2001:db8:10:1:10::1 any
78
!
commit

no ipv6 access-list FILTERv6
ipv6 access-list FILTERv6
permit icmp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
permit icmp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit tcp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1 eq telnet
permit tcp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1 eq
telnet
deny ipv6 host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
deny ipv6 host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit ipv6 host 2001:DB8:192:168:102::21 any
permit ipv6 host 2001:db8:10:2:10::1 any
Step 3
Create a new loopback and add the interface to IS-IS:
CE1 and CE2 (Cisco IOS Software):

interface Loopback10
ip address 172.16.0.1 255.255.255.255
ip router isis 1
ipv6 address 2001:DB8:172:16::1/128
ipv6 router isis 1
Step 4
Remove the IPv4 and IPv6 access list from the interface:

no ipv4 access-group FILTER ingress
no ipv6 access-group FILTER ingress
!
commit

no ip access-group FILTER in
no ipv6 traffic-filter FILTERv6 in
Lab 6-1 Answer Key: Manage Cisco IOS XR Package

When you complete this lab activity, device configuration and device outputs will be similar to
the results shown here, with differences that are specific to your Pod.
Task 1: Uninstall Cisco IOS XR Package

Complete these steps on the pod PE router (Cisco IOS XR Software):
Step 2
Deactivate software package:
RP/0/RSP0/CPU0:PE1#admin
Mon Jul 10 07:32:57.892 UTC
RP/0/RSP0/CPU0:PE1(admin)#install deactivate disk0:asr9k-mgbl-p-4.1.0
Mon Jul 10 07:33:05.945 UTC
Lab Guide
79
Install operation 19 '(admin) install deactivate disk0:asr9k-mgbl-p-4.1.0'

started by user 'root' via CLI at 07:33:06 UTC Mon Jul 10 2000.
RP/0/RSP0/CPU0:Jul 10 07:33:06.403 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 19 '(admin) install deactivate
disk0:asr9k-mgbl-p-4.1.0' started by user 'root'
Info:
Install Method: Parallel Process Restart
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#Info:
SDR Owner: Detected incompatibility
between the activated software
Info:
and router running configuration.
Info:
SDR Owner: Removing the incompatible configuration from the running
Info:
configuration.
Info:
SDR Owner: Use the "show configuration removed 20000710073325.cfg"
Info:
command to view the removed config.
Info:
NOTE: You must address the incompatibility issues with the
Info:
removed configuration above and re-apply it to the running
Info:
configuration as required. To address these issues enter
Info:
configuration mode and use the
Info:
"load configuration removed 20000710073325.cfg" and "commit"
Info:
commands.
RP/0/RSP0/CPU0:Jul 10 07:33:28.481 : insthelper[65]: %MGBL-CONFIG-6-DB_COMMIT
: Configuration committed by user 'root'. Use 'show configuration commit
changes 1000000326' to view the changes.
RP/0/RSP0/CPU0:Jul 10 07:33:28.486 : insthelper[65]: %MGBL-CONFIG-6-PKG : Some
incompatible configuration was removed from the running configuration during
this software activation/deactivation operation and saved in file
'20000710073325.cfg'. To address the incompatibility issue enter configuration
mode and use the 'load configuration removed 20000710073325.cfg' and 'commit'
commands.
RP/0/RSP0/CPU0:Jul 10 07:33:54.450 : sysmgr[95]: %OS-SYSMGR-7INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:Jul 10 07:33:54.639 : schema_server[1159]: %MGBL-SCHEMA-6VERSIONCHANGE : A schema version change has occurred due to the unload of
schema file 'ciscosensormib_cfg.schema'. Any management applications which use
the schema may wish to update to the appropriate schema version.
RP/0/RSP0/CPU0:Jul 10 07:34:00.510 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED
: software installation is finished
RP/0/RSP0/CPU0:Jul 10 07:34:04.726 : insthelper[65]: ISSU: Starting sysdb bulk
start session
Info:
The changes made to software configurations will not be persistent
Info:
across system reloads. Use the command '(admin) install commit' to
Info:
make changes persistent.
Info:
Please verify that the system is consistent following the software
Info:
change using the following commands:
Info:
show system verify
Info:
install verify packages
RP/0/RSP0/CPU0:Jul 10 07:34:08.850 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used. Use
'install commit' to commit the active software.
RP/0/RSP0/CPU0:Jul 10 07:34:08.851 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 19 completed
successfully
Install operation 19 completed successfully at 07:34:08 UTC Mon Jul 10 2000.
Step 3
Commit the deactivation of the package:
RP/0/RSP0/CPU0:PE1(admin)#install commit
Mon Jul 10 07:34:52.226 UTC
Install operation 20 '(admin) install commit' started by user 'root' via CLI
at
RP/0/RSP0/CPU0:Jul 10 07:34:52.562 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 20 '(admin) install commit'
started by user 'root'
07:34:52 UTC Mon Jul 10 2000.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Jul 10 07:34:55.775 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
80
RP/0/RSP0/CPU0:Jul 10 07:34:55.776 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 20 completed

successfully
Step 4
Remove inactive software:
RP/0/RSP0/CPU0:PE1(admin)#install remove disk0:asr9k-mgbl-p-4.1.0

Mon Jul 10 07:38:44.530 UTC
RP/0/RSP0/CPU0:Jul 10 07:38:44.742 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 21 '(admin) install remove
Install operation 21 '(admin) install remove disk0:asr9k-mgbl-p-4.1.0' started
by user 'root' via CLI at 07:38:44 UTC Mon Jul 10 2000.
Info:
This operation will remove the following packages:
Info:
disk0:asr9k-mgbl-supp-4.1.0
Info:
disk0:iosxr-mgbl-4.1.0
Info:
Info:
After this install remove the following install rollback points will
Info:
no longer be reachable, as the required packages will not be
present:
Info:
8, 9, 10, 11, 14, 15, 17
Proceed with removing these packages? [confirm] <Enter>
RP/0/RSP0/CPU0:PE1(admin)#RP/0/RSP0/CPU0:Jul 10 07:38:58.472 : instdir[234]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install
operation 21 completed successfully
Task 2: Install Cisco IOS XR Package

Step 2
Install software package:
RP/0/RSP0/CPU0:PE1(admin)#install add disk0:asr9k-mgbl-p.pie-4.1.0

Sun Sep 25 09:32:41.942 UTC
Install operation 25 '(admin) install add /disk0:asr9k-mgbl-p.pie-4.1.0'
started by user 'root' via CLI at 09:32:42 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:32:42.311 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 25 '(admin) install add
/disk0:asr9k-mgbl-p.pie-4.1.0' started by user 'root'
RP/0/RSP0/CPU0:PE1(admin)#
Info:
The following package is now available to be activated:
Info:
Info:
Info:
Info:
The package can be activated across the entire router.
Info:
RP/0/RSP0/CPU0:Sep 25 09:33:19.093 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 25 completed
successfully
Install operation 25 completed successfully at 09:33:19 UTC Sun Sep 25 2011.
Sun Sep 25 09:33:51.490 UTC
at
09:33:51 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:33:51.817 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 26 '(admin) install commit'
options)RP/0/RSP0/CPU0:Sep 25 09:33:54.994 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 26 completed
successfully
Step 3
Activate software package:

Lab Guide
81
RP/0/RSP0/CPU0:PE1(admin)#install activate disk0:asr9k-mgbl-p-4.1.0

Sun Sep 25 09:35:47.431 UTC
Install operation 27 '(admin) install activate disk0:asr9k-mgbl-p-4.1.0'
started by user 'root' via CLI at 09:35:47 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:35:47.794 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 27 '(admin) install activate
Info:
Install Method: Parallel Process Restart
RP/0/RSP0/CPU0:PE1(admin)#
RP/0/RSP0/CPU0:Sep 25 09:36:38.041 : sysmgr[95]: %OS-SYSMGR-7INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:Sep 25 09:36:38.223 : schema_server[1159]: %MGBL-SCHEMA-6VERSIONCHANGE : A schema version change has occurred due to the unload of
schema file 'ciscosensormib_cfg.schema'. Any management applications which use
the schema may wish to update to the appropriate schema version.
RP/0/RSP0/CPU0:Sep 25 09:36:38.771 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED
: software installation is finished
RP/0/RSP0/CPU0:Sep 25 09:36:42.725 : insthelper[65]: ISSU: Starting sysdb bulk
start session
Info:
The changes made to software configurations will not be persistent
Info:
across system reloads. Use the command '(admin) install commit' to
Info:
make changes persistent.
Info:
Please verify that the system is consistent following the software
Info:
change using the following commands:
Info:
show system verify
Info:
install verify packages
RP/0/RSP0/CPU0:Sep 25 09:36:47.078 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used. Use
'install commit' to commit the active software.
successfully
Step 4
Commit the activation of the package:
Sun Sep 25 09:37:04.416 UTC
at
RP/0/RSP0/CPU0:Sep 25 09:37:04.799 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 28 '(admin) install commit'
09:37:04 UTC Sun Sep 25 2011.
options)RP/0/RSP0/CPU0:Sep 25 09:37:07.995 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
successfully
Task 3: Configuration Management

Step 1
Change the hostname:
RP/0/RSP0/CPU0:PE1(config)#hostname Test
RP/0/RSP0/CPU0:PE1(config)#commit
Mon Jul 10 08:01:21.620 UTC
RP/0/RSP0/CPU0:Jul 10 08:01:23.254 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000327' to view the changes.
RP/0/RSP0/CPU0:Test(config)#
82
Step 4
Roll back configuration to the last commit made:
RP/0/RSP0/CPU0:Test#rollback configuration last 1

Mon Jul 10 08:06:24.172 UTC
Loading Rollback Changes.
Loaded Rollback Changes in 1 sec
Committing..
1 items committed in 2 sec (0)items/sec
Updating.RP/0/RSP0/CPU0:Jul 10 08:06:27.638 : config_rollback[65728]: %MGBLCONFIG-6-DB_COMMIT : Configuration committed by user 'root'. Use 'show
configuration commit changes 1000000328' to view the changes.
Updated Commit database in 1 sec
Configuration successfully rolled back 1 commits.
RP/0/RSP0/CPU0:PE1#
Lab Guide
83
84
Pod 6
SW56
Pod 5
Pod 2
SW12
Pod 1
Team 3
SW6
SW5
SW2
SW1
CE6
CE5
CE2
CE1
Team 1
PE6
PE5
PE2
PE1
Appendix A
P2
P1
PE8
PE7
PE4
PE3
Team 4
SW8
SW7
SW4
SW3
Team 2
Pod 8
SW78
Pod 7
Pod 4
SW34
SPNGN2 v1.01LG-4
CE8
CE7
CE4
CE3
OC3 POS
GE
FE
Pod 3
Legend:
GE0/0
FE0/21
FE0/22
FE0/2
FE0/1
SWy
FE0/2
FE0/21
FE0/23 FE0/22
FE0/24
FE0/23
FE0/24
Pod y
SWxy
SWx
FE0/23
FE0/24
FE0/1
FE0/21
FE0/22
GE
FE
OC3 POS
FE0/2
FE0/1
GE0/0
Pod x
Legend:
CEy
GE0/1
GE0/1
CEx
Team z
GE0/0/0/
2
Lab Guide Appendix A
PEy
85
P2
P1
SPNGN2 v1.01LG-5
POS0/2/1
Connections to
PE(y+2)
POS0/2/0
POS0/2/0
GE0/0/3
GE0/0/
2
POS0/2/1
GE0/0/
1
GE0/0/0/
1 GE0/0/0/
3
GE0/0/0
GE0/0/0/0
PEx
86
.y1
.x1
GE
FE
OC3 POS
Loopback
Pod y
SWy
SWx
.x0
.x0
PEx
.y0
.1
.2
10.0.2.1
.2
.1
P2
P1
SPNGN2 v1.01LG-6
Connections to
PE(y+2)
192.168.2w1.0/24
192.168.y2.0/24
.y0
.y0
.2
.2
.1
.x0
.y0
.1
.x0
192.168.x1.0/24
192.168.2w2.0/24
PEy .y0
.y0
10.y.1.1
192.168.1xy.0/24
10.x.1.1
192.168.10y.0/24
10.y.0.1
10.x.0.1
192.168.10x.0/24
z = 1,2,3,4
x = 1,3,5,7
y = 2,4,6,8
w = 1 (for teams 1 and 2)
2 (for teams 3 and 4)
192.168.10y.0/24
SWxy
10.xy.0.1
192.168.10x.0/24
Pod x
Legend:
CEy
10.y.10.1
10.x.10.1
CEx
10.0.1.1
192.168.1.0/24
Team z
192.168.2.0/24
Pod 1
Pod 5
Team 3
SW6
CE6
Pod 6
10.10.10.28
10.10.10.31
SW56
SW5
10.10.10.27
10.10.10.29
10.10.10.30
CE5
SW2
CE2
Pod 2
10.10.10.12
10.10.10.15
SW12
SW1
10.10.10.11
10.10.10.13
10.10.10.14
CE1
Team 1
PE6
10.10.10.32
10.10.10.33
PE5
PE2
10.10.10.16
10.10.10.17
PE1
PE8
10.10.10.39
10.10.10.40
PE7
PE4
10.10.10.24
Lab Guide Appendix A
P2
10.10.10.26
10.10.10.18
P1
10.10.10.25
PE3
87
Pod 3
Pod 7
Team 4
SW8
10.10.10.35
Pod 8
SPNGN2 v1.01LG-7
CE8
10.10.10.38
SW78
10.10.10.36
10.10.10.37
CE7
CE4
10.10.10.23
Pod 4
10.10.10.34
SW7
SW4
10.10.10.20
SW34
CE3
10.10.10.22
10.10.10.21
10.10.10.19
SW3
Team 2
88

SPNGN2101LG

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

SPNGN2101LG

Transféré par

Droits d'auteur :

Formats disponibles

SPNGN2

Building Cisco Service

Asia Pacific Headquarters

2012 Cisco and/or its affiliates. All rights reserved.

Lab 6-1: Manage Cisco IOS XR Package .......................................................................................... 54

Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Lab 2-1: Configure Advanced Switching

Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy

Lab 3-1: Implement OSPF

Lab 3-2: Implement IS-IS

Lab 4-1: Configure Basic BGP

Lab 5-1: Implement ACLs

Lab 6-1: Manage Cisco IOS XR Package

Pod Access Information

Remote lab SSH access username

Remote lab SSH access password

Pod PE (Cisco IOS XR Software) router

Pod PE (Cisco IOS XR Software) router

Pod CE, SW, and PE privileged level password

2012 Cisco Systems, Inc.

2012 Cisco and/or its affiliates. All rights reserved.

Note: FE = Fast Ethernet; GE = Gigabit Ethernet.

Lo0 IPv4 Address

Lo0 IPv6 Address

Cisco 2900 pod router

Cisco ME340x pod switch

Cisco ME340x pod switch

Cisco ASR 9000 core router 10.0.1.1/32

Cisco ASR 9000 core router 10.0.2.1/32

2012 Cisco Systems, Inc.

2012 Cisco and/or its affiliates. All rights reserved.

2012 Cisco and/or its affiliates. All rights reserved.

2012 Cisco Systems, Inc.

2012 Cisco and/or its affiliates. All rights reserved.

2012 Cisco Systems, Inc.

Note: GE = Gigabit Ethernet.

2012 Cisco Systems, Inc.

Lab 2-1: Configure Advanced Switching

A PC with access to the Internet

A SSH client that is installed on the PC

2012 Cisco Systems, Inc.

Enters configuration mode

Enters interface configuration mode

ip address ip_address mask

Sets an IPv4 address for an interface and the subnet mask

Sets an IPv6 address for an interface and the subnet mask

Pings the specified address (IPv4 or IPv6) from the

show interfaces interface

Displays the administrative and operational status of a

show interfaces interface

Displays interface trunk information

show spanning-tree vlan

Displays spanning-tree information for the specified VLAN

Displays spanning-tree information

show spanning-tree mst

Displays the MSTP region configuration and status

Creates a VLAN and enters VLAN configuration mode

switchport mode access |

Configures the VLAN membership or trunking mode of a

switchport access vlan

Configures VLAN membership on an access port

Sets a port type to nni

switchport trunk allowed

VLAN x0 blocking port: Port:__Switch: