Académique Documents
Professionnel Documents
Culture Documents
Lab Guide
Text Part Number: 97-3132-02
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Europe Headquarters
Cisco Systems International BV Amsterdam,
The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Lab Guide
Table of Contents
Lab Guide ........................................................................................................................... 1
Overview ............................................................................................................................................... 1
Outline ............................................................................................................................................ 1
Job Aids................................................................................................................................................. 2
Pod Access Information .................................................................................................................. 2
Device Information .......................................................................................................................... 2
IP Addressing ................................................................................................................................. 4
Lab 2-1: Configure Advanced Switching ............................................................................................... 7
Activity Objective ............................................................................................................................ 7
Visual Objective .............................................................................................................................. 7
Required Resources ....................................................................................................................... 7
Command List................................................................................................................................. 8
Task 1: Configure VLANs ............................................................................................................... 9
Task 2: Configure Trunking .......................................................................................................... 10
Task 3: Configure RSTP ............................................................................................................... 12
Task 4 (Optional): Configure MSTP ............................................................................................. 13
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy .................................................. 16
Activity Objective .......................................................................................................................... 16
Visual Objective ............................................................................................................................ 16
Required Resources ..................................................................................................................... 16
Command List............................................................................................................................... 17
Task 1: Configure and Verify Inter-VLAN Routing ........................................................................ 19
Task 2: Configure HSRP .............................................................................................................. 21
Task 3: Configure VRRP .............................................................................................................. 24
Lab 3-1: Implement OSPF .................................................................................................................. 27
Activity Objective .......................................................................................................................... 27
Visual Objective ............................................................................................................................ 27
Required Resources ..................................................................................................................... 27
Command List............................................................................................................................... 28
Task 1: Configure OSPFv2 ........................................................................................................... 30
Task 2: Configure OSPFv3 ........................................................................................................... 31
Task 3 (Optional): Configure OSPFv2 Authentication .................................................................. 32
Lab 3-2: Implement IS-IS .................................................................................................................... 33
Activity Objective .......................................................................................................................... 33
Visual Objective ............................................................................................................................ 33
Required Resources ..................................................................................................................... 33
Command List............................................................................................................................... 34
Task 1: Configure IS-IS for IPv4 ................................................................................................... 36
Task 2: Configure IS-IS for IPv6 ................................................................................................... 37
Task 3 (Optional): Configure IS-IS Authentication ....................................................................... 39
Lab 4-1: Configure Basic BGP ............................................................................................................ 40
Activity Objective .......................................................................................................................... 40
Visual Objective ............................................................................................................................ 40
Required Resources ..................................................................................................................... 40
Command List............................................................................................................................... 41
Task 1: Configure BGP Process and BGP Peering ..................................................................... 43
Task 2: Configure BGP to Advertise a Network ........................................................................... 44
Task 3 (Optional): Configure BGP Neighbor Authentication ........................................................ 45
Lab 5-1: Implement ACLs ................................................................................................................... 47
Activity Objective .......................................................................................................................... 47
Visual Objective ............................................................................................................................ 47
Required Resources ..................................................................................................................... 47
Command List............................................................................................................................... 48
Task 1: Configure IPv4 Filtering ................................................................................................... 49
Task 2: Configure IPv6 Filtering ................................................................................................... 50
Task 3 (Optional): Configure Antispoofing ACLs .......................................................................... 52
ii
SPNGN2
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Job Aids
Answer Key
Appendix A (Tear-Out)
Job Aids
These job aids are available to help you complete lab activities.
Default value
Team number
z =14
Pod number
x = 1, 3, 5, 7
or
Value
y = 2, 4, 6, 8
Remote lab SSH access IP address
128.107.245.9
instr
testMe
root
1ronMan
cisco
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in one
pod, and two pods will work in one team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
The CE routers in both pods are running Cisco IOS Software. The first pod within a team (pods
1, 3, 5, or 7) will work on the PE router running Cisco IOS XR Software, and the second pod
within the same team (pods 2, 4, 6, or 8) will work on the PE router running Cisco IOS XE
Software.
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have redundant POS connections, as shown in the following topology:
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Legend:
GE
FE
OC3 POS
Team 1
CE1
Pod 1
SW1
Team 2
PE1
PE3
SW3
Pod 3
CE3
P1
SW12
SW34
CE2
Pod 2
SW2
PE2
PE4
SW4
Pod 4
CE4
CE5
Pod 5
SW5
PE5
PE7
SW7
Pod 7
CE7
SW56
CE6
Pod 6
P2
SW6
PE6
Team 3
SW78
PE8
SW8
Pod 8
CE8
Team 4
SPNGN2 v1.01LG-4
Device Role
CEx
10.x.10.1/32
2001:db8:10:x:10::1/128
10.y.10.1/32
2001:db8:10:y:10::1/128
CEy
Cisco ASR 9000 or Cisco
ASR 1000 pod router
10.x.1.1/32
2001:db8:10:x:1::1/128
PEy
10.y.1.1/32
2001:db8:10:y:1::1/128
SWx
10.x.0.1/32
2001:db8:10:x:0::1/128
10.y.0.1/32
2001:db8:10:y:0::1/128
10.xy.0.1/32
2001:db8:10:xy:0::1/128
PEx
SWy
SWxy
P1
2001:db8:10:0:1::1/128
P2
2001:db8:10:0:2::1/128
The following figure illustrates the interface identification that is used in this lab setup.
Lab Guide
Team z
Pod x
CEx
SWx
FE0/1
GE0/0
PEx
FE0/2
SWxy
FE0/23
FE0/24
FE0/23
FE0/24
GE0/1
GE0/0
CEy
GE0/0/0/
1 GE0/0/0/
3
FE0/21
FE0/22
FE0/21
FE0/22
FE0/1
FE0/21
FE0/22
GE0/0/
1
GE0/0/
2
GE0/0/3
FE0/2
FE0/1
P2
GE0/0/0
SWy
Pod y
P1
GE0/0/0/0
FE0/23
FE0/24
GE0/1
GE0/0/0/
2
FE0/2
PEy
POS0/2/0
POS0/2/1
POS0/2/0
GE
FE
OC3 POS
Legend:
POS0/2/1
Connections to
PE(y+2)
SPNGN2 v1.01LG-5
IP Addressing
The following figure illustrates the IP addressing scheme that is used in this lab setup.
Team z
10.0.1.1
SWx
PEx
192.168.10x.0/24
192.168.10x.0/24
.x1
192.168.x1.0/24
.x0
.x0
10.xy.0.1
.x0
10.x.0.1
.1
SWxy
10.y.0.1
10.x.1.1
10.y.1.1
.y0
.y1
.y0
CEy
Pod y
SWy
.y0
.y0
192.168.10y.0/24
192.168.10y.0/24
PEy .y0
.1
.1
192.168.1xy.0/24
10.y.10.1
P1
.1
192.168.2.0/24
10.x.10.1
.x0
192.168.1.0/24
Pod x
CEx
.2
.2
.2
.2
P2
192.168.y2.0/24
.y0
10.0.2.1
Legend:
GE
FE
OC3 POS
Loopback
z = 1,2,3,4
x = 1,3,5,7
y = 2,4,6,8
w = 1 (for teams 1 and 2)
2 (for teams 3 and 4)
192.168.2w2.0/24
192.168.2w1.0/24
Connections to
PE(y+2)
SPNGN2 v1.01LG-6
The following figure illustrates the management IP addresses used in this lab setup.
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Team 1
Pod 1
CE1
10.10.10.14
Team 2
Pod 3
SW1
PE1
PE3
SW3
10.10.10.11
10.10.10.17
10.10.10.25
10.10.10.19
CE3
10.10.10.22
P1
10.10.10.13
10.10.10.18
10.10.10.21
SW12
10.10.10.15
SW34
10.10.10.12
10.10.10.16
10.10.10.24
10.10.10.20
SW2
PE2
PE4
SW4
Pod 4
Pod 7
CE2
Pod 2
CE5
Pod 5
10.10.10.30
SW5
PE5
PE7
SW7
10.10.10.27
10.10.10.33
10.10.10.40
10.10.10.34
10.10.10.29
10.10.10.26
SW56
10.10.10.31
10.10.10.28
CE6
SW6
10.10.10.32
PE6
Team 3
CE7
10.10.10.37
SW78
10.10.10.39
10.10.10.35
PE8
SW8
10.10.10.38
Pod 8
CE8
Team 4
Note
CE4
10.10.10.36
P2
Pod 6
10.10.10.23
SPNGN2 v1.01LG-7
Replace the x or y with your pod number to get the IP addresses within your pod (for
example, x is for odd number pods 1, 3, 5, and 7; y is for even number pods 2, 4, 6, and 8).
Replace the xy (where x < y) with numbers of the pods within the same team (for example,
12, 34, 56, or 78) to get IP addresses on the link between those pods.
Pod IP Addressing
Device
Interface
IPv4 Address
IPv6 Address
CEx
GE0/0
192.168.10x.x1/24
2001:db8:192:168:10x::x1/80
CEy
GE0/0
192.168.10y.y1/24
2001:db8:192:168:10y::y1/80
192.168.x1.1/24
2001:db8:192:168:x1::1/80
192.168.y1.1/24
2001:db8:192:168:y1::1/80
192.168.x2.2/24
2001:db8:192:168:x2::2/80
192.168.y2.2/24
2001:db8:192:168:y2::2/80
POS0/2/0
192.168.211.20/24
2001:db8:192:168:211::20/80
POS0/2/1
192.168.212.20/24
2001:db8:192:168:212::20/80
POS0/2/0
192.168.211.40/24
2001:db8:192:168:211::40/80
POS0/2/1
192.168.212.40/24
2001:db8:192:168:212::40/80
POS0/2/0
192.168.221.60/24
2001:db8:192:168:221::60/80
POS0/2/1
192.168.222.60/24
2001:db8:192:168:222::60/80
POS0/2/0
192.168.221.80/24
2001:db8:192:168:221::80/80
POS0/2/1
192.168.222.80/24
2001:db8:192:168:222::80/80
GE0/0/0/0
192.168.10x.x0/24
2001:db8:192:168:10x::x0/80
GE0/0/0/1
192.168.1xy.x0/24
2001:db8:192:168:1xy::x0/80
P1
P2
PE2
PE4
PE6
PE8
PEx
Lab Guide
Device
PEy
Interface
IPv4 Address
IPv6 Address
GE0/0/0/2
192.168.x1.x0/24
2001:db8:192:168:x1::x0/80
GE0/0/0/3
192.168.x2.x0/24
2001:db8:192:168:x2::x0/80
GE0/0/0
192.168.10y.y0/24
2001:db8:192:168:10y::y0/80
GE0/0/1
192.168.1xy.y0/24
2001:db8:192:168:1xy::y0/80
GE0/0/2
192.168.y1.y0/24
2001:db8:192:168:y1::y0/80
GE0/0/3
192.168.y2.y0/24
2001:db8:192:168:y2::y0/80
Device IP Address
Peer
192.168.1.1/24
P2
Peer IP Address
192.168.1.2/24
2001:db8:192:168:1::1/80
2001:db8:192:168:1::2/80
192.168.2.1/24
192.168.2.2/24
2001:db8:192:168:2::1/80
2001:db8:192:168:2::2/80
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Objective
In this activity, you will configure and verify advanced switching features. After completing
this activity, you will be able to meet these objectives:
Configure VLANs
Configure trunking
Configure RSTP
Configure MSTP
Note
Students from two different pods are working in teams. Students in the same team should
coordinate their lab activity and proceed through steps simultaneously (step by step).
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod x
GE0/0 VLAN x0
TRUNK
1, x0, y0
FE0/1
SWxy
FE0/2
Configure trunking
FE0/23
TRUNK
1, x0, y0
FE0/23
GE0/1
GE0/0
CEy
GE0/0/0/0
FE0/21
FE0/21
Configure VLANs
PEx
FE0/2
FE0/1
FE0/23
TRUNK
1, x0, y0
GE0/1
Optimize RSTP
SWx
VLAN y0
Pod y
FE0/21
GE0/0/0
FE0/2
FE0/1
SWy
PEy
Configure MSTP
2012 Cisco and/or its affiliates. All rights reserved.
SPNGN2 v1.01LG-8
Required Resources
These are the resources and equipment that are required to complete this activity:
Lab Guide
Command List
The table describes the Cisco IOS Software commands that are used in this activity.
Command
Description
configure terminal
interface interface
ipv6 address
ip_address/mask
ping destination_address
source interface
show spanning-tree
vlan vlan_number
port-type nni
spanning-tree mst
configuration
name name
revision number
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
For a port and interface identification as well as an IP addressing scheme, use Job Aids.
Activity Procedure
Complete these steps:
Step 1
Step 2
Step 3
On the pod and shared switches, create two VLANs, one for your pod VLAN x0
and one for another pod in your team VLAN y0 (where x is 1, 3, 5, or 7, and y is
2, 4, 6, and 8).
Step 4
On the shared switch, configure CE facing port access and put it into your pod
VLAN. Make sure that the port is NNI type.
Step 5
On the pod switch, configure CE and PE facing ports access and put them into your
pod VLAN. Make sure that the ports are NNI type.
Activity Verification
You have completed this task when you attain these results:
Note
Outputs in the verification section are taken from team 1 and pod 1 and may differ from your
outputs.
On the pod switch, verify administrative and operational mode and access VLAN:
SW1#show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
< output omitted >
On the shared switch, verify administrative and operational mode and access VLAN:
SW12# show interfaces FastEthernet0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Lab Guide
Activity Procedure
Complete these steps:
Step 1
On the pod switch, enable trunking on the ports that are facing the shared switch
(FastEthernet0/23) and the pod switch of the other (FastEthernet0/21). Allow only
VLANs 1, x0, and y0 to pass the trunk. Make sure that the switch ports are NNI
type.
Step 2
On the shared switch, enable trunking on the ports that are facing pod switches
(FastEthernet0/21 and FastEthernet0/23). Allow only VLANs 1, x0, and y0 to pass
the trunk. Make sure that the switch ports are NNI type.
Activity Verification
You have completed this task when you attain this result:
10
Encapsulation
Status
802.1q
trunking
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Port
Fa0/21
Port
Fa0/21
Port
pruned
Fa0/21
Encapsulation
Status
802.1q
trunking
Port
Fa0/23
Port
Fa0/23
Port
pruned
Fa0/23
Encapsulation
Status
802.1q
trunking
Port
Fa0/21
Port
Fa0/21
Port
pruned
Fa0/21
Encapsulation
Status
802.1q
trunking
Lab Guide
11
Port
Fa0/23
Port
Fa0/23
Port
pruned
Fa0/23
Activity Procedure
Complete these steps:
Step 1
On the pod switch, verify STP mode for VLAN x0 and y0. STP mode should be
RSTP by default.
SW1#show spanning-tree vlan 10 |
Spanning tree enabled protocol
SW1#show spanning-tree vlan 20 |
Spanning tree enabled protocol
Step 2
include Spanning
rstp
include Spanning
rstp
Find the root switch for both VLANs. Note the root switch bellow:
SW1#show spanning-tree vlan 10 | include root
SW1#show spanning-tree vlan 20 | include root
!
SW2#show spanning-tree vlan 10 | include root
SW2#show spanning-tree vlan 20 | include root
!
SW12#show spanning-tree vlan 10 | include root
This bridge is the root
SW12#show spanning-tree vlan 20 | include root
This bridge is the root
Find the blocking port for each VLAN. Note the ports bellow:
SW1#show spanning-tree vlan 10 | include BLK
Fa0/21
Altn BLK 19
128.23
SW1#show spanning-tree vlan 20 | include BLK
Fa0/21
Altn BLK 19
128.23
!
SW2#show spanning-tree vlan 10 | include BLK
SW2#show spanning-tree vlan 20 | include BLK
!
SW12#show spanning-tree vlan 10 | include BLK
SW12#show spanning-tree vlan 20 | include BLK
P2p
P2p
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Note
You should find out that the same switch is designated as a root for both VLANs, and that
the same port is blocking for both VLANs. Thus, not all of the links are utilized.
Step 4
Optimize RSTP operations by assigning pod SWx switch as the root for VLAN x0
and pod SWy switch as the root for VLAN y0. The pod switches also should be
backup root switches for the pod switch of the other.
Step 5
Find the blocking port for each VLAN. Note the ports bellow:
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________
Note
Note the difference. You should see that traffic from different VLANs takes different paths
now. All available links between switches should be utilized now.
Activity Verification
You have completed this task when you attain this result:
P2p
P2p
Activity Procedure
Complete these steps:
Step 1
On the pod and shared switches, set the spanning tree mode to MSTP.
Step 2
Set the name of the MSTP configuration to LAB. Set the revision number of MSTP
to 1. Create instance 1 and associate VLAN x0 with the instance. Create instance 2
and associate VLAN y0 with the instance.
Step 3
Configure your pod switch to be the root for the MST instance supporting your
VLAN.
Activity Verification
You have completed this task when you attain this result:
Lab Guide
13
On the pod and shared switches, verify the MST instance to VLAN mapping:
SW1#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
-----------------------------------------------------------------------------!
SW2#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
14
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
-----------------------------------------------------------------------------!
SW12#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
------------------------------------------------------------------------------
Lab Guide
15
Activity Objective
In this activity, you will configure inter-VLAN routing on the PE routers. Then you will
configure HSRP and VRRP between PE routers. After completing this activity, you will be able
to meet these objectives:
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
Pod x VLAN x0
CEx
192.168.10x.x0/24
192.168.10y.y2/24
SWx
FE0/2
FE0/23
HSRP
VRRP
FE0/21
GE0/1
192.168.10x.x1/24
192.168.10x.x3/24
192.168.10y.y3/24
FE0/21
SWxy
FE0/2
FE0/23
VLANs 1,x0, y0
FE0/1
192.168.10y.y1/24
GE0/1
FE0/21
FE0/23
FE0/2
CEy
PEx
GE0/0/0/0
VLANs x0, y0
Pod y VLAN y0
SWy
VLANs x0, y0
GE0/0/0
192.168.10x.x2/24
192.168.10y.y0/24
PEy
Legend:
TRUNK
GE
FE
2012 Cisco and/or its affiliates. All rights reserved.
SPNGN2 v1.01LG-9
Required Resources
These are the resources and equipment that are required to complete this activity:
16
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command
Description
configure terminal
interface
interface[.subinterface]
ipv6 address
ip_address/mask
ping destination_address
source interface
show standby
show vrrp
standby group_ID ip
virtual_IP_address
vrrp group_ID ip
ip_address
Description
address
address-family ipv4
commit
configure terminal
encapsulation dot1q 20
Lab Guide
17
18
interface interface
interface
interface[.subinterface]
ipv6 address
ip_address/mask
ping destination_address
source interface
priority priority
router hsrp
router vrrp
show hsrp
show vrrp
shutdown
vrrp group_ID
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps:
Step 1
On the pod switch, configure the PE facing port as a trunk. Allow only VLANs x0
and y0 on the trunk. For port identification, use Job Aids.
Step 2
On the pod PE router, note the IPv4 and IPv6 address on the first Gigabit Ethernet
interface below:
IPv4:_______________________________
IPv6:_______________________________
Step 3
On the pod PE router, remove the IPv4 and IPv6 addresses from the first Gigabit
Ethernet interface.
Step 4
On the pod PE router, create two subinterfaces on the first Gigabit Ethernet
interface. Use x0 or y0 (where x is 1, 3, 5, or 7, and y is 2, 4, 6, or 8) as interface
identifiers. Assign the x0 or y0 VLAN tag to the subinterface. Assign IPv4 and IPv6
addresses to the subinterfaces.
Device
Subinterface
VLAN
PEx
GE0/0/0/0.x0
x0
GE0/0/0/0.y0
y0
192.168.10y.y2/24
2001:db8:192:168:10y::y2/80
PEy
GE0/0/0.x0
x0
192.168.10x.x2/24
2001:db8:192:168:10x::x2/80
GE0/0/0.y0
y0
192.168.10y.y0/24
2001:db8:192:168:10y::y0/80
Step 5
On the pod CE router, create a static default IPv6 route using the ipv6 route ::/0
interface next-hop-IPv6-address command that will point to the subinterface that is
configured on the pod PE router.
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, ping the other pod CE router using IPv6:
CE1#ping 2001:DB8:192:168:102::21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:192:168:102::21,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/1/8 ms
!
CE2#ping 2001:DB8:192:168:101::11
Lab Guide
19
Your ping will not be successful until the other pod finished the configuration in this task.
!
PE2#show ipv6 route
< output omitted >
C
2001:DB8:192:168:101::/80 [0/0]
via GigabitEthernet0/0/0.10, directly connected
L
2001:DB8:192:168:101::12/128 [0/0]
via GigabitEthernet0/0/0.10, receive
C
2001:DB8:192:168:102::/80 [0/0]
via GigabitEthernet0/0/0.20, directly connected
L
2001:DB8:192:168:102::20/128 [0/0]
via GigabitEthernet0/0/0.20, receive
L
FF00::/8 [0/0]
via Null0, receive
20
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Team z
Pod x VLAN x0
CEx
PEx
GE0/0/0/0.x0
192.168.10x.x0/24
GE0/0/0/0.y0
192.168.10y.y2/24
192.168.10x.x1/24
192.168.10x.x3/24
192.168.10y.y3/24
192.168.10y.y1/24
GE0/0/0.x0
192.168.10x.x2/24
GE0/0/0.y0
192.168.10y.y0/24
PEy
CEy
SPNGN2 v1.01LG-10
Activity Procedure
Complete these steps:
Step 1
On your pod and the neighbor pod, PE routers enable HSRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Enable HSRP preemption. Make sure that your pod PE router is active for your VLAN. Use the
following IP addresses as virtual IP addresses:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
Step 2
On the pod CE router, configure a static default IPv4 route that will point to your
pod HSRP address.
Activity Verification
You have completed this task when you attain this result:
Lab Guide
21
Interface
Grp Pri P State
Active addr
Standby addr
Group addr
Gi0/0/0/0.10
1 150 P Active local
192.168.101.12 192.168.101.13
Gi0/0/0/0.20
2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
GigabitEthernet0/0/0.10 - Group 1
State is Standby
1 state change, last state change 00:04:02
Virtual IP address is 192.168.101.13
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.184 secs
Preemption enabled
Active router is 192.168.101.10, priority 150 (expires in
9.632 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.10-1" (default)
GigabitEthernet0/0/0.20 - Group 2
State is Active
1 state change, last state change 00:04:13
Virtual IP address is 192.168.102.23
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.320 secs
Preemption enabled
Active router is local
Standby router is 192.168.102.22, priority 100 (expires in
10.640 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/0/0.20-2" (default)
From pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
!
commit
Lab Guide
23
Step 3
Enable the previously disabled interface and remove HSRP configuration from the
PE router.
Activity Procedure
Complete these steps:
Step 1
On your pod and the neighbor pod, PE routers enable VRRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Make sure that your pod
PE router is active for your VLAN. Use the following IP addresses as a virtual IP
address:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
Activity Verification
You have completed this task when you attain this result:
24
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
From the pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!
vrrp
UTC
indicates IP address owner
P indicates configured to preempt
|
P State
Master addr
VRouter
P Init
unknown
P Backup
192.168.102.20
Lab Guide
25
Interface
addr
!
PE2#show vrrp
GigabitEthernet0/0/0.10 - Group 1
State is Master
Virtual IP address is 192.168.101.13
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.101.12 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
GigabitEthernet0/0/0.20 - Group 2
State is Master
Virtual IP address is 192.168.102.23
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec
26
Step 2
Enable the previously disabled interface and remove the VRRP configuration from
the PE router.
Step 3
On the PE router, remove subinterfaces that are configured in this lab activity and
configure IPv4 and IPv6 addresses on the first Gigabit Ethernet interface.
Step 4
On the pod switch, configure the PE facing port as access and assign port into
VLANx0 or VLANy0 (where x or y is your pod number). For port identification,
use Job Aids.
Step 5
On the pod CE router, disable the second Gigabit Ethernet interface and configure IP
addresses that are found on the second Gigabit Ethernet interface to the first Gigabit
Ethernet interface.
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Objective
In this activity, you will configure and verify the OSPFv2 and OSPFv3 routing protocols. You
will also configure OSPFv2 authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod x
OSPF Area 0
Enable OSPFv2
and OSPFv3
Pod y
PEx
Enable OSPFv2
authentication
OSPF Area 0
CEy
PEy
SPNGN2 v1.01LG-11
Required Resources
These are the resources and equipment that are required to complete this activity:
Lab Guide
27
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command
Description
configure terminal
interface interface
ip ospf authentication
message-digest
ip ospf message-digest-key
key-id md5 key
ipv6 address
ip_address/mask
network ip_address
wildcard_mask area area_id
show ip route
28
Command
Description
area area
authentication message-digest
commit
configure terminal
interface interface
interface interface
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Command
Description
show route
Lab Guide
29
Activity Procedure
Complete these steps:
Step 1
On the pod CE and PE routers, configure Loopback0 interface assign IPv4 address
that is as documented in the Job Aids.
Step 2
On the pod CE and PE routers, enable the OSPFv2 routing process. Enable OSPFv2
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0 and process ID 1.
Activity Verification
You have completed this task when you attain these results:
On the pod CE and PE routers, verify OSPFv2 neighbors. Adjacency should be established
and loopback interfaces should be used as OSPF router ID.
CE1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/BDR
00:00:31
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1
Address
Neighbor ID
Interface
10.1.10.1
192.168.101.11
Neighbor is
Address
Pri
State
Dead Time
1
FULL/DR
00:00:37
GigabitEthernet0/0/0/0
up for 00:00:56
On the pod CE and PE routers, verify the IPv4 routing table. You should see the
neighboring router loopback interfaces in the routing table.
CE1#show ip route ospf
< text omitted >
10.0.0.0/32 is subnetted, 2 subnets
O
10.1.1.1 [110/2] via 192.168.101.10, 00:03:39,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ospf
O
10.1.10.1/32 [110/2] via 192.168.101.11, 00:03:37,
GigabitEthernet0/0/0/0
30
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps:
Step 1
On the pod CE and PE routers, configure IPv6 address on the Loopback0 interface
as defined in Job Aids.
Step 2
On the pod CE and PE routers, enable the OSPFv3 routing process. Enable OSPFv3
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0.
Activity Verification
You have completed this task when you attain these results:
On the pod CE and PE routers, verify the OSPFv3 neighbors. Adjacency should be
established and Loopback0 interfaces should be used as OSPF router ID.
CE1#show ipv6 ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/BDR
00:00:31
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospfv3 neighbor
Neighbors for OSPFv3 1
Neighbor ID
Pri
State
Interface
10.1.10.1
1
FULL/DR
GigabitEthernet0/0/0/0
Neighbor is up for 00:01:58
Interface ID
7
Dead Time
Interface ID
00:00:33
On the pod CE and PE routers, verify the IPv6 routing table. You should see neighboring
router Loopback0 interfaces in the routing table.
CE1#show ipv6 route ospf
< text omitted >
O
2001:DB8:10:1:1::1/128 [110/1]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 ospf
O
2011:db8:10:1:10::1/128
[110/1] via fe80::eab7:48ff:fe2c:a180, 00:03:33,
GigabitEthernet0/0/0/0
Lab Guide
31
Activity Procedure
Complete these steps:
Step 1
On the pod PE and CE routers, enable OSPFv2 MD5 authentication on the first
Gigabit Ethernet interface. Use key ID 1 and key Cisco. On the pod PE router,
enable authentication on the area level.
Activity Verification
You have completed this task when you attain this result:
Pri
State
Dead Time
Address
Address
1
FULL/BDR
00:00:39
GigabitEthernet0/0/0/0
up for 00:06:25
Enable OSPF packet debugging and observe the exchange of authenticated hello packets.
RP/0/RSP0/CPU0:PE1#debug ospf 1 packet
RP/0/RSP0/CPU0:Jul 9 13:49:26.666 : ospf[1010]: Recv: HLO
l:48 rid:10.1.10.1 aut:2 auk: from 192.168.101.11 to 224.0.0.5
on GigabitEthernet0/0/0/0, vrf default vrfid 0x60000000
CE1#debug ip ospf packet
Jul 9 13:49:45.144: OSPF: rcv. v:2 t:1 l:48 rid:10.1.1.1
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x3968829A from
GigabitEthernet0/0
32
Use the Cisco IOS, IOS XE, and IOS XR undebug all command to disable debugging.
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Objective
In this activity, you will configure and verify the IS-IS routing protocol for IPv4 and IPv6. You
will also configure IS-IS authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod x
PEx
Enable IS-IS
authentication
CEy
PEy
SPNGN2 v1.01LG-12
Required Resources
These are the resources and equipment that are required to complete this activity:
Lab Guide
33
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command
Description
address-family ipv6
unicast
authentication key-chain
key_chain_name
configure terminal
distance distance ip
interface interface
ip router isis
process_name
is-type level-2-only
key key_id
key-string key_string
metric-style wide
net net_address
show ip route
34
Command
Description
address-family ipv4|ipv6
unicast
Enters IPv4 or IPv6 address family for IS-IS and enables ISIS on an interface for IPv4 or IPv6 address family
commit
configure terminal
distance distance
interface interface
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Command
Description
is-type level-2-only
metric-style wide
net net_address
show route
single-topology
Lab Guide
35
Activity Procedure
Complete these steps:
Step 1
Create a NET address for the pod CE and PE routers. Use 49 as the AFI, 0000 as the
area ID, and extended Loopback0 IPv4 address as the system ID. Write down the
NET address:
PE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
CE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
Step 2
On the pod CE and PE routers, enable the IS-IS process and configure the NET
address on each router.
Step 3
On the pod CE and PE routers, enable IS-IS for Layer 2 routing only. Enable widestyle metrics for IPv4.
Step 4
On the pod CE and PE routers, change the IS-IS administrative distance for IPv4 to
105.
Step 5
On the pod CE and PE routers, enable IS-IS for IPv4 on Loopback0 and the first
Gigabit Ethernet interfaces.
Note
Changing of administrative distance is required for a router to prefer IS-IS routes. Otherwise,
OSPF routers would be seen in the routing table. Recall that OSPF by default uses
administrative distance 110, while IS-IS uses 115.
Activity Verification
You have completed this task when you attain these results:
On the PE and CE routers, verify IS-IS neighbors. Adjacency should be established and the
type of routers should be Layer 2.
CE1#show isis neighbors
System Id
Type Interface
IP Address
State Holdtime
Circuit Id
PE1
L2
Gi0/0
192.168.101.10 UP
26
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id
Interface
SNPA
State Holdtime
Type IETF-NSF
CE1
Gi0/0/0/0
e8b7.482c.a180 Up
8
L2
Capable
Total neighbor count: 1
36
On the PE and CE routers, verify the IPv4 routing table. You should see neighboring router
Loopback0 interfaces in the routing table. Observe the metric to reach Loopback0
networks.
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps:
Step 1
Note
On the pod PE routers (Cisco IOS XR Software only), enable wide-style metrics for
IPv6.
Wide-style metrics are enabled separately per address family on Cisco IOS XR routers only.
On Cisco IOS and IOS XE routers, wide-style metrics are enabled for all address families.
Therefore, wide-style metrics on Cisco IOS and IOS XE routers already have been enabled
in the previous task.
Step 2
On the pod CE and PE routers, change the IS-IS administrative distance for IPv6 to
105.
Step 3
On the pod PE router (Cisco IOS XR Software only), configure the single-topology
IS-IS for IPv6.
Note
Step 4
Configuration of single-topology IS-IS is needed on Cisco IOS XR routers only. Cisco IOS
XR routers use multitopology IS-IS by default, while Cisco IOS and IOS XE routers use
single-topology IS-IS by default.
On the pod CE and PE routers, enable IS-IS for IPv6 on Loopback0 and the first
Gigabit Ethernet interfaces.
Lab Guide
37
Activity Verification
You have completed this task when you attain these results:
On the pod CE and PE routers, verify the IPv6 routing table. You should see the
neighboring router Loopback0 interface in the routing table.
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 isis
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:01:33,
GigabitEthernet0/0/0/0
38
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps:
Step 1
On the pod PE and CE routers, enable MD5 IS-IS LSP and hello packets
authentication. Use key ID 1 and key Cisco.
Activity Verification
You have completed this task when you attain this result:
On the pod CE and PE routers, verify that IS-IS adjacencies are still up.
CE1#show isis neighbors
System Id
Type Interface
IP Address
State Holdtime
Circuit Id
PE1
L2
Gi0/0
192.168.101.10 UP
24
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id
Interface
SNPA
State Holdtime
Type IETF-NSF
CE1
Gi0/0/0/0
e8b7.482c.a180 Up
9
L2
Capable
Total neighbor count: 1
On the pod CE and PE routers, verify that routes are still seen in the routing table. You can
either observe the IPv4 or IPv6 routing table.
CE1#show ip route isis
< text omitted >
10.0.0.0/32 is subnetted, 2 subnets
i L2
10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv4 isis
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:50,
GigabitEthernet0/0/0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 isis
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:03:55,
GigabitEthernet0/0/0/0
Lab Guide
39
Activity Objective
In this activity, you will configure and verify BGP routing. You will establish an EBGP session
between the CE and PE routers, and establish an IBGP session between PE routers. After
completing this activity, you will be able to meet these objectives:
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod
x
AS
6450x
Pod x
PEx
AS 64500
AS 6450y
Enable BGP
authentication
IBGP
EBGP
EBGP
CEy
Pod y
PEy
SPNGN2 v1.01LG-13
Required Resources
These are the resources and equipment that are required to complete this activity:
40
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command
Description
configure terminal
interface interface
neighbor ip_address
activate
neighbor ip_address
password password
neighbor ip_address
remote-as as_number
neighbor ip_address
update-source interface
network network/prefix
ping destination_address
show ip bgp
show ip route
Lab Guide
41
42
Command
Description
address-family ipv4|ipv6
unicast
commit
configure terminal
interface interface
neighbor ip_address
pass
password
remote-as as_number
route-policy name
update-source interface
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps. On the pod PE and CE routers, use the following AS numbers:
CEx: AS 6450x
CEy: AS 6450y
PEx and PEx: AS 64500
Step 1
Between pod PE and CE routers, configure EBGP peering. Establish two sessions,
one using an IPv4 address and one using an IPv6 address. Activate an IPv4 session
for IPv4 routes and an IPv6 session for IPv6 routes.
Step 2
Between two PE routers in the team, enable a second Gigabit Ethernet interface, add
IP addresses, and start IS-IS Layer 2 routing.
Step 3
Between two PE routers in the team, configure IBGP peering. Establish two
sessions, one using an IPv4 address and one using an IPv6 address. Use Loopback0
interfaces for peering. Make sure that Loopback0 interfaces are used as the source
interface when establishing the IBGP sessions. Activate IPv4 session for IPv4 routes
and IPv6 session for IPv6 routes.
Activity Verification
You have completed this task when you attain these results:
On the pod PE and CE routers, verify that the BGP sessions for the IPv4 and IPv6
neighbors are up:
CE1#show bgp ipv4 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1
Neighbor
OutQ Up/Down
V
State/PfxRcd
AS MsgRcvd MsgSent
TblVer
Lab Guide
InQ
43
192.168.101.10 4
64500
52
58
1
0 00:50:42
0
!
CE1#show bgp ipv6 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1
Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
OutQ Up/Down State/PfxRcd
2001:DB8:192:168:101::10
4
64500
52
58
1
0
0 00:50:48
0
!
RP/0/RSP0/CPU0:PE1#show bgp ipv4 unicast summary
< text omitted >
Neighbor
Spk
AS MsgRcvd MsgSent
TblVer InQ OutQ
Up/Down St/PfxRcd
10.2.1.1
0 64500
13
10
1
0
0
00:07:59
0
192.168.101.11
0 64501
58
52
1
0
0
00:50:24
0!
!
RP/0/RSP0/CPU0:PE1#show bgp ipv6 unicast summary
< text omitted >
Neighbor
Spk
AS MsgRcvd MsgSent
TblVer InQ OutQ
Up/Down St/PfxRcd
2001:db8:10:2:1::1
0 64500
12
11
1
0
0
00:08:09
0
2001:db8:192:168:101::11
0 64501
58
52
1
0
0
00:50:32
0!
Activity Procedure
Complete these steps:
Step 1
Enable the pod CE router to advertise IPv4 and IPv6 addresses of the Looback0
interface to the pod PE router using BGP.
Step 2
On the PE router running Cisco IOS XR Software, create a route policy that allows
all routing updates to pass. Apply the route policy to the IPv4 and IPv6 EBGP
neighbor (CE router) in inbound and outbound directions.
Note
44
Recall that on the platforms running Cisco IOS XR Software, BGP routing updates are not
automatically sent to and received from EBGP neighbors. A route policy has to be
configured, which allows sending and receiving routing updates to and from EBGP
neighbors.
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Verification
You have completed this task when you attain this result:
On the pod CE router, verify the IPv4 and IPv6 BGP tables:
CE1#show ip bgp
< text omitted >
Network
Next Hop
Metric LocPrf Weight
Path
*> 10.1.10.1/32
0.0.0.0
0
32768 i
*> 10.2.10.1/32
192.168.101.10
0
64500 64502 i
!
CE1#show bgp ipv6 unicast
< text omitted >
Network
Next Hop
Metric LocPrf Weight
Path
*> 2001:DB8:10:1:10::1/128
::
0
32768 i
*> 2001:DB8:10:2:10::1/128
2001:DB8:192:168:101::10
0
64500 64502 i
On the pod CE router, verify the IPv4 and IPv6 routing tables:
CE1#show ip route bgp
< text omitted >
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B
10.2.10.1/32 [20/0] via 192.168.101.10, 00:04:30
!
CE1#show ipv6 route bgp
< text omitted >
B
2001:DB8:10:2:10::1/128 [20/0]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
Activity Procedure
Complete these steps:
Step 1
Note
Between pod CE and PE routers, enable BGP authentication for the IPv4 session.
Use password Cisco.
An already established BGP session will not go down automatically. On the PE router, use
the Cisco IOS XR clear bgp * command or Cisco IOS XE clear ip bgp * command to clear
the BGP session. Verify that the IPv4 BGP session between routers establishes back.
Lab Guide
45
Activity Verification
You have completed this task when you attain this result:
Verify that the IPv4 BGP session between the PE and CE routers has again established:
CE1#show ip bgp summary
< text omitted >
Neighbor
V
AS MsgRcvd MsgSent
OutQ Up/Down State/PfxRcd
192.168.101.10 4
64500
5
6
0 00:01:11
1
46
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
TblVer
InQ
Activity Objective
In this activity, you will configure and verify filtering using IPv4 and IPv6 access control lists
(ACLs). You will also configure antispoofing ACLs.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod x
Configure IPv4
and IPv6 ACLs
Pod y
CEy
PEx
Configure and
verify antispoofing
PEy
SPNGN2 v1.01LG-14
Required Resources
These are the resources and equipment that are required to complete this activity:
Lab Guide
47
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command
Description
configure terminal
interface interface
ipv6 address
ip_address/mask
ping destination_address
source interface
telnet destination_address
traceroute
destination_address
48
Command
Description
commit
configure terminal
interface interface
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps:
Step 1
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the
pod PE router using the ping and traceroute commands. From the pod CE router,
use the telnet command to connect to the pod PE router. The Telnet should be
successful.
CE1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
!
CE1#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 192.168.101.10 32 msec 0 msec *
!
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Note
Step 2
On the pod PE router, configure an IPv4 access list that will allow only ICMP and
Telnet traffic to the Loopback0 interface of the PE router from the pod CE router.
Permit all traffic to other IPv4 addresses on the pod PE router.
Step 3
Lab Guide
49
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/3/12 ms
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 192.168.101.10 !A
!A
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Activity Procedure
Complete these steps:
Step 1
From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the
pod PE router using the ping, traceroute, and telnet commands.
CE1#ping 2001:db8:10:1:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/0/4 ms
50
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
!
CE1#traceroute 2001:db8:10:1:1::1
Type escape sequence to abort.
Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 28 msec 0 msec 0 msec
!
CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open
Step 2
On the pod PE router, configure an IPv6 access list that will allow only ICMP and
Telnet traffic to the PE Loopback0 interface from the pod CE router. Permit all
traffic to other IPv6 addresses on the pod PE router.
Step 3
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 2001:db8:10:1:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/1/4 ms
From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 2001:db8:10:1:1::1
Type escape sequence to abort.
Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 !A
!A
!A
From the pod CE route,r verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.
Lab Guide
51
CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Activity Procedure
Complete these steps:
Step 1
On the pod PE router, remove the existing IPv4 ACL and create a new IPv4 ACL
(with same ACL name) to prevent IP spoofing from the pod CE router. Allow only
packets that have a source IP address either from the CE router Loopback0 or first
Gigabit Ethernet interface. The functionality of the existing ACL should remain the
same.
Step 2
On the pod PE router, edit the existing IPv6 ACL to prevent IP spoofing from the
pod CE router. Allow only packets that have a source IP address either from the CE
router Loopback0 or first Gigabit Ethernet interface. The functionality of the
existing ACL should remain the same.
Step 3
Activity Verification
You have completed this task when you attain this result:
From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should not be successful
CE1#ping 10.1.1.1 source Loopback10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
Packet sent with a source address of 172.16.0.1
U.U.U
Success rate is 0 percent (0/5)
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10
52
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Remove the IPv4 and IPv6 access list from the interface.
From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should be successful
CE1#ping 10.1.1.1 source Loopback10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
Packet sent with a source address of 172.16.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/0/4 ms
Lab Guide
53
Activity Objective
In this lab activity, you will perform software maintenance operations on the Cisco IOS XR
router.
After completing this activity, you will be able to meet these objectives:
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx
Pod x
PEx
Manage Cisco
IOS XR Software
Commit and rollback
configuration
CEy
Pod y
PEy
SPNGN2 v1.01LG-15
Required Resources
These are the resources and equipment that are required to complete this activity:
54
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Command List
The table describes the commands that are used in this lab activity.
Cisco IOS XR Commands
Command
Description
configure terminal
enable
install activate
install add
install commit
install deactivate
install remove
ping ip_address
show running-config
Lab Guide
55
Activity Procedure
Complete these steps on the pod router PE (Cisco IOS XR Software only):
Step 1
Deactivate software package asr9k-mgbl-p-4.1.0 located at disk0 and wait for the
process to end.
Step 3
Step 4
Remove inactive software package asr9k-mgbl-p-4.1.0 and wait for the process to
end.
Activity Verification
Complete lab activity verification:
56
On the pod PE router (Cisco IOS XR Software only), verify which software packages are
active.
On the pod PE router (Cisco IOS XR Software only), verify that software package asr9kmgbl-p-4.1.0 is inactive.
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1
On the pod PE router, verify that PIE file asr9k-mgbl-p.pie-4.1.0 is located at disk0.
asr9k-mgbl-p.pie-4.1.0
Step 2
Step 3
Step 4
Activity Verification
Complete lab activity verification:
Lab Guide
57
Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1
Step 2
RP/0/RSP0/CPU0:Test(config)#show configuration
Mon Jul 10 08:03:38.893 UTC
SNo. Label/ID
User
Line
~~~~ ~~~~~~~~
~~~~
~~~~
1
1000000327 root
con0_RSP0_CPU0
2000
2
1000000326 root
con0/RSP0/CPU0
2000
3
1000000325 root
con0_RSP0_CPU0
2000
4
1000000324 root
con0_RSP0_CPU0
2000
5
1000000323 root
con0_RSP0_CPU0
2000
6
1000000322 root
con0_RSP0_CPU0
2000
< output omitted >
Step 3
commit list
Client
~~~~~~
CLI
Time Stamp
~~~~~~~~~~
Mon Jul 10 08:01:21
cfgmgr-ins
CLI
CLI
CLI
CLI
Activity Verification
Complete lab activity verification:
RP/0/RSP0/CPU0:PE1#
58
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.
Step 5
Step 6
Step 7
Step 6
Lab Guide
59
port-type nni
Step 2
Step 4
Step 5
SW2:
spanning-tree vlan 20 root primary
spanning-tree vlan 10 root secondary
Step 6
60
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Step 2
Step 3
Configure the pod switch to be the root for the MST instance:
SW1
spanning-tree mst 1 root primary
SW2
spanning-tree mst 2 root primary
Configure trunk:
SW1 and SW2 (Cisco IOS Software):
interface FastEthernet0/2
switchport trunk allowed vlan 10,20
switchport mode trunk
Step 2
Step 3
Lab Guide
61
CE2:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:102::20
62
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
!
commit
CE2:
ip route 0.0.0.0 0.0.0.0 192.168.102.23
Step 3
Lab Guide
63
address 192.168.102.23
!
commit
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
no ip address
no ipv6 address
no encapsulation dot1q 10
no interface GigabitEthernet0/0/0.10
!
interface GigabitEthernet0/0/0.20
no ip address
no ipv6 address
no encapsulation dot1q 20
no interface GigabitEthernet0/0/0.20
!
interface GigabitEthernet0/0/0
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 4
Reconfigure interfaces:
CE1 (Cisco IOS Software):
interface GigabitEthernet0/1
shutdown
no ip address
no ipv6 address
!
interface GigabitEthernet0/0
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80
Lab Guide
65
66
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Lab Guide
67
68
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Step 2
Change the IS-IS router type and enable wide-style metrics for IPv4:
CE1 (Cisco IOS Software):
router isis 1
is-type level-2-only
metric-style wide
Lab Guide
69
commit
Enable wide-style metrics for IPv6 on the PE1 router (Cisco IOS XR Software):
router isis 1
address-family ipv6 unicast
metric-style wide
!
commit
70
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Step 2
Configure single-topology IS-IS for IPv6 on the PE1 router (Cisco IOS XR
Software):
router isis 1
address-family ipv6 unicast
single-topology
!
commit
Step 4
Lab Guide
71
interface GigabitEthernet0/0
ipv6 router isis 1
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Configure EBGP:
Lab Guide
73
74
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Step 3
Configure IBGP:
Create a route policy and apply it in inbound and outbound directions on the PE1
router (Cisco IOS XR Software):
route-policy ALLOW_ALL
Lab Guide
75
pass
end-policy
!
router bgp 64500
neighbor 192.168.101.11
address-family ipv4 unicast
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
neighbor 2001:db8:192:168:101::11
address-family ipv6 unicast
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
commit
Configure ACL:
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
The ACL should be applied in the inbound direction to the first Gigabit Ethernet
interface.
Configure ACL:
Lab Guide
77
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
!
commit
Remove the IPv4 and IPv6 access list from the interface:
RP/0/RSP0/CPU0:PE1#admin
Mon Jul 10 07:32:57.892 UTC
RP/0/RSP0/CPU0:PE1(admin)#install deactivate disk0:asr9k-mgbl-p-4.1.0
Mon Jul 10 07:33:05.945 UTC
2012 Cisco Systems, Inc.
Lab Guide
79
RP/0/RSP0/CPU0:PE1(admin)#install commit
Mon Jul 10 07:34:52.226 UTC
Install operation 20 '(admin) install commit' started by user 'root' via CLI
at
RP/0/RSP0/CPU0:Jul 10 07:34:52.562 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 20 '(admin) install commit'
started by user 'root'
07:34:52 UTC Mon Jul 10 2000.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Jul 10 07:34:55.775 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
80
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
81
RP/0/RSP0/CPU0:PE1(admin)#install commit
Sun Sep 25 09:37:04.416 UTC
Install operation 28 '(admin) install commit' started by user 'root' via CLI
at
RP/0/RSP0/CPU0:Sep 25 09:37:04.799 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 28 '(admin) install commit'
started by user 'root'
09:37:04 UTC Sun Sep 25 2011.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Sep 25 09:37:07.995 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
RP/0/RSP0/CPU0:Sep 25 09:37:07.996 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 28 completed
successfully
Install operation 28 completed successfully at 09:37:07 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:PE1(config)#hostname Test
RP/0/RSP0/CPU0:PE1(config)#commit
Mon Jul 10 08:01:21.620 UTC
RP/0/RSP0/CPU0:Jul 10 08:01:23.254 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000327' to view the changes.
RP/0/RSP0/CPU0:Test(config)#
82
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Step 4
Lab Guide
83
84
Pod 6
SW56
Pod 5
Pod 2
SW12
Pod 1
Team 3
SW6
SW5
SW2
SW1
CE6
CE5
CE2
CE1
Team 1
PE6
PE5
PE2
PE1
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
Appendix A
P2
P1
PE8
PE7
PE4
PE3
Team 4
SW8
SW7
SW4
SW3
Team 2
Pod 8
SW78
Pod 7
Pod 4
SW34
SPNGN2 v1.01LG-4
CE8
CE7
CE4
CE3
OC3 POS
GE
FE
Pod 3
Legend:
GE0/0
FE0/21
FE0/22
FE0/2
FE0/1
SWy
FE0/2
FE0/21
FE0/23 FE0/22
FE0/24
FE0/23
FE0/24
Pod y
SWxy
SWx
FE0/23
FE0/24
FE0/1
FE0/21
FE0/22
GE
FE
OC3 POS
FE0/2
FE0/1
GE0/0
Pod x
Legend:
CEy
GE0/1
GE0/1
CEx
Team z
GE0/0/0/
2
PEy
85
P2
P1
SPNGN2 v1.01LG-5
POS0/2/1
Connections to
PE(y+2)
POS0/2/0
POS0/2/0
GE0/0/3
GE0/0/
2
POS0/2/1
GE0/0/
1
GE0/0/0/
1 GE0/0/0/
3
GE0/0/0
GE0/0/0/0
PEx
86
.y1
.x1
GE
FE
OC3 POS
Loopback
Pod y
SWy
SWx
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01
.x0
.x0
PEx
.y0
.1
.2
10.0.2.1
.2
.1
P2
P1
SPNGN2 v1.01LG-6
Connections to
PE(y+2)
192.168.2w1.0/24
192.168.y2.0/24
.y0
.y0
.2
.2
.1
.x0
.y0
.1
.x0
192.168.x1.0/24
192.168.2w2.0/24
PEy .y0
.y0
10.y.1.1
192.168.1xy.0/24
10.x.1.1
192.168.10y.0/24
10.y.0.1
10.x.0.1
192.168.10x.0/24
z = 1,2,3,4
x = 1,3,5,7
y = 2,4,6,8
w = 1 (for teams 1 and 2)
2 (for teams 3 and 4)
192.168.10y.0/24
SWxy
10.xy.0.1
192.168.10x.0/24
Pod x
Legend:
CEy
10.y.10.1
10.x.10.1
CEx
10.0.1.1
192.168.1.0/24
Team z
192.168.2.0/24
Pod 1
Pod 5
Team 3
SW6
CE6
Pod 6
10.10.10.28
10.10.10.31
SW56
SW5
10.10.10.27
10.10.10.29
10.10.10.30
CE5
SW2
CE2
Pod 2
10.10.10.12
10.10.10.15
SW12
SW1
10.10.10.11
10.10.10.13
10.10.10.14
CE1
Team 1
PE6
10.10.10.32
10.10.10.33
PE5
PE2
10.10.10.16
10.10.10.17
PE1
PE8
10.10.10.39
10.10.10.40
PE7
PE4
10.10.10.24
P2
10.10.10.26
10.10.10.18
P1
10.10.10.25
PE3
87
Pod 3
Pod 7
Team 4
SW8
10.10.10.35
Pod 8
SPNGN2 v1.01LG-7
CE8
10.10.10.38
SW78
10.10.10.36
10.10.10.37
CE7
CE4
10.10.10.23
Pod 4
10.10.10.34
SW7
SW4
10.10.10.20
SW34
CE3
10.10.10.22
10.10.10.21
10.10.10.19
SW3
Team 2
88
Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01