Vous êtes sur la page 1sur 92

SPNGN2

Building Cisco Service


Provider Next-Generation
Networks, Part 2
Version 1.01

Lab Guide
Text Part Number: 97-3132-02

Americas Headquarters
Cisco Systems, Inc.
San Jose, CA

Asia Pacific Headquarters


Cisco Systems (USA) Pte. Ltd.
Singapore

Europe Headquarters
Cisco Systems International BV Amsterdam,
The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)

DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

Lab Guide

2012 Cisco and/or its affiliates. All rights reserved.

Table of Contents
Lab Guide ........................................................................................................................... 1
Overview ............................................................................................................................................... 1
Outline ............................................................................................................................................ 1
Job Aids................................................................................................................................................. 2
Pod Access Information .................................................................................................................. 2
Device Information .......................................................................................................................... 2
IP Addressing ................................................................................................................................. 4
Lab 2-1: Configure Advanced Switching ............................................................................................... 7
Activity Objective ............................................................................................................................ 7
Visual Objective .............................................................................................................................. 7
Required Resources ....................................................................................................................... 7
Command List................................................................................................................................. 8
Task 1: Configure VLANs ............................................................................................................... 9
Task 2: Configure Trunking .......................................................................................................... 10
Task 3: Configure RSTP ............................................................................................................... 12
Task 4 (Optional): Configure MSTP ............................................................................................. 13
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy .................................................. 16
Activity Objective .......................................................................................................................... 16
Visual Objective ............................................................................................................................ 16
Required Resources ..................................................................................................................... 16
Command List............................................................................................................................... 17
Task 1: Configure and Verify Inter-VLAN Routing ........................................................................ 19
Task 2: Configure HSRP .............................................................................................................. 21
Task 3: Configure VRRP .............................................................................................................. 24
Lab 3-1: Implement OSPF .................................................................................................................. 27
Activity Objective .......................................................................................................................... 27
Visual Objective ............................................................................................................................ 27
Required Resources ..................................................................................................................... 27
Command List............................................................................................................................... 28
Task 1: Configure OSPFv2 ........................................................................................................... 30
Task 2: Configure OSPFv3 ........................................................................................................... 31
Task 3 (Optional): Configure OSPFv2 Authentication .................................................................. 32
Lab 3-2: Implement IS-IS .................................................................................................................... 33
Activity Objective .......................................................................................................................... 33
Visual Objective ............................................................................................................................ 33
Required Resources ..................................................................................................................... 33
Command List............................................................................................................................... 34
Task 1: Configure IS-IS for IPv4 ................................................................................................... 36
Task 2: Configure IS-IS for IPv6 ................................................................................................... 37
Task 3 (Optional): Configure IS-IS Authentication ....................................................................... 39
Lab 4-1: Configure Basic BGP ............................................................................................................ 40
Activity Objective .......................................................................................................................... 40
Visual Objective ............................................................................................................................ 40
Required Resources ..................................................................................................................... 40
Command List............................................................................................................................... 41
Task 1: Configure BGP Process and BGP Peering ..................................................................... 43
Task 2: Configure BGP to Advertise a Network ........................................................................... 44
Task 3 (Optional): Configure BGP Neighbor Authentication ........................................................ 45
Lab 5-1: Implement ACLs ................................................................................................................... 47
Activity Objective .......................................................................................................................... 47
Visual Objective ............................................................................................................................ 47
Required Resources ..................................................................................................................... 47
Command List............................................................................................................................... 48
Task 1: Configure IPv4 Filtering ................................................................................................... 49
Task 2: Configure IPv6 Filtering ................................................................................................... 50
Task 3 (Optional): Configure Antispoofing ACLs .......................................................................... 52

Lab 6-1: Manage Cisco IOS XR Package .......................................................................................... 54


Activity Objective .......................................................................................................................... 54
Visual Objective ............................................................................................................................ 54
Required Resources ..................................................................................................................... 54
Command List .............................................................................................................................. 55
Task 1: Uninstall Cisco IOS XR Package..................................................................................... 56
Task 2: Install Cisco IOS XR Package ......................................................................................... 57
Task 3: Configuration Management ............................................................................................. 58
Answer Key ......................................................................................................................................... 59
Lab 2-1 Answer Key: Configure Advanced Switching .................................................................. 59
Lab 2-2 Answer Key: Configure Inter-VLAN Routing and Gateway Redundancy ....................... 61
Lab 3-1 Answer Key: Implement OSPF ....................................................................................... 66
Lab 3-2 Answer Key: Implement IS-IS ......................................................................................... 68
Lab 4-1 Answer Key: Configure Basic BGP ................................................................................. 73
Lab 5-1 Answer Key: Implement ACLs ........................................................................................ 76
Lab 6-1 Answer Key: Manage Cisco IOS XR Package................................................................ 79
Appendix A .......................................................................................................................................... 84

ii

Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

SPNGN2

Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.

Outline
This guide includes these activities:

Job Aids

Lab 2-1: Configure Advanced Switching

Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy

Lab 3-1: Implement OSPF

Lab 3-2: Implement IS-IS

Lab 4-1: Configure Basic BGP

Lab 5-1: Implement ACLs

Lab 6-1: Manage Cisco IOS XR Package

Answer Key

Appendix A (Tear-Out)

Job Aids
These job aids are available to help you complete lab activities.

Pod Access Information


The instructor will provide you with the team and pod numbers as well as other team and pod
access information. Write down the information in the table for future reference.
Parameter

Default value

Team number

z =14

Pod number

x = 1, 3, 5, 7
or

Value

y = 2, 4, 6, 8
Remote lab SSH access IP address

128.107.245.9

Remote lab SSH access username

instr

Remote lab SSH access password

testMe

Pod PE (Cisco IOS XR Software) router


username

root

Pod PE (Cisco IOS XR Software) router


password

1ronMan

Pod CE, SW, and PE privileged level password

cisco

Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in one
pod, and two pods will work in one team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
The CE routers in both pods are running Cisco IOS Software. The first pod within a team (pods
1, 3, 5, or 7) will work on the PE router running Cisco IOS XR Software, and the second pod
within the same team (pods 2, 4, 6, or 8) will work on the PE router running Cisco IOS XE
Software.
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have redundant POS connections, as shown in the following topology:

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Legend:
GE
FE
OC3 POS

Team 1
CE1

Pod 1

SW1

Team 2
PE1

PE3

SW3

Pod 3

CE3

P1

SW12

SW34

CE2

Pod 2

SW2

PE2

PE4

SW4

Pod 4

CE4

CE5

Pod 5

SW5

PE5

PE7

SW7

Pod 7

CE7

SW56

CE6

Pod 6

P2

SW6

PE6

Team 3

SW78

PE8

SW8

Pod 8

CE8

Team 4

2012 Cisco and/or its affiliates. All rights reserved.

SPNGN2 v1.01LG-4

Note: FE = Fast Ethernet; GE = Gigabit Ethernet.


Device Roles and Loopback IP Addresses
Device Name

Device Role

Lo0 IPv4 Address

Lo0 IPv6 Address

CEx

Cisco 2900 pod router

10.x.10.1/32

2001:db8:10:x:10::1/128

10.y.10.1/32

2001:db8:10:y:10::1/128

CEy
Cisco ASR 9000 or Cisco
ASR 1000 pod router

10.x.1.1/32

2001:db8:10:x:1::1/128

PEy

10.y.1.1/32

2001:db8:10:y:1::1/128

SWx

Cisco ME340x pod switch

10.x.0.1/32

2001:db8:10:x:0::1/128

10.y.0.1/32

2001:db8:10:y:0::1/128

10.xy.0.1/32

2001:db8:10:xy:0::1/128

PEx

SWy
SWxy

Cisco ME340x pod switch


that is shared inside a team

P1

Cisco ASR 9000 core router 10.0.1.1/32

2001:db8:10:0:1::1/128

P2

Cisco ASR 9000 core router 10.0.2.1/32

2001:db8:10:0:2::1/128

The following figure illustrates the interface identification that is used in this lab setup.

2012 Cisco Systems, Inc.

Lab Guide

Team z
Pod x

CEx

SWx
FE0/1

GE0/0

PEx

FE0/2

SWxy

FE0/23
FE0/24
FE0/23
FE0/24

GE0/1
GE0/0

CEy

GE0/0/0/
1 GE0/0/0/
3

FE0/21
FE0/22

FE0/21
FE0/22

FE0/1

FE0/21
FE0/22

GE0/0/
1

GE0/0/
2
GE0/0/3

FE0/2

FE0/1

P2

GE0/0/0

SWy

Pod y

P1

GE0/0/0/0

FE0/23
FE0/24

GE0/1

GE0/0/0/
2

FE0/2

PEy

POS0/2/0
POS0/2/1
POS0/2/0

GE
FE
OC3 POS

Legend:

POS0/2/1
Connections to
PE(y+2)

2012 Cisco and/or its affiliates. All rights reserved.

SPNGN2 v1.01LG-5

IP Addressing
The following figure illustrates the IP addressing scheme that is used in this lab setup.

Team z

10.0.1.1

SWx

PEx
192.168.10x.0/24

192.168.10x.0/24
.x1

192.168.x1.0/24
.x0

.x0
10.xy.0.1

.x0
10.x.0.1

.1

SWxy

10.y.0.1

10.x.1.1

10.y.1.1
.y0

.y1

.y0

CEy

Pod y

SWy

.y0
.y0

192.168.10y.0/24

192.168.10y.0/24

PEy .y0

.1

.1

192.168.1xy.0/24
10.y.10.1

P1

.1

192.168.2.0/24

10.x.10.1

.x0

192.168.1.0/24

Pod x

CEx

.2

.2

.2
.2

P2

192.168.y2.0/24
.y0
10.0.2.1

Legend:

GE
FE
OC3 POS
Loopback

z = 1,2,3,4
x = 1,3,5,7
y = 2,4,6,8
w = 1 (for teams 1 and 2)
2 (for teams 3 and 4)

192.168.2w2.0/24

2012 Cisco and/or its affiliates. All rights reserved.

192.168.2w1.0/24
Connections to
PE(y+2)
SPNGN2 v1.01LG-6

The following figure illustrates the management IP addresses used in this lab setup.

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Team 1
Pod 1

CE1
10.10.10.14

Team 2
Pod 3

SW1

PE1

PE3

SW3

10.10.10.11

10.10.10.17

10.10.10.25

10.10.10.19

CE3
10.10.10.22

P1
10.10.10.13

10.10.10.18

10.10.10.21

SW12
10.10.10.15

SW34
10.10.10.12

10.10.10.16

10.10.10.24

10.10.10.20

SW2

PE2

PE4

SW4

Pod 4
Pod 7

CE2

Pod 2

CE5

Pod 5

10.10.10.30

SW5

PE5

PE7

SW7

10.10.10.27

10.10.10.33

10.10.10.40

10.10.10.34

10.10.10.29

10.10.10.26

SW56
10.10.10.31

10.10.10.28

CE6

SW6

10.10.10.32
PE6

Team 3

CE7
10.10.10.37

SW78
10.10.10.39

10.10.10.35

PE8

SW8

10.10.10.38

Pod 8

CE8

Team 4

2012 Cisco and/or its affiliates. All rights reserved.

Note

CE4

10.10.10.36

P2

Pod 6

10.10.10.23

SPNGN2 v1.01LG-7

Replace the x or y with your pod number to get the IP addresses within your pod (for
example, x is for odd number pods 1, 3, 5, and 7; y is for even number pods 2, 4, 6, and 8).
Replace the xy (where x < y) with numbers of the pods within the same team (for example,
12, 34, 56, or 78) to get IP addresses on the link between those pods.

Pod IP Addressing
Device

Interface

IPv4 Address

IPv6 Address

CEx

GE0/0

192.168.10x.x1/24

2001:db8:192:168:10x::x1/80

CEy

GE0/0

192.168.10y.y1/24

2001:db8:192:168:10y::y1/80

192.168.x1.1/24

2001:db8:192:168:x1::1/80

192.168.y1.1/24

2001:db8:192:168:y1::1/80

192.168.x2.2/24

2001:db8:192:168:x2::2/80

192.168.y2.2/24

2001:db8:192:168:y2::2/80

POS0/2/0

192.168.211.20/24

2001:db8:192:168:211::20/80

POS0/2/1

192.168.212.20/24

2001:db8:192:168:212::20/80

POS0/2/0

192.168.211.40/24

2001:db8:192:168:211::40/80

POS0/2/1

192.168.212.40/24

2001:db8:192:168:212::40/80

POS0/2/0

192.168.221.60/24

2001:db8:192:168:221::60/80

POS0/2/1

192.168.222.60/24

2001:db8:192:168:222::60/80

POS0/2/0

192.168.221.80/24

2001:db8:192:168:221::80/80

POS0/2/1

192.168.222.80/24

2001:db8:192:168:222::80/80

GE0/0/0/0

192.168.10x.x0/24

2001:db8:192:168:10x::x0/80

GE0/0/0/1

192.168.1xy.x0/24

2001:db8:192:168:1xy::x0/80

P1

P2

PE2

PE4

PE6

PE8

PEx

2012 Cisco Systems, Inc.

Lab Guide

Device

PEy

Interface

IPv4 Address

IPv6 Address

GE0/0/0/2

192.168.x1.x0/24

2001:db8:192:168:x1::x0/80

GE0/0/0/3

192.168.x2.x0/24

2001:db8:192:168:x2::x0/80

GE0/0/0

192.168.10y.y0/24

2001:db8:192:168:10y::y0/80

GE0/0/1

192.168.1xy.y0/24

2001:db8:192:168:1xy::y0/80

GE0/0/2

192.168.y1.y0/24

2001:db8:192:168:y1::y0/80

GE0/0/3

192.168.y2.y0/24

2001:db8:192:168:y2::y0/80

Note: GE = Gigabit Ethernet.


Core IP Addressing
Device
P1

Device IP Address

Peer

192.168.1.1/24

P2

Peer IP Address
192.168.1.2/24

2001:db8:192:168:1::1/80

2001:db8:192:168:1::2/80

192.168.2.1/24

192.168.2.2/24

2001:db8:192:168:2::1/80

2001:db8:192:168:2::2/80

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Lab 2-1: Configure Advanced Switching


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure and verify advanced switching features. After completing
this activity, you will be able to meet these objectives:

Configure VLANs

Configure trunking

Configure RSTP

Configure MSTP

Note

Students from two different pods are working in teams. Students in the same team should
coordinate their lab activity and proceed through steps simultaneously (step by step).

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx

Pod x
GE0/0 VLAN x0

TRUNK
1, x0, y0

FE0/1

SWxy

FE0/2

Configure trunking

FE0/23
TRUNK
1, x0, y0
FE0/23

GE0/1
GE0/0

CEy

GE0/0/0/0

FE0/21

FE0/21

Configure VLANs

PEx
FE0/2

FE0/1

FE0/23
TRUNK
1, x0, y0

GE0/1

Optimize RSTP

SWx

VLAN y0
Pod y

FE0/21

GE0/0/0

FE0/2

FE0/1

SWy

PEy

Configure MSTP
2012 Cisco and/or its affiliates. All rights reserved.

SPNGN2 v1.01LG-8

Required Resources
These are the resources and equipment that are required to complete this activity:

A PC with access to the Internet

A SSH client that is installed on the PC

2012 Cisco Systems, Inc.

Lab Guide

Command List
The table describes the Cisco IOS Software commands that are used in this activity.

Command

Description

configure terminal

Enters configuration mode

interface interface

Enters interface configuration mode

ip address ip_address mask

Sets an IPv4 address for an interface and the subnet mask

ipv6 address
ip_address/mask

Sets an IPv6 address for an interface and the subnet mask

ping destination_address
source interface

Pings the specified address (IPv4 or IPv6) from the


specified interface

show interfaces interface


switchport

Displays the administrative and operational status of a


switching port

show interfaces interface


trunk

Displays interface trunk information

show spanning-tree vlan


vlan

Displays spanning-tree information for the specified VLAN

show spanning-tree

Displays spanning-tree information

show spanning-tree mst


configuration

Displays the MSTP region configuration and status

vlan vlan_number

Creates a VLAN and enters VLAN configuration mode

switchport mode access |


trunk

Configures the VLAN membership or trunking mode of a


port

switchport access vlan


vlan

Configures VLAN membership on an access port

port-type nni

Sets a port type to nni

switchport trunk allowed


vlan vlans

Specifies allowed VLANs on a trunk port

spanning-tree vlan vlan


root primary

Configures a switch to be primary root for specified VLAN

spanning-tree vlan vlan


root secondary

Configures a switch to be secondary root for specified


VLAN

spanning-tree mode mst

Sets STP mode to MSTP

spanning-tree mst
configuration

Enters MST configuration mode

name name

Sets the MSTP configuration name

revision number

Sets the MSTP revision number

instance instance_id vlan


vlan

Maps VLANs to an MST instance

spanning-tree mst 1 root


primary

Configures a switch to be root for specified MSTP instance

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 1: Configure VLANs


In this task, you will first create additional VLANs. Then you will configure router facing
switch ports for access mode and put them into proper VLANs. You will have to coordinate
your activities with another pod in your team.
Note

For a port and interface identification as well as an IP addressing scheme, use Job Aids.

Activity Procedure
Complete these steps:
Step 1

On the pod CE router, remove any IP addressing from the GigabitEthernet0/1


interface.

Step 2

On the pod CE router, remove any IP addresses from the GigabitEthernet0/0


interface. Assign the removed IP addresses to the GigabitEthernet0/1 interface.

Step 3

On the pod and shared switches, create two VLANs, one for your pod VLAN x0
and one for another pod in your team VLAN y0 (where x is 1, 3, 5, or 7, and y is
2, 4, 6, and 8).

Step 4

On the shared switch, configure CE facing port access and put it into your pod
VLAN. Make sure that the port is NNI type.

Step 5

On the pod switch, configure CE and PE facing ports access and put them into your
pod VLAN. Make sure that the ports are NNI type.

Activity Verification
You have completed this task when you attain these results:
Note

Outputs in the verification section are taken from team 1 and pod 1 and may differ from your
outputs.

On the pod switch, verify administrative and operational mode and access VLAN:
SW1#show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
< output omitted >

On the shared switch, verify administrative and operational mode and access VLAN:
SW12# show interfaces FastEthernet0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q

2012 Cisco Systems, Inc.

Lab Guide

Operational Trunking Encapsulation: native


Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
< output omitted >
SW12# show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 20 (VLAN0020)
Trunking Native Mode VLAN: 1 (default)
< output omitted >

Task 2: Configure Trunking


In this task, you will enable trunking on links between the pod and shared switches. You will
have to coordinate your activities with another pod in the team.

Activity Procedure
Complete these steps:
Step 1

On the pod switch, enable trunking on the ports that are facing the shared switch
(FastEthernet0/23) and the pod switch of the other (FastEthernet0/21). Allow only
VLANs 1, x0, and y0 to pass the trunk. Make sure that the switch ports are NNI
type.

Step 2

On the shared switch, enable trunking on the ports that are facing pod switches
(FastEthernet0/21 and FastEthernet0/23). Allow only VLANs 1, x0, and y0 to pass
the trunk. Make sure that the switch ports are NNI type.

Activity Verification
You have completed this task when you attain this result:

From the CE router, ping the PE router:


CE1# ping 192.168.101.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms

On the pod switch, verify trunk interfaces:


SW1#show interfaces FastEthernet0/21 trunk
Port
Mode
Native vlan
Fa0/21
on

10

Encapsulation

Status

802.1q

trunking

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Port
Fa0/21

Vlans allowed on trunk


1,10,20

Port
Fa0/21

Vlans allowed and active in management domain


1,10,20

Port
pruned
Fa0/21

Vlans in spanning tree forwarding state and not


none

SW1#show interfaces FastEthernet0/23 trunk


Port
Mode
Native vlan
Fa0/23
on

Encapsulation

Status

802.1q

trunking

Port
Fa0/23

Vlans allowed on trunk


1,10,20

Port
Fa0/23

Vlans allowed and active in management domain


1,10,20

Port
pruned
Fa0/23

Vlans in spanning tree forwarding state and not


1,10,20

On the shared switch, verify trunk interfaces:


SW12#show interfaces FastEthernet0/21 trunk
Port
Mode
Native vlan
Fa0/21
on

Encapsulation

Status

802.1q

trunking

Port
Fa0/21

Vlans allowed on trunk


1,10,20

Port
Fa0/21

Vlans allowed and active in management domain


1,10,20

Port
pruned
Fa0/21

Vlans in spanning tree forwarding state and not


1,10,20

SW12#show interfaces FastEthernet0/23 trunk


Port
Mode
Native vlan
Fa0/23
on

2012 Cisco Systems, Inc.

Encapsulation

Status

802.1q

trunking

Lab Guide

11

Port
Fa0/23

Vlans allowed on trunk


1,10,20

Port
Fa0/23

Vlans allowed and active in management domain


1,10,20

Port
pruned
Fa0/23

Vlans in spanning tree forwarding state and not


1,10,20

Task 3: Configure RSTP


In this task, you will verify and optimize RSTP operations.

Activity Procedure
Complete these steps:
Step 1

On the pod switch, verify STP mode for VLAN x0 and y0. STP mode should be
RSTP by default.
SW1#show spanning-tree vlan 10 |
Spanning tree enabled protocol
SW1#show spanning-tree vlan 20 |
Spanning tree enabled protocol

Step 2

include Spanning
rstp
include Spanning
rstp

Find the root switch for both VLANs. Note the root switch bellow:
SW1#show spanning-tree vlan 10 | include root
SW1#show spanning-tree vlan 20 | include root
!
SW2#show spanning-tree vlan 10 | include root
SW2#show spanning-tree vlan 20 | include root
!
SW12#show spanning-tree vlan 10 | include root
This bridge is the root
SW12#show spanning-tree vlan 20 | include root
This bridge is the root

VLAN x0 root switch: ___________________________


VLAN y0 root switch: ___________________________
Step 3

Find the blocking port for each VLAN. Note the ports bellow:
SW1#show spanning-tree vlan 10 | include BLK
Fa0/21
Altn BLK 19
128.23
SW1#show spanning-tree vlan 20 | include BLK
Fa0/21
Altn BLK 19
128.23
!
SW2#show spanning-tree vlan 10 | include BLK
SW2#show spanning-tree vlan 20 | include BLK
!
SW12#show spanning-tree vlan 10 | include BLK
SW12#show spanning-tree vlan 20 | include BLK

P2p
P2p

VLAN x0 blocking port: Port:______________Switch:____________


VLAN y0 blocking port: Port:______________Switch:____________
12

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Note

You should find out that the same switch is designated as a root for both VLANs, and that
the same port is blocking for both VLANs. Thus, not all of the links are utilized.

Step 4

Optimize RSTP operations by assigning pod SWx switch as the root for VLAN x0
and pod SWy switch as the root for VLAN y0. The pod switches also should be
backup root switches for the pod switch of the other.

Step 5

Find the blocking port for each VLAN. Note the ports bellow:
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________

Note

Note the difference. You should see that traffic from different VLANs takes different paths
now. All available links between switches should be utilized now.

Activity Verification
You have completed this task when you attain this result:

Blocking ports after the RSTP optimization:


SW1#show spanning-tree vlan 10 | include BLK
SW1#show spanning-tree vlan 20 | include BLK
!
SW2#show spanning-tree vlan 10 | include BLK
SW2#show spanning-tree vlan 20 | include BLK
!
SW12#show spanning-tree vlan 10 | include BLK
Fa0/21
Altn BLK 19
128.23
SW12#show spanning-tree vlan 20 | include BLK
Fa0/23
Altn BLK 19
128.25

P2p
P2p

Task 4 (Optional): Configure MSTP


In this task, you will enable the MSTP protocol. You will create two instances of MSTP and
associate one VLAN with each instance.
The main advantage of MSTP is that you can associate several VLANs with one instance.
However, in the lab, there are only two VLANs that are created and one VLAN that will be
associated with one MSTP instance.

Activity Procedure
Complete these steps:
Step 1

On the pod and shared switches, set the spanning tree mode to MSTP.

Step 2

Set the name of the MSTP configuration to LAB. Set the revision number of MSTP
to 1. Create instance 1 and associate VLAN x0 with the instance. Create instance 2
and associate VLAN y0 with the instance.

Step 3

Configure your pod switch to be the root for the MST instance supporting your
VLAN.

Activity Verification
You have completed this task when you attain this result:

On the pod and shared switches, verify that MSTP is running:

2012 Cisco Systems, Inc.

Lab Guide

13

SW1#show spanning-tree | include MST|Spanning


MST0
Spanning tree enabled protocol mstp
MST1
Spanning tree enabled protocol mstp
MST2
Spanning tree enabled protocol mstp
!
SW2#show spanning-tree | include MST|Spanning
MST0
Spanning tree enabled protocol mstp
MST1
Spanning tree enabled protocol mstp
MST2
Spanning tree enabled protocol mstp
!
SW12#show spanning-tree | include MST|Spanning
MST0
Spanning tree enabled protocol mstp
MST1
Spanning tree enabled protocol mstp
MST2
Spanning tree enabled protocol mstp

On the pod and shared switches, verify the MST instance to VLAN mapping:
SW1#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
-----------------------------------------------------------------------------!
SW2#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20

14

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

-----------------------------------------------------------------------------!
SW12#show spanning-tree mst configuration
Name
[LAB]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -------------------------------------------------------------------0
1-9,11-19,21-4094
1
10
2
20
------------------------------------------------------------------------------

2012 Cisco Systems, Inc.

Lab Guide

15

Lab 2-2: Configure Inter-VLAN Routing and


Gateway Redundancy
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure inter-VLAN routing on the PE routers. Then you will
configure HSRP and VRRP between PE routers. After completing this activity, you will be able
to meet these objectives:

Configure and verify inter-VLAN routing.

Configure and verify HSRP.

Configure and verify VRRP.

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
Pod x VLAN x0

CEx

192.168.10x.x0/24
192.168.10y.y2/24

SWx
FE0/2

FE0/23

HSRP
VRRP

FE0/21

GE0/1
192.168.10x.x1/24

192.168.10x.x3/24
192.168.10y.y3/24

FE0/21

SWxy

FE0/2
FE0/23

VLANs 1,x0, y0

FE0/1

192.168.10y.y1/24
GE0/1

FE0/21
FE0/23
FE0/2

CEy

PEx

GE0/0/0/0
VLANs x0, y0

Pod y VLAN y0

SWy

VLANs x0, y0
GE0/0/0
192.168.10x.x2/24
192.168.10y.y0/24

PEy

Legend:
TRUNK
GE
FE
2012 Cisco and/or its affiliates. All rights reserved.

SPNGN2 v1.01LG-9

Required Resources
These are the resources and equipment that are required to complete this activity:

16

A PC with access to the Internet

A SSH client that is installed on the PC

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command

Description

configure terminal

Enters configuration mode

encapsulation dot1q vlan

Enables IEEE 802.1Q encapsulation of traffic on a


specified subinterface in a VLAN

interface
interface[.subinterface]

Enters interface configuration mode; used also to create


subinterface

ip address ip_address mask

Sets an IPv4 address for an interface and the subnet mask

ip route subnet mask


next_hop_IP_address

Configures static route

ipv6 address
ip_address/mask

Sets an IPv6 address for an interface and the subnet mask

ping destination_address
source interface

Pings the specified address (IPv4 or IPv6) from the


specified interface

show standby

Displays Hot Standby Router Protocol (HSRP) information

show vrrp

Displays a brief or detailed status of one or all configured


Virtual Router Redundancy Protocol (VRRP) groups on the
router

standby group_ID ip
virtual_IP_address

Activates the HSRP

standby group_ID preempt

Enables HSRP pre-emption

standby group_ID priority

Sets the HSRP priority

switchport mode access |


trunk

Configures the VLAN membership or trunking mode of a


port

switchport trunk allowed


vlan vlans

Specifies allowed VLANs on a trunk port

vrrp group_ID ip
ip_address

Enables the VRRP on an interface and identification of the


IP address of the virtual router

vrrp group_ID priority


priority

Sets the VRRP priority

Cisco IOS XR Software Commands


Command

Description

address

Sets VRRP address

address-family ipv4

Enters IPv4 address family VRRP configuration mode

commit

Commits changes to the running configuration

configure terminal

Enters configuration mode

encapsulation dot1q 20

Enables IEEE 802.1Q encapsulation of traffic on a specified


subinterface in a VLAN

hsrp group_ID ipv4 address

Activates the HSRP

hsrp group_ID preempt

Configures HSRP pre-emption

2012 Cisco Systems, Inc.

Lab Guide

17

18

hsrp group_ID priority


priority

Configures HSRP priority

interface interface

Enters interface HSRP or VRRP configuration mode

interface
interface[.subinterface]

Enters interface configuration mode; used also to create


subinterface

ipv4 address ip_address


mask

Sets an IPv4 address for an interface and the subnet mask

ipv6 address
ip_address/mask

Sets an IPv6 address for an interface and the subnet mask

ping destination_address
source interface

Pings the specified address (IPv4 or IPv6) from the specified


interface

priority priority

Sets VRRP priority

router hsrp

Enables the HSRP

router vrrp

Enables the VRRP

show hsrp

Displays HSRP information

show route ipv6

Displays IPv6 routing table

show vrrp

Displays a brief or detailed status of one or all configured


VRRP groups on the router

shutdown

Shuts down an interface

vrrp group_ID

Enables VRRP virtual router mode

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 1: Configure and Verify Inter-VLAN Routing


In this task, you will configure inter-VLAN routing between VLANs x0 and y0. You will have
to reconfigure the PE pod router and pod switch to support inter-VLAN routing. You will have
to coordinate your activities with another pod in the team.

Activity Procedure
Complete these steps:
Step 1

On the pod switch, configure the PE facing port as a trunk. Allow only VLANs x0
and y0 on the trunk. For port identification, use Job Aids.

Step 2

On the pod PE router, note the IPv4 and IPv6 address on the first Gigabit Ethernet
interface below:
IPv4:_______________________________
IPv6:_______________________________

Step 3

On the pod PE router, remove the IPv4 and IPv6 addresses from the first Gigabit
Ethernet interface.

Step 4

On the pod PE router, create two subinterfaces on the first Gigabit Ethernet
interface. Use x0 or y0 (where x is 1, 3, 5, or 7, and y is 2, 4, 6, or 8) as interface
identifiers. Assign the x0 or y0 VLAN tag to the subinterface. Assign IPv4 and IPv6
addresses to the subinterfaces.
Device

Subinterface

VLAN

PEx

GE0/0/0/0.x0

x0

IPv4 and IPv6 Address


192.168.10x.x0/24
2001:db8:192:168:10x::x0/80

GE0/0/0/0.y0

y0

192.168.10y.y2/24
2001:db8:192:168:10y::y2/80

PEy

GE0/0/0.x0

x0

192.168.10x.x2/24
2001:db8:192:168:10x::x2/80

GE0/0/0.y0

y0

192.168.10y.y0/24
2001:db8:192:168:10y::y0/80

Step 5

On the pod CE router, create a static default IPv6 route using the ipv6 route ::/0
interface next-hop-IPv6-address command that will point to the subinterface that is
configured on the pod PE router.

Activity Verification
You have completed this task when you attain these results:

From the pod CE router, ping the other pod CE router using IPv6:
CE1#ping 2001:DB8:192:168:102::21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:192:168:102::21,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/1/8 ms
!
CE2#ping 2001:DB8:192:168:101::11

2012 Cisco Systems, Inc.

Lab Guide

19

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 2001:DB8:192:168:101::11,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/0/0 ms
Note

Your ping will not be successful until the other pod finished the configuration in this task.

On the pod PE router, verify the IPv6 routing table:


RP/0/RSP0/CPU0:PE1#show route ipv6
< output omitted >
Gateway of last resort is not set
C
L
C
L

2001:db8:192:168:101::/80 is directly connected,


01:06:22, GigabitEthernet0/0/0/0.10
2001:db8:192:168:101::10/128 is directly connected,
01:06:22, GigabitEthernet0/0/0/0.10
2001:db8:192:168:102::/80 is directly connected,
01:05:34, GigabitEthernet0/0/0/0.20
2001:db8:192:168:102::22/128 is directly connected,
01:05:34, GigabitEthernet0/0/0/0.20

!
PE2#show ipv6 route
< output omitted >
C
2001:DB8:192:168:101::/80 [0/0]
via GigabitEthernet0/0/0.10, directly connected
L
2001:DB8:192:168:101::12/128 [0/0]
via GigabitEthernet0/0/0.10, receive
C
2001:DB8:192:168:102::/80 [0/0]
via GigabitEthernet0/0/0.20, directly connected
L
2001:DB8:192:168:102::20/128 [0/0]
via GigabitEthernet0/0/0.20, receive
L
FF00::/8 [0/0]
via Null0, receive

20

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 2: Configure HSRP


In this task, you will enable HSRP on the pod PE router for your pod VLAN. You will have to
coordinate your activities with another pod in the team.
The figure illustrates what you will accomplish in this task.

Team z
Pod x VLAN x0

CEx

Active router for VLAN x0


Backup router for VLAN y0
Pod y VLAN y0

PEx

GE0/0/0/0.x0
192.168.10x.x0/24

GE0/0/0/0.y0
192.168.10y.y2/24

192.168.10x.x1/24

192.168.10x.x3/24
192.168.10y.y3/24

192.168.10y.y1/24
GE0/0/0.x0
192.168.10x.x2/24

GE0/0/0.y0
192.168.10y.y0/24

PEy

CEy

Active router for VLAN y0


Backup router for VLAN x0
2012 Cisco and/or its affiliates. All rights reserved.

SPNGN2 v1.01LG-10

Activity Procedure
Complete these steps:
Step 1

On your pod and the neighbor pod, PE routers enable HSRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Enable HSRP preemption. Make sure that your pod PE router is active for your VLAN. Use the
following IP addresses as virtual IP addresses:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24

Step 2

On the pod CE router, configure a static default IPv4 route that will point to your
pod HSRP address.

Activity Verification
You have completed this task when you attain this result:

On the pod PE router, verify HSRP configuration:


RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:42:34.591 UTC
P indicates configured to preempt.
|

2012 Cisco Systems, Inc.

Lab Guide

21

Interface
Grp Pri P State
Active addr
Standby addr
Group addr
Gi0/0/0/0.10
1 150 P Active local
192.168.101.12 192.168.101.13
Gi0/0/0/0.20
2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
GigabitEthernet0/0/0.10 - Group 1
State is Standby
1 state change, last state change 00:04:02
Virtual IP address is 192.168.101.13
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.184 secs
Preemption enabled
Active router is 192.168.101.10, priority 150 (expires in
9.632 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.10-1" (default)
GigabitEthernet0/0/0.20 - Group 2
State is Active
1 state change, last state change 00:04:13
Virtual IP address is 192.168.102.23
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.320 secs
Preemption enabled
Active router is local
Standby router is 192.168.102.22, priority 100 (expires in
10.640 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/0/0.20-2" (default)

From pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!

PE1 (Cisco IOS XR):


interface GigabitEthernet0/0/0/0.10
shutdown
22

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

!
commit

PE2 (Cisco IOS XE):


interface GigabitEthernet0/0/0.20
shutdown

Minimal disruption in the ping from pod CE router:


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!

On the pod PE router, verify HSRP configuration:


RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:53:12.356 UTC
P indicates configured to preempt.
|
Interface
Grp Pri P State
Active addr
Standby addr
Group addr
Gi0/0/0/0.10
1 150 P Init
unknown
unknown
192.168.101.13
Gi0/0/0/0.20
2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
GigabitEthernet0/0/0.10 - Group 1
State is Active
2 state changes, last state change 00:05:01
Virtual IP address is 192.168.101.13
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.680 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.10-1" (default)
GigabitEthernet0/0/0.20 - Group 2
State is Active
1 state change, last state change 00:14:26
Virtual IP address is 192.168.102.23
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.712 secs
Preemption enabled
Active router is local
Standby router is 192.168.102.22, priority 100 (expires in
9.920 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/0/0.20-2" (default)

2012 Cisco Systems, Inc.

Lab Guide

23

Step 3

Enable the previously disabled interface and remove HSRP configuration from the
PE router.

Task 3: Configure VRRP


In this task, you will enable VRRP on your pod and the neighbor pod PE routers for your
VLAN. You will have to coordinate your activities with another pod in the team.

Activity Procedure
Complete these steps:
Step 1

On your pod and the neighbor pod, PE routers enable VRRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Make sure that your pod
PE router is active for your VLAN. Use the following IP addresses as a virtual IP
address:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24

Activity Verification
You have completed this task when you attain this result:

On the pod PE router, verify the VRRP configuration:


RP/0/RSP0/CPU0:PE1#show vrrp
Sun Jul 9 11:07:10.700 UTC
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface
vrID Prio A P State
Master addr
VRouter
addr
Gi0/0/0/0.10
1 150
P Master
local
192.168.101.13
Gi0/0/0/0.20
2 100
P Backup
192.168.102.20
192.168.102.23
IPv6 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface
vrID Prio A P State
Master addr
VRouter
addr
!
PE2#show vrrp
GigabitEthernet0/0/0.10 - Group 1
State is Backup
Virtual IP address is 192.168.101.13
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100

24

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Master Router is 192.168.101.10, priority is 150


Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.127 sec)
GigabitEthernet0/0/0.20 - Group 2
State is Master
Virtual IP address is 192.168.102.23
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec

From the pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!

PE1 (Cisco IOS XR):


interface GigabitEthernet0/0/0/0.10
shutdown
!
commit

PE2 (Cisco IOS XE):


interface GigabitEthernet0/0/0.20
shutdown

Minimal disruption in the ping from the pod CE router:


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!

On the pod PE router, verify VRRP configuration:


RP/0/RSP0/CPU0:PE1#show
Sun Jul 9 11:10:19.654
IPv4 Virtual Routers:
A
|
|
Interface
vrID Prio A
addr
Gi0/0/0/0.10
1 150
192.168.101.13
Gi0/0/0/0.20
2 100
192.168.102.23

2012 Cisco Systems, Inc.

vrrp
UTC
indicates IP address owner
P indicates configured to preempt
|
P State
Master addr
VRouter
P Init

unknown

P Backup

192.168.102.20

Lab Guide

25

IPv6 Virtual Routers:


A
|
|
vrID Prio A

indicates IP address owner


P indicates configured to preempt
|
P State
Master addr
VRouter

Interface
addr
!
PE2#show vrrp
GigabitEthernet0/0/0.10 - Group 1
State is Master
Virtual IP address is 192.168.101.13
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.101.12 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
GigabitEthernet0/0/0.20 - Group 2
State is Master
Virtual IP address is 192.168.102.23
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec

26

Step 2

Enable the previously disabled interface and remove the VRRP configuration from
the PE router.

Step 3

On the PE router, remove subinterfaces that are configured in this lab activity and
configure IPv4 and IPv6 addresses on the first Gigabit Ethernet interface.

Step 4

On the pod switch, configure the PE facing port as access and assign port into
VLANx0 or VLANy0 (where x or y is your pod number). For port identification,
use Job Aids.

Step 5

On the pod CE router, disable the second Gigabit Ethernet interface and configure IP
addresses that are found on the second Gigabit Ethernet interface to the first Gigabit
Ethernet interface.

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Lab 3-1: Implement OSPF


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure and verify the OSPFv2 and OSPFv3 routing protocols. You
will also configure OSPFv2 authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:

Configure and verify OSPFv2 and OSPFv3

Configure and verify OSPFv2 authentication

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx

Pod x

OSPF Area 0

Enable OSPFv2
and OSPFv3
Pod y

PEx

Enable OSPFv2
authentication

OSPF Area 0

CEy

2012 Cisco and/or its affiliates. All rights reserved.

PEy

SPNGN2 v1.01LG-11

Required Resources
These are the resources and equipment that are required to complete this activity:

A PC with access to the Internet

A SSH client that is installed on the PC

2012 Cisco Systems, Inc.

Lab Guide

27

Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command

Description

configure terminal

Enters configuration mode

debug ip ospf packet

Enables debugging of OSPFv2 packets

interface interface

Enters interface configuration mode

ip address ip_address mask

Sets an IPv4 address for an interface and the subnet mask

ip ospf authentication
message-digest

Enables MD5 OSPFv2 authentication on an interface

ip ospf message-digest-key
key-id md5 key

Specifies MD5 key ID and key

ipv6 address
ip_address/mask

Sets an IPv6 address for an interface and the subnet mask

ipv6 ospf process_id area


area_id

Enables OSPFv3 on an interface

ipv6 router ospf


process_id

Enters OSPFv3 router configuration mode

network ip_address
wildcard_mask area area_id

Enables OSPFv2 for specified networks

router ospf process_id

Enters OSPFv2 router configuration mode

show ip ospf neighbors

Displays OSPFv2 neighbors

show ip route

Displays IPv4 routing table

show ipv6 ospf neighbors

Displays OSPFv3 neighbors

show ipv6 route

Displays IPv6 routing table

Cisco IOS XR Software Commands

28

Command

Description

area area

Configures OSPF area

authentication message-digest

Enables MD5 OSPF authentication

commit

Commits changes to the running configuration

configure terminal

Enters configuration mode

debug ospf process_id packet

Enables debugging of OSPFv2 packets for specified


process

interface interface

Enters interface configuration mode

interface interface

Enables interface for OSPF under specified area

ipv4 address ip_address mask

Sets an IPv4 address for an interface and the subnet


mask

ipv6 address ip_address/mask

Sets an IPv6 address for an interface and the subnet


mask

message-digest-key key-id md5


key

Specifies MD5 key ID and key

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Command

Description

router ospf process_id

Enters OSPFv2 router configuration mode

router ospfv3 process_id

Enters OSPFv3 router configuration mode

show ospf neighbors

Displays OSPFv2 neighbors

show ospfv3 neighbors

Displays OSPFv3 neighbors

show route

Displays IPv4 routing table

show route ipv6

Displays IPv6 routing table

2012 Cisco Systems, Inc.

Lab Guide

29

Task 1: Configure OSPFv2


In this task, you will configure OSPFv2 routing protocol between your pod CE and PE routers.

Activity Procedure
Complete these steps:
Step 1

On the pod CE and PE routers, configure Loopback0 interface assign IPv4 address
that is as documented in the Job Aids.

Step 2

On the pod CE and PE routers, enable the OSPFv2 routing process. Enable OSPFv2
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0 and process ID 1.

Activity Verification
You have completed this task when you attain these results:

On the pod CE and PE routers, verify OSPFv2 neighbors. Adjacency should be established
and loopback interfaces should be used as OSPF router ID.
CE1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/BDR
00:00:31
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1

Address

Neighbor ID
Interface
10.1.10.1
192.168.101.11
Neighbor is

Address

Pri

State

Dead Time

1
FULL/DR
00:00:37
GigabitEthernet0/0/0/0
up for 00:00:56

Total neighbor count: 1

On the pod CE and PE routers, verify the IPv4 routing table. You should see the
neighboring router loopback interfaces in the routing table.
CE1#show ip route ospf
< text omitted >
10.0.0.0/32 is subnetted, 2 subnets
O
10.1.1.1 [110/2] via 192.168.101.10, 00:03:39,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ospf
O
10.1.10.1/32 [110/2] via 192.168.101.11, 00:03:37,
GigabitEthernet0/0/0/0

30

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 2: Configure OSPFv3


In this task, you will configure the OSPFv3 routing protocol between pod CE and PE routers.

Activity Procedure
Complete these steps:
Step 1

On the pod CE and PE routers, configure IPv6 address on the Loopback0 interface
as defined in Job Aids.

Step 2

On the pod CE and PE routers, enable the OSPFv3 routing process. Enable OSPFv3
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0.

Activity Verification
You have completed this task when you attain these results:

On the pod CE and PE routers, verify the OSPFv3 neighbors. Adjacency should be
established and Loopback0 interfaces should be used as OSPF router ID.
CE1#show ipv6 ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/BDR
00:00:31
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospfv3 neighbor
Neighbors for OSPFv3 1
Neighbor ID
Pri
State
Interface
10.1.10.1
1
FULL/DR
GigabitEthernet0/0/0/0
Neighbor is up for 00:01:58

Interface ID
7

Dead Time

Interface ID

00:00:33

Total neighbor count: 1

On the pod CE and PE routers, verify the IPv6 routing table. You should see neighboring
router Loopback0 interfaces in the routing table.
CE1#show ipv6 route ospf
< text omitted >
O
2001:DB8:10:1:1::1/128 [110/1]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 ospf
O
2011:db8:10:1:10::1/128
[110/1] via fe80::eab7:48ff:fe2c:a180, 00:03:33,
GigabitEthernet0/0/0/0

2012 Cisco Systems, Inc.

Lab Guide

31

Task 3 (Optional): Configure OSPFv2 Authentication


In this task, you will enable OSPFv2 MD5 authentication between the pod PE and CE routers.

Activity Procedure
Complete these steps:
Step 1

On the pod PE and CE routers, enable OSPFv2 MD5 authentication on the first
Gigabit Ethernet interface. Use key ID 1 and key Cisco. On the pod PE router,
enable authentication on the area level.

Activity Verification
You have completed this task when you attain this result:

Verify that OSPF adjacencies are still up.


CE1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
10.1.1.1
1
FULL/DR
00:00:33
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1
Neighbor ID
Interface
10.1.10.1
192.168.101.11
Neighbor is

Pri

State

Dead Time

Address

Address

1
FULL/BDR
00:00:39
GigabitEthernet0/0/0/0
up for 00:06:25

Total neighbor count: 1

Enable OSPF packet debugging and observe the exchange of authenticated hello packets.
RP/0/RSP0/CPU0:PE1#debug ospf 1 packet
RP/0/RSP0/CPU0:Jul 9 13:49:26.666 : ospf[1010]: Recv: HLO
l:48 rid:10.1.10.1 aut:2 auk: from 192.168.101.11 to 224.0.0.5
on GigabitEthernet0/0/0/0, vrf default vrfid 0x60000000
CE1#debug ip ospf packet
Jul 9 13:49:45.144: OSPF: rcv. v:2 t:1 l:48 rid:10.1.1.1
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x3968829A from
GigabitEthernet0/0

32

Use the Cisco IOS, IOS XE, and IOS XR undebug all command to disable debugging.

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Lab 3-2: Implement IS-IS


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure and verify the IS-IS routing protocol for IPv4 and IPv6. You
will also configure IS-IS authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:

Configure and verify IS-IS for IPv4 and IPv6

Configure and verify IS-IS authentication

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx

Pod x

IS-IS Area 49.0000

Enable IS-IS for


IPv4 and IPv6
Pod y

PEx

Enable IS-IS
authentication

IS-IS Area 49.0000

CEy

2012 Cisco and/or its affiliates. All rights reserved.

PEy

SPNGN2 v1.01LG-12

Required Resources
These are the resources and equipment that are required to complete this activity:

A PC with access to the Internet

A SSH client that is installed on the PC

2012 Cisco Systems, Inc.

Lab Guide

33

Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command

Description

address-family ipv6
unicast

Enters IPv6 address family for IS-IS

authentication key-chain
key_chain_name

Specifies IS-IS LSP packet authentication key chain

authentication mode md5

Enables IS-IS LSP packet MD5 authentication

configure terminal

Enters configuration mode

distance distance ip

Configures administrative distance for IS-IS

interface interface

Enters interface configuration mode

ip router isis
process_name

Enables IS-IS for IPv4 on an interface

ipv6 router isis


process_name

Enables IS-IS for IPv6 on an interface

isis authentication keychain key_chain_name

Specifies IS-IS hello packet authentication key chain

isis authentication mode


md5

Enables IS-IS hello packet MD5 authentication

is-type level-2-only

Changes IS-IS router type to level 2

key chain key_chain_name

Creates a key chain

key key_id

Creates a key in a key chain and specifies key ID

key-string key_string

Specified key string in a key chain

metric-style wide

Enables wide-style metric for IS-IS

net net_address

Configures NET address for IS-IS

router isis process_name

Enters IS-IS router configuration mode

show ip route

Displays IPv4 routing table

show ipv6 route

Displays IPv6 routing table

show isis neighbors

Displays IS-IS neighbors

Cisco IOS XR Software Commands

34

Command

Description

address-family ipv4|ipv6
unicast

Enters IPv4 or IPv6 address family for IS-IS and enables ISIS on an interface for IPv4 or IPv6 address family

commit

Commits changes to the running configuration

configure terminal

Enters configuration mode

distance distance

Configures administrative distance for IS-IS

hello-password hmac-md5 key

Enables IS-IS hello packet MD5 authentication

interface interface

Enters interface configuration mode or enters interface


configuration mode under router IS-IS configuration mode

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Command

Description

is-type level-2-only

Changes IS-IS router type to level 2

lsp-password hmac-md5 key

Enables IS-IS LSP packet MD5 authentication

metric-style wide

Enables wide-style metric for IS-IS

net net_address

Configures NET address for IS-IS

router isis process_name

Enters IS-IS router configuration mode

show isis neighbors

Displays IS-IS neighbors

show route

Displays IPv4 routing table

show route ipv6

Displays IPv6 routing table

single-topology

Configures IS-IS single-topology

2012 Cisco Systems, Inc.

Lab Guide

35

Task 1: Configure IS-IS for IPv4


In this task, you will configure the IS-IS routing protocol for IPv4 between the pod CE and PE
routers.

Activity Procedure
Complete these steps:
Step 1

Create a NET address for the pod CE and PE routers. Use 49 as the AFI, 0000 as the
area ID, and extended Loopback0 IPv4 address as the system ID. Write down the
NET address:
PE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
CE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _

Step 2

On the pod CE and PE routers, enable the IS-IS process and configure the NET
address on each router.

Step 3

On the pod CE and PE routers, enable IS-IS for Layer 2 routing only. Enable widestyle metrics for IPv4.

Step 4

On the pod CE and PE routers, change the IS-IS administrative distance for IPv4 to
105.

Step 5

On the pod CE and PE routers, enable IS-IS for IPv4 on Loopback0 and the first
Gigabit Ethernet interfaces.

Note

Changing of administrative distance is required for a router to prefer IS-IS routes. Otherwise,
OSPF routers would be seen in the routing table. Recall that OSPF by default uses
administrative distance 110, while IS-IS uses 115.

Activity Verification
You have completed this task when you attain these results:

On the PE and CE routers, verify IS-IS neighbors. Adjacency should be established and the
type of routers should be Layer 2.
CE1#show isis neighbors
System Id
Type Interface
IP Address
State Holdtime
Circuit Id
PE1
L2
Gi0/0
192.168.101.10 UP
26
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id
Interface
SNPA
State Holdtime
Type IETF-NSF
CE1
Gi0/0/0/0
e8b7.482c.a180 Up
8
L2
Capable
Total neighbor count: 1

36

On the PE and CE routers, verify the IPv4 routing table. You should see neighboring router
Loopback0 interfaces in the routing table. Observe the metric to reach Loopback0
networks.

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

CE1#show ip route isis


< text omitted >
Gateway of last resort is 192.168.101.13 to network 0.0.0.0
10.0.0.0/32 is subnetted, 2 subnets
i L2
10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route isis
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:52,
GigabitEthernet0/0/0/0

Task 2: Configure IS-IS for IPv6


In this task, you will configure the IS-IS routing protocol for IPv6 between the pod CE and PE
routers.

Activity Procedure
Complete these steps:
Step 1

Note

On the pod PE routers (Cisco IOS XR Software only), enable wide-style metrics for
IPv6.
Wide-style metrics are enabled separately per address family on Cisco IOS XR routers only.
On Cisco IOS and IOS XE routers, wide-style metrics are enabled for all address families.
Therefore, wide-style metrics on Cisco IOS and IOS XE routers already have been enabled
in the previous task.

Step 2

On the pod CE and PE routers, change the IS-IS administrative distance for IPv6 to
105.

Step 3

On the pod PE router (Cisco IOS XR Software only), configure the single-topology
IS-IS for IPv6.

Note

Step 4

2012 Cisco Systems, Inc.

Configuration of single-topology IS-IS is needed on Cisco IOS XR routers only. Cisco IOS
XR routers use multitopology IS-IS by default, while Cisco IOS and IOS XE routers use
single-topology IS-IS by default.

On the pod CE and PE routers, enable IS-IS for IPv6 on Loopback0 and the first
Gigabit Ethernet interfaces.

Lab Guide

37

Activity Verification
You have completed this task when you attain these results:

On the pod CE and PE routers, verify the IPv6 routing table. You should see the
neighboring router Loopback0 interface in the routing table.
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 isis
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:01:33,
GigabitEthernet0/0/0/0

38

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 3 (Optional): Configure IS-IS Authentication


In this task, you will enable IS-IS MD5 authentication between the pod PE and CE routers.
Recall that IS-IS is a multiprotocol routing protocol and that IS-IS authentication is enabled for
CLNP, not for IPv4 or IPv6.

Activity Procedure
Complete these steps:
Step 1

On the pod PE and CE routers, enable MD5 IS-IS LSP and hello packets
authentication. Use key ID 1 and key Cisco.

Activity Verification
You have completed this task when you attain this result:

On the pod CE and PE routers, verify that IS-IS adjacencies are still up.
CE1#show isis neighbors
System Id
Type Interface
IP Address
State Holdtime
Circuit Id
PE1
L2
Gi0/0
192.168.101.10 UP
24
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id
Interface
SNPA
State Holdtime
Type IETF-NSF
CE1
Gi0/0/0/0
e8b7.482c.a180 Up
9
L2
Capable
Total neighbor count: 1

On the pod CE and PE routers, verify that routes are still seen in the routing table. You can
either observe the IPv4 or IPv6 routing table.
CE1#show ip route isis
< text omitted >
10.0.0.0/32 is subnetted, 2 subnets
i L2
10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv4 isis
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:50,
GigabitEthernet0/0/0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 isis
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:03:55,
GigabitEthernet0/0/0/0

2012 Cisco Systems, Inc.

Lab Guide

39

Lab 4-1: Configure Basic BGP


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure and verify BGP routing. You will establish an EBGP session
between the CE and PE routers, and establish an IBGP session between PE routers. After
completing this activity, you will be able to meet these objectives:

Configure and verify the BGP process and BGP peering

Configure BGP to advertise a network

Configure BGP authentication

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx

Pod
x
AS
6450x

Pod x

PEx

AS 64500

AS 6450y

Enable BGP
authentication

IBGP

EBGP

EBGP
CEy

Pod y

2012 Cisco and/or its affiliates. All rights reserved.

PEy

SPNGN2 v1.01LG-13

Required Resources
These are the resources and equipment that are required to complete this activity:

40

A PC with access to the Internet

A SSH client that is installed on the PC

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command

Description

address-family ipv4 | ipv6

Enters BGP address family configuration mode

clear ip bgp ip_address

Clears the BGP session with the specified neighbor

configure terminal

Enters configuration mode

interface interface

Enters interface configuration mode

ip address address mask

Configures IPv4 address on an interface

ipv6 address address mask

Configures IPv6 address on an interface

neighbor ip_address
activate

Activates BGP neighbor for an address family

neighbor ip_address
password password

Enables Message Digest 5 (MD5) authentication on a TCP


connection between two BGP peers

neighbor ip_address
remote-as as_number

Adds an entry to the BGP neighbor table

neighbor ip_address
update-source interface

Configures BGP to use specified interface as a source


interface

network network mask mask

Specifies the IPv4 networks to be advertised by the BGP

network network/prefix

Specifies the IPv6 networks to be advertised by the BGP

ping destination_address

Pings the specified address (IPv4 or IPv6)

router bgp as_number

Configures the BGP routing process

show ip bgp

Displays entries in the BGP IPv4 routing table

show ip bgp ipv6 unicast

Displays entries in the BGP IPv6 routing table

show ip bgp ipv6 unicast


summary

Displays the status of all BGP IPv6 connections

show ip bgp summary

Displays the status of all BGP IPv4 connections

show ip route

Displays IPv4 routing table

show ipv6 route

Displays IPv6 routing table

switchport access vlan


vlan

Configures VLAN membership on an access port

switchport mode access |


trunk

Configures the VLAN membership or trunking mode of a


port

2012 Cisco Systems, Inc.

Lab Guide

41

Cisco IOS XR Software Commands

42

Command

Description

address-family ipv4|ipv6
unicast

Enables address family under BGP configuration or activates


BGP neighbor for an address family

commit

Commits changes to the running configuration

configure terminal

Enters configuration mode

interface interface

Enters interface configuration mode

ipv4 address address mask

Configures IPv4 address on an interface

ipv6 address address/mask

Configures IPv6 address on an interface

neighbor ip_address

Adds an entry to the BGP neighbor table

pass

Specifies that routes should be passed inside route policy

password

Enables MD5 authentication on a TCP connection between


two BGP peers

remote-as as_number

Specifies neighbor remote AS

route-policy name

Creates a route policy

route-policy name in | out

Applies a route policy to BGP neighbor in inbound or


outbound direction

router bgp as_number

Configures the BGP routing process

show bgp ipv4 unicast


summary

Displays the status of all BGP IPv4 connections

show bgp ipv6 unicast


summary

Displays the status of all BGP IPv6 connections

update-source interface

Configures BGP to use specified interface as a source


interface

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 1: Configure BGP Process and BGP Peering


In this task, you will enable and verify the BGP process and IBGP and EBGP peering between
routers.

Activity Procedure
Complete these steps. On the pod PE and CE routers, use the following AS numbers:
CEx: AS 6450x
CEy: AS 6450y
PEx and PEx: AS 64500
Step 1

Between pod PE and CE routers, configure EBGP peering. Establish two sessions,
one using an IPv4 address and one using an IPv6 address. Activate an IPv4 session
for IPv4 routes and an IPv6 session for IPv6 routes.

Step 2

Between two PE routers in the team, enable a second Gigabit Ethernet interface, add
IP addresses, and start IS-IS Layer 2 routing.

Step 3

Between two PE routers in the team, configure IBGP peering. Establish two
sessions, one using an IPv4 address and one using an IPv6 address. Use Loopback0
interfaces for peering. Make sure that Loopback0 interfaces are used as the source
interface when establishing the IBGP sessions. Activate IPv4 session for IPv4 routes
and IPv6 session for IPv6 routes.

Activity Verification
You have completed this task when you attain these results:

Verify CE to PE connectivity using the IPv4 and IPv6 addresses:


CE1#ping 192.168.101.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
CE1#ping 2001:db8:192:168:101::10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:192:168:101::10,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/0/4 ms

On the pod PE and CE routers, verify that the BGP sessions for the IPv4 and IPv6
neighbors are up:
CE1#show bgp ipv4 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1
Neighbor
OutQ Up/Down

2012 Cisco Systems, Inc.

V
State/PfxRcd

AS MsgRcvd MsgSent

TblVer

Lab Guide

InQ

43

192.168.101.10 4
64500
52
58
1
0 00:50:42
0
!
CE1#show bgp ipv6 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1

Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
OutQ Up/Down State/PfxRcd
2001:DB8:192:168:101::10
4
64500
52
58
1
0
0 00:50:48
0
!
RP/0/RSP0/CPU0:PE1#show bgp ipv4 unicast summary
< text omitted >
Neighbor
Spk
AS MsgRcvd MsgSent
TblVer InQ OutQ
Up/Down St/PfxRcd
10.2.1.1
0 64500
13
10
1
0
0
00:07:59
0
192.168.101.11
0 64501
58
52
1
0
0
00:50:24
0!
!
RP/0/RSP0/CPU0:PE1#show bgp ipv6 unicast summary
< text omitted >
Neighbor
Spk
AS MsgRcvd MsgSent
TblVer InQ OutQ
Up/Down St/PfxRcd
2001:db8:10:2:1::1
0 64500
12
11
1
0
0
00:08:09
0
2001:db8:192:168:101::11
0 64501
58
52
1
0
0
00:50:32
0!

Task 2: Configure BGP to Advertise a Network


In this task, you will configure BGP to advertise a network on the CE router. You will also
verify how routes are propagated across the BGP-enabled networks.

Activity Procedure
Complete these steps:
Step 1

Enable the pod CE router to advertise IPv4 and IPv6 addresses of the Looback0
interface to the pod PE router using BGP.

Step 2

On the PE router running Cisco IOS XR Software, create a route policy that allows
all routing updates to pass. Apply the route policy to the IPv4 and IPv6 EBGP
neighbor (CE router) in inbound and outbound directions.

Note

44

Recall that on the platforms running Cisco IOS XR Software, BGP routing updates are not
automatically sent to and received from EBGP neighbors. A route policy has to be
configured, which allows sending and receiving routing updates to and from EBGP
neighbors.

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Activity Verification
You have completed this task when you attain this result:

On the pod CE router, verify the IPv4 and IPv6 BGP tables:
CE1#show ip bgp
< text omitted >
Network
Next Hop
Metric LocPrf Weight
Path
*> 10.1.10.1/32
0.0.0.0
0
32768 i
*> 10.2.10.1/32
192.168.101.10
0
64500 64502 i
!
CE1#show bgp ipv6 unicast
< text omitted >
Network
Next Hop
Metric LocPrf Weight
Path
*> 2001:DB8:10:1:10::1/128
::
0
32768 i
*> 2001:DB8:10:2:10::1/128
2001:DB8:192:168:101::10
0
64500 64502 i

On the pod CE router, verify the IPv4 and IPv6 routing tables:
CE1#show ip route bgp
< text omitted >
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B
10.2.10.1/32 [20/0] via 192.168.101.10, 00:04:30
!
CE1#show ipv6 route bgp
< text omitted >
B
2001:DB8:10:2:10::1/128 [20/0]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0

Task 3 (Optional): Configure BGP Neighbor Authentication


In this task, you will enable BGP neighbor authentication between pod CE and PE routers.

Activity Procedure
Complete these steps:
Step 1

Note

2012 Cisco Systems, Inc.

Between pod CE and PE routers, enable BGP authentication for the IPv4 session.
Use password Cisco.
An already established BGP session will not go down automatically. On the PE router, use
the Cisco IOS XR clear bgp * command or Cisco IOS XE clear ip bgp * command to clear
the BGP session. Verify that the IPv4 BGP session between routers establishes back.

Lab Guide

45

Activity Verification
You have completed this task when you attain this result:

Verify that the IPv4 BGP session between the PE and CE routers has again established:
CE1#show ip bgp summary
< text omitted >
Neighbor
V
AS MsgRcvd MsgSent
OutQ Up/Down State/PfxRcd
192.168.101.10 4
64500
5
6
0 00:01:11
1

46

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

TblVer

InQ

2012 Cisco Systems, Inc.

Lab 5-1: Implement ACLs


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure and verify filtering using IPv4 and IPv6 access control lists
(ACLs). You will also configure antispoofing ACLs.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:

Configure and verify IPv4 ACL

Configure and verify IPv6 ACL

Configure and verify antispoofing

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx

Pod x

Configure IPv4
and IPv6 ACLs
Pod y

CEy

2012 Cisco and/or its affiliates. All rights reserved.

PEx

Configure and
verify antispoofing

PEy

SPNGN2 v1.01LG-14

Required Resources
These are the resources and equipment that are required to complete this activity:

A PC with access to the Internet

A SSH client that is installed on the PC

2012 Cisco Systems, Inc.

Lab Guide

47

Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command

Description

configure terminal

Enters configuration mode

interface interface

Enters interface configuration mode

ip address ip_address mask

Sets an IPv4 address for an interface and the subnet mask

ip router isis process_id

Enables IS-IS on an interface for IPv4

ipv6 address
ip_address/mask

Sets an IPv6 address for an interface and the subnet mask

ipv6 router isis


process_id

Enables IS-IS on an interface for IPv6

ping destination_address
source interface

Pings the specified address (IPv4 or IPv6) from the


specified interface

telnet destination_address

Performs a Telnet to specified address of device (IPv4 or


IPv6)

traceroute
destination_address

Traces path to destination address (IPv4 or IPv6)

Cisco IOS XR Software Commands

48

Command

Description

commit

Commits changes to the running configuration

configure terminal

Enters configuration mode

deny protocol source


[operator] [port]
destination [operator]
[port]

Creates a deny ACL entry

interface interface

Enters interface configuration mode

ipv4 access-group acl_name


ingress|egress

Applies an IPv4 ACL to an interface

ipv4 access-list acl_name

Creates an IPv4 ACL

ipv6 access-group acl_name


ingress|egress

Applies an IPv6 ACL to an interface

ipv6 access-list acl_name

Creates an IPv6 ACL

permit protocol source


[operator] [port]
destination [operator]
[port]

Creates a permit ACL entry

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 1: Configure IPv4 Filtering


In this task, you will configure IPv4 filtering using ACL. You will configure an IPv4 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.

Activity Procedure
Complete these steps:
Step 1

From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the
pod PE router using the ping and traceroute commands. From the pod CE router,
use the telnet command to connect to the pod PE router. The Telnet should be
successful.
CE1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
!
CE1#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 192.168.101.10 32 msec 0 msec *
!
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#

Note

If the Telnet is not successful, enable Telnet on the PE router.

Step 2

On the pod PE router, configure an IPv4 access list that will allow only ICMP and
Telnet traffic to the Loopback0 interface of the PE router from the pod CE router.
Permit all traffic to other IPv4 addresses on the pod PE router.

Step 3

On the pod PE router, apply the ACL to the interface.


To which interface do you have to apply the ACL?
____________________________________________________________________
In which direction?
____________________________________________________________________

2012 Cisco Systems, Inc.

Lab Guide

49

Activity Verification
You have completed this task when you attain these results:

From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/3/12 ms

From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 192.168.101.10 !A

!A

From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#

Task 2: Configure IPv6 Filtering


In this task, you will configure IPv6 filtering using ACL. You will configure an IPv6 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.

Activity Procedure
Complete these steps:
Step 1

From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the
pod PE router using the ping, traceroute, and telnet commands.
CE1#ping 2001:db8:10:1:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/0/4 ms

50

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

!
CE1#traceroute 2001:db8:10:1:1::1
Type escape sequence to abort.
Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 28 msec 0 msec 0 msec
!
CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open

User Access Verification


Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Note

If the Telnet is not successful, enable Telnet on the PE router.

Step 2

On the pod PE router, configure an IPv6 access list that will allow only ICMP and
Telnet traffic to the PE Loopback0 interface from the pod CE router. Permit all
traffic to other IPv6 addresses on the pod PE router.

Step 3

On the pod PE router, apply the ACL to the interface.

Activity Verification
You have completed this task when you attain these results:

From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 2001:db8:10:1:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/1/4 ms

From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 2001:db8:10:1:1::1
Type escape sequence to abort.
Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 !A

!A

!A

From the pod CE route,r verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.

2012 Cisco Systems, Inc.

Lab Guide

51

CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#

Task 3 (Optional): Configure Antispoofing ACLs


In this task, you will configure antispoofing ACL to prevent IPv4 and IPv6 address spoofing
attacks. You will configure antispoofing ACLs on the pod PE router.

Activity Procedure
Complete these steps:
Step 1

On the pod PE router, remove the existing IPv4 ACL and create a new IPv4 ACL
(with same ACL name) to prevent IP spoofing from the pod CE router. Allow only
packets that have a source IP address either from the CE router Loopback0 or first
Gigabit Ethernet interface. The functionality of the existing ACL should remain the
same.

Step 2

On the pod PE router, edit the existing IPv6 ACL to prevent IP spoofing from the
pod CE router. Allow only packets that have a source IP address either from the CE
router Loopback0 or first Gigabit Ethernet interface. The functionality of the
existing ACL should remain the same.

Step 3

On the pod CE router, create a new loopback (Loopback10) interface on the CE


router. Add the Loopback10 interface to the IS-IS routing process for IPv4 and IPv6.
Configure the Loopback10 interface with the following addresses:
IPv4 address: 172.16.0.x 255.255.255.255
IPv6 address: 2001:db8:172:16::x/128

Activity Verification
You have completed this task when you attain this result:

From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should not be successful
CE1#ping 10.1.1.1 source Loopback10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
Packet sent with a source address of 172.16.0.1
U.U.U
Success rate is 0 percent (0/5)
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10

Type escape sequence to abort.

52

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout


is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
AAAAA
Success rate is 0 percent (0/5)
Step 4

Remove the IPv4 and IPv6 access list from the interface.

From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should be successful
CE1#ping 10.1.1.1 source Loopback10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2
seconds:
Packet sent with a source address of 172.16.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
0/0/4 ms

2012 Cisco Systems, Inc.

Lab Guide

53

Lab 6-1: Manage Cisco IOS XR Package


Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this lab activity, you will perform software maintenance operations on the Cisco IOS XR
router.
After completing this activity, you will be able to meet these objectives:

Install the Cisco IOS XR Software package

Uninstall the Cisco IOS XR Software package

Perform configuration commit and configuration rollback

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx

Pod x

PEx

Manage Cisco
IOS XR Software
Commit and rollback
configuration

CEy

Pod y

2012 Cisco and/or its affiliates. All rights reserved.

PEy

SPNGN2 v1.01LG-15

Required Resources
These are the resources and equipment that are required to complete this activity:

54

A PC with access to the Internet

A SSH client that is installed on the PC

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Command List
The table describes the commands that are used in this lab activity.
Cisco IOS XR Commands
Command

Description

configure terminal

Enters configuration mode

enable

Enters router privilege mode

install activate

Activates software package

install add

Upgrades or installs software package

install commit

Makes the package activation persistent across


reloads

install deactivate

Deactivates software package

install remove

Removes software package

ping ip_address

Verifies connectivity of IP address

show configuration commit changes


last <n>

Displays the details of all changes that are made


during a span of changes

show configuration commit list

Displays the commit IDs for the available rollback


points

show install active

Displays the active software on the router

show install inactive

Displays the inactive software on the router

show running-config

Displays running configuration

rollback configuration last <n>

Rolls back configuration to the last <n> commits


made

2012 Cisco Systems, Inc.

Lab Guide

55

Task 1: Uninstall Cisco IOS XR Package


In this task, you will deactivate and remove one of the Cisco IOS XR Software packages.

Activity Procedure
Complete these steps on the pod router PE (Cisco IOS XR Software only):
Step 1

Verify which software packages are active.

RP/0/RSP0/CPU0:PE1#show install active


Mon Jul 10 07:30:53.991 UTC
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mgbl-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Node 0/0/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Step 2

Deactivate software package asr9k-mgbl-p-4.1.0 located at disk0 and wait for the
process to end.

Step 3

Commit the deactivation of the package.

Step 4

Verify that software package asr9k-mgbl-p-4.1.0 is inactive.

RP/0/RSP0/CPU0:PE1(admin)#show install inactive


Mon Jul 10 07:37:17.840 UTC
Secure Domain Router: Owner
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Inactive Packages:
disk0:asr9k-mgbl-p-4.1.0
Step 5

Remove inactive software package asr9k-mgbl-p-4.1.0 and wait for the process to
end.

Activity Verification
Complete lab activity verification:

56

On the pod PE router (Cisco IOS XR Software only), verify which software packages are
active.

On the pod PE router (Cisco IOS XR Software only), verify that software package asr9kmgbl-p-4.1.0 is inactive.

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 2: Install Cisco IOS XR Package


In this task, you will install and activate one of the Cisco IOS XR software packages.

Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1

On the pod PE router, verify that PIE file asr9k-mgbl-p.pie-4.1.0 is located at disk0.

RP/0/RSP0/CPU0:PE1(admin)#dir disk0: | include mgbl


Mon Jul 10 08:16:30.505 UTC
5411168
-rwx 6215998
Mon Jul 10 08:16:17 2000

asr9k-mgbl-p.pie-4.1.0

Step 2

Install software package MGBL using PIE file asr9k-mgbl-p.pie-4.1.0 located at


disk0 and wait for the process to end.

Step 3

Activate software package disk0:asr9k-mgbl-p-4.1.0.

Step 4

Commit the activation of the package.

Activity Verification
Complete lab activity verification:

Verify that software package asr9k-mgbl-p-4.1.0 is installed and activated:

RP/0/RSP0/CPU0:PE1(admin)#show install active


Sun Sep 25 09:38:54.088 UTC
Secure Domain Router: Owner
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mgbl-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Node 0/0/CPU0 [LC] [SDR: Owner]
Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0

2012 Cisco Systems, Inc.

Lab Guide

57

Task 3: Configuration Management


In this task, you will perform the configuration commit and test configuration rollback
procedure.

Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1

Change the hostname to Test and commit the configuration.

Step 2

Check the available configuration rollback points.

RP/0/RSP0/CPU0:Test(config)#show configuration
Mon Jul 10 08:03:38.893 UTC
SNo. Label/ID
User
Line
~~~~ ~~~~~~~~
~~~~
~~~~
1
1000000327 root
con0_RSP0_CPU0
2000
2
1000000326 root
con0/RSP0/CPU0
2000
3
1000000325 root
con0_RSP0_CPU0
2000
4
1000000324 root
con0_RSP0_CPU0
2000
5
1000000323 root
con0_RSP0_CPU0
2000
6
1000000322 root
con0_RSP0_CPU0
2000
< output omitted >
Step 3

commit list
Client
~~~~~~
CLI

Time Stamp
~~~~~~~~~~
Mon Jul 10 08:01:21

cfgmgr-ins

Mon Jul 10 07:33:26

CLI

Mon Jul 10 07:17:33

CLI

Mon Jul 10 06:59:42

CLI

Mon Jul 10 06:50:22

CLI

Mon Jul 10 06:34:18

Check the configuration details for last configuration commit.

RP/0/RSP0/CPU0:Test(config)#show configuration commit changes 1000000327


Mon Jul 10 08:04:51.028 UTC
Building configuration...
!! IOS XR Configuration 4.1.0
hostname Test
end
Step 4

Roll back configuration to the last commit made.

Activity Verification
Complete lab activity verification:

Check the available configuration rollback points.

Check the configuration details for last configuration commit.

Verify that the hostname of pod PE router is not Test anymore:

RP/0/RSP0/CPU0:PE1#

58

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.

Lab 2-1 Answer Key: Configure Advanced Switching


When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure VLANs


During this task, you need to enter the following commands:
Step 4

Remove IP addressing from the GigabitEthernet0/1 interface on the CE (Cisco IOS)


router:
interface GigabitEthernet0/1
no ip address
no ipv6 address

Step 5

Remove IP addressing from the GigabitEthernet0/0 interface and assign IP addresses


to the GigabitEthernet0/1 interface on the CE (Cisco IOS) router:
interface GigabitEthernet0/0
no ip address
no ipv6 address
!
interface GigabitEthernet0/1
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80

Step 6

Create VLANs on the pod and shared switches:


vlan 10
vlan 20

Step 7

On the shared switch, configure the CE facing ports:


interface FastEthernet0/1
switchport mode access
switchport access vlan 10
port-type nni
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 20
port-type nni

Step 6

On the pod switch, configure the CE and PE facing ports:


interface FastEthernet0/1
switchport mode access
switchport access vlan 10
port-type nni
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 10

2012 Cisco Systems, Inc.

Lab Guide

59

port-type nni

Task 2: Configure Trunking


During this task, you need to enter the following commands:
Step 1

Enable trunking on the pod switch:


interface FastEthernet 0/21
switchport mode trunk
switchport trunk allowed vlan 1,10,20
port-type nni
!
interface FastEthernet 0/23
switchport mode trunk
switchport trunk allowed vlan 1,10,20
port-type nni

Step 2

Enable trunking on the shared switch:


interface FastEthernet 0/21
switchport mode trunk
switchport trunk allowed vlan 1,10,20
port-type nni
!
interface FastEthernet 0/23
switchport mode trunk
switchport trunk allowed vlan 1,10,20
port-type nni

Task 3: Configure RSTP


During this task, you need to enter the following commands:
Step 3

Root switch for both VLANs:


VLAN 10 root switch: SW12
VLAN 20 root switch: SW12

Step 4

Blocking port for each VLAN:


VLAN 10 blocking port: Port: FastEthernet0/21 Switch: SW1
VLAN 20 blocking port: Port: FastEthernet0/21 Switch: SW1

Step 5

Optimize RSTP operations:


SW1:
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary

SW2:
spanning-tree vlan 20 root primary
spanning-tree vlan 10 root secondary
Step 6

Find the blocking port for each VLAN:


VLAN 10 blocking port: Port: FastEthernet0/21 Switch: SW12
VLAN 20 blocking port: Port: FastEthernet0/23 Switch: SW12

60

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 4 (Optional): Configure MST


During this task, you need to enter the following commands:
Step 1

On the pod and shared switches, set MST mode:


spanning-tree mode mst

Step 2

On the pod and shared switches, configure MST:


spanning-tree mst configuration
name LAB
revision 1
instance 1 vlan 10
instance 2 vlan 20

Step 3

Configure the pod switch to be the root for the MST instance:
SW1
spanning-tree mst 1 root primary

SW2
spanning-tree mst 2 root primary

Lab 2-2 Answer Key: Configure Inter-VLAN Routing and


Gateway Redundancy
When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure and Verify Inter-VLAN Routing


During this task, you need to enter the following commands:
Step 1

Configure trunk:
SW1 and SW2 (Cisco IOS Software):
interface FastEthernet0/2
switchport trunk allowed vlan 10,20
switchport mode trunk

Step 2

The IPv4 and IPv6 address assigned:


PE1 (Cisco IOS XR Software):
IPv4: 192.168.101.10
IPv6: 2001:db8:192:168:101::10
PE2 (Cisco IOS XE Software):
IPv4: 192.168.102.20
IPv6: 2001:db8:192:168:102::20

Step 3

Remove the IPv4 and IPv6 addresses from the interface:


PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0
no ipv4 address
no ipv6 address
!
commit

2012 Cisco Systems, Inc.

Lab Guide

61

PE2 (Cisco IOS XE):


interface GigabitEthernet0/0/0
no ip address
no ipv6 address
Step 4

Create subinterfaces on the pod PE router:


PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0.10
ipv4 address 192.168.101.10 255.255.255.0
ipv6 address 2001:db8:192:168:101::10/80
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/0.20
ipv4 address 192.168.102.22 255.255.255.0
ipv6 address 2001:db8:192:168:102::22/80
encapsulation dot1q 20
!
commit

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/0.10
encapsulation dot1q 10
ip address 192.168.101.12 255.255.255.0
ipv6 address 2001:db8:192:168:101::12/80
!
interface GigabitEthernet0/0/0.20
encapsulation dot1q 20
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 5

Create an IPv6 default route on the CE router:


CE1:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:101::10

CE2:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:102::20

Task 2: Configure HSRP


During this task, you need to enter the following commands:
Step 1

On the pod PE routers, enable HSRP for IPv4:


PE1 (Cisco IOS XR):
router hsrp
interface GigabitEthernet0/0/0/0.10
hsrp 1 preempt
hsrp 1 ipv4 192.168.101.13
hsrp 1 priority 150
!
interface GigabitEthernet0/0/0/0.20
hsrp 2 preempt
hsrp 2 ipv4 192.168.102.23

62

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

!
commit

PE2 (Cisco IOS XE):


interface GigabitEthernet0/0/0.10
standby 1 ip 192.168.101.13
standby 1 preempt
!
interface GigabitEthernet0/0/0.20
standby 2 ip 192.168.102.23
standby 2 preempt
standby 2 priority 150
Step 2

Configure a static default route:


CE1:
ip route 0.0.0.0 0.0.0.0 192.168.101.13

CE2:
ip route 0.0.0.0 0.0.0.0 192.168.102.23
Step 3

Enable the interface and remove HSRP configuration:


PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0.10
no shutdown
!
no router hsrp
!
commit

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/0.10
no standby 1
!
interface GigabitEthernet0/0/0.20
no shutdown
no standby 2

Task 3: Configure VRRP


During this task, you need to enter the following commands:
Step 1

Enable VRRP for IPv4:


PE1 (Cisco IOS XR Software):
router vrrp
interface GigabitEthernet0/0/0/0.10
address-family ipv4
vrrp 1
priority 150
address 192.168.101.13
!
interface GigabitEthernet0/0/0/0.20
address-family ipv4
vrrp 2

2012 Cisco Systems, Inc.

Lab Guide

63

address 192.168.102.23
!
commit

PE2 (Cisco IOS XE):


interface GigabitEthernet0/0/0.10
vrrp 1 ip 192.168.101.13
!
interface GigabitEthernet0/0/0.20
vrrp 2 ip 192.168.102.23
vrrp 2 priority 150
Step 2

Enable the interface and remove VRRP configuration:


PE1 (Cisco IOS XR):
interface GigabitEthernet0/0/0/0.10
no shutdown
!
no router vrrp
!
commit

PE2 (Cisco IOS XE):


interface GigabitEthernet0/0/0.10
no vrrp 1
!
interface GigabitEthernet0/0/0.20
no shutdown
no vrrp 2
Step 3

On the PE router, remove subinterfaces and configure IP addresses:


PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0.10
no ipv4 address
no ipv6 address
no encapsulation dot1q 10
no interface GigabitEthernet0/0/0/0.10
!
interface GigabitEthernet0/0/0/0.20
no ipv4 address
no ipv6 address
no encapsulation dot1q 20
no interface GigabitEthernet0/0/0/0.20
!
interface GigabitEthernet0/0/0/0
ipv4 address 192.168.101.10 255.255.255.0
ipv6 address 2001:db8:192:168:101::10/80
!
commit

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/0.10
64

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

no ip address
no ipv6 address
no encapsulation dot1q 10
no interface GigabitEthernet0/0/0.10
!
interface GigabitEthernet0/0/0.20
no ip address
no ipv6 address
no encapsulation dot1q 20
no interface GigabitEthernet0/0/0.20
!
interface GigabitEthernet0/0/0
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 4

Configure access port:


SW1 (Cisco IOS Software):
interface FastEthernet0/2
switchport access vlan 10
switchport mode access

SW2 (Cisco IOS Software):


interface FastEthernet0/2
switchport access vlan 20
switchport mode access
Step 5

Reconfigure interfaces:
CE1 (Cisco IOS Software):
interface GigabitEthernet0/1
shutdown
no ip address
no ipv6 address
!
interface GigabitEthernet0/0
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80

CE2 (Cisco IOS Software):


interface GigabitEthernet0/1
shutdown
no ip address
no ipv6 address
!
interface GigabitEthernet0/0
ip address 192.168.102.21 255.255.255.0
ipv6 address 2001:DB8:192:168:102::21/80

2012 Cisco Systems, Inc.

Lab Guide

65

Lab 3-1 Answer Key: Implement OSPF


When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure OSPFv2


During this task, you need to enter the following commands:
Step 1

Configure loopback interface:

CE1 (Cisco IOS Software):


interface Loopback0
ip address 10.1.10.1 255.255.255.255

PE1 (Cisco IOS XR Software):


interface Loopback0
ipv4 address 10.1.1.1 255.255.255.255
!
commit

CE2 (Cisco IOS Software):


interface Loopback0
ip address 10.2.10.1 255.255.255.255

PE2 (Cisco IOS XE Software):


interface Loopback0
ip address 10.2.1.1 255.255.255.255
Step 2

Enable OSPFv2 routing:

CE1 (Cisco IOS Software):


router ospf 1
network 10.1.10.1 0.0.0.0 area 0
network 192.168.101.0 0.0.0.255 area 0

PE1 (Cisco IOS XR Software):


router ospf 1
area 0
interface Loopback0
interface GigabitEthernet0/0/0/0
!
commit

CE2 (Cisco IOS Software):


router ospf 1
network 10.2.10.1 0.0.0.0 area 0
network 192.168.102.0 0.0.0.255 area 0

PE2 (Cisco IOS XE Software):


router ospf 1
network 10.2.1.1 0.0.0.0 area 0
network 192.168.102.0 0.0.0.255 area 0

66

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Task 2: Configure OSPFv3


During this task, you need to enter the following commands:
Step 1

Configure the IPv6 address on the Loopback0 interface:

CE1 (Cisco IOS Software):


interface Loopback0
ipv6 address 2001:DB8:10:1:10::1/128

PE1 (Cisco IOS XR Software):


interface Loopback0
ipv6 address 2001:db8:10:1:1::1/128
!
commit

CE2 (Cisco IOS Software):


interface Loopback0
ipv6 address 2001:DB8:10:2:10::1/128

PE2 (Cisco IOS XE Software):


interface Loopback0
ipv6 address 2001:db8:10:2:1::1/128
Step 2

Enable OSPFv3 routing:

CE1 (Cisco IOS Software):


ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
interface GigabitEthernet0/0
ipv6 enable
ipv6 ospf 1 area 0

PE1 (Cisco IOS XR Software):


router ospfv3 1
area 0
interface Loopback0
interface GigabitEthernet0/0/0/0
!
commit

CE2 (Cisco IOS Software):


ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
interface GigabitEthernet0/0
ipv6 enable
ipv6 ospf 1 area 0
2012 Cisco Systems, Inc.

Lab Guide

67

PE2 (Cisco IOS XE Software):


ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
interface GigabitEthernet0/0/0
ipv6 ospf 1 area 0

Task 3 (Optional): Configure OSPFv2 Authentication


During this task, you need to enter the following commands:
Step 1

Enable MD5 authentication on the PE router (Cisco IOS XR Software):

CE1 (Cisco IOS Software):


interface GigabitEthernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco

PE1 (Cisco IOS XR Software):


router ospf 1
area 0
authentication message-digest
message-digest-key 1 md5 cisco
!
commit

CE2 (Cisco IOS Software):


interface GigabitEthernet0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco

PE2 (Cisco IOS XE Software):


router ospf 1
area 0 authentication message-digest
!
interface GigabitEthernet0/0/0
ip ospf message-digest-key 1 md5 cisco

Lab 3-2 Answer Key: Implement IS-IS


When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure IS-IS for IPv4


During this task, you need to enter the following commands:
Step 1

Create a NET address:


PE1: 49.0000.0100.0100.1001.00
CE1: 49.0000.0100.0101.0001.00

68

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Step 2

Enable the IS-IS process and configure NET:


CE1 (Cisco IOS Software):
router isis 1
net 49.0000.0100.0101.0001.00

PE1 (Cisco IOS XR Software):


router isis 1
net 49.0000.0100.0100.1001.00
!
commit

CE2 (Cisco IOS Software):


router isis 1
net 49.0000.0100.0201.0001.00

PE2 (Cisco IOS XE Software):


router isis 1
net 49.0000.0100.0200.1001.00
Step 3

Change the IS-IS router type and enable wide-style metrics for IPv4:
CE1 (Cisco IOS Software):
router isis 1
is-type level-2-only
metric-style wide

PE1 (Cisco IOS XR Software):


router isis 1
is-type level-2-only
address-family ipv4 unicast
metric-style wide
!
commit

CE2 (Cisco IOS Software):


router isis 1
is-type level-2-only
metric-style wide

PE2 (Cisco IOS XE Software):


router isis 1
is-type level-2-only
metric-style wide
Step 4

Change IS-IS administrative distance for IPv4:


CE1 (Cisco IOS Software):
router isis 1
distance 105 ip

PE1 (Cisco IOS XR Software):


router isis 1
address-family ipv4 unicast
distance 105
!
2012 Cisco Systems, Inc.

Lab Guide

69

commit

CE2 (Cisco IOS Software):


router isis 1
distance 105 ip

PE2 (Cisco IOS XE Software):


router isis 1
distance 105 ip
Step 5

Enable IS-IS for IPv4 on interfaces:


CE1 (Cisco IOS Software):
interface Loopback0
ip router isis 1
!
interface GigabitEthernet0/0
ip router isis 1

PE1 (Cisco IOS XR Software):


router isis 1
interface Loopback0
address-family ipv4 unicast
!
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
!
commit

CE2 (Cisco IOS Software):


interface Loopback0
ip router isis 1
!
interface GigabitEthernet0/0
ip router isis 1

PE2 (Cisco IOS XE Software):


interface Loopback0
ip router isis 1
!
interface GigabitEthernet0/0/0
ip router isis 1

Task 2: Configure IS-IS for IPv6


During this task, you need to enter the following commands:
Step 1

Enable wide-style metrics for IPv6 on the PE1 router (Cisco IOS XR Software):
router isis 1
address-family ipv6 unicast
metric-style wide
!
commit

70

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Step 2

Change IS-IS administrative distance for IPv6:


CE1 (Cisco IOS Software):
router isis 1
address-family ipv6 unicast
distance 105

PE1 (Cisco IOS XR Software):


router isis 1
address-family ipv6 unicast
distance 105
!
commit

CE2 (Cisco IOS Software):


router isis 1
address-family ipv6 unicast
distance 105

PE2 (Cisco IOS XE Software):


router isis 1
address-family ipv6 unicast
distance 105
Step 3

Configure single-topology IS-IS for IPv6 on the PE1 router (Cisco IOS XR
Software):
router isis 1
address-family ipv6 unicast
single-topology
!
commit

Step 4

Enable IS-IS for IPv6 on interfaces:


CE1 (Cisco IOS Software):
interface Loopback0
ipv6 router isis 1
!
interface GigabitEthernet0/0
ipv6 router isis 1

PE1 (Cisco IOS XR Software):


router isis 1
interface Loopback0
address-family ipv6 unicast
!
interface GigabitEthernet0/0/0/0
address-family ipv6 unicast
!
commit

CE2 (Cisco IOS Software):


interface Loopback0
ipv6 router isis 1
!
2012 Cisco Systems, Inc.

Lab Guide

71

interface GigabitEthernet0/0
ipv6 router isis 1

PE2 (Cisco IOS XE Software):


interface Loopback0
ipv6 router isis 1
!
interface GigabitEthernet0/0/0
ipv6 router isis 1

Task 3 (Optional): Configure IS-IS Authentication


During this task, you need to enter the following commands:
Step 1

Enable MD5 IS-IS LSP and hello packets authentication:


CE1 (Cisco IOS Software):
key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
authentication mode md5
authentication key-chain ISIS
!
interface GigabitEthernet0/0
isis authentication mode md5
isis authentication key-chain ISIS

PE1 (Cisco IOS XR Software):


router isis 1
lsp-password hmac-md5 cisco
!
interface GigabitEthernet0/0/0/0
hello-password hmac-md5 cisco
!
commit

CE2 (Cisco IOS Software):


key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
authentication mode md5
authentication key-chain ISIS
!
interface GigabitEthernet0/0
isis authentication mode md5
isis authentication key-chain ISIS

PE2 (Cisco IOS XE Software):


72

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

key chain ISIS


key 1
key-string cisco
exit
!
router isis 1
authentication mode md5
authentication key-chain ISIS
!
interface GigabitEthernet0/0/0
isis authentication mode md5
isis authentication key-chain ISIS

Lab 4-1 Answer Key: Configure Basic BGP


When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure BGP Process and BGP Peering


During this task, you need to enter the following commands:
Step 1

Configure EBGP:

CE1 (Cisco IOS Software):


router bgp 64501
neighbor 2001:DB8:192:168:101::10 remote-as 64500
neighbor 192.168.101.10 remote-as 64500
!
address-family ipv4
no neighbor 2001:DB8:192:168:101::10 activate
neighbor 192.168.101.10 activate
!
address-family ipv6
neighbor 2001:DB8:192:168:101::10 activate

PE1 (Cisco IOS XR Software):


router bgp 64500
address-family ipv4 unicast
!
address-family ipv6 unicast
!
neighbor 192.168.101.11
remote-as 64501
address-family ipv4 unicast
!
!
neighbor 2001:db8:192:168:101::11
remote-as 64501
address-family ipv6 unicast
!
commit
2012 Cisco Systems, Inc.

Lab Guide

73

CE2 (Cisco IOS Software):


router bgp 64502
neighbor 2001:DB8:192:168:102::20 remote-as 64500
neighbor 192.168.102.20 remote-as 64500
!
address-family ipv4
no neighbor 2001:DB8:192:168:102::20 activate
neighbor 192.168.102.20 activate
!
address-family ipv6
neighbor 2001:DB8:192:168:102::20 activate

PE2 (Cisco IOS XE Software):


router bgp 64500
neighbor 2001:DB8:192:168:102::21 remote-as 64502
neighbor 192.168.102.21 remote-as 64502
!
address-family ipv4
no neighbor 2001:DB8:192:168:102::21 activate
neighbor 192.168.102.21 activate
!
address-family ipv6
neighbor 2001:DB8:192:168:102::21 activate
Step 2

Enable link and IS-IS routing between PE routers:

PE1 (Cisco IOS XR Software):


interface GigabitEthernet0/0/0/1
ipv4 address 192.168.112.10 255.255.255.0
ipv6 address 2001:db8:192:168:112::10/80
no shutdown
!
router isis 1
interface GigabitEthernet0/0/0/1
hello-password hmac-md5 cisco
address-family ipv4 unicast
address-family ipv6 unicast
!
commit

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/1
ip address 192.168.112.20 255.255.255.0
ipv6 address 2001:db8:192:168:112::20/80
no shutdown
ip router isis 1
ipv6 enable
ipv6 router isis 1
isis authentication mode md5
isis authentication key-chain ISIS

74

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Step 3

Configure IBGP:

PE1 (Cisco IOS XR Software):


router bgp 64500
neighbor 10.2.1.1
remote-as 64500
update-source Loopback0
address-family ipv4 unicast
!
neighbor 2001:db8:10:2:1::1
remote-as 64500
update-source Loopback0
address-family ipv6 unicast
!
commit

PE2 (Cisco IOS XE Software):


router bgp 64500
neighbor 10.1.1.1 remote-as 64500
neighbor 10.1.1.1 update-source Loopback0
neighbor 2001:DB8:10:1:1::1 remote-as 64500
neighbor 2001:DB8:10:1:1::1 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
no neighbor 2001:DB8:10:1:1::1 activate
!
address-family ipv6
neighbor 2001:DB8:10:1:1::1 activate

Task 2: Configure BGP to Advertise a Network


During this task, you need to enter the following commands:
Step 1

Enable the CE router to advertise the IPv4 and IPv6 addresses:

CE1 (Cisco IOS Software):


router bgp 64501
address-family ipv4
network 10.1.10.1 mask 255.255.255.255
address-family ipv6
network 2001:DB8:10:1:10::1/128

CE2 (Cisco IOS Software):


router bgp 64502
address-family ipv4
network 10.2.10.1 mask 255.255.255.255
address-family ipv6
network 2001:DB8:10:2:10::1/128
Step 2

Create a route policy and apply it in inbound and outbound directions on the PE1
router (Cisco IOS XR Software):
route-policy ALLOW_ALL

2012 Cisco Systems, Inc.

Lab Guide

75

pass
end-policy
!
router bgp 64500
neighbor 192.168.101.11
address-family ipv4 unicast
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
neighbor 2001:db8:192:168:101::11
address-family ipv6 unicast
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
commit

Task 3 (Optional): Configure BGP Neighbor Authentication


During this task, you need to enter the following commands:
Step 1

Enable BGP authentication:

CE1 (Cisco IOS Software):


router bgp 64501
neighbor 192.168.101.10 password cisco

PE1 (Cisco IOS XR Software):


router bgp 64500
neighbor 192.168.101.11
password cisco
!
commit

CE2 (Cisco IOS Software):


router bgp 64502
neighbor 192.168.102.20 password cisco

PE2 (Cisco IOS XE Software):


router bgp 64500
neighbor 192.168.102.21 password cisco

Lab 5-1 Answer Key: Implement ACLs


When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:

Task 1: Configure IPv4 Filtering


During this task, you need to enter the following commands:
Step 1

Configure ACL:

PE1 (Cisco IOS XR):


ipv4 access-list FILTER
permit icmp any host 10.1.1.1
76

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

permit tcp any host 10.1.1.1 eq telnet


deny ipv4 any host 10.1.1.1
permit ipv4 any any
!
commit

PE2 (Cisco IOS XE Software):


ip access-list extended FILTER
permit icmp any host 10.2.1.1
permit tcp any host 10.2.1.1 eq telnet
deny ip any host 10.2.1.1
permit ip any any
Step 2

The ACL should be applied in the inbound direction to the first Gigabit Ethernet
interface.

PE1 (Cisco IOS XR Software):


interface GigabitEthernet0/0/0/0
ipv4 access-group FILTER ingress
!
commit

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/0
ip access-group FILTER in

Task 2: Configure IPv6 Filtering


During this task, you need to enter the following commands:
Step 2

Configure ACL:

PE1 (Cisco IOS XR Software):


ipv6 access-list FILTER
permit icmpv6 any host 2001:db8:10:1:1::1
permit tcp any host 2001:db8:10:1:1::1 eq telnet
deny ipv6 any host 2001:db8:10:1:1::1
permit ipv6 any any
!
commit

PE2 (Cisco IOS XE Software):


ipv6 access-list FILTERv6
permit icmp any host 2001:db8:10:2:1::1
permit tcp any host 2001:db8:10:2:1::1 eq telnet
deny ipv6 any host 2001:db8:10:2:1::1
permit ipv6 any any
Step 3

Apply the ACL to the interface:

PE1 (Cisco IOS XR Software):


interface GigabitEthernet0/0/0/0
ipv6 access-group FILTER ingress
!
commit

2012 Cisco Systems, Inc.

Lab Guide

77

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/0
ipv6 traffic-filter FILTERv6 in

Task 3 (Optional): Configure Antispoofing ACLs


During this task, you need to enter the following commands:
Step 1

Edit the IPv4 ACL:

PE1 (Cisco IOS XR Software):


no ipv4 access-list FILTER
ipv4 access-list FILTER
permit icmp host 192.168.101.11 host 10.1.1.1
permit icmp host 10.1.10.1 host 10.1.1.1
permit tcp host 192.168.101.11 host 10.1.1.1 eq telnet
permit tcp host 10.1.10.1 host 10.1.1.1 eq telnet
deny ipv4 host 192.168.101.11 host 10.1.1.1
deny ipv4 host 10.1.10.1 host 10.1.1.1
permit ipv4 host 192.168.101.11 any
permit ipv4 host 10.1.10.1 any
!
commit

PE2 (Cisco IOS XE Software):


no ip access-list extended FILTER
ip access-list extended FILTER
permit icmp host 192.168.102.21 host 10.2.1.1
permit icmp host 10.2.10.1 host 10.2.1.1
permit tcp host 192.168.102.21 host 10.2.1.1 eq telnet
permit tcp host 10.2.10.1 host 10.2.1.1 eq telnet
deny ip host 192.168.102.21 host 10.2.1.1
deny ip host 10.2.10.1 host 10.2.1.1
permit ip host 192.168.102.21 any
permit ip host 10.2.10.1 any
Step 2

Edit the IPv6 ACL:

PE1 (Cisco IOS XR Software):


no ipv6 access-list FILTER
ipv6 access-list FILTER
permit icmpv6 host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1
permit icmpv6 host 2011:DB8:10:1:10::1 host
2001:db8:10:1:1::1
permit tcp host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1 eq telnet
permit tcp host 2011:DB8:10:1:10::1 host 2001:db8:10:1:1::1
eq telnet
deny ipv6 host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1
deny ipv6 host 2011:DB8:10:1:10::1 host 2001:db8:10:1:1::1
permit ipv6 host 2001:DB8:192:168:101::11 any
permit ipv6 host 2001:db8:10:1:10::1 any
78

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

!
commit

PE2 (Cisco IOS XE Software):


no ipv6 access-list FILTERv6
ipv6 access-list FILTERv6
permit icmp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
permit icmp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit tcp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1 eq telnet
permit tcp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1 eq
telnet
deny ipv6 host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
deny ipv6 host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit ipv6 host 2001:DB8:192:168:102::21 any
permit ipv6 host 2001:db8:10:2:10::1 any
Step 3

Create a new loopback and add the interface to IS-IS:

CE1 and CE2 (Cisco IOS Software):


interface Loopback10
ip address 172.16.0.1 255.255.255.255
ip router isis 1
ipv6 address 2001:DB8:172:16::1/128
ipv6 router isis 1
Step 4

Remove the IPv4 and IPv6 access list from the interface:

PE1 (Cisco IOS XR Software):


interface GigabitEthernet0/0/0/0
no ipv4 access-group FILTER ingress
no ipv6 access-group FILTER ingress
!
commit

PE2 (Cisco IOS XE Software):


interface GigabitEthernet0/0/0
no ip access-group FILTER in
no ipv6 traffic-filter FILTERv6 in

Lab 6-1 Answer Key: Manage Cisco IOS XR Package


When you complete this lab activity, device configuration and device outputs will be similar to
the results shown here, with differences that are specific to your Pod.

Task 1: Uninstall Cisco IOS XR Package


Complete these steps on the pod PE router (Cisco IOS XR Software):
Step 2

Deactivate software package:

RP/0/RSP0/CPU0:PE1#admin
Mon Jul 10 07:32:57.892 UTC
RP/0/RSP0/CPU0:PE1(admin)#install deactivate disk0:asr9k-mgbl-p-4.1.0
Mon Jul 10 07:33:05.945 UTC
2012 Cisco Systems, Inc.

Lab Guide

79

Install operation 19 '(admin) install deactivate disk0:asr9k-mgbl-p-4.1.0'


started by user 'root' via CLI at 07:33:06 UTC Mon Jul 10 2000.
RP/0/RSP0/CPU0:Jul 10 07:33:06.403 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 19 '(admin) install deactivate
disk0:asr9k-mgbl-p-4.1.0' started by user 'root'
Info:
Install Method: Parallel Process Restart
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#Info:
SDR Owner: Detected incompatibility
between the activated software
Info:
and router running configuration.
Info:
SDR Owner: Removing the incompatible configuration from the running
Info:
configuration.
Info:
SDR Owner: Use the "show configuration removed 20000710073325.cfg"
Info:
command to view the removed config.
Info:
NOTE: You must address the incompatibility issues with the
Info:
removed configuration above and re-apply it to the running
Info:
configuration as required. To address these issues enter
Info:
configuration mode and use the
Info:
"load configuration removed 20000710073325.cfg" and "commit"
Info:
commands.
RP/0/RSP0/CPU0:Jul 10 07:33:28.481 : insthelper[65]: %MGBL-CONFIG-6-DB_COMMIT
: Configuration committed by user 'root'. Use 'show configuration commit
changes 1000000326' to view the changes.
RP/0/RSP0/CPU0:Jul 10 07:33:28.486 : insthelper[65]: %MGBL-CONFIG-6-PKG : Some
incompatible configuration was removed from the running configuration during
this software activation/deactivation operation and saved in file
'20000710073325.cfg'. To address the incompatibility issue enter configuration
mode and use the 'load configuration removed 20000710073325.cfg' and 'commit'
commands.
RP/0/RSP0/CPU0:Jul 10 07:33:54.450 : sysmgr[95]: %OS-SYSMGR-7INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:Jul 10 07:33:54.639 : schema_server[1159]: %MGBL-SCHEMA-6VERSIONCHANGE : A schema version change has occurred due to the unload of
schema file 'ciscosensormib_cfg.schema'. Any management applications which use
the schema may wish to update to the appropriate schema version.
RP/0/RSP0/CPU0:Jul 10 07:34:00.510 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED
: software installation is finished
RP/0/RSP0/CPU0:Jul 10 07:34:04.726 : insthelper[65]: ISSU: Starting sysdb bulk
start session
Info:
The changes made to software configurations will not be persistent
Info:
across system reloads. Use the command '(admin) install commit' to
Info:
make changes persistent.
Info:
Please verify that the system is consistent following the software
Info:
change using the following commands:
Info:
show system verify
Info:
install verify packages
RP/0/RSP0/CPU0:Jul 10 07:34:08.850 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used. Use
'install commit' to commit the active software.
RP/0/RSP0/CPU0:Jul 10 07:34:08.851 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 19 completed
successfully
Install operation 19 completed successfully at 07:34:08 UTC Mon Jul 10 2000.
Step 3

Commit the deactivation of the package:

RP/0/RSP0/CPU0:PE1(admin)#install commit
Mon Jul 10 07:34:52.226 UTC
Install operation 20 '(admin) install commit' started by user 'root' via CLI
at
RP/0/RSP0/CPU0:Jul 10 07:34:52.562 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 20 '(admin) install commit'
started by user 'root'
07:34:52 UTC Mon Jul 10 2000.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Jul 10 07:34:55.775 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
80

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

RP/0/RSP0/CPU0:Jul 10 07:34:55.776 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 20 completed


successfully
Install operation 20 completed successfully at 07:34:55 UTC Mon Jul 10 2000.
Step 4

Remove inactive software:

RP/0/RSP0/CPU0:PE1(admin)#install remove disk0:asr9k-mgbl-p-4.1.0


Mon Jul 10 07:38:44.530 UTC
RP/0/RSP0/CPU0:Jul 10 07:38:44.742 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 21 '(admin) install remove
disk0:asr9k-mgbl-p-4.1.0' started by user 'root'
Install operation 21 '(admin) install remove disk0:asr9k-mgbl-p-4.1.0' started
by user 'root' via CLI at 07:38:44 UTC Mon Jul 10 2000.
Info:
This operation will remove the following packages:
Info:
disk0:asr9k-mgbl-supp-4.1.0
Info:
disk0:iosxr-mgbl-4.1.0
Info:
disk0:asr9k-mgbl-p-4.1.0
Info:
After this install remove the following install rollback points will
Info:
no longer be reachable, as the required packages will not be
present:
Info:
8, 9, 10, 11, 14, 15, 17
Proceed with removing these packages? [confirm] <Enter>
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#RP/0/RSP0/CPU0:Jul 10 07:38:58.472 : instdir[234]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install
operation 21 completed successfully
Install operation 21 completed successfully at 07:38:58 UTC Mon Jul 10 2000.

Task 2: Install Cisco IOS XR Package


Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 2

Install software package:

RP/0/RSP0/CPU0:PE1(admin)#install add disk0:asr9k-mgbl-p.pie-4.1.0


Sun Sep 25 09:32:41.942 UTC
Install operation 25 '(admin) install add /disk0:asr9k-mgbl-p.pie-4.1.0'
started by user 'root' via CLI at 09:32:42 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:32:42.311 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 25 '(admin) install add
/disk0:asr9k-mgbl-p.pie-4.1.0' started by user 'root'
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#
Info:
The following package is now available to be activated:
Info:
Info:
disk0:asr9k-mgbl-p-4.1.0
Info:
Info:
The package can be activated across the entire router.
Info:
RP/0/RSP0/CPU0:Sep 25 09:33:19.093 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 25 completed
successfully
Install operation 25 completed successfully at 09:33:19 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:PE1(admin)#install commit
Sun Sep 25 09:33:51.490 UTC
Install operation 26 '(admin) install commit' started by user 'root' via CLI
at
09:33:51 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:33:51.817 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 26 '(admin) install commit'
started by user 'root'
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Sep 25 09:33:54.994 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 26 completed
successfully
Install operation 26 completed successfully at 09:33:54 UTC Sun Sep 25 2011.
Step 3
2012 Cisco Systems, Inc.

Activate software package:


Lab Guide

81

RP/0/RSP0/CPU0:PE1(admin)#install activate disk0:asr9k-mgbl-p-4.1.0


Sun Sep 25 09:35:47.431 UTC
Install operation 27 '(admin) install activate disk0:asr9k-mgbl-p-4.1.0'
started by user 'root' via CLI at 09:35:47 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:35:47.794 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 27 '(admin) install activate
disk0:asr9k-mgbl-p-4.1.0' started by user 'root'
Info:
Install Method: Parallel Process Restart
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#
RP/0/RSP0/CPU0:Sep 25 09:36:38.041 : sysmgr[95]: %OS-SYSMGR-7INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:Sep 25 09:36:38.223 : schema_server[1159]: %MGBL-SCHEMA-6VERSIONCHANGE : A schema version change has occurred due to the unload of
schema file 'ciscosensormib_cfg.schema'. Any management applications which use
the schema may wish to update to the appropriate schema version.
RP/0/RSP0/CPU0:Sep 25 09:36:38.771 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED
: software installation is finished
RP/0/RSP0/CPU0:Sep 25 09:36:42.725 : insthelper[65]: ISSU: Starting sysdb bulk
start session
Info:
The changes made to software configurations will not be persistent
Info:
across system reloads. Use the command '(admin) install commit' to
Info:
make changes persistent.
Info:
Please verify that the system is consistent following the software
Info:
change using the following commands:
Info:
show system verify
Info:
install verify packages
RP/0/RSP0/CPU0:Sep 25 09:36:47.078 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used. Use
'install commit' to commit the active software.
RP/0/RSP0/CPU0:Sep 25 09:36:47.080 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 27 completed
successfully
Install operation 27 completed successfully at 09:36:47 UTC Sun Sep 25 2011.
Step 4

Commit the activation of the package:

RP/0/RSP0/CPU0:PE1(admin)#install commit
Sun Sep 25 09:37:04.416 UTC
Install operation 28 '(admin) install commit' started by user 'root' via CLI
at
RP/0/RSP0/CPU0:Sep 25 09:37:04.799 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_STARTED : Install operation 28 '(admin) install commit'
started by user 'root'
09:37:04 UTC Sun Sep 25 2011.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Sep 25 09:37:07.995 : instdir[234]: %INSTALL-INSTMGR-4ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
RP/0/RSP0/CPU0:Sep 25 09:37:07.996 : instdir[234]: %INSTALL-INSTMGR-6INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 28 completed
successfully
Install operation 28 completed successfully at 09:37:07 UTC Sun Sep 25 2011.

Task 3: Configuration Management


Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1

Change the hostname:

RP/0/RSP0/CPU0:PE1(config)#hostname Test
RP/0/RSP0/CPU0:PE1(config)#commit
Mon Jul 10 08:01:21.620 UTC
RP/0/RSP0/CPU0:Jul 10 08:01:23.254 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000327' to view the changes.
RP/0/RSP0/CPU0:Test(config)#

82

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.

Step 4

Roll back configuration to the last commit made:

RP/0/RSP0/CPU0:Test#rollback configuration last 1


Mon Jul 10 08:06:24.172 UTC
Loading Rollback Changes.
Loaded Rollback Changes in 1 sec
Committing..
1 items committed in 2 sec (0)items/sec
Updating.RP/0/RSP0/CPU0:Jul 10 08:06:27.638 : config_rollback[65728]: %MGBLCONFIG-6-DB_COMMIT : Configuration committed by user 'root'. Use 'show
configuration commit changes 1000000328' to view the changes.
Updated Commit database in 1 sec
Configuration successfully rolled back 1 commits.
RP/0/RSP0/CPU0:PE1#

2012 Cisco Systems, Inc.

Lab Guide

83

84

Pod 6

SW56

Pod 5

Pod 2

SW12

Pod 1

Team 3

SW6

SW5

SW2

SW1

2012 Cisco and/or its affiliates. All rights reserved.

CE6

CE5

CE2

CE1

Team 1

PE6

PE5

PE2

PE1

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

Appendix A

P2

P1

2012 Cisco Systems, Inc.

PE8

PE7

PE4

PE3

Team 4

SW8

SW7

SW4

SW3

Team 2

Pod 8

SW78

Pod 7

Pod 4

SW34

SPNGN2 v1.01LG-4

CE8

CE7

CE4

CE3

OC3 POS

GE
FE

Pod 3

Legend:

2012 Cisco Systems, Inc.

GE0/0

FE0/21
FE0/22

FE0/2

FE0/1

SWy

FE0/2

FE0/21
FE0/23 FE0/22
FE0/24

FE0/23
FE0/24

Pod y

SWxy

SWx

FE0/23
FE0/24

FE0/1

FE0/21
FE0/22

GE
FE
OC3 POS

FE0/2

FE0/1

GE0/0

Pod x

2012 Cisco and/or its affiliates. All rights reserved.

Legend:

CEy

GE0/1

GE0/1

CEx

Team z
GE0/0/0/
2

Lab Guide Appendix A

PEy

85

P2

P1

SPNGN2 v1.01LG-5

POS0/2/1
Connections to
PE(y+2)

POS0/2/0

POS0/2/0

GE0/0/3

GE0/0/
2

POS0/2/1

GE0/0/
1

GE0/0/0/
1 GE0/0/0/
3

GE0/0/0

GE0/0/0/0

PEx

86

.y1

.x1

GE
FE
OC3 POS
Loopback

Pod y

SWy

SWx

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

.x0
.x0

PEx

.y0

2012 Cisco Systems, Inc.

.1

.2

10.0.2.1

.2

.1

P2

P1

SPNGN2 v1.01LG-6

Connections to
PE(y+2)

192.168.2w1.0/24

192.168.y2.0/24
.y0

.y0

.2
.2

.1

.x0

.y0

.1

.x0

192.168.x1.0/24

192.168.2w2.0/24

PEy .y0

.y0

10.y.1.1

192.168.1xy.0/24

10.x.1.1

192.168.10y.0/24

10.y.0.1

10.x.0.1

192.168.10x.0/24

z = 1,2,3,4
x = 1,3,5,7
y = 2,4,6,8
w = 1 (for teams 1 and 2)
2 (for teams 3 and 4)

192.168.10y.0/24

SWxy

10.xy.0.1

192.168.10x.0/24

Pod x

2012 Cisco and/or its affiliates. All rights reserved.

Legend:

CEy

10.y.10.1

10.x.10.1

CEx

10.0.1.1

192.168.1.0/24

Team z

192.168.2.0/24

Pod 1

Pod 5

2012 Cisco Systems, Inc.

2012 Cisco and/or its affiliates. All rights reserved.

Team 3

SW6

CE6

Pod 6

10.10.10.28

10.10.10.31

SW56

SW5
10.10.10.27

10.10.10.29

10.10.10.30

CE5

SW2

CE2

Pod 2

10.10.10.12

10.10.10.15

SW12

SW1
10.10.10.11

10.10.10.13

10.10.10.14

CE1

Team 1

PE6

10.10.10.32

10.10.10.33

PE5

PE2

10.10.10.16

10.10.10.17

PE1

PE8

10.10.10.39

10.10.10.40

PE7

PE4

10.10.10.24

Lab Guide Appendix A

P2

10.10.10.26

10.10.10.18

P1

10.10.10.25

PE3

87

Pod 3

Pod 7

Team 4

SW8

10.10.10.35

Pod 8

SPNGN2 v1.01LG-7

CE8

10.10.10.38

SW78

10.10.10.36

10.10.10.37

CE7

CE4

10.10.10.23

Pod 4

10.10.10.34

SW7

SW4

10.10.10.20

SW34

CE3
10.10.10.22

10.10.10.21

10.10.10.19

SW3

Team 2

88

Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01

2012 Cisco Systems, Inc.