MPLSLabGuide Viet

MPLS Lab Guide
Version 1.0
(MPLS - Multiprotocol Label Switching)
Author: D !ng V"n Ton

Ha Noi - 9/20/2008
M%c l%c Outline: Lab guide MPLS bao g m nh"ng bi lab sau:
* Lab 2-1: Thi%t l'p mi tr#+ng ./nh tuy%n IGP c1a Service Provider * Lab 3-1: Thi%t l'p mi tr#+ng m4ng li (core) MPLS * Lab 5-1: C5u hnh MPLS VPN * Lab 5-2: 6/nh tuy%n EIGRP gi"a router PE v router CE * Lab 5-3: 6/nh tuy%n OSPF gi"a router PE v router CE * Lab 5-4: 6/nh tuy%n BGP gi"a router PE v router CE * Lab 6-1: VPNs overlapping * Lab 6-2: H8p nh5t cc Service Provider * Lab 6-3: Cc d/ch v9 VPN chung * Lab 7-1: Tch cc Interface cho k%t n:i Internet * Lab 7-2: Nhi;u Site truy c'p Internet * Lab 7-3: K%t n:i Internet trong m<t MPLS VPN
Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1.
http://www.vnexperts.net
I. Lab 2-1: Thi(t l*p mi tr ,ng ./nh tuy(n IGP c1a Service Provider. 1. Ph4m vi ho4t .<ng c1a .:i t#8ng: - Trong ph4m vi ho4t .<ng c1a bi lab ny, b4n s= dng nh"ng nhi>m v9 v nh"ng cu l>nh c?n thi%t .@ tri@n khai IGP Service Provider v mi tr#+ng ./nh tuy%n. Sau khi hon thnh bi lab ny, b4n s= c khA nBng thDc hi>n .#8c nh"ng cng vi>c sau: - Ki@m tra s, . ./a chE IP, Data-link connection Identifier (DLCI), v tr4ng thi c1a cc Interface c1a Service Provider. - Enable IGP Service Provider v c5u hnh .ng ./a chE IP. 2. Quy #Gc tn router: - P (Provider): Px1 v Px2 l cc router Core thu<c m4ng c1a nh cung c5p d/ch v9. - PE (Provider Edge): PEx1 v PEx2 l cc router bin k%t n:i tI nh cung c5p d/ch v9 .%n m4ng c1a khch hng. - CE (Customer Edge): CEx1A v CEx2A, v CEx1B v CEx2B l cc router c1a khch hng. 3. S, . ./a chE IP c1a MPLS Lab:
- 6/a chE IP c1a cc router . .#8c thDc thi bJng cch sK d9ng bAng ./a chE IP L d#Gi. Ch x chnh l chE s: c1a mMi m<t pod. - BAng chi ti%t ./a chE IP c1a cc Router: Parameter CEx1A (S0/0.101) Cex1A (loopback0) Value 150.x.x1.17/28 10.1.x1.49/32 http://www.vnexperts.net
Cex1A (E0/0) Cex2A (S0/0.101) Cex2A (loopback0) Cex2A (E0/0) Cex1B (S0/0.102) Cex1B (loopback0) Cex1B (E0/0) Cex2B (S0/0.102) Cex2b (loopback0) Cex2B (E0/0)
10.1.x1.17/28 150.x.x2.17/28 10.1.x2.49/32 10.1.x2.17/28 150.x.x1.33/28 10.2.x1.49/32 10.2.x1.17/28 150.x.x2.33/28 10.2.x2.49/32 10.2.x2.17/28
Pex1 (S0/0.101) Pex1 (S0/0.102) Pex1 (loopback0) Pex1 (S0/0.111) Pex2 (S0/0.101) Pex2 (S0/0.102) Pex2 (loopback0) Pex2 (S0/0.111) Px1 (S0/0.111) Px1 (S0/0.112) Px2 (S0/0.111) Px2 (S0/0.112) 4. Ti li>u c?n thi%t:
150.x.x1.18/28 150.x.x1.34/28 192.168.x.17/32 192.168.x.49/28 150.x.x2.18/28 150.x.x2.34/28 192.168.x.33/32 192.168.x.65/28 192.168.x.50/28 192.168.x.113/28 192.168.x.66/28 192.168.x.114/28
- Ti li>u c?n thi%t .@ hon thnh bi lab ny l: Cisco IOS documentation 5. Danh sch cu l>nh: - BAng ny s= m tA nh"ng cu l>nh .#8c sK d9ng trong bi lab ny: Command Network mask] No network network-number network-number [networkM tA 6@ ./nh nghNa m<t danh sch c1a nh"ng m4ng cho ti%n trnh xK l c1a EIGRP routing, sK d9ng cu l>nh network cho vic c5u hnh router. 6@ http://www.vnexperts.net
[network-mask] Router eigrp as-number No router eigrp as-number
xa bO m<t m4ng no ., dng tI kha no tr#Gc cu l>nh network. 6@ c5u hnh giao thPc ./nh tuy%n EIGRP, sK d9ng cu l>nh router eigrp L ch% .< global configuration. 6@ shutdown EIGRP ho4t .<ng trn router, sK d9ng tI kha no tr#Gc cu l>nh ny.
Interface
serial
[slot/port]
6@ ./nh nghNa m<t subinterface logical Pointto-Point cho m<t interface v't l. Enable giao thPc Frame Relay trong ch% .< c5u hnh interface. ChE ra gi tr/ DLCI s= lin k%t vGi k%t n:i pointto-point c1a n. 6@ hi>n th/ cc thng tin v tr4ng thi v; cc PVC c1a cc Interface . c5u hnh Frame Relay 6@ hi@n th/ thng tin v; m<t serial interface, sK d9ng cu l>nh show interfaces serial L ch% .< Privileged EXEC. N%u sK d9ng Frame Relay Encapsution, th khi dng cu l>nh show interface serial L ch% .< EXEC s= hi>n th/ nh"ng thng tin v; multicast DLCI, nh"ng DLCI sK d9ng trn interface, v DLCI .#8c sK d9ng cho Local Management Interface (LMI).
subinterface point-to-point Encapsulation frame-relay Frame-relay interface-dlci dlci Show frame-relay pvc Show interface serial [slot/port]
Show ip protocols
6@ hi>n th/ cc tham s: v tr4ng thi hi>n t4i c1a giao thPc ./nh tuy%n . c5u hnh trn router.
Show ip route
6@ hi>n th/ tr4ng thi hi>n t4i c1a bAng ./nh tuy%n.
5. Task 1: C5u hnh cc ./a chE IP c1a cc interface Service Provider. - Nhi>m v9 c1a b4n l c5u hnh ./a chE Layer 2 v Layer 3, .@ .Am bAo rJng c5u hnh .ng cc interface c?n thi%t. a. Cc b#Gc c?n lm: - Hon thnh nh"ng b#Gc sau s= l cng vi>c chuQn b/ cho s, . k%t n:i MPLS logical v s, . ./a chE IP. Workgroup 1 v 2 c1a mMi m<t pod s= c5u hnh cc router nJm trong nh"ng group ny: - Step 1: C5u hnh ./a chE IP v gi tr/ DLCI t#,ng Png cho mMi m<t Interface trn router c1a Service Provider P, subinterface, v loopback. - Step 2: C5u hnh ./a chE IP v gi tr/ DLCI t#,ng Png cho mMi m<t Interface trn router PE, subinterface v loopback. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
- Step 3: C5u hnh ./a chE IP v gi tr/ DLCI t#,ng Png cho mMi m<t Interface trn router CE, subinterface v loopback - Step 4: ThDc hi>n nh"ng th1 t9c .@ ki@m tra. b. Ki@m tra. B4n s= hon thnh cng vi>c ny khi b4n thu .#8c nh"ng k%t quA sau: - Ping .%n cc ./a chE IP c1a cc router .@ ki@m tra sD ho4t .<ng c1a mMi m<t link - Ping ./a chE IP c1a interface loopback c1a m<t router remote. 6. Task 2: C5u hnh Service Provider IGP. - Cng vi>c ti%p theo b4n s= phAi thi%t l'p mi tr#+ng ./nh tuy%n IGP c1a Service Provider. Cng vi>c ny s= bao g m vi>c enable giao thPc ./nh tuy%n EIGRP trn router . 6.a: Cc b#Gc c?n hon thnh: Hon thnh nh"ng b#Gc sau cho workgroup 1 v 2 cho mMi pod: - Step 1: Trn mMi router CE, enable giao thPc ./nh tuy%n Rip version 2 (RIPv2). Disable tnh nBng auto-summary c1a giao thPc ./nh tuy%n ny .i. - Step 2: Trn mMi router P v PE, enable giao thPc ./nh tuy%n EIGRP, sK d9ng AS number = 1, v chRc chRn rJng cc m4ng c1a Service provider . .#8c c5u hnh v .#8c quAng b bLi giao thPc ./nh tuy%n EIGRP. Disable tnh nBng auto-summary c1a giao thPc ./nh tuy%n ny. - Step 3: ChRc chRn rJng cc workgroup khc cSng hon thnh nh"ng cng vi>c nh# trn. - Step 4: Ti%n hnh ki@m tra. 6.b: Ki@m tra: B4n s= hon thnh cng vi>c ki@m tra khi b4n thu .#8c nh"ng k%t quA sau: - Trn mMi router P v PE, b4n s= ki@m tra giao thPc EIGRP . ho4t .<ng ch#a - Trn mMi router P v PE, b4n s= ki@m tra EIGRP . .#8c enable trn t5t cA cc interface serial c1a router ch#a. - Trn mMi P v PE rouer, b4n ki@m tra interface loopback c1a t5t cA cc router P v PE . .#8c hi@n th/ trong bAng ./nh tuy%n. - Trn mMi router P v PE, b4n ki@m tra m4ng 192.168.x.0 c1a t5t cA cc router P v PE . .#8c hi@n th/ trong bAng ./nh tuy%n ch#a. - Trn mMi router PE, b4n ki@m tra m4ng 150.x.0.0 c1a t5t cA cc router P v PE . .#8c hi@n th/ trong bAng ./nh tuy%n ch#a. II. Lab 2-1 Answer Key: Thi(t l*p mi tr ,ng ./nh tuy(n IGP c1a Service Provider 1. Task 2: C5u hnh Service Provider IGP - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# router eigrp 1 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
Pex1(config-router)# network 150.x.0.0 (ty chTn) Pex1(config-router)# network 192.168.x.0 Pex1(config-router)# no auto-summary - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# router eigrp 1 Pex2(config-router)# network 150.x.0.0 (ty chTn) Pex2(config-router)# network 192.168.x.0 Pex2(config-router)# no auto-summary - C5u hnh nh"ng b#Gc sau trn router Px1 : Px1(config)# router eigrp 1 Px1(config-router)# network 192.168.x.0 Px1(config-router)# no auto-summary - C5u hnh nh"ng b#Gc sau trn router Px2: Px2(config)# router eigrp 1 Px2(config-router)# network 192.168.x.0 Px2(config-router)# no auto-summary - C5u hnh nh"ng b#Gc sau trn t5t cA cc router CE: Cex**(config)# router rip Cex**(config-router)# network 10.0.0.0 Cex**(config-router)# network 150.x.0.0 (ty chTn) Cex**(config-router)# no auto-summary III. Thi(t l*p mi tr ,ng m3ng li MPLS 1. Ph4m vi ho4t .<ng c1a bi lab: Trong bi lab ny, b4n s= sK d9ng cc nhi>m v9 v cc cu l>nh c?n thi%t .@ tri@n khai MPLS trn cc sAn phQm Cisco IOS. Sau khi hon thnh bi lab ny, b4n s= c th@ lRm .#8c nh"ng n<i dung sau: - Enable LDP trn cc router PE v P - Disable sD quAng b c1a MPLS TTL - C5u hnh cc .i;u ki>n quAng b nhn (label) 2. S, . v't l c1a bi lab - Khi tri@n khai bi lab cc b4n c th@ dng s, . lab c1a hnh d#Gi .y.
3. Ti li>u c?n thi%t: - 6@ hon thnh bi lab ny cc b4n c?n tham khAo: Cisco IOS documentation. 4. Danh sch nh"ng cu l>nh c?n thi%t c1a bi lab ny MPLS command Cu l>nh Access-list access-list-number { wildpermit | deny } { type-code mask | address mask } No Access-list access-list-number { permit | deny } { type-code mask | address mask } Ip cef 6@ enable CEF trn RP card, sK d9ng cu l>nh ip cef L ch% .< global configuration. 6@ disable CEF, sK d9ng tI kha no tr#Gc cu l>nh ny. Mpls ip No mpls ip Mpls ip propagate-ttl No mpls ip propagate-ttl [ forwarded | local ] 6@ .i;u khi@n tr#+ng TTL trong header MPLS khi nhn l?n .?u tin .#8c gn vo m<t gi tin IP, sK d9ng cu l>nh mpls ip propagate-ttl L ch% .< global configuration. 6@ sK d9ng c: ./nh gi tr/ TTL = 255 cho nhn .?u tin c1a gi tin IP, th dng tI kha no tr#Gc cu l>nh ny. Mpls label protocol {ldp | tdp | 6@ chE ra giao thPc phn ph:i nhn .#8c sK http://www.vnexperts.net 6@ enable MPLS chuy@n ti%p cc gi tin Ipv4. wildM tA 6@ c5u hnh danh sch nh"ng .i;u ki>n cho m9c .ch lTc cc gi tin, khi m cc gi tin t#,ng Png vGi m<t .i;u ki>n no .. 6@ xa bO access-list . t4o, dng tI kha no L tr#Gc cu l>nh.
both } No mpls label protocol
d9ng trn ch% .< interface, sK d9ng cu l>nh mpls label protocol L ch% .< interface configuration. Dng tI kha no tr#Gc cu l>nh ny .@ disable tnh nBng ..
Show [detail]
mpls
interface
[interface]
6@ hi@n th/ thng tin v; m<t hoUc nhi;u interface . .#8c c5u hnh chuy@n m4ch nhn, sK d9ng cu l>nh show mpls interfaces L ch% .< privileged EXEC.
Show mpls ldp discovery
6@ hi@n th/ tr4ng thi c1a ti%n trnh xK l LDP discovery, sK d9ng cu l>nh show mpls ldp discovery L ch% .< privileged EXEC. Cu l>nh ny s= .#a ra m<t danh sch c1a cc interface .ang ch4y LDP discovery.
Show mpls ldp neighbor [address | interface] [detail] Mpls ]] no mpls ldp advertise-labels [for prefix-access-list [ to peer- access-list ]] ldp advertise-labels [for
6@ hi@n th/ tr4ng thi c1a cc phin lm vi>c c1a LDP, dng cu l>nh show mpls ldp neighbor L ch% .< privileged EXEC. 6@ .i;u khi@n vi>c phn ph:i nhn bLi LDP, sK d9ng cu l>nh mpls ldp advertise-labels L ch% .< global configuration.
prefix-access-list [ to peer- access-list
5. Task 1: Enable LDP trn cc router PE v P - Cng vi>c ti%p theo l thi%t l'p MPLS vGi mi tr#+ng ./nh tuy%n c1a Service Provider. Cng vi>c ny s= bao g m enable CEF v MPLS. 5a. Cc b#Gc c?n lm: C?n hon thnh nh"ng b#Gc sau: - Step 1: Trn Router PE c1a b4n, nh"ng cng vi>c sau s= c?n lm: + Enable CEF. + Enable LDP trn subinterface .ang k%t n:i trDc ti%p .%n router P c1a b4n. - Step 2: Trn router P c1a b4n, nh"ng cng vi>c sau s= c?n thDc thi: + Enable CEF. + Enable LDP trn subinterface .ang k%t n:i trDc ti%p .%n router PE c1a b4n. + Enable LDP trn subinterface .ang k%t n:i trDc ti%p .%n router P c1a cc workgroup khc. - Step 3: Ki@m tra nh"ng workgroup khc xem . hon thnh nh"ng c5u hnh . ch#a.
5b. Ki@m tra: B4n c th@ hon thnh cng vi>c ny khi b4n dnh .#8c nh"ng k%t quA sau: - Trn mMi router c1a b4n, b4n ki@m tra nh"ng interface . c5u hnh LDP ch#a Example: P11# show mpls interface - Trn mMi router c1a b4n, b4n ki@m tra tr4ng thi c1a interface xem . up ch#a v . thi%t l'p m:i quan h> LDP neighbor ch#a. Example: Px1# show mpls ldp discovery - Trn mMi router c1a b4n, ki@m tra LDP . .#8c chE ./nh m<t nhn cho mMi prefix trong bAng ./nh tuy%n c1a n ch#a Example: Pex1# show ip route Px1# show mpls ldp bindings - Trn mMi router c1a b4n, ki@m tra LDP . nh'n m< nhn c1a nh"ng m4ng con v cc interface loopback c1a router core ch#a. Example: Px1# show mpls ldp bindings - Thi hnh traceroute tI router PE c1a b4n .%n ./a chE ip c1a interface loopback c1a router PE c1a workgroup khc v ki@m tra k%t quA hi@n th/ vGi nh"ng nhn c lin quan. Example: Pex1# traceroute 192.168.x.33 6. Task 2: Disable TTL Propagation - Trong ph?n ny, b4n s= disable MPLS TTL propagation v ki@m tra k%t quA. Workgroup 1 s= c5u hnh Pex1 v Px1. Workgroup 2 s= c5u hnh Pex2 v Px2. 6a. Nh"ng b#Gc c?n thi%t .@ hon thnh nhi>m v9 ny: - Step1: Trn router PE c1a b4n, disable MPLS TTL propagation. - Step2: Trn router P c1a b4n, disable MPLS TTL propagation. - Step3: Ki@m tra cc workgroup khc . hon thnh nh"ng b#Gc trn ch#a. 6b. Ki@m tra: B4n s= hon thnh cng vi>c ny khi b4n thu .#8c nh"ng k%t quA sau:
10
- B4n s= thDc thi l>nh traceroute tI router PE .%n ./a chE ip c1a interface loopback c1a router PE nJm trn workgroup khc v so snh k%t quA ny vGi k%t quA thu .#8c trong l?n tr#Gc: Example: Pex1# traceroute 192.168.x.33 7. Task 3: C5u hnh cc .i;u ki>n phn ph:i nhn. - Trong ph?n ny, b4n s= sK d9ng nh"ng .i;u ki>n quAng b nhn .@ h4n ch% vi>c phn ph:i nhn c lin quan .%n cc Interface nJm trn router Core - Workgroup 1 s= c5u hnh Pex1 v Px1. Workgroup 2 s= c5u hnh Pex2 v Px2. 7a. Nh"ng b#Gc c?n lm: - Step1: Trn router PE, hi@n th/ LSPs . .#8c xy dDng. Example: Pex1# show mpls for - Step 2: Ch m<t LSP . .#8c xy dDng cho interface Wan .ang k%t n:i .%n router PE v router P khc. LSP ny s= khng bao gi+ sK d9ng bLi v l#u l#8ng s= khng .#8c xc ./nh bnh th#+ng t4i .i@m ny. - Step3: Trn cc router PE v P, c5u hnh cc .i;u ki>n phn ph:i nhn .@ cho php duy nh5t phn ph:i cc nhn c lin quan .%n ./a chE IP loopback v cc interface c1a Core cung c5p vi>c hM tr8 trDc ti%p .%n khch hng. - Step 4: Ki@m tra cc workgroup khc . hon thnh ch#a. 7b. Ki@m tra. - B4n s= hon thnh m9c ny khi b4n thu .#8c nh"ng k%t quA sau: - Trn router PE, b4n s= hi@n th/ LSPs . .#8c xy dDng Example: PE11# show mpls f - Trn router P, b4n s= dng cu l>nh sau .@ hi@n th/ LDP bindings Example: P11# show mpls ldp bind 8. Task 4: Xa bO cc .i;u ki>n phn ph:i nhn. Trong ph?n ny, b4n s= xa bO nh"ng .i;u ki>n quAng b nhn v v'y s= khng h4n ch% vi>c phn ph:i nhn c lin quan .%n cc Interface Wan trong Core. - Workgroup 1 s= c5u hnh cc router Pex1 v Px1. Workgroup 2 s= c5u hnh cc router Pex2 v Px2.
11
8a. Nh"ng th1 t9c c?n lm: - Step 1: Xa bO cc .i;u ki>n phn ph:i nhn. - Step 2: Ki@m tra cc workgroup khc. 8b. Ki@m tra. B4n s= hon thnh vi>c ki@m khi thu .#8c nh"ng k%t quA sau: - Trn router PE, b4n s= hi@n th/ LSP .ang xy dDng. Example: Pex1# show mpls for IV. Lab 3-1 Answer key: Thi(t l*p mi tr ,ng MPLS Core. 1. Task 1: Enable LDP trn cc router PE v P - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# ip cef Pex1(config)# interface serial 0/0.111 Pex1(config-subif)# mpls label protocol ldp Pex1(config-subif)# mpls ip - C5u hnh nh"ng b#Gc sau trn router Pex2 : Pex2(config)# ip cef Pex2(config)# interface serial 0/0.111 Pex2(config-subif)# mpls label protocol ldp Pex2(config-subif)# mpls ip - C5u hnh nh"ng b#Gc sau trn router Px1 : Px1(config)# ip cef Px1(config)# interface serial 0/0.111 Px1(config-subif)# mpls label protocol ldp Px1(config-subif)# mpls ip Px1(config)# interface serial0/0.112 Px1(config-subif)# mpls label protocol ldp Px1(config-subif)# mpls ip - C5u hnh nh"ng b#Gc sau trn router Px2 : Px2(config)# ip cef Px2(config)# interface serial 0/0.111 Px2(config-subif)# mpls label protocol ldp Px2(config-subif)# mpls ip Px2(config)# interface serial0/0.112 Px2(config-subif)# mpls label protocol ldp Px2(config-subif)# mpls ip
12
2. Task 2 : Disable TTL Propagation - C5u hnh cc b#Gc sau trn router Pex1 v Pex2 : Pex*(config)# no tag-switching ip propagate-ttl - C5u hnh nh"ng b#Gc sau trn router Px1 v Px2: Px*(config)# no tag-switching ip propagate-ttl 3. Task3: C5u hnh cc .i;u ki>n phn ph:i nhn - C5u hnh cc b#Gc sau trn router Pex1: Pex1(config)# no tag-switching advertise-tags Pex1(config)# tag-switching advertise-tags for 90 Pex1(config)# access-list 90 permit 150.x.0.0 0.0.255.255 Pex1(config)# access-list 90 permit 192.168.x.16 0.0.0.15 Pex1(config)# access-list 90 permit 192.168.x.32 0.0.0.15 Pex1(config)# access-list 90 permit 192.168.x.80 0.0.0.15 Pex1(config)# access-list 90 permit 192.168.x.96 0.0.0.15 - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex1(config)# no tag-switching advertise-tags Pex1(config)# tag-switching advertise-tags for 90 Pex1(config)# access-list 90 permit 150.x.0.0 0.0.255.255 Pex1(config)# access-list 90 permit 192.168.x.16 0.0.0.15 Pex1(config)# access-list 90 permit 192.168.x.32 0.0.0.15 Pex1(config)# access-list 90 permit 192.168.x.80 0.0.0.15 Pex1(config)# access-list 90 permit 192.168.x.96 0.0.0.15 - C5u hnh nh"ng b#Gc sau trn router Px1: Px1(config)# no tag-switching advertise-tags Px1(config)# tag-switching advertise-tags for 90 Px1(config)# access-list 90 permit 150.x.0.0.0 0.0.255.255 Px1(config)# access-list 90 permit 192.168.x.16 0.0.0.15 Px1(config)# access-list 90 permit 192.168.x.32 0.0.0.15 Px1(config)# access-list 90 permit 192.168.x.80 0.0.0.15 Px1(config)# access-list 90 permit 192.168.x.96 0.0.0.15 - C5u hnh cc b#Gc sau trn router Px2: Px2(config)# no tag-switching advertise-tags Px2(config)# tag-switching advertise-tags for 90 Px2(config)# access-list 90 permit 150.x.0.0.0 0.0.255.255 Px2(config)# access-list 90 permit 192.168.x.16 0.0.0.15 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
13
Px2(config)# access-list 90 permit 192.168.x.32 0.0.0.15 Px2(config)# access-list 90 permit 192.168.x.80 0.0.0.15 Px2(config)# access-list 90 permit 192.168.x.96 0.0.0.15 4. Task4 : Xa bO cc .i;u ki>n phn ph:i nhn. - C5u hnh nh"ng b#Gc sau trn router Pex1 v router Pex2: Pex*(config)# tag-switching advertise-tags - C5u hnh nh"ng b#Gc sau trn router Px1 v Px2: Px*(config)# tag-switching advertise-tags V. Lab 5-1: C4u hnh MPLS VPN. 1. Ph4m vi v cc .:i t#8ng c1a bi lab: - Cng ty c1a b4n .ang lm vi>c vGi m<t Service Provider. Pod c1a b4n c nhi>m v9 t4o hai .#,ng VPN .@ hM tr8 cho hai khch hng mGi (Khch hng A v Khch hng B). - Trong bi lab ny, b4n s= phAi t4o k%t n:i VPN cho khch hng c1a b4n. Sau khi hon thnh, b4n s= c khA nBng hon thnh nh"ng cng vi>c sau: + C5u hnh MP-BGP .@ thi%t l'p ./nh tuy%n gi"a cc router PE trong workgroup c1a b4n. + C5u hnh bAng VRF c?n thi%t .@ hM tr8 khch hng c1a b4n v thi%t l'p giao thPc ./nh tuy%n RIP cho khch hng c1a b4n sK d9ng VPN. 2. S, . logical c1a bi lab: Hnh 1:
14
Hnh 2:
3. Ti li>u c?n thi%t: - 6@ hon thnh bi lab ny cc b4n s= c?n dng .%n ti li>u: Cisco IOS documentation. 4. Danh sch cu l>nh c?n thi%t cho bi lab: Cu l>nh Address-family ipv4 vrf vrf-name Address-family vpnv4 Ip vrf forwarding vrf-name Ip vrf vrf-name Neighbor ip-address active Neighbor ip-address routeM tA ChTn m<t VRF instance c1a giao thPc ./nh tuy%n ChTn tham s: c5u hnh c1a ./a chE VPNv4 Gn m<t Interface cho VRF T4o m<t bAng VRF Active m<t route trao .Vi vGi cc ./a chE family bn d#Gi c5u hnh c1a neighbor 6@ c5u hnh router nh# m<t BGP-speaking neighbor hoUc perr group, sK d9ng cu l>nh neighbor next-hop-self L ch% .< router configuration. 6@ disable tnh nBng ny, sK d9ng tI kha no tr#Gc cu l>nh ny. Neighbor remote-as 6@ thm m<t danh m9c cho bAng BGP hoUc MP-BGP neighbor neighbor, sK L d9ng ch% cu .< l>nh router remote-as reflector-client
configuration. 6@ xa bO danh m9c ny khOi Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
15
bAng, sK d9ng tI kha no L tr#Gc cu l>nh ny. Neighbor send-community 6@ chE ra cc thu<c tnh c1a cc community s= .#8c gKi .%n m<t BGP neighbor, sK d9ng cu l>nh neighbor send-community L ch% .< router configuration. 6@ xa bO danh m9c ny, sK d9ng tI kha no tr#Gc cu l>nh ny. Neighbor update-source 6@ c .#8c Cisco IOS software cho php cc phin c1a IBGP sK d9ng mTi Interface cho vi>c k%t n:i TCP, sK d9ng cu l>nh neighbor update-source L ch% .< router configuration. 6@ ph9c h i l4i nh"ng g . gn cho Interface trL v; nh"ng tham s: . gn g?n nh5t, sK d9ng tI kha no tr#Gc cu l>nh ny. Ping vrf vrf-name host Rd value Redistribute bgp as-number metric transparent Router bgp as-number Route-target import | export value Show ip bgp neighbor Show ip bgp vpnv4 vrf vrf-name Show ip route vrf vrf-name Show ip vrf detail telnet host /vrf vrf-name 5. Task 1 : C5u hnh Multiprotocol BGP - Trong ph?n ny, b4n s= c5u hnh MP-BGP gi"a cc router PE trong m<t workgroup. - Workgroup 1 s= c5u hnh MP-BGP trn router Pex1, v workgroup 2 s= c5u hnh cng nhi>m v9 . trn router Pex2. 5a. Cc b#Gc c?n thi%t : - Step1 : Active giao thPc ./nh tuy%n BGP trn router c1a b4n v gn chE s: AS l 65001. Disable tnh nBng auto-summary. - Step2 : Active cc phin lm vi>c c1a VPNv4 BGP gi"a cc router PE. Disable tnh nBng auto-summary. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net ChTn giao thPc ./nh tuy%n BGP .@ c5u hnh Gn m<t RT cho m<t VRF Hi@n th/ nh"ng thng tin c1a cc BGP neighbor Hi@n th/ cc route VPN Ipv4 lin k%t vGi VRF Hi@n th/ bAng ./nh tuy%n c1a mt VRF . chE ra. Hi@n th/ chi ti%t nh"ng thng tin c1a VRF T4o m<t k%t n:i telnet .%n m<t router CE Ping m<t host thng qua VRF Gn m<t RD cho m<t VRF QuAng b cc route c1a BGP vo trong RIP
16
- Step 3: Ki@m tra trn cc workgoup khc. 5b. Ki@m tra B4n s= hon thnh ph?n ny khi b4n thu .#8c nh"ng k%t quA sau: - B4n s= hi@n th/ cc thng tin c1a BGP neighbor v chRc chRn rJng cc phin lm vi>c c1a BGP . .#8c thi%t l'p gi"a hai router PE. Example: Pex1# show ip bgp sum Pex2# show ip bgp sum Pex1# show bgp neighbor 6. Task2: C5u hnh bAng Virtual Routing and Forwading (VRF). Trong ph?n ny c1a bi lab, b4n s= phAi thi%t l'p cc k%t n:i VPN cho khch hng A v khch hng B. Workgroup 1 s= thi%t l'p m<t k%t n:i VPN gi"a router Cex1A v Cex2A, v workgroup2 s= thi%t l'p m<t k%t n:i VPN gi"a router Cex1B v router Cex2B. MMi workgroup s= ch/u trch nhi>m cho vi>c c5u hnh vGi t5t cA cc router PE cho khch hng c1a mnh. 6a. Cc b#Gc c?n lm: - Step1: Thi%t k% m4ng VPN c1a b4n quy%t ./nh cc chE s: RD v RT. - Step2: T4o cc VRF trn cc router PE v k%t h8p vGi cc interface PE-CE vo .ng cc bAng VRF t#,ng Png. - Step3: Khch hng c1a b4n .ang sK d9ng giao thPc ./nh tuy%n RIP, v v'y b4n c?n phAi enable RIP cho VRF m b4n . t4o. - Step4: C5u hnh quAng b RIP vo trong BGP vGi cu l>nh: address-family ipv4 vrf vrfname. - Step 5: C5u hnh quAng b BGP vo trong RIP vGi cu l>nh: address-family ipv4 vrf vrf-name. - Step 6: C5u hnh Rip metric khi .#8c quAng b vo trong MP-BGP bJng cch sK d9ng cu l>nh: redistribute bgp as-number metric transparent - Step 7: 6Am bAo rJng RIP . .#8c enable trn t5t cA cc router CE. ChRc chRn rJng t5t cA cc m4ng (bao g m cA loopback) s= .#8c active trong ti%n trnh xK l c1a RIP. 6b. Ki@m tra. B4n s= hon thnh cng vi>c ki@m tra khi b4n thu .#8c nh"ng k%t quA sau: - B4n c?n ki@m tra l4i xem . c5u hnh .ng cc bAng VRF trn router ch#a bJng cu l>nh: show ip vrf detail.
17
Example: Pex1# show ip vrf detail - Ki@m tra cc giao thPc ./nh tuy%n .ang ch4y trong VRF c1a b4n vGi cu l>nh: show ip protocol vrf. Example: Pex1# show ip protocol vrf Customer_A Pex1# show ip protocol vrf Customer_B - Ki@m tra bAng ./nh tuy%n c1a mMi m<t VRF trn router PE vGi cu l>nh: show ip route vrf. Example: Pex1# show ip route vrf Customer_A Pex1# show ip route vrf Customer_B - SK d9ng cu l>nh: show ip bgp vpnv4 vrf .@ hi@n th/ thng tin bAng ./nh tuy%n BGP k%t h8p vGi m<t VRF. Example: Pex1# show ip bgp vpnv4 Customer_A - Trn router CE, sK d9ng cu l>nh: show ip route .@ ki@m tra cc router .ang nh'n t5t cA cc VPN route. Example: Cex1A# show ip route Cex1A# traceroute 150.x.x2.17 Cex1A# ping 150.x.x2.17 - SK d9ng cu l>nh: show ip route trn router PE .@ ki@m tra cc route c1a khch hng c xu5t hi>n trong bAng ./nh tuy%n khng. Example: Pex1# show ip route - SK d9ng cu l>nh: ping v tracroute trn cc router PE .@ ki@m tra k%t n:i .%n cc m4ng c1a khch hng. Example: Pex1# ping 150.x.x1.17 Pex1# ping 150.x.x1.33 - SK d9ng cu l>nh: ping vrf trn cc router PE .@ ki@m tra k%t n:i .%n cc m4ng c1a khch hng. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
18
Example: Pex1# ping vrf Customer_A 150.x.x1.17 Pex1# ping vrf Customer_B 150.x.x1.33 VI. Lab 5-1 Answer key: C4u hnh MPLS VPN. 1. Task1: C5u hnh Multiprotocol BGP - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# router bgp 65001 Pex1(config-router)# neighbor 192.168.x.33 remote-as 65001 Pex1(config-router)# neighbor 192.168.x.33 update-source loopback 0 Pex1(config-router)# no auto-summary Pex1(config-router)# address-family vpnv4 Pex1(config-router-af)# neighbor 192.168.x.33 active Pex1(config-router-af)# neighbor 192.168.x.33 next-hop-self Pex1(config-router-af)# neighbor 192.168.x.33 send-community both Pex1(config-router-af)# no auto-summary - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# router bgp 65001 Pex2(config-router)# neighbor 192.168.x.17 remote-as 65001 Pex2(config-router)# neighbor 192.168.x.17 update-source loopback 0 Pex2(config-router)# no auto-summary Pex2(config-router)# address-family vpnv4 Pex2(config-router-af)# neighbor 192.168.x.17 active Pex2(config-router-af)# neighbor 192.168.x.17 next-hop-self Pex2(config-router-af)# neighbor 192.168.x.17 send-community both Pex2(config-router-af)# no auto-summary 2. Task 2: C5u hnh VRF (Virtual Routing and Forwading). - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# ip vrf Customer_A Pex1(config-vrf)# rd x:10 Pex1(config-vrf)# route-target both x :10 Pex1(config)# ip vrf Customer_B Pex1(config-vrf)# rd x:20 Pex1(config-vrf# route-target both x:20 Pex1(config)# interface serial0/0.101 Pex1(config-subif)# ip vrf forwarding Customer_A Pex1(config-subif)# ip address 150.x.x1.18 255.255.255.240 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
19
Pex1(config)# interface serial 0/0.102 Pex1(config-subif)# ip vrf forwarding Customer_B Pex1(config-subif)# ip address 150.x.x1.34 255.255.255.240 Pex1(config)# router rip Pex1(config-router) version 2 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router)# network 150.x.0.0 Pex1(config-router-af)# no auto-summary Pex1(config-router-af)# redistribute bgp 65001 metric transparent Pex1(config-router)# address-family ipv4 vrf Customer_B Pex1(config-router-af) network 150.x.0.0 Pex1(config-router-af)# no auto-summary Pex1(config-router-af)# redistribute bgp 65001 metric transparent Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# no auto-summary Pex1(config-router-af)# redistribute rip Pex1(config-router-af)# exit Pex1(config-router)# address-family ipv4 vrf Customer_B Pex1(config-router-af)# no auto-summary Pex1(config-router-af)# redistribute rip - C5u hnh nh"ng b#Gc sau trn router Pex2 : Pex2config)# ip vrf Customer_A Pex2config-vrf)# rd x:10 Pex2config-vrf)# route-target both x :10 Pex2config)# ip vrf Customer_B Pex2config-vrf)# rd x:20 Pex2config-vrf# route-target both x:20 Pex2config)# interface serial0/0.101 Pex2config-subif)# ip vrf forwarding Customer_A Pex2config-subif)# ip address 150.x.x1.18 255.255.255.240 Pex2config)# interface serial 0/0.102 Pex2config-subif)# ip vrf forwarding Customer_B Pex2config-subif)# ip address 150.x.x1.34 255.255.255.240 Pex2onfig)# router rip Pex2config-router) version 2 Pex2config-router)# address-family ipv4 vrf Customer_A Pex2config-router)# network 150.x.0.0 Pex2config-router-af)# no auto-summary Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
20
Pex2config-router-af)# redistribute bgp 65001 metric transparent Pex2config-router)# address-family ipv4 vrf Customer_B Pex2config-router-af) network 150.x.0.0 Pex2config-router-af)# no auto-summary Pex2config-router-af)# redistribute bgp 65001 metric transparent Pex2config)# router bgp 65001 Pex2config-router)# address-family ipv4 vrf Customer_A Pex2config-router-af)# no auto-summary Pex2config-router-af)# redistribute rip Pex2config-router-af)# exit Pex2config-router)# address-family ipv4 vrf Customer_B Pex2config-router-af)# no auto-summary Pex2config-router-af)# redistribute rip VII Lab 5-2 : 5/nh tuy(n EIGRP gi7a cc router PE v router CE. 1. Ph4m vi v cc .:i t#8ng c1a bi lab: - M<t s: khch hng sK d9ng giao thPc ./nh tuy%n EIGRP nh# m<t giao thPc ./nh tuy%n bn trong m4ng VPN ; .i khi, EIGRP .#8c dng .@ ./nh tuy%n chung vGi RIP hoUc BGP L nh"ng site khc. Trong bi lab ny, th cc khch hng c1a Service Provider quy%t ./nh sK d9ng giao thPc ./nh tuy%n EIGRP. - Trong ph4m vi c1a bi lab ny, b4n s= tri@n khai EIGRP nh# m<t giao thPc ./nh tuy%n PECE trong m4ng VPN c1a khch hng. Sau khi hon thnh bi lab ny, b4n s= c khA nBng hon thnh nh"ng yu c?u sau : + Chuy@n .Vi cc site c1a khch hng .ang dng giao thPc ./nh tuy%n RIP thnh giao thPc EIGRP v thi%t l'p VPN sK d9ng giao thPc ./nh tuy%n EIGRP. Nh"ng site cn l4i vWn ch4y RIP nh# m<t giao thPc ./nh tuy%n IGP.
21
2. S, . logical c1a bi lab :
3. Ti li>u c?n thi%t - 6@ hon thnh .#8c bi lab ny cc b4n c?n tham khAo thm ti li>u : Cisco IOS document. 4. Danh sch cu l>nh c?n thi%t cho bi lab : - BAng sau s= m tA cc cu l>nh c?n thi%t cho bi lab. Cu l>nh Address-family ipv4 [multicast | unicast | vrf vrf-name ] M tA Vo ch% .< c5u hnh ./a chE family v t4o m<t VRF. VRF name (hoUc tag) s= phAi t#,ng thch vGi VRF name . t4o trong Step 3 c1a Task 2. Network ip-address network-mask ChE ra m<t m4ng cho VRF. Cu l>nh network .#8c sK d9ng .@ xc ./nh xem cc interface no s= .#8c ./nh tuy%n trong EIGRP. VRF s= phAi .#8c c5u hnh vGi m<t dAi ./a chE . .#8c c5u hnh trong cu l>nh network. Redistribute protocol [process-id] { level-1 | level-1-2 | level-2 } [ asnumber ] [ metric metric-value ] [ route-map map-name ] [ match { ThDc hi>n quAng b BGP vo trong EIGRP. ChE s: AS v metric c1a BGP s= .#8c c5u hnh trong b#Gc ny. BGP s= phAi .#8c quAng b vo trong EIGRP cho CE site .@
22
internal | external 1 | external 2 }] [ tag tag-value ] [ route-map map-tag ] [subnets] Router eigrp as-number Show ip eigrp vrf vrf-name interfaces Show ip eigrp vrf vrf-name
ch5p nh'n cc BGP routes c th@ mang theo thng tin c1a EIGRP. M<t metric cSng s= phAi .#8c chE ra cho BGP v cSng .#8c c5u hnh trong b#Gc ny. Vo mode router configuration v t4o m<t ti%n trnh xK l c1a EIGRP. Hi@n th/ cc interface . .#8c c5u hnh ./nh tuy%n trong EIGRP. Hi@n th/ cc VRF neighbors khi cc
neighbors Show ip eigrp vrf vrf-name topology Show ip vrf 5. Task 1: Enable EIGRP VPN
neighbors ho4t .<ng v khng ho4t .<ng. Hi@n th/ cc danh m9c c1a VRF trong bAng EIGRP topology.
- Trong ph?n ny, khch hng c1a b4n . quy%t ./nh chuy@n .Vi duy nh5t hai site tI Rip sang dng EIGRP. Workgroup 1 s= chuy@n .Vi Site A, Cex1A, tI Rip thnh EIGRP v thi%t l'p m<t m4ng VPN. Workgroup 2 s= chuy@n .Vi Site B, Cex2B tI Rip thnh EIGRP v thi%t l'p m<t m4ng VPN. - MMi workgroup s= ch/u trch nhi>m c5u hnh cho t5t cA cc router PE c lin quan. 5a. Cc b#Gc c?n lm. - Step 1: Disable RIP v c5u hnh EIGRP trn m<t trong hai router c1a site nJm pha khch hng c1a b4n. Workgroup 1 s= c5u hnh Cex1A, v workgroup 2 s= c5u hnh Cex2B. B4n sK d9ng x# nh# m<t chE s: c1a AS cho EIGRP. BLi v cA hai khch hng .ang k%t n:i trDc ti%p thng qua cng m<t m4ng 150.x.0.0, v v'y b4n c?n phAi chE ra .ng cu l>nh trn EIGRP t#,ng Png vGi cc interface. - Step 2: Trn router PE, c5u hnh quAng b EIGRP vo trong BGP vGi cu l>nh: addressfamily ipv4 vrf vrf-name. BLi v EIGRP metric ngu n khng t#,ng thch vGi RIP metric .ch, nn c5u hnh metric mUc ./nh l 1. - Step3: Trn router PE, c5u hnh quAng b BGP vo trong EIGRP vGi cu l>nh addressfamily ipv4 vrf vrf-name. Disable tnh nBng auto-summary c1a EIGRP. 5b. Ki@m tra. B4n s= hon thnh cng vi>c ki@m tra khi b4n thu .#8c nh"ng k%t quA sau: - B4n s= phAi ki@m tra xem EIGRP . ho4t .<ng .ng trn cc interface ch#a. Example: Pex1# show ip eigrp interface Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
23
- B4n s= ki@m tra xem EIGRP adjacencies . .#8c thi%t l'p gi"a cc router CE v PE ch#a. Example: Pex1# show ip eigrp vrf Customer_A neighbor Pex2# show ip eigrp vrf Customer_B neighbor - Ki@m tra EIGRP topology database trn cc router CE. Example: Pex1# show ip eigrp vrf Customer_A topology Pex2# show ip eigrp vrf Customer_B topology - Ki@m tra k%t n:i VPN bJng cch sK d9ng cu l>nh Ping v Trace trn cc router CE v cc cu l>nh Ping vrf v trace vrf trn cc router PE. Example: Cex1# ping 150.x.x2.33 Cex1A# ping 150.0.02.17 Cex1B# trace 150.x.x2.33 Cex1A# trace 150.x.x2.17 Pex1# ping vrf Customer_A 10.1.x2.49 Pex2# ping vrf Customer_A 10.1.x1.49 Pex1# trace vrf Customer_B 10.2.x2.49 Pex2# trace vrf Customer_A 10.1.x1.49 VIII Lab 5-2: Answer Key: 5/nh tuy(n EIGRP gi7a cc router PE v CE. 1. Task 1: Thi%t l'p EIGRP VPN. - C5u hnh nh"ng b#Gc sau trn router Cex1A: Cex1A(config)# no router rip Cex1A(config)# router eigrp x Cex1A(config-router)# network 10.0.0.0 Cex1A(config-router)# network 150.x.0.0 Cex1A(config-router)# no auto-summary - C5u hnh nh"ng b#Gc sau trn router Cex2B: Cex2B(config)# no router rip Cex2B(config)# router eigrp x Cex2B(config-router)# network 10.0.0.0 Cex2B(config-router)# network 150.x.0.0 Cex2B(config-router)# no auto-summary
24
- C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# router rip Pex1(config-router)# no address-family ipv4 vrf Customer_A Pex1(config)# router eigrp 1 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# autonomous-system x Pex1(config-router-af)# network 150.x.x.x1 0.0.0.15 Pex1(config-router-af)# no auto-summary Pex1(config-router-af)# redistribute bgp 65001 metric 10000 100 255 1 1500 Pex1(config-router-af)# exit Pex1(config-router)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# no redistribute rip Pex1(config-router-af)# redistribute eigrp x metric 1 - C5u hnh nh"ng b#Gc sau trn router Pex12 : Pex2(config)# router rip Pex2(config-router)# no address-family ipv4 vrf Customer_B Pex2(config)# router eigrp 1 Pex2(config-router)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# autonomous-system x Pex2(config-router-af)# network 150.x.x.x1 0.0.0.15 Pex2(config-router-af)# no auto-summary Pex2(config-router-af)# redistribute bgp 65001 metric 10000 100 255 1 1500 Pex2(config-router-af)# exit Pex2(config-router)# router bgp 65001 Pex2(config-router)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# no redistribute rip Pex2(config-router-af)# redistribute eigrp x metric 1 IX- Lab 5-3 : 5/nh tuy(n OSPF gi7a cc router PE v CE. 1. Ph4m vi v cc .:i t#8ng c1a bi lab: - M<t s: khch hng quy%t ./nh sK d9ng OSPF nh# m<t giao thPc ./nh tuy%n trong m4ng VPN, .i khi, n cn .#8c ch4y cng vGi RIP hoUc BGP L trn cc site khc. Trong ph?n ny, b4n s= hon thnh vi>c tri@n khai giao thPc ./nh tuy%n OSPF trn cc router CE v PE. Sau khi hon thnh bi lab ny, b4n c th@ hon thi>n .#8c nh"ng ph?n sau : + Chuy@n .Vi cc router nJm trn cc site c1a khch hng tI giao thPc ./nh tuy%n Rip sang OSPF v thi%t l'p m4ng VPN sK d9ng OSPF. + Hon thnh sD di chuy@n c1a OSPF.
25
2. S, . logical c1a bi lab.
3. Ti li>u c?n thi%t - 6@ hon thnh bi lab ny cc b4n c?n ti li>u sau : Cisco IOS documentation. 4. Danh sch cu l>nh c?n thi%t c1a bi lab: - BAng sau s= m tA cc cu l>nh c?n thi%t .@ sK d9ng trong bi lab ny. Cu l>nh Address-family ipv4 vrf vrf-name Default-information orginate always Ip vrf forwarding vrf-name Ip vrf vrf-name Ping vrf vrf-name host Rd value Redistribute bgp as-number subnets Router bgp as-number Router ospf process vrf vrf-name Route-target import | export value Show ip bgp vpnv4 vrf vfr-name M tA ChTn m<t instance c1a VRF cho m<t giao thPc ./nh tuy%n T4o m<t default route trong OSPF Gn m<t interface cho m<t VRF T4o m<t VRF table. Ping m<t host .@ ki@m tra k%t n:i thng qua VRF. Gn m<t RD cho m<t VRF QuAng b cc route c1a BGP vo trong OSPF. C5u hnh giao thPc ./nh tuy%n BGP KhLi t4o m<t ti%n trnh c1a OSPF vGi m<t VRF. Gn m<t RT cho m<t VRF. Hi@n th/ cc route c1a VPNv4 k%t h8p vGi m<t VRF. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
26
Show ip ospf database Show ip route vrf vrf-name Show ip vrf detail telnet host /vrf vrf-name
Hi@n th/ thng tin c1a OSPF database Hi@n th/ bAng ./nh tuy%n c1a m<t VRF. Hi@n th/ thng tin chi ti%t c1a VRF. T4o m<t k%t n:i .%n m<t CE router .ang k%t n:i trDc ti%p vGi m<t VRF.
5. Task 1: C5u hnh OSPF nh# m<t giao thPc ./nh tuy%n PE-CE. - Trong ph?n ny, khch hng c1a b4n quy%t ./nh sK d9ng OSPF nh# m<t giao thPc ./nh tuy%n IGP. T5t cA cc site .ang ch4y giao thPc RIP v EIGRP .;u s= .#8c chuy@n sang OSPF. Workgroup 1 s= chuy@n .Vi Customer A (Cex1A v Cex2A), v workgroup 2 s= chuy@n .Vi Customer B (Cex1B v Cex2B) .@ thi%t l'p m<t m4ng VPN. - MMi workgroup s= ch/u trch nhi>m c5u hnh cho t5t cA cc router PE c lin quan vGi cc site c1a khch hng. 5a. Cc b#Gc c?n lm: - Step1: Disable EIGRP v RIP v c5u hnh OSPF trn cc router CE. C5u hnh OSPF (sK d9ng m<t OSPF process ID cho workgroup 1 l 1 v process id cho workgroup 2 vGi gi tr/ l 2) thng tin v; cc vng trong router CE s= c trong bAng bn d#Gi: Area Area 0 Area 1 Interface (hoUc cc Interface) Wan Interface Loopback 0 E0/0
- Step 2: C5u hnh OSPF (sK d9ng m<t OSPF process ID cho workgroup 1 l 1 v process id cho workgroup 2 vGi gi tr/ l 2) trong VRF trn cc router PE sK d9ng cu l>nh router ospf vrf. SK d9ng OSPF Area 0 trn PE-CE link. - Step 3: C5u hnh quAng b tI OSPF vo trong MP-BGP sK d9ng cu l>nh redistribute ospf trong ch% .< c5u hnh VRF address family. - Step 4: C5u hnh quAng b tI MP-BGP vo trong OSPF sK d9ng cu l>nh redistribute bgp subnets trong ch% .< c5u hnh OSPF router configuration. 5b. Ki@m tra. B4n s= hon thnh cng vi>c ki@m tra khi b4n thDc hi>n cc b#Gc sau: - B4n c?n ki@m tra OSPF adjacency trn cc router Pex1 v Pex2 sK d9ng cu l>nh: show ip ospf neighbor. Example: Pex1# show ip ospf neighbor Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
27
Pex2# show ip ospf neighbor - Ki@m tra OSPF topology database trn cc router Cex1A v router Cex2B. B4n s= nhn th5y tr4ng thi c1a cc k%t n:i. Example: Cex1# show ip ospf database - Ki@m tra bAng ./nh tuy%n trn cc router Cex1A. Example: Cex1A# show ip route - Ki@m tra k%t n:i VPN bJng cch sK d9ng cu l>nh Ping v Trace trn cc router CE v dng cu l>nh ping vrf v trace vrf trn cc router PE. Example: Cex1A# ping 10.1.x2.49 Pex1A# ping vrf Customer_B 10.2.x2.49 Pex1# trace vrf Customer_A 10.1.x2.49 Pex1# trace vrf Customer_B 10.2.x1.49 X. Lab 5-3 Answer Key: 5/nh tuy(n OSPF gi7a cc router PE v CE 1. Task 1: c5u hnh OSPF nh# m<t giao thPc ./nh tuy%n PE-Ce. - C5u hnh cc b#Gc sau trn router Cex1A: Cex1A(config)# no router eigrp x Cex1A(config)# router ospf 1 Cex1A(config-router)# network 150.x.0.0 0.0.255.255 area 0 Cex1A(config-router)# network 10.1.x1.49 0.0.0.0 area 0 Cex1A(config-router)# network 10.1.x1.16 0.0.0.15 area 1 - C5u hnh nh"ng b#Gc sau trn router Cex1B : Cex1B(config)# no router eigrp x Cex1B(config)# router ospf 2 Cex1B(config-router)# network 150.x.0.0 0.0.255.255 area 0 Cex1B(config-router)# network 10.1.x1.49 0.0.0.0 area 0 Cex1B(config-router)# network 10.1.x1.16 0.0.0.15 area 1 - C5u hnh nh"ng b#Gc sau trn router Cex2A: Cex2A(config)# no router eigrp x Cex2A(config)# router ospf 1 Cex2A(config-router)# network 150.x.0.0 0.0.255.255 area 0 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
28
Cex2A(config-router)# network 10.1.x1.49 0.0.0.0 area 0 Cex2A(config-router)# network 10.1.x1.16 0.0.0.15 area 1 - C5u hnh nh"ng b#Gc sau trn router Cex2B: Cex2B(config)# no router eigrp x Cex2B(config)# router ospf 2 Cex2B(config-router)# network 150.x.0.0 0.0.255.255 area 0 Cex2B(config-router)# network 10.1.x1.49 0.0.0.0 area 0 Cex2B(config-router)# network 10.1.x1.16 0.0.0.15 area 1 - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# no router rip Pex1(config)# router ospf 2 vrf Customer_B Pex1(config-router)# network 150.x.0.0 0.0.255.255 area 0 Pex1(config-router)# redistribute bgp 65001 subnets Pex1(config-router)# exit Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 Customer_B Pex1(config-router)# no redistribute rip Pex1(config-router-af)# redistribute ospf 2 Pex1(config-router-af)# exit Pex1(config)# router eigrp 1 Pex1(config-router)# no address-family ipv4 vrf Customer_A Pex1(config)# router ospf 1 vrf Customer_A Pex1(config-router)# network 150.x.0.0 0.0.255.255 area 0 Pex1(config-router)# redistribute bgp 65001 subnets Pex1(config-router)# exit Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# no redistribute eigrp x Pex1(config-router-af)# redistribute ospf 1 - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# no router rip Pex2(config)# router ospf 2 vrf Customer_A Pex2(config-router)# network 150.x.0.0 0.0.255.255 area 0 Pex2(config-router)# redistribute bgp 65001 subnets Pex2(config-router)# exit Pex2(config)# router bgp 65001 Pex2(config-router)# address-family ipv4 Customer_A Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
29
Pex2(config-router)# no redistribute rip Pex2(config-router-af)# redistribute ospf 1 Pex2(config-router-af)# exit Pex2(config)# router eigrp 1 Pex2(config-router)# no address-family ipv4 vrf Customer_B Pex2(config)# router ospf 2 vrf Customer_B Pex2(config-router)# network 150.x.0.0 0.0.255.255 area 0 Pex2(config-router)# redistribute bgp 65001 subnets Pex2(config-router)# exit Pex2(config)# router bgp 65001 Pex2(config-router)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# no redistribute eigrp x Pex2(config-router-af)# redistribute ospf 2 XI- Lab 5-4: 5/nh tuy(n BGP gi7a cc router PE v CE. 1. Ph4m vi v cc .:i t#8ng c1a bi lab: - Khch hng c1a b4n quy%t ./nh mu:n c m<t .#+ng backup cho m9c .ch dD phng vGi cc site. V v'y, c?n phAi sK d9ng giao thPc ./nh tuy%n BGP nh# m<t giao thPc ./nh tuy%n gi"a CE-to-PE. - Trong ph?n ny, b4n s= chuy@n .Vi giao thPc ./nh tuy%n hi>n .ang ch4y trn CE-to-PE sang giao thPc BGP. Sau khi hon thnh nh"ng cng vi>c ny b4n s= c .#8c nh"ng k%t quA sau : + Enable EBGP nh# m<t giao thPc ./nh tuy%n lin k%t CE-to-PE. + Enable m<t .#+ng dD phng + C5u hnh BGP .@ .i;u khi@n vi>c chTn .#+ng chnh v .#8c dD phng.
30
2. S, . logical c1a bi lab :
3. Ti li>u c?n thi%t - 6@ hon thnh bi lab ny cc b4n c?n tham khAo thm : Cisco IOS documentation. 4. Danh sch cc cu l>nh cho bi lab. - BAng sau s= m tA cc cu l>nh c?n thi%t .#8c sK d9ng trong bi lab ny.
31
Cu l>nh Address-family ipv4 vrf vrf-name Ip vrf forwarding vrf-name Ip vrf vrf-name Neighbor ip-address as-override
M tA ChTn m<t VRF Instance cho m<t giao thPc ./nh tuy%n Gn m<t interface cho m<t VRF T4o m<t VRF table. 6@ c5u hnh m<t PE router .@ thay th% chE s: AS c1a m<t site vGi AS c1a m<t nh cung c5p, sK d9ng cu l>nh neighbor asoverride L ch% .< configuration router.
Neighbor ip-address route-map name in | out No neighbor ip-address shutdown Ping vrf vrf-name host Rd value Route-map name permit seq Router bgp as-number Route-target import | export value Set metric value Show ip bgp vpnv4 vrf vrf-name Show ip route vrf vrf-name telnet host /vrf vrf-name
Gn thng tin route map cho BGP update nh'n hoUc gKi tI m<t neighbor. Enable m<t BGP neighbor . b/ disable vGi cu l>nh neighbor shutdown. Ki@m tra k%t n:i vGi m<t host thng qua VRF Gn m<t RD cho m<t VRF T4o m<t danh m9c trong m<t route map Enable giao thPc ./nh tuy%n BGP trn router Gn m<t RT cho m<t VRF C5u hnh cc thu<c tnh c1a BGP MED trong m<t route map. Hi@n th/ thng tin c1a cc .#+ng VPNv4 k%t h8p vGi m<t VRF. Hi@n th/ bAng ./nh tuy%n c1a m<t VRF T4o m<t k%t n:i telnet .%n m<t router CE
5. Task 1 : C5u hnh BGP nh# m<t giao thPc ./nh tuy%n PE-CE. - Trong ph?n ny, b4n s= phAi c5u hnh BGP .@ ./nh tuy%n gi"a router PE v cc router khch hng c1a b4n. OSPF s= l giao thPc ./nh tuy%n .#8c dng trong IGP .:i vGi cc khch hng cn l4i. B4n s= thDc hi>n quAng b tI BGP vo trong OSPF v tI OSPF vo trong BGP trn cc router c1a khch hng c1a b4n. B4n s= thi%t l'p m<t .#+ng VPN cho Customer A v Customer B. Workgroup 1 s= chuy@n .Vi Customer A (Cex1A v Cex2A), v workgroup 2 s= chuy@n .Vi customer B (Cex1B v Cex2B) .@ thi%t l'p m<t .#+ng VPN. MMi workgroup s= ch/u trch nhi>m c5u hnh cho t5t cA cc router PE c lin quan. 5a. Cc b#Gc thDc hi>n : - Step 1 : C5u hnh BGP trn cc router CE cho khch hng c1a b4n sK d9ng AS 650x1 cho Customer A v AS 650x2 cho Customer B. Disable tnh nBng auto-summary c1a BGP.
32
- Step 2: Xa bO OSPF trn cc router PE lin quan v c5u hnh BGP neighbor vGi mMi router CE v cc router PE. - Step 3: BLi v cA hai site c1a khch hng c1a b4n cng chE s: AS, nn b4n c?n enable tnh nBng AS-override trn cc router PE. 5b. Ki@m tra. B4n s= hon thnh th1 t9c ki@m tra khi b4n c .#8c nh"ng k%t quA sau: - B4n c?n ki@m tra k%t n:i BGP vGi cu l>nh: show ip bgp summary trn cc router CE. Example: Cex1A# show ip bgp summary Cex1A# show ip bgp Pex1# show ip bgp vpn all 6. Task 2: C5u hnh .#+ng dD phng PE-CE - Trong ph?n ny, b4n s= phAi enable cc .#+ng dD phng trn cc router PE. Workgroup 1 s= thi%t l'p k%t n:i gi"a router Pex1 v router Cex2A, v workgroup 2 s= thi%t l'p k%t n:i gi"a router Pex2 v router Cex1A. 6Am bAo rJng cc interface s= .#8c gn .ng VRF v BGP c?n phAi .#8c actived 6a. Cc b#Gc c?n thDc hi>n - Step 1: C5u hnh thm subinterface trn cc interface serial c1a router PE v router CE. - Step 2: C5u hnh thm .#+ng dD phng vGi VRF thch h8p. - Step 3: C5u hnh ./a chE IP v cc gi tr/ DLCI trn cc interface sK d9ng cc tham s: trong bAng d#Gi .y: Source Router Cex2A Cex1B 150.x.x1.49/28 150.x.x2.49/28 113 113 IP address DLCI Destination Router Pex1 Pex2 150.x.x1.50/28 150.x.x2.50/28 113 113 IP Address DLCI
- Step 4: C5u hnh t4o m:i quan h> BGP neighbor gi"a router CE v router PE t#,ng Png. 6b. Ki@m tra B4n s= hon thnh vi>c ki@m tra khi k%t quA thu .#8c nh# d#Gi .y: - B4n c?n ki@m tra k%t n:i point-to-point trn subinterface mGi. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
33
Example: Cex1B# ping 150.x.x2.50 Pex2# ping vrf Customer_B 150.x.x2.49 Cex2# ping 150.x.x1.50 Pex1# ping vrf Customer_A 150.x.x1.49 - Ki@m tra k%t n:i BGP vGi cu l>nh show ip bgp summary trn cc router CE. Example: Cex2A# show ip bgp summary Cex2A# show ip bgp Pex1# show ip bgp vpn all 7. Task 3: ChTn .#+ng Primary v .#+ng Backup vGi BGP. 7a. Cc b#Gc c?n lm: - Step 1: SK d9ng BGP tham chi%u c9c b< trn router CE .@ chTn .#+ng .%n router PE c9c b< (thng qua MPLS core) nh# m<t .#+ng chnh v .#+ng .%n router PE remote nh# m<t .#+ng dD phng. - Step 2: C5u hnh MED trong thng tin c'p nh't ./nh tuy%n .%n tI router CE .@ chRc chRn rJng cc router PE s= sK d9ng .#+ng chnh thng qua MPLS core tr#Gc khi c th@ sK d9ng .#+ng dD phng. 7b. Ki@m tra. B4n c th@ hon thnh ph?n ki@m tra ny khi b4n thu .#8c k%t quA tI nh"ng cu l>nh d#Gi .y: - B4n phAi sK d9ng cu l>nh: clear ip route hoUc clear ip bgp * trn router CE .@ quAng b cc .#+ng .i vGi nh"ng tham s: mGi. - B4n phAi ki@m tra .#+ng chnh (.#+ng k%t n:i .%n router PE local c1a b4n) .ang .#8c sK d9ng. SK d9ng cu l>nh show ip bgp .@ ki@m tra v5n .; ny. V chRc chRn rJng cc .#+ng .#8c nh'n tI .#+ng chnh s= lun .#8c chTn l .#+ng t:t nh5t. Example: Cex1# show ip bgp - Ki@m tra cc tham s: ci .Ut c1a MED bJng cch sK d9ng cu l>nh show ip bgp vpnv4 vrf trn cc router PE. ChRc chRn rJng cc router PE s= chTn cc .#+ng tI .#+ng chnh nh# m<t .#+ng t:t nh5t. Example: Pex2# show ip bgp vpnv4 all - ThDc hi>n shut down .#+ng tI router PE local .%n router CE.
34
- Ki@m tra .#+ng dD phng (.#+ng .%n router PE local c1a b4n) .ang .#8c sK d9ng. SK d9ng cu l>nh: show ip bgp .@ ki@m tra .i;u ny. Example: Cex1B# show ip bgp - Enable l4i cc subinterface. - Sau khi cc phin lm vi>c c1a BGP . .#8c thi%t l'p vGi router PE local, ki@m tra local link .ang .#8c hi@n th/ nh# m<t preferred link. SK d9ng cu l>nh: show ip bgp .@ ki@m tra. Example: Cex1B# show ip bgp XII Lab 5-4 Answer Key: 5/nh tuy(n BGP gi7a cc router PE v CE 1. Task 1: C5u hnh BGP nh# m<t giao thPc ./nh tuy%n PE-CE. - C5u hnh cc b#Gc sau trn router Cex1A: Cex1A(config)# router bgp 650x1 Cex1A(config-router)# neighbor 150.x.x1.18 remote-as 65001 Cex1A(config-router)# no auto-summary Cex1A(config-router)# redistribute ospf 1 Cex1A(config)# router ospf 1 Cex1A(config-router)# redistribute bgp 650x1 subnets - C5u hnh cc b#Gc sau trn router Cex1B: Cex1B(config)# router bgp 650x2 Cex1B(config-router)# neighbor 150.x.x1.34 remote-as 65001 Cex1B(config-router)# no auto-summary Cex1B(config-router)# redistribute ospf 2 Cex1B(config)# router ospf 2 Cex1B(config-router)# redistribute bgp 650x2 subnets - C5u hnh cc b#Gc sau trn router Cex2A: Cex2A(config)# router bgp 650x1 Cex2A(config-router)# neighbor 150.x.x1.18 remote-as 65001 Cex2A(config-router)# no auto-summary Cex2A(config-router)# redistribute ospf 1 Cex2A(config)# router ospf 1 Cex2A(config-router)# redistribute bgp 650x1 subnets - C5u hnh cc b#Gc sau trn router Cex2B: Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
35
Cex2B(config)# router bgp 650x2 Cex2B(config-router)# neighbor 150.x.x1.34 remote-as 65001 Cex2B(config-router)# no auto-summary Cex2B(config-router)# redistribute ospf 2 Cex2B(config)# router ospf 2 Cex2B(config-router)# redistribute bgp 650x2 subnets - C5u hnh cc b#Gc sau trn router Pex1: ************workgroup 1***************** Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# no redistribute ospf 1 Pex1(config)# no router ospf 1 vrf Customer_A Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# neighbor 150.x.x1.17 remote-as 650x1 Pex1(config-router-af)# neighbor 150.x.x1.17 active Pex1(config-router-af)# neighbor 150.x.x1.17 as-override *****************workgroup 2 ********************* Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_B Pex1(config-router-af)# no redistribute ospf 2 Pex1(config)# no router ospf 2 vrf Customer_B Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_B Pex1(config-router-af)# neighbor 150.x.x1.33 remote-as 650x2 Pex1(config-router-af)# neighbor 150.x.x1.33 active Pex1(config-router-af)# neighbor 150.x.x1.33 active Pex1(config-router-af)# neighbor 150.x.x1.33 as-override - C5u hnh nh"ng b#Gc sau trn router Pex2: **************** workgroup 1 ***************** Pex2(config)# router bgp 65001 Pex2(config-router)# address-family ipv4 vrf Customer_A Pex2(config-router-af)# no redistribute ospf 1 Pex2(config)# no router ospf 1 vrf Customer_A Pex2(config)# router bgp 65001 Pex2(config-router)# address-family ipv4 vrf Customer_A Pex2(config-router-af)# neighbor 150.x.x2.17 remote-as 650x1 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
36
Pex2(config-router-af)# neighbor 150.x.x2.17 active Pex2(config-router-af)# neighbor 150.x.x2.17 as-override ******************workgroup 2********************* Pex2(config-router-af)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# no redistribute ospf 2 Pex2(config)# no router ospf 2 vrf Customer_B Pex2(config)# router bgp 65001 Pex2(config-router-af)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# neighbor 150.x.x2.33 remote-as 650x2 Pex2(config-router-af)# neighbor 150.x.x2.33 active Pex2(config-router-af)# neighbor 150.x.x2.33 as-override 2. Task 2: C5u hnh .#+ng dD phng PE-CE - C5u hnh nh"ng b#Gc sau trn router Cex1B: Cex1B(config)# interface serial0/0.113 point-to-point Cex1B(config-subif)# ip address 150.x.x2.49 255.255.255.240 Cex1B(config-subif)# frame-relay interface-dlci 113 Cex1B(config-fr-dlci)# no shutdown Cex1B(config)# router bgp 650x2 Cex1B(config-router)# neighbor 150.x.x2.50 remote-as 65001 - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# interface serianl0/0.113 point-to-point Pex2(config-subif)# ip vrf forwarding Customer_B Pex2(config-subif)# ip address 150.x.x2.50 255.255.255.240 Pex2(config-subif)# frame-relay interface-dlci 113 Pex2(config-fr-dlci)# no shutdown Pex2(config)# router bgp 65001 Pex2(config-router)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# neighbor 150.x.x2.49 remote-as 650x2 Pex2(config-rotuer-af)# neighbor 150.x.x2.49 active Pex2(config-router-af)# neighbor 150.x.x2.49 as-override - C5u hnh nh"ng b#Gc sau trn router Cex2A: Cex2A(config)# interface serial 0/0.113 point-to-point Cex2A(config-subif)# ip addrress 150.x.x1.49 255.255.255.240 Cex2A(config-subif)# frame-relay interface-dlci 113 Cex2A(config-fr-dlci)# no shutdown Cex2A(config)# router bgp 650x1 Cex2A(config-router)# neighbor 150.x.x1.50 remote-as 65001 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
37
- C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# interface serial0/0.113 point-to-point Pex1(config-subif)# ip vrf forwarding Customer_A Pex1(config-subif)# ip address 150.x.x1.50 255.255.255.240 Pex1(config-subif)# frame-relay interface-dlci 113 Pex1(config-fr-dlci)# no shutdown Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 Customer_A Pex1(config-router-af)# neighbor 150.x.x1.49 remote-as 650x1 Pex1(config-router-af)# neighbor 150.x.x1.49 activate Pex1(config-router-af)# neighbor 150.x.x1.49 as-override 3. Task 3: ChTn .#+ng chnh v .#+ng dD phng vGi BGP. - C5u hnh nh"ng b#Gc sau trn router Cex1B: Cex1B(config)# router-map setLP permit 10 Cex1B(config-route-map)# set local-preference 50 Cex1B(config-route-map)# route-map setMED permit 10 Cex1B(config-route-map)# set metric 200 Cex1B(config-route-map)# router bgp 650x2 Cex1B(config-router)# neighbor 150.x.x2.50 route-map setLP in Cex1B(config-router)# neighbor 150.x.x2.50 route-map setMED out - C5u hnh nh"ng b#Gc sau trn router Cex2A: Cex2A(config)# router-map setLP permit 10 Cex2A(config-route-map)# set local-preference 50 Cex2A(config-route-map)# route-map setMED permit 10 Cex2A(config-route-map)# set metric 200 Cex2A(config-route-map)# router bgp 650x1 Cex2A(config-router)# neighbor 150.x.x2.50 route-map setLP in Cex2A(config-router)# neighbor 150.x.x2.50 route-map setMED out XIII Lab 6-1: Overlapping VPNs. 1. Ph4m vi c1a bi lab: - Khch hng .ang sK d9ng m4ng VPN c1a b4n mu:n c th@ trao .Vi d" li>u gi"a cc Central Site. B4n quy%t ./nh tri@n khai yu c?u ny vGi m hnh Overlapping VPN. - Trong bi lab ny, b4n s= thi%t l'p overlapping VPN .@ hM tr8 nh"ng yu c?u c?n thi%t c1a khch hng. Sau khi hon thnh bi lab ny, b4n c th@ thu .#8c nh"ng k%t quA sau: + Thi%t k% m<t giAi php VPN. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
38
+ Xa bO nh"ng VRF .ang t n t4i trn router Cex1A v Cex2B. + C5u hnh cc VRF mGi trn router Cex1A v router Cex2B. 2. S, . logical c1a bi lab
* Trong bi lab ny, b4n s= thDc hi>n thi%t l'p VPNs overlapping vGi nh"ng k%t n:i sau : - Cc k%t n:i VPN .,n giAn : + Cex1A v Cex2A c th@ k%t n:i. + Cex1B v Cex2B c th@ k%t n:i. + Cex1A v Cex1B khng th@ k%t n:i. + Cex1A v Cex1B khng th@ k%t n:i. + Cex2A v Cex2B khng th@ k%t n:i. + Cex1B v Cex2A khng th@ k%t n:i. - K%t n:i VPN overlapping (Customer_AB): + Cex1A v Cex2B c th@ k%t n:i. 3. Ti li>u c?n thi%t. - Ti li>u c?n thi%t trong bi lab ny: Cisco IOS documentation. 4. Danh sch cu l>nh: - Nh"ng cu l>nh thDc thi trong bi lab ny s= gi:ng nh# nh"ng bi lab tr#Gc. 5. Task 1: Thi%t k% giAi php VPN. - Site Cex1A khng theer nJm trong cng m<t VRF vGi nh"ng site xA khc. T#,ng tD, site Cex2B khng th@ nJm trong cng m<t VRF vGi cc site xB khc. V Cex1A v Cex2B cSng khng th@ chia s= cng m<t VRF. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
39
5a. Cc b#Gc c?n lm: - Step 1: ChE ./nh cc RD mGi cho cc VRF .@ cc router Cex1A v router Cex2B k%t n:i trDc ti%p. - Step 2: M<t RT mGi c?n cho Customer_AB VPN. 5b. Ki@m tra. B4n s= hon thnh ph?n ki@m tra khi b4n thu .#8c k%t quA tI nh"ng cu l>nh d#Gi .y: - B4n s= phAi thi%t l'p .#8c cc RD v cc RT cho cc VRF mGi. 6. Task 2: Xa bO cc VRF .ang t n t4i trn Router Cex1A v Cex2B. - Cex1A v Cex2B s= phAi .#8c chuy@n .%n mi tr#+ng ./nh tuy%n mGi. Cng vi>c ny r5t dX thDc hi>n bLi chE c?n thay .Vi cc gi tr/ RD v RT c1a nh"ng VRF .ang t n t4i. - cc Site Cex1A v Cex2B s= .#8c chuy@n .%n cc VRF mGi. T5t cA nh"ng tham chi%u .%n nh"ng site ny s= phAi .#8c xa bO tI cc giao thPc ./nh tuy%n .ang t n t4i. - Trong ph?n ny b4n s= thDc hi>n vi>c xa bO cc tham chi%u .%n cc router Cex1A v Cex2B. 6a. Cc b#Gc c?n lm: - Step 1: Xa bO m:i quan h> neighbor BGP gi"a router Cex1A v router Cex2B trn cc router PE t#,ng Png. - Step 2: Ki@m tra cc tham chi%u .%n router Cex1A v rouer Cex2B tI cc router PE t#,ng Png, n%u c?n thi%t, th xa bO chng. 6b. Ki@m tra. B4n c th@ hon thnh ph?n ki@m tra ny, khi b4n thu .#8c k%t quA tI nh"ng cu l>nh d#Gi .y: - Trn router PE, b4n thDc hi>n vi>c ki@m tra interface k%t n:i vGi router CE bJng cch sK d9ng cu l>nh: show ip vrf interfaces. Example: Pex1# show ip vrf interface Pex2# show ip vrf interface - Ki@m tra m:i quan h> neighbor BGP . .#8c xa bO trn router PE vGi cu l>nh: show ip bgp vpnv4 vrf summary. Ki@m tra tr4ng thi c1a router Cex1A v router Cex2B. Example : Pex1# show ip bgp vpnv4 vrf Customer_A summary
40
Pex2# show ip bgp vpnv4 vrf Customer_B summary 7. Task 3: C5u hnh cc VRF mGi cho router Cex1A v Cex2B. 7a. Cc b#Gc c?n thDc thi: - Step 1: T4o cc VRF mGi cho cc router Cex1A v router Cex2B trn cc router PE vGi cu l>nh: ip vrf. - Step 2: Gn cc gi tr/ RD mGi cho cc VRF mGi vIa t4o vGi cu l>nh: rd - Step 3: Gn .ng cc gi tr/ RT import v export cho cc VRF mGi vGi cu l>nh: routetarget - Step 4: Thi%t l'p l4i ./nh tuy%n BGP gi"a cc router PE v cc router CE. 7b. Ki@m tra. B4n s= hon thnh ph?n ki@m tra ny khi b4n thu .#8c nh"ng k%t quA tI nh"ng cu l>nh d#Gi .y: - Trn router PE, b4n c?n ki@m tra interface k%t n:i vGi CE router bJng cch sK d9ng cu l>nh: show ip vrf interfaces. Example: Pex1# show ip vrf interface Pex2# show ip vrf interface - Ki@m tra cc neighbor BGP trn router PE vGi cu l>nh: show ip bgp vpnv4 summary. Ki@m tra tr4ng thi c1a router Cex1A v router Cex2B. Example : Pex1A# show ip bgp vpnv4 vrf Customer_AB summary Pex2# show ip bgp vpnv4 vrf Customer_AB summary - Ki@m tra bAng ./nh tuy%n BGP cc VRF mGi bJng cch sK d9ng cu l>nh: show ip bgp vpnv4 vrf. B4n s= nhn th5y cc .#+ng .i tI router Cex1A hoUc router Cex2B v cc .#+ng .i tI cc VRF khc. Example: Pex1# show ip bgp vpnv4 Customer_AB Pex2# show ip bgp vpnv4 vrf Customer_AB - K%t n:i .%n router Cex1A v thDc thi cc cu l>nh ping v trace tests .%n ./a chE c1a loopback c1a router Cex2B. Example: Cex1A# ping 10.2.x2.49 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
41
Cex1A# trace 10.2.x2.49 - K%t n:i .%n router Cex2A v ping .%n router Cex2B hoUc router Cex1B. Example: Cex2A# ping 10.2.x2.49 Cex2A# ping 10.2.x1.49 XIV Lab 6-1 Answer Key: Overlapping VPNs. 1. Task 1: Thi%t k% giAi php VPN. - Khng c?n thi%t phAi c5u hnh task ny. 2. Task 2: Xa bO cc VRF .ang t n t4i trn router Cex1A v Cex2B. - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# router bgp 65001 Pex1(config-router)# address-family ipv4 vrf Customer_A Pex1(config-router-af)# no neighbor 150.x.x1.17 Pex1(config-vrf)# interface serial 0/0.101 Pex1(config-subif)# no ip vrf forwarding Customer_A - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# router bgp 65001 Pex2(config-router)# address-family ipv4 vrf Customer_B Pex2(config-router-af)# no neighbor 150.x.x2.33 Pex2(config-vrf)# interface serial 0/0.102 Pex2(config-subif)# no ip vrf forwarding Customer_B 3. Task 3: T4o cc VRF mGi cho cc router Cex1A v Cex2B. - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# ip vrf Central_AB Pex1(config-vrf)# rd x :11 Pex1(config-vrf)# route-target both x :10 Pex1(config-vrf)# route-target both x :1001 Pex1(config-vrf)# interface serial 0/0.101 Pex1(config-subif)# ip vrf forwarding Central_AB Pex1(config-subif)# ip address 150.x.x1.18 255.255.255.240 Pex1(config)# router bgp 65001 Pex1(config-router-af)# address-family ipv4 vrf Central_AB Pex1(config-router-af)# neighbor 150.x.x1.17 remote-as 650x1 Pex1(config-router-af)# neighbor 150.x.x1.17 activate Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
42
- C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# ip vrf Central_AB Pex2(config-vrf)# rd x :21 Pex2(config-vrf)# route-target both x :20 Pex2(config-vrf)# route-target both x :1001 Pex2(config-vrf)# interface serial 0/0.102 Pex2(config-subif)# ip vrf forwarding Central_AB Pex2(config-subif)# ip address 150.x.x1.34 255.255.255.240 Pex2(config)# router bgp 65001 Pex2(config-router-af)# address-family ipv4 vrf Central_AB Pex2(config-router-af)# neighbor 150.x.x1.33 remote-as 650x2 Pex2(config-router-af)# neighbor 150.x.x1.33 activate XV Lab 6-2: H9p nh4t cc Service Provider. 1. Cc b#Gc c?n thDc thi. - Yu c?u .Ut ra l m<t s: Service Provider nhO quy%t ./nh h8p nh5t l4i thnh m<t. 6@ hon thnh .#8c yu c?u ny, th m<t Central P router (P1) mGi s= .#8c ci .Ut v c5u hnh. K%t n:i Frame Relay s= .#8c cung c5p tI mMi router Px1 v Px2 local .%n router P1. Trong tr#+ng h8p ny th Core Interior Gateway Protocol (IGP) s= thDc hi>n chuy@n .Vi tI EIGRP sang dng Intermediate System-to-Intermediate System (IS-IS). - Trong bi lab ny, b4n s= thDc hi>n h8p nh5t Service Provider nhO c1a b4n vGi m<t s: cc Service Provider khc. Sau khi hon thnh bi lab ny b4n s= c .#8c nh"ng k%t quA sau: + Chuy@n .Vi Core IGP tI EIGRP sang IS-IS + Enable MPLS LDP k%t n:i vGi router Central P + Enable IBGP k%t n:i gi"a cc router PE. 2. S, . logical c1a bi lab. - Workgroup 1 s= c5u hnh Pex1 v Pex1, v workgroup 2 s= c5u hnh Pex2 v Pex2. Router P1 s= c?n phAi .#8c c5u hnh tr#Gc.
43
3. Ti li>u c?n thi%t. - Ti li>u c?n thi%t cho bi lab : Cisco IOS documentation. 4. Danh sch cu l>nh sK d9ng trong bi lab. - BAng sau s= m tA cc cu l>nh .#8c sK d9ng trong bi lab. Cu l>nh Router isis area-tag M tA 6@ enable giao thPc ./nh tuy%n ISIS v chE ra m<t ti%n trnh xK l c1a ISIS, sK d9ng cu l>nh router isis trong ch% .< global configuration. 6@ disable giao thPc ./nh tuy%n ho4t .<ng trn router IS-IS, sK d9ng tI kha no tr#Gc cu l>nh ny. Net network-entity-title 6@ c5u hnh m<t IS-IS network entity title (NET) cho m<t ti%n trnh xK l ./nh tuy%n CLNS, sK d9ng cu l>nh net L ch% .< router configuration. 6@ xa bO m<t NET, sK d9ng tI kha no tr#Gc cu l>nh ny. Isis circuit-type { level-1 | level-1-2 | level -2 only } 6@ c5u hnh cc lo4i c1a adjacency, sK d9ng cu l>nh isis circuit-type L ch% .< interface configuration. 6@ khLi .<ng l4i circuit type c1a Level 1 v Level 2, sK d9ng tI kha no tr#Gc cu l>nh ny. Metric-style wide [transition ] [ 6@ c5u hnh m<t router ch4y IS-IS .#a ra v ch5p nh'n duy nh5t cc lo4i new-style, .< di, v cc gi tr/ (TLVs), sK d9ng cu l>nh metric-style wide L ch% .< router configuration. 6@ disable tnh nBng ny, sK d9ng tI kha no tr#Gc cu l>nh ny. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net level-1 | level-2 | level-1-2 ]
44
5. Task 1: Enable k%t n:i vGi Router P central. - Trong ph?n ny, b4n s= c nhi>m v9 enable Frame Relay lin k%t gi"a cc router P v router P1, v sau . enable Label Distribution Protocol (LDP) cho cc k%t n:i gi"a cc router. 5a. Cc b#Gc c?n lm. - Step 1: C5u hnh ./a chE IP v cc gi tr/ DLCI trn cc interface sK d9ng cc tham s: trong bAng d#Gi .y. Ch cc tham s: ny chE .#8c c5u hnh trn cc router P, khng .#8c c5u hnh trn cc router PE. Router P11 P12 P21 P22 5b. Ki@m tra. - Trn router P, b4n c th@ sK d9ng cu l>nh: show interface .@ ki@m tra xem cc interface mGi . ho4t .<ng ch#a. 6. Task 2: Chuy@n Core sang sK d9ng IS-IS. - BLi v cc giao thPc ./nh tuy%n thu<c lo4i link-state c khA nBng mL r<ng h,n giao thPc ./nh tuy%n thu<c lo4i distance vector, nn cc Service Provider quy%t ./nh chuy@n Core sang sK d9ng IS-IS. Router P1 . thDc sD sYn sng .@ chuy@n .Vi. Workgroup c1a b4n s= ch/u trch nhi>m cho vi>c chuy@n .Vi t5t cc router . .#8c gn cho b4n. Workgroup 1 s= chuy@n .Vi hai router Pex1 v Px1. Workgroup 2 s= chuy@n .Vi router Pex2 v Px2. 6a. Cc b#Gc c?n thDc thi. - Step 1: Disable EIGRP . .#8c c5u hnh trn cc router nJm trong Core IGP. - Step 2: Enable IS-IS nh# m<t giao thPc ./nh tuy%n trong Core IGP sK d9ng cc tham s: chi ti%t trong bAng sau: Router ID Pex1 Pex2 Px1 Px2 6b. Ki@m tra. NET Net 49.0001.0000.0000.01x1.00 Net 49.0001.0000.0000.01x2.00 Net 49.0001.0000.0000.02x1.00 Net 49.0001.0000.0000.02x2.00 Remarks Trong . x = chE s: c1a POD Subinterface S0/0.211 S0/0.212 S0/0.221 S0/0.222 DLCI 211 212 221 222 IP address 192.168.100.10/29 192.168.100.18/29 192.168.100.26/29 192.168.100.34/29
45
- B4n c th@ sK d9ng cu l>nh: show ip protocol .@ ki@m tra IS-IS . ho4t .<ng ch#a v . .#8c enable .ng trn cc interface ch#a. Example: Pex1# show ip protocol Px1# show ip protocol - SK d9ng cu l>nh: show ip route v ki@m tra t5t cA cc .#+ng .i .ang gKi v nh'n. Example: Pex1# show ip route Px1# show ip route 7. Task 3: Enable MPLS LDP k%t n:i vGi router P central - Ph?n ny b4n s= phAi enable LDP k%t n:i gi"a cc router c1a b4n v router P1. 7a. Cc b#Gc c?n thDc thi: - Step 1: Enable LDP trn cc Subinterface m b4n . t4o trn router. 7b. Ki@m tra. - Trn router P, b4n ki@m tra m:i quan h> LDP neighbor . .#8c thi%t l'p gi"a router P v router P1 ch#a. Example: Px1# show mpls ldp neighbor - Trn router PE, ki@m tra cc label . .#8c nh'n tI cc workgroup khc. Example: Pex1# show mpls forwarding 8. Task 4: Enable IBGP k%t n:i cho t5t cA cc router PE. - Trong bi lab ny, b4n s= phAi thi%t l'p k%t n:i LDP cho t5t cA cc router P trong mi tr#+ng m4ng c1a Service Provider mGi, nh#ng b4n ch#a c?n thi%t l'p k%t n:i BGP vo th+i .i@m ny. By gi+, b4n c?n thi%t l'p k%t n:i Internal Border Gatewaly Protocol (IBGP) cho cc router PE. - C hai ph#,ng php b4n c th@ tri@n khai. 6?u tin l sK d9ng cu l>nh: bgp neighbor .@ thm m<t m:i quan h> neighbor gi"a cc router. Ph#,ng php thP hai l tri@n khai cc route phAn x4. 6@ hon thnh, th router P1 s= .#8c c5u hnh nh# m<t BGP route reflector. Tuy nhin, .@ thu .#8c nh"ng #u .i@m c1a vi>c c5u hnh ny, th b4n s= c?n phAi xa bO m:i quan h> neighbor gi"a hai router PE v c5u hnh chng nh# nh"ng client c1a router P1. - Workgroup 1 s= c5u hnh Pex1, v workgroup 2 s= c5u hnh Pex2.
46
8a. Cc b#Gc c?n thDc hi>n. - Step 1: Xa bO m:i quan h> neighbor gi"a router PE v remote router PE trong workgroup c1a b4n. - Step 2: C5u hnh router PE c1a b4n nh# m<t client c1a router P1. 8b. Ki@m tra. - Trn cc router PE, b4n ki@m tra k%t n:i BGP .%n t5t cA cc workgroup khc vGi cu l>nh: show ip bgp summary v cu l>nh: show ip bgp neighbor Example: Pex1# show ip bgp summary Pe11# show ip bgp neighbor - Ki@m tra bAng VRF BGP c1a cc khch hng c1a b4n trn cc router PE vGi cu l>nh: show ip bgp vpnv4 vrf. B4n s= nhn th5y cc route BGP .%n tI cc router CE s= .#8c chTn l nh"ng route t:t nh5t cc cc .ch. Example: Pex1# show ip bgp vpnv4 vrf Customer_A - Ki@m tra bAng VRF cho cc khch hng c1a b4n trn cc router PE vGi cu l>nh: show ip route vrf. B4n s= nhn th5y cc route .%n tI cc router CE s= .#8c lDa chTn. Example: Pex1# show ip route vrf Customer_A Pex1# show ip route vrf Customer_B XVI- Lab 6-2 Answer Key: H9p nh4t cc Service Provider. 1. Task 1: Enable k%t n:i vGi Router P central. - C5u hnh nh"ng b#Gc sau trn router Px1: Px1(config)# interface serial0/0.2x1 point-to-point Px1(config-subif)# ip address 192.168.100.** 255.255.255.248 Px1(config-subif)# frame-relay interface-dlci 2x1 Px1(config-fr-dlci)# no shutdown - C5u hnh nh"ng b#Gc sau trn router Px2: Px2(config)# interface serial0/0.2x2 point-to-point Px2(config-subif)# ip address 192.168.100.** 255.255.255.248 Px2(config-subif)# frame-relay interface-dlci 2x2 Px2(config-fr-dlci)# no shutdown
47
2. Task 2: Chuy@n Core sang sK d9ng IS-IS. - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# no router eigrp 1 Pex1(config)# router isis Pex1(config-router)# net 49.0001.0000.0000.01x1.00 Pex1(config-router)# is level-2-only Pex1(config-router)# metric-style wide Pex1(config-router)# interface serial 0/0.111 Pex1(config-subif)# ip router isis Pex1(config)# interface loopback 0 Pex1(config-subif)# ip router isis - C5u hnh nh"ng b#Gc sau trn router Pex2 : Pex2(config)# no router eigrp 1 Pex2(config)# router isis Pex2(config-router)# net 49.0001.0000.0000.01x1.00 Pex2(config-router)# is level-2-only Pex2(config-router)# metric-style wide Pex2(config-router)# interface serial 0/0.111 Pex2(config-subif)# ip router isis Pex2(config)# interface loopback 0 Pex2(config-subif)# ip router isis - C5u hnh nh"ng b#Gc sau trn router Px1: Px1(config)# no router eigrp 1 Px1(config)# router isis Px1(config-router)# net 49.0001.0000.0000.02x1.00 Px1(config-router)# is level-2-only Px1(config-router)# metric-style wide Px1(config-router)# interface serial0/0.111 Px1(config-subif)# ip router isis Px1(config-subif)# interface serial 0/0.112 Px1(config-subif)# ip router isis Px1(config-router)# interface serial 0/0.2x1 Px1(config-subif)# ip router isis Px1(config)# interface loopback 0 Px1(config-subif)# ip router isis - C5u hnh nh"ng b#Gc sau trn router Px2: Px2(config)# no router eigrp 1 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
48
Px2(config)# router isis Px2(config-router)# net 49.0001.0000.0000.02x2.00 Px2(config-router)# is level-2-only Px2(config-router)# metric-style wide Px2(config-router)# interface serial0/0.111 Px2(config-subif)# ip router isis Px2(config-subif)# interface serial 0/0.112 Px2(config-subif)# ip router isis Px2(config-router)# interface serial 0/0.2x2 Px2(config-subif)# ip router isis Px2(config)# interface loopback 0 Px2(config-subif)# ip router isis 3. Task 3. Enable MPLS LDP k%t n:i vGi router P central - C5u hnh nh"ng b#Gc sau trn router Px1: Px1(config)# interface serial 0/0.2x1 Px1(config-subif)# mpls ip Px1(config-subif)# mpls label protocol ldp - C5u hnh nh"ng b#Gc sau trn router Px2 : Px2(config)# interface serial 0/0.2x2 Px2(config-subif)# mpls ip Px2(config-subif)# mpls label protocol ldp 4. Task 4 : Enable IBGP k%t n:i cho t5t cA cc router PE. - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# router bgp 65001 Pex1(config-router)# no neighbor 192.168.x.33 remote-as 65001 Pex1(config-router)# neighbor 192.168.100.129 remote-as 65001 Pex1(config-router)# neighbor 192.168.100.129 update-source loopback 0 Pex1(config-router)# address-family vpnv4 Pex1(config-router-af)# neighbor 192.168.100.129 activate Pex1(config-router-af)# neighbor 192.168.100.129 send-community both Pex1(config-router-af)# neighbor 192.168.100.129 next-hop-self - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex1(config)# router bgp 65001 Pex1(config-router)# no neighbor 192.168.x.17 remote-as 65001 Pex1(config-router)# neighbor 192.168.100.129 remote-as 65001 Pex1(config-router)# neighbor 192.168.100.129 update-source loopback 0 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
49
Pex1(config-router)# address-family vpnv4 Pex1(config-router-af)# neighbor 192.168.100.129 activate Pex1(config-router-af)# neighbor 192.168.100.129 send-community both Pex1(config-router-af)# neighbor 192.168.100.129 next-hop-self XVII Lab 6-3: Cc d/ch v% VPN chung. - VGi m<t ki%n trc MPLS VPN mGi c th@ .#8c sK d9ng .@ tri@n khai m<t v5n .; mGi . l v5n .; quAn l cc d/ch v9 c1a cc router CE. Cc NMS trung tm c th@ gim st v quAn l t5t cA cc router CE thng qua k%t n:i VPN. - NMS VPN s= cung c5p k%t n:i duy nh5t gi"a NMS v m<t ./a chE IP duy nh5t trn m<t router CE v n .#8c sK d9ng cho m9c .ch quAn l. - Trong bi lab ny, Service Provider c1a b4n . thi%t l'p m<t trung tm quAn l m4ng t'p trung sK d9ng cng ngh> VPN gi"a cc interface loopback c1a cc router Ce v router NMS. B4n s= thi%t l'p k%t n:i duy nh5t gi"a NMS v cc interface loopback trn router CE vGi subnet mask l /32. 1. Ph4m vi ho4t .<ng c1a bi lab. - Trong bi lab ny, b4n s= thi%t l'p m<t m4ng VPN quAn l gi"a cc interface loopback c1a cc router CE v router NMS. Sau khi hon thnh bi lab ny, b4n s= c .#8c nh"ng k%t quA sau: + Thi%t k% m<t m4ng VPN quAn l. + Thi%t l'p k%t n:i gi"a VRF quAn l v cc VRF khch hng bJng cch c5u hnh .ng cc route .ch. 2. S, . logical c1a bi lab.
50
3. Ti li>u c?n thi%t. - 6@ hon thi>n bi lab ny cc b4n c th@ tham khAo thm ti li>u: Cisco IOS documentation. 4. Danh sch cu l>nh sK d9ng trong bi lab. - BAng sau s= m tA cc cu l>nh c?n thi%t .#8c sK d9ng trong bi lab ny: Cu l>nh Export map name Ip prefix-list name permit address mask ge len M tA ChE ra m<t VRF export route map. T4i m<t danh sch IP prefix t#,ng Png vGi t5t cA cc prefix .#8c chE ra trong m<t dAi ./a chE vGi m<t subnet mask lGn h,n hoUc bJng gi tr/ . chE ra. Match ip address prefix-list list nh x4 m<t prefix trong m<t route map vGi m<t danh sch IP prefix . .#8c chE ra. Route-map name permit seq Set extcommunity rt value additive T4o m<t danh m9c route map Gn m<t RT vo m<t route t#,ng Png vGi cu l>nh match 5. Task 1: Thi%t l'p k%t n:i gi"a NMS VRF v cc VRF khc. - M4ng VPN quAn l l m<t d/ch v9 chung. V v'y, hai gi tr/ RT c?n cho m<t m4ng VPN: server RT v client RT. Trn router PE hM tr8 NMS, m<t VRF cho m4ng VPN quAn l v c?n m<t gi tr/ RD t#,ng Png: d#Gi .y s= l m<t s: thnh ph?n c5u hnh trn router NMS PE. ! Create the NMS VRF ! Ip vrf NMS Rd 101:500 Route-target export 101:500 Route-target import 101:500 Route-target import 101:501 - 6@ thi%t l'p k%t n:i gi"a NMS VRF v cc VRF khch hng, b4n s= phAi gn cc client RT cho cc route h#Gng tGi ./a chE loopback c1a router CE khi ./a chE ny .#8c xu5t ra tI VRF c1a khch hng. B4n cSng c?n phAi nh'p vo cc route h#Gng tGi router NMS vo trong t5t cA cc VRF c1a khch hng. 5a. Cc b#Gc c?n thDc thi.
51
- Step 1: T4o m<t danh sch ./a chE IP s= .#8c dng .@ nh x4 vGi cc ./a chE loopback c1a router CE. - Step 2: T4o m<t route map s= .#8c dng .@ nh x4 vGi cc ./a chE loopback c1a router CE vGi danh sch prefix v gn cc gi tr/ client RT vo nh"ng route .. - Step 3: 6#a cc route map vo nh"ng route .#8c xu5t ra tI cc VRF c1a khch hng vGi cu l>nh: export route-map. - Step 4: nh'p cc route NMS vo trong VRF c1a khch hng bJng cch chE ra .ng cc gi tr/ nh'p RT. 5b. Ki@m tra. - B4n c?n ki@m tra xem cc gi tr/ RT . .#8c gn .ng vo cc route h#Gng tGi ./a chE loopback c1a router CE ch#a bJng cch sK d9ng cu l>nh: show ip bgp vpnv4 vrf name prefix. Example: Pex1# show ip bgp vpnv4 vrf Customer_A 10.1.x1.49 - SK d9ng cu l>nh ping mL r<ng, ki@m tra xem b4n c th@ ping tI ./a chE loopback c1a router CE .#8c quAn l .%n ./a chE loopback c1a router NMS CE hay khng (10.10.10.49). - SK d9ng cu l>nh ping mL r<ng, ki@m tra xem b4n khng th@ ping tI ./a chE Ethernet c1a router CE .#8c quAn l .%n ./a chE loopback c1a router NMS CE khng (10.10.10.49). - Ki@m tra router CE c1a b4n .ang nhn th5y duy nh5t cc prefix vGi m4ng VPN c1a b4n. Example: Pex1# show ip bgp vpnv4 vrf Customer_A XVIII Lab 6-3 Answer Key: Cc d/ch v% VPN chung. 1. Task 1: Thi%t l'p k%t n:i gi"a NMS VRF v cc VRF khc - C5u hnh nh"ng b#Gc sau trn router Pex1 c1a Customer A: Pex1(config)# ip vrf Customer_A Pex1(config-vrf)# export map NMS_Cus_A Pex1(config-vrf)# route-target import 101:500 Pex1(config)# ip vrf A_Central Pex1(config-vrf)# export map NMS_Cus_A Pex1(config-vrf)# route-target import 101:500 Pex1(config)# route-map NMS_Cus_A permit 10 Pex1(config-route-map)# match ip address access-list 10 Pex1(config-route-map)# set extcommunity rt 101:501 add Pex1(config-route-map)# exit Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
52
Pex1(config)# access-list 10 permit host 10.1.x1.49 Pex1(config)# access-list 10 permit host 10.1.x2.49 - C5u hnh nh"ng b#Gc sau trn router Pex2 c1a Customer A: Pex2(config)# ip vrf Customer_A Pex2(config-vrf)# export map NMS_Cus_A Pex2(config-vrf)# route-target import 101:500 Pex2(config)# route-map NMS_Cus_A permit 10 Pex2(config-route-map)# match ip address 10 Pex2(config-route-map)# set extcommunity rt 101:501 add Pex2(config-route-map)# exit Pex2(config)# access-list 10 permit host 10.1.x1.49 Pex2(config)# access-list 10 permit host 10.1.x2.49 - C5u hnh nh"ng b#Gc sau trn router Pex1 c1a Customer B: Pex1(config)# ip vrf Customer_B Pex1(config-vrf)# export map NMS_Cus_B Pex1(config-vrf)# route-target import 101:500 Pex1(config)# route-map NMS_Cus_B permit 10 Pex1(config-route-map)# match ip address 20 Pex1(config-route-map)# set extcommunity rt 101:501 add Pex1(config-route-map)# exit Pex1(config)# access-list 20 permit host 10.2.x1.49 Pex1(config)# access-list 20 permit host 10.2.x2.49 - C5u hnh cc b#Gc sau trn router Pex2 c1a Customer B: Pex2(config)# ip vrf Customer_B Pex2(config-vrf)# export map NMS_Cus_B Pex2(config-vrf)# route-target import 101:500 Pex2(config)# ip vrf B_Central Pex2(config-vrf)# export map NMS_Cus_B Pex2(config-vrf)# route-target import 101:500 Pex2(config)# route-map NMS_Cus_B permit 10 Pex2(config-route-map)# match ip address 20 Pex2(config-route-map)# set extcommunity rt 101:501 add Pex2(config-route-map)# exit Pex2(config)# access-list 20 permit host 10.2.x1.49 Pex2(config)# access-list 20 permit host 10.2.x2.49
53
XIX Tch cc interface cho k(t n:i Internet. - Trong nhi;u tr#+ng h8p, cc khch hng c1a b4n mu:n gi" l4i m hnh truy c'p internet theo ph#,ng php truy;n th:ng vGi m<t firewall gi"a m4ng VPN c1a khch hng v Internet. 6@ .p Png .#8c yu c?u ny th b4n c th@ tri@n khai bJng cch sK d9ng m4ng VPN chuyn d9ng v Interface vGi nh"ng subinterface trn lin k%t v't l PE-CE. 1. Ph4m vi c1a bi lab. - Trong bi lab ny, b4n s= tri@n khai m<t giao di>n truy c'p internet ring bi>t. Sau khi hon thnh bi lab, b4n s= thu .#8c nh"ng k%t quA sau: + Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet. + Thi%t l'p ./nh tuy%n gi"a khch hng v Internet. 2. S, . logical c1a bi lab. - B4n s= c5u hnh thm cc lin k%t Ao gi"a cc router CE c1a Site trung tm (Cex1A v Cex2B) v cc router PE khc. B4n s= phAi c5u hnh thm Static Routing gi"a cc router PE v CE. Remote Site (Cex1B v Cex2A) s= truy c'p Internet sK d9ng k%t n:i MPLS VPN.
3. Ti li>u c?n thi%t. - 6@ hon thnh bi lab ny cc b4n c?n tham khAo thm ti li>u: Cisco IOS documentation. 4. Danh sch cu l>nh dng cho bi lab. - BAng d#Gi .y s= m tA cc cu l>nh c?n thi%t sK d9ng trong bi lab. Cu l>nh Ip route prefix mask null 0 M tA T4o m<t route tVng h8p trong bAng ./nh tuy%n.
54
5. Task 1: Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet. - Trong ph?n ny, b4n s= t4o thm m<t subinterface mGi .@ hM tr8 cho vi>c truy c'p Internet trn router L Central Site. 5a. Cc b#Gc c?n thDc thi. - Step 1: T4o m<t subinterface mGi (s0/0.114) trn router central c1a khch hng sK d9ng cc thng tin ./a chE bn d#Gi bAng sau: Router ID Cex1A Cex2B IP Address 150.x.x1.66/28 150.x.x2.66/28 DLCI 114 114
- Step 2: C5u hnh subinterface mGi . ho4t .<ng vGi giao thPc ./nh tuy%n Interior Gateway Protocol (IGP) v chRc chRn rJng interface . L tr4ng thi Passive. - Step 3: T4o m<t subinterface mGi (S0/0.114) trn cc router PE sK d9ng thng tin ./a chE trong bAng d#Gi: Router ID Pex1 Pex2 IP Address 150.x.x1.65/28 150.x.x2.65/28 DLCI 114 114
- Step 4: C5u hnh cc subinterface mGi ho4t .<ng vGi giao thPc ./nh tuy%n IGP v chRc chRn rJng interface ny L tr4ng thi Passive. 5b. Ki@m tra. - B4n c th@ sK d9ng cu l>nh show ip interface .@ ki@m tra tr4ng thi c1a cc interface mGi. Example: Cex1A# show ip interface S0/0.114 Pex1# show ip interface S0/0.114 6. Task 2: Thi%t l'p ./nh tuy%n gi"a Site c1a Khch hng v Internet. - VGi giAi php ny, Khch hng v Service Provider quy%t ./nh sK d9ng Static Routing .@ ./nh tuy%n ra internet. Trong ph?n ny, b4n s= enable m<t Static Default Route trn router CE .@ ./nh tuy%n ra Internet v m<t Static Route trn Router PE .@ chE ra dAi ./a chE c1a khch hng. 6a. Cc b#Gc c?n thDc thi:
55
- Step 1: Trn router PE .ang hM tr8 router CE c1a b4n, t4o m<t static route .@ chE ra dAi ./a chE c1a khch hng. - Step 2: QuAng b cc route ny vo trong BGP. - Step 3: Trn router CE, t4o m<t default route. - Step 4: Static route ny s= .#8c sK d9ng bLi cA hai Site l Central v Remote. 6b. Ki@m tra. - B4n c th@ ki@m tra static route trn router PE. Example: Pex1# show ip route CE***# show ip route - SK d9ng cu l>nh ping mL r<ng .@ ki@m tra k%t n:i m4ng c1a khch hng vGi Internet. Example: Cex1# ping Protocol [ip]: Target IP address: 201.202.26.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.x.x1.49 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose [none]: Sweep range of size [n]: Type escape sequence to abort. XX lab 7-1 Answer Key: Tch cc interface cho k(t n:i Internet. 1. Task 1: Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet. - C5u hnh cc b#Gc sau trn router Cex1A: Cex1A(config)# interface serial 0/0.114 point-to-point Cex1A(config-subif)# ip address 150.x.x1.66 255.255.255.240 Cex1A(config-subif)# frame-relay interface-dlci 114 Cex1A(config-subif)# router ospf 1 Cex1A(config-router)# network 150.x.0.0 0.0.255.255 area 0 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
56
Cex1A(config-router)# passive-interface serial s0/0.114 - C5u hnh nh"ng b#Gc sau trn router Cex2B: Cex2B(config)# interface s0/0.114 point-to-point Cex2B(config-subif)# ip address 150.x.x2.66 255.255.255.240 Cex2B(config-subif)# frame-relay interface-dlci 114 Cex2B(config-subif)# router ospf 2 Cex2B(config-router)# network 150.x.0.0 0.0.255.255 area 0 Cex2B(config-router)# passive-interface s0/0.114 - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# interface s0/0.114 point-to-point Pex1(config-subif)# ip address 150.x.x1.65 255.255.255.240 Pex1(config-subif)# frame-relay interface-dlci 114 Pex1(config-subif)# ip router isis Pex1(config-subif)# router isis Pex1(config-router)# passive-interface s0/0.114 - C5u hnh nh"ng b#Gc sau trn router Pex2: Pex2(config)# interface s0/0.114 point-to-point Pex2(config-subif)# ip address 150.x.x1.65 255.255.255.240 Pex2(config-subif)# frame-relay interface-dlci 114 Pex2(config-subif)# ip router isis Pex2(config-subif)# router isis Pex2(config-router)# passive-interface s0/0.114 2. Task 2 : Thi%t l'p ./nh tuy%n gi"a Site c1a Khch hng v Internet. - C5u hnh cc b#Gc sau trn router Pex1 : Pex1(config)# ip route 10.1.x1.0 255.255.255.0 150.x.x1.66 Pex1(config)# ip route 10.1.x2.0 255.255.255.0 150.x.x1.66 Pex1(config)# router bgp 65001 Pex1(config-router)# redistribute static - C5u hnh cc b#Gc sau trn router Pex2 : Pex2(config)# ip route 10.2.x1.0 255.255.255.0 150.x.x2.66 Pex2(config)# ip route 10.2.x2.0 255.255.255.0 150.x.x2.66 Pex2(config)# router bgp 65001 Pex2(config-router)# redistribute static
57
- C5u hnh cc b#Gc sau trn router Cex1A : Cex1A(config)# ip route 0.0.0.0 0.0.0.0 s0/0.114 Cex1A(config)# router bgp 650x1 Cex1A(config-router)# network 0.0.0.0 - C5u hnh cc b#Gc sau trn router Cex2B : Cex2B(config)# ip route 0.0.0.0 0.0.0.0 s0/0.114 Cex2B(config)# router bgp 650x2 Cex2B(config-router)# network 0.0.0.0 XXI Lab 7- 2: Nhi<u Site truy c*p internet. - 6@ t:i #u qu trnh ./nh tuy%n, nh cung c5p d/ch v9 s= tin chRc rJng khch hng c1a mnh c th@ truy c'p Internet tI m<t site. BLi v nhi;u site cng truy c'p Internet, th giao thPc ./nh tuy%n dng s= .#8c chuy@n .Vi tI Static sang giao thPc ./nh tuy%n BGP. 1. Ph4m vi ho4t .<ng c1a bi lab. - Trong bi lab ny, b4n s= chuy@n .Vi cc khch hng .@ trDc ti%p truy c'p .%n cc giao di>n c1a BGP. Sau khi hon thnh bi lab ny, b4n s= thu .#8c nh"ng k%t quA sau: + Thi%t l'p k%t n:i remote site CE-PE cho vi>c truy c'p Internet. + Thi%t l'p remote site ./nh tuy%n gi"a khch hng v Internet. 2. S, . logical c1a bi lab. - B4n s= c5u hnh thm cc lin k%t virtual gi"a cc router (Cex1B v Cex2A) v cc router PE c1a chng. B4n s= c5u hnh m<t phin lm vi>c c1a BGP global gi"a cc router PE v cc router CE .@ trao .Vi cc .#+ng .i Internet gi"a nh cung c5p d/ch v9 v khch hng.
3. Ti li>u tham khAo. - Ti li>u .@ tham khAo trong bi lab ny : Cisco IOS documentation. 4. Danh sch cu l>nh c?n thi%t cho bi lab. - BAng d#Gi .y s= m tA cc cu l>nh c?n thi%t cho bi lab. Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
58
Cu l>nh Ip route prefix mask null 0
M tA T4o m<t .#+ng .i tVng h8p trong bAng ./nh tuy%n
5. Task 1 : Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet. - Nh cung c5p d/ch v9 c1a b4n . thDc sD t4o m<t m4ng VPN .@ truy;n cc l#u l#8ng tI Internet. B4n s= c?n phAi ra nh'p vo m4ng VPN ny. 5a. Cc b#Gc c?n thDc thi : - Step 1 : T4o m<t subinterface (S0/0.115) trn cc router cn l4i c1a khch hng bJng cch sK d9ng cc thng tin ./a chE bn d#Gi bAng sau: Router ID Cex1B Cex2A IP Address 150.x.x1.130/28 150.x.x2.130/28 DLCI 115 115
- Step 2 : T4o m<t subinterface (S0/0.115) trn cc router PE sK d9ng nh"ng thng tin ./a chE trong bAng d#Gi .y: Router ID Pex1 Pex2 5b. Ki@m tra. - B4n c th@ ki@m tra tr4ng thi c1a interface. Example : Cex1B# show ip interface s0/0.115 Pex1# show ip interface s0/0.115 6. Task 2: Thi%t l'p ./nh tuy%n gi"a m4ng c1a khch hng v Internet. 6a. Cc b#Gc c?n thDc thi: - Step 1: Trn cc router CE (Cex1A hoUc Cex2B), xa bO cc cu l>nh network v passive interface c lin quan .%n Interface Wan tI m4ng c1a Khch hng. - Step 2: Xa bO cu l>nh network tham chi%u .%n m4ng 0.0.0.0 tI BGP. - Step 3: Xa bO static route 0.0.0.0. - Step 4: Thm lin k%t c1a router PE nh# m<t BGP neighbor. - Step 5: Trn router PE, thm cc lin k%t vGi router CE nh# m<t BGP neighbor. - Step 6: Trn router CE (Cex2A hoUc Cex1B), thm cc lin k%t vGi router PE nh# m<t BGP neighbor. - Step 7: Trn router PE, thm cc lin k%t vGi router CE nh# m<t BGP neighbor. IP Address 150.x.x1.129/28 150.x.x2.129/28 DLCI 115 115
59
6b. Ki@m tra. - B4n c th@ ki@m tra tr4ng thi c1a cc BGP neighbor. Example: Pex1# show ip bgp summary XXII Lab 7-2 Answer key: Nhi<u Site truy c*p Internet. 1. Task 1: Thi(t l*p k(t n:i CE-PE truy c*p Internet. - C5u hnh nh"ng b#Gc sau trn router CE: Cex**(config)# interface serial0/0.115 point-to-point Cex**(config-subif)# ip address 150.x.x*.130 255.255.255.240 Cex**(config-subif)# frame-relay interface-dlci 115 - C5u hnh nh"ng b#Gc sau trn router PE : Pex*(config)# interface serial0/0.115 point-to-point Pex*(config-subif)# ip address 150.x.x*.129 255.255.255.240 Pex*(config-subif)# frame-relay interface-dlci 115 2. Task 2 : Thi(t l*p ./nh tuy(n gi7a m3ng c1a Khch hng v Internet. 2a. Customer A : - C5u hnh cc b#Gc sau trn router Cex1A : Cex1A(config)# router ospf 1 Cex1A(config-router)# no passive-interface serial0/0.114 Cex1A(config-router)# no network 150.x.0.0 0.0.255.255 area 0 Cex1A(config-router)# router bgp 650x1 Cex1A(config-router)# no network 0.0.0.0 Cex1A(config-router)# neighbor 150.x.x1.65 remote 65001 Cex1A(config-router)# no ip route 0.0.0.0 0.0.0.0 serial0/0.114 - C5u hnh nh"ng b#Gc sau trn router Pex1: Pex1(config)# no ip route 10.1.x1.0 255.255.255.0 150.x.x1.66 Pex1(config)# no ip route 10.1.x2.0 255.255.255.0 150.x.x1.66 Cex1A(config)# router bgp 65001 Cex1A(config-router)# neighbor 150.x.x1.66 remote 650x1 - C5u hnh nh"ng b#Gc sau trn router Cex2A: Cex2A(config)# router bgp 650x1 Cex2A(config-router)# neighbor 150.x.x2.129 remote 65001 - C5u hnh nh"ng b#Gc sau trn router Pex2. Pex2(config)# router bgp 65001 Pex2(config-router)# neighbor 150.x.x2.130 remote 650x1 Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
60
2b. Customer B. - C5u hnh nh"ng b#Gc sau trn router Cex2B: Cex2B(config)# router ospf 2 Cex2B(config-router)# no passive-interface serial0/0.114 Cex2B(config-router)# no network 150.x.0.0 0.0.255.255 area 0 Cex2B(config-router)# router bgp 650x2 Cex2B(config-router)# no network 0.0.0.0 Cex2B(config-router)# neighbor 150.x.x2.65 remote 65001 Cex2B(config-router)# no ip route 0.0.0.0 0.0.0.0 s0/0.114 - C5u hnh cc b#Gc sau trn cc router Pex2: Pex2(config)# no ip route 10.2.x1.0 255.255.255.0 150.x.x2.66 Pex2(config)# no ip route 10.2.x2.0 255.255.255.0 150.x.x2.66 Pex2(config)# router bgp 65001 Pex2(config-router)# neighbor 150.x.x2.66 remote 650x2 - C5u hnh cc b#Gc sau trn router Cex1B: Cex1B(config)# router bgp 650x2 Pex2(config-router)# neighbor 150.x.x1.129 remote 65001 - C5u hnh nh"ng b#Gc sau trn cc router Pex1: Pex1(config)# router bgp 65001 Pex2(config-router)# neighbor 150.x.x1.130 remote 650x2 XXII K(t n:i Internet trong m=t m3ng MPLS VPN 1. Ph4m vi ho4t .<ng c1a bi lab. - Trong bi lab ny, b4n s= phAi chuy@n m4ng c1a khch hng tI m<t m4ng VPN c th@ truy c'p Internet. Sau khi hon thnh bi lab, b4n s= thu .#8c nh"ng k%t quA sau: + Thi%t l'p k%t n:i tI CE-PE trung tm c th@ truy c'p Internet. + Thi%t l'p k%t n:i tI CE-PE remote c th@ truy c'p Internet. 2. S, . logical c1a bi lab. - Trong bi lab ny, b4n s= t4o m<t m4ng VPN c th@ truy;n d" li>u tI Internet, v sau . b4n s= t4o m<t k%t n:i gi"a m4ng VPN v site c1a khch hng. MMi Workgroup s= ch/u trch nhi>m thi hnh nh"ng nhi>m v9 c5u hnh trn cc router PE c1a mnh. - Hnh bn d#Gi s= m tA s, . logical c1a bi lab.
61
3. Ti li>u c?n thi%t. - Ti li>u tham khAo .@ c th@ hon thnh bi lab ny t:t nh5t: Cisco IOS document. 4. Danh sch cu l>nh c?n thi%t cho bi lab. - Cc cu l>nh trong bi lab ny s= sK d9ng l4i L nh"ng bAng danh sch cu l>nh c1a cc ph?n tr#Gc. 5. Task 1: Thi%t l'p k%t n:i Central Site truy c'p Internet. - Nh cung c5p d/ch v9 c1a b4n . thDc sD t4o m<t m4ng VPN .@ truy;n d" li>u tI Internet. B4n s= c?n phAi ra nh'p vo m4ng VPN ny. 5a. Cc b#Gc c?n thDc thi. - Step 1: Trn router PE (Pex1 hoUc Pex2), t4o m<t bAng Internet VPN VRF mGi. Nh cung c5p d/ch v9 . gn m<t gi tr/ c1a RT l 100:600 v m<t gi tr/ c1a RD l 100:600 cho t5t cA cc VRF. - Step 2: Gn interface (114) .ang hM tr8 bLi router CE c1a Central Site (Cex1A hoUc Cex2B) vo trong m<t VRF. - Step 3: Xa bO cu l>nh nighbor c1a router nJm trong Central Site tI Unicast address family. - Step 4: Thm cu l>nh neighbor c1a router nJm trong Central Site cho Internet VRF. 5b. Ki@m tra. - B4n c th@ ki@m tra cc .#+ng .i Internet .#8c nh'n bLi cc router CE nJm trong Central Site .%n cc router PE neighbor. Example: Cex1A# show ip route 6. Task 2: Thi(t l*p k(t n:i c1a Remote Site cho vi>c truy c*p Internet. - Nh cung c5p d/ch v9 c1a b4n . thDc sD t4o m<t m4ng VPN .@ truy;n d" li>u tI Internet. B4n s= c?n phAi ra nh'p vo m4ng VPN ny. 6a. Cc b#Gc c?n thDc thi: Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
62
- Step 1: Trn cc router PE (Pex1 hoUc Pex2) .ang hM tr8 cc router CE (Cex2A hoUc Cex1B) nJm trong remote site c1a b4n, gn interface (115) vo trong m<t VRF. - Step 2: Xa bO cu l>nh neighbor tI cc router nJm trong remote site L ch% .< global address family. - Step 3: Thm cu l>nh neighbor trn cc router nJm trong m4ng Remote site cho bAng VRF Internet. 6b. Ki@m tra. - B4n c th@ ki@m tra cc .#+ng .i Internet .#8c nh'n bLi cc router CE nJm trong Central Site. Example: Cex2A# show ip route XXIII Lab 7-3 Answer Key: K(t n:i Inernet trong m3ng MPLS VPN. 1. Task 1: Thi%t l'p k%t n:i cho Central Site truy c'p Internet. - C5u hnh cc b#Gc sau trn cc router PE: Pex1(config)# ip vrf internet Pex1(config-vrf)# route-target both 100:600 Pex1(config)# interface s0/0.114 Pex1(config-subif)# ip vrf forwarding Internet Pex1(config-subif)# ip address 150.x.x1.65 255.255.255.240 Pex1(config)# router bgp 65001 Pex1(config-router)# no nighbor 150.x.x1.66 remote-as 650x1 Pex1(config-router)# address-family ipv4 vrf Internet Pex1(config-router-af)# neighbor 150.x.x1.66 remote 650x1 Pex1(config-router-af)# neighbor 150.x.x1.66 activate Pex2(config)# ip vrf internet Pex2(config-vrf)# route-target both 100:600 Pex2(config)# interface s0/0.114 Pex2(config-subif)# ip vrf forwarding Internet Pex2(config-subif)# ip address 150.x.x1.65 255.255.255.240 Pex2(config)# router bgp 65001 Pex2(config-router)# no nighbor 150.x.x1.66 remote-as 650x1 Pex2(config-router)# address-family ipv4 vrf Internet Pex2(config-router-af)# neighbor 150.x.x1.66 remote 650x1 Pex2(config-router-af)# neighbor 150.x.x1.66 activate 2. Task 2: Thi%t l'p k%t n:i cho Remote Site CE-PE truy c'p Internet. - C5u hnh nh"ng b#Gc sau trn cc router PE: Created by: D !ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
63
Pex1(config-vrf)# interface s0/0.115 Pex1(config-subif)# ip vrf forward Internet Pex1(config-subif)# ip address 150.x.x1.129 255.255.255.240 Pex1(config-subif)# router bgp 65001 Pex1(config-router)# no neighbor 150.x.x1.130 Pex1(config-router)# address-family ipv4 vrf Internet Pex1(config-router-af)# neighbor 150.x.x1.130 remote 650x2 Pex1(config-router-af)# neighbor 150.x.x1.130 activate Pex2(config-vrf)# interface s0/0.115 Pex2(config-subif)# ip vrf forward Internet Pex2(config-subif)# ip address 150.x.x1.129 255.255.255.240 Pex2(config-subif)# router bgp 65001 Pex2(config-router)# no neighbor 150.x.x1.130 Pex2(config-router)# address-family ipv4 vrf Internet Pex2(config-router-af)# neighbor 150.x.x1.130 remote 650x1 Pex2(config-router-af)# neighbor 150.x.x1.130 activate ***************************************** THE END
64

MPLSLabGuide Viet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLSLabGuide Viet

Uploaded by

Copyright:

Available Formats

MPLS Lab Guide

Author: D !ng V"n Ton

[network-mask] Router eigrp as-number No router eigrp as-number

both } No mpls label protocol

Show mpls ldp discovery

prefix-access-list [ to peer- access-list

2. S, . logical c1a bi lab :

2. S, . logical c1a bi lab.

2. S, . logical c1a bi lab :

Cu l>nh Ip route prefix mask null 0

M tA T4o m<t .#+ng .i tVng h8p trong bAng ./nh tuy%n

You might also like