You are on page 1of 92

SPNGN1

Building Cisco Service


Provider Next-Generation
Networks, Part 1
Version 1.01

Lab Guide

Text Part Number: 97-3129-02


Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)

DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

Lab Guide © 2012 Cisco and/or its affiliates. All rights reserved.
Table of Contents
Lab Guide 1 
Overview 1 
Outline 1 
Job Aids 2 
Pod Access Information 2 
Device Information 2 
IP Addressing 3 
Lab 1-1: Verify Host IP Configuration 6 
Activity Objective 6 
Visual Objective 6 
Required Resources 6 
Command List 7 
Task 1: Verify IP Configuration of a Windows Host 7 
Task 2: Verify Connectivity 9 
Task 3: Perform Forward and Reverse DNS Lookups 10 
Lab 1-2: Configure Subnetting 11 
Activity Objective 11 
Visual Objective 11 
Required Resources 11 
Command List 11 
Job Aids 11 
Task 1: Divide Address Space into Correctly Sized Subnets 11 
Lab 2-1: Configure Cisco Switches 13 
Activity Objective 13 
Visual Objective 14 
Required Resources 14 
Command List 15 
Task 1: Boot Cisco ME340x Switch and Perform Basic Configuration 17 
Task 2: Enable SSH Access to the Switch 28 
Task 3: Verify STP Operation 28 
Task 4: Configuring EtherChannel 30 
Task 5: Configuring Port Security 32 
Lab 3-1: Configure Basic Router Configuration 35 
Activity Objective 35 
Visual Objective 35 
Required Resources 36 
Command List 36 
Task 1: Boot Cisco Router and Perform Basic Configuration 38 
Task 2: Basic EIGRP Configuration 41 
Lab 4-1: Implement Internet Connectivity 44 
Activity Objective 44 
Visual Objective 44 
Required Resources 44 
Command List 45 
Task 1: Configure DHCP on CE Router 46 
Task 2: Configure Static Routing for Internet Access 47 
Task 3: Configure PAT on CE Router 48 
Lab 4-2: Configure Data Link Layer Encapsulation 50 
Activity Objective 50 
Visual Objective 50 
Required Resources 50 
Command List 51 
Task 1: Configure a POS Interface on the PE Router 52 
Task 2: Configure PPP on POS Interface 53 
Lab 5-1: Configure Network Management Tools 58 
Activity Objective 58 
Visual Objective 58 
Required Resources 58 
Command List 59 
Task 1: Configure and Verify Cisco Discovery Protocol 60 
Task 2: Configure Logging 61 
Task 3: Configure and Verify NTP 63 
Task 4: Configuring and Verifying IP SLA 64 
Lab 5-2: Configure AAA 66 
Activity Objective 66 
Visual Objective 66 
Required Resources 66 
Command List 67 
Task 1: Configure AAA Authentication 68 
Answer Key 70 
Lab 1-1 Answer Key: Verify Host IP Configuration 70 
Lab 1-2 Answer Key: Configure Subnetting 70 
Lab 2-1 Answer Key: Configuring Cisco Switches 70 
Lab 3-1 Answer Key: Configure Basic Router Configuration 74 
Lab 4-1 Answer Key: Implement Internet Connectivity 77 
Lab 4-2 Answer Key: Configure Data Link Layer Encapsulation 78 
Lab 5-1 Answer Key: Configure Network Management Tools 81 
Lab 5-2 Answer Key: Configure AAA 82 
Task 1: Configure AAA Authentication 82 
Appendix A: Lab Topology 84 

ii Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
SPNGN1

Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this course.
You can find the solutions in the lab activity Answer Key.

Outline
This guide includes these activities:
 Job Aids
 Lab 1-1: Verify Host IP Configuration
 Lab 1-2: Configure Subnetting
 Lab 2-1: Configure Cisco Switches
 Lab 3-1: Configure Basic Router Configuration
 Lab 4-1: Implement Internet Connectivity
 Lab 4-2: Configure Data Link Layer Encapsulation
 Lab 5-1: Configure Network Management Tools
 Lab 5-2: Configure AAA
 Answer Key
 Appendix A: Lab Topology (Tear-Out)
Job Aids
These job aids are available to help you complete lab activities 2-1 through 5-2.

Pod Access Information


Instructor will provide you with the team and pod numbers, as well as other team and pod access
information. Write down the information in the table for future reference.

Parameter Default value Value

Team number z=1 - 4

Pod number x=1, 3, 5, 7 or


y=2, 4, 6, 8

Remote lab SSH access IP address 128.107.245.9

Remote lab SSH access username instr

Remote lab SSH access password testMe

Pod PE (Cisco IOS XR) router username root

Pod PE (Cisco IOS XR) router password 1ronMan

Pod CE, SW, and PE privileged level password cisco

Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in each pod and
two pods will work in each team. Each pod has one switch and two routers. Two pods share one
additional switch. All teams share the same core routers (P1 and P2).
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two teams
have a redundant POS connection, as shown in the following topology:

Legend:
Gi
Fa
OC3 POS

Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3

P1

SW12 SW34

CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7

SW56 P2 SW78

CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8

Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-4

2 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Device Roles and Loopback IP Addresses
Device Name Device Role Lo0 IPv4 Address Lo0 IPv6 Address

CEx Cisco 2900 pod router 10.x.10.1/32 2001:db8:10:x:10::1/128


CEy 10.y.10.1/32 2001:db8:10:y:10::1/128

PEx Cisco ASR 9000 or Cisco 10.x.1.1/32 2001:db8:10:x:1::1/128


PEy ASR 1000 pod router 10.y.1.1/32 2001:db8:10:y:1::1/128

SWx Cisco ME340x pod switch 10.x.0.1/32 2001:db8:10:x:0::1/128


SWy 10.y.0.1/32 2001:db8:10:y:0::1/128

SWxy Cisco ME340x pod switch 10.xy.0.1/32 2001:db8:10:xy:0::1/128


shared inside a team

P1 Cisco ASR 9000 core router 10.0.1.1/32 2001:db8:10:0:1::1/128

P2 Cisco ASR 9000 core router 10.0.2.1/32 2001:db8:10:0:2::1/128

The following figure illustrates the interface identification used in this lab setup.

Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1

Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1

Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1

POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-5

IP Addressing
The following figure illustrates the IP addressing scheme used in this lab setup.

© 2012 Cisco Systems, Inc. Lab Guide 3


Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1

10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1

192.168.2.0/24
192.168.1.0/24
192.168.1xy.0/24

10.y.10.1 SWxy 10.y.0.1 10.y.1.1

.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-6

The following figure illustrates the management IP addresses used in this lab setup.

Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1

10.10.10.13 10.10.10.18 10.10.10.21

SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23
CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7


10.10.10.30 10.10.10.27 10.10.10.33 10.10.10.40 10.10.10.34 10.10.10.37

10.10.10.29 10.10.10.26 10.10.10.36

SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8

Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-7

Note Replace the “x” or “y” with your pod number to get the IP subnets within your pod. Replace
the “xy” (where x < y) with numbers of the pods within the same team (for example, 12, 34,
56, or 78) to get IP subnets on the link between those pods.

4 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Pod IP Addressing
Device IP Address Peer IP Address

CEx 192.168.10x.x1/24 PEx 192.168.10x.x0/24


(Gi0/0) 2001:db8:192:168:10x::x1/80 (Gi0/0/0/0) 2001:db8:192:168:10x::x0/80

CEy 192.168.10y.y1/24 PEy 192.168.10y.y0/24


(Gi0/0) 2001:db8:192:168:10y::y1/80 (Gi0/0/0) 2001:db8:192:168:10y::y0/80

PEx 192.168.1xy.x0/24 PEy 192.168.1xy.y0/24


(Gi0/0/0/1) 2001:db8:192:168:1xy::x0/80 (Gi0/0/1) 2001:db8:192:168:1xy::y0/80

PEx 192.168.x1.x0/24 P1 192.168.x1.1/24


(Gi0/0/0/2) 2001:db8:192:168:x1::x0/80 2001:db8:192:168:x1::1/80

PEy 192.168.y1.y0/24 P1 192.168.y1.1/24


(Gi0/0/0/2) 2001:db8:192:168:y1::y0/80 2001:db8:192:168:y1::1/80

PEx 192.168.x2.x0/24 P2 192.168.x2.2/24


(Gi0/0/0/3) 2001:db8:192:168:x2::x0/80 2001:db8:192:168:x2::2/80

PEy 192.168.y2.y0/24 P2 192.168.y2.2/24


(Gi0/0/0/3) 2001:db8:192:168:y2::y0/80 2001:db8:192:168:y2::2/80

PE2 192.168.211.20/24 PE4 192.168.211.40/24


(POS0/2/0) 2001:db8:192:168:211::20/80 (POS0/2/0) 2001:db8:192:168:211::40/80

PE2 192.168.212.20/24 PE4 192.168.212.40/24


(POS0/2/1) 2001:db8:192:168:212::20/80 (POS0/2/1) 2001:db8:192:168:212::40/80

PE6 192.168.221.60/24 PE8 192.168.221.80/24


(POS0/2/0) 2001:db8:192:168:221::60/80 (POS0/2/0) 2001:db8:192:168:221::80/80

PE6 192.168.222.60/24 PE8 192.168.222.80/24


(POS0/2/1) 2001:db8:192:168:222::60/80 (POS0/2/1) 2001:db8:192:168:222::80/80

Core IP Addressing
Device Device IP Address Peer Peer IP Address

P1 192.168.1.1/24 P2 192.168.1.2/24
2001:db8:192:168:1::1/80 2001:db8:192:168:1::2/80

192.168.2.1/24 192.168.2.2/24
2001:db8:192:168:2::1/80 2001:db8:192:168:2::2/80

© 2012 Cisco Systems, Inc. Lab Guide 5


Lab 1-1: Verify Host IP Configuration
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will be able to use Windows applications and commands to investigate the IP
configuration of your PC and your local network. After completing this activity, you will be able to meet
these objectives:
 Use the ipconfig command to determine the current network addressing information of your PC
 Use the ping command to test connectivity to the default gateway
 Use the nslookup command to perform forward and reverse DNS lookups

Visual Objective
The figure illustrates what you will accomplish in this activity.

Perform forward and


reverse DNS lookups
DNS server

NSLOOKUP
Student PC
Determine the current network
addressing information
Internet

Default gateway PING

Test connectivity

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-8

Required Resources
These are the resources and equipment that are required to complete this lab activity:
 A PC connected to a functioning network, with connectivity to the Internet

6 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.

Windows Commands
Command Description

ipconfig Displays current IP addresses, network mask, and default


gateway IP address

ping Tests IP connectivity between hosts

nslookup Performs DNS lookups

Task 1: Verify IP Configuration of a Windows Host


In order to obtain the current IP address information, it is necessary to use the Windows ipconfig
command. You must open a command window to access Windows commands.

Activity Procedure
Step 1 From the Windows desktop, click Start.
Step 2 Enter cmd in the dialog box. Press Return.
Step 3 In the Command Prompt window, enter ipconfig.
Your output should resemble one of these four examples:
Nonworking example 1: The output indicates no connectivity. The Ethernet cable is probably not
physically connected. Notice the Teredo Tunneling Pseudo-Interface that gives full IPv6 connectivity
for IPv6-capable hosts, which are on the IPv4 network but which have no direct connection to an IPv6
network.
C:\Documents and Settings>ipconfig
< text omitted >
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
Nonworking example 2: The output indicates that the PC is waiting to obtain its IP address information
automatically. This will be a transient output—it will either successfully get an address or retry the
ipconfig command periodically until it changes to one of these remaining examples. Notice the link-
local IPv6 address: fe80::21c:25ff:fe97:4aeb%5
C:\Documents and Settings>ipconfig
< text omitted >
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . :

© 2012 Cisco Systems, Inc. Lab Guide 7


Nonworking example 3: The output indicates that the PC network adapter was unable to obtain an IP
address automatically, so the PC will use a generated link-local address. Getting a link-local address
may seem like success, but it really indicates that there is no connectivity to an IP address server. This
address will not be useful for network connectivity. If you see an IP address beginning with 169.254.x.x,
you do not have a valid address.
C:\Documents and Settings>ipconfig
< text omitted >
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 169.254.249.221
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . :

Working example 1: The output indicates that the PC either has a preconfigured IPv4 address or that it
successfully obtained its IP address automatically. Your IPv4 address, subnet mask, or default gateway
will most likely be different from what is shown.
C:\Documents and Settings>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : cisco.com
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . : 192.168.1.1
Step 4 If you have a problem, ask your instructor for assistance. Continue only if you have a valid
IPv4 address. Write the IPv4 values that you obtained from the ipconfig command in these
spaces:
PC IP address ___________________
Subnet mask ___________________
IP default gateway address ___________________

Note There might be more than one network adapter available on a PC. The output of the
ipconfig command will show a different IP configuration for each network adapter.

Activity Verification
You have completed this task when you attain this result:
 You obtained valid IP address information from the ipconfig command.

8 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Verify Connectivity
The Windows ping command allows you to test the connectivity of the network. Its output demonstrates
success or failure, and gives an indication of the round-trip time taken.

Activity Procedure
Step 1 In the Command Prompt window, enter ping followed by the address of your default
gateway that you obtained in Task 1.
Step 2 The first example below is an unsuccessful ping. If you get this output, ask your instructor
for assistance.
Nonworking example: The output indicates that no reply was received from the target IP address.
C:\Documents and Settings>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.1:


Packets: Sent = 4, Received = 0, Lost = 4 (100%
loss),
Working example: This output indicates successful receipt of replies from the target IP address.
C:\Documents and Settings>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Note Notice that, by default, the Windows ping command sends four packets.

Activity Verification
You have completed this task when you attain these results:
 You used the Windows ping command to test the connectivity to your default gateway router.
 The round-trip time should be less than 10 ms.

© 2012 Cisco Systems, Inc. Lab Guide 9


Task 3: Perform Forward and Reverse DNS Lookups
In this task, you will perform forward and reverse DNS lookups.

Activity Procedure
Step 1 From the Command Prompt window, enter nslookup www.cisco.com
The first example below shows forward DNS lookup for www.cisco.com. DNS server used
in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup www.cisco.com
Server: lab-x.cisco.com
Address: 192.168.100.100

Non-authoritative answer:
Name: origin-www.cisco.com
Address: 72.163.4.161
Aliases: www.cisco.com, www.cisco.com.akadns.net
geoprod.cisco.com.akadns.net
Step 2 From the Command Prompt window, enter nslookup 8.8.8.8
The second example below shows reverse DNS lookup for IP address 8.8.8.8 which is a
Google public DNS server with hostname google-public-dns-a.google.com. The DNS server
used in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup 8.8.8.8
Server: lab-x.cisco.com
Address: 192.168.100.100

Name: google-public-dns-a.google.com
Address: 8.8.8.8

Activity Verification
You have completed this task when you attain this result:
 You used the Windows nslookup command to determine the IP address for http://www.cisco.com
and to determine the hostname for IP address 8.8.8.8.

10 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 1-2: Configure Subnetting
Complete this lab activity to practice what you learned in the related lesson.

Activity Objective
In this activity, you will determine subnets of a given address range based on the number of hosts. After
completing this activity, you will be able to meet these objectives:
 Determine the subnets based on a given number of hosts
 Determine the maximum number of host addresses that are available in a determined subnet
 Determine the broadcast address for a determined subnet

Visual Objective
There are no visual objectives for this lab activity.

Required Resources
These are the resources and equipment that are required to complete this activity.
 Pen
 Paper

Command List
There are no commands that are used in this activity.

Job Aids
These job aids are available to help you complete the lab activity.
 Pen
 Paper

Task 1: Divide Address Space into Correctly Sized Subnets


During this task, you will determine the recommended action that is based on the criteria that is shown
for a series of incident tickets.

Activity Procedure
Given a network 192.168.0.0/21 and the required number of hosts, complete the table to
identify the subnet, subnet prefix, maximum number of hosts, and broadcast address for that
subnet.

Required Number Subnet Maximum Subnet


of Hosts Number of Hosts Broadcast
per Subnet Address

300

200

150

100

© 2012 Cisco Systems, Inc. Lab Guide 11


Required Number Subnet Maximum Subnet
of Hosts Number of Hosts Broadcast
per Subnet Address

50

40

20

Activity Verification
You have completed this task when you attain this result:
 Given a network and maximum number of hosts, you can identify the subnet, subnet prefix,
maximum number of hosts, and broadcast address for that subnet.

12 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 2-1: Configure Cisco Switches
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this lab activity, you will monitor switch bootup procedure and enable basic switch configuration. You
will configure port settings, MOTD, and enable SSH access to the switches. In the second part of the lab
activity, you will enable the port security feature and verify operation of Spanning Tree Protocol.

Note Students from two different pods are working in a team. All Cisco ME340x switches are
running Cisco IOS Software. The first pod in the team will work on the switch SWx (where x
is 1, 3, 5, or 7), while the second pod in the same team will work on the SWy (where y is 2,
4, 6, or 8). Switch SWxy (where xy is 12, 34, 56, or 78) is shared between two pods in the
team, and students from both pods will access a shared switch. Students in the same team
should coordinate their lab activity.

After completing this activity, you will be able to meet these objectives:
 Monitor bootup procedure of the switch
 Enable basic configuration of the switch
 Enable SSH access to the switch
 Configure and verify Spanning Tree Protocol
 Configure EtherChannel
 Configure and verify port security

© 2012 Cisco Systems, Inc. Lab Guide 13


Visual Objective
The figure illustrates what you will accomplish in this activity.

• Monitor boot procedure


• Enable basic configuration
Team z • Enable SSH access
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2

Fa0/23 Fa0/22
Configure EtherChannel
Fa0/21
Fa0/21
• Configure and verify spanning tree protocol
• Configure and verify port security
Fa0/23
SWxy Fa0/21

Fa0/22
Fa0/23

Gi0/0 Fa0/1
CEy Pod y SWy PEy

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-10

Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 An SSH client installed on the PC

14 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.

Cisco IOS Commands


Command Description

banner motd # message # Defines and enables a message-of-the-day banner


in global configuration mode

channel-group number mode on Manually creates a port-channel interface

configure terminal Enters configuration mode

copy running-config startup- Saves running configuration


config
crypto key generate rsa Generates RSA key pairs in global configuration
mode, which enables SSH access on the device

duplex {full | half | auto} Configures duplex operation on an interface in


interface configuration mode

Enable Enters router privileged mode

enable password password Sets router enable password

erase startup-config Clears router startup configuration

exec-timeout minutes seconds Sets line EXEC timeout

hostname hostname Configures the router hostname

interface interface Enters interface configuration mode

interface vlan vlan_id Creates logical interface for management purposes


on the switch

ip address ip_address Sets a primary or secondary IPv4 address for an


subnet_mask interface and the subnet mask

ip domain name name Defines a default domain name that the Cisco IOS
Software uses to complete unqualified hostnames
(names without a dotted-decimal domain name) in
global configuration mode

line con 0 Enters line console configuration

line vty first_line last_line Enters line vty configuration

logging synchronous Synchronizes message output on the line

Login Enables login on the line

login local Enables password checking at login in line


configuration mode. Selects local password
checking. Authentication is based on the username
specified with the username global configuration
command

password password Sets line password

port-type {eni | nni | uni} Sets the port type in interface configuration mode

reload Reloads router

show etherchannel summary Displays one line of information per port-channel

show interfaces

© 2012 Cisco Systems, Inc. Lab Guide 15


Command Description

show port-security [interface Displays the ports on which port security has been
intf_id] address enabled. Also displays count information and
security actions to be taken per interface

show port-security address Displays MAC address table security information

show running-config Displays running configuration

show spanning-tree root Shows where root bridge resides

show spanning-tree vlan Reveals spanning tree mode, bridge ID of local


vlan_id switch (Bridge ID) and Bridge ID of Root bridge
(Root ID), and also displays port roles and statuses

show ssh Displays SSH connections to the device

show version Displays router hardware and software version,


uptime and license activated

shutdown Shuts down an interface

speed {10 | 100 | 1000 Configures the speed for a Fast Ethernet or Gigabit
[negotiate] | auto [speed- Ethernet interface in interface configuration mode
list]}
ssh –l username ip_address Starts an encrypted session with a remote
networking device in privileged EXEC or user EXEC
mode

switchport port-security Enables port security on interface

switchport port-security mac- Converts learned MAC address to sticky secure


address sticky MAC address

switchport port-security Defines what action an interface will take if a


violation {shutdown | restrict nonallowed MAC address attempts access
| protect}

username name password secret Establishes a username-based authentication


system in global configuration mode

16 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Task 1: Boot Cisco ME340x Switch and Perform Basic
Configuration
In this task, you will examine switch configuration, erase switch startup configuration, and reload switch.
While the switch is reloading, you will monitor bootup procedure. You will configure switch initial
configuration.

Activity Procedure
Complete these steps on the pod SW switch running Cisco IOS:
Step 1 Log in to the SW switch in your pod and examine the running configuration. Write down the
following parameters from the running configuration:

Parameter Value

Hostname

Enable password

VTY login password

Step 2 On your pod switch and shared switch, erase the startup configuration and reload the switch.
Do not save the configuration, if asked. Confirm the reload and observe the bootup
procedure. Do not enter initial configuration dialog when asked.
Step 3 On your pod switch and shared switch, configure the hostname, enable password, and vty
login password. Set console EXEC timeout to infinity and enable synchronous logging. Save
the configuration. For hostname and passwords, use the information in the Job Aids section.
Step 4 On your pod switch and shared switch, define a MOTD banner, saying “Access for
authorized users only. Please enter your username and password.”
Step 5 On your pod switch and shared switch, set port duplex and speed settings on links connecting
to other switches to “full” and 100 Mb/s. Enable these ports. For port identification, use
information in the Job Aids section.
Step 6 On your pod switch, set port duplex and speed settings on links connecting to CE and PE
routers to “full” and 100 Mb/s. Enable these ports. For port identification, use information in
the Job Aids section.
Step 7 On the CE and PE pod routers, set duplex and speed settings on the link connecting to the
pod switch to “full” and 100 Mb/s. For port identification, use information in the Job Aids
section. The PE router running Cisco IOS XE Software will require disabling duplex
negotiation. Use the no negotiation auto interface command to disable duplex negotiation
and then configure the duplex “full.”
Step 8 On your pod switch, shut down interface Fast Ethernet 0/24, connecting to the shared team
switch. By doing this, you will have only one active connection between your pod switch and
shared team switch.
Step 9 On your pod switch and shared switch, change the port type of interfaces Gigabit Ethernet
0/1 and Gigabit Ethernet 0/2 to UNI. By default, Gigabit Ethernet interfaces are configured
as NNI port types.
Step 10 On your pod switch, change the port type of interface Fast Ethernet 0/2 to NNI.
Step 11 On your pod switch, change the port type of interfaces Fast Ethernet 0/21, Fast Ethernet 0/22,
and Fast Ethernet 0/23 to NNI. On your team shared switch, change the port type of
interfaces Fast Ethernet 0/21 and Fast Ethernet 0/23 to NNI.

© 2012 Cisco Systems, Inc. Lab Guide 17


Note By default, ports configured as NNI port type participate in STP protocol and are able to
bundle interfaces to EtherChannel.

Activity Verification
You have completed this task when you attain these results:

Note All outputs are taken from devices in team 1.

 On the pod switch, verify the running configuration. The running configuration should include
components configured in this task.
SW1#show running-config
Building configuration...

Current configuration : 2034 bytes


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 100
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0/1
speed 100
duplex full
!
interface FastEthernet0/2
port-type nni
speed 100

18 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
duplex full
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
port-type nni
speed 100
duplex full
!
interface FastEthernet0/22
port-type nni
speed 100
duplex full
!
interface FastEthernet0/23

© 2012 Cisco Systems, Inc. Lab Guide 19


port-type nni
speed 100
duplex full
!
interface FastEthernet0/24
shutdown
speed 100
duplex full
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
!
no ip http server
ip http secure-server
ip sla enable reaction-alerts
banner motd ^C Access for authorized users only. Please enter your username
and password. ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end

SW1#

SW2#show running-config
Building configuration...

Current configuration : 2022 bytes


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!

20 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0/1
speed 100
duplex full
!
interface FastEthernet0/2
port-type nni
speed 100
duplex full
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!

© 2012 Cisco Systems, Inc. Lab Guide 21


interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
port-type nni
speed 100
duplex full
!
interface FastEthernet0/22
port-type nni
speed 100
duplex full
!
interface FastEthernet0/23
port-type nni
speed 100
duplex full
!
interface FastEthernet0/24
shutdown
speed 100
duplex full
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
!
no ip http server
ip http secure-server
ip sla enable reaction-alerts
banner motd ^C Access for authorized users only. Please enter your username
and password. ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end

SW2#

SW12#show running-config
Building configuration...

Current configuration : 1986 bytes


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

22 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
!
hostname SW12
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 22
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11

© 2012 Cisco Systems, Inc. Lab Guide 23


shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
port-type nni
speed 100
duplex full
!
interface FastEthernet0/22
speed 100
duplex full
!
interface FastEthernet0/23
port-type nni
speed 100
duplex full
!
interface FastEthernet0/24
speed 100
duplex full
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
no ip http server
ip http secure-server
ip sla enable reaction-alerts
banner motd ^C Access for authorized users only. Please enter your username
and password. ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco

24 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
login
line vty 5 15
password cisco
login
!
end

SW12#
 Log out from your pod switch and access it again via the console. Verify that the banner appears and
the enable password is required.

SW1#exit

SW1 con0 is now available

Press RETURN to get started.

Access for authorized users only. Please enter your username and password.
SW1>enable
Password: cisco
SW1#
 Verify duplex and speed settings on interfaces:
SW1#show interfaces FastEthernet 0/23
FastEthernet0/23 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.70b5.6419 (bia e8ba.70b5.6419)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
< text omitted >
 On your pod switch, verify the switch status by examining the show version output.
SW1#show version
Cisco IOS Software, ME340x Software (ME340x-METROACCESSK9-M), Version
12.2(53)SE, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 13-Dec-09 17:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02600000

ROM: Bootstrap program is ME340x boot loader


BOOTLDR: ME340x Boot Loader (ME340x-HBOOT-M) Version 12.2(44r)EY, RELEASE
SOFTWARE (fc1)

SW1 uptime is 1 hour, 7 minutes


System returned to ROM by power-on
System image file is "flash:me340x-metroaccessk9-mz.122-53.SE/me340x-
metroaccessk9-mz.122-53.SE.bin"

This product contains cryptographic features and is subject to United


States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

© 2012 Cisco Systems, Inc. Lab Guide 25


A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to


export@cisco.com.

cisco ME-3400E-24TS-M (PowerPC405) processor (revision E0) with 131072K bytes


of memory.
Processor board ID FOC1520V222
Last reset from power-on
1 Virtual Ethernet interface
25 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.


Base ethernet MAC Address : E8:BA:70:B5:64:00
Motherboard assembly number : 73-11449-11
Motherboard serial number : FOC151946RU
Model revision number : E0
Motherboard revision number : B0
Model number : ME-3400E-24TS-M
Daughterboard assembly number : 73-11450-02
Daughterboard serial number : FOC151908Y6
System serial number : FOC1520V222
Top Assembly Part Number : 800-29843-03
Top Assembly Revision Number : D0
Version ID : V03
CLEI Code Number : COMBW00BRA
Daughterboard revision number : A0
Hardware Board Revision Number : 0x04

Switch Ports Model SW Version SW Image


------ ----- ----- ---------- ----------
* 1 26 ME-3400E-24TS-M 12.2(53)SE ME340x-METROACCESSK9-M

Configuration register is 0xF


 On your pod switch and shared switch, verify the interface type information by using the show port-
type command.
SW1#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 Network Node Interface (nni)
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 Network Node Interface (nni)

26 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)

SW2#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 Network Node Interface (nni)
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 Network Node Interface (nni)
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)

SW12#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 User Network Interface (uni)
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 User Network Interface (uni)
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)

© 2012 Cisco Systems, Inc. Lab Guide 27


Task 2: Enable SSH Access to the Switch
In this task, you will enable SSH access to your pod switch.

Activity Procedure
Complete these steps:
Step 1 On your pod switch SWx (where x is your pod number 1, 3, 5, or 7), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.1/24 (where z is your team
number). On your pod switch SWy (where y is your pod number 2, 4, 6, or 8), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.2/24 (where z is your team
number). On your team shared switch SWxy (where xy is 12, 34, 56, or 78), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.3/24 (where z is your team
number). Enable interface Vlan 1 on your pod and shared switch.
Step 2 On your pod switch, configure the domain name to cisco.com.
Step 3 On your pod switch, generate an RSA key pair, which automatically enables SSH.
Step 4 On your pod switch, populate the local database with username “cisco” and password
“cisco.”
Step 5 On your pod switch, on the vty lines, select local password checking from the local database.

Activity Verification
You have completed this task when you attain these results:
 You can access your team shared switch via the console and access both pod switches in the team
using SSH:
SW12#ssh -l cisco 10.111.111.1

Password: cisco
Access for authorized users only. Please enter your username and password.
SW1>exit

[Connection to 10.111.111.1 closed by foreign host]


SW12#ssh -l cisco 10.111.111.2

Password: cisco
Access for authorized users only. Please enter your username and password.
SW2>exit

[Connection to 10.111.111.2 closed by foreign host]


SW12#

Task 3: Verify STP Operation


In this task, you will verify STP operation. By default, Rapid PVST+ mode is configured on Cisco
ME340x switches. Your team shared switch has been preconfigured to become root bridge by setting its
bridge priority value to the lowest value.

Activity Procedure
Complete these steps:
Step 1 On your pod switch, verify which ports are in blocking state and what are interface spanning
tree costs. Because there are two physical loops in the topology, two ports should be blocked
to break these two loops.
SW1#show spanning-tree vlan 1

28 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address e8ba.70b5.6400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type


------------------- ---- --- --------- -------- ------------------------------
--
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/21 Altn BLK 19 128.23 P2p
Fa0/22 Altn BLK 19 128.24 P2p
Fa0/23 Root FWD 19 128.25 P2p

SW2#show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address e8ba.70b5.5e00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type


------------------- ---- --- --------- -------- ------------------------------
--
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/21 Desg FWD 19 128.23 P2p
Fa0/22 Desg FWD 19 128.24 P2p
Fa0/23 Root FWD 19 128.25 P2p

SW12#show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 5835.d9d6.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type


------------------- ---- --- --------- -------- ------------------------------
--
Fa0/21 Desg FWD 19 128.23 P2p
Fa0/23 Desg FWD 19 128.25 P2p

Note By default, interfaces configured as NNI port type participate in spanning tree operation.

© 2012 Cisco Systems, Inc. Lab Guide 29


Step 2 On your pod switch, verify which port connects to the root bridge.
SW1#show spanning-tree root

Root Hello Max Fwd


Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 5835.d9d6.0000 19 2 20 15 Fa0/23
SW2#show spanning-tree root

Root Hello Max Fwd


Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 5835.d9d6.0000 19 2 20 15 Fa0/23
SW12#show spanning-tree root

Root Hello Max Fwd


Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 5835.d9d6.0000 0 2 20 15

Activity Verification
You have completed this task when you attain these results:
 On your pod switch, verify which ports are in blocking state and what are interface spanning tree
costs.
 On your pod switch, verify which port connects to the root bridge.

Task 4: Configuring EtherChannel


In this task, you will configure EtherChannel.

Activity Procedure
Complete these steps:
Step 1 On your pod switch, manually bundle interfaces Fast Ethernet 0/21 and Fast Ethernet 0/22
(no negotiation protocol used) to logical interface port-channel 1.

Note If interfaces are put in err-disabled state, administratively disable and then enable interfaces.

Activity Verification
You have completed this task when you attain these results:
 On your pod switch, verify that interface port-channel 1 is up and running:
SW1#show interfaces Port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70b5.6417 (bia e8ba.70b5.6417)
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >

SW2#show interfaces Port-channel 1


Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70b5.5e17 (bia e8ba.70b5.5e17)
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set

30 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >
 On your pod switch, verify which ports are members of port-channel 1.
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met


u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1


Number of aggregators: 1

Group Port-channel Protocol Ports


------+-------------+-----------+---------------------------------------------
--
1 Po1(SU) - Fa0/21(P) Fa0/22(P)

SW2#show etherchannel summary


Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met


u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1


Number of aggregators: 1

Group Port-channel Protocol Ports


------+-------------+-----------+---------------------------------------------
--
1 Po1(SU) - Fa0/21(P) Fa0/22(P)
 On your pod switch, verify that, instead of interfaces Fast Ethernet 0/21 and Fast Ethernet 0/22, only
logical interface port-channel1, with lowered spanning tree cost, participates in spanning tree
operation:
SW1#show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address e8ba.70b5.6400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

© 2012 Cisco Systems, Inc. Lab Guide 31


------------------- ---- --- --------- -------- ------------------------------
--
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/23 Root FWD 19 128.25 P2p
Po1 Altn BLK 12 128.56 P2p

SW2#show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address e8ba.70b5.5e00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type


------------------- ---- --- --------- -------- ------------------------------
--
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/23 Root FWD 19 128.25 P2p
Po1 Desg FWD 12 128.56 P2p

Task 5: Configuring Port Security


In this task, you will configure the port security feature on your pod switch and verify its operation.

Activity Procedure
Complete these steps:
Step 1 On your pod switch, enable the port security feature for interface Fast Ethernet 0/1
connecting to your pod CE router.
Step 2 Convert the learned MAC address to a sticky secure MAC address.
Step 3 Define “shutdown” as the action that the interface will take if a nonallowed MAC address
attempts to access interface Fast Ethernet 0/1.
Step 4 On your pod switch and shared switch, save the configuration.

Activity Verification
You have completed this task when you attain these results:
 Verify the ports on which port security has been enabled and display violation count information and
security actions to be taken for interface Fast Ethernet 0/1:
SW1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
---------------------------------------------------------------------
------
Fa0/1 1 1 0
Shutdown
---------------------------------------------------------------------
------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120

32 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
SW1#show port-security interface FastEthernet 0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : e8b7.482c.a180:1
Security Violation Count : 0
 Compare the MAC address of the CE router interface Gigabit Ethernet 0/0 with the port security
sticky MAC address. They should be the same:
SW1#show port-security address
Secure Mac Address Table
---------------------------------------------------------------------
---
Vlan Mac Address Type Ports Remaining
Age
(mins)
---- ----------- ---- ----- ----------
---
1 e8b7.482c.a180 SecureSticky Fa0/1 -
---------------------------------------------------------------------
---
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120

CE1#show interface GigabitEthernet 0/0


GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is e8b7.482c.a180 (bia
e8b7.482c.a180)
Internet address is 192.168.101.11/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is
unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 7000 bits/sec, 0 packets/sec
5 minute output rate 4000 bits/sec, 0 packets/sec
203422 packets input, 209865086 bytes, 0 no buffer

© 2012 Cisco Systems, Inc. Lab Guide 33


Received 157498 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 157483 multicast, 0 pause input
0 input packets with dribble condition detected
707208 packets output, 616095479 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
3 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
4 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

34 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 3-1: Configure Basic Router Configuration
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will monitor the router bootup procedure, enable basic router configuration, and
configure a basic EIGRP. After completing this activity, you will be able to meet these objectives:
 Examine running configuration of the router
 Monitor the bootup procedure of the router
 Enable a basic configuration on the router
 Configure and verify basic EIGRP operations

Note Students from two different pods are working in a team. The CE routers in both pods are
running Cisco IOS Software. The first pod within a team will work on the PE router running
Cisco IOS XR Software, and the second pod within the same team will work on the PE
router running Cisco IOS XE Software.
Students in the same team should coordinate their lab activity.

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx Pod x EIGRP AS x PEx

1. Examine running configuration


2. Monitor boot procedure
3. Enable basic configuration
4. Enable EIGRP in the AS
Pod y EIGRP AS y

CEy PEy

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-11

© 2012 Cisco Systems, Inc. Lab Guide 35


Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 An SSH client installed on the PC

Command List
The table describes the commands that are used in this lab activity.

Cisco IOS/IOS XE Commands


Command Description

cdp enable Enables the Cisco Discovery Protocol on an interface

cdp run Enables the Cisco Discovery Protocol globally

configure terminal Enters configuration mode

copy running-config Saves the running configuration


startup-config
enable Enters router privilege mode

enable password password Sets router enable password

erase startup-config Clears router startup configuration

exec-timeout minutes Sets line EXEC timeout


seconds
hostname hostname Configures the router hostname

interface interface Enters interface configuration mode

ip address ip_address Sets a primary or secondary IPv4 address for an interface


subnet_mask and the subnet mask

license boot (for Cisco Configures the license on the module


IOS XE only)
line con 0 Enters line console configuration

line vty first_line Enters line vty configuration


last_line
logging synchronous Synchronizes message output on the line

login Enables login on the line

network network Enables EIGRP on the network


wildcard_mask
password password Sets the line password

ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP

reload Reloads the router

router eigrp AS_number Creates an EIGRP process

show ip eigrp interface Displays EIGRP interface information

show ip eigrp neighbor Displays EIGRP neighbor information

36 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command Description

show ip eigrp topology Displays lists of information related to the EIGRP topology
for a specific router

show ip interface brief Displays the interface status and IPv4 addresses
configured

show ip route Displays the current routes in the routing table

show platform Displays router hardware and software characteristics

show running-config Displays running configuration

show version Displays router hardware and software version, uptime,


and license activated

shutdown Shuts down an interface

Cisco IOS XR Commands


Command Description

address-family ipv4 Enters address family configuration mode for EIGRP (in
unicast EIGRP configuration mode)

cdp Enables the Cisco Discovery Protocol globally or on an


interface

commit Commits changes to the running configuration

commit replace Clears the router active configuration

configure terminal Enters configuration mode

domain vrf default name Sets the domain name on the router
domain_name
exec-timeout minutes Sets line EXEC timeout
seconds
hostname hostname Configures the router hostname

interface interface Enters interface configuration mode

interface interface Defines the interfaces on which the EIGRP protocol runs

ipv4 address Sets a primary or secondary IPv4 address for an interface


ip_address/len and the subnet mask using the prefix length format

line con 0 Enters line console configuration

ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP

reload Reloads the router

router eigrp AS_number Creates an EIGRP process

show eigrp interface Displays EIGRP interface information

show eigrp neighbor Displays EIGRP neighbor information

show eigrp topology Displays lists of information related to the EIGRP topology
for a specific router

show ipv4 interface brief Displays interface status and IPv4 addresses configured

show platform Displays router hardware and software characteristics

© 2012 Cisco Systems, Inc. Lab Guide 37


Command Description

show route Displays the current routes in the routing table

show running-config Displays the running configuration

show version Displays the router hardware and software version, uptime,
and license activated

shutdown Shuts down an interface

speed speed Sets speed on the Ethernet interface

Task 1: Boot Cisco Router and Perform Basic Configuration


In this task, you will examine router configuration, erase router startup configuration, and reload the
router. While the router is reloading, you will monitor the boot procedure. You will configure the router
initial configuration.

Activity Procedure
Complete these steps:
Step 1 Log in to the CE router in your pod and examine the running configuration. Write down the
following parameters from the running configuration:

CE Router Parameters
Parameter Value

Hostname

Enable password

vty login password

Step 2 On the CE router in your pod, erase the startup configuration and reload the router. Do not
save the configuration when asked. Observe the bootup procedure. Do not enter the initial
configuration dialog when asked.
Step 3 On the CE router in your pod, configure the hostname, enable the password “cisco”, and the
vty login password “cisco”. To set the hostname, use Job Aids. Set the console EXEC
timeout to infinity and enable synchronous logging. Save the configuration.
Step 4 On the CE router in your pod, enable and assign the IP address to Loopback 0 and the first
Gigabit Ethernet interfaces. To assign the IP addresses, use Job Aids.
Step 5 Log in to the PE router running Cisco IOS XR Software in your pod and examine the
running configuration. Write down the following parameters from the running configuration:

Cisco IOS XR PE Router Parameters


Parameter Value

Hostname

Domain VRF default name

Management interface and IP address

Gigabit Ethernet 0/0/0/0 speed

38 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 6 On the PE router (Cisco IOS XR Software) in your pod, erase the configuration and reload
the router. Observe the bootup procedure. The bootup procedure will take several minutes.
Proceed when you see modules A9K-RSP-4G and A9K-40GE-L running:
RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON
Step 7 On the PE router (IOS XR) in your pod, configure the hostname and domain VRF default
name “ciscolab.com”. Set the console EXEC timeout to infinity. Enable the interface and
start Cisco Discovery Protocol and assign the IP address to the first management interface,
Loopback 0, and the first Gigabit Ethernet interfaces. Set the speed to the first Gigabit
Ethernet interface to “100.” To configure the hostname and interface IP addresses, use the
Job Aids.

Note In the Cisco IOS XR Software, Cisco Discovery Protocol must be enabled globally and on
the interface with the cdp global and interface command.

Step 8 Log in to the PE router running Cisco IOS XE Software in your pod and examine the running
configuration. Write down the following parameters from the running configuration:

Cisco IOS XE PE Router Parameters


Parameter Value

Hostname

Enable password

vty login password

Management interface and IP address

Step 9 On the PE router (Cisco IOS XE Software) in your pod, erase the startup configuration and
reload the router. Do not save the configuration when asked. Observe the bootup procedure.
Do not enter the initial configuration dialog when asked and terminate autoinstall.
Step 10 On the PE router (Cisco IOS XE Software) in your pod, configure the hostname, enable
password “cisco” and the vty password “cisco”. Set the console EXEC timeout to infinity
and synchronous login. Enable the interface and assign the IP address to the management
interface, Loopback 0, and first Gigabit Ethernet interfaces. Enable Cisco Discovery
Protocol. To configure the hostname and interface IP addresses, use Job Aids. Set the duplex
and speed settings on the first Gigabit Ethernet interface to “full” and “100”. The PE router
running Cisco IOS XE Software will require disabling duplex negotiation. Use the no
negotiation auto interface command to disable duplex negotiation and then configure duplex
“full”.
Step 11 On the PE router (Cisco IOS XE Software) in your pod, use the license boot module
asr1001 group all level adventerprise command to configure the adventerprise license.

© 2012 Cisco Systems, Inc. Lab Guide 39


Activity Verification
You have completed this task when you attain these results:
 On the CE and PE routers in your pod, verify the running configuration. The running configuration
should include components configured in this task.
 On the CE and PE routers in your pod, verify the interface status. Loopback 0 and the first Gigabit
Ethernet interfaces should be up with the IP address assigned.
CE1#show ip interface brief | include up
GigabitEthernet0/0 192.168.101.11 YES manual up up
Loopback0 10.1.10.1 YES manual up up

RP/0/RSP0/CPU0:PE1#show ipv4 interface brief | include Up


Loopback0 10.1.1.1 Up Up
MgmtEth0/RSP0/CPU0/0 10.10.10.17 Up Up
GigabitEthernet0/0/0/0 192.168.101.10 Up Up

 On the CE and PE routers in your pod, verify the router status.


CE1#show version | include uptime | Software
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5,
RELEASE SOFTWARE (fc2)
CE1 uptime is 24 minutes

RP/0/RSP0/CPU0:PE1#show version | include Software


Cisco IOS XR Software, Version 4.1.0[Default]
RP/0/RSP0/CPU0:PE1#show version | include uptime
PE1 uptime is 17 minutes

PE2#show version | include uptime | Software


Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version
15.1(1)S, RELEASE SOFTWARE (fc1)
PE2 uptime is 5 minutes
 On the CE and PE routers in your pod, monitor system components.
CE1#show platform versions

Platform Revisions/Versions :
===========================
FPGA : 5.02 [Val = 0x502]
Board Rev : 2 [Val = 0x203; Type = 3]
Env Rev : 4.5 [Val = 0x405, Bit 15 = 0]
PSEQ Rev : 3.05 [Val = 0x305]
I/O Ctl Nm : GA 1.1 [Val = 0x47410101]
I/O Ctl Ver: 2 [Val = 0x20316447]

CPU information :
---------------
Company ID = 0xD
Processor ID = 0x7
Revision = 0x8
Company OPTs = 0x0
USB Con BL : 1.01 (Boot Loader)
USB Con FW : 2.02 (Application Firmware)
USB Con FWU: 2.02 (Application Firmware Upgrade)

IOS :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:41 by prod_rel_team

40 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
ROMMON (Readonly) :
System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2010 by cisco Systems, Inc.

RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON

 Verify IPv4 connectivity between CE and PE routers in your pod. Ping should be successful.
CE1#ping 192.168.101.10

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Sat Apr 22 03:58:51.887 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 On the PE router running Cisco IOS XE Software in your pod, verify that the license is activated.
PE2#show version | include adventerprise
asr1001 adventerprise 1 YES adventerprise

Task 2: Basic EIGRP Configuration


In this task, you will enable EIGRP between the CE and PE routers in your pod.

Activity Procedure
Complete these steps:
Step 1 On the CE and PE routers in your pod, enable the EIGRP process. The autonomous system
number should be the same as the pod number. Enable EIGRP on the Loopback0 and first
Gigabit Ethernet interfaces.

Activity Verification
You have completed this task when you attain these results:
 On the CE and PE routers in your pod, verify that EIGRP is running on Loopback0 and the first
Gigabit Ethernet interfaces.
CE1#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 1 0/0 5 0/1 50 0
Lo0 0 0/0 0 0/1 0 0

RP/0/RSP0/CPU0:PE1#show eigrp interfaces


IPv4-EIGRP interfaces for AS(1)

© 2012 Cisco Systems, Inc. Lab Guide 41


Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0/0/0 1 0/0 4 0/10 50 0
Lo0 0 0/0 0 640/640 0 0

PE2#show ip eigrp interfaces


EIGRP-IPv4 Interfaces for AS(2)
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0/0 1 0/0 1 0/1 50 0
Lo0 0 0/0 0 0/1 0 0
 On the CE and PE routers in your pod, verify that the EIGRP neighbor is up.
CE1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.101.10 Gi0/0 10 00:06:08 5 200 0 3

RP/0/RSP0/CPU0:PE1#show eigrp neighbors


IPv4-EIGRP neighbors for AS(1) vrf default

H Address Interface Hold Uptime SRTT RTO Q Seq


(sec) (ms) Cnt Num
0 192.168.101.11 Gi0/0/0/0 14 00:06:17 4 200 0 3

PE2#show ip eigrp neighbors


EIGRP-IPv4 Neighbors for AS(2)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.102.21 Gi0/0/0 14 00:01:40 1 200 0 3

 On the CE and PE routers in your pod, verify the EIGRP topology table. You should see the
Loopback0 interface network from the neighboring router.
CE1#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.10.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 10.1.1.1/32, 1 successors, FD is 156160


via 192.168.101.10 (156160/128256), GigabitEthernet0/0
P 192.168.101.0/24, 1 successors, FD is 28160
via Connected, GigabitEthernet0/0
P 10.1.10.1/32, 1 successors, FD is 128256
via Connected, Loopback0

RP/0/RSP0/CPU0:PE1#show eigrp topology


IPv4-EIGRP Topology Table for AS(1)/ID(10.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,


r - reply Status, s - sia Status

P 10.1.10.1/32, 1 successors, FD is 153856


via 192.168.101.11 (153856/128256), GigabitEthernet0/0/0/0
P 10.1.1.1/32, 1 successors, FD is 128256
via Connected, Loopback0
P 192.168.101.0/24, 1 successors, FD is 25856
via Connected, GigabitEthernet0/0/0/0

42 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
PE2#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(2)/ID(10.2.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 10.2.10.1/32, 1 successors, FD is 156160


via 192.168.102.21 (156160/128256), GigabitEthernet0/0/0
P 10.2.1.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 192.168.102.0/24, 1 successors, FD is 28160
via Connected, GigabitEthernet0/0/0
 On the CE and PE routers in your pod, verify that the EIGRP route is entered into the routing table.
CE1#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

10.0.0.0/32 is subnetted, 2 subnets


D 10.1.1.1 [90/156160] via 192.168.101.10, 00:16:03, GigabitEthernet0/0

RP/0/RSP0/CPU0:PE1#show route eigrp


D 10.1.10.1/32 [90/153856] via 192.168.101.11, 00:15:57,
GigabitEthernet0/0/0/0

PE2#show ip route eigrp


Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks


D 10.2.10.1/32
[90/156160] via 192.168.102.21, 00:03:35, GigabitEthernet0/0/0
 Verify IPv4 connectivity between the CE and PE router Loopback interfaces in your pod by using an
extended ping command. Ping should be successful.
CE1#ping 10.1.1.1 source 10.1.10.1

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

RP/0/RSP0/CPU0:PE1#ping 10.1.10.1 source 10.1.1.1


Fri Apr 21 23:09:05.224 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

© 2012 Cisco Systems, Inc. Lab Guide 43


Lab 4-1: Implement Internet Connectivity
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will connect and configure a customer site to the Internet. After completing this
activity, you will be able to meet these objectives:
 Configure DHCP IPv4
 Configure DHCP IPv6
 Configure static routing for the Internet access
 Configure NAT

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx Pod x PEx
NAT Gi0/0
Internet

Gi0/1

Corporate
Network

IPv4 and
Static route to Internet
IPv6 DHCP
Corporate
Network

Gi0/1 Internet

NAT Gi0/0
CEy Pod y PEy

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-12

Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 An SSH client that is installed on the PC

44 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.

Cisco IOS Commands


Command Description

configure terminal Enters configuration mode

copy running-config Saves the running configuration


startup-config
default-router address Specifies the IP address of the default router for a DHCP
client

dns-server address Specifies the IP address of a DNS server that is available


to a DHCP client

domain-name domain Specifies the domain name for the client

enable Enters router privileged mode

enable password password Sets router enable password

interface interface Enters interface configuration mode

ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask

ip dhcp excluded-address Specifies the IP addresses that the DHCP server should
low-address [high-address] not assign to DHCP clients

ip dhcp pool name Creates a name for the DHCP server address pool and
places you in DHCP pool configuration mode

ipv6 address ipv6- Specifies an IPv6 address that is assigned to the interface
prefix/prefix-length
ipv6 dhcp pool poolname Enables configured DHCP on interface

ipv6 dhcp server pool_name Associates the IPv6 DHCP pool with the interface

ipv6 unicast-routing Enables IPv6 on the router globally

network network- Specifies the subnet network number and mask of the
number[mask|/prefix- DHCP address pool
length]
no shutdown Enables the router interface

ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP

show ip dhcp Displays a list of all bindings that are created on a specific
binding [address] DHCP server

show ip dhcp pool name Verifies the configured DHCP pool

show ip interface brief Displays the interface status and IPv4 addresses
configured

show ip route Displays the current routes in the routing table

show running-config Displays the running configuration

© 2012 Cisco Systems, Inc. Lab Guide 45


Task 1: Configure DHCP on CE Router
In this task, you will configure the IPv4 DHCP server on the CE router for site clients. You will also
configure the IPv6 DHCP for clients who will be assigned a DHCPv6 address. Use the following table
when configuring DHCP on the CE router.

DHCP Parameters
Parameter Value

IPv4 DHCP range 192.168.255.0/24

IPv4 DHCP excluded addresses 192.168.255.1 – 192.168.255.99

IPv4 default gateway 192.168.255.1/24

IPv4 DNS server 8.8.8.8

IPv4 domain name ciscolab.com

IPv6 DNS server 2001:db8:0:abcd::3

IPv6 domain name ciscolab.com

Activity Procedure
Complete these steps:
Step 1 On the CE router in your pod, assign an IPv4 address to the Gigabit Ethernet 0/1 interface
according to the following table, and enable the interface. Enable interface Fast Ethernet 0/1
and Fast Ethernet 0/2 on the shared switch.

CE Router Gigabit Ethernet 0/1 IP Addresses


Parameter Value

IPv6 address 2001:db8:0:abcd::1/48

IPv4 address 192.168.255.1/24

Step 2 On the CE router in your pod, exclude the range of IPv4 addresses that will be omitted in the
DHCP pool, create a DHCP pool named “CE_pool” and enter the range of IP addresses that
will be provided to network hosts, set the IP default gateway, name server, and domain name
using information that is gathered from the DHCP Parameters table.
Step 3 On the CE router in your pod, enable IPv6 routing.
Step 4 On the CE router in your pod, create an IPv6 DHCP pool called “CE_IPv6”, set the domain
name and DNS server address that is found in the DHCP Parameters table.
Step 5 On the CE router in your pod, enable IPv6 and DHCP IPv6 on interface Gigabit Ethernet 0/1.
Additionally, assign an IPv6 address on that interface, as shown in the table, CE Router
Gigabit Ethernet 0/1 IP Addresses.

Activity Verification
You have completed this task when you attain these results:
 On the CE router in your pod, verify interface status. Loopback0 and first and second Gigabit
Ethernet interfaces should be up with an IP address assigned:
CE1#show ip interface brief
Interface IP-Address OK? Method Status
Protocol

46 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
GigabitEthernet0/0 192.168.101.11 YES manual up
up
GigabitEthernet0/1 192.168.255.1 YES manual up
up
Loopback0 10.1.10.1 YES manual up
up
 Verify configured DHCP pool information. Output should be similar to the following:
CE1#show ip dhcp pool CE_pool

Pool CE_pool :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range
Leased addresses
192.168.255.1 192.168.255.1 - 192.168.255.254 0
 Verify DHCP configuration:
CE1#show running-config | section ipv6 dhcp
ipv6 dhcp pool CE_IPv6
dns-server 2001:DB8:0:ABCD::3
domain-name ciscolab.com
ipv6 dhcp server CE_IPv6
CE1#show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
ip address 192.168.255.1 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:DB8:0:ABCD::1/48
ipv6 enable
ipv6 dhcp server CE_IPv6

Task 2: Configure Static Routing for Internet Access


In this task, you will configure static routing for Internet access on the CE router.

Activity Procedure
Complete these steps:
Step 1 On the CE router in your pod, Gigabit Ethernet 0/0 interface is used to access a simulated
Internet network. Configure the default static route to the Internet.

© 2012 Cisco Systems, Inc. Lab Guide 47


Activity Verification
You have completed this task when you attain this result:
 Verify routing table for the static default route:
CE1#show ip route static
< text omitted >

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0

Task 3: Configure PAT on CE Router


In this task, you will configure Port Address Translation on the CE router. The CE router Gigabit
Ethernet 0/1 will be used as the internal interface and Gigabit Ethernet 0/0 will be used as the external
interface.

Activity Procedure
Complete these steps:
Step 1 Create a standard access list permitting network hosts from the 192.168.255.0/24 network.
Step 2 On the CE router in your pod, configure PAT so that network hosts from the 192.168.1.0/24
network will translate to the IP address of interface Gigabit Ethernet 0/0.
Step 3 Configure Gigabit Ethernet 0/1 as the inside interface and Gigabit Ethernet 0/0 as the outside
NAT interface.
Step 4 From the CE router in your pod, ping the PE router Gigabit Ethernet 0/0/0/0 interface using
the source IP address of Gigabit Ethernet 0/1 interface. The ping should be successful.
CE1#ping 192.168.101.10 source GigabitEthernet0/1

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2
seconds:
Packet sent with a source address of 192.168.255.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms

48 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain this result:
 Verify the NAT translation. The output that shows the NAT translation should be similar to the
following:
CE1#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
icmp 192.168.101.11:3 192.168.255.1:3 192.168.101.10:3
192.168.101.10:3
CE2#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
icmp 192.168.102.21:3 192.168.255.1:3 192.168.102.20:3
192.168.102.20:3

© 2012 Cisco Systems, Inc. Lab Guide 49


Lab 4-2: Configure Data Link Layer Encapsulation
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure a POS interface on the PE router. You will also implement and
troubleshoot PPP on the POS interface. After completing this activity, you will be able to meet these
objectives:
 Configure a POS interface
 Configure PPP on the POS interface
 Troubleshoot PPP configuration

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z Team z+2


CEx Pod x PEx P1 PEx+2 Pod x+2 CEx+2

Pod y Pod y+2

CEy PEy P2 PEy+2 CEy+2

Configure POS interface

Enable PPP encapsulation

Legend: Gi
Gi
Fa
OC3 POS
OC3 POS

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-13

Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 An SSH client that is installed on the PC

50 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.

Cisco IOS XE Commands


Command Description

configure terminal Enters configuration mode

copy running-config Saves the running configuration


startup-config
clock source {line | Sets the clock source to the interface
internal | loop-timed}
crc size Sets the length of the cyclic redundancy check

debug ppp authentication Enables debug of PPP authentication

debug ppp negotiation Enables debug of PPP negotiation

enable Enters router privileged mode

encapsulation encapsulatio Sets the interface encapsulation method


n-type
interface interface Enters interface configuration mode

ip address ip-address mask Sets an IP address for an interface

keepalive [seconds] Sets the keepalive timer for a specific interface

no shutdown Enables the router interface


ppp authentication {chap | Enables authentication of the remote PPP peer
ms-chap | ms-chap-v2 | eap
|pap} [callin]
show controllers Displays information about controllers on the router

show ip interface brief Displays interface status and IPv4 addresses configured

show running-config Displays the running configuration

username name {nopassword Sets the username for establishing a username-based


| password password | authentication system
password encryption-type
encrypted-password}

© 2012 Cisco Systems, Inc. Lab Guide 51


Task 1: Configure a POS Interface on the PE Router
In this task, you will configure a POS interface on pod PE (Cisco IOS XE Software) router. The PE (IOS
XE) routers from two teams are connected with the POS interface.

Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XE Software), use the show controllers command to
verify what framing type POS interfaces are using. The default framing type should be
“SONET”:
PE2#show controllers pos 0/2/0 | include Framing
Framing: SONET
PE2#show controllers pos 0/2/1 | include Framing
Framing: SONET
Step 2 On your pod PE router (Cisco IOS XE Software), enable the POS interfaces and set the IP
address. The IP addresses can be found in the Job Aids.
Step 3 On your pod PE router (Cisco IOS XE Software), POS interfaces set a keepalive interval to 5
seconds.
Step 4 On your pod PE router (Cisco IOS XE Software), POS interfaces set the clock source for
both interfaces. The teams 1 and 3 (PE2 and PE6 routers) will set clock source to internal,
teams 2 and 4 (PE4 and PE8) will set clock source to line.
Step 5 On your pod PE router (Cisco IOS XE Software), POS interfaces set CRC to 32 bits.

Note Regarding the FCS length, with one exception, the 32-bit FCS must be used for all
SONET/SDH rates. For Synchronous Transport Signal (STS)-3c- Systems Process
Engineering (SPE)/VC-4 only, the 16-bit FCS may be used, although the 32-bit FCS is
recommended. The FCS length is set by provisioning and is not negotiated.

Activity Verification
You have completed this task when you attain these results:
 On the PE router (Cisco IOS XE Software) in your pod, verify the interface status. The status of both
POS interfaces should be up and running with configured IP addresses.
PE2#show ip interface brief | include POS
POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
 When you check controller status, the framing should be set to SONET, and clock source should be
set to internal or line:
PE2#show controllers pos 0/2/0 | include Framing|Clock source
Framing: SONET
Clock source: internal
PE2#show controllers pos 0/2/1 | include Framing|Clock source
Framing: SONET
Clock source: internal

PE4#show controllers pos 0/2/0 | include Framing|Clock source

52 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Framing: SONET
Clock source: line
PE4#show controllers pos 0/2/1 | include Framing|Clock source
Framing: SONET
Clock source: line

 Verify POS interface encapsulation (HDLC), CRC (32 bits) and keepalive interval (5 seconds):
PE2#show int pos 0/2/0 | include line
protocol|Encapsulation|Keepalive
POS0/2/0 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Keepalive set (5 sec)
PE2#show int pos 0/2/1 | include line
protocol|Encapsulation|Keepalive
POS0/2/1 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Keepalive set (5 sec)

Task 2: Configure PPP on POS Interface


In this task, you will configure PPP encapsulation on the POS interfaces.

Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XE Software), POS interfaces set encapsulation to PPP.

Note If interfaces do not show up, wait while your partner team finishes configuration and then
check again.

Step 2 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 3 On your pod PE router (Cisco IOS XE Software), administratively disable the POS 0/2/0
interface and then enable it again.
Step 4 Observe debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:32:37.848: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:32:37.848: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:32:37.848: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:32:37.849: PPP: Alloc Context [7F5336CD3628]
*Sep 21 23:32:37.849: ppp3 PPP: Phase is ESTABLISHING
*Sep 21 23:32:37.849: PO0/2/0 PPP: Using default call direction
*Sep 21 23:32:37.849: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:32:37.849: PO0/2/0 PPP: Session handle[43000003] Session id[3]
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.849: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 14
*Sep 21 23:32:37.849: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.849: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]

© 2012 Cisco Systems, Inc. Lab Guide 53


*Sep 21 23:32:37.853: PO0/2/0 LCP: I CONFREQ [REQsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xB982CB71 (0x0506B982CB71)
*Sep 21 23:32:37.853: PO0/2/0 LCP: O CONFACK [REQsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xB982CB71 (0x0506B982CB71)
*Sep 21 23:32:37.853: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:32:37.853: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep
21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.853: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:32:37.864: PO0/2/0 PPP: Queue IPCP code[1] id[1]
*Sep 21 23:32:37.880: PO0/2/0 PPP: No authorization without authentication
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:32:37.880: PO0/2/0 LCP: State is Open
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is ESTABLISHING, Finish LCP
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is UP
*Sep 21 23:32:37.880: PO0/2/0 IPCP: Protocol configured, start CP.
state[Initial]
*Sep 21 23:32:37.880: PO0/2/0 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.881: PO0/2/0 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:32:37.881: PO0/2/0 PPP: Process pending ncp packets
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Redirect packet to PO0/2/0
*Sep 21 23:32:37.881: PO0/2/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]7.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS0/2/0,
changed state to up
*Sep 21 23:32:37.882: PO0/2/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Sep 21 23:32:37.882: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:32:37.882: PO0/2/0 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:32:37.912: PO0/2/0 IPCP: State is Open
*Sep 21 23:32:37.912: PO0/2/0 Added to neighbor route AVL tree: topoid 0,
address 192.168.211.40
*Sep 21 23:32:37.912: PO0/2/0 IPCP: Install route to 192.168.211.40
*Sep 21 23:32:37.850: %LINK-3-UPDOWN: SIP0/2: Interface POS0/2/0, changed
state to up
Step 5 On your pod PE router (Cisco IOS XE Software), turn off debugging.
Step 6 On your pod PE router (Cisco IOS XE Software), POS interfaces enable two-way CHAP
authentication. Authenticate routers with their hostnames and set the password to “cisco”.

Note During this process, your POS interfaces will fall into the down state because one of the
sides is not temporarily configured for CHAP authentication. Wait while your partner team
finishes configuration and then proceed.

54 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 7 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 8 On your pod PE router (Cisco IOS XE Software), administratively disable the POS 0/2/0
interface and then enable it again.
Step 9 Observe the debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:44:26.755: PO0/2/0 PPP: Fast Starting
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing FastStart message
*Sep 21 23:44:26.755: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:44:26.755: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:44:26.756: PPP: Alloc Context [7F5336CD2DB8]
*Sep 21 23:44:26.756: ppp22 PPP: Phase is ESTABLISHING
*Sep 21 23:44:26.756: PO0/2/0 PPP: Using default call direction
*Sep 21 23:44:26.756: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:44:26.756: PO0/2/0 PPP: Session handle[98000018] Session id[22]
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFREQ [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFACK [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.776: PO0/2/0 PPP: Phase is AUTHENTICATING, by both
*Sep 21 23:44:26.776: PO0/2/0 CHAP: O CHALLENGE id 1 len 24 from "PE2"
*Sep 21 23:44:26.776: PO0/2/0 LCP: State is Open
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I CHALLENGE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP SENDAUTH Request
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I RESPONSE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP LOGIN Request
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received SENDAUTH Response PASS
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using hostname from configured hostname
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using password from AAA

© 2012 Cisco Systems, Inc. Lab Guide 55


*Sep 21 23:44:26.787: PO0/2/0 CHAP: O RESPONSE id 1 len 24 from "PE2"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received LOGIN Response PASS
*Sep 21 23:44:26.787: PO0/2/0 IPCP: Authorizing CP
*Sep 21 23:44:26.787: PO0/2/0 IPCP: CP stalled on event[Authorize CP]
*Sep 21 23:44:26.787: PO0/2/0 IPCP: CP unstall
*Sep 21 23:44:26.788: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:44:26.788: PO0/2/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 21 23:44:26.788: PO0/2/0 CHAP: O SUCCESS id 1 len 4
*Sep 21 23:44:26.795: PO0/2/0 CHAP: I SUCCESS id 1 len 4
*Sep 21 23:44:26.795: PO0/2/0 PPP: Phase is UP
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Protocol configured, start CP.
state[Initial]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Start. Her address 192.168.211.40,
we want 0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Reject 192.168.211.40, using
0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Done. Her address 192.168.211.40,
we want 0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.796: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS0/2/0, changed state to up
*Sep 21 23:44:26.796: PO0/2/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Sep 21 23:44:26.796: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:44:26.796: PO0/2/0 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.808: PO0/2/0 IPCP: State is Open
*Sep 21 23:44:26.808: PO0/2/0 Added to neighbor route AVL tree: topoid 0,
address 192.168.211.40
*Sep 21 23:44:26.808: PO0/2/0 IPCP: Install route to 192.168.211.40
*Sep 21 23:44:27.440: %LINK-3-UPDOWN: SIP0/2: Interface POS0/2/0, changed
state to up
Step 10 On your pod PE (Cisco IOS XE Software) router, turn off debugging.

Activity Verification
You have completed this task when you attain these results:
 On your pod PE router (Cisco IOS XE Software), verify the POS interfaces status.
PE2#show ip interface brief | include POS
POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
 On your pod PE router (Cisco IOS XE Software), verify the POS interfaces encapsulation, which
should be PPP:
PE2#show interface pos 0/2/0 | include Encapsulation

56 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Encapsulation PPP, LCP Open
PE2#show interface pos 0/2/1 | include Encapsulation
Encapsulation PPP, LCP Open
 On your pod PE router (Cisco IOS XE Software), verify IP connectivity to the neighbor PE router
POS interface by using the ping command:
PE2#ping 192.168.211.40

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.211.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PE2#ping 192.168.212.40

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 192.168.212.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PE4#ping 192.168.211.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.211.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PE4#ping 192.168.212.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.212.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

© 2012 Cisco Systems, Inc. Lab Guide 57


Lab 5-1: Configure Network Management Tools
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this lab activity, you will discover neighboring devices using Cisco Discovery Protocol and configure
host logging. In the second part of the lab activity, you will use NTP to acquire the correct time on
devices using NTP, and configure IP SLA.
After completing this activity, you will be able to meet these objectives:
 Configure and verify Cisco Discovery Protocol
 Configure logging
 Configure and verify NTP
 Configure and verify IP SLA

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx Pod x SWx PEx
CDP
NTP client CDP NTP server

Configure IP SLA
Configure host logging
CDP
SWxy

CDP
NTP client CDP NTP server
CEy Pod y SWy PEy

CDP = Cisco Discovery Protocol


© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-14

Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 An SSH client installed on the PC

58 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.

Cisco IOS/IOS XE Commands


Command Description

cdp run Enables CDP globally in global configuration mode.

configure terminal Enters configuration mode

copy running-config startup- Saves the running configuration


config
enable Enters router privileged mode

interface interface Enters interface configuration mode

ip address ip_address Sets a primary or secondary IPv4 address for an


subnet_mask interface and the subnet mask

logging buffered [severity] Copies logging messages to the logging buffer

logging console [severity] Enables logging to the console

ntp server ip_address Forms a server NTP association in global


configuration mode

show cdp neighbors Displays detailed information about neighboring


devices discovered using Cisco Discovery Protocol

show cdp neighbors interface Displays additional details about neighbors,


detail including network addresses, enabled protocols,
and software version

show interfaces Displays interface information

show logging Displays the state of system logging and the


contents of the system logging buffer

show ntp associations Displays the status of NTP associations

show ntp status Displays the status of NTP

show running-config Displays the running configuration

Cisco IOS XR Commands


Command Description

cdp Enables Cisco Discovery Protocol globally or per


interface

configure terminal Enters configuration mode

copy running-config startup- Saves the running configuration


config
destination address ip_address Specifies the destination IP address for ICMP echo
operation

enable Enters router privilege mode

frequency seconds Defines frequency of IP SLA probes, in seconds

interface interface Enters interface configuration mode

interface interface disable Disables NTP services on the specified interface in

© 2012 Cisco Systems, Inc. Lab Guide 59


Command Description
NTP configuration mode

ip address ip_address Sets a primary or secondary IPv4 address for an


subnet_mask interface and the subnet mask

ipsla Enters IP SLA configuration mode

life forever Defines that IP SLA operation runs indefinitely

logging buffered [severity] Copies logging messages to the logging buffer

logging console [severity] Enables logging to the console

master stratum Makes the router an authoritative NTP server

ntp Enters NTP configuration mode

operation operation_number Specifies the operation number for IP SLA

ping ip_address Verifies connectivity of the IP address

schedule operation Enters schedule operation mode


operation_number
show cdp neighbors Displays detailed information about neighboring
devices discovered using Cisco Discovery Protocol

show cdp neighbors interface Displays additional details about neighbors,


detail including network addresses, enabled protocols,
and software version

show interfaces Displays interface information

show ipsla statistics Displays operational data and latest statistics for the
operation_number IP SLA operation

show logging Displays the state of system logging and the


contents of the system logging buffer

show running-config Displays the running configuration

start-time now Defines that IP SLA operation starts immediately

type icmp echo Defines ICMP echo operation type

Task 1: Configure and Verify Cisco Discovery Protocol


In this task, you will configure and verify Cisco Discovery Protocol. You will discover neighbors of your
pod switch using Cisco Discovery Protocol.

Activity Procedure
Complete these steps on the pod switch:
Step 1 On the pod switch and shared team switch, enable Cisco Discovery Protocol globally.

Note Remember that on Cisco ME switches, Cisco Discovery Protocol is enabled by default only
on NNI ports. Ports Fast Ethernet 0/2, Fast Ethernet 0/21, Fast Ethernet 0/22, Fast Ethernet
0/23 on your pod switch should be configured as NNI ports.

Step 2 On the pod PE router, enable Cisco Discovery Protocol globally and on the first Gigabit
Ethernet interface.

60 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
 Verify neighbors of your pod switch:
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID


SW12 Fas 0/23 135 S I ME-3400E- Fas 0/23
SW2.cisco.com Fas 0/22 134 S I ME-3400E- Fas 0/22
SW2.cisco.com Fas 0/21 134 S I ME-3400E- Fas 0/21
PE1.ciscolab.com Fas 0/2 128 R ASR9K Ser Gig
0/0/0/0
Mgmt-S1 Fas 0 124 S I WS-C3560G Gig 0/1
 From the pod switch, verify pod PE router software version and IP address using Cisco Discovery
Protocol:
SW1#show cdp neighbors FastEthernet 0/2 detail
-------------------------
Device ID: PE1.ciscolab.com
Entry address(es):
IP address: 192.168.101.10
Platform: cisco ASR9K Series, Capabilities: Router
Interface: FastEthernet0/2, Port ID (outgoing port): GigabitEthernet0/0/0/0
Holdtime : 164 sec

Version :
Cisco IOS XR Software, Version 4.1.0[Default]
Copyright (c) 2011 by Cisco Systems, Inc.

advertisement version: 2
Duplex: full
Management address(es):

Task 2: Configure Logging


In this task, you will configure logging to the router console and logging buffer.

Activity Procedure
Complete these steps:
Step 1 On the pod PE router, configure logging. Messages with all severities should be logged,
including debugging severity.
Step 2 On the pod PE router, configure logging to the logging buffer. Messages with all severities
but debugging should be logged.

Activity Verification
You have completed this task when you attain these results:
 On the pod PE router, clear the content of the logging buffer.
RP/0/RSP0/CPU0:PE1#clear logging
Fri Jul 7 14:52:59.185 UTC
Clear logging buffer [confirm] [y/n] :y
RP/0/RSP0/CPU0:PE1#

PE2#clear logging
Clear logging buffer [confirm] < Enter >
PE2#

© 2012 Cisco Systems, Inc. Lab Guide 61


 On the pod PE router, enable the second Gigabit Ethernet interface.
RP/0/RSP0/CPU0:PE1(config)#interface GigabitEthernet 0/0/0/1
RP/0/RSP0/CPU0:PE1(config-if)#no shutdown
RP/0/RSP0/CPU0:PE1(config-if)#commit

PE2(config)#interface GigabitEthernet 0/0/1


PE2(config-if)#no shutdown
 On the pod PE router, verify that you received messages on the console about the state of this
interface going down and later up, when your neighbor pod enables interface on their PE router.
PE1 (Cisco IOS XR Software) output:
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINK-3-UPDOWN :
Interface GigabitEthernet0/0/0/1, changed state to Down
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Down
RP/0/RSP0/CPU0:Jul 7 14:58:21.507 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000270' to view the changes.
RP/0/RSP0/CPU0:PE1(config-if)#LC/0/0/CPU0:Jul 7 14:58:39.714 : ifmgr[189]:
%PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to
Up
LC/0/0/CPU0:Jul 7 14:58:39.715 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Up

PE2 (Cisco IOS XE Software) output:


*Sep 22 16:00:20.218: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed
state to down
PE2(config-if)#
*Sep 22 16:00:20.628: %LINK-3-UPDOWN: SIP0/0: Interface GigabitEthernet0/0/1,
changed state to down
PE2(config-if)#
*Sep 22 16:00:23.332: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed
state to up
*Sep 22 16:00:24.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0/1, changed state to up
*Sep 22 16:00:23.332: %LINK-3-UPDOWN: SIP0/0: Interface GigabitEthernet0/0/1,
changed state to up

 On the pod PE router, verify that you received the same messages to the logging buffer:
RP/0/RSP0/CPU0:PE1#show logging
Fri Jul 7 15:05:47.791 UTC
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 91 messages logged
Monitor logging: level debugging, 0 messages logged
Trap logging: level informational, 0 messages logged
Buffer logging: level informational, 11 messages logged

Log Buffer (307200 bytes):

LC/0/0/CPU0:Jul 7 14:56:29.204 : ifmgr[189]: %PKT_INFRA-LINK-3-UPDOWN :


Interface GigabitEthernet0/0/0/10, changed state to Down
LC/0/0/CPU0:Jul 7 14:56:29.204 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/10, changed state to Down
RP/0/RSP0/CPU0:Jul 7 14:56:30.701 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000268' to view the changes.
LC/0/0/CPU0:Jul 7 14:58:03.946 : ifmgr[189]: %PKT_INFRA-LINK-5-CHANGED :
Interface GigabitEthernet0/0/0/10, changed state to Administratively Down
RP/0/RSP0/CPU0:Jul 7 14:58:05.522 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000269' to view the changes.
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINK-3-UPDOWN :
Interface GigabitEthernet0/0/0/1, changed state to Down

62 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Down
RP/0/RSP0/CPU0:Jul 7 14:58:21.507 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000270' to view the changes.
LC/0/0/CPU0:Jul 7 14:58:39.714 : ifmgr[189]: %PKT_INFRA-LINK-3-UPDOWN :
Interface GigabitEthernet0/0/0/1, changed state to Up
LC/0/0/CPU0:Jul 7 14:58:39.715 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Up
RP/0/RSP0/CPU0:Jul 7 15:05:43.689 : config[65728]: %MGBL-SYS-5-CONFIG_I :
Configured from console by root

PE2#show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: level debugging, 623 messages logged, xml disabled,


filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level informational, 624 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 157 message lines logged

Log Buffer (4096 bytes):

*Sep 22 16:00:20.218: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed


state to down
*Sep 22 16:00:20.628: %LINK-3-UPDOWN: SIP0/0: Interface GigabitEthernet0/0/1,
changed state to down
*Sep 22 16:00:23.332: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed
state to up
*Sep 22 16:00:24.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0/1, changed state to up
*Sep 22 16:00:23.332: %LINK-3-UPDOWN: SIP0/0: Interface GigabitEthernet0/0/1,
changed state to up
*Sep 22 16:08:00.016: %SYS-5-CONFIG_I: Configured from console by console

Task 3: Configure and Verify NTP


In this task, you will configure your pod PE router as the authoritative NTP server and your pod CE
router as an NTP client. The NTP client will synchronize the clock with the PE router.

Activity Procedure
Complete these steps:
Step 1 Make the pod PE router as the authoritative stratum 1 NTP server and disable all NTP
services on the second Gigabit Ethernet interface.
Step 2 Enable the pod CE router to synchronize the clock to the NTP server.

© 2012 Cisco Systems, Inc. Lab Guide 63


Activity Verification
You have completed this task when you attain these results:

Note NTP synchronization may take up to 10 minutes.

 Verify that the pod CE router clock is synchronized with the clock of the pod PE router.
CE1#show ntp associations

address ref clock st when poll reach delay offset disp


*~192.168.101.10 .LOCL. 1 33 64 17 2.364 0.166 939.07
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
 On the pod CE router, verify status of NTP.
CE1#show ntp status
Clock is synchronized, stratum 2, reference is 192.168.101.10
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24
reference time is BD1090C4.A8525CDC (17:24:20.657 UTC Fri Jul 7 2000)
clock offset is 0.1667 msec, root delay is 2.36 msec
root dispersion is 943.34 msec, peer dispersion is 939.07 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 64, last update was 37 sec ago.

Task 4: Configuring and Verifying IP SLA


In this task, you will configure IP SLA on the pod PE router, running Cisco IOS XR Software. IP SLA
will be used to monitor IP connections to the pod CE router by using the IP SLA ICMP echo operation.

Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XR Software), use the IP SLA ICMP echo operation
number 432 to monitor IP connections to your pod CE router. IP SLA ICMP echo probes
should be sent every 30 seconds, starting now.

Note Wait for a few minutes and verify operational data and the latest statistics for the IP SLA
operation 432.

Activity Verification
You have completed this task when you attain these results:
 Verify connectivity from the pod PE router (Cisco IOS XR Software) to the pod CE router.
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 On the pod PE router (Cisco IOS XR Software), verify operational data and the latest statistics for
the IP SLA operation 432:
RP/0/RSP0/CPU0:PE1#show ipsla statistics 432
Entry number: 432
Modification time: 17:17:13.246 UTC Fri Jul 07 2000
Start time : 17:17:13.250 UTC Fri Jul 07 2000
Number of operations attempted: 3
Number of operations skipped : 0
Current seconds left in Life : Forever
Operational state of entry : Active

64 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Connection loss occurred : FALSE
Timeout occurred : FALSE
Latest RTT (milliseconds) : 1
Latest operation start time : 17:18:13.457 UTC Fri Jul 07 2000
Latest operation return code : OK
RTT Values:
RTTAvg : 1 RTTMin: 1 RTTMax : 1
NumOfRTT: 1 RTTSum: 1 RTTSum2: 1

Note Use the Cisco IOS XR no ipsla schedule operation 432 and commit commands to clear
IP SLA operation 432.

© 2012 Cisco Systems, Inc. Lab Guide 65


Lab 5-2: Configure AAA
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this lab activity, you will configure AAA authentication to authenticate the Telnet sessions to the
router using the local username database.
After completing this activity, you will be able to meet this objective:
 Configure and verify AAA authentication to authenticate the Telnet sessions to the router using the
local database

Visual Objective
The figure illustrates what you will accomplish in this activity.

Team z
CEx Pod x PEx

AAA
Telnet

Pod y

AAA

CEy Telnet PEy

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-15

Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 An SSH client installed on the PC

66 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.

Cisco IOS/IOS XE Commands


Command Description

configure terminal Enters configuration mode

copy running-config startup- Saves the running configuration


config
enable Enters router privileged mode

show running-config Displays the running configuration

aaa new-model Enables the AAA access control model in global


configuration mode

username name {nopassword | Establishes a username-based authentication


password password | password system in global configuration mode
encryption-type encrypted-
password}
aaa authentication login Sets AAA authentication at login in global
{default | list-name} { configuration mode
method1 [method2..
line [aux | console | tty | Identifies a specific line for configuration and enters
vty] line-number [ending-line- line configuration collection mode in global
number] configuration mode

login authentication {default Enables AAA authentication for logins in line


| list-name} configuration mode

Cisco IOS XR Commands


Command Description

configure terminal Enters configuration mode

enable Enters router privileged mode

group {root-system | root-lr | Adds a user to a group in username configuration


netadmin | sysadmin | operator mode
| cisco-support | serviceadmin
| group-name}
line template template-name Specifies a user-defined line template and enters
line template configuration mode in global
configuration mode

login authentication {default Enables AAA authentication for logins in line


| list-name} template configuration mode

password password Creates a login password for a user in the username


configuration mode or line template configuration
mode

ping ip_address Verifies connectivity of IP address

show running-config Displays the running configuration

telnet {ipv4 | ipv6} server Enables Telnet services on a networking device and
max-servers limit sets number of allowable Telnet sessions

© 2012 Cisco Systems, Inc. Lab Guide 67


Command Description

transport input { all | none | Defines the transport protocols that can be used to
ssh | telnet } access the router in the appropriate line
configuration mode

username user-name Configures a new user with a username and enters


username configuration mode in either global
configuration or administration configuration mode

vty-pool { default | eem | Creates a vty pool in global configuration mode


pool-name } first-vty last-vty
[ line-template { default |
template-name } ]

Task 1: Configure AAA Authentication


In this task, you will configure and verify AAA authentication to authenticate the Telnet sessions to the
router. Any user accessing PE via Telnet will be authenticated against the PE local database using AAA.

Activity Procedure
Complete these steps on the pod PE router running Cisco IOS XR Software:
Step 1 On your pod PE router (Cisco IOS XR Software), enable Telnet services and set the number
of allowable Telnet sessions to 10.
Step 2 On your pod PE router (Cisco IOS XR Software), create a username “user” with password
“user” in local database and put the user in the sysadmin group.
Step 3 On your pod PE router (Cisco IOS XR Software), configure an authentication method list.
Name the method list “vty-authen,” which should use the local username database method
for vty (Telnet) authentication.
Step 4 On your pod PE router (Cisco IOS XR Software), configure a line user-defined template,
named Template, which allows only inbound Telnet connections for vty lines 5 to 50.
Step 5 On your pod PE router (Cisco IOS XR Software), apply the authentication method vty-
authen to line template Template.
Complete these steps on the pod PE router running Cisco IOS XE software:
Step 6 On the pod PE router (Cisco IOS XE Software), enable the AAA access control model.
Step 7 On the pod PE router (Cisco IOS XE Software), create a username “user” with the password
“user” in the local database.
Step 8 On the pod PE router (Cisco IOS XE Software), configure the authentication method list.
Name the method list vty-authen, which should use the local username database method for
vty (Telnet) authentication.
Step 9 On the pod PE router (Cisco IOS XE Software), apply the authentication method vty-authen
to vty lines from 0 to 4.

Activity Verification
You have completed this task when you attain these results:
 From the pod CE router, use Telnet to connect to your pod PE router. Log in using the username that
you created in the local database of the pod PE router:
CE1# telnet 192.168.101.10
Trying 192.168.101.10 ... Open

User Access Verification

68 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Username: user
Password: <user>

RP/0/RSP0/CPU0:PE1#

CE2#telnet 192.168.102.20
Trying 192.168.102.20 ... Open

User Access Verification

Username: user
Password: <user>

PE2>

 On the pod PE router, verify that a user with the username “user” is logged in:
PE1 (Cisco IOS XR)
RP/0/RSP0/CPU0:PE1#show users
Fri Jul 7 18:05:17.648 UTC
Line User Service Conns Idle Location
aux0/RSP0/CPU0 hardware 0 1d08h
* con0/RSP0/CPU0 root hardware 0 00:00:00
vty0 user telnet 0 00:01:57
192.168.101.11
PE2 (Cisco IOS XE)
PE2#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user idle 00:01:07 192.168.102.21

Interface User Mode Idle Peer Address


PO0/2/0 PE4 Sync PPP 00:00:01 192.168.211.40
PO0/2/1 PE4 Sync PPP 00:00:03 192.168.212.40

© 2012 Cisco Systems, Inc. Lab Guide 69


Answer Key
The correct answers and expected solutions for the lab activities that are described in this guide appear
here.

Lab 1-1 Answer Key: Verify Host IP Configuration


This lab activity has no answer key, since answers and verifications are performed during lab procedure.

Lab 1-2 Answer Key: Configure Subnetting


When you complete this activity, your results will match the results here.

Task 1: Divide Address Space into Correctly Sized Subnets


Given a network 192.168.0.0/21 and maximum number of hosts, the completed table is shown
here.

Required Number Subnet Maximum Subnet


of Hosts Number of Hosts Broadcast
per Subnet Address

300 192.168.0.0/23 510 192.168.1.255

200 192.168.2.0/24 254 192.168.2.255

150 192.168.3.0/24 254 192.168.3.255

100 192.168.4.0/25 126 192.168.4.127

50 192.168.4.128/26 62 192.168.4.191

40 192.168.4.192/26 62 192.168.4.255

20 192.168.5.0/27 30 192.168.5.31

Lab 2-1 Answer Key: Configuring Cisco Switches


When you complete this lab activity, device configuration and device outputs will be similar to the
results shown here, with differences that are specific to your pod.

Task 1: Boot Cisco ME340x Switch and Perform Basic Configuration


Step 1 Values gathered with running configuration from SW1 switch.

Parameter Value

Hostname SW1

Enable password Cisco

vty login password cisco

Step 2 Clearing SW1 switch configuration.


SW1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm] <Enter>
[OK]
Erase of nvram: complete
SW1#reload

System configuration has been modified. Save? [yes/no]: no

70 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Proceed with reload? [confirm] <Enter>
< text omitted >
Would you like to enter the initial configuration dialog? [yes/no]:no
Step 3 Basic configuration entered on the SW1 switch.
Switch>enable
Switch#configure terminal
Switch(config)#hostname SW1
SW1(config)#enable password cisco
SW1(config)#line con 0
SW1(config-line)#exec-timeout 0
SW1(config-line)#logging synchronous
SW1(config)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#end
SW1#copy running-config startup-config
Step 4 Configuring MOTD banner.
SW1(config)# banner motd # Access for authorized users only. Please enter your
username and password. #
Step 5 Configuring duplex and speed settings on inter-switch links.
SW1(config)#interface range FastEthernet 0/21 - 24
SW1(config-if)#duplex full
SW1(config-if)#speed 100
SW1(config-if)#no shutdown

SW2(config)# interface range FastEthernet 0/21 - 24


SW2(config-if)#duplex full
SW2(config-if)#speed 100
SW2(config-if)#no shutdown

SW12(config)# interface range FastEthernet 0/21 - 24


SW12(config-if)#duplex full
SW12(config-if)#speed 100
SW12(config-if)#no shutdown
Step 6 Configuring duplex and speed settings on pod 1 and 2 switches for links connecting to pod
CE and PE routers.
SW1(config)#interface range FastEthernet 0/1 - 2
SW1(config-if)#duplex full
SW1(config-if)#speed 100
SW1(config-if)#no shutdown

SW2(config)# interface range FastEthernet 0/1 - 2


SW2(config-if)#duplex full
SW2(config-if)#speed 100
SW2(config-if)#no shutdown

Step 7 Configuring duplex and speed settings on pod router links connecting to your pod switch.
CE1(config)#interface GigabitEthernet0/0
CE1(config-if)#duplex full
CE1(config-if)#speed 100

RP/0/RSP0/CPU0:PE5(config)#interface GigabitEthernet 0/0/0/0


RP/0/RSP0/CPU0:PE5(config-if)#speed 100
RP/0/RSP0/CPU0:PE5(config-if)#commit

CE2(config)#interface GigabitEthernet0/0
CE2(config-if)#duplex full
CE2(config-if)#speed 100

PE2(config)#interface GigabitEthernet0/0/0
PE2(config-if)#no negotiation auto

© 2012 Cisco Systems, Inc. Lab Guide 71


PE2(config-if)#duplex full
PE2(config-if)#speed 100

Step 8 Shut down interface Fast Ethernet 0/24 on SW1 and SW2 switches connecting to shared
SW12 switch.
SW1(config)#interface FastEthernet 0/24
SW1(config-if)#shutdown

SW2(config)#interface FastEthernet 0/24


SW2(config-if)#shutdown

Step 9 Change the port type of interfaces Gigabit Ethernet 0/1 and Gigabit Ethernet 0/2 to UNI.
SW1(config)#interface range GigabitEthernet 0/1 - 2
SW1(config-if)#port-type uni

SW2(config)#interface range GigabitEthernet 0/1 - 2


SW2(config-if)#port-type uni

SW12(config)#interface range GigabitEthernet 0/1 - 2


SW12(config-if)#port-type uni

Step 10 Change the port type of interface Fast Ethernet 0/2 to NNI on SW1 and SW2 switches.
SW1(config)#interface FastEthernet 0/2
SW1(config-if)#port-type nni

SW2(config)#interface FastEthernet 0/2


SW2(config-if)#port-type nni
Step 11 Change the port type to NNI on SW1, SW2, and SW12 switches.
SW1(config)#interface range FastEthernet 0/21 - 23
SW1(config-if)#port-type nni

SW2(config)#interface range FastEthernet 0/21 - 23


SW2(config-if)#port-type nni

SW12(config)#interface FastEthernet 0/21


SW12(config-if)#port-type nni
SW12(config)#interface FastEthernet 0/23
SW12(config-if)#port-type nni

Task 2: Enable SSH Access to the Switch


Step 1 Set management IP on logical interface vlan 1 on SW1, SW2, and SW12.
SW1(config)#interface vlan 1
SW1(config-if)#ip address 10.111.111.1 255.255.255.0
SW1(config-if)#no shutdown

SW2(config)#interface vlan 1
SW2(config-if)#ip address 10.111.111.2 255.255.255.0
SW2(config-if)#no shutdown

SW12(config)#interface vlan 1
SW12(config-if)#ip address 10.111.111.3 255.255.255.0
SW12(config-if)#no shutdown

Step 2 Configure domain name on pod switch to cisco.com:


SW1(config)#ip domain name cisco.com

Step 3 Generate RSA key pair on the pod switch, which automatically enables SSH:
SW1(config)#crypto key generate rsa

72 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
The name for the keys will be: SW1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: <Enter>


% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

*Mar 1 01:27:03.250: RSA key size needs to be atleast 768 bits for ssh
version 2
*Mar 1 01:27:03.258: %SSH-5-ENABLED: SSH 1.5 has been enabled

Step 4 Specify username and password on pod switch local database:


SW1(config)#username cisco password cisco

Step 5 On the vty lines, select the local password checking from local database:
SW1(config)#line vty 0 15
SW1(config-line)#login local

Task 3: Verify STP Operation


There is no configuration needed to complete this task.

Task 4: Configuring EtherChannel


Step 1 EtherChannel configured on SW1 and SW 2 switches.
SW1(config)#interface range FastEthernet 0/21 - 22
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1

SW2(config)#interface range FastEthernet 0/21 - 22


SW2(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1

Task 5: Configuring Port Security


Step 1 On SW1 switch enable port security feature for interface FastEthernet 0/1:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security

Step 2 On SW1 switch convert learned MAC address to sticky secure MAC address:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security mac-address sticky

Step 3 On SW1 switch define “shutdown” as action which interface will take if a nonallowed MAC
address attempts access interface FastEthernet 0/1:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security violation shutdown
Step 4 On SW1, SW2 and SW12 switches save configuration.
SW1# copy running-config startup-config
Destination filename [startup-config]? <Enter>
Building configuration...
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW1#

SW2# copy running-config startup-config


Destination filename [startup-config]? <Enter>

© 2012 Cisco Systems, Inc. Lab Guide 73


Building configuration...
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW2#

SW12# copy running-config startup-config


Destination filename [startup-config]? <Enter>
Building configuration...
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW12#

Lab 3-1 Answer Key: Configure Basic Router Configuration


When you complete this activity, your configuration will be similar to the results here, with differences
that are specific to your device, pod, or team:

Task 1: Boot Cisco Router and Perform Basic Configuration


During this task you need to enter the following commands:
Step 1 Values gathered from the running configuration on CE1 router.

CE1 Router Parameters


Parameter Value

Hostname CE1

Enable password Cisco

VTY login password Cisco

Step 2 Clearing CE1 router configuration and reload.


CE1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm] <Enter>
[OK]
Erase of nvram: complete

CE1#reload

System configuration has been modified. Save? [yes/no]: no


Proceed with reload? [confirm] <Enter>
<...output omitted...>
Would you like to enter the initial configuration dialog? [yes/no]:no
Step 3 Basic configuration entered on the CE1 router.
enable
configure terminal
hostname CE1
enable password cisco
line con 0
exec-timeout 0
logging synchronous
line vty 0 15
password cisco
login
end
copy running-config startup-config

74 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 4 Interface configuration entered on the CE1 router.
interface loopback 0
ip address 10.1.10.1 255.255.255.255
exit
interface gigabitethernet 0/0
ip address 192.168.101.11 255.255.255.0
no shutdown

Step 5 Values gathered from the running configuration on PE1 router running Cisco IOS XR
Software.

Cisco IOS XR PE1 Router Parameters


Parameter Value

Hostname PE1

Domain VRF default name ciscolab.com

Management interface and IP address MgmtEth0/RSP0/CPU0/0, 10.10.10.17/24

GigabitEthernet0/0/0/0 speed 100

Step 6 Clearing PE1 (Cisco IOS XR) router configuration and reload.
RP/0/RSP0/CPU0:PE1#configure terminal
RP/0/RSP0/CPU0:PE1(config)#commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: yes

RP/0/RSP0/CPU0:ios(config)#end

RP/0/RSP0/CPU0:ios#reload
Standby card not present or not Ready for failover. Proceed?[confirm] <Enter>
Preparing system for backup. This may take a few minutes especially for large
configurations.
Status report: node0_RSP0_CPU0: START TO BACKUP
Status report: node0_RSP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
Proceed with reload? [confirm] <Enter>

Step 7 Configuration entered on the PE1 (Cisco IOS XR) router:


configure terminal
hostname PE1
cdp
domain vrf default name ciscolab.com
line con 0
exec-timeout 0
interface loopback 0
ipv4 address 10.1.1.1 255.255.255.255
interface mgmteth0/rsp0/cpu0/0
cdp
ipv4 address 10.10.10.17 255.255.255.0
no shutdown
interface gigabitethernet0/0/0/0
cdp
ipv4 address 192.168.101.10 255.255.255.0
speed 100
no shutdown
commit

© 2012 Cisco Systems, Inc. Lab Guide 75


Step 8 Values gathered from the running configuration on PE2 router running Cisco IOS XE
Software.

Cisco IOS XE PE2 Router Parameters


Parameter Value

Hostname PE2

Enable password Cisco

VTY login password Cisco

Management interface and IP address GigabitEthernet0, 10.10.10.16/24

Step 9 Clearing PE2 (Cisco IOS XE) router configuration and reload.
PE2#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm] <Enter>
[OK]
Erase of nvram: complete

PE2#reload

System configuration has been modified. Save? [yes/no]: no


Proceed with reload? [confirm] <Enter>
<...output omitted...>
Would you like to enter the initial configuration dialog? [yes/no]:no

Step 10 Configuration entered on the PE2 (Cisco IOS XE) router.


enable
configure terminal
hostname PE2
line con 0
exec-timeout 0
logging synchronous
line vt 0 15
password cisco
login
enable password cisco
cdp run
interface loopback0
ip address 10.2.1.1 255.255.255.0
interface gigabitethernet0/0/0
ip address 192.168.102.20 255.255.255.0
cdp enable
no negotiation auto
speed 100
duplex full
no shutdown
interface gigabitethernet0
ip address 10.10.10.16 255.255.255.0
cdp enable
no shutdown

76 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Basic EIGRP Configuration
During this task you need to enter the following commands:
Step 1 Configuration entered on the CE1, CE2, PE1 and PE2 routers:
Configuration entered on CE1 router:
router eigrp 1
network 192.168.101.0
network 10.1.10.0 0.0.0.255
Configuration entered on PE1 router:
router eigrp 1
address-family ipv4
interface loopback 0
exit
interface gigabitethernet 0/0/0/0
commit

Configuration entered on CE2 router:


router eigrp 2
network 192.168.102.0
network 10.2.10.0 0.0.0.255

Configuration entered on PE2 router:


router eigrp 2
network 192.168.102.0
network 10.2.1.0 0.0.0.255

Lab 4-1 Answer Key: Implement Internet Connectivity


When you complete this activity, your configuration will be similar to the results here, with differences
that are specific to your device, pod, or team:

Task 1: Configure DHCP on CE Router


During this task, you need to enter the following commands:
Step 1 Assign IPv4 address to the GigabitEthernet0/1 interface and enable interface:
CE1 and CE2 routers:
interface GigabitEthernet0/1
ip address 192.168.255.1 255.255.255.0
no shutdown
SW12 switch:
interface range FastEthernet0/1 – 0/2
no shutdown
Step 2 In global configuration mode, exclude range of IPv4 addresses that will be omitted in DHCP
pool.
CE1 and CE2 routers:
ip dhcp excluded-address 192.168.255.1 192.168.255.99
ip dhcp pool CE_pool
network 192.168.255.0 /24
dns-server 8.8.8.8
domain-name ciscolab.com
default-router 192.168.255.1

© 2012 Cisco Systems, Inc. Lab Guide 77


Step 3 Enable globally IPv6 routing:
CE1 and CE2 routers:
ipv6 unicast-routing
Step 4 Creating IPv6 DHCP pool:
CE1 and CE2 routers:
ipv6 dhcp pool CE_IPv6
dns-server 2001:db8:0:abcd::3
domain-name ciscolab.com
Step 5 Enabling IPv6 on interface:
CE1 and CE2 routers:
interface GigabitEthernet 0/1
ipv6 enable
ipv6 dhcp server CE_IPv6

ipv6 address 2001:db8:0:abcd::1/48

Task 2: Configure Static Routing for Internet Access


During this task, you need to enter the following commands:
Step 1 Configuring the default route to the Internet:
CE1 and CE2 routers:
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/0

Task 3: Configure PAT on CE Router


Step 1 Create standard access list permitting network hosts from 192.168.255.0/24 network:
CE1 and CE2 routers:
access-list 10 permit 192.168.255.0 0.0.0.255

Step 2 Configuring PAT on CE router:


CE1 and CE2 routers:
ip nat inside source list 10 interface GigabitEthernet0/0
overload
Step 3 Configure inside and outside NAT interface:
CE1 and CE2 routers:
interface GigabitEthernet 0/1
ip nat inside
interface GigabitEthernet 0/0
ip nat outside

Lab 4-2 Answer Key: Configure Data Link Layer Encapsulation


When you complete this activity, your configuration will be similar to the results here, with differences
that are specific to your device, pod, or team:

Task 1: Configure a POS Interface on the PE Router


During this task you need to enter the following commands:
Step 1 Enable POS interfaces and set IP addresses on the PE2 and PE4 routers:

78 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
PE2 router:
interface pos 0/2/0
ip address 192.168.211.20 255.255.255.0
no shutdown
interface pos 0/2/1
ip address 192.168.212.20 255.255.255.0
no shutdown
PE4 router:
interface pos 0/2/0
ip address 192.168.211.40 255.255.255.0
no shutdown
interface pos 0/2/1
ip address 192.168.212.40 255.255.255.0
no shutdown
Step 2 Set keepalive interval to 5 seconds:
PE2 and PE4 routers:
interface pos 0/2/0
keepalive 5
interface pos 0/2/1
keepalive 5

Step 3 Set clock source:


PE2 router:
interface pos 0/2/0
clock source internal
interface pos 0/2/1
clock source internal
PE4 router:
interface pos 0/2/0
clock source line
interface pos 0/2/1
clock source line

Step 4 Set CRC length:


PE2 and PE4 routers:
interface pos 0/2/0
crc 32
interface pos 0/2/1
crc 32

Task 2: Configure PPP on POS Interface


During this task you need to enter the following commands:
Step 1 Set POS interface encapsulation to PPP:
PE2 and PE4 routers:
interface pos 0/2/0
encapsulation ppp

© 2012 Cisco Systems, Inc. Lab Guide 79


interface pos 0/2/1
encapsulation ppp
Step 2 Enable debugging:
PE2 and PE4 routers:
debug ppp negotiation
debug ppp authentication
Step 3 Disabling and enabling POS interface:
PE2 and PE4 routers:
interface pos 0/2/0
shutdown
no shutdown
Step 4 Observe debugging.
Step 5 Turn off debugging:
PE2 and PE4 routers:
undebug all
Step 6 Enable two-way CHAP authentication:
PE2 router:
username PE4 password cisco
interface pos 0/2/0
ppp authentication chap
interface pos 0/2/1
ppp authentication chap
PE4 router:
username PE2 password cisco
interface pos 0/2/0
ppp authentication chap
interface pos 0/2/1
ppp authentication chap
Step 7 Enable debugging:
PE2 and PE4 routers:
debug ppp negotiation
debug ppp authentication
Step 8 Disabling and enabling POS interface:
PE2 and PE4 routers:
interface pos 0/2/0
shutdown
no shutdown
Step 9 Observe debugging.
Step 10 Turn off debugging:
PE2 and PE4 routers:
undebug all

80 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 5-1 Answer Key: Configure Network Management Tools
When you complete this lab activity, device configuration and device outputs will be similar to the
results shown here, with differences that are specific to your pod.

Task 1: Configure and Verify Cisco Discovery Protocol


Step 1 Enable Cisco Discovery Protocol globally.
SW1, SW2, and SW12 switches:
cdp run
Step 2 Enable Cisco Discovery Protocol globally and on the interface:
PE1 (Cisco IOS XR):
cdp
interface GigabitEthernet0/0/0/0
cdp
!
commit
PE2 (Cisco IOS XE):
cdp run
!
interface GigabitEthernet0/0/0
cdp enable

Task 2: Configure Logging


Step 1 Configure logging to the console (including debugging severity):
PE1 (Cisco IOS XR):
logging console debugging
!
commit
PE2 (Cisco IOS XE):
logging console debugging
Step 2 Configure logging to the buffer (excluding debugging severity):
PE1 (Cisco IOS XR):
logging buffered informational
!
commit
PE2 (Cisco IOS XE):
logging buffered informational

Task 3: Configure and Verify NTP


Step 1 NTP server configuration and disabling all NTP services on interface:
PE1 (Cisco IOS XR):
ntp
interface GigabitEthernet0/0/0/1
disable
!
master 1
!
commit
PE2 (Cisco IOS XE):
interface GigabitEthernet0/0/1
ntp disable

© 2012 Cisco Systems, Inc. Lab Guide 81


!
ntp master 1
Step 2 NTP server configuration:
CE1 (Cisco IOS):
ntp server 192.168.101.10
CE2 (Cisco IOS):
ntp server 192.168.102.20

Task 4: Configure and Verify IP SLA


Step 1 IP SLA configuration on the pod PE router (Cisco IOS XR):
PE1 (Cisco IOS XR):
ipsla
operation 432
type icmp echo
destination address 192.168.101.11
frequency 30
!
!
schedule operation 432
start-time now
life forever
!
commit

Lab 5-2 Answer Key: Configure AAA


When you complete this lab activity, device configuration and device outputs will be similar to the
results shown here, with differences that are specific to your pod.

Task 1: Configure AAA Authentication


Complete these steps for configuring pod PE router running Cisco IOS XR.
Step 1 Enable telnet services.
PE1 (Cisco IOS XR):
telnet ipv4 server max-servers 10
!
commit
Step 2 Create user and put it into group.
PE1 (Cisco IOS XR):
username user
group sysadmin
password user
!
commit
Step 3 Configure authentication method list.
PE1 (Cisco IOS XR):
aaa authentication login vty-authen local
!
commit

82 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 4 Configure a line user-defined template.
PE1 (Cisco IOS XR):
line template Template
transport input telnet
!
vty-pool my-pool 5 50 line-template Template
!
commit
Step 5 Apply authentication method to line template.
PE1 (Cisco IOS XR):
line template Template
login authentication vty-authen
!
commit
Step 6 Enable the AAA model.
PE2 (Cisco IOS XE):
aaa new-model
Step 7 Create user in local database:
PE2 (Cisco IOS XE):
username user password user
Step 8 Configure authentication method list.
PE2 (Cisco IOS XE):
aaa authentication login vty-authen local
Step 9 Apply authentication method to vty lines.
PE2 (Cisco IOS XE):
line vty 0 4
login authentication vty-authen

© 2012 Cisco Systems, Inc. Lab Guide 83


Appendix A: Lab Topology
Legend:
Gi
Fa
OC3 POS

Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3

P1

SW12 SW34

CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7

SW56 P2 SW78

CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8

Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-4

84 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1

Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1

Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1

POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-5

© 2012 Cisco Systems, Inc. Lab Guide – Appendix A 85


Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1

10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1

192.168.1xy.0/24

10.y.10.1 SWxy 10.y.0.1 10.y.1.1


192.168.2.0/24

192.168.1.0/24

.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-6

86 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1

10.10.10.13 10.10.10.18 10.10.10.21

SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23
CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7


10.10.10.30 10.10.10.27 10.10.10.33 10.10.10.40 10.10.10.34 10.10.10.37

10.10.10.29 10.10.10.26 10.10.10.36

SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8

Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-7

© 2012 Cisco Systems, Inc. Lab Guide – Appendix A 87


88 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.