Building Cisco Service Provider Next-Generation Networks, Part 2

SPNGN2
Building Cisco Service

Provider Next-Generation
Networks, Part 2
Version 1.01
Lab Guide
Text Part Number: 97-3132-02

Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Lab Guide © 2012 Cisco and/or its affiliates. All rights reserved.
Table of Contents
Lab Guide ........................................................................................................................... 1
Overview ............................................................................................................................................... 1
Outline ............................................................................................................................................ 1
Job Aids................................................................................................................................................. 2
Pod Access Information .................................................................................................................. 2
Device Information .......................................................................................................................... 2
IP Addressing ................................................................................................................................. 4
Lab 2-1: Configure Advanced Switching ............................................................................................... 7
Activity Objective ............................................................................................................................ 7
Visual Objective .............................................................................................................................. 7
Required Resources ....................................................................................................................... 7
Command List................................................................................................................................. 8
Task 1: Configure VLANs ............................................................................................................... 9
Task 2: Configure Trunking .......................................................................................................... 10
Task 3: Configure RSTP ............................................................................................................... 12
Task 4 (Optional): Configure MSTP ............................................................................................. 13
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy .................................................. 16
Activity Objective .......................................................................................................................... 16
Visual Objective ............................................................................................................................ 16
Required Resources ..................................................................................................................... 16
Command List............................................................................................................................... 17
Task 1: Configure and Verify Inter-VLAN Routing ........................................................................ 19
Task 2: Configure HSRP .............................................................................................................. 21
Task 3: Configure VRRP .............................................................................................................. 24
Lab 3-1: Implement OSPF .................................................................................................................. 27
Command List............................................................................................................................... 28
Task 1: Configure OSPFv2 ........................................................................................................... 30
Task 2: Configure OSPFv3 ........................................................................................................... 31
Task 3 (Optional): Configure OSPFv2 Authentication .................................................................. 32
Lab 3-2: Implement IS-IS .................................................................................................................... 33
Command List............................................................................................................................... 34
Task 1: Configure IS-IS for IPv4 ................................................................................................... 36
Task 2: Configure IS-IS for IPv6 ................................................................................................... 37
Task 3 (Optional): Configure IS-IS Authentication ....................................................................... 39
Lab 4-1: Configure Basic BGP ............................................................................................................ 40
Command List............................................................................................................................... 41
Task 1: Configure BGP Process and BGP Peering ..................................................................... 43
Task 2: Configure BGP to Advertise a Network ........................................................................... 44
Task 3 (Optional): Configure BGP Neighbor Authentication ........................................................ 45
Lab 5-1: Implement ACLs ................................................................................................................... 47
Command List............................................................................................................................... 48
Task 1: Configure IPv4 Filtering ................................................................................................... 49
Task 2: Configure IPv6 Filtering ................................................................................................... 50
Task 3 (Optional): Configure Antispoofing ACLs .......................................................................... 52
Lab 6-1: Manage Cisco IOS XR Package .......................................................................................... 54
Command List .............................................................................................................................. 55
Task 1: Uninstall Cisco IOS XR Package..................................................................................... 56
Task 2: Install Cisco IOS XR Package ......................................................................................... 57
Task 3: Configuration Management ............................................................................................. 58
Answer Key ......................................................................................................................................... 59
Lab 2-1 Answer Key: Configure Advanced Switching .................................................................. 59
Lab 2-2 Answer Key: Configure Inter-VLAN Routing and Gateway Redundancy ....................... 61
Lab 3-1 Answer Key: Implement OSPF ....................................................................................... 66
Lab 3-2 Answer Key: Implement IS-IS ......................................................................................... 68
Lab 4-1 Answer Key: Configure Basic BGP ................................................................................. 73
Lab 5-1 Answer Key: Implement ACLs ........................................................................................ 76
Lab 6-1 Answer Key: Manage Cisco IOS XR Package................................................................ 79
Appendix A .......................................................................................................................................... 84
ii Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
SPNGN2
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
 Job Aids
 Lab 2-1: Configure Advanced Switching
 Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy
 Lab 3-1: Implement OSPF
 Lab 3-2: Implement IS-IS
 Lab 4-1: Configure Basic BGP
 Lab 5-1: Implement ACLs
 Lab 6-1: Manage Cisco IOS XR Package
 Answer Key
 Appendix A (Tear-Out)
Job Aids
These job aids are available to help you complete lab activities.
Pod Access Information

The instructor will provide you with the team and pod numbers as well as other team and pod
access information. Write down the information in the table for future reference.
Parameter Default value Value
Team number z =1–4
Pod number x = 1, 3, 5, 7
or
y = 2, 4, 6, 8
Remote lab SSH access IP address 128.107.245.9
Remote lab SSH access username instr
Remote lab SSH access password testMe
Pod PE (Cisco IOS XR Software) router root

username
Pod PE (Cisco IOS XR Software) router 1ronMan

password
Pod CE, SW, and PE privileged level password cisco
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in one
pod, and two pods will work in one team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
The CE routers in both pods are running Cisco IOS Software. The first pod within a team (pods
1, 3, 5, or 7) will work on the PE router running Cisco IOS XR Software, and the second pod
within the same team (pods 2, 4, 6, or 8) will work on the PE router running Cisco IOS XE
Software.
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have redundant POS connections, as shown in the following topology:
2 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Legend:
GE
FE
OC3 POS
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-4
Note: FE = Fast Ethernet; GE = Gigabit Ethernet.

Device Roles and Loopback IP Addresses
Device Name Device Role Lo0 IPv4 Address Lo0 IPv6 Address
CEx Cisco 2900 pod router 10.x.10.1/32 2001:db8:10:x:10::1/128

CEy 10.y.10.1/32 2001:db8:10:y:10::1/128
PEx Cisco ASR 9000 or Cisco 10.x.1.1/32 2001:db8:10:x:1::1/128

PEy ASR 1000 pod router 10.y.1.1/32 2001:db8:10:y:1::1/128
SWx Cisco ME340x pod switch 10.x.0.1/32 2001:db8:10:x:0::1/128

SWy 10.y.0.1/32 2001:db8:10:y:0::1/128
SWxy Cisco ME340x pod switch 10.xy.0.1/32 2001:db8:10:xy:0::1/128

that is shared inside a team
P1 Cisco ASR 9000 core router 10.0.1.1/32 2001:db8:10:0:1::1/128
P2 Cisco ASR 9000 core router 10.0.2.1/32 2001:db8:10:0:2::1/128
The following figure illustrates the interface identification that is used in this lab setup.
© 2012 Cisco Systems, Inc. Lab Guide 3

Team z
CEx Pod x SWx PEx
GE0/0/0/
GE0/0 FE0/1 FE0/2
2 P1
GE0/0/0/0
FE0/23
GE0/0/0/
GE0/1 FE0/24 1 GE0/0/0/
FE0/21 FE0/21 3
FE0/22 FE0/22
FE0/1
FE0/2
FE0/23
SWxy
FE0/24 GE0/0/
FE0/21 GE0/0/ 2
FE0/23 FE0/22 1
GE0/1
FE0/24
GE0/0/3
P2
GE0/0 FE0/1 FE0/2 GE0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: GE POS0/2/1
FE Connections to
OC3 POS PE(y+2)
IP Addressing
The following figure illustrates the IP addressing scheme that is used in this lab setup.
Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.2.0/24
192.168.1.0/24
192.168.1xy.0/24
10.y.10.1 SWxy 10.y.0.1 10.y.1.1
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: GE
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
FE y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
The following figure illustrates the management IP addresses used in this lab setup.
Team 1 Team 2
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
10.10.10.13 10.10.10.18 10.10.10.21
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23


10.10.10.30 10.10.10.27 10.10.10.33 10.10.10.40 10.10.10.34 10.10.10.37
10.10.10.29 10.10.10.26 10.10.10.36
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
Team 3 Team 4
Note Replace the x or y with your pod number to get the IP addresses within your pod (for
example, x is for odd number pods 1, 3, 5, and 7; y is for even number pods 2, 4, 6, and 8).
Replace the xy (where x < y) with numbers of the pods within the same team (for example,
12, 34, 56, or 78) to get IP addresses on the link between those pods.
Pod IP Addressing
Device Interface IPv4 Address IPv6 Address
CEx GE0/0 192.168.10x.x1/24 2001:db8:192:168:10x::x1/80
CEy GE0/0 192.168.10y.y1/24 2001:db8:192:168:10y::y1/80
P1 192.168.x1.1/24 2001:db8:192:168:x1::1/80
192.168.y1.1/24 2001:db8:192:168:y1::1/80
P2 192.168.x2.2/24 2001:db8:192:168:x2::2/80
192.168.y2.2/24 2001:db8:192:168:y2::2/80
PE2 POS0/2/0 192.168.211.20/24 2001:db8:192:168:211::20/80
POS0/2/1 192.168.212.20/24 2001:db8:192:168:212::20/80
PE4 POS0/2/0 192.168.211.40/24 2001:db8:192:168:211::40/80
POS0/2/1 192.168.212.40/24 2001:db8:192:168:212::40/80
PE6 POS0/2/0 192.168.221.60/24 2001:db8:192:168:221::60/80
POS0/2/1 192.168.222.60/24 2001:db8:192:168:222::60/80
PE8 POS0/2/0 192.168.221.80/24 2001:db8:192:168:221::80/80
POS0/2/1 192.168.222.80/24 2001:db8:192:168:222::80/80
PEx GE0/0/0/0 192.168.10x.x0/24 2001:db8:192:168:10x::x0/80
GE0/0/0/1 192.168.1xy.x0/24 2001:db8:192:168:1xy::x0/80

Device Interface IPv4 Address IPv6 Address
GE0/0/0/2 192.168.x1.x0/24 2001:db8:192:168:x1::x0/80
GE0/0/0/3 192.168.x2.x0/24 2001:db8:192:168:x2::x0/80
PEy GE0/0/0 192.168.10y.y0/24 2001:db8:192:168:10y::y0/80
GE0/0/1 192.168.1xy.y0/24 2001:db8:192:168:1xy::y0/80
GE0/0/2 192.168.y1.y0/24 2001:db8:192:168:y1::y0/80
GE0/0/3 192.168.y2.y0/24 2001:db8:192:168:y2::y0/80

Note: GE = Gigabit Ethernet.
Core IP Addressing
Device Device IP Address Peer Peer IP Address
P1 192.168.1.1/24 P2 192.168.1.2/24
2001:db8:192:168:1::1/80 2001:db8:192:168:1::2/80
192.168.2.1/24 192.168.2.2/24
2001:db8:192:168:2::1/80 2001:db8:192:168:2::2/80
Lab 2-1: Configure Advanced Switching
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify advanced switching features. After completing
this activity, you will be able to meet these objectives:
 Configure VLANs
 Configure trunking
 Configure RSTP
 Configure MSTP
Note Students from two different pods are working in teams. Students in the same team should
coordinate their lab activity and proceed through steps simultaneously (step by step).
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z Optimize RSTP

CEx Pod x SWx PEx
GE0/0 VLAN x0 FE0/1 FE0/2 GE0/0/0/0
FE0/23
GE0/1 TRUNK FE0/21
1, x0, y0
FE0/21 TRUNK
FE0/1 1, x0, y0
Configure VLANs
FE0/2 SWxy
FE0/23 Configure trunking
TRUNK
GE0/1 1, x0, y0 FE0/21
FE0/23 GE0/0/0
GE0/0 FE0/1 FE0/2
VLAN y0
CEy Pod y SWy PEy
Configure MSTP
Required Resources
These are the resources and equipment that are required to complete this activity:
 A PC with access to the Internet
 A SSH client that is installed on the PC

Command List
The table describes the Cisco IOS Software commands that are used in this activity.
Command Description
configure terminal Enters configuration mode
interface interface Enters interface configuration mode
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ipv6 address Sets an IPv6 address for an interface and the subnet mask
ip_address/mask
ping destination_address Pings the specified address (IPv4 or IPv6) from the
source interface specified interface
show interfaces interface Displays the administrative and operational status of a

switchport switching port
show interfaces interface Displays interface trunk information

trunk
show spanning-tree vlan Displays spanning-tree information for the specified VLAN
vlan
show spanning-tree Displays spanning-tree information
show spanning-tree mst Displays the MSTP region configuration and status
configuration
vlan vlan_number Creates a VLAN and enters VLAN configuration mode
switchport mode access | Configures the VLAN membership or trunking mode of a

trunk port
switchport access vlan Configures VLAN membership on an access port

vlan
port-type nni Sets a port type to nni
switchport trunk allowed Specifies allowed VLANs on a trunk port

vlan vlans
spanning-tree vlan vlan Configures a switch to be primary root for specified VLAN
root primary
spanning-tree vlan vlan Configures a switch to be secondary root for specified
root secondary VLAN
spanning-tree mode mst Sets STP mode to MSTP
spanning-tree mst Enters MST configuration mode

configuration
name name Sets the MSTP configuration name
revision number Sets the MSTP revision number
instance instance_id vlan Maps VLANs to an MST instance

vlan
spanning-tree mst 1 root Configures a switch to be root for specified MSTP instance
primary
Task 1: Configure VLANs
In this task, you will first create additional VLANs. Then you will configure router facing
switch ports for access mode and put them into proper VLANs. You will have to coordinate
your activities with another pod in your team.
Note For a port and interface identification as well as an IP addressing scheme, use Job Aids.
Activity Procedure
Complete these steps:
Step 1 On the pod CE router, remove any IP addressing from the GigabitEthernet0/1
interface.
Step 2 On the pod CE router, remove any IP addresses from the GigabitEthernet0/0
interface. Assign the removed IP addresses to the GigabitEthernet0/1 interface.
Step 3 On the pod and shared switches, create two VLANs, one for your pod “VLAN x0”
and one for another pod in your team “VLAN y0” (where x is 1, 3, 5, or 7, and y is
2, 4, 6, and 8).
Step 4 On the shared switch, configure CE facing port access and put it into your pod
VLAN. Make sure that the port is NNI type.
Step 5 On the pod switch, configure CE and PE facing ports access and put them into your
pod VLAN. Make sure that the ports are NNI type.
Activity Verification
You have completed this task when you attain these results:
Note Outputs in the verification section are taken from team 1 and pod 1 and may differ from your
outputs.
 On the pod switch, verify administrative and operational mode and access VLAN:
SW1#show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
< output omitted >
 On the shared switch, verify administrative and operational mode and access VLAN:
SW12# show interfaces FastEthernet0/1 switchport
Name: Fa0/1
Switchport: Enabled

< output omitted >
SW12# show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
< output omitted >
Task 2: Configure Trunking

In this task, you will enable trunking on links between the pod and shared switches. You will
have to coordinate your activities with another pod in the team.
Activity Procedure
Step 1 On the pod switch, enable trunking on the ports that are facing the shared switch
(FastEthernet0/23) and the pod switch of the other (FastEthernet0/21). Allow only
VLANs 1, x0, and y0 to pass the trunk. Make sure that the switch ports are NNI
type.
Step 2 On the shared switch, enable trunking on the ports that are facing pod switches
(FastEthernet0/21 and FastEthernet0/23). Allow only VLANs 1, x0, and y0 to pass
the trunk. Make sure that the switch ports are NNI type.
You have completed this task when you attain this result:
 From the CE router, ping the PE router:
CE1# ping 192.168.101.10
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/4 ms
 On the pod switch, verify trunk interfaces:
SW1#show interfaces FastEthernet0/21 trunk
Port Mode Encapsulation Status

Native vlan
Fa0/21 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/21 1,10,20
Port Vlans allowed and active in management domain

Fa0/21 1,10,20
Port Vlans in spanning tree forwarding state and not

pruned
Fa0/21 none

Native vlan

Fa0/23 1,10,20

Fa0/23 1,10,20

pruned
Fa0/23 1,10,20
 On the shared switch, verify trunk interfaces:

Native vlan

Fa0/21 1,10,20

Fa0/21 1,10,20

pruned
Fa0/21 1,10,20

Native vlan

Fa0/23 1,10,20

Fa0/23 1,10,20

pruned
Fa0/23 1,10,20
Task 3: Configure RSTP

In this task, you will verify and optimize RSTP operations.
Activity Procedure
Step 1 On the pod switch, verify STP mode for VLAN x0 and y0. STP mode should be
RSTP by default.
SW1#show spanning-tree vlan 10 | include Spanning
Spanning tree enabled protocol rstp
SW1#show spanning-tree vlan 20 | include Spanning
Spanning tree enabled protocol rstp
Step 2 Find the root switch for both VLANs. Note the root switch bellow:
SW1#show spanning-tree vlan 10 | include root
!
!
This bridge is the root
This bridge is the root
VLAN x0 root switch: ___________________________
VLAN y0 root switch: ___________________________
Step 3 Find the blocking port for each VLAN. Note the ports bellow:
SW1#show spanning-tree vlan 10 | include BLK
Fa0/21 Altn BLK 19 128.23 P2p
Fa0/21 Altn BLK 19 128.23 P2p
!
!
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________
Note You should find out that the same switch is designated as a root for both VLANs, and that
the same port is blocking for both VLANs. Thus, not all of the links are utilized.
Step 4 Optimize RSTP operations by assigning pod SWx switch as the root for VLAN x0
and pod SWy switch as the root for VLAN y0. The pod switches also should be
backup root switches for the pod switch of the other.
Step 5 Find the blocking port for each VLAN. Note the ports bellow:
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________
Note Note the difference. You should see that traffic from different VLANs takes different paths
now. All available links between switches should be utilized now.
 Blocking ports after the RSTP optimization:
!
!
Fa0/21 Altn BLK 19 128.23 P2p
Fa0/23 Altn BLK 19 128.25 P2p
Task 4 (Optional): Configure MSTP

In this task, you will enable the MSTP protocol. You will create two instances of MSTP and
associate one VLAN with each instance.
The main advantage of MSTP is that you can associate several VLANs with one instance.
However, in the lab, there are only two VLANs that are created and one VLAN that will be
associated with one MSTP instance.
Activity Procedure
Step 1 On the pod and shared switches, set the spanning tree mode to MSTP.
Step 2 Set the name of the MSTP configuration to LAB. Set the revision number of MSTP
to 1. Create instance 1 and associate VLAN x0 with the instance. Create instance 2
and associate VLAN y0 with the instance.
Step 3 Configure your pod switch to be the root for the MST instance supporting your
VLAN.
 On the pod and shared switches, verify that MSTP is running:
SW1#show spanning-tree | include MST|Spanning
MST0
Spanning tree enabled protocol mstp
MST1
MST2
!
MST0
MST1
MST2
!
MST0
MST1
MST2
 On the pod and shared switches, verify the MST instance to VLAN mapping:
SW1#show spanning-tree mst configuration
Name [LAB]
Revision 1 Instances configured 3
Instance Vlans mapped

-------- ----------------------------------------------------
-----------------
0 1-9,11-19,21-4094
1 10
2 20
--------------------------------------------------------------
-----------------
!
Name [LAB]

-------- ----------------------------------------------------
-----------------
0 1-9,11-19,21-4094
1 10
2 20
--------------------------------------------------------------
-----------------
!
Name [LAB]

-------- ----------------------------------------------------
-----------------
0 1-9,11-19,21-4094
1 10
2 20
--------------------------------------------------------------
-----------------

Lab 2-2: Configure Inter-VLAN Routing and
Gateway Redundancy
Activity Objective
In this activity, you will configure inter-VLAN routing on the PE routers. Then you will
configure HSRP and VRRP between PE routers. After completing this activity, you will be able
to meet these objectives:
 Configure and verify inter-VLAN routing.
 Configure and verify HSRP.
 Configure and verify VRRP.
Visual Objective
Team z
192.168.10x.x0/24
CEx Pod x VLAN x0 SWx 192.168.10y.y2/24 PEx HSRP
FE0/2 GE0/0/0/0 VRRP
VLANs x0, y0
FE0/23
GE0/1 FE0/21
192.168.10x.x1/24 192.168.10x.x3/24
FE0/21
192.168.10y.y3/24
VLANs 1,x0, y0
FE0/1
FE0/2 SWxy
FE0/23
192.168.10y.y1/24
GE0/1 FE0/21
FE0/23 VLANs x0, y0
FE0/2 GE0/0/0
CEy Pod y VLAN y0 SWy 192.168.10x.x2/24 PEy
192.168.10y.y0/24
Legend:
TRUNK
GE
FE
Required Resources
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command Description

encapsulation dot1q vlan Enables IEEE 802.1Q encapsulation of traffic on a
specified subinterface in a VLAN
interface Enters interface configuration mode; used also to create

interface[.subinterface] subinterface
ip route subnet mask Configures static route
next_hop_IP_address
ip_address/mask
show standby Displays Hot Standby Router Protocol (HSRP) information
show vrrp Displays a brief or detailed status of one or all configured

Virtual Router Redundancy Protocol (VRRP) groups on the
router
standby group_ID ip Activates the HSRP

virtual_IP_address
standby group_ID preempt Enables HSRP pre-emption
standby group_ID priority Sets the HSRP priority

trunk port
switchport trunk allowed Specifies allowed VLANs on a trunk port

vlan vlans
vrrp group_ID ip Enables the VRRP on an interface and identification of the
ip_address IP address of the virtual router
vrrp group_ID priority Sets the VRRP priority

priority
Cisco IOS XR Software Commands
Command Description
address Sets VRRP address

address-family ipv4 Enters IPv4 address family VRRP configuration mode
commit Commits changes to the running configuration

encapsulation dot1q 20 Enables IEEE 802.1Q encapsulation of traffic on a specified
subinterface in a VLAN
hsrp group_ID ipv4 address Activates the HSRP
hsrp group_ID preempt Configures HSRP pre-emption

hsrp group_ID priority Configures HSRP priority
priority
interface interface Enters interface HSRP or VRRP configuration mode
interface Enters interface configuration mode; used also to create

interface[.subinterface] subinterface
ipv4 address ip_address Sets an IPv4 address for an interface and the subnet mask
mask
ip_address/mask
ping destination_address Pings the specified address (IPv4 or IPv6) from the specified
source interface interface
priority priority Sets VRRP priority

router hsrp Enables the HSRP
router vrrp Enables the VRRP
show hsrp Displays HSRP information
show route ipv6 Displays IPv6 routing table
show vrrp Displays a brief or detailed status of one or all configured
VRRP groups on the router
shutdown Shuts down an interface
vrrp group_ID Enables VRRP virtual router mode
Task 1: Configure and Verify Inter-VLAN Routing
In this task, you will configure inter-VLAN routing between VLANs x0 and y0. You will have
to reconfigure the PE pod router and pod switch to support inter-VLAN routing. You will have
to coordinate your activities with another pod in the team.
Activity Procedure
Step 1 On the pod switch, configure the PE facing port as a trunk. Allow only VLANs x0
and y0 on the trunk. For port identification, use Job Aids.
Step 2 On the pod PE router, note the IPv4 and IPv6 address on the first Gigabit Ethernet
interface below:
IPv4:_______________________________
IPv6:_______________________________
Step 3 On the pod PE router, remove the IPv4 and IPv6 addresses from the first Gigabit
Ethernet interface.
Step 4 On the pod PE router, create two subinterfaces on the first Gigabit Ethernet
interface. Use x0 or y0 (where x is 1, 3, 5, or 7, and y is 2, 4, 6, or 8) as interface
identifiers. Assign the x0 or y0 VLAN tag to the subinterface. Assign IPv4 and IPv6
addresses to the subinterfaces.
Device Subinterface VLAN IPv4 and IPv6 Address
PEx GE0/0/0/0.x0 x0 192.168.10x.x0/24

2001:db8:192:168:10x::x0/80
GE0/0/0/0.y0 y0 192.168.10y.y2/24
2001:db8:192:168:10y::y2/80
PEy GE0/0/0.x0 x0 192.168.10x.x2/24

2001:db8:192:168:10x::x2/80
GE0/0/0.y0 y0 192.168.10y.y0/24
2001:db8:192:168:10y::y0/80
Step 5 On the pod CE router, create a static default IPv6 route using the ipv6 route ::/0
interface next-hop-IPv6-address command that will point to the subinterface that is
configured on the pod PE router.
 From the pod CE router, ping the other pod CE router using IPv6:
CE1#ping 2001:DB8:192:168:102::21

Sending 5, 100-byte ICMP Echos to 2001:DB8:192:168:102::21,
timeout is 2 seconds:
!!!!!
0/1/8 ms
!
CE2#ping 2001:DB8:192:168:101::11

!!!!!
0/0/0 ms
Note Your ping will not be successful until the other pod finished the configuration in this task.
 On the pod PE router, verify the IPv6 routing table:

RP/0/RSP0/CPU0:PE1#show route ipv6
< output omitted >
Gateway of last resort is not set
C 2001:db8:192:168:101::/80 is directly connected,

01:06:22, GigabitEthernet0/0/0/0.10
L 2001:db8:192:168:101::10/128 is directly connected,
C 2001:db8:192:168:102::/80 is directly connected,
L 2001:db8:192:168:102::22/128 is directly connected,
!
PE2#show ipv6 route
< output omitted >
C 2001:DB8:192:168:101::/80 [0/0]
via GigabitEthernet0/0/0.10, directly connected
L 2001:DB8:192:168:101::12/128 [0/0]
via GigabitEthernet0/0/0.10, receive
C 2001:DB8:192:168:102::/80 [0/0]
via GigabitEthernet0/0/0.20, directly connected
L 2001:DB8:192:168:102::20/128 [0/0]
via GigabitEthernet0/0/0.20, receive
L FF00::/8 [0/0]
via Null0, receive
Task 2: Configure HSRP
In this task, you will enable HSRP on the pod PE router for your pod VLAN. You will have to
coordinate your activities with another pod in the team.
The figure illustrates what you will accomplish in this task.
Active router for VLAN x0

Team z Backup router for VLAN y0
CEx Pod x VLAN x0 PEx Pod y VLAN y0

GE0/0/0/0.x0 GE0/0/0/0.y0
192.168.10x.x0/24 192.168.10y.y2/24
192.168.10x.x1/24
192.168.10x.x3/24
192.168.10y.y3/24
192.168.10y.y1/24
GE0/0/0.x0 GE0/0/0.y0
192.168.10x.x2/24 192.168.10y.y0/24
PEy CEy
Active router for VLAN y0
Backup router for VLAN x0
Activity Procedure
Step 1 On your pod and the neighbor pod, PE routers enable HSRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Enable HSRP pre-
emption. Make sure that your pod PE router is active for your VLAN. Use the
following IP addresses as virtual IP addresses:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
Step 2 On the pod CE router, configure a static default IPv4 route that will point to your
pod HSRP address.
 On the pod PE router, verify HSRP configuration:
RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:42:34.591 UTC
P indicates configured to preempt.
|

Interface Grp Pri P State Active addr Standby addr
Group addr
Gi0/0/0/0.10 1 150 P Active local
192.168.101.12 192.168.101.13
Gi0/0/0/0.20 2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
GigabitEthernet0/0/0.10 - Group 1
State is Standby
1 state change, last state change 00:04:02
Virtual IP address is 192.168.101.13
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.184 secs
Preemption enabled
Active router is 192.168.101.10, priority 150 (expires in
9.632 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.10-1" (default)
State is Active
Preemption enabled
Active router is local
Standby router is 192.168.102.22, priority 100 (expires in
10.640 sec)
Priority 150 (configured 150)
 From pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000

Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!
PE1 (Cisco IOS XR):

interface GigabitEthernet0/0/0/0.10
shutdown
!
commit
PE2 (Cisco IOS XE):
interface GigabitEthernet0/0/0.20
shutdown
Minimal disruption in the ping from pod CE router:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
 On the pod PE router, verify HSRP configuration:
RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:53:12.356 UTC
P indicates configured to preempt.
|
Interface Grp Pri P State Active addr Standby addr
Group addr
Gi0/0/0/0.10 1 150 P Init unknown unknown
192.168.101.13
Gi0/0/0/0.20 2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
State is Active
2 state changes, last state change 00:05:01
Preemption enabled
Standby router is unknown
Priority 100 (default 100)
State is Active
Preemption enabled
Standby router is 192.168.102.22, priority 100 (expires in
9.920 sec)
Priority 150 (configured 150)

Step 3 Enable the previously disabled interface and remove HSRP configuration from the
PE router.
Task 3: Configure VRRP

In this task, you will enable VRRP on your pod and the neighbor pod PE routers for your
VLAN. You will have to coordinate your activities with another pod in the team.
Activity Procedure
Step 1 On your pod and the neighbor pod, PE routers enable VRRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Make sure that your pod
PE router is active for your VLAN. Use the following IP addresses as a virtual IP
address:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
 On the pod PE router, verify the VRRP configuration:
RP/0/RSP0/CPU0:PE1#show vrrp
Sun Jul 9 11:07:10.700 UTC
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter
addr
Gi0/0/0/0.10 1 150 P Master local
192.168.101.13
Gi0/0/0/0.20 2 100 P Backup 192.168.102.20
192.168.102.23
| |
addr
!
PE2#show vrrp
State is Backup
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.101.10, priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.127 sec)
State is Master
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Down interval is 3.414 sec
 From the pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000

Sending 100000, 100-byte ICMP Echos to 192.168.102.21, timeout
is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!
PE1 (Cisco IOS XR):
shutdown
!
commit
PE2 (Cisco IOS XE):
shutdown
Minimal disruption in the ping from the pod CE router:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
 On the pod PE router, verify VRRP configuration:
RP/0/RSP0/CPU0:PE1#show vrrp
Sun Jul 9 11:10:19.654 UTC
| |
addr
Gi0/0/0/0.10 1 150 P Init unknown
192.168.101.13
Gi0/0/0/0.20 2 100 P Backup 192.168.102.20
192.168.102.23

| |
addr
!
PE2#show vrrp
State is Master
Preemption enabled
Priority is 100
State is Master
Preemption enabled
Priority is 150
Step 2 Enable the previously disabled interface and remove the VRRP configuration from
the PE router.
Step 3 On the PE router, remove subinterfaces that are configured in this lab activity and
configure IPv4 and IPv6 addresses on the first Gigabit Ethernet interface.
Step 4 On the pod switch, configure the PE facing port as access and assign port into
VLANx0 or VLANy0 (where x or y is your pod number). For port identification,
use Job Aids.
Step 5 On the pod CE router, disable the second Gigabit Ethernet interface and configure IP
addresses that are found on the second Gigabit Ethernet interface to the first Gigabit
Ethernet interface.
Lab 3-1: Implement OSPF
Activity Objective
In this activity, you will configure and verify the OSPFv2 and OSPFv3 routing protocols. You
will also configure OSPFv2 authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
 Configure and verify OSPFv2 and OSPFv3
 Configure and verify OSPFv2 authentication
Visual Objective
Team z
CEx Pod x OSPF Area 0 PEx
Enable OSPFv2 Enable OSPFv2

and OSPFv3 authentication
Pod y OSPF Area 0
CEy PEy
Required Resources

Command List
Command Description

debug ip ospf packet Enables debugging of OSPFv2 packets
ip ospf authentication Enables MD5 OSPFv2 authentication on an interface
message-digest
ip ospf message-digest-key Specifies MD5 key ID and key
key-id md5 key
ip_address/mask
ipv6 ospf process_id area Enables OSPFv3 on an interface
area_id
ipv6 router ospf Enters OSPFv3 router configuration mode
process_id
network ip_address Enables OSPFv2 for specified networks
wildcard_mask area area_id
router ospf process_id Enters OSPFv2 router configuration mode
show ip ospf neighbors Displays OSPFv2 neighbors
show ip route Displays IPv4 routing table
show ipv6 ospf neighbors Displays OSPFv3 neighbors
show ipv6 route Displays IPv6 routing table
Command Description
area area Configures OSPF area

authentication message-digest Enables MD5 OSPF authentication

debug ospf process_id packet Enables debugging of OSPFv2 packets for specified
process
interface interface Enables interface for OSPF under specified area
ipv4 address ip_address mask Sets an IPv4 address for an interface and the subnet
mask
ipv6 address ip_address/mask Sets an IPv6 address for an interface and the subnet
mask
message-digest-key key-id md5 Specifies MD5 key ID and key
key
Command Description
router ospf process_id Enters OSPFv2 router configuration mode

router ospfv3 process_id Enters OSPFv3 router configuration mode
show ospf neighbors Displays OSPFv2 neighbors
show ospfv3 neighbors Displays OSPFv3 neighbors
show route Displays IPv4 routing table

Task 1: Configure OSPFv2
In this task, you will configure OSPFv2 routing protocol between your pod CE and PE routers.
Activity Procedure
Step 1 On the pod CE and PE routers, configure Loopback0 interface assign IPv4 address
that is as documented in the Job Aids.
Step 2 On the pod CE and PE routers, enable the OSPFv2 routing process. Enable OSPFv2
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0 and process ID 1.
 On the pod CE and PE routers, verify OSPFv2 neighbors. Adjacency should be established
and loopback interfaces should be used as OSPF router ID.
CE1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address

Interface
10.1.1.1 1 FULL/BDR 00:00:31
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1

Interface
10.1.10.1 1 FULL/DR 00:00:37
192.168.101.11 GigabitEthernet0/0/0/0
Neighbor is up for 00:00:56
Total neighbor count: 1

 On the pod CE and PE routers, verify the IPv4 routing table. You should see the
neighboring router loopback interfaces in the routing table.
CE1#show ip route ospf
< text omitted >
10.0.0.0/32 is subnetted, 2 subnets
O 10.1.1.1 [110/2] via 192.168.101.10, 00:03:39,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ospf
O 10.1.10.1/32 [110/2] via 192.168.101.11, 00:03:37,
GigabitEthernet0/0/0/0
In this task, you will configure the OSPFv3 routing protocol between pod CE and PE routers.
Activity Procedure
Step 1 On the pod CE and PE routers, configure IPv6 address on the Loopback0 interface
as defined in Job Aids.
Step 2 On the pod CE and PE routers, enable the OSPFv3 routing process. Enable OSPFv3
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0.
 On the pod CE and PE routers, verify the OSPFv3 neighbors. Adjacency should be
established and Loopback0 interfaces should be used as OSPF router ID.
CE1#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID
Interface
10.1.1.1 1 FULL/BDR 00:00:31 7
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospfv3 neighbor
Neighbors for OSPFv3 1
Neighbor ID Pri State Dead Time Interface ID

Interface
10.1.10.1 1 FULL/DR 00:00:33 7

 On the pod CE and PE routers, verify the IPv6 routing table. You should see neighboring
router Loopback0 interfaces in the routing table.
CE1#show ipv6 route ospf
< text omitted >
O 2001:DB8:10:1:1::1/128 [110/1]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route ipv6 ospf
O 2011:db8:10:1:10::1/128
[110/1] via fe80::eab7:48ff:fe2c:a180, 00:03:33,

Task 3 (Optional): Configure OSPFv2 Authentication
In this task, you will enable OSPFv2 MD5 authentication between the pod PE and CE routers.
Activity Procedure
Step 1 On the pod PE and CE routers, enable OSPFv2 MD5 authentication on the first
Gigabit Ethernet interface. Use key ID “1” and key “Cisco.” On the pod PE router,
enable authentication on the area level.
 Verify that OSPF adjacencies are still up.
CE1#show ip ospf neighbor
Interface
10.1.1.1 1 FULL/DR 00:00:33
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1

Interface
10.1.10.1 1 FULL/BDR 00:00:39
192.168.101.11 GigabitEthernet0/0/0/0

 Enable OSPF packet debugging and observe the exchange of authenticated hello packets.
RP/0/RSP0/CPU0:PE1#debug ospf 1 packet
RP/0/RSP0/CPU0:Jul 9 13:49:26.666 : ospf[1010]: Recv: HLO
l:48 rid:10.1.10.1 aut:2 auk: from 192.168.101.11 to 224.0.0.5
on GigabitEthernet0/0/0/0, vrf default vrfid 0x60000000
CE1#debug ip ospf packet

Jul 9 13:49:45.144: OSPF: rcv. v:2 t:1 l:48 rid:10.1.1.1
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x3968829A from
GigabitEthernet0/0
 Use the Cisco IOS, IOS XE, and IOS XR undebug all command to disable debugging.
Lab 3-2: Implement IS-IS
Activity Objective
In this activity, you will configure and verify the IS-IS routing protocol for IPv4 and IPv6. You
will also configure IS-IS authentication to secure the exchange of routing information.
 Configure and verify IS-IS for IPv4 and IPv6
 Configure and verify IS-IS authentication
Visual Objective
Team z
CEx Pod x IS-IS Area 49.0000 PEx
Enable IS-IS for Enable IS-IS

IPv4 and IPv6 authentication
Pod y IS-IS Area 49.0000
CEy PEy
Required Resources

Command List
Command Description
address-family ipv6 Enters IPv6 address family for IS-IS

unicast
authentication key-chain Specifies IS-IS LSP packet authentication key chain
key_chain_name
authentication mode md5 Enables IS-IS LSP packet MD5 authentication

distance distance ip Configures administrative distance for IS-IS

ip router isis Enables IS-IS for IPv4 on an interface
process_name
ipv6 router isis Enables IS-IS for IPv6 on an interface
process_name
isis authentication key- Specifies IS-IS hello packet authentication key chain
chain key_chain_name
isis authentication mode Enables IS-IS hello packet MD5 authentication
md5
is-type level-2-only Changes IS-IS router type to level 2
key chain key_chain_name Creates a key chain
key key_id Creates a key in a key chain and specifies key ID
key-string key_string Specified key string in a key chain
metric-style wide Enables wide-style metric for IS-IS
net net_address Configures NET address for IS-IS
router isis process_name Enters IS-IS router configuration mode
show isis neighbors Displays IS-IS neighbors
Command Description
address-family ipv4|ipv6 Enters IPv4 or IPv6 address family for IS-IS and enables IS-
unicast IS on an interface for IPv4 or IPv6 address family

distance distance Configures administrative distance for IS-IS
hello-password hmac-md5 key Enables IS-IS hello packet MD5 authentication
interface interface Enters interface configuration mode or enters interface

configuration mode under router IS-IS configuration mode
Command Description
is-type level-2-only Changes IS-IS router type to level 2

lsp-password hmac-md5 key Enables IS-IS LSP packet MD5 authentication
metric-style wide Enables wide-style metric for IS-IS
net net_address Configures NET address for IS-IS
router isis process_name Enters IS-IS router configuration mode
show isis neighbors Displays IS-IS neighbors
show route Displays IPv4 routing table
single-topology Configures IS-IS single-topology

Task 1: Configure IS-IS for IPv4
In this task, you will configure the IS-IS routing protocol for IPv4 between the pod CE and PE
routers.
Activity Procedure
Step 1 Create a NET address for the pod CE and PE routers. Use 49 as the AFI, 0000 as the
area ID, and extended Loopback0 IPv4 address as the system ID. Write down the
NET address:
PE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
CE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
Step 2 On the pod CE and PE routers, enable the IS-IS process and configure the NET
address on each router.
Step 3 On the pod CE and PE routers, enable IS-IS for Layer 2 routing only. Enable wide-
style metrics for IPv4.
Step 4 On the pod CE and PE routers, change the IS-IS administrative distance for IPv4 to
105.
Step 5 On the pod CE and PE routers, enable IS-IS for IPv4 on Loopback0 and the first
Gigabit Ethernet interfaces.
Note Changing of administrative distance is required for a router to prefer IS-IS routes. Otherwise,
OSPF routers would be seen in the routing table. Recall that OSPF by default uses
administrative distance 110, while IS-IS uses 115.
 On the PE and CE routers, verify IS-IS neighbors. Adjacency should be established and the
type of routers should be Layer 2.
CE1#show isis neighbors
System Id Type Interface IP Address State Holdtime

Circuit Id
PE1 L2 Gi0/0 192.168.101.10 UP 26
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime
Type IETF-NSF
CE1 Gi0/0/0/0 e8b7.482c.a180 Up 8
L2 Capable

 On the PE and CE routers, verify the IPv4 routing table. You should see neighboring router
Loopback0 interfaces in the routing table. Observe the metric to reach Loopback0
networks.
CE1#show ip route isis
< text omitted >
Gateway of last resort is 192.168.101.13 to network 0.0.0.0

i L2 10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show route isis
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:52,

In this task, you will configure the IS-IS routing protocol for IPv6 between the pod CE and PE
routers.
Activity Procedure
Step 1 On the pod PE routers (Cisco IOS XR Software only), enable wide-style metrics for
IPv6.
Note Wide-style metrics are enabled separately per address family on Cisco IOS XR routers only.
On Cisco IOS and IOS XE routers, wide-style metrics are enabled for all address families.
Therefore, wide-style metrics on Cisco IOS and IOS XE routers already have been enabled
in the previous task.
Step 2 On the pod CE and PE routers, change the IS-IS administrative distance for IPv6 to
105.
Step 3 On the pod PE router (Cisco IOS XR Software only), configure the single-topology
IS-IS for IPv6.
Note Configuration of single-topology IS-IS is needed on Cisco IOS XR routers only. Cisco IOS
XR routers use multitopology IS-IS by default, while Cisco IOS and IOS XE routers use
single-topology IS-IS by default.
Step 4 On the pod CE and PE routers, enable IS-IS for IPv6 on Loopback0 and the first
Gigabit Ethernet interfaces.

 On the pod CE and PE routers, verify the IPv6 routing table. You should see the
neighboring router Loopback0 interface in the routing table.
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
!
RP/0/RSP0/CPU0:PE1#show route ipv6 isis
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:01:33,
Task 3 (Optional): Configure IS-IS Authentication
In this task, you will enable IS-IS MD5 authentication between the pod PE and CE routers.
Recall that IS-IS is a multiprotocol routing protocol and that IS-IS authentication is enabled for
CLNP, not for IPv4 or IPv6.
Activity Procedure
Step 1 On the pod PE and CE routers, enable MD5 IS-IS LSP and hello packets
authentication. Use key ID “1” and key “Cisco.”
 On the pod CE and PE routers, verify that IS-IS adjacencies are still up.
CE1#show isis neighbors
System Id Type Interface IP Address State Holdtime

Circuit Id
PE1 L2 Gi0/0 192.168.101.10 UP 24
CE1.02
!
RP/0/RSP0/CPU0:PE1#show isis neighbors
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime
Type IETF-NSF
CE1 Gi0/0/0/0 e8b7.482c.a180 Up 9
L2 Capable

 On the pod CE and PE routers, verify that routes are still seen in the routing table. You can
either observe the IPv4 or IPv6 routing table.
CE1#show ip route isis
< text omitted >
i L2 10.1.1.1 [105/20] via 192.168.101.10,
GigabitEthernet0/0
!
CE1#show ipv6 route isis
< text omitted >
I2 2001:DB8:10:1:1::1/128 [105/20]
!
i L2 10.1.10.1/32 [105/20] via 192.168.101.11, 00:03:50,
!
i L2 2011:db8:10:1:10::1/128
[105/20] via fe80::eab7:48ff:fe2c:a180, 00:03:55,

Lab 4-1: Configure Basic BGP
Activity Objective
In this activity, you will configure and verify BGP routing. You will establish an EBGP session
between the CE and PE routers, and establish an IBGP session between PE routers. After
completing this activity, you will be able to meet these objectives:
 Configure and verify the BGP process and BGP peering
 Configure BGP to advertise a network
 Configure BGP authentication
Visual Objective
Team z
CEx Pod
AS x
6450x Pod x AS 64500 PEx
EBGP
IBGP
Enable BGP
authentication
AS 6450y
EBGP
CEy Pod y PEy
Required Resources
Command List
Command Description
address-family ipv4 | ipv6 Enters BGP address family configuration mode
clear ip bgp ip_address Clears the BGP session with the specified neighbor

ip address address mask Configures IPv4 address on an interface
ipv6 address address mask Configures IPv6 address on an interface
neighbor ip_address Activates BGP neighbor for an address family
activate
neighbor ip_address Enables Message Digest 5 (MD5) authentication on a TCP
password password connection between two BGP peers
neighbor ip_address Adds an entry to the BGP neighbor table

remote-as as_number
neighbor ip_address Configures BGP to use specified interface as a source
update-source interface interface
network network mask mask Specifies the IPv4 networks to be advertised by the BGP
network network/prefix Specifies the IPv6 networks to be advertised by the BGP
ping destination_address Pings the specified address (IPv4 or IPv6)
router bgp as_number Configures the BGP routing process
show ip bgp Displays entries in the BGP IPv4 routing table
show ip bgp ipv6 unicast Displays entries in the BGP IPv6 routing table
show ip bgp ipv6 unicast Displays the status of all BGP IPv6 connections
summary
show ip bgp summary Displays the status of all BGP IPv4 connections

switchport access vlan Configures VLAN membership on an access port
vlan
trunk port

Command Description
address-family ipv4|ipv6 Enables address family under BGP configuration or activates

unicast BGP neighbor for an address family

ipv4 address address mask Configures IPv4 address on an interface
ipv6 address address/mask Configures IPv6 address on an interface
neighbor ip_address Adds an entry to the BGP neighbor table
pass Specifies that routes should be passed inside route policy
password Enables MD5 authentication on a TCP connection between
two BGP peers
remote-as as_number Specifies neighbor remote AS
route-policy name Creates a route policy
route-policy name in | out Applies a route policy to BGP neighbor in inbound or
outbound direction
router bgp as_number Configures the BGP routing process
show bgp ipv4 unicast Displays the status of all BGP IPv4 connections
summary
show bgp ipv6 unicast Displays the status of all BGP IPv6 connections
summary
update-source interface Configures BGP to use specified interface as a source
interface
Task 1: Configure BGP Process and BGP Peering
In this task, you will enable and verify the BGP process and IBGP and EBGP peering between
routers.
Activity Procedure
Complete these steps. On the pod PE and CE routers, use the following AS numbers:
CEx: AS 6450x
CEy: AS 6450y
PEx and PEx: AS 64500
Step 1 Between pod PE and CE routers, configure EBGP peering. Establish two sessions,
one using an IPv4 address and one using an IPv6 address. Activate an IPv4 session
for IPv4 routes and an IPv6 session for IPv6 routes.
Step 2 Between two PE routers in the team, enable a second Gigabit Ethernet interface, add
IP addresses, and start IS-IS Layer 2 routing.
Step 3 Between two PE routers in the team, configure IBGP peering. Establish two
sessions, one using an IPv4 address and one using an IPv6 address. Use Loopback0
interfaces for peering. Make sure that Loopback0 interfaces are used as the source
interface when establishing the IBGP sessions. Activate IPv4 session for IPv4 routes
and IPv6 session for IPv6 routes.
 Verify CE to PE connectivity using the IPv4 and IPv6 addresses:
CE1#ping 192.168.101.10

seconds:
!!!!!
1/1/4 ms
CE1#ping 2001:db8:192:168:101::10

!!!!!
0/0/4 ms
 On the pod PE and CE routers, verify that the BGP sessions for the IPv4 and IPv6
neighbors are up:
CE1#show bgp ipv4 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ

OutQ Up/Down State/PfxRcd

192.168.101.10 4 64500 52 58 1 0
0 00:50:42 0
!
CE1#show bgp ipv6 unicast summary
BGP router identifier 10.1.10.1, local AS number 64501
BGP table version is 1, main routing table version 1

2001:DB8:192:168:101::10
4 64500 52 58 1 0
0 00:50:48 0
!
RP/0/RSP0/CPU0:PE1#show bgp ipv4 unicast summary
< text omitted >
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down St/PfxRcd
10.2.1.1 0 64500 13 10 1 0 0
00:07:59 0
192.168.101.11 0 64501 58 52 1 0 0
00:50:24 0!
!
RP/0/RSP0/CPU0:PE1#show bgp ipv6 unicast summary
< text omitted >
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down St/PfxRcd
2001:db8:10:2:1::1
0 64500 12 11 1 0 0
00:08:09 0
2001:db8:192:168:101::11
0 64501 58 52 1 0 0
00:50:32 0!
Task 2: Configure BGP to Advertise a Network

In this task, you will configure BGP to advertise a network on the CE router. You will also
verify how routes are propagated across the BGP-enabled networks.
Activity Procedure
Step 1 Enable the pod CE router to advertise IPv4 and IPv6 addresses of the Looback0
interface to the pod PE router using BGP.
Step 2 On the PE router running Cisco IOS XR Software, create a route policy that allows
all routing updates to pass. Apply the route policy to the IPv4 and IPv6 EBGP
neighbor (CE router) in inbound and outbound directions.
Note Recall that on the platforms running Cisco IOS XR Software, BGP routing updates are not
automatically sent to and received from EBGP neighbors. A route policy has to be
configured, which allows sending and receiving routing updates to and from EBGP
neighbors.
 On the pod CE router, verify the IPv4 and IPv6 BGP tables:
CE1#show ip bgp
< text omitted >
Network Next Hop Metric LocPrf Weight
Path
*> 10.1.10.1/32 0.0.0.0 0 32768 i
*> 10.2.10.1/32 192.168.101.10 0
64500 64502 i
!
CE1#show bgp ipv6 unicast
< text omitted >
Network Next Hop Metric LocPrf Weight
Path
*> 2001:DB8:10:1:10::1/128
:: 0 32768 i
*> 2001:DB8:10:2:10::1/128
2001:DB8:192:168:101::10
0
64500 64502 i
 On the pod CE router, verify the IPv4 and IPv6 routing tables:
CE1#show ip route bgp
< text omitted >
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.2.10.1/32 [20/0] via 192.168.101.10, 00:04:30
!
CE1#show ipv6 route bgp
< text omitted >
B 2001:DB8:10:2:10::1/128 [20/0]
Task 3 (Optional): Configure BGP Neighbor Authentication

In this task, you will enable BGP neighbor authentication between pod CE and PE routers.
Activity Procedure
Step 1 Between pod CE and PE routers, enable BGP authentication for the IPv4 session.
Use password “Cisco.”
Note An already established BGP session will not go down automatically. On the PE router, use
the Cisco IOS XR clear bgp * command or Cisco IOS XE clear ip bgp * command to clear
the BGP session. Verify that the IPv4 BGP session between routers establishes back.

 Verify that the IPv4 BGP session between the PE and CE routers has again established:
CE1#show ip bgp summary
< text omitted >
192.168.101.10 4 64500 5 6 9 0
0 00:01:11 1
Lab 5-1: Implement ACLs
Activity Objective
In this activity, you will configure and verify filtering using IPv4 and IPv6 access control lists
(ACLs). You will also configure antispoofing ACLs.
 Configure and verify IPv4 ACL
 Configure and verify IPv6 ACL
 Configure and verify antispoofing
Visual Objective
Team z
CEx Pod x PEx
Configure IPv4
and IPv6 ACLs
Configure and
Pod y verify antispoofing
CEy PEy
Required Resources

Command List
Command Description
ip router isis process_id Enables IS-IS on an interface for IPv4
ip_address/mask
ipv6 router isis Enables IS-IS on an interface for IPv6
process_id
telnet destination_address Performs a Telnet to specified address of device (IPv4 or

IPv6)
traceroute Traces path to destination address (IPv4 or IPv6)
destination_address
Command Description

deny protocol source Creates a deny ACL entry
[operator] [port]
destination [operator]
[port]
ipv4 access-group acl_name Applies an IPv4 ACL to an interface
ingress|egress
ipv4 access-list acl_name Creates an IPv4 ACL
ipv6 access-group acl_name Applies an IPv6 ACL to an interface
ingress|egress
ipv6 access-list acl_name Creates an IPv6 ACL
permit protocol source Creates a permit ACL entry
[operator] [port]
destination [operator]
[port]
Task 1: Configure IPv4 Filtering
In this task, you will configure IPv4 filtering using ACL. You will configure an IPv4 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.
Activity Procedure
Step 1 From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the
pod PE router using the ping and traceroute commands. From the pod CE router,
use the telnet command to connect to the pod PE router. The Telnet should be
successful.
CE1#ping 10.1.1.1

seconds:
!!!!!
1/1/4 ms
!
CE1#traceroute 10.1.1.1

Tracing the route to 10.1.1.1
1 192.168.101.10 32 msec 0 msec *

!
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Note If the Telnet is not successful, enable Telnet on the PE router.
Step 2 On the pod PE router, configure an IPv4 access list that will allow only ICMP and
Telnet traffic to the Loopback0 interface of the PE router from the pod CE router.
Permit all traffic to other IPv4 addresses on the pod PE router.
Step 3 On the pod PE router, apply the ACL to the interface.
To which interface do you have to apply the ACL?
____________________________________________________________________
In which direction?
____________________________________________________________________

 From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 10.1.1.1

seconds:
!!!!!
1/3/12 ms
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 10.1.1.1

Tracing the route to 10.1.1.1
1 192.168.101.10 !A !A *
router using the telnet command. The Telnet should be successful.
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#

In this task, you will configure IPv6 filtering using ACL. You will configure an IPv6 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.
Activity Procedure
Step 1 From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the
pod PE router using the ping, traceroute, and telnet commands.
CE1#ping 2001:db8:10:1:1::1

Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
!!!!!
0/0/4 ms
!
CE1#traceroute 2001:db8:10:1:1::1

Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 28 msec 0 msec 0 msec

!
CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Note If the Telnet is not successful, enable Telnet on the PE router.
Step 2 On the pod PE router, configure an IPv6 access list that will allow only ICMP and
Telnet traffic to the PE Loopback0 interface from the pod CE router. Permit all
traffic to other IPv6 addresses on the pod PE router.
Step 3 On the pod PE router, apply the ACL to the interface.
router using the ping command. Ping should be successful.
CE1#ping 2001:db8:10:1:1::1

is 2 seconds:
!!!!!
0/1/4 ms
router using the traceroute command. The trace is not successful, so the output shows that
traceroute is administratively prohibited.
CE1#traceroute 2001:db8:10:1:1::1

Tracing the route to 2001:DB8:10:1:1::1
1 2001:DB8:10:1:1::1 !A !A !A
 From the pod CE route,r verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.

CE1#telnet 2001:db8:10:1:1::1
Trying 2001:DB8:10:1:1::1 ... Open
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Task 3 (Optional): Configure Antispoofing ACLs

In this task, you will configure antispoofing ACL to prevent IPv4 and IPv6 address spoofing
attacks. You will configure antispoofing ACLs on the pod PE router.
Activity Procedure
Step 1 On the pod PE router, remove the existing IPv4 ACL and create a new IPv4 ACL
(with same ACL name) to prevent IP spoofing from the pod CE router. Allow only
packets that have a source IP address either from the CE router Loopback0 or first
Gigabit Ethernet interface. The functionality of the existing ACL should remain the
same.
Step 2 On the pod PE router, edit the existing IPv6 ACL to prevent IP spoofing from the
pod CE router. Allow only packets that have a source IP address either from the CE
router Loopback0 or first Gigabit Ethernet interface. The functionality of the
existing ACL should remain the same.
Step 3 On the pod CE router, create a new loopback (Loopback10) interface on the CE
router. Add the Loopback10 interface to the IS-IS routing process for IPv4 and IPv6.
Configure the Loopback10 interface with the following addresses:
IPv4 address: 172.16.0.x 255.255.255.255
IPv6 address: 2001:db8:172:16::x/128
 From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should not be successful
CE1#ping 10.1.1.1 source Loopback10

seconds:
Packet sent with a source address of 172.16.0.1
U.U.U
Success rate is 0 percent (0/5)
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10
is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
AAAAA
Success rate is 0 percent (0/5)
Step 4 Remove the IPv4 and IPv6 access list from the interface.
 From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should be successful
CE1#ping 10.1.1.1 source Loopback10

seconds:
Packet sent with a source address of 172.16.0.1
!!!!!
1/1/4 ms
!
CE1#ping 2001:db8:10:1:1::1 source Loopback10

is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
!!!!!
0/0/4 ms

Lab 6-1: Manage Cisco IOS XR Package
Activity Objective
In this lab activity, you will perform software maintenance operations on the Cisco IOS XR
router.
 Install the Cisco IOS XR Software package
 Uninstall the Cisco IOS XR Software package
 Perform configuration commit and configuration rollback
Visual Objective
Team z
CEx Pod x PEx
Manage Cisco
IOS XR Software
Commit and rollback

configuration
CEy Pod y PEy
Required Resources
Command List
The table describes the commands that are used in this lab activity.
Cisco IOS XR Commands
Command Description
enable Enters router privilege mode
install activate Activates software package
install add Upgrades or installs software package
install commit Makes the package activation persistent across

reloads
install deactivate Deactivates software package
install remove Removes software package
ping ip_address Verifies connectivity of IP address
show configuration commit changes Displays the details of all changes that are made
last <n> during a span of changes
show configuration commit list Displays the commit IDs for the available rollback
points
show install active Displays the active software on the router
show install inactive Displays the inactive software on the router
show running-config Displays running configuration
rollback configuration last <n> Rolls back configuration to the last <n> commits
made

Task 1: Uninstall Cisco IOS XR Package
In this task, you will deactivate and remove one of the Cisco IOS XR Software packages.
Activity Procedure
Complete these steps on the pod router PE (Cisco IOS XR Software only):
Step 1 Verify which software packages are active.
RP/0/RSP0/CPU0:PE1#show install active
Mon Jul 10 07:30:53.991 UTC
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mgbl-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Node 0/0/CPU0 [LC] [SDR: Owner]

Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Step 2 Deactivate software package asr9k-mgbl-p-4.1.0 located at disk0 and wait for the
process to end.
Step 3 Commit the deactivation of the package.
Step 4 Verify that software package asr9k-mgbl-p-4.1.0 is inactive.
RP/0/RSP0/CPU0:PE1(admin)#show install inactive
Mon Jul 10 07:37:17.840 UTC
Secure Domain Router: Owner

Boot Device: disk0:
Inactive Packages:
Step 5 Remove inactive software package asr9k-mgbl-p-4.1.0 and wait for the process to
end.
Complete lab activity verification:
 On the pod PE router (Cisco IOS XR Software only), verify which software packages are
active.
 On the pod PE router (Cisco IOS XR Software only), verify that software package asr9k-
mgbl-p-4.1.0 is inactive.
Task 2: Install Cisco IOS XR Package
In this task, you will install and activate one of the Cisco IOS XR software packages.
Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1 On the pod PE router, verify that PIE file asr9k-mgbl-p.pie-4.1.0 is located at disk0.
RP/0/RSP0/CPU0:PE1(admin)#dir disk0: | include mgbl
Mon Jul 10 08:16:30.505 UTC
5411168 -rwx 6215998 Mon Jul 10 08:16:17 2000 asr9k-mgbl-p.pie-4.1.0
Step 2 Install software package MGBL using PIE file asr9k-mgbl-p.pie-4.1.0 located at
disk0 and wait for the process to end.
Step 3 Activate software package disk0:asr9k-mgbl-p-4.1.0.
Step 4 Commit the activation of the package.
 Verify that software package asr9k-mgbl-p-4.1.0 is installed and activated:
RP/0/RSP0/CPU0:PE1(admin)#show install active
Sun Sep 25 09:38:54.088 UTC
Secure Domain Router: Owner

Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Node 0/0/CPU0 [LC] [SDR: Owner]

Boot Device: mem:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0

Task 3: Configuration Management
In this task, you will perform the configuration commit and test configuration rollback
procedure.
Activity Procedure
Step 1 Change the hostname to “Test” and commit the configuration.
Step 2 Check the available configuration rollback points.
RP/0/RSP0/CPU0:Test(config)#show configuration commit list
Mon Jul 10 08:03:38.893 UTC
SNo. Label/ID User Line Client Time Stamp
~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~
1 1000000327 root con0_RSP0_CPU0 CLI Mon Jul 10 08:01:21
2000
2 1000000326 root con0/RSP0/CPU0 cfgmgr-ins Mon Jul 10 07:33:26
2000
2000
2000
2000
2000
< output omitted >
Step 3 Check the configuration details for last configuration commit.
RP/0/RSP0/CPU0:Test(config)#show configuration commit changes 1000000327
Mon Jul 10 08:04:51.028 UTC
Building configuration...
!! IOS XR Configuration 4.1.0
hostname Test
end
Step 4 Roll back configuration to the last commit made.
 Check the available configuration rollback points.
 Check the configuration details for last configuration commit.
 Verify that the hostname of pod PE router is not Test anymore:
RP/0/RSP0/CPU0:PE1#
Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.
Lab 2-1 Answer Key: Configure Advanced Switching

When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device or workgroup:
Task 1: Configure VLANs

During this task, you need to enter the following commands:
Step 4 Remove IP addressing from the GigabitEthernet0/1 interface on the CE (Cisco IOS)
router:
interface GigabitEthernet0/1
no ip address
no ipv6 address
Step 5 Remove IP addressing from the GigabitEthernet0/0 interface and assign IP addresses
to the GigabitEthernet0/1 interface on the CE (Cisco IOS) router:
no ip address
no ipv6 address
!
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80
Step 6 Create VLANs on the pod and shared switches:
vlan 10
vlan 20
Step 7 On the shared switch, configure the CE facing ports:
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
port-type nni
!
port-type nni
Step 6 On the pod switch, configure the CE and PE facing ports:
port-type nni
!

port-type nni
Task 2: Configure Trunking

Step 1 Enable trunking on the pod switch:
interface FastEthernet 0/21
switchport mode trunk
switchport trunk allowed vlan 1,10,20
port-type nni
!
port-type nni
Step 2 Enable trunking on the shared switch:
port-type nni
!
port-type nni
Task 3: Configure RSTP

Step 3 Root switch for both VLANs:
VLAN 10 root switch: SW12
VLAN 20 root switch: SW12
Step 4 Blocking port for each VLAN:
VLAN 10 blocking port: Port: FastEthernet0/21 Switch: SW1
Step 5 Optimize RSTP operations:
SW1:
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary
SW2:
spanning-tree vlan 20 root primary
spanning-tree vlan 10 root secondary
Step 6 Find the blocking port for each VLAN:

Task 4 (Optional): Configure MST
Step 1 On the pod and shared switches, set MST mode:
spanning-tree mode mst
Step 2 On the pod and shared switches, configure MST:
spanning-tree mst configuration
name LAB
revision 1
instance 1 vlan 10
instance 2 vlan 20
Step 3 Configure the pod switch to be the root for the MST instance:
SW1
spanning-tree mst 1 root primary
SW2
spanning-tree mst 2 root primary
Lab 2-2 Answer Key: Configure Inter-VLAN Routing and

Gateway Redundancy
Task 1: Configure and Verify Inter-VLAN Routing

Step 1 Configure trunk:
SW1 and SW2 (Cisco IOS Software):
switchport trunk allowed vlan 10,20
Step 2 The IPv4 and IPv6 address assigned:
PE1 (Cisco IOS XR Software):
IPv4: 192.168.101.10
IPv6: 2001:db8:192:168:101::10
PE2 (Cisco IOS XE Software):
IPv4: 192.168.102.20
IPv6: 2001:db8:192:168:102::20
Step 3 Remove the IPv4 and IPv6 addresses from the interface:
interface GigabitEthernet0/0/0/0
no ipv4 address
no ipv6 address
!
commit

PE2 (Cisco IOS XE):
interface GigabitEthernet0/0/0
no ip address
no ipv6 address
Step 4 Create subinterfaces on the pod PE router:
ipv4 address 192.168.101.10 255.255.255.0
ipv6 address 2001:db8:192:168:101::10/80
encapsulation dot1q 10
!
ipv4 address 192.168.102.22 255.255.255.0
ipv6 address 2001:db8:192:168:102::22/80
!
commit
ip address 192.168.101.12 255.255.255.0
ipv6 address 2001:db8:192:168:101::12/80
!
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 5 Create an IPv6 default route on the CE router:
CE1:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:101::10
CE2:
ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:192:168:102::20
Task 2: Configure HSRP

Step 1 On the pod PE routers, enable HSRP for IPv4:
PE1 (Cisco IOS XR):
router hsrp
hsrp 1 preempt
hsrp 1 ipv4 192.168.101.13
hsrp 1 priority 150
!
hsrp 2 preempt
hsrp 2 ipv4 192.168.102.23
!
commit
PE2 (Cisco IOS XE):
standby 1 ip 192.168.101.13
standby 1 preempt
!
standby 2 ip 192.168.102.23
standby 2 preempt
standby 2 priority 150
Step 2 Configure a static default route:
CE1:
ip route 0.0.0.0 0.0.0.0 192.168.101.13
CE2:
ip route 0.0.0.0 0.0.0.0 192.168.102.23
Step 3 Enable the interface and remove HSRP configuration:
no shutdown
!
no router hsrp
!
commit
no standby 1
!
no shutdown
no standby 2
Task 3: Configure VRRP

Step 1 Enable VRRP for IPv4:
router vrrp
address-family ipv4
vrrp 1
priority 150
address 192.168.101.13
!
address-family ipv4
vrrp 2

address 192.168.102.23
!
commit
PE2 (Cisco IOS XE):
vrrp 1 ip 192.168.101.13
!
vrrp 2 ip 192.168.102.23
vrrp 2 priority 150
Step 2 Enable the interface and remove VRRP configuration:
PE1 (Cisco IOS XR):
no shutdown
!
no router vrrp
!
commit
PE2 (Cisco IOS XE):
no vrrp 1
!
no shutdown
no vrrp 2
Step 3 On the PE router, remove subinterfaces and configure IP addresses:
no ipv4 address
no ipv6 address
no encapsulation dot1q 10
no interface GigabitEthernet0/0/0/0.10
!
no ipv4 address
no ipv6 address
no interface GigabitEthernet0/0/0/0.20
!
ipv4 address 192.168.101.10 255.255.255.0
ipv6 address 2001:db8:192:168:101::10/80
!
commit
no ip address
no ipv6 address
no interface GigabitEthernet0/0/0.10
!
no ip address
no ipv6 address
no interface GigabitEthernet0/0/0.20
!
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 4 Configure access port:
SW1 (Cisco IOS Software):
SW2 (Cisco IOS Software):
Step 5 Reconfigure interfaces:
CE1 (Cisco IOS Software):
shutdown
no ip address
no ipv6 address
!
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80
shutdown
no ip address
no ipv6 address
!
ip address 192.168.102.21 255.255.255.0
ipv6 address 2001:DB8:192:168:102::21/80

Lab 3-1 Answer Key: Implement OSPF

Step 1 Configure loopback interface:
interface Loopback0
ip address 10.1.10.1 255.255.255.255
interface Loopback0
ipv4 address 10.1.1.1 255.255.255.255
!
commit
interface Loopback0
ip address 10.2.10.1 255.255.255.255
interface Loopback0
ip address 10.2.1.1 255.255.255.255
Step 2 Enable OSPFv2 routing:
router ospf 1
network 10.1.10.1 0.0.0.0 area 0
network 192.168.101.0 0.0.0.255 area 0
router ospf 1
area 0
interface Loopback0
!
commit
router ospf 1
network 10.2.10.1 0.0.0.0 area 0
network 192.168.102.0 0.0.0.255 area 0
router ospf 1
network 10.2.1.1 0.0.0.0 area 0
network 192.168.102.0 0.0.0.255 area 0
Step 1 Configure the IPv6 address on the Loopback0 interface:
interface Loopback0
ipv6 address 2001:DB8:10:1:10::1/128
interface Loopback0
ipv6 address 2001:db8:10:1:1::1/128
!
commit
interface Loopback0
ipv6 address 2001:DB8:10:2:10::1/128
interface Loopback0
ipv6 address 2001:db8:10:2:1::1/128
Step 2 Enable OSPFv3 routing:
ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
ipv6 enable
ipv6 ospf 1 area 0
router ospfv3 1
area 0
interface Loopback0
!
commit
ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
ipv6 enable
ipv6 ospf 1 area 0

ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
ipv6 ospf 1 area 0
Task 3 (Optional): Configure OSPFv2 Authentication

Step 1 Enable MD5 authentication on the PE router (Cisco IOS XR Software):
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
router ospf 1
area 0
authentication message-digest
message-digest-key 1 md5 cisco
!
commit
ip ospf authentication message-digest
router ospf 1
area 0 authentication message-digest
!
Lab 3-2 Answer Key: Implement IS-IS


Step 1 Create a NET address:
PE1: 49.0000.0100.0100.1001.00
CE1: 49.0000.0100.0101.0001.00
Step 2 Enable the IS-IS process and configure NET:
router isis 1
net 49.0000.0100.0101.0001.00
router isis 1
net 49.0000.0100.0100.1001.00
!
commit
router isis 1
net 49.0000.0100.0201.0001.00
router isis 1
net 49.0000.0100.0200.1001.00
Step 3 Change the IS-IS router type and enable wide-style metrics for IPv4:
router isis 1
is-type level-2-only
metric-style wide
router isis 1
address-family ipv4 unicast
metric-style wide
!
commit
router isis 1
metric-style wide
router isis 1
metric-style wide
Step 4 Change IS-IS administrative distance for IPv4:
router isis 1
distance 105 ip
router isis 1
distance 105
!

commit
router isis 1
distance 105 ip
router isis 1
distance 105 ip
Step 5 Enable IS-IS for IPv4 on interfaces:
interface Loopback0
ip router isis 1
!
ip router isis 1
router isis 1
interface Loopback0
!
!
commit
interface Loopback0
ip router isis 1
!
ip router isis 1
interface Loopback0
ip router isis 1
!
ip router isis 1

Step 1 Enable wide-style metrics for IPv6 on the PE1 router (Cisco IOS XR Software):
router isis 1
metric-style wide
!
commit
Step 2 Change IS-IS administrative distance for IPv6:
router isis 1
distance 105
router isis 1
distance 105
!
commit
router isis 1
distance 105
router isis 1
distance 105
Step 3 Configure single-topology IS-IS for IPv6 on the PE1 router (Cisco IOS XR
Software):
router isis 1
single-topology
!
commit
Step 4 Enable IS-IS for IPv6 on interfaces:
interface Loopback0
ipv6 router isis 1
!
ipv6 router isis 1
router isis 1
interface Loopback0
!
!
commit
interface Loopback0
ipv6 router isis 1
!
ipv6 router isis 1
interface Loopback0
ipv6 router isis 1
!
ipv6 router isis 1
Task 3 (Optional): Configure IS-IS Authentication

Step 1 Enable MD5 IS-IS LSP and hello packets authentication:
key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
authentication mode md5
authentication key-chain ISIS
!
isis authentication mode md5
isis authentication key-chain ISIS
router isis 1
lsp-password hmac-md5 cisco
!
hello-password hmac-md5 cisco
!
commit
key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
!
key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
!
Lab 4-1 Answer Key: Configure Basic BGP

Task 1: Configure BGP Process and BGP Peering

Step 1 Configure EBGP:
router bgp 64501
neighbor 2001:DB8:192:168:101::10 remote-as 64500
neighbor 192.168.101.10 remote-as 64500
!
address-family ipv4
no neighbor 2001:DB8:192:168:101::10 activate
neighbor 192.168.101.10 activate
!
address-family ipv6
neighbor 2001:DB8:192:168:101::10 activate
router bgp 64500
!
!
neighbor 192.168.101.11
remote-as 64501
!
!
neighbor 2001:db8:192:168:101::11
remote-as 64501
!
commit

router bgp 64502
!
address-family ipv4
!
address-family ipv6
router bgp 64500
!
address-family ipv4
!
address-family ipv6
Step 2 Enable link and IS-IS routing between PE routers:
ipv4 address 192.168.112.10 255.255.255.0
ipv6 address 2001:db8:192:168:112::10/80
no shutdown
!
router isis 1
hello-password hmac-md5 cisco
!
commit
ip address 192.168.112.20 255.255.255.0
ipv6 address 2001:db8:192:168:112::20/80
no shutdown
ip router isis 1
ipv6 enable
ipv6 router isis 1
Step 3 Configure IBGP:
router bgp 64500
neighbor 10.2.1.1
remote-as 64500
update-source Loopback0
!
neighbor 2001:db8:10:2:1::1
remote-as 64500
update-source Loopback0
!
commit
router bgp 64500
neighbor 10.1.1.1 update-source Loopback0
neighbor 2001:DB8:10:1:1::1 update-source Loopback0
!
address-family ipv4
!
address-family ipv6
Task 2: Configure BGP to Advertise a Network

Step 1 Enable the CE router to advertise the IPv4 and IPv6 addresses:
router bgp 64501
address-family ipv4
network 10.1.10.1 mask 255.255.255.255
address-family ipv6
network 2001:DB8:10:1:10::1/128
router bgp 64502
address-family ipv4
network 10.2.10.1 mask 255.255.255.255
address-family ipv6
network 2001:DB8:10:2:10::1/128
Step 2 Create a route policy and apply it in inbound and outbound directions on the PE1
router (Cisco IOS XR Software):
route-policy ALLOW_ALL

pass
end-policy
!
router bgp 64500
neighbor 192.168.101.11
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
neighbor 2001:db8:192:168:101::11
route-policy ALLOW_ALL in
route-policy ALLOW_ALL out
!
commit
Task 3 (Optional): Configure BGP Neighbor Authentication

Step 1 Enable BGP authentication:
router bgp 64501
neighbor 192.168.101.10 password cisco
router bgp 64500
neighbor 192.168.101.11
password cisco
!
commit
router bgp 64502
router bgp 64500
Lab 5-1 Answer Key: Implement ACLs


Step 1 Configure ACL:
PE1 (Cisco IOS XR):
ipv4 access-list FILTER
permit icmp any host 10.1.1.1
permit tcp any host 10.1.1.1 eq telnet
deny ipv4 any host 10.1.1.1
permit ipv4 any any
!
commit
ip access-list extended FILTER
permit icmp any host 10.2.1.1
permit tcp any host 10.2.1.1 eq telnet
deny ip any host 10.2.1.1
permit ip any any
Step 2 The ACL should be applied in the inbound direction to the first Gigabit Ethernet
interface.
ipv4 access-group FILTER ingress
!
commit
ip access-group FILTER in

Step 2 Configure ACL:
permit icmpv6 any host 2001:db8:10:1:1::1
permit tcp any host 2001:db8:10:1:1::1 eq telnet
deny ipv6 any host 2001:db8:10:1:1::1
permit ipv6 any any
!
commit
ipv6 access-list FILTERv6
permit icmp any host 2001:db8:10:2:1::1
permit tcp any host 2001:db8:10:2:1::1 eq telnet
deny ipv6 any host 2001:db8:10:2:1::1
permit ipv6 any any
Step 3 Apply the ACL to the interface:
ipv6 access-group FILTER ingress
!
commit

ipv6 traffic-filter FILTERv6 in
Task 3 (Optional): Configure Antispoofing ACLs

Step 1 Edit the IPv4 ACL:
no ipv4 access-list FILTER
permit icmp host 192.168.101.11 host 10.1.1.1
permit tcp host 192.168.101.11 host 10.1.1.1 eq telnet
deny ipv4 host 192.168.101.11 host 10.1.1.1
deny ipv4 host 10.1.10.1 host 10.1.1.1
permit ipv4 host 192.168.101.11 any
permit ipv4 host 10.1.10.1 any
!
commit
no ip access-list extended FILTER
ip access-list extended FILTER
deny ip host 192.168.102.21 host 10.2.1.1
deny ip host 10.2.10.1 host 10.2.1.1
permit ip host 192.168.102.21 any
permit ip host 10.2.10.1 any
Step 2 Edit the IPv6 ACL:
no ipv6 access-list FILTER
permit icmpv6 host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1
permit icmpv6 host 2011:DB8:10:1:10::1 host
2001:db8:10:1:1::1
permit tcp host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1 eq telnet
permit tcp host 2011:DB8:10:1:10::1 host 2001:db8:10:1:1::1
eq telnet
deny ipv6 host 2001:DB8:192:168:101::11 host
2001:db8:10:1:1::1
deny ipv6 host 2011:DB8:10:1:10::1 host 2001:db8:10:1:1::1
permit ipv6 host 2001:DB8:192:168:101::11 any
permit ipv6 host 2001:db8:10:1:10::1 any
!
commit
no ipv6 access-list FILTERv6
ipv6 access-list FILTERv6
permit icmp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
permit icmp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit tcp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1 eq telnet
permit tcp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1 eq
telnet
deny ipv6 host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
deny ipv6 host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit ipv6 host 2001:DB8:192:168:102::21 any
permit ipv6 host 2001:db8:10:2:10::1 any
Step 3 Create a new loopback and add the interface to IS-IS:
CE1 and CE2 (Cisco IOS Software):
interface Loopback10
ip address 172.16.0.1 255.255.255.255
ip router isis 1
ipv6 address 2001:DB8:172:16::1/128
ipv6 router isis 1
Step 4 Remove the IPv4 and IPv6 access list from the interface:
no ipv4 access-group FILTER ingress
no ipv6 access-group FILTER ingress
!
commit
no ip access-group FILTER in
no ipv6 traffic-filter FILTERv6 in
Lab 6-1 Answer Key: Manage Cisco IOS XR Package

When you complete this lab activity, device configuration and device outputs will be similar to
the results shown here, with differences that are specific to your Pod.
Task 1: Uninstall Cisco IOS XR Package

Complete these steps on the pod PE router (Cisco IOS XR Software):
Step 2 Deactivate software package:
RP/0/RSP0/CPU0:PE1#admin
Mon Jul 10 07:32:57.892 UTC
RP/0/RSP0/CPU0:PE1(admin)#install deactivate disk0:asr9k-mgbl-p-4.1.0
Mon Jul 10 07:33:05.945 UTC

Install operation 19 '(admin) install deactivate disk0:asr9k-mgbl-p-4.1.0'
started by user 'root' via CLI at 07:33:06 UTC Mon Jul 10 2000.
RP/0/RSP0/CPU0:Jul 10 07:33:06.403 : instdir[234]: %INSTALL-INSTMGR-6-
INSTALL_OPERATION_STARTED : Install operation 19 '(admin) install deactivate
disk0:asr9k-mgbl-p-4.1.0' started by user 'root'
Info: Install Method: Parallel Process Restart
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#Info: SDR Owner: Detected incompatibility
between the activated software
Info: and router running configuration.
Info: SDR Owner: Removing the incompatible configuration from the running
Info: configuration.
Info: SDR Owner: Use the "show configuration removed 20000710073325.cfg"
Info: command to view the removed config.
Info: NOTE: You must address the incompatibility issues with the
Info: removed configuration above and re-apply it to the running
Info: configuration as required. To address these issues enter
Info: configuration mode and use the
Info: "load configuration removed 20000710073325.cfg" and "commit"
Info: commands.
RP/0/RSP0/CPU0:Jul 10 07:33:28.481 : insthelper[65]: %MGBL-CONFIG-6-DB_COMMIT
: Configuration committed by user 'root'. Use 'show configuration commit
changes 1000000326' to view the changes.
RP/0/RSP0/CPU0:Jul 10 07:33:28.486 : insthelper[65]: %MGBL-CONFIG-6-PKG : Some
incompatible configuration was removed from the running configuration during
this software activation/deactivation operation and saved in file
'20000710073325.cfg'. To address the incompatibility issue enter configuration
mode and use the 'load configuration removed 20000710073325.cfg' and 'commit'
commands.
RP/0/RSP0/CPU0:Jul 10 07:33:54.450 : sysmgr[95]: %OS-SYSMGR-7-
INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:Jul 10 07:33:54.639 : schema_server[1159]: %MGBL-SCHEMA-6-
VERSIONCHANGE : A schema version change has occurred due to the unload of
schema file 'ciscosensormib_cfg.schema'. Any management applications which use
the schema may wish to update to the appropriate schema version.
RP/0/RSP0/CPU0:Jul 10 07:34:00.510 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED
: software installation is finished
RP/0/RSP0/CPU0:Jul 10 07:34:04.726 : insthelper[65]: ISSU: Starting sysdb bulk
start session
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used. Use
'install commit' to commit the active software.
INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 19 completed
successfully
Install operation 19 completed successfully at 07:34:08 UTC Mon Jul 10 2000.
Step 3 Commit the deactivation of the package:
RP/0/RSP0/CPU0:PE1(admin)#install commit
Mon Jul 10 07:34:52.226 UTC
Install operation 20 '(admin) install commit' started by user 'root' via CLI
at
INSTALL_OPERATION_STARTED : Install operation 20 '(admin) install commit'
started by user 'root'
07:34:52 UTC Mon Jul 10 2000.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Jul 10 07:34:55.775 : instdir[234]: %INSTALL-INSTMGR-4-
ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
successfully
Step 4 Remove inactive software:
RP/0/RSP0/CPU0:PE1(admin)#install remove disk0:asr9k-mgbl-p-4.1.0
Mon Jul 10 07:38:44.530 UTC
INSTALL_OPERATION_STARTED : Install operation 21 '(admin) install remove
Install operation 21 '(admin) install remove disk0:asr9k-mgbl-p-4.1.0' started
by user 'root' via CLI at 07:38:44 UTC Mon Jul 10 2000.
Info: This operation will remove the following packages:
Info: disk0:asr9k-mgbl-supp-4.1.0
Info: disk0:iosxr-mgbl-4.1.0
Info: disk0:asr9k-mgbl-p-4.1.0
Info: After this install remove the following install rollback points will
Info: no longer be reachable, as the required packages will not be
present:
Info: 8, 9, 10, 11, 14, 15, 17
Proceed with removing these packages? [confirm] <Enter>
RP/0/RSP0/CPU0:PE1(admin)#RP/0/RSP0/CPU0:Jul 10 07:38:58.472 : instdir[234]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install
operation 21 completed successfully
Task 2: Install Cisco IOS XR Package

Step 2 Install software package:
RP/0/RSP0/CPU0:PE1(admin)#install add disk0:asr9k-mgbl-p.pie-4.1.0
Sun Sep 25 09:32:41.942 UTC
Install operation 25 '(admin) install add /disk0:asr9k-mgbl-p.pie-4.1.0'
started by user 'root' via CLI at 09:32:42 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:32:42.311 : instdir[234]: %INSTALL-INSTMGR-6-
INSTALL_OPERATION_STARTED : Install operation 25 '(admin) install add
/disk0:asr9k-mgbl-p.pie-4.1.0' started by user 'root'
RP/0/RSP0/CPU0:PE1(admin)#
Info: The following package is now available to be activated:
Info:
Info: disk0:asr9k-mgbl-p-4.1.0
Info:
Info: The package can be activated across the entire router.
Info:
successfully
Install operation 25 completed successfully at 09:33:19 UTC Sun Sep 25 2011.
Sun Sep 25 09:33:51.490 UTC
at
09:33:51 UTC Sun Sep 25 2011.
options)RP/0/RSP0/CPU0:Sep 25 09:33:54.994 : instdir[234]: %INSTALL-INSTMGR-6-
successfully
Step 3 Activate software package:

RP/0/RSP0/CPU0:PE1(admin)#install activate disk0:asr9k-mgbl-p-4.1.0
Sun Sep 25 09:35:47.431 UTC
Install operation 27 '(admin) install activate disk0:asr9k-mgbl-p-4.1.0'
started by user 'root' via CLI at 09:35:47 UTC Sun Sep 25 2011.
INSTALL_OPERATION_STARTED : Install operation 27 '(admin) install activate
Info: Install Method: Parallel Process Restart
RP/0/RSP0/CPU0:PE1(admin)#
RP/0/RSP0/CPU0:Sep 25 09:36:38.041 : sysmgr[95]: %OS-SYSMGR-7-
INSTALL_NOTIFICATION : notification of software installation received
RP/0/RSP0/CPU0:Sep 25 09:36:38.223 : schema_server[1159]: %MGBL-SCHEMA-6-
VERSIONCHANGE : A schema version change has occurred due to the unload of
schema file 'ciscosensormib_cfg.schema'. Any management applications which use
the schema may wish to update to the appropriate schema version.
RP/0/RSP0/CPU0:Sep 25 09:36:38.771 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED
: software installation is finished
RP/0/RSP0/CPU0:Sep 25 09:36:42.725 : insthelper[65]: ISSU: Starting sysdb bulk
start session
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used. Use
'install commit' to commit the active software.
successfully
Step 4 Commit the activation of the package:
Sun Sep 25 09:37:04.416 UTC
at
09:37:04 UTC Sun Sep 25 2011.
options)RP/0/RSP0/CPU0:Sep 25 09:37:07.995 : instdir[234]: %INSTALL-INSTMGR-4-
ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same
as the committed software.
successfully
Task 3: Configuration Management

Step 1 Change the hostname:
RP/0/RSP0/CPU0:PE1(config)#hostname Test
RP/0/RSP0/CPU0:PE1(config)#commit
Mon Jul 10 08:01:21.620 UTC
RP/0/RSP0/CPU0:Jul 10 08:01:23.254 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000327' to view the changes.
RP/0/RSP0/CPU0:Test(config)#
Step 4 Roll back configuration to the last commit made:
RP/0/RSP0/CPU0:Test#rollback configuration last 1
Mon Jul 10 08:06:24.172 UTC
Loading Rollback Changes.
Loaded Rollback Changes in 1 sec
Committing..
1 items committed in 2 sec (0)items/sec
Updating.RP/0/RSP0/CPU0:Jul 10 08:06:27.638 : config_rollback[65728]: %MGBL-
CONFIG-6-DB_COMMIT : Configuration committed by user 'root'. Use 'show
configuration commit changes 1000000328' to view the changes.
Updated Commit database in 1 sec

Configuration successfully rolled back 1 commits.
RP/0/RSP0/CPU0:PE1#

Appendix A
Legend:
GE
FE
OC3 POS
Team 1 Team 2
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
Team z
CEx Pod x SWx PEx
GE0/0/0/
GE0/0 FE0/1 FE0/2
2 P1
GE0/0/0/0
FE0/23
GE0/0/0/
GE0/1 FE0/24 1 GE0/0/0/
FE0/21 FE0/21 3
FE0/22 FE0/22
FE0/1
FE0/2
FE0/23
SWxy
FE0/24 GE0/0/
FE0/21 GE0/0/ 2
GE0/1
FE0/23 FE0/22 1
FE0/24
GE0/0/3
P2
GE0/0 FE0/1 FE0/2 GE0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: GE POS0/2/1
FE Connections to
OC3 POS PE(y+2)
© 2012 Cisco Systems, Inc. Lab Guide – Appendix A 85

Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1xy.0/24
10.y.10.1 SWxy 10.y.0.1 10.y.1.1

192.168.2.0/24
192.168.1.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: GE
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
FE y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
Team 1 Team 2
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
10.10.10.13 10.10.10.18 10.10.10.21
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23


10.10.10.30 10.10.10.27 10.10.10.33 10.10.10.40 10.10.10.34 10.10.10.37
10.10.10.29 10.10.10.26 10.10.10.36
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38

Team 3 Team 4
© 2012 Cisco Systems, Inc. Lab Guide – Appendix A 87


Building Cisco Service Provider Next-Generation Networks, Part 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Building Cisco Service Provider Next-Generation Networks, Part 2

Uploaded by

Copyright:

Available Formats

SPNGN2

Building Cisco Service

Text Part Number: 97-3132-02

Pod Access Information

Parameter Default value Value

Team number z =1–4

Remote lab SSH access IP address 128.107.245.9

Remote lab SSH access username instr

Remote lab SSH access password testMe

Pod PE (Cisco IOS XR Software) router root

Pod PE (Cisco IOS XR Software) router 1ronMan

Pod CE, SW, and PE privileged level password cisco

CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7

CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8

Note: FE = Fast Ethernet; GE = Gigabit Ethernet.

CEx Cisco 2900 pod router 10.x.10.1/32 2001:db8:10:x:10::1/128

PEx Cisco ASR 9000 or Cisco 10.x.1.1/32 2001:db8:10:x:1::1/128

SWx Cisco ME340x pod switch 10.x.0.1/32 2001:db8:10:x:0::1/128

SWxy Cisco ME340x pod switch 10.xy.0.1/32 2001:db8:10:xy:0::1/128

P1 Cisco ASR 9000 core router 10.0.1.1/32 2001:db8:10:0:1::1/128

P2 Cisco ASR 9000 core router 10.0.2.1/32 2001:db8:10:0:2::1/128

© 2012 Cisco Systems, Inc. Lab Guide 3

10.y.10.1 SWxy 10.y.0.1 10.y.1.1

10.10.10.13 10.10.10.18 10.10.10.21

10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7

10.10.10.29 10.10.10.26 10.10.10.36

Device Interface IPv4 Address IPv6 Address

CEx GE0/0 192.168.10x.x1/24 2001:db8:192:168:10x::x1/80

CEy GE0/0 192.168.10y.y1/24 2001:db8:192:168:10y::y1/80

PE2 POS0/2/0 192.168.211.20/24 2001:db8:192:168:211::20/80

POS0/2/1 192.168.212.20/24 2001:db8:192:168:212::20/80

PE4 POS0/2/0 192.168.211.40/24 2001:db8:192:168:211::40/80

POS0/2/1 192.168.212.40/24 2001:db8:192:168:212::40/80

PE6 POS0/2/0 192.168.221.60/24 2001:db8:192:168:221::60/80

POS0/2/1 192.168.222.60/24 2001:db8:192:168:222::60/80

PE8 POS0/2/0 192.168.221.80/24 2001:db8:192:168:221::80/80

POS0/2/1 192.168.222.80/24 2001:db8:192:168:222::80/80

PEx GE0/0/0/0 192.168.10x.x0/24 2001:db8:192:168:10x::x0/80

GE0/0/0/1 192.168.1xy.x0/24 2001:db8:192:168:1xy::x0/80

© 2012 Cisco Systems, Inc. Lab Guide 5

GE0/0/0/2 192.168.x1.x0/24 2001:db8:192:168:x1::x0/80

GE0/0/0/3 192.168.x2.x0/24 2001:db8:192:168:x2::x0/80

PEy GE0/0/0 192.168.10y.y0/24 2001:db8:192:168:10y::y0/80

GE0/0/1 192.168.1xy.y0/24 2001:db8:192:168:1xy::y0/80

GE0/0/2 192.168.y1.y0/24 2001:db8:192:168:y1::y0/80

GE0/0/3 192.168.y2.y0/24 2001:db8:192:168:y2::y0/80

Device Device IP Address Peer Peer IP Address

Team z Optimize RSTP

© 2012 Cisco Systems, Inc. Lab Guide 7

configure terminal Enters configuration mode

interface interface Enters interface configuration mode

show interfaces interface Displays the administrative and operational status of a

show interfaces interface Displays interface trunk information

switchport mode access | Configures the VLAN membership or trunking mode of a

switchport access vlan Configures VLAN membership on an access port

switchport trunk allowed Specifies allowed VLANs on a trunk port

spanning-tree mode mst Sets STP mode to MSTP

spanning-tree mst Enters MST configuration mode

revision number Sets the MSTP revision number

instance instance_id vlan Maps VLANs to an MST instance

© 2012 Cisco Systems, Inc. Lab Guide 9