Professional Documents
Culture Documents
Building Cisco Service Provider Next-Generation Networks, Part 2
Building Cisco Service Provider Next-Generation Networks, Part 2
Lab Guide
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Lab Guide © 2012 Cisco and/or its affiliates. All rights reserved.
Table of Contents
Lab Guide ........................................................................................................................... 1
Overview ............................................................................................................................................... 1
Outline ............................................................................................................................................ 1
Job Aids................................................................................................................................................. 2
Pod Access Information .................................................................................................................. 2
Device Information .......................................................................................................................... 2
IP Addressing ................................................................................................................................. 4
Lab 2-1: Configure Advanced Switching ............................................................................................... 7
Activity Objective ............................................................................................................................ 7
Visual Objective .............................................................................................................................. 7
Required Resources ....................................................................................................................... 7
Command List................................................................................................................................. 8
Task 1: Configure VLANs ............................................................................................................... 9
Task 2: Configure Trunking .......................................................................................................... 10
Task 3: Configure RSTP ............................................................................................................... 12
Task 4 (Optional): Configure MSTP ............................................................................................. 13
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy .................................................. 16
Activity Objective .......................................................................................................................... 16
Visual Objective ............................................................................................................................ 16
Required Resources ..................................................................................................................... 16
Command List............................................................................................................................... 17
Task 1: Configure and Verify Inter-VLAN Routing ........................................................................ 19
Task 2: Configure HSRP .............................................................................................................. 21
Task 3: Configure VRRP .............................................................................................................. 24
Lab 3-1: Implement OSPF .................................................................................................................. 27
Activity Objective .......................................................................................................................... 27
Visual Objective ............................................................................................................................ 27
Required Resources ..................................................................................................................... 27
Command List............................................................................................................................... 28
Task 1: Configure OSPFv2 ........................................................................................................... 30
Task 2: Configure OSPFv3 ........................................................................................................... 31
Task 3 (Optional): Configure OSPFv2 Authentication .................................................................. 32
Lab 3-2: Implement IS-IS .................................................................................................................... 33
Activity Objective .......................................................................................................................... 33
Visual Objective ............................................................................................................................ 33
Required Resources ..................................................................................................................... 33
Command List............................................................................................................................... 34
Task 1: Configure IS-IS for IPv4 ................................................................................................... 36
Task 2: Configure IS-IS for IPv6 ................................................................................................... 37
Task 3 (Optional): Configure IS-IS Authentication ....................................................................... 39
Lab 4-1: Configure Basic BGP ............................................................................................................ 40
Activity Objective .......................................................................................................................... 40
Visual Objective ............................................................................................................................ 40
Required Resources ..................................................................................................................... 40
Command List............................................................................................................................... 41
Task 1: Configure BGP Process and BGP Peering ..................................................................... 43
Task 2: Configure BGP to Advertise a Network ........................................................................... 44
Task 3 (Optional): Configure BGP Neighbor Authentication ........................................................ 45
Lab 5-1: Implement ACLs ................................................................................................................... 47
Activity Objective .......................................................................................................................... 47
Visual Objective ............................................................................................................................ 47
Required Resources ..................................................................................................................... 47
Command List............................................................................................................................... 48
Task 1: Configure IPv4 Filtering ................................................................................................... 49
Task 2: Configure IPv6 Filtering ................................................................................................... 50
Task 3 (Optional): Configure Antispoofing ACLs .......................................................................... 52
Lab 6-1: Manage Cisco IOS XR Package .......................................................................................... 54
Activity Objective .......................................................................................................................... 54
Visual Objective ............................................................................................................................ 54
Required Resources ..................................................................................................................... 54
Command List .............................................................................................................................. 55
Task 1: Uninstall Cisco IOS XR Package..................................................................................... 56
Task 2: Install Cisco IOS XR Package ......................................................................................... 57
Task 3: Configuration Management ............................................................................................. 58
Answer Key ......................................................................................................................................... 59
Lab 2-1 Answer Key: Configure Advanced Switching .................................................................. 59
Lab 2-2 Answer Key: Configure Inter-VLAN Routing and Gateway Redundancy ....................... 61
Lab 3-1 Answer Key: Implement OSPF ....................................................................................... 66
Lab 3-2 Answer Key: Implement IS-IS ......................................................................................... 68
Lab 4-1 Answer Key: Configure Basic BGP ................................................................................. 73
Lab 5-1 Answer Key: Implement ACLs ........................................................................................ 76
Lab 6-1 Answer Key: Manage Cisco IOS XR Package................................................................ 79
Appendix A .......................................................................................................................................... 84
ii Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
SPNGN2
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Job Aids
Lab 2-1: Configure Advanced Switching
Lab 2-2: Configure Inter-VLAN Routing and Gateway Redundancy
Lab 3-1: Implement OSPF
Lab 3-2: Implement IS-IS
Lab 4-1: Configure Basic BGP
Lab 5-1: Implement ACLs
Lab 6-1: Manage Cisco IOS XR Package
Answer Key
Appendix A (Tear-Out)
Job Aids
These job aids are available to help you complete lab activities.
Pod number x = 1, 3, 5, 7
or
y = 2, 4, 6, 8
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in one
pod, and two pods will work in one team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
The CE routers in both pods are running Cisco IOS Software. The first pod within a team (pods
1, 3, 5, or 7) will work on the PE router running Cisco IOS XR Software, and the second pod
within the same team (pods 2, 4, 6, or 8) will work on the PE router running Cisco IOS XE
Software.
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have redundant POS connections, as shown in the following topology:
2 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Legend:
GE
FE
OC3 POS
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-4
Device Name Device Role Lo0 IPv4 Address Lo0 IPv6 Address
The following figure illustrates the interface identification that is used in this lab setup.
FE0/2
FE0/23
SWxy
FE0/24 GE0/0/
FE0/21 GE0/0/ 2
FE0/23 FE0/22 1
GE0/1
FE0/24
GE0/0/3
P2
GE0/0 FE0/1 FE0/2 GE0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: GE POS0/2/1
FE Connections to
OC3 POS PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-5
IP Addressing
The following figure illustrates the IP addressing scheme that is used in this lab setup.
Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.2.0/24
192.168.1.0/24
192.168.1xy.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: GE
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
FE y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-6
The following figure illustrates the management IP addresses used in this lab setup.
4 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
SW12 SW34
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-7
Note Replace the x or y with your pod number to get the IP addresses within your pod (for
example, x is for odd number pods 1, 3, 5, and 7; y is for even number pods 2, 4, 6, and 8).
Replace the xy (where x < y) with numbers of the pods within the same team (for example,
12, 34, 56, or 78) to get IP addresses on the link between those pods.
Pod IP Addressing
P1 192.168.x1.1/24 2001:db8:192:168:x1::1/80
192.168.y1.1/24 2001:db8:192:168:y1::1/80
P2 192.168.x2.2/24 2001:db8:192:168:x2::2/80
192.168.y2.2/24 2001:db8:192:168:y2::2/80
P1 192.168.1.1/24 P2 192.168.1.2/24
2001:db8:192:168:1::1/80 2001:db8:192:168:1::2/80
192.168.2.1/24 192.168.2.2/24
2001:db8:192:168:2::1/80 2001:db8:192:168:2::2/80
6 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lab 2-1: Configure Advanced Switching
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify advanced switching features. After completing
this activity, you will be able to meet these objectives:
Configure VLANs
Configure trunking
Configure RSTP
Configure MSTP
Note Students from two different pods are working in teams. Students in the same team should
coordinate their lab activity and proceed through steps simultaneously (step by step).
Visual Objective
The figure illustrates what you will accomplish in this activity.
FE0/23
GE0/1 TRUNK FE0/21
1, x0, y0
FE0/21 TRUNK
FE0/1 1, x0, y0
Configure VLANs
FE0/2 SWxy
FE0/23 Configure trunking
TRUNK
GE0/1 1, x0, y0 FE0/21
FE0/23 GE0/0/0
GE0/0 FE0/1 FE0/2
VLAN y0
CEy Pod y SWy PEy
Configure MSTP
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-8
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
Command Description
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ipv6 address Sets an IPv6 address for an interface and the subnet mask
ip_address/mask
ping destination_address Pings the specified address (IPv4 or IPv6) from the
source interface specified interface
8 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 1: Configure VLANs
In this task, you will first create additional VLANs. Then you will configure router facing
switch ports for access mode and put them into proper VLANs. You will have to coordinate
your activities with another pod in your team.
Note For a port and interface identification as well as an IP addressing scheme, use Job Aids.
Activity Procedure
Complete these steps:
Step 1 On the pod CE router, remove any IP addressing from the GigabitEthernet0/1
interface.
Step 2 On the pod CE router, remove any IP addresses from the GigabitEthernet0/0
interface. Assign the removed IP addresses to the GigabitEthernet0/1 interface.
Step 3 On the pod and shared switches, create two VLANs, one for your pod “VLAN x0”
and one for another pod in your team “VLAN y0” (where x is 1, 3, 5, or 7, and y is
2, 4, 6, and 8).
Step 4 On the shared switch, configure CE facing port access and put it into your pod
VLAN. Make sure that the port is NNI type.
Step 5 On the pod switch, configure CE and PE facing ports access and put them into your
pod VLAN. Make sure that the ports are NNI type.
Activity Verification
You have completed this task when you attain these results:
Note Outputs in the verification section are taken from team 1 and pod 1 and may differ from your
outputs.
On the pod switch, verify administrative and operational mode and access VLAN:
SW1#show interfaces FastEthernet0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
< output omitted >
On the shared switch, verify administrative and operational mode and access VLAN:
SW12# show interfaces FastEthernet0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Activity Procedure
Complete these steps:
Step 1 On the pod switch, enable trunking on the ports that are facing the shared switch
(FastEthernet0/23) and the pod switch of the other (FastEthernet0/21). Allow only
VLANs 1, x0, and y0 to pass the trunk. Make sure that the switch ports are NNI
type.
Step 2 On the shared switch, enable trunking on the ports that are facing pod switches
(FastEthernet0/21 and FastEthernet0/23). Allow only VLANs 1, x0, and y0 to pass
the trunk. Make sure that the switch ports are NNI type.
Activity Verification
You have completed this task when you attain this result:
From the CE router, ping the PE router:
CE1# ping 192.168.101.10
10 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Port Vlans allowed on trunk
Fa0/21 1,10,20
Activity Procedure
Complete these steps:
Step 1 On the pod switch, verify STP mode for VLAN x0 and y0. STP mode should be
RSTP by default.
SW1#show spanning-tree vlan 10 | include Spanning
Spanning tree enabled protocol rstp
SW1#show spanning-tree vlan 20 | include Spanning
Spanning tree enabled protocol rstp
Step 2 Find the root switch for both VLANs. Note the root switch bellow:
SW1#show spanning-tree vlan 10 | include root
SW1#show spanning-tree vlan 20 | include root
!
SW2#show spanning-tree vlan 10 | include root
SW2#show spanning-tree vlan 20 | include root
!
SW12#show spanning-tree vlan 10 | include root
This bridge is the root
SW12#show spanning-tree vlan 20 | include root
This bridge is the root
VLAN x0 root switch: ___________________________
VLAN y0 root switch: ___________________________
Step 3 Find the blocking port for each VLAN. Note the ports bellow:
SW1#show spanning-tree vlan 10 | include BLK
Fa0/21 Altn BLK 19 128.23 P2p
SW1#show spanning-tree vlan 20 | include BLK
Fa0/21 Altn BLK 19 128.23 P2p
!
SW2#show spanning-tree vlan 10 | include BLK
SW2#show spanning-tree vlan 20 | include BLK
!
SW12#show spanning-tree vlan 10 | include BLK
SW12#show spanning-tree vlan 20 | include BLK
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________
12 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Note You should find out that the same switch is designated as a root for both VLANs, and that
the same port is blocking for both VLANs. Thus, not all of the links are utilized.
Step 4 Optimize RSTP operations by assigning pod SWx switch as the root for VLAN x0
and pod SWy switch as the root for VLAN y0. The pod switches also should be
backup root switches for the pod switch of the other.
Step 5 Find the blocking port for each VLAN. Note the ports bellow:
VLAN x0 blocking port: Port:______________Switch:____________
VLAN y0 blocking port: Port:______________Switch:____________
Note Note the difference. You should see that traffic from different VLANs takes different paths
now. All available links between switches should be utilized now.
Activity Verification
You have completed this task when you attain this result:
Blocking ports after the RSTP optimization:
SW1#show spanning-tree vlan 10 | include BLK
SW1#show spanning-tree vlan 20 | include BLK
!
SW2#show spanning-tree vlan 10 | include BLK
SW2#show spanning-tree vlan 20 | include BLK
!
SW12#show spanning-tree vlan 10 | include BLK
Fa0/21 Altn BLK 19 128.23 P2p
SW12#show spanning-tree vlan 20 | include BLK
Fa0/23 Altn BLK 19 128.25 P2p
Activity Procedure
Complete these steps:
Step 1 On the pod and shared switches, set the spanning tree mode to MSTP.
Step 2 Set the name of the MSTP configuration to LAB. Set the revision number of MSTP
to 1. Create instance 1 and associate VLAN x0 with the instance. Create instance 2
and associate VLAN y0 with the instance.
Step 3 Configure your pod switch to be the root for the MST instance supporting your
VLAN.
Activity Verification
You have completed this task when you attain this result:
On the pod and shared switches, verify that MSTP is running:
© 2012 Cisco Systems, Inc. Lab Guide 13
SW1#show spanning-tree | include MST|Spanning
MST0
Spanning tree enabled protocol mstp
MST1
Spanning tree enabled protocol mstp
MST2
Spanning tree enabled protocol mstp
!
SW2#show spanning-tree | include MST|Spanning
MST0
Spanning tree enabled protocol mstp
MST1
Spanning tree enabled protocol mstp
MST2
Spanning tree enabled protocol mstp
!
SW12#show spanning-tree | include MST|Spanning
MST0
Spanning tree enabled protocol mstp
MST1
Spanning tree enabled protocol mstp
MST2
Spanning tree enabled protocol mstp
On the pod and shared switches, verify the MST instance to VLAN mapping:
SW1#show spanning-tree mst configuration
Name [LAB]
Revision 1 Instances configured 3
14 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
--------------------------------------------------------------
-----------------
!
SW12#show spanning-tree mst configuration
Name [LAB]
Revision 1 Instances configured 3
Activity Objective
In this activity, you will configure inter-VLAN routing on the PE routers. Then you will
configure HSRP and VRRP between PE routers. After completing this activity, you will be able
to meet these objectives:
Configure and verify inter-VLAN routing.
Configure and verify HSRP.
Configure and verify VRRP.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
192.168.10x.x0/24
CEx Pod x VLAN x0 SWx 192.168.10y.y2/24 PEx HSRP
FE0/2 GE0/0/0/0 VRRP
VLANs x0, y0
FE0/23
GE0/1 FE0/21
192.168.10x.x1/24 192.168.10x.x3/24
FE0/21
192.168.10y.y3/24
VLANs 1,x0, y0
FE0/1
FE0/2 SWxy
FE0/23
192.168.10y.y1/24
GE0/1 FE0/21
FE0/23 VLANs x0, y0
FE0/2 GE0/0/0
CEy Pod y VLAN y0 SWy 192.168.10x.x2/24 PEy
192.168.10y.y0/24
Legend:
TRUNK
GE
FE
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-9
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
16 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command Description
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ip route subnet mask Configures static route
next_hop_IP_address
ipv6 address Sets an IPv6 address for an interface and the subnet mask
ip_address/mask
ping destination_address Pings the specified address (IPv4 or IPv6) from the
source interface specified interface
Command Description
ipv4 address ip_address Sets an IPv4 address for an interface and the subnet mask
mask
ipv6 address Sets an IPv6 address for an interface and the subnet mask
ip_address/mask
ping destination_address Pings the specified address (IPv4 or IPv6) from the specified
source interface interface
18 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 1: Configure and Verify Inter-VLAN Routing
In this task, you will configure inter-VLAN routing between VLANs x0 and y0. You will have
to reconfigure the PE pod router and pod switch to support inter-VLAN routing. You will have
to coordinate your activities with another pod in the team.
Activity Procedure
Complete these steps:
Step 1 On the pod switch, configure the PE facing port as a trunk. Allow only VLANs x0
and y0 on the trunk. For port identification, use Job Aids.
Step 2 On the pod PE router, note the IPv4 and IPv6 address on the first Gigabit Ethernet
interface below:
IPv4:_______________________________
IPv6:_______________________________
Step 3 On the pod PE router, remove the IPv4 and IPv6 addresses from the first Gigabit
Ethernet interface.
Step 4 On the pod PE router, create two subinterfaces on the first Gigabit Ethernet
interface. Use x0 or y0 (where x is 1, 3, 5, or 7, and y is 2, 4, 6, or 8) as interface
identifiers. Assign the x0 or y0 VLAN tag to the subinterface. Assign IPv4 and IPv6
addresses to the subinterfaces.
GE0/0/0/0.y0 y0 192.168.10y.y2/24
2001:db8:192:168:10y::y2/80
GE0/0/0.y0 y0 192.168.10y.y0/24
2001:db8:192:168:10y::y0/80
Step 5 On the pod CE router, create a static default IPv6 route using the ipv6 route ::/0
interface next-hop-IPv6-address command that will point to the subinterface that is
configured on the pod PE router.
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, ping the other pod CE router using IPv6:
CE1#ping 2001:DB8:192:168:102::21
Note Your ping will not be successful until the other pod finished the configuration in this task.
20 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Configure HSRP
In this task, you will enable HSRP on the pod PE router for your pod VLAN. You will have to
coordinate your activities with another pod in the team.
The figure illustrates what you will accomplish in this task.
192.168.10x.x3/24
192.168.10y.y3/24
192.168.10y.y1/24
GE0/0/0.x0 GE0/0/0.y0
192.168.10x.x2/24 192.168.10y.y0/24
PEy CEy
Active router for VLAN y0
Backup router for VLAN x0
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-10
Activity Procedure
Complete these steps:
Step 1 On your pod and the neighbor pod, PE routers enable HSRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Enable HSRP pre-
emption. Make sure that your pod PE router is active for your VLAN. Use the
following IP addresses as virtual IP addresses:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
Step 2 On the pod CE router, configure a static default IPv4 route that will point to your
pod HSRP address.
Activity Verification
You have completed this task when you attain this result:
On the pod PE router, verify HSRP configuration:
RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:42:34.591 UTC
P indicates configured to preempt.
|
22 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
!
commit
PE2 (Cisco IOS XE):
interface GigabitEthernet0/0/0.20
shutdown
Minimal disruption in the ping from pod CE router:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
On the pod PE router, verify HSRP configuration:
RP/0/RSP0/CPU0:PE1#show hsrp
Sun Jul 9 10:53:12.356 UTC
P indicates configured to preempt.
|
Interface Grp Pri P State Active addr Standby addr
Group addr
Gi0/0/0/0.10 1 150 P Init unknown unknown
192.168.101.13
Gi0/0/0/0.20 2 100 P Standby 192.168.102.20 local
192.168.102.23
!
PE2#show standby
GigabitEthernet0/0/0.10 - Group 1
State is Active
2 state changes, last state change 00:05:01
Virtual IP address is 192.168.101.13
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.680 secs
Preemption enabled
Active router is local
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Gi0/0/0.10-1" (default)
GigabitEthernet0/0/0.20 - Group 2
State is Active
1 state change, last state change 00:14:26
Virtual IP address is 192.168.102.23
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.712 secs
Preemption enabled
Active router is local
Standby router is 192.168.102.22, priority 100 (expires in
9.920 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/0/0.20-2" (default)
Activity Procedure
Complete these steps:
Step 1 On your pod and the neighbor pod, PE routers enable VRRP for IPv4 on the first
Gigabit Ethernet subinterface. You are configuring subinterfaces belonging to your
pod subnet, and the neighboring pod will configure subinterfaces belonging to the
neighbor pod subnet. Use your pod number as a group ID. Make sure that your pod
PE router is active for your VLAN. Use the following IP addresses as a virtual IP
address:
Pod x: 192.168.10x.x3/24
Pod y: 192.168.10y.y3/24
Activity Verification
You have completed this task when you attain this result:
On the pod PE router, verify the VRRP configuration:
RP/0/RSP0/CPU0:PE1#show vrrp
Sun Jul 9 11:07:10.700 UTC
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter
addr
Gi0/0/0/0.10 1 150 P Master local
192.168.101.13
Gi0/0/0/0.20 2 100 P Backup 192.168.102.20
192.168.102.23
IPv6 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter
addr
!
PE2#show vrrp
GigabitEthernet0/0/0.10 - Group 1
State is Backup
Virtual IP address is 192.168.101.13
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
24 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Master Router is 192.168.101.10, priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.127 sec)
GigabitEthernet0/0/0.20 - Group 2
State is Master
Virtual IP address is 192.168.102.23
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec
From the pod CE router, start a continuous ping to the neighbor pod CE router. The ping
should be successful. On the pod PE router, shut down the interface for your VLAN while
the ping is still active. You should see minimal disruption in the ping, while the standby
router assumes an active state.
CE1#ping 192.168.102.21 repeat 100000
GigabitEthernet0/0/0.20 - Group 2
State is Master
Virtual IP address is 192.168.102.23
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.102.20 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec
Step 2 Enable the previously disabled interface and remove the VRRP configuration from
the PE router.
Step 3 On the PE router, remove subinterfaces that are configured in this lab activity and
configure IPv4 and IPv6 addresses on the first Gigabit Ethernet interface.
Step 4 On the pod switch, configure the PE facing port as access and assign port into
VLANx0 or VLANy0 (where x or y is your pod number). For port identification,
use Job Aids.
Step 5 On the pod CE router, disable the second Gigabit Ethernet interface and configure IP
addresses that are found on the second Gigabit Ethernet interface to the first Gigabit
Ethernet interface.
26 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lab 3-1: Implement OSPF
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify the OSPFv2 and OSPFv3 routing protocols. You
will also configure OSPFv2 authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Configure and verify OSPFv2 and OSPFv3
Configure and verify OSPFv2 authentication
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x OSPF Area 0 PEx
CEy PEy
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-11
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
Command Description
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ip ospf authentication Enables MD5 OSPFv2 authentication on an interface
message-digest
ip ospf message-digest-key Specifies MD5 key ID and key
key-id md5 key
ipv6 address Sets an IPv6 address for an interface and the subnet mask
ip_address/mask
ipv6 ospf process_id area Enables OSPFv3 on an interface
area_id
ipv6 router ospf Enters OSPFv3 router configuration mode
process_id
network ip_address Enables OSPFv2 for specified networks
wildcard_mask area area_id
router ospf process_id Enters OSPFv2 router configuration mode
Command Description
ipv4 address ip_address mask Sets an IPv4 address for an interface and the subnet
mask
ipv6 address ip_address/mask Sets an IPv6 address for an interface and the subnet
mask
message-digest-key key-id md5 Specifies MD5 key ID and key
key
28 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Command Description
Activity Procedure
Complete these steps:
Step 1 On the pod CE and PE routers, configure Loopback0 interface assign IPv4 address
that is as documented in the Job Aids.
Step 2 On the pod CE and PE routers, enable the OSPFv2 routing process. Enable OSPFv2
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0 and process ID 1.
Activity Verification
You have completed this task when you attain these results:
On the pod CE and PE routers, verify OSPFv2 neighbors. Adjacency should be established
and loopback interfaces should be used as OSPF router ID.
CE1#show ip ospf neighbor
30 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Configure OSPFv3
In this task, you will configure the OSPFv3 routing protocol between pod CE and PE routers.
Activity Procedure
Complete these steps:
Step 1 On the pod CE and PE routers, configure IPv6 address on the Loopback0 interface
as defined in Job Aids.
Step 2 On the pod CE and PE routers, enable the OSPFv3 routing process. Enable OSPFv3
on the Loopback0 interface and on the first Gigabit Ethernet interface on each
router. Use OSPF Area 0.
Activity Verification
You have completed this task when you attain these results:
On the pod CE and PE routers, verify the OSPFv3 neighbors. Adjacency should be
established and Loopback0 interfaces should be used as OSPF router ID.
CE1#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID
Interface
10.1.1.1 1 FULL/BDR 00:00:31 7
GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospfv3 neighbor
Neighbors for OSPFv3 1
Activity Procedure
Complete these steps:
Step 1 On the pod PE and CE routers, enable OSPFv2 MD5 authentication on the first
Gigabit Ethernet interface. Use key ID “1” and key “Cisco.” On the pod PE router,
enable authentication on the area level.
Activity Verification
You have completed this task when you attain this result:
Verify that OSPF adjacencies are still up.
CE1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address
Interface
10.1.1.1 1 FULL/DR 00:00:33
192.168.101.10 GigabitEthernet0/0
!
RP/0/RSP0/CPU0:PE1#show ospf neighbor
Neighbors for OSPF 1
32 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lab 3-2: Implement IS-IS
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify the IS-IS routing protocol for IPv4 and IPv6. You
will also configure IS-IS authentication to secure the exchange of routing information.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Configure and verify IS-IS for IPv4 and IPv6
Configure and verify IS-IS authentication
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x IS-IS Area 49.0000 PEx
CEy PEy
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-12
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
Command Description
Command Description
address-family ipv4|ipv6 Enters IPv4 or IPv6 address family for IS-IS and enables IS-
unicast IS on an interface for IPv4 or IPv6 address family
34 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Command Description
Activity Procedure
Complete these steps:
Step 1 Create a NET address for the pod CE and PE routers. Use 49 as the AFI, 0000 as the
area ID, and extended Loopback0 IPv4 address as the system ID. Write down the
NET address:
PE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
CE: _ _._ _ _ _._ _ _ _._ _ _ _._ _ _ _._ _
Step 2 On the pod CE and PE routers, enable the IS-IS process and configure the NET
address on each router.
Step 3 On the pod CE and PE routers, enable IS-IS for Layer 2 routing only. Enable wide-
style metrics for IPv4.
Step 4 On the pod CE and PE routers, change the IS-IS administrative distance for IPv4 to
105.
Step 5 On the pod CE and PE routers, enable IS-IS for IPv4 on Loopback0 and the first
Gigabit Ethernet interfaces.
Note Changing of administrative distance is required for a router to prefer IS-IS routes. Otherwise,
OSPF routers would be seen in the routing table. Recall that OSPF by default uses
administrative distance 110, while IS-IS uses 115.
Activity Verification
You have completed this task when you attain these results:
On the PE and CE routers, verify IS-IS neighbors. Adjacency should be established and the
type of routers should be Layer 2.
CE1#show isis neighbors
36 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
CE1#show ip route isis
< text omitted >
Activity Procedure
Complete these steps:
Step 1 On the pod PE routers (Cisco IOS XR Software only), enable wide-style metrics for
IPv6.
Note Wide-style metrics are enabled separately per address family on Cisco IOS XR routers only.
On Cisco IOS and IOS XE routers, wide-style metrics are enabled for all address families.
Therefore, wide-style metrics on Cisco IOS and IOS XE routers already have been enabled
in the previous task.
Step 2 On the pod CE and PE routers, change the IS-IS administrative distance for IPv6 to
105.
Step 3 On the pod PE router (Cisco IOS XR Software only), configure the single-topology
IS-IS for IPv6.
Note Configuration of single-topology IS-IS is needed on Cisco IOS XR routers only. Cisco IOS
XR routers use multitopology IS-IS by default, while Cisco IOS and IOS XE routers use
single-topology IS-IS by default.
Step 4 On the pod CE and PE routers, enable IS-IS for IPv6 on Loopback0 and the first
Gigabit Ethernet interfaces.
38 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 3 (Optional): Configure IS-IS Authentication
In this task, you will enable IS-IS MD5 authentication between the pod PE and CE routers.
Recall that IS-IS is a multiprotocol routing protocol and that IS-IS authentication is enabled for
CLNP, not for IPv4 or IPv6.
Activity Procedure
Complete these steps:
Step 1 On the pod PE and CE routers, enable MD5 IS-IS LSP and hello packets
authentication. Use key ID “1” and key “Cisco.”
Activity Verification
You have completed this task when you attain this result:
On the pod CE and PE routers, verify that IS-IS adjacencies are still up.
CE1#show isis neighbors
Activity Objective
In this activity, you will configure and verify BGP routing. You will establish an EBGP session
between the CE and PE routers, and establish an IBGP session between PE routers. After
completing this activity, you will be able to meet these objectives:
Configure and verify the BGP process and BGP peering
Configure BGP to advertise a network
Configure BGP authentication
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod
AS x
6450x Pod x AS 64500 PEx
EBGP
IBGP
Enable BGP
authentication
AS 6450y
EBGP
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-13
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
40 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.
Cisco IOS and IOS XE Software Commands
Command Description
clear ip bgp ip_address Clears the BGP session with the specified neighbor
network network mask mask Specifies the IPv4 networks to be advertised by the BGP
network network/prefix Specifies the IPv6 networks to be advertised by the BGP
ping destination_address Pings the specified address (IPv4 or IPv6)
router bgp as_number Configures the BGP routing process
show ip bgp Displays entries in the BGP IPv4 routing table
show ip bgp ipv6 unicast Displays entries in the BGP IPv6 routing table
show ip bgp ipv6 unicast Displays the status of all BGP IPv6 connections
summary
show ip bgp summary Displays the status of all BGP IPv4 connections
Command Description
42 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 1: Configure BGP Process and BGP Peering
In this task, you will enable and verify the BGP process and IBGP and EBGP peering between
routers.
Activity Procedure
Complete these steps. On the pod PE and CE routers, use the following AS numbers:
CEx: AS 6450x
CEy: AS 6450y
PEx and PEx: AS 64500
Step 1 Between pod PE and CE routers, configure EBGP peering. Establish two sessions,
one using an IPv4 address and one using an IPv6 address. Activate an IPv4 session
for IPv4 routes and an IPv6 session for IPv6 routes.
Step 2 Between two PE routers in the team, enable a second Gigabit Ethernet interface, add
IP addresses, and start IS-IS Layer 2 routing.
Step 3 Between two PE routers in the team, configure IBGP peering. Establish two
sessions, one using an IPv4 address and one using an IPv6 address. Use Loopback0
interfaces for peering. Make sure that Loopback0 interfaces are used as the source
interface when establishing the IBGP sessions. Activate IPv4 session for IPv4 routes
and IPv6 session for IPv6 routes.
Activity Verification
You have completed this task when you attain these results:
Verify CE to PE connectivity using the IPv4 and IPv6 addresses:
CE1#ping 192.168.101.10
Activity Procedure
Complete these steps:
Step 1 Enable the pod CE router to advertise IPv4 and IPv6 addresses of the Looback0
interface to the pod PE router using BGP.
Step 2 On the PE router running Cisco IOS XR Software, create a route policy that allows
all routing updates to pass. Apply the route policy to the IPv4 and IPv6 EBGP
neighbor (CE router) in inbound and outbound directions.
Note Recall that on the platforms running Cisco IOS XR Software, BGP routing updates are not
automatically sent to and received from EBGP neighbors. A route policy has to be
configured, which allows sending and receiving routing updates to and from EBGP
neighbors.
44 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain this result:
On the pod CE router, verify the IPv4 and IPv6 BGP tables:
CE1#show ip bgp
< text omitted >
Network Next Hop Metric LocPrf Weight
Path
*> 10.1.10.1/32 0.0.0.0 0 32768 i
*> 10.2.10.1/32 192.168.101.10 0
64500 64502 i
!
CE1#show bgp ipv6 unicast
< text omitted >
Network Next Hop Metric LocPrf Weight
Path
*> 2001:DB8:10:1:10::1/128
:: 0 32768 i
*> 2001:DB8:10:2:10::1/128
2001:DB8:192:168:101::10
0
64500 64502 i
On the pod CE router, verify the IPv4 and IPv6 routing tables:
CE1#show ip route bgp
< text omitted >
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.2.10.1/32 [20/0] via 192.168.101.10, 00:04:30
!
CE1#show ipv6 route bgp
< text omitted >
B 2001:DB8:10:2:10::1/128 [20/0]
via FE80::4255:39FF:FE2E:C420, GigabitEthernet0/0
Activity Procedure
Complete these steps:
Step 1 Between pod CE and PE routers, enable BGP authentication for the IPv4 session.
Use password “Cisco.”
Note An already established BGP session will not go down automatically. On the PE router, use
the Cisco IOS XR clear bgp * command or Cisco IOS XE clear ip bgp * command to clear
the BGP session. Verify that the IPv4 BGP session between routers establishes back.
46 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lab 5-1: Implement ACLs
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify filtering using IPv4 and IPv6 access control lists
(ACLs). You will also configure antispoofing ACLs.
In the lab activity, you will work on different Cisco routers running Cisco IOS (c2900), Cisco
IOS XE (asr1001), and Cisco IOS XR (asr9k) software.
After completing this activity, you will be able to meet these objectives:
Configure and verify IPv4 ACL
Configure and verify IPv6 ACL
Configure and verify antispoofing
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x PEx
Configure IPv4
and IPv6 ACLs
Configure and
Pod y verify antispoofing
CEy PEy
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-14
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
Command Description
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ip router isis process_id Enables IS-IS on an interface for IPv4
ipv6 address Sets an IPv6 address for an interface and the subnet mask
ip_address/mask
ipv6 router isis Enables IS-IS on an interface for IPv6
process_id
ping destination_address Pings the specified address (IPv4 or IPv6) from the
source interface specified interface
Command Description
48 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 1: Configure IPv4 Filtering
In this task, you will configure IPv4 filtering using ACL. You will configure an IPv4 ACL on
the pod PE router that will allow only ICMP and Telnet traffic to the Loopback0 interface.
Activity Procedure
Complete these steps:
Step 1 From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the
pod PE router using the ping and traceroute commands. From the pod CE router,
use the telnet command to connect to the pod PE router. The Telnet should be
successful.
CE1#ping 10.1.1.1
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Step 2 On the pod PE router, configure an IPv4 access list that will allow only ICMP and
Telnet traffic to the Loopback0 interface of the PE router from the pod CE router.
Permit all traffic to other IPv4 addresses on the pod PE router.
Step 3 On the pod PE router, apply the ACL to the interface.
To which interface do you have to apply the ACL?
____________________________________________________________________
In which direction?
____________________________________________________________________
1 192.168.101.10 !A !A *
From the pod CE router, verify IPv4 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.
CE1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Activity Procedure
Complete these steps:
Step 1 From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the
pod PE router using the ping, traceroute, and telnet commands.
CE1#ping 2001:db8:10:1:1::1
50 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
!
CE1#traceroute 2001:db8:10:1:1::1
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Step 2 On the pod PE router, configure an IPv6 access list that will allow only ICMP and
Telnet traffic to the PE Loopback0 interface from the pod CE router. Permit all
traffic to other IPv6 addresses on the pod PE router.
Step 3 On the pod PE router, apply the ACL to the interface.
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the ping command. Ping should be successful.
CE1#ping 2001:db8:10:1:1::1
1 2001:DB8:10:1:1::1 !A !A !A
From the pod CE route,r verify IPv6 connectivity to the Loopback0 interface of the pod PE
router using the telnet command. The Telnet should be successful.
Username: root
Password: <1ronMan>
RP/0/RSP0/CPU0:PE1#
Activity Procedure
Complete these steps:
Step 1 On the pod PE router, remove the existing IPv4 ACL and create a new IPv4 ACL
(with same ACL name) to prevent IP spoofing from the pod CE router. Allow only
packets that have a source IP address either from the CE router Loopback0 or first
Gigabit Ethernet interface. The functionality of the existing ACL should remain the
same.
Step 2 On the pod PE router, edit the existing IPv6 ACL to prevent IP spoofing from the
pod CE router. Allow only packets that have a source IP address either from the CE
router Loopback0 or first Gigabit Ethernet interface. The functionality of the
existing ACL should remain the same.
Step 3 On the pod CE router, create a new loopback (Loopback10) interface on the CE
router. Add the Loopback10 interface to the IS-IS routing process for IPv4 and IPv6.
Configure the Loopback10 interface with the following addresses:
IPv4 address: 172.16.0.x 255.255.255.255
IPv6 address: 2001:db8:172:16::x/128
Activity Verification
You have completed this task when you attain this result:
From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should not be successful
CE1#ping 10.1.1.1 source Loopback10
52 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Sending 5, 100-byte ICMP Echos to 2001:DB8:10:1:1::1, timeout
is 2 seconds:
Packet sent with a source address of 2001:DB8:172:16::1
AAAAA
Success rate is 0 percent (0/5)
Step 4 Remove the IPv4 and IPv6 access list from the interface.
From the pod CE router, the Loopback10 interface pings the pod PE router using IPv4 and
IPv6 addresses. The ping should be successful
CE1#ping 10.1.1.1 source Loopback10
Activity Objective
In this lab activity, you will perform software maintenance operations on the Cisco IOS XR
router.
After completing this activity, you will be able to meet these objectives:
Install the Cisco IOS XR Software package
Uninstall the Cisco IOS XR Software package
Perform configuration commit and configuration rollback
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x PEx
Manage Cisco
IOS XR Software
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-15
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
A SSH client that is installed on the PC
54 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
Cisco IOS XR Commands
Command Description
show configuration commit changes Displays the details of all changes that are made
last <n> during a span of changes
show configuration commit list Displays the commit IDs for the available rollback
points
rollback configuration last <n> Rolls back configuration to the last <n> commits
made
Activity Procedure
Complete these steps on the pod router PE (Cisco IOS XR Software only):
Step 1 Verify which software packages are active.
RP/0/RSP0/CPU0:PE1#show install active
Mon Jul 10 07:30:53.991 UTC
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-p-4.1.0.CSCto96804-1.0.0
disk0:asr9k-p-4.1.0.CSCto95435-1.0.0
disk0:asr9k-mini-p-4.1.0
disk0:asr9k-optic-4.1.0
disk0:asr9k-doc-p-4.1.0
disk0:asr9k-k9sec-p-4.1.0
disk0:asr9k-video-p-4.1.0
disk0:asr9k-mpls-p-4.1.0
disk0:asr9k-mgbl-p-4.1.0
disk0:asr9k-mcast-p-4.1.0
disk0:asr9k-p-4.1.0.CSCto94570-1.0.0
Activity Verification
Complete lab activity verification:
On the pod PE router (Cisco IOS XR Software only), verify which software packages are
active.
On the pod PE router (Cisco IOS XR Software only), verify that software package asr9k-
mgbl-p-4.1.0 is inactive.
56 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Install Cisco IOS XR Package
In this task, you will install and activate one of the Cisco IOS XR software packages.
Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1 On the pod PE router, verify that PIE file asr9k-mgbl-p.pie-4.1.0 is located at disk0.
RP/0/RSP0/CPU0:PE1(admin)#dir disk0: | include mgbl
Mon Jul 10 08:16:30.505 UTC
5411168 -rwx 6215998 Mon Jul 10 08:16:17 2000 asr9k-mgbl-p.pie-4.1.0
Step 2 Install software package MGBL using PIE file asr9k-mgbl-p.pie-4.1.0 located at
disk0 and wait for the process to end.
Step 3 Activate software package disk0:asr9k-mgbl-p-4.1.0.
Step 4 Commit the activation of the package.
Activity Verification
Complete lab activity verification:
Verify that software package asr9k-mgbl-p-4.1.0 is installed and activated:
RP/0/RSP0/CPU0:PE1(admin)#show install active
Sun Sep 25 09:38:54.088 UTC
Secure Domain Router: Owner
Activity Procedure
Complete these steps on the pod PE router (Cisco IOS XR Software only):
Step 1 Change the hostname to “Test” and commit the configuration.
Step 2 Check the available configuration rollback points.
RP/0/RSP0/CPU0:Test(config)#show configuration commit list
Mon Jul 10 08:03:38.893 UTC
SNo. Label/ID User Line Client Time Stamp
~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~
1 1000000327 root con0_RSP0_CPU0 CLI Mon Jul 10 08:01:21
2000
2 1000000326 root con0/RSP0/CPU0 cfgmgr-ins Mon Jul 10 07:33:26
2000
3 1000000325 root con0_RSP0_CPU0 CLI Mon Jul 10 07:17:33
2000
4 1000000324 root con0_RSP0_CPU0 CLI Mon Jul 10 06:59:42
2000
5 1000000323 root con0_RSP0_CPU0 CLI Mon Jul 10 06:50:22
2000
6 1000000322 root con0_RSP0_CPU0 CLI Mon Jul 10 06:34:18
2000
< output omitted >
Step 3 Check the configuration details for last configuration commit.
RP/0/RSP0/CPU0:Test(config)#show configuration commit changes 1000000327
Mon Jul 10 08:04:51.028 UTC
Building configuration...
!! IOS XR Configuration 4.1.0
hostname Test
end
Step 4 Roll back configuration to the last commit made.
Activity Verification
Complete lab activity verification:
Check the available configuration rollback points.
Check the configuration details for last configuration commit.
Verify that the hostname of pod PE router is not Test anymore:
RP/0/RSP0/CPU0:PE1#
58 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.
SW2:
spanning-tree vlan 20 root primary
spanning-tree vlan 10 root secondary
62 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
!
commit
PE2 (Cisco IOS XE):
interface GigabitEthernet0/0/0.10
standby 1 ip 192.168.101.13
standby 1 preempt
!
interface GigabitEthernet0/0/0.20
standby 2 ip 192.168.102.23
standby 2 preempt
standby 2 priority 150
Step 2 Configure a static default route:
CE1:
ip route 0.0.0.0 0.0.0.0 192.168.101.13
CE2:
ip route 0.0.0.0 0.0.0.0 192.168.102.23
Step 3 Enable the interface and remove HSRP configuration:
PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0.10
no shutdown
!
no router hsrp
!
commit
PE2 (Cisco IOS XE Software):
interface GigabitEthernet0/0/0.10
no standby 1
!
interface GigabitEthernet0/0/0.20
no shutdown
no standby 2
64 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
no ip address
no ipv6 address
no encapsulation dot1q 10
no interface GigabitEthernet0/0/0.10
!
interface GigabitEthernet0/0/0.20
no ip address
no ipv6 address
no encapsulation dot1q 20
no interface GigabitEthernet0/0/0.20
!
interface GigabitEthernet0/0/0
ip address 192.168.102.20 255.255.255.0
ipv6 address 2001:db8:192:168:102::20/80
Step 4 Configure access port:
SW1 (Cisco IOS Software):
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
SW2 (Cisco IOS Software):
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
Step 5 Reconfigure interfaces:
CE1 (Cisco IOS Software):
interface GigabitEthernet0/1
shutdown
no ip address
no ipv6 address
!
interface GigabitEthernet0/0
ip address 192.168.101.11 255.255.255.0
ipv6 address 2001:DB8:192:168:101::11/80
CE2 (Cisco IOS Software):
interface GigabitEthernet0/1
shutdown
no ip address
no ipv6 address
!
interface GigabitEthernet0/0
ip address 192.168.102.21 255.255.255.0
ipv6 address 2001:DB8:192:168:102::21/80
66 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Configure OSPFv3
During this task, you need to enter the following commands:
Step 1 Configure the IPv6 address on the Loopback0 interface:
CE1 (Cisco IOS Software):
interface Loopback0
ipv6 address 2001:DB8:10:1:10::1/128
PE1 (Cisco IOS XR Software):
interface Loopback0
ipv6 address 2001:db8:10:1:1::1/128
!
commit
CE2 (Cisco IOS Software):
interface Loopback0
ipv6 address 2001:DB8:10:2:10::1/128
PE2 (Cisco IOS XE Software):
interface Loopback0
ipv6 address 2001:db8:10:2:1::1/128
Step 2 Enable OSPFv3 routing:
CE1 (Cisco IOS Software):
ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
interface GigabitEthernet0/0
ipv6 enable
ipv6 ospf 1 area 0
PE1 (Cisco IOS XR Software):
router ospfv3 1
area 0
interface Loopback0
interface GigabitEthernet0/0/0/0
!
commit
CE2 (Cisco IOS Software):
ipv6 router ospf 1
exit
!
interface Loopback0
ipv6 ospf 1 area 0
!
interface GigabitEthernet0/0
ipv6 enable
ipv6 ospf 1 area 0
68 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Step 2 Enable the IS-IS process and configure NET:
CE1 (Cisco IOS Software):
router isis 1
net 49.0000.0100.0101.0001.00
PE1 (Cisco IOS XR Software):
router isis 1
net 49.0000.0100.0100.1001.00
!
commit
CE2 (Cisco IOS Software):
router isis 1
net 49.0000.0100.0201.0001.00
PE2 (Cisco IOS XE Software):
router isis 1
net 49.0000.0100.0200.1001.00
Step 3 Change the IS-IS router type and enable wide-style metrics for IPv4:
CE1 (Cisco IOS Software):
router isis 1
is-type level-2-only
metric-style wide
PE1 (Cisco IOS XR Software):
router isis 1
is-type level-2-only
address-family ipv4 unicast
metric-style wide
!
commit
CE2 (Cisco IOS Software):
router isis 1
is-type level-2-only
metric-style wide
PE2 (Cisco IOS XE Software):
router isis 1
is-type level-2-only
metric-style wide
Step 4 Change IS-IS administrative distance for IPv4:
CE1 (Cisco IOS Software):
router isis 1
distance 105 ip
PE1 (Cisco IOS XR Software):
router isis 1
address-family ipv4 unicast
distance 105
!
70 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Step 2 Change IS-IS administrative distance for IPv6:
CE1 (Cisco IOS Software):
router isis 1
address-family ipv6 unicast
distance 105
PE1 (Cisco IOS XR Software):
router isis 1
address-family ipv6 unicast
distance 105
!
commit
CE2 (Cisco IOS Software):
router isis 1
address-family ipv6 unicast
distance 105
PE2 (Cisco IOS XE Software):
router isis 1
address-family ipv6 unicast
distance 105
Step 3 Configure single-topology IS-IS for IPv6 on the PE1 router (Cisco IOS XR
Software):
router isis 1
address-family ipv6 unicast
single-topology
!
commit
Step 4 Enable IS-IS for IPv6 on interfaces:
CE1 (Cisco IOS Software):
interface Loopback0
ipv6 router isis 1
!
interface GigabitEthernet0/0
ipv6 router isis 1
PE1 (Cisco IOS XR Software):
router isis 1
interface Loopback0
address-family ipv6 unicast
!
interface GigabitEthernet0/0/0/0
address-family ipv6 unicast
!
commit
CE2 (Cisco IOS Software):
interface Loopback0
ipv6 router isis 1
!
© 2012 Cisco Systems, Inc. Lab Guide 71
interface GigabitEthernet0/0
ipv6 router isis 1
PE2 (Cisco IOS XE Software):
interface Loopback0
ipv6 router isis 1
!
interface GigabitEthernet0/0/0
ipv6 router isis 1
72 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
key chain ISIS
key 1
key-string cisco
exit
!
router isis 1
authentication mode md5
authentication key-chain ISIS
!
interface GigabitEthernet0/0/0
isis authentication mode md5
isis authentication key-chain ISIS
74 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Step 3 Configure IBGP:
PE1 (Cisco IOS XR Software):
router bgp 64500
neighbor 10.2.1.1
remote-as 64500
update-source Loopback0
address-family ipv4 unicast
!
neighbor 2001:db8:10:2:1::1
remote-as 64500
update-source Loopback0
address-family ipv6 unicast
!
commit
PE2 (Cisco IOS XE Software):
router bgp 64500
neighbor 10.1.1.1 remote-as 64500
neighbor 10.1.1.1 update-source Loopback0
neighbor 2001:DB8:10:1:1::1 remote-as 64500
neighbor 2001:DB8:10:1:1::1 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
no neighbor 2001:DB8:10:1:1::1 activate
!
address-family ipv6
neighbor 2001:DB8:10:1:1::1 activate
76 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
permit tcp any host 10.1.1.1 eq telnet
deny ipv4 any host 10.1.1.1
permit ipv4 any any
!
commit
PE2 (Cisco IOS XE Software):
ip access-list extended FILTER
permit icmp any host 10.2.1.1
permit tcp any host 10.2.1.1 eq telnet
deny ip any host 10.2.1.1
permit ip any any
Step 2 The ACL should be applied in the inbound direction to the first Gigabit Ethernet
interface.
PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0
ipv4 access-group FILTER ingress
!
commit
PE2 (Cisco IOS XE Software):
interface GigabitEthernet0/0/0
ip access-group FILTER in
78 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
!
commit
PE2 (Cisco IOS XE Software):
no ipv6 access-list FILTERv6
ipv6 access-list FILTERv6
permit icmp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
permit icmp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit tcp host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1 eq telnet
permit tcp host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1 eq
telnet
deny ipv6 host 2001:DB8:192:168:102::21 host
2001:db8:10:2:1::1
deny ipv6 host 2001:db8:10:2:10::1 host 2001:db8:10:2:1::1
permit ipv6 host 2001:DB8:192:168:102::21 any
permit ipv6 host 2001:db8:10:2:10::1 any
Step 3 Create a new loopback and add the interface to IS-IS:
CE1 and CE2 (Cisco IOS Software):
interface Loopback10
ip address 172.16.0.1 255.255.255.255
ip router isis 1
ipv6 address 2001:DB8:172:16::1/128
ipv6 router isis 1
Step 4 Remove the IPv4 and IPv6 access list from the interface:
PE1 (Cisco IOS XR Software):
interface GigabitEthernet0/0/0/0
no ipv4 access-group FILTER ingress
no ipv6 access-group FILTER ingress
!
commit
PE2 (Cisco IOS XE Software):
interface GigabitEthernet0/0/0
no ip access-group FILTER in
no ipv6 traffic-filter FILTERv6 in
80 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
RP/0/RSP0/CPU0:Jul 10 07:34:55.776 : instdir[234]: %INSTALL-INSTMGR-6-
INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 20 completed
successfully
Install operation 20 completed successfully at 07:34:55 UTC Mon Jul 10 2000.
Step 4 Remove inactive software:
RP/0/RSP0/CPU0:PE1(admin)#install remove disk0:asr9k-mgbl-p-4.1.0
Mon Jul 10 07:38:44.530 UTC
RP/0/RSP0/CPU0:Jul 10 07:38:44.742 : instdir[234]: %INSTALL-INSTMGR-6-
INSTALL_OPERATION_STARTED : Install operation 21 '(admin) install remove
disk0:asr9k-mgbl-p-4.1.0' started by user 'root'
Install operation 21 '(admin) install remove disk0:asr9k-mgbl-p-4.1.0' started
by user 'root' via CLI at 07:38:44 UTC Mon Jul 10 2000.
Info: This operation will remove the following packages:
Info: disk0:asr9k-mgbl-supp-4.1.0
Info: disk0:iosxr-mgbl-4.1.0
Info: disk0:asr9k-mgbl-p-4.1.0
Info: After this install remove the following install rollback points will
Info: no longer be reachable, as the required packages will not be
present:
Info: 8, 9, 10, 11, 14, 15, 17
Proceed with removing these packages? [confirm] <Enter>
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:PE1(admin)#RP/0/RSP0/CPU0:Jul 10 07:38:58.472 : instdir[234]:
%INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install
operation 21 completed successfully
Install operation 21 completed successfully at 07:38:58 UTC Mon Jul 10 2000.
RP/0/RSP0/CPU0:PE1(admin)#install commit
Sun Sep 25 09:33:51.490 UTC
Install operation 26 '(admin) install commit' started by user 'root' via CLI
at
09:33:51 UTC Sun Sep 25 2011.
RP/0/RSP0/CPU0:Sep 25 09:33:51.817 : instdir[234]: %INSTALL-INSTMGR-6-
INSTALL_OPERATION_STARTED : Install operation 26 '(admin) install commit'
started by user 'root'
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Sep 25 09:33:54.994 : instdir[234]: %INSTALL-INSTMGR-6-
INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 26 completed
successfully
Install operation 26 completed successfully at 09:33:54 UTC Sun Sep 25 2011.
Step 3 Activate software package:
82 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Step 4 Roll back configuration to the last commit made:
RP/0/RSP0/CPU0:Test#rollback configuration last 1
Mon Jul 10 08:06:24.172 UTC
Loading Rollback Changes.
Loaded Rollback Changes in 1 sec
Committing..
1 items committed in 2 sec (0)items/sec
Updating.RP/0/RSP0/CPU0:Jul 10 08:06:27.638 : config_rollback[65728]: %MGBL-
CONFIG-6-DB_COMMIT : Configuration committed by user 'root'. Use 'show
configuration commit changes 1000000328' to view the changes.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-4
84 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Team z
CEx Pod x SWx PEx
GE0/0/0/
GE0/0 FE0/1 FE0/2
2 P1
GE0/0/0/0
FE0/23
GE0/0/0/
GE0/1 FE0/24 1 GE0/0/0/
FE0/21 FE0/21 3
FE0/22 FE0/22
FE0/1
FE0/2
FE0/23
SWxy
FE0/24 GE0/0/
FE0/21 GE0/0/ 2
GE0/1
FE0/23 FE0/22 1
FE0/24
GE0/0/3
P2
GE0/0 FE0/1 FE0/2 GE0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: GE POS0/2/1
FE Connections to
OC3 POS PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-5
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1xy.0/24
192.168.1.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: GE
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
FE y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-6
86 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—LG-7