Professional Documents
Culture Documents
♦ Connect CE1, CE2, CE3, CE4, CE5, CE6, as well as CE7, CE8 to
the Catalyst switches 3550 and 3750-M base on the drawing please
try to use same port numbers to reduce complexity when it comes
to troubleshooting.
Task 1.2:
Task 1.3:
Switching Configuration
hostname 3550
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.0
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
switchport mode dynamic desirable
duplex full
speed 100
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
!
interface FastEthernet0/3
description to PE3-RACK1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 13,23,24,30,31,66,67,123
switchport mode trunk
!
interface FastEthernet0/4
description TO ASBR2-RACK1 -VLAN 240
switchport access vlan 240
switchport mode access
duplex half
!
interface FastEthernet0/5
description To PE4 - VLAN 240
switchport access vlan 240
switchport mode access
duplex full
speed 100
!
interface FastEthernet0/6
switchport access vlan 672
switchport mode access
!
interface FastEthernet0/7
description to PE4 - Trunk VLAN600/VLAN300
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet0/8
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/18
switchport mode dynamic desirable
duplex full
speed 10
!
interface FastEthernet0/19
switchport mode dynamic desirable
duplex full
speed 10
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
duplex full
speed 10
!
interface FastEthernet0/23
switchport mode dynamic desirable
duplex full
speed 10
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
hostname 3750-M
!
no aaa new-model
ip subnet-zero
ip routing
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/1
description to CE1 VPN ieMentor Site 2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 123
Task 2.1:
hostname RR1-RACK1
!
!
interface Loopback0
ip address 10.1.1.254 255.255.255.255
!
interface Ethernet0/0
no ip address
full-duplex
!
interface Ethernet0/0.20
description to PE2 -VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.254 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf priority 255
!
interface Ethernet0/0.30
description to PE3 -VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.254 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf priority 255
!
router ospf 100
router-id 10.1.1.254
log-adjacency-changes
area 0 authentication message-digest
redistribute connected metric 2 subnets route-map loopback
network 172.16.20.0 0.0.0.255 area 0
network 172.16.30.0 0.0.0.255 area 0
!
ip classless
!
access-list 1 permit 10.1.1.254 log
route-map loopback permit 10
match ip address 1
hostname PE1-RACK1
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface FastEthernet0/0
description to PE3 VLAN31
ip address 172.16.13.1 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
speed 100
full-duplex
!
interface Serial0/0
description to Inter-AS ASBR1
no ip address
encapsulation frame-relay
no keepalive
!
interface Serial0/0.101 multipoint
description to Inter-AS ASBR1 ISIS
ip address 172.16.222.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf network point-to-point
tag-switching ip
frame-relay map ip 172.16.222.1 201 broadcast
frame-relay map ip 172.16.222.2 201 broadcast
no frame-relay inverse-arp
!
interface FastEthernet0/1
description to PE2 VLAN21
ip address 172.16.12.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
speed 100
full-duplex
!
interface ATM1/0
no ip address
no atm ilmi-keepalive
!
interface ATM1/0.100 point-to-point
mtu 9216
ip address 140.100.1.2 255.255.255.0
pvc 1/100
protocol ip 140.100.1.1 broadcast
encapsulation aal5snap
!
router ospf 100
router-id 10.1.1.1
log-adjacency-changes detail
hostname PE2-RACK1
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.20
description to RR - VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
interface Ethernet0/0.21
description to PE1 - VLAN 21
encapsulation dot1Q 21
ip address 172.16.12.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
interface Ethernet0/0.123
description to PE3 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
interface Ethernet0/1
description to BB1-RACK1
no ip address
full-duplex
!
router ospf 100
router-id 172.16.123.2
log-adjacency-changes detail
area 0 authentication message-digest
area 123 authentication message-digest
area 123 virtual-link 172.16.123.3 message-digest-key 1 md5 iementor
redistribute connected subnets route-map connected
network 10.1.1.2 0.0.0.0 area 0
network 172.16.12.0 0.0.0.255 area 0
network 172.16.20.0 0.0.0.255 area 0
network 172.16.123.0 0.0.0.255 area 123
hostname PE3-RACK1
!
interface Loopback0
ip address 10.1.1.3 255.255.255.255
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.30
description to RR - VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.3 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
interface Ethernet0/0.31
description to PE1 - VLAN 31
encapsulation dot1Q 31
ip address 172.16.13.3 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
interface Ethernet0/0.123
description to PE2 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.3 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
router ospf 100
router-id 172.16.123.3
log-adjacency-changes detail
area 0 authentication message-digest
area 13 authentication message-digest
area 123 authentication message-digest
area 123 virtual-link 172.16.123.2 message-digest-key 1 md5 iementor
network 10.1.1.3 0.0.0.0 area 0
network 172.16.13.0 0.0.0.255 area 13
network 172.16.30.0 0.0.0.255 area 0
network 172.16.123.0 0.0.0.255 area 123
hostname ASBR1-RACK1
!
interface Loopback0
ip address 10.1.1.100 255.255.255.255
ip ospf network point-to-point
!
interface Ethernet0/0
no ip address
ip accounting output-packets
half-duplex
!
interface Serial0/0
description to ASBR2-RACK1
ip address 172.16.113.1 255.255.255.0
no ip proxy-arp
encapsulation ppp
clock rate 256000
no fair-queue
!
interface Ethernet0/1
no ip address
half-duplex
!
interface Serial0/1
description to ASBR2-RACK1
ip address 172.16.114.1 255.255.255.0
ip pim sparse-dense-mode
encapsulation ppp
!
interface Serial0/2
description to PE1-RACK1 ISIS
ip address 172.16.222.2 255.255.255.0
ip pim sparse-dense-mode
encapsulation frame-relay
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf network point-to-point
no keepalive
clock rate 8000000
frame-relay map ip 172.16.222.1 201 broadcast
frame-relay map ip 172.16.222.2 201 broadcast
no frame-relay inverse-arp
!
router ospf 100
log-adjacency-changes detail
area 0 authentication message-digest
area 13 authentication message-digest
area 13 virtual-link 10.1.1.1 message-digest-key 1 md5 iementor
network 172.16.222.0 0.0.0.255 area 13
Task 2.2:
ASBR2
PE4
PE4-RACK1#sho ip route os
10.0.0.0/32 is subnetted, 2 subnets
O 10.1.1.200 [110/2] via 172.16.240.1, 00:05:26, FastEthernet0/0
O*N2 0.0.0.0/0 [110/1] via 172.16.240.1, 00:03:53, FastEthernet0/0
ASBR2-RACK1#sho ip ospf
*Mar 13 01:41:32.421: %SYS-5-CONFIG_I: Configured from console by console
Routing Process "ospf 100" with ID 10.1.1.200
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
It is an autonomous system boundary router
Redistributing External Routes from,
static with metric mapped to 2, includes subnets in redistribution
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 65 msecs
Task 2.4:
Task 2.5:
Task 2.6:
Task 2.7:
PE3-RACK1(config)#mpls ip
PE3-RACK1(config)#mpls label protocol ldp
PE3-RACK1(config)#int ethernet 0/0
PE3-RACK1(config-if)#mpls ip
Task 2.8:
Task 2.9:
Task 3.1:
Task 3.2:
PE1
PE2
PE3
ASBR1
ASBR2
PE4
Task 4.1:
Task 4.2:
Task 4.3:
Task 4.4:
Task 4.5:
hostname PE3
!
no aaa new-model
ip cef
!
l2tp-class iementor-class
authentication
password 7 060F0A2C
cookie size 4
!
pseudowire-class PE3-PE2
encapsulation l2tpv3
protocol l2tpv3 iementor-class
ip local interface Loopback0
!
!
hostname PE2-RACK1
ip cef
!
l2tp-class iementor-class
authentication
password 7 151B0E01
cookie size 4
!
pseudowire-class PE3-PE2
encapsulation l2tpv3
protocol l2tpv3 iementor-class
ip local interface Loopback0
!
crypto isakmp policy 10
hash md5
authentication rsa-sig
!
crypto isakmp key iem6727 address 10.1.1.3
!
crypto ipsec transform-set iem esp-des esp-md5-hmac
!
crypto map combines 10 ipsec-isakmp
description to PE3
set peer 10.1.1.3
set transform-set iem
match address 115
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
crypto map combines
!
interface ethernet0/0.82
no ip address
no cdp enable
encapsulation dot1Q 112
xconnect 10.1.1.3 100 pw-class PE3-PE2
Section 5: Multicast
Task 5.1:
Task 5.2:
Task 5.3:
Task 5.4:
Task 5.5:
The above configuration tells every router in the PIM domain that
group 224.8.8.8 has an RP on 10.1.1.2. Therefore, it can run in
sparse mode. Immediately, every router that has receivers for the
224.8.8.8 group (in our case, it’s only CE8) will try to create a
shared Multicast tree with RP PE2 at its root. The shared tree would
be pretty simple in our case:
This mapping indicates that if PE3 ever hears about the Multicast
group listed in RP-10.1.1.2-Groups ACL (i.e. directly connected
receivers join the group), it will try to build a shared Multicast tree
with RP 10.1.1.2 at its root.
Show ip pim rp is the result of the shared tree creation. You will
only see the output for this command on the routers that are part
of the shared tree: CE8 and PE2.
CE8-RACK1#show ip pim rp
Group: 224.8.8.8, RP: 10.1.1.2, uptime 00:18:13, expires never
PE2-RACK1#sh ip pim rp
Group: 224.8.8.8, RP: 10.1.1.2, next RP-reachable in 00:00:11
Notice the difference in the outputs. The first output is from the
leaf router CE8. It indicates that the RP has been up for 18 minutes
and 13 seconds. The second output is from the RP PE2. It indicates
that it will send the next RP-reachability message for 224.8.8.8 on
Ethernet 1/0 interface in 11 seconds. It does it every 90 seconds.
PE2-RACK1#debug ip pim
04:29:23: PIM(0): Send RP-reachability for 224.8.8.8 on Ethernet0/0.82
Let’s look at how CE8 tries to create the shared tree. We’ll remove
the static RP information from CE8, enable debug, and then re-
enter the static RP command. The process looks like this:
PE2-RACK1#debug ip pim
04:43:21: PIM(0): Received v2 Join/Prune on Ethernet0/0.82 from
10.82.1.1, to us
04:43:21: PIM(0): Join-list: (*, 224.8.8.8), RPT-bit set, WC-bit set, S-
bit set
04:43:21: PIM(0): Check RP 10.1.1.2 into the (*, 224.8.8.8) entry
04:43:21: PIM(0): Add Ethernet0/0.82/10.82.1.1 to (*, 224.8.8.8), Forward
state, by PIM *G Join
The result is the added (*,G) entry to the Multicast routing table on
PE2 and CE8.
PE1-RACK1#sh ip pim rp
Å NO OUTPUT
PE1-RACK1#sh ip mroute 224.8.8.8
Group 224.8.8.8 not found
PE2-RACK1#ping 224.8.8.8
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.8.8.8, timeout is 2 seconds:
By the way, you have received three replies, because three ICMP
messages have been sent out. One from each PIM-enabled
interface on PE2:
The ICMP echo sent via the Ethernet0/0.82 directly to CE8 took the
Sparse shared tree that has already been created. We can assume
that the very first reply (8 ms) was for that packet.
Verify.
CE1-RACK1#show ip pim rp
PE3-RACK1#show ip pim rp
Group: 224.1.1.1, RP: 10.1.1.1, uptime 00:11:08, expires never
PE1-RACK1#show ip pim rp
Group: 224.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:00:46
Let’s check PE2. It should not know about the RP for this group as
it’s not part of the shared tree.
PE2-RACK1#sh ip pim rp
Group: 224.8.8.8, RP: 10.1.1.2, next RP-reachable in 00:00:44
Verify on PE3:
As you can see each router knows about all three static RP
mappings. The last RP 10.1.1.3 is static for the group specified in
RP-10.1.1.3-Groups access-list.
PE3-RACK1#show ip pim rp
Group: 224.2.2.2, RP: 10.1.1.3, next RP-reachable in 00:00:23
Group: 224.1.1.1, RP: 10.1.1.1, uptime 00:19:30, expires never
Not every router knows about each elected RP. For example, PE3
only knows that it is an RP for the 224.2.2.2 group and that it’s
part of the shared tree for group 224.1.1.1 with the 10.1.1.1 RP.
PE3-RACK1#ping 224.2.2.2
PE3-RACK1#ping 224.8.8.8
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.8.8.8, timeout is 2 seconds:
There are three ways to prevent dense mode fallback. First one is
to simply change the ip sparse-dense-mode config to ip pim
sparse-mode on all PIM interfaces. This would prevent IP PIM
dense mode to ever go in effect when RP information is lost. In
fact, if there’s no static RP available and Auto-RP is not configured
or is misconfigured, Multicast traffic will fail. We can’t use this
method, because we have configured Dense groups, and need to
leave them this way.
The third way is to configure a sink RP. This method was used
before the ip pim dm-fallback command became available.
If you have already configured some static RPs and would like to
keep them that way, you would have to exclude them when
configuring a sink RP.
Groups command. You can’t have more than one group list
configured for a single static RP.
PE1-RACK1#sh ip pim rp
Group: 235.235.235.235, RP: 10.1.1.1, next RP-reachable in 00:00:43
Group: 235.5.5.5, RP: 10.1.1.1, next RP-reachable in 00:01:20
Group: 239.255.255.255, RP: 10.1.1.1, next RP-reachable in 00:01:20
Group: 224.2.127.254, RP: 10.1.1.1, next RP-reachable in 00:01:20
Group: 225.8.8.8, RP: 10.1.1.1, next RP-reachable in 00:01:20
Group: 229.0.0.1, RP: 10.1.1.1, next RP-reachable in 00:01:20
Group: 229.0.0.2, RP: 10.1.1.1, next RP-reachable in 00:01:20
Group: 225.2.2.2, RP: 10.1.1.1, next RP-reachable in 00:00:01
Group: 225.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:01:26
Group: 224.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:00:42
By now you should see why some groups show up in the list and
why others don’t. For example, 224.2.2.2 is not in the list because
PE3 is its RP, and PE1 is not part of that shared tree.
These two new groups are the result of configuring ip sdr listen.
Task 6.1:
hostname PE1-RACK1
!
ip vrf iementor
route-target export 100:100
route-target import 100:100
!
ip cef
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Loopback11
description BGP Loopback
ip address 11.11.11.11 255.255.255.0
!
interface FastEthernet0/0
description to PE3 VLAN31
ip address 172.16.13.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
speed 100
full-duplex
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching ip
!
interface Serial0/0
BB2
hostname BB2-RACK1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Loopback1
ip address 8.2.1.7 255.255.255.0
!
interface Loopback2
ip address 18.2.2.7 255.255.255.0
!
interface Loopback3
ip address 28.3.2.7 255.255.255.0
!
interface Loopback4
ip address 38.2.1.7 255.255.255.0
!
interface Loopback33
ip address 12.2.1.1 255.255.255.0
!
interface Loopback46
ip address 157.46.1.1 255.255.255.0
!
interface Loopback47
ip address 157.46.2.1 255.255.255.0
!
interface Loopback48
ip address 157.46.3.1 255.255.255.0
!
interface Loopback49
ip address 157.46.4.1 255.255.252.0
!
interface Loopback210
ip address 210.112.1.1 255.255.255.0
!
interface Loopback211
ip address 210.112.2.1 255.255.255.0
!
interface Loopback212
ip address 210.112.3.1 255.255.255.0
!
interface Loopback213
ip address 210.112.4.1 255.255.255.0
!
interface ATM1/0
no ip address
atm vc-per-vp 4096
no atm ilmi-keepalive
!
interface ATM1/0.100 point-to-point
ip address 140.100.1.1 255.255.255.0
pvc 1/100
protocol ip 140.100.1.2 broadcast
encapsulation aal5snap
!
router bgp 22
bgp log-neighbor-changes
network 140.100.1.0 mask 255.255.255.0
aggregate-address 210.112.0.0 255.255.0.0 summary-only
redistribute connected metric 2
neighbor 140.100.1.2 remote-as 65001
neighbor 140.100.1.2 password iementor
Task 6.2:
♦
interface Ethernet0/0.13
description to PE2 - VLAN 82
encapsulation dot1Q 13
ip address 10.13.1.1 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain iem
no snmp trap link-status
!
router rip
version 2
network 1.0.0.0
network 10.0.0.0
network 22.0.0.0
neighbor 10.13.1.3
no auto-summary
PE3
ip vrf iementor
rd 100:100
route-target export 100:100
route-target import 100:100
!
key chain iem
key 1
key-string 408
!
router rip
version 2
!
address-family ipv4 vrf iementor
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
interface Ethernet0/0.13
description to CE1 - VLAN 13
encapsulation dot1Q 13
ip vrf forwarding iementor
ip address 10.13.1.3 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain iem
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
neighbor 10.1.1.254 remote-as 65001
neighbor 10.1.1.254 update-source Loopback0
neighbor 10.1.1.254 password iementor
no auto-summary
!
address-family vpnv4
neighbor 10.1.1.254 activate
neighbor 10.1.1.254 send-community extended
exit-address-family
!
address-family ipv4 vrf iementor
no auto-summary
no synchronization
exit-address-family
Task 6.3:
♦
BB1
router bgp 57
no synchronization
bgp log-neighbor-changes
network 10.12.1.0 mask 255.255.255.0
redistribute connected metric 2
redistribute static metric 2
neighbor 10.12.1.2 remote-as 65001
neighbor 10.12.1.2 description to AS65001-SP1-PE2
neighbor 10.12.1.2 default-originate
neighbor 10.12.1.2 password iementor
no auto-summary
PE2
Task 6.4:
PE2
CE8
interface FastEthernet0/0.82
description to PE2 - VLAN 82
encapsulation dot1Q 82
ip address 10.82.1.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
!
router ospf 100
router-id 8.8.8.8
log-adjacency-changes detail
area 0 authentication message-digest
network 8.8.8.0 0.0.0.255 area 0
network 10.82.1.0 0.0.0.255 area 0
CE8-RACK1#ping 156.46.22.1
Task 6.5:
PE3
CE2
interface Ethernet0/0.23
encapsulation dot1Q 23
ip address 10.23.1.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 iementor
no snmp trap link-status
!
interface Ethernet0/0.24
encapsulation dot1Q 24
no snmp trap link-status
!
router eigrp 100
redistribute static metric 1544 255 255 255 1500
network 10.23.1.0 0.0.0.255
no auto-summary
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Null0
Task 6.6:
ASBR1
ASBR2
Task 6.7:
hostname RR1-RACK1
!
!
ip cef
no ip domain lookup
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
!
interface Loopback0
ip address 10.1.1.254 255.255.255.255
!
interface Loopback55
ip address 55.55.55.55 255.255.255.0
!
interface Ethernet0/0
no ip address
full-duplex
!
interface Ethernet0/0.20
description to PE2 -VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.254 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf priority 255
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching ip
no snmp trap link-status
ip rsvp bandwidth
!
interface Ethernet0/0.30
description to PE3 -VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.254 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf priority 255
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching ip
no snmp trap link-status
ip rsvp bandwidth
!
router ospf 100
router-id 10.1.1.254
log-adjacency-changes
area 0 authentication message-digest
redistribute connected metric 2 subnets route-map loopback
hostname PE1-RACK1
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Loopback11
description BGP Loopback
ip address 11.11.11.11 255.255.255.0
!
interface FastEthernet0/0
description to PE3 VLAN31
ip address 172.16.13.1 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
speed 100
full-duplex
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching mtu 9216
tag-switching ip
!
interface Serial0/0
description to Inter-AS ASBR1
no ip address
encapsulation frame-relay
no keepalive
!
interface Serial0/0.101 multipoint
description to Inter-AS ASBR1 ISIS
ip address 172.16.222.1 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
ip ospf network point-to-point
tag-switching ip
frame-relay map ip 172.16.222.1 201 broadcast
frame-relay map ip 172.16.222.2 201 broadcast
no frame-relay inverse-arp
!
interface FastEthernet0/1
description to PE2 VLAN21
ip address 172.16.12.1 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
speed 100
full-duplex
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching mtu 9216
tag-switching ip
!
interface ATM1/0
no ip address
no atm ilmi-keepalive
!
interface ATM1/0.100 point-to-point
ip vrf forwarding iementor
ip address 140.100.1.2 255.255.255.0
pvc 1/100
protocol ip 140.100.1.1 broadcast
encapsulation aal5snap
!
router ospf 100
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng interface Loopback0 area 0
router-id 10.1.1.1
max-metric router-lsa on-startup wait-for-bgp
log-adjacency-changes detail
area 0 authentication message-digest
area 13 authentication message-digest
area 13 virtual-link 10.1.1.100 message-digest-key 1 md5 iementor
network 10.1.1.1 0.0.0.0 area 0
network 172.16.12.0 0.0.0.255 area 0
network 172.16.13.0 0.0.0.255 area 13
network 172.16.222.0 0.0.0.255 area 13
!
router bgp 65001
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
network 11.11.11.0 mask 255.255.255.0
neighbor 10.1.1.100 remote-as 100
neighbor 10.1.1.100 ebgp-multihop 2
neighbor 10.1.1.100 update-source Loopback0
neighbor 10.1.1.254 remote-as 65001
neighbor 10.1.1.254 update-source Loopback0
neighbor 10.1.1.254 password iementor
neighbor 172.16.222.2 remote-as 100
no auto-summary
!
address-family vpnv4
neighbor 10.1.1.100 activate
neighbor 10.1.1.100 send-community extended
neighbor 10.1.1.254 activate
neighbor 10.1.1.254 send-community extended
exit-address-family
!
address-family ipv4 vrf iementor
redistribute connected
neighbor 140.100.1.1 remote-as 22
neighbor 140.100.1.1 password iementor
neighbor 140.100.1.1 activate
no auto-summary
no synchronization
exit-address-family
hostname PE2-RACK1
!
ip cef
no ip domain lookup
ip vrf green
rd 200:200
route-target export 200:200
route-target import 200:200
!
ip multicast-routing
mpls label protocol ldp
mpls ldp loop-detection
tag-switching tdp router-id Loopback0
!
!
key chain iementor
key 6727
key-string iementorlab
!
!
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
ip pim sparse-dense-mode
!
interface Loopback22
description BGP Loopback
ip address 22.22.22.22 255.255.255.0
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.20
description to RR - VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.2 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
mpls traffic-eng tunnels
tag-switching ip
no snmp trap link-status
ip rsvp bandwidth
!
interface Ethernet0/0.21
description to PE1 - VLAN 21
encapsulation dot1Q 21
ip address 172.16.12.2 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
mpls traffic-eng tunnels
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.82
description to CE8 -VLAN 82 VPN Green Site 2
encapsulation dot1Q 82
ip vrf forwarding green
ip address 10.82.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.123
description to PE3 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.2 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/1
description to BB1-RACK1
ip vrf forwarding green
ip address 10.12.1.2 255.255.255.0
full-duplex
!
router ospf 100
router-id 172.16.123.2
log-adjacency-changes detail
area 0 authentication message-digest
area 123 authentication message-digest
area 123 virtual-link 172.16.123.3 message-digest-key 1 md5 iementor
redistribute connected subnets route-map connected
network 10.1.1.2 0.0.0.0 area 0
network 172.16.12.0 0.0.0.255 area 0
network 172.16.20.0 0.0.0.255 area 0
network 172.16.123.0 0.0.0.255 area 123
!
router ospf 10 vrf green
log-adjacency-changes detail
area 0 authentication message-digest
redistribute bgp 65001 metric 1 metric-type 1 subnets
network 10.82.1.0 0.0.0.255 area 0
default-information originate always
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
neighbor 10.1.1.254 remote-as 65001
neighbor 10.1.1.254 update-source Loopback0
neighbor 10.1.1.254 password iementor
no auto-summary
!
address-family vpnv4
neighbor 10.1.1.254 activate
neighbor 10.1.1.254 send-community extended
exit-address-family
!
address-family ipv4 vrf green
redistribute connected metric 2
redistribute ospf 10 metric 2 match internal external 1 external 2
neighbor 10.12.1.1 remote-as 57
neighbor 10.12.1.1 password iementor
neighbor 10.12.1.1 activate
neighbor 10.12.1.1 distribute-list 111 in
no auto-summary
no synchronization
exit-address-family
!
!
ip prefix-list BB3-allowed seq 5 permit 156.46.1.0/24
access-list 111 permit ip 0.0.0.0 255.255.255.0 host 255.255.255.0 log
access-list 111 permit ip host 0.0.0.0 host 0.0.0.0 log
hostname PE3-RACK1
!
!
ip cef
no ip domain lookup
ip vrf iementor
rd 100:100
route-target export 100:100
route-target import 100:100
!
ip vrf solaris
rd 300:300
route-target export 300:300
route-target import 300:300
!
tag-switching ip
!
interface Ethernet0/0.66
description to Manage VPN's
encapsulation dot1Q 66
no snmp trap link-status
!
interface Ethernet0/0.67
description to Manage IGP Core
encapsulation dot1Q 67
ip address 192.168.2.3 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.123
description to PE2 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.3 255.255.255.0
ip pim sparse-dense-mode
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
mpls traffic-eng tunnels
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/1
no ip address
half-duplex
!
router eigrp 100
auto-summary
!
address-family ipv4 vrf solaris
redistribute bgp 65001 metric 1500 255 255 255 1500
network 10.23.1.0 0.0.0.255
auto-summary
autonomous-system 100
exit-address-family
!
router ospf 100
router-id 172.16.123.3
log-adjacency-changes detail
area 0 authentication message-digest
area 13 authentication message-digest
area 123 authentication message-digest
area 123 virtual-link 172.16.123.2 message-digest-key 1 md5 iementor
network 10.1.1.3 0.0.0.0 area 0
network 172.16.13.0 0.0.0.255 area 13
network 172.16.30.0 0.0.0.255 area 0
network 172.16.123.0 0.0.0.255 area 123
!
router rip
version 2
!
address-family ipv4 vrf iementor
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
neighbor 10.1.1.254 remote-as 65001
neighbor 10.1.1.254 update-source Loopback0
neighbor 10.1.1.254 password iementor
no auto-summary
!
address-family vpnv4
neighbor 10.1.1.254 activate
neighbor 10.1.1.254 send-community extended
exit-address-family
!
address-family ipv4 vrf solaris
redistribute connected metric 2
redistribute static metric 10
redistribute eigrp 100 metric 10
default-information originate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf iementor
no auto-summary
no synchronization
exit-address-family
!
ip http server
ip classless
ip route vrf solaris 0.0.0.0 0.0.0.0 10.23.1.1
hostname PE4-RACK1
!
ip cef
no ip domain lookup
ip vrf solaris
rd 300:300
route-target export 300:300
route-target import 300:300
!
mpls label protocol tdp
tag-switching tdp router-id Loopback0 force
!
interface Loopback0
ip address 10.1.1.4 255.255.255.255
ip ospf network point-to-point
!
interface Loopback44
no auto-summary
no synchronization
exit-address-family
!
ip http server
ip classless
ip route vrf solaris 6.6.6.0 255.255.255.0 172.16.60.6
hostname ASBR1-RACK1
!
ip cef
no ip domain lookup
mpls label protocol ldp
mpls ldp loop-detection
tag-switching tdp router-id Loopback0 force
tag-switching atm maxhops 10
!
!
key chain iementor
key 6727
key-string iementorlab
!
!
!
interface Loopback0
ip address 10.1.1.100 255.255.255.255
ip ospf network point-to-point
!
interface Ethernet0/0
no ip address
ip accounting output-packets
half-duplex
!
interface Serial0/0
description to ASBR2-RACK1
ip address 172.16.113.1 255.255.255.0
encapsulation ppp
clock rate 256000
no fair-queue
!
interface Ethernet0/1
no ip address
half-duplex
!
interface Serial0/1
description to ASBR2-RACK1
ip address 172.16.114.1 255.255.255.0
ip pim sparse-dense-mode
encapsulation ppp
!
interface Serial0/2
description to PE1-RACK1 ISIS
ip address 172.16.222.2 255.255.255.0
encapsulation frame-relay
hostname ASBR2-RACK1
!
ip cef
no ip domain lookup
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
key chain iementor
key 6727
key-string iementorlab
!
interface Loopback0
ip address 10.1.1.200 255.255.255.255
!
interface Ethernet0/0
description TO PE4 - VLAN 240
ip address 172.16.240.1 255.255.255.0
half-duplex
mpls label protocol ldp
tag-switching ip
!
interface Serial0/0
description to ASBR1-RACK1
ip address 172.16.113.2 255.255.255.0
encapsulation ppp
no fair-queue
!
interface Serial0/1
description to ASBR1-RACK1
ip address 172.16.114.2 255.255.255.0
encapsulation ppp
clock rate 115200
!
router ospf 100
router-id 10.1.1.200
no compatible rfc1583
ignore lsa mospf
log-adjacency-changes detail
area 1 nssa default-information-originate
timers pacing flood 65
redistribute static metric 2 subnets
network 10.1.1.200 0.0.0.0 area 1
network 172.16.240.0 0.0.0.255 area 1
!
router bgp 200
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.1.1.4 remote-as 65002
neighbor 10.1.1.4 ebgp-multihop 2
neighbor 10.1.1.4 password iementor
neighbor 10.1.1.4 update-source Loopback0
neighbor 172.16.113.1 remote-as 100
neighbor 172.16.114.1 remote-as 100
!
address-family ipv4
neighbor 10.1.1.4 activate
neighbor 172.16.113.1 activate
neighbor 172.16.113.1 send-label
neighbor 172.16.114.1 activate
no auto-summary
no synchronization
network 172.16.113.0 mask 255.255.255.0
network 172.16.240.0 mask 255.255.255.0
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community extended
neighbor 172.16.114.1 activate
neighbor 172.16.114.1 send-community extended
exit-address-family
Task 7.1:
PE4
PE2
Task 7.2:
Task 7.3:
router bgp 57
no synchronization
bgp log-neighbor-changes
network 10.12.1.0 mask 255.255.255.0
redistribute connected metric 2
redistribute static metric 2
neighbor 10.12.1.2 remote-as 65001
neighbor 10.12.1.2 description to AS65001-SP1-PE2
neighbor 10.12.1.2 default-originate
neighbor 10.12.1.2 password iementor
no auto-summary
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Null0
ip route 10.0.0.0 255.0.0.0 Null0
ip route 172.16.0.0 255.255.0.0 Null0
ip route 192.168.1.0 255.255.255.0 Null0
Task 8.1:
interface Serial0/2/0
ip address 192.168.11.2 255.255.255.252
encapsulation frame-relay
frame-relay traffic-shaping
frame-relay interface-dlci 111
class FRTS
frame-relay lmi-type ansi
Task 8.2:
Task 8.3:
interface Loopback999
ip address 9.9.9.9 255.255.255.255
!
interface Serial0/0
description to ASBR2-RACK1
ip address 172.16.113.1 255.255.255.0
clock rate 2000000
no fair-queue
!
interface Serial0/1
description to ASBR2-RACK1
ip address 172.16.114.1 255.255.255.0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 9.9.9.9 mask 255.255.255.255
network 172.16.113.0 mask 255.255.255.0
network 172.16.114.0 mask 255.255.255.0
redistribute static metric 2
neighbor 8.8.8.8 remote-as 200
neighbor 8.8.8.8 ebgp-multihop 2
neighbor 8.8.8.8 update-source Loopback999
no auto-summary
!
ip http server
ip classless
ip route 8.8.8.8 255.255.255.255 172.16.113.2
ip route 8.8.8.8 255.255.255.255 172.16.114.2
hostname ASBR2-RACK1
!
interface Loopback200
ip address 202.202.202.202 255.255.255.0
!
interface Loopback888
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
description TO PE4 - VLAN 240
ip address 172.16.240.1 255.255.255.0
half-duplex
!
interface Serial0/0
description to ASBR1-RACK1
ip address 172.16.113.2 255.255.255.0
no fair-queue
!
interface Serial0/1
description to ASBR1-RACK1
ip address 172.16.114.2 255.255.255.0
clock rate 115200
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 8.8.8.8 mask 255.255.255.255
network 172.16.113.0 mask 255.255.255.0
network 172.16.114.0 mask 255.255.255.0
network 202.202.202.0
redistribute static metric 2
neighbor 9.9.9.9 remote-as 100
neighbor 9.9.9.9 ebgp-multihop 2
neighbor 9.9.9.9 update-source Loopback888
no auto-summary
!
ip classless
ip route 9.9.9.9 255.255.255.255 172.16.113.1
ip route 9.9.9.9 255.255.255.255 172.16.114.1
Task 9.1:
Task 9.2:
Task 9.3:
Task 9.4:
Task 10.1:
Task 10.2:
Task 10.3:
Task 10.4:
Task 10.5:
Task 10.6:
Task 10.7:
PE1-RACK1
interface Loopback400
ip address 122.46.1.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback401
ip address 122.46.2.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback402
ip address 122.46.3.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback403
ip address 122.46.4.1 255.255.255.0
!
interface ATM1/0
no ip address
atm vc-per-vp 4096
no atm ilmi-keepalive
!
interface ATM1/0.300 tag-switching
mtu 9216
ip address 140.101.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 iementor
tag-switching atm vp-tunnel 3 vci-range 33-65535
tag-switching ip
!
router ospf 100
router-id 122.46.1.1
log-adjacency-changes detail
area 0 authentication message-digest
redistribute connected subnets route-map redcon
network 140.101.1.0 0.0.0.255 area 0
!
access-list 23 permit 122.46.4.0 log
access-list 23 permit 122.46.1.0 log
access-list 23 permit 122.46.2.0 log
access-list 23 permit 122.46.3.0 log
BB2-RACK1#sho ip route os
172.16.0.0/24 is subnetted, 6 subnets
O IA 172.16.222.0 [110/67] via 140.101.1.1, 00:03:27, ATM1/0.300
O 172.16.30.0 [110/24] via 140.101.1.1, 00:03:27, ATM1/0.300
O 172.16.20.0 [110/14] via 140.101.1.1, 00:03:27, ATM1/0.300
O 172.16.12.0 [110/4] via 140.101.1.1, 00:03:27, ATM1/0.300
O IA 172.16.13.0 [110/4] via 140.101.1.1, 00:03:27, ATM1/0.300
O IA 172.16.123.0 [110/14] via 140.101.1.1, 00:03:27, ATM1/0.300
22.0.0.0/24 is subnetted, 1 subnets
O E2 22.22.22.0 [110/20] via 140.101.1.1, 00:03:27, ATM1/0.300
10.0.0.0/32 is subnetted, 5 subnets
O 10.1.1.2 [110/5] via 140.101.1.1, 00:03:27, ATM1/0.300
O 10.1.1.3 [110/15] via 140.101.1.1, 00:03:27, ATM1/0.300
O 10.1.1.1 [110/4] via 140.101.1.1, 00:03:27, ATM1/0.300
O IA 10.1.1.100 [110/68] via 140.101.1.1, 00:03:27, ATM1/0.300
O E2 10.1.1.254 [110/2] via 140.101.1.1, 00:03:27, ATM1/0.300