Guia de laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking

Advanced Enterprise Networking Technical Labs

- 1 -

Lab1: Layer 3 Switching

LAB1: LAYER 3 SWITCHING ........................................................................................................... - 1 -1.1 OVERVIEW .................................................................................................................................................................................... - 1 -1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 3 -1.4 EQUIPMENT .................................................................................................................................................................................. - 4 -1.5 LAB PURPOSE ................................................................................................................................................................................ - 5 -1.6 PROCEDURES ................................................................................................................................................................................ - 5 -

Mission1 Configure basic IP configuration on the Chassis Switches ...................................................................................... - 5 -Mission2 Configure VLANs and OSPF on the Chassis Switches ............................................................................................. - 6 -Mission3 Configure Access Switches ....................................................................................................................................... - 9 -Mission4 Configure VRRP ...................................................................................................................................................... - 11 -Mission5 Types of VLANs ...................................................................................................................................................... - 12 -Mission6 Prep for Network Management .............................................................................................................................. - 13 -

1.1 Overview In this lab exercise, you will: Configure Layer 3 connectivity on all chassis and Access Switches Understand the basic operation of Layer 3 and Comware


- 2 -

1.2 Networking Diagram

Figure 1-1

Figure 1-2


- 3 -

1.3 IP Addressing Scheme

Device Interface IP Address

POD#1 Chassis #1 Loopback 0 1.1.1.1/32

Vlan 99 10.10.1.1/24 Vlan 31 10.10.31.1/24 Vlan 10 10.1.10.1/24 Vlan 11 10.1.11.1/24

Chassis #2 Loopback 0 1.1.1.2/32 Vlan 99 10.10.1.2/24 Vlan 12 10.10.12.2/24 Vlan 10 10.1.10.2/24 Vlan 11 10.1.11.2/24

58x0 #1 Vlan 10 10.1.10.10/24 58x0 #2 Vlan 10 10.1.10.11/24

PC 1 Plugged into VLAN x 10.1.x.100/24 Gateway 10.1.x.254 PC 2 Plugged into VLAN x 10.1.x.101/24 Gateway 10.1.x.254

IMC Server Plugged into VLAN 10 10.1.10.200 POD#2



58x0 #1 Vlan 10 10.2.10.10/24 58x0 #2 Vlan 10 10.2.10.11/24


IMC Server Plugged into VLAN 10 10.2.10.200 POD#3



58x0 #1 Vlan 10 10.3.10.10/24 58x0 #2 Vlan 10 10.3.10.11/24


IMC Server Plugged into VLAN 10 10.3.10.200


- 4 -

1.4 Equipment

Version No. Description

S750xE 5.20 E6605P01 2 At least 3 slot chassis

S9500E 5.20 R1230 2 At Least 5 Slot Chassis


SD, EB or LEC Modules 3 any MPLS capable

module

S5800/S5820x 5.20 R11109P01 2 Requirement is ability to

build IRF 2 stack

Client 2 Client for test

Note that the cards and versions may not be exactly the same as your lab environment. When that is the case, please adjust the parameters to fit your lab. Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to fulfill the labs.


- 5 -

1.5 Lab purpose Configure Layer 3 switching, and related features, on the provided network.

1.6 Procedures

Mission1Configure basic IP configuration on the Chassis Switches

Step1Login to the Chassis switch through the serial port

Step2Ensure that all switches are running the same software version [PODxx]display version Step3Ensure that all switches have no active configurations system [PODxx]reset saved-configuration [PODxx]quit reboot system [H3C]sysname PODxxC1 (xx = POD: 00, 01, 02, 03 and C1 becomes C2 for Chassis #2) Step4Configure telnet for this switch. [PODxxC1]local-user admin [PODxxC1]password simple admin [PODxxC1]authorization-attribute level 3 [PODxxC1]service-type terminal telnet [PODxxC1]quit [PODxxC1]user-interface vty 0 4 [PODxxC1]authentication-mode scheme [PODxxC1]quit [PODxxC1]telnet server enable Step5Save the configuration and set as the startup config on all swiches: [PODxxC1]quit save l3.cfg startup saved-configuration l3.cfg Repeat for Chassis #2


- 6 -

Mission2Configure VLANs and OSPF on the Chassis Switches

Step1login to the switch through the serial port

Step2Configure VLAN Interfaces for Chassis 1: Configure Chassis #1 to Chassis #2 Connection VLAN 99 and IP Address system [PODxxC1]vlan 99 [PODxxC1]port Ten-GigabitEthernet2/0/1 [PODxxC1-vlan102]quit [PODxxC1]interface vlan-interface 99 [PODxxC1-Vlan-interface99]ip address 10.10.x.1 24 (where x is the POD number) [PODxxC1-Vlan-interface99]quit Configure Pod-to-Pod VLAN where:

- yy=12 for connection from Pod #1 to Pod #2 - yy=23 for connection from Pod #2 to Pod #3 - yy=31 for connection from Pod #3 to Pod #1

[PODxxC1]vlan yy [PODxxC1]port GigabitEthernet3/0/1 [PODxxC1-vlan102]quit [PODxxC1]interface vlan-interface yy [PODxxC1-Vlan-interface12]ip address 10.10.yy.1 24 [PODxxC1-Vlan-interface12]quit Create VLAN 10 and assign IP address [PODxxC1]vlan 10 [PODxxC1-vlan102]quit [PODxxC1]interface vlan-interface 10 [PODxxC1-Vlan-interface100]ip address 10.x.10.1 24 [PODxxC1-Vlan-interface100]quit Create VLAN 11 and assign IP address [PODxxC1]vlan 11 [PODxxC1-vlan101]quit [PODxxC1]interface vlan-interface 11 [PODxxC1-Vlan-interface101]ip address 10.x.11.1 24 [PODxxC1-Vlan-interface101]quit Configure uplink ports from access switches to Chassis as trunk ports and allow local VLANs: [PODxxC1]interface Ten-GigabitEthernet 2/0/2 [PODxxC1-GigabitEthernet1/0/24]port link-type trunk [PODxxC1-GigabitEthernet1/0/24]port trunk permit vlan 10 11 [PODxxC1-GigabitEthernet1/0/24]quit

Step3Configure OSPF for Chassis 1: [PODxxC1]interface loopback 0 [PODxxC1-LoopBack0]ip address x.x.x.1 32 (where x is the POD number) [PODxxC1-LoopBack0]quit Enable OSPF on Chassis #1 [PODxxC1]ospf [PODxxC1-ospf-1]area 0 [PODxxC1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [PODxxC1-ospf-1-area-0.0.0.0]network x.x.x.1 0.0.0.0 [PODxxC1-ospf-1-area-0.0.0.0]quit


- 7 -

[PODxxC1-ospf-1]opaque-capability enable [PODxxC1-ospf-1]graceful-restart ietf [PODxxC1-ospf-1]quit Step4Save the configuration and set as the startup config on all switches [PODxxC1]quit save l3.cfg startup saved-configuration l3.cfg Step5Configure VLAN Interfaces for Chassis #2

Configure Chassis #2 to Chassis #1 Connection VLAN 99 and IP Address system [PODxxC2]vlan 99 [PODxxC2]port Ten-GigabitEthernet2/0/1 [PODxxC2-vlan99]quit [PODxxC2]interface vlan-interface 99 [PODxxC2-Vlan-interface99]ip address 10.10.x.2 24 (where x is the POD number) [PODxxC2-Vlan-interface99]quit Configure Pod-to-Pod VLAN [PODxxC2]vlan yy [PODxxC2]port GigabitEthernet3/0/1 [PODxxC2-vlanyy]quit [PODxxC2]interface vlan-interface yy [PODxxC2-Vlan-interfaceyy]ip address 10.10.yy.2 24 [PODxxC2-Vlan-interfaceyy]quit (Where yy is the Pod-to-Pod VLAN from the table/diagram above) Create VLAN 10 and assign IP address [PODxxC2]vlan 10 [PODxxC2-vlan10]quit [PODxxC2]interface vlan-interface 10 [PODxxC2-Vlan-interface10]ip address 10.x.10.2 24 [PODxxC1-Vlan-interface100]quit Create VLAN 11 and assign IP address [PODxxC2]vlan 11 [PODxxC2-vlan11]quit [PODxxC2]interface vlan-interface 11 [PODxxC2-Vlan-interface11]ip address 10.x.11.2 24 [PODxxC2-Vlan-interface11]quit Configure uplink ports from access switches to Chassis as trunk ports and allow local VLANs: [PODxxC2]interface Ten-GigabitEthernet 2/0/2 [PODxxC2-GigabitEthernet1/0/2]port link-type trunk [PODxxC2-GigabitEthernet1/0/2]port trunk permit vlan 10 11 [PODxxC2-GigabitEthernet1/0/2]quit Configure OSPF for switch Chassis Switch 2: [PODxxC2]interface loopback 0 [PODxxC2-LoopBack0]ip address x.x.x.2 32 (where x is the POD number) [PODxxC2-LoopBack0]quit Enable OSPF on Chassis #2 [PODxxC2]ospf [PODxxC2-ospf-1]area 0 [PODxxC2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [PODxxC2-ospf-1-area-0.0.0.0]network x.x.x.2 0.0.0.0


- 8 -

[PODxxC2-ospf-1-area-0.0.0.0]quit [PODxxC2-ospf-1]opaque-capability enable [PODxxC2-ospf-1]graceful-restart ietf [PODxxC2-ospf-1-area-0.0.0.0]quit [PODxxC2-ospf-1]quit

Step6Save the configuration and set as the startup config on all switches [PODxxC2]quit save l3.cfg startup saved-configuration l3.cfg Before continuing with the lab, ensure that you have a fully operational OSPF environment. Verify the adjacencies and routing tables and verify whether you are able to ping all the loopback addresses. [PODxxC1]display ospf peer verbose [PODxxC1]disp ip routing-table


- 9 -

Mission3Configure Access Switches

Step1Login to the Access switch #1 through the serial port

Step2Ensure that all switches are running the same software version [PODxx]display version Step3Ensure that all switches have no active configurations [PODxx]reset saved-configuration [PODxx]quit reboot system [H3C]sysname PODxxA1 (xx = POD: 00, 01, 02, 03 and A1 becomes A2 for Switch #2, etc) Step4Configure telnet for this switch. [PODxxA1]local-user admin [PODxxA1]password simple admin [PODxxA1]authorization-attribute level 3 [PODxxA1]service-type terminal telnet [PODxxA1]quit [PODxxA1]user-interface vty 0 4 [PODxxA1]authentication-mode scheme [PODxxA1]quit [PODxxA1]telnet server enable Step5Save the configuration and set as the startup config on all switches [PODxxA1]quit save l3.cfg startup saved-configuration l3.cfg Step6Configure IP Address for Access Switches : Configure Access #1 Switch IP Address for VLAN 10 [PODxxA1]vlan 10 [PODxxA1-vlan10]quit [PODxxA1]interface vlan-interface 10 [PODxxA1-Vlan-interface10]ip address 10.x.10.10 24 (where x is the POD number) [PODxxA1-Vlan-interface10]quit Create VLAN 11 [PODxxC1]vlan 11 [PODxxC1-vlan11]quit

Step7Configure uplink ports from access switch #1 to Chassis as a trunk port and allow local VLANs: [PODxxA1]interface Ten-GigabitEthernet 1/0/25 (Or 1/0/1 or the S5820x-28S) [PODxxA1-GigabitEthernet1/0/25]port link-type trunk [PODxxA1-GigabitEthernet1/0/25]port trunk permit vlan 10 11 [PODxxA1-GigabitEthernet1/0/25]quit Configure link between Access switches and allow local VLANs [PODxxA1]interface Ten-GigabitEthernet 1/0/28 (Or 1/0/24 on the S5820x-28S) [PODxxA1-TenGigabitEthernet1/0/28]port link-type trunk [PODxxA1-TenGigabitEthernet1/0/28]port trunk permit vlan 10 11 [PODxxA1-TenGigabitEthernet1/0/28]quit


- 10 -

Step8Place GigabitEthernet 1/0/1 on VLAN 10 [PODxxA1]interface GigabitEthernet 1/0/1 [PODxxA1-GigabitEthernet1/0/1]port access vlan 10 [PODxxA1-GigabitEthernet1/0/1]quit

Step9Configure Default Gateway on Access Switch #1 [PODxxA1]ip route-static 0.0.0.0 0.0.0.0 10.x.10.254

Step10Save the configuration and set as the startup config on all switches [PODxxA1]quit save l3.cfg startup saved-configuration l3.cfg

Step11Configure Access #2 Switch IP Address for VLAN 10 [PODxxA2]vlan 10 [PODxxA2-vlan10]quit [PODxxA2]interface vlan-interface 10 [PODxxA2-Vlan-interface10]ip address 10.x.10.11 24 [PODxxA2-Vlan-interface10]quit

Create VLAN 11 [PODxxA2]vlan 11 [PODxxA2-vlan11]quit

Step12Configure uplink ports from access switch #2 to Chassis #2 as a trunk port and allow local VLANs: [PODxxA2]interface Ten-GigabitEthernet 1/0/25 (Or 1/0/1 for the S5820x-28S) [PODxxA2-GigabitEthernet1/0/25]port link-type trunk [PODxxA2-GigabitEthernet1/0/25]port trunk permit vlan 10 11 [PODxxA2-GigabitEthernet1/0/25]quit Configure link between Access switches and allow local VLANs [PODxxA2]interface Ten-GigabitEthernet 1/0/28 (Or 1/0/24 for the S5820x-28S) [PODxxA2-TenGigabitEthernet1/0/28]port link-type trunk [PODxxA2-TenGigabitEthernet1/0/28]port trunk permit vlan 10 11 [PODxxA2-TenGigabitEthernet1/0/28]quit

Step13Place GigabitEthernet 1/0/1 on VLAN 10 [PODxxA2]interface GigabitEthernet 1/0/1 (Or 1/0/25 for the S5820x-28S) [PODxxA2-GigabitEthernet1/0/1]port access vlan 10 [PODxxA2-GigabitEthernet1/0/1]quit

Step14Configure Default Gateway on Access Switch #2 [PODxxA2]ip route-static 0.0.0.0 0.0.0.0 10.x.10.254

Step15Save the configuration and set as the startup config on all switches [PODxxA2]quit save l3.cfg startup saved-configuration l3.cfg

Connect switches as shown in the diagran and verify connectivity from each access switch port GigabitEthernet 1/0/1 to the VLAN 10 IP Address of each Chassis Switch.


- 11 -

Mission4Configure VRRP

Step1Configure VRRP between Chassis switches On Chassis #1 [PODxxC1]interface vlan-interface 10 [PODxxC1-Vlan-interface10]vrrp vrid 1 virtual-ip 10.x.10.254 [PODxxC1-Vlan-interface10]vrrp vrid 1 priority 110 [PODxxC1-Vlan-interface10]quit [PODxxC1]interface vlan-interface 11 [PODxxC1-Vlan-interface11]vrrp vrid 2 virtual-ip 10.x.11.254 [PODxxC1-Vlan-interface11]quit On Chassis #2 [PODxxC2]interface vlan-interface 10 [PODxxC2-Vlan-interface10]vrrp vrid 1 virtual-ip 10.x.10.254 [PODxxC2-Vlan-interface10]quit [PODxxC2]interface vlan-interface 11 [PODxxC2-Vlan-interface11]vrrp vrid 2 virtual-ip 10.x.11.254 [PODxxC2-Vlan-interface12]vrrp vrid 2 priority 110 [PODxxC2-Vlan-interface11]quit Verify that you can ping the Virtual address created in the last step.

Step2Save the configuration and set as the startup config on all switches [PODxxC1]quit save l3.cfg startup saved-configuration l3.cfg


- 12 -

Mission5Types of VLANs

Step1Use MAC-Based VLANs: On your associated Access switch, associate the MAC address of Client 1 (xxxx-xxxx-xxxx) with VLAN 10 and Client 2 (yyyy-yyyy-yyyy) with VLAN 11.

Step2Use ipconfig /all on your Windows Clients to determine your MAC address.

Step3Enable MAC-based VLANs on GigabitEthernet 1/0/2 [PODxxA1]mac-vlan mac-address xxxx-xxxx-xxxx vlan 10 [PODxxA1]mac-vlan mac-address yyyy-yyyy-yyyy vlan 11 [PODxxA1]interface GigabitEthernet 1/0/2 [PODxxA1-GigabitEthernet1/0/2]port link-type hybrid [PODxxA1-GigabitEthernet1/0/2]port hybrid vlan 10 11 untagged [PODxxA1-GigabitEthernet1/0/2]mac-vlan enable [PODxxA1-GigabitEthernet1/0/2]quit You should see that the client with the appropriate MAC Addresses are automatically assigned to the assigned VLAN.

Step4Use IP Subnet-Based VLANs: On your associated Access switch, associate subnets for VLAN 10 and 11 Enable IP Subnet based VLANs on GigabitEthernet 1/0/3 [PODxxA1]vlan 10 [PODxxA1]ip-subnet-vlan ip 10.x.10.0 255.255.255.0 [PODxxA1]quit [PODxxA1]vlan 11 [PODxxA1]ip-subnet-vlan ip 10.x.11.0 255.255.255.0 [PODxxA1]quit [PODxxA1]interface GigabitEthernet 1/0/3 [PODxxA1-GigabitEthernet1/0/3]port link-type hybrid [PODxxA1-GigabitEthernet1/0/3]port hybrid vlan 10 11 untagged [PODxxA1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 10 [PODxxA1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 11 [PODxxA1-GigabitEthernet1/0/3]quit Configure your clients to be on one or the other VLAN subnets. You should see that the client(s) with the appropriate IP subnet configured are automatically assigned to the assigned VLAN when plugged into that port.


- 13 -

Mission6Prep for Network Management

Step1Enable SNMP on each switch. [PODxxC1]snmp-agent sys-info version v1 v2c [PODxxC1]snmp-agent community read public [PODxxC1]snmp-agent community write private

Step2Enable SNMP traps on the switch. [PODxxC1]snmp-agent trap enable [PODxxC1]snmp-agent target-host trap address udp-domain 10.x.10.200 upd-port 5000 params securityname public

Step3Enable SNMP operation logging on the switch. [PODxxC1]terminal monitor [PODxxC1]terminal logging [PODxxC1]info-center source snmp channel console log level informational [PODxxC1]snmp-agent log get-operation [PODxxC1]snmp-agent log set-operation

Step4Enable logging on the switch. [PODxxC1]info-center enable [PODxxC1]info-center loghost 10.x.10.200 channel loghost facility local4 [PODxxC1]info-center source default channel loghost debug state off log state off trap state off

Step5Enable sflow on the switch. [PODxxC1]sflow agent ip 10.x.10.yyy (IP Address of the switch) [PODxxC1]sflow collector ip 10.x.10.200 [PODxxC1]interface GigabitEthernet1/0/1 [PODxxC1-Gig-Ethernet1/0/23]sflow enable inbound [PODxxC1-Gig-Ethernet1/0/23]sflow enable outbound [PODxxC1-Gig-Ethernet1/0/23]sflow sampling-rate 1000

Repeat for all switches in your pod.


- 1 -

Lab2: IRF

LAB2: IRF ............................................................................................................................................. - 1 -1.1 OVERVIEW .................................................................................................................................................................................... - 1 -1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 4 -1.4 EQUIPMENT .................................................................................................................................................................................. - 5 -1.5 LAB PURPOSE ................................................................................................................................................................................ - 6 -1.6 PROCEDURES ................................................................................................................................................................................ - 6 -

Mission1 Configure IRF on the S5800/S5820x ....................................................................................................................... - 6 -Mission2 Configure IRF on the S12500/S9500E/S7500E ....................................................................................................... - 8 -Mission3 Verify IRF Operation .............................................................................................................................................. - 13 -

1.1 Overview In this lab exercise, you will:

Configure IRF on a S12500/S9500E/S7500E and S5800/S5820x

Understand the operation of IRF Before starting this lab please use the following commands

reset saved-reconfiguration reboot


- 2 -


Figure 1-1


- 3 -

Figure 1-2


- 4 -

1.3 IP Addressing Scheme for IRF


PODA 7500 Pair Loopback 0 1.1.1.1/32 7500 Pair Vlan 10 10.1.10.254/24 5800 Pair Vlan 10 10.1.10.10/24


IMC Server Plugged into VLAN 10 10.1.10.200 PODB

7500 Pair Loopback 0 2.2.2.1/32 7500 Vlan 10 10.2.10.254/24

5800 Pair Vlan 10 10.2.10.10/24 PC 1 Plugged into VLAN x 10.2.x.100/24 Gateway 10.2.x.254 PC 2 Plugged into VLAN x 10.2.x.101/24 Gateway 10.2.x.254

IMC Server Plugged into VLAN 10 10.2.10.200 PODC

7500 Pair Loopback 0 3.3.3.1/32 7500 Pair Vlan 10 10.3.10.254/24 5800 Pair Vlan 10 10.3.10.10/24


IMC Server Plugged into VLAN 10 10.3.10.200


- 5 -

1.4 Equipment





SD, EB or LEC Modules 3 any MPLS capable

module


build IRF 2 stack




- 6 -

1.5 Lab purpose Establish full IRF redundancy.

1.6 Procedures

Mission1Configure IRF on the S5800/S5820x

Step1Login to the switch through the console port

Step2Ensure that both switches are running the same software version [PODxyz]display version

Step3Reset the configuration of the switches. reset saved-configuration reboot

Step4Assign a unit number to each S5800. The unit number is based on the z designation of your switch1 or 2. For unit 2: [H3C]irf member 1 renumber 2 (x is current unit number)

Step5Save the configuration and reboot the switches [H3C]quit save irf.cfg startup saved-configuration irf.cfg reboot

Step6Setting priority on Master S5800. For unit 1: [H3C]irf member 1 priority 32

Step7Shutdown the 10 Gbps port that will form the IRF (T1/0/25) For Unit 1: [H3C]int TenGigabitEthernet 1/0/25 [H3C-Ten-GigabitEthernet1/0/25]shutdown [H3C]int TenGigabitEthernet 1/0/26 [H3C-Ten-GigabitEthernet1/0/25]shutdown For Unit 2: [H3C]int TenGigabitEthernet 2/0/25 [H3C-Ten-GigabitEthernet2/0/25]shutdown [H3C]int TenGigabitEthernet 2/0/26 [H3C-Ten-GigabitEthernet2/0/25]shutdown

Step8Assign the 10 Gbps port to an IRF port group On Unit 1: [H3C]irf-port 1/1 [H3C-irf-port]port group interface TenGigabitEthernet 1/0/25


- 7 -

[H3C-irf-port]port group interface TenGigabitEthernet 1/0/26 [H3C-irf-port]quit On Unit 2: [H3C]irf-port 2/2 [H3C-irf-port]port group interface TenGigabitEthernet 2/0/25 [H3C-irf-port]port group interface TenGigabitEthernet 2/0/26 [H3C-irf-port]quit

Step9Connect the cables to the 2 5800

Step10Enable the 10 Gbps ports that will form the IRF (on both switches) On unit 1: [H3C]int TenGigabitEthernet 1/0/25 [H3C-Ten-GigabitEthernet1/0/25]undo shutdown [H3C]int TenGigabitEthernet 1/0/26 [H3C-Ten-GigabitEthernet1/0/25]undo shutdown On unit 2: [H3C]int TenGigabitEthernet 2/0/25 [H3C-Ten-GigabitEthernet2/0/25]undo shutdown [H3C]int TenGigabitEthernet 2/0/26 [H3C-Ten-GigabitEthernet2/0/25]undo shutdown

Step11Activate the IRF Port Configuration [H3C]irf-port-configuration active

Step12Save the configuration [PODxyz]quit save

Step13Connect the 2 cables into Tengig ports 25 and 26.

The secondary switch (unit 2) should now reboot automatically.

Step14The IRF stack should now be formed. Verify IRF operation [H3C]display irf [H3C]display irf configuration [H3C]display irf topology [H3C]display devices

Step15Rename the IRF Access-PODx, where x is your pod letter (A, B, C)

[H3C]sysname Access-PODx

Step16On the master, assign IP addresses to VLAN 10 [Access-PODx]vlan 10 [Access-PODx]quit [Access-PODx]interface vlan 10 [Access-PODx -Vlan-interface1]ip address 10.xx.10.10 255.255.255.0 (xx = POD: 01 for PodA, 02 for PodB, 03 for PodC)

Step17On the master, create a dynamic aggregation interface [Access-PODx]interface bridge-aggregation 1 [Access-PODx-bridge-agg-1]link-aggregation mode dynamic


- 8 -

Step18On the master, assign ports to the aggregation interfaces

[Access-PODx]interface gigabitethernet 1/0/11 [Access-PODx-bridge-agg-1]port link-aggregation group 1 [Access-PODx]interface gigabitethernet 1/0/12 [Access-PODx-bridge-agg-1]port link-aggregation group 1 [Access-PODx]interface gigabitethernet 2/0/11 [Access-PODx-bridge-agg-1]port link-aggregation group 1 [Access-PODx]interface gigabitethernet 2/0/12 [Access-PODx-bridge-agg-1]port link-aggregation group 1

Step19On the bridge aggregation, enable trunking and allow all VLANs on the aggregation interface. [Access-PODx-bridge-agg-1]interface bridge-aggregation 1 [Access-PODx-bridge-agg-1]port link-type trunk [Access-PODx-bridge-agg-1]port trunk permit vlan all

Step20On the master, configure the access ports VLAN membership on both Access switches (you can connect your PC to this).

[Access-PODx]interface gigabitethernet 1/0/1 [Access-PODx]port access vlan 10 [Access-PODx]interface gigabitethernet 2/0/1 [Access-PODx]port access vlan 10

Step21Before continuing, verify that all partners5800 and 7500E switcheshave completed the IRF configuration. If this has been accomplished, then, on the master 5800 switch, disable STP.

[Access-PODx]undo stp enable

Step22Save the configuration [PODxyz]quit save

Mission2Configure IRF on the S12500/S9500E/S7500E

Step1Login into the switch through the console port

Step2Ensure that both switches are running the same software version [H3C]display version

Step3Reset the configuration of the switches. reset saved-configuration reboot

Step4Set the 2 Chassis to operate in IRF mode. The chassis will be rebooted automatically.

]chassis convert mode irf


- 9 -

Step5Assign IRF priority 32 to Chassis 1 to make it the master For unit 1:

[H3C]irf member 1 priority 32 Save the configuration under irf.cfg name. Youve to do it on both Master and Slave SRPUs.

[H3C]quit save irf.cfg save chassis1#slot1#flash:/irf.cfg startup saved-configuration irf.cfg

Step6Renumber chassis 2 as member 2. (It started as Member 1 in its own IRF)

For unit 2:

[H3C]irf member 1 renumber 2

Save the configuration under irf.cfg name. Youve to do it on both Master and Slave SRPUs.

[H3C]quit save irf.cfg save chassis1#slot1#flash:/irf.cfg startup saved-configuration irf.cfg reboot

Step7Shutdown the 10 Gbps ports that will form the IRF For Unit 1: [H3C]int Ten-GigabitEthernet 1/2/0/1 [H3C-Ten-GigabitEthernet1/2/0/1] shutdown [H3C]int Ten-GigabitEthernet 1/2/0/2 [H3C-Ten-GigabitEthernet1/2/0/1] shutdown For Unit 2: [H3C]int Ten-GigabitEthernet 2/2/0/1 [H3C-Ten-GigabitEthernet2/2/0/1] shutdown [H3C]int Ten-GigabitEthernet 2/2/0/2 [H3C-Ten-GigabitEthernet1/2/0/1]shutdown

Step8Assign the 10 Gbps ports to an IRF port group On Unit 1: [H3C]irf-port 1/1 [H3C-irf-port]port group interface ten-gigabitethetnet 1/2/0/1 [H3C-irf-port]port group interface ten-gigabitethetnet 1/2/0/2 [H3C-irf-port]quit On Unit 2: [H3C]irf-port 2/2 [H3C-irf-port]port group interface ten-gigabitethetnet 2/2/0/1 [H3C-irf-port]port group interface ten-gigabitethetnet 2/2/0/2 [H3C-irf-port]quit

Step9Enable the 10 Gbps ports that will form the IRF For Unit 1: [H3C]int Ten-GigabitEthernet 1/2/0/1


- 10 -

[H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown [H3C]int Ten-GigabitEthernet 1/2/0/1 [H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown For Unit 2: [H3C]int Ten-GigabitEthernet 2/2/0/1 [H3C-Ten-GigabitEthernet2/2/0/1]undo shutdown [H3C]int Ten-GigabitEthernet 2/2/0/2 [H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown

Step10 Save the configuration [H3C]quit save

Step11Cable the IRF ports of the two switches. You get a message on both chassis.

On chassis 1 (Master) a message mentions the IRF Merge but does not require a reboot

On the Chassis 2 (Slave) it should now request to reboot.

Step12Reboot the Slave switch reboot

Step13The IRF stack should now be formed. Verify IRF operation [H3C]display irf [H3C]display irf configuration [H3C]display irf topology Also try the followings: [H3C]display device [H3C]display version

Step14Rename the IRF Core-PODx, where x is your pod letter (A, B, C)

[H3C]sysname Core-PODx

Step15On the master, create Loopback 0 and assign IP address [H3C]interface loopback 0 [Core-PODx-Vlan-interface1]ip address xx.xx.xx.1 32 (x = POD: PodA will use 1, PodB will use 2, and PodC will use 3)


- 11 -

Step16On the master, create VLAN 10 and assign IP addresses to the VLANs [Core-PODx]vlan 10 [Core-PODx]quit [Core-PODx]interface vlan 10 [Core-PODx-Vlan-interface1]ip address 10.xx.10.254 255.255.255.0 (x = POD: 1 for PodA, 2 for PodB, 3 for PodC)

Step17On the master, create a dynamic aggregation interface [Core-PODx]interface bridge-aggregation 1 [Core-PODx-int-br-1]link-aggregation mode dynamic

Step18On the master, configure trunk ports and assign ports to the aggregation interfaces for the interfaces connected between the 5800s and the 7500s.

[Core-PODx]interface gigabitethernet 1/3/0/11 [Core-PODx-int]port link-aggregation group 1 [Core-PODx]interface gigabitethernet 1/3/0/12 [Core-PODx-int]port link-aggregation group 1 [Core-PODx]interface gigabitethernet 2/3/0/11 [Core-PODx-int]port link-aggregation group 1 [Core-PODx]interface gigabitethernet 2/3/0/12 [Core-PODx-int]port link-aggregation group 1

Step19On the master, set the brige aggregation as a VLAN trunk and enable MAD LACP. [Core-PODx]interface bridge-aggregation 1 [Core-PODx-int-br-1]port link-type trunk [Core-PODx-int-br-1]port trunk permit vlan all [Core-PODx-int-br-1]mad enable

Step20On the master, set BFD MAD. First define a dedicated VLAN and assign 2 Gigabit interfaces to it [H3C] vlan 3 [H3C-vlan3] port gigabitethernet 1/3/0/24 [H3C-vlan3] port gigabitethernet 2/3/0/24 [H3C-vlan3] quit

Step21Create VLAN-interface 3 and configure the MAD IP address for the interface. [H3C] interface vlan-interface 3 [H3C-Vlan-interface3] mad bfd enable [H3C-Vlan-interface3] mad ip add 10.x.3.1 24 member 1 [H3C-Vlan-interface3] mad ip add 10.x.3.2 24 member 2 [H3C-Vlan-interface3] quit


- 12 -

Step22C onfigure the access ports VLAN membership on both Core switches (you can connect your PC to this port).

[Core-PODx]interface gigabitethernet 1/0/1 [Core-PODx]port access vlan 10 [Core-PODx]interface gigabitethernet 2/0/1 [Core-PODx]port access vlan 10

Step23Save the configuration [Core-PODx]quit save


- 13 -

Mission3Verify IRF Operation

Step1Connect a PC to each switch and assign a static IP address using the following table: PC1 = 10.x.10.101/24 connected to 7500E master PC2 = 10.x.10.102/24 connected to 7500E slave PC3 = 10.x.10.103/24 connected to 5800 master PC4 = 10.x.10.104/24 connected to 5800 slave xx is the POD ID: (xx = POD: PodA is 01, PodB is 02, and PodC is 03)

Step2Verify connectivity through pingping each of the devices in your IRF grouping. Or use Fping to be able to test ping at the millisecond level. Copy the fping.exe to you c:/Windows folder.

fping can be used which can issue continuous pings with a very small time interval. This will allow a more precise calculation of down time. When the following command is issued for a continuous ping to host a.b.c.d with a time interval of 50 milliseconds and a timeout of 50 milliseconds

C:\> fping 10.X.10.Y c t 50 w 50

Step3Start removing cables, one-at-a-time, ensuring that at least end to end connectivity is maintained): - There should be no or minimal PING loss. - Remove one IRF cable, notice if there are any changes in response. - Remove the whole IRF link between your switch and the corresponding IRF switch (the master and the slave) and notice what happens. - Reconnect the IRF link. Is the IRF self healing? - If not, what actions are required to restore IRF functionality?

Step4Trigger a switchover of the Master Main Board of IRF chassis by issuing command slave switchover or by removing the Main Board (MSU) that is set to Master

Check what board is master with display irf display device

Step5Trigger a switchover of the Master chassis in the IRF chassis by issuing command reboot chassis X or by powering off the Master Chassis

Step6Save the configuration on your switch [Access-PODxyz]quit save

This concludes the IRF lab.


- 1 -

Lab3: RRPP

LAB3: RRPP ......................................................................................................................................... - 1 -1.1 OVERVIEW .................................................................................................................................................................................... - 1 -1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 2 -1.4 EQUIPMENT .................................................................................................................................................................................. - 4 -1.5 LAB PURPOSE ................................................................................................................................................................................ - 5 -1.6 PROCEDURES ................................................................................................................................................................................ - 5 -

Mission1 Configure RRPP between all IRF chassis. ............................................................................................................... - 5 -

1.1 Overview

In this lab exercise, you will:

Configure RRPP Understand the operation of RRPP


- 2 -


Transit

VLANS_IP SubnetsVLAN 10 10.x.10.0/24

PODX_A1 PODX_A2

Ten 2/0/1

Ten 2/0/2 Ten 2/0/2

Ten 1/0/25 Ten 1/0/25

Ten 1/0/26

.2.1

PODX_C1 PODX_C2

X= POD #

1 2

.4.3

RRPP Domain 1

Ring 1

Master Transit

Transit

P

PS

SS

P Primary Ring Port

Secondary Ring Port

PP

SS

Figure 1-1

1.3 IP Addressing Scheme

Before configuring devices in the RRPP lab, youll remove the IRF configuration. Each switch will be an individual member of the Ring. Each pod will create its own ring. In order to test the RRPP fault tolerance and Rapid Recovery functionality with IP nodes, the PC connected to the Ring must be in the same VLAN and in the same IP Subnet.


- 3 -


POD#X

Chassis 1 Vlan 10 10.X.10.1/24

Chassis 2 Vlan 10 10.X.10.2/24

Access 1 Vlan 10 10.X.10.3/24

Access 2 Vlan 10 10.X.10.4/24

PC 1 Plugged into VLAN 10 10.X.10.101/24

PC 2 Plugged into VLAN 10 10.X.10.102/24


- 4 -

1.4 Equipment




build IRF 2 stack




- 5 -

1.5 Lab purpose

Create a main RRPP ring between the Switches.

1.6 Procedures

Mission1Configure RRPP between chassis.

Step1Disconnect cables from previous lab

Step2login to the Chassis switch through the serial port or by Telnet

Step3Remove IRF and all configuration on the Chassis undo chassis convert mode reset saved-config reboot

Step4Reset configuration on the 5800 switches reset saved-config reboot

Step5Create the appropriate VLANs on all switches system-view [PODxx]vlan 10 [PODxx-vlan10]quit [PODxx]vlan 11 [PODxx-vlan11]quit [PODxx]interface vlan 10 [PODxx-interface-vlan10]quit [PODxx]interface vlan 11 [PODxx-interface-vlan11]quit

Step6Set ALL the ports that will form the RRPP ring as Trunk ports on ALL Switches For example: [PODxx]interface ten-gigabit-ethernet 2/0/X [PODxx-Ten-GigabitEthernet1/3/0/3]port link-type trunk [PODxx-Ten-GigabitEthernet1/3/0/3]port trunk permit vlan all [PODxx-Ten-GigabitEthernet1/3/0/3]quit

Step7Disable STP on ALL the ports that will form the RRPP ring on ALL Switches [PODxx]interface ten-gigabit-ethernet 2/0/X [PODxx-Ten-GigabitEthernet1/3/0/3]link-delay 0 or 2


- 6 -

Note: Minimum Link-delay is 0 on 7500 and 2 on 5800 [PODxx-Ten-GigabitEthernet1/3/0/3]stp disable [PODxx-Ten-GigabitEthernet1/3/0/3]quit

Step8Enable RRPP on ring 1, configure the protected VLAN (required) [PODxx]rrpp domain 1 [PODxx-rrpp]control-vlan 4092 [PODxx-rrpp]protected-vlan reference-instance 0 to 31 [PODxx]quit

Set Chassis 1 as the RRPP Master node, and Chassis 2 as a transit node Before configuring RRPP, do not connect the cables that form the RRPP ring yet. Note down the port numbers on the network diagram that comes with this lab. Configure chassis 1 as the Master Node in Ring 1

[PODxx]rrpp domain 1 [PODxx-rrpp]ring 1 node-mode master primary-port ten-gigabit-ethernet 2/0/1 secondary-port ten-gigabit-ethernet 2/0/2 level 0 [PODxx-rrpp]ring 1 enable [PODxx-rrpp]quit [PODxx]rrpp enable

Configure Chassis 2 as the Transit Node in Ring 1 [PODxx]rrpp domain 1 [PODxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 2/0/2 secondary-port ten-gigabit-ethernet 2/0/1 level 0 [PODxx-rrpp]ring 1 enable [PODxx-rrpp]quit [PODxx]rrpp enable

Step9Set Access Switches 1 and 2 as RRPP Transit nodes Configure Access Switch 1 as the Transit Node in Ring 1

[Accessxx]rrpp domain 1 [Accessxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 1/0/25 secondary-port ten-gigabit-ethernet 1/0/26 level 0 [Accessxx-rrpp]ring 1 enable [Accessxx-rrpp]quit [Accessxx]rrpp enable

Configure Access Switch 2 as the Transit Node in Ring 1 [Accessxx]rrpp domain 1 [Accessxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 1/0/26


- 7 -

secondary-port ten-gigabit-ethernet 1/0/25 level 0 [Accessxx-rrpp]ring 1 enable [Accessxx-rrpp]quit [Accessxx]rrpp enable

Step10Connect the cables to the ports that will form the RRPP ring Verify RRPP status on all switches [PODxx]display rrpp brief [PODxx]display rrpp verbose domain 1 ring 1 Verify connectivity through PING or fping utility on your PC (Copy fping.exe into C:/Windows folder) C:\> fping 10.X.10.Y c t 50 w 50 Use the PCs that are connected throughout the Ring using the IP address space information at the beginning of this document. If connectivity is successful, remove one of the ring connections and verify whether there is loss of information. Verify RRPP status on all switches after you disconnect a link [PODxx]display rrpp brief [PODxx]display rrpp verbose domain 1 ring 1

Step11Save the configuration [PODxx]quit save rrpp.cfg save chassis1#slot1#flash:/rrpp.cfg

startup saved-configuration rrpp.cfg This concludes the RRPP lab.


- 1 -

Lab 4: MCE

LAB 4: MCE ............................................................................................................................................. - 1 -1.1 OVERVIEW ........................................................................................................................................ - 1 -1.2 NETWORKING DIAGRAM ................................................................................................................... - 2 -1.3 EQUIPMENT ....................................................................................................................................... - 4 -1.4 LAB PURPOSE .................................................................................................................................... - 5 -1.5 PROCEDURES..................................................................................................................................... - 5 -

Mission1 Configure IRF 2 on the S5500-EI (already focused in lab 1) ........................................ - 5 -Mission2 Configure VPN instances 1 and 2 on MCE for customers ............................................. - 6 -

1.1 Overview

In this lab exercise, you will:

Configure MCE on two S7500E

Understand the operation of MCE

Use BGP to exchange routes between Instances


- 2 -


Figure 1-1


- 3 -

IP Address Design


S7500E Vlan interface 10 192.168.10.1/24

Vlan interface 20 192.168.20.1/24

S5500EI IRF Vlan interface 10 192.168.10.10/24

PC1 VLAN 10 192.168.10.100/24

PC2 VLAN 10 192.168.10.101/24

S7500E Vlan interface 10 192.168.10.2/24

Vlan interface 20 192.168.20.2/24

S5500EI IRF Vlan interface 20 192.168.20.10/24

PC3 VLAN 20 192.168.20.100/24

PC4 VLAN 20 192.168.20.101/24


- 4 -

1.3 Equipment


S750xE 2 At least 3 slot chassis

S7500E Fabric 5.20.E6603P01 2 Switch Fabric

LSQ1GP24TXSD0, 16 x

x, 8 x Combo, 2 x 10 G

SD module

2

Or any other module that

provides access

connectivity

S5500-28C-EI CMW520-R2202 or later 4

Or any other Comware 5

based switch.

Requirement is ability to

build IRF 2 stack

H3C S5500-SI

Loc.Conn.CX4 Cable 4

If Access Switch is based

on S5500-EI

2-Port 10-Gigabit Local

Connection Module 4

If Access Switch is based

on S5500-EI

PC Windows XP SP2 4 PC

Please connect the above devices as shown in figure 1-1.

Note that the cards and versions may not be exactly the same as your lab environment. When that is the case, please adjust the parameters to fit your lab.

Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to fulfill the labs.


- 5 -

1.4 Lab purpose

Separate routing tables for customer A and customer B on the 7500E.

Configure OSPF between MCEs

PCs that exist in the different VLANs should be able to reach each other

1.5 Procedures

Mission1Configure IRF 2 on the S5500-EI (already done in lab 1)

Step1Configure 2 x IRF for the access connectivity

Step2Create VLANs and assign IP addresses to the VLANs Stack 1: [Access-PODxx]vlan 10 [Access-PODxx]interface vlan 10 [Access-PODxx -Vlan-interface10]ip address 192.168.10.10 24 Stack 2: [Access-PODxx]vlan 20 [Access-PODxx]interface vlan 20 [Access-PODxx -Vlan-interface10]ip address 192.168.20.10 24

Step3Create a dynamic aggregation interface Stack1 and Stack 2: [Access-PODxx]interface Bridge-Aggregation 1 [Access-PODxx]port link-type trunk [Access-PODxx]port trunk permit vlan all

Step4Configure trunk ports and assign ports to the aggregation interfaces Stack1 and Stack 2: [Access-PODxx]interface gigabitethernet 1/0/1 (port number is example) [Access-PODxx]port link-aggregation group 1 [Access-PODxx]interface gigabitethernet 1/0/2(port number is example) [Access-PODxx]link-aggregation group 1

Step5Configure the access ports VLAN membership on Access stacks Stack 1: [Access-PODxx]vlan 10 [Access-PODxx]interface gigabitethernet 1/0/10 [Access-PODxx]interface gigabitethernet 2/0/1 (port number is example)


- 6 -

Stack 2: [Access-PODxx]vlan 20 [Access-PODxx]interface gigabitethernet 1/0/10 [Access-PODxx]interface gigabitethernet 2/0/1 (port number is example)

Mission2Configure VPN instances 1 and 2 on MCE for customers

Step1Create the appropriate VLANs on both 7500E chassis system-view [PODxx]sysname PODxx [PODxx]vlan 10 [PODxx]vlan 20

Step2Configure Link Aggregation at the access switches to core conection

MCE 1 [PODxx]interface Bridge-Aggregation 1 [PODxx]port link-type trunk [PODxx]port trunk permit vlan 10

MCE 2 [PODxx]interface Bridge-Aggregation 1 [PODxx]port link-type trunk [PODxx]port trunk permit vlan 20

Step3Assign the VLANs to the ports between the MCEs and to the access switches

MCE1 - [PODxx]interface gigabit-ethernet 1/0/1 (port number is example) [PODxx]port link-aggregation group 1 [PODxx]interface gigabit-ethernet 1/0/2 (port number is example) [PODxx]port link-aggregation group 1

MCE2 - [PODxx]interface gigabit-ethernet 1/0/1 (port number is example) [PODxx]port link-aggregation group 1 [PODxx]interface gigabit-ethernet 1/0/2 (port number is example) [PODxx]port link-aggregation group 1

Step4Assign the VLANs to the ports between the MCEs

MCE1 - [PODxx]interface gigabit-ethernet 1/0/24 (port number is example) [PODxx]port link-type trunk [PODxx]port trunk permit vlan 10 to 20

MCE2 - [PODxx]interface gigabit-ethernet 1/0/24 (port number is example) [PODxx]port link-type trunk [PODxx]port trunk permit vlan 10 to 20


- 7 -

Step5Configure VPN instances 10 and 20 on MCEs

MCE1 - [PODxx]ip vpn-instance 10 [PODxx]route-distinguisher 10:1 [PODxx]ip vpn-instance 20 [PODxx]route-distinguisher 20:1

MCE2 [PODxx]ip vpn-instance 10 [PODxx]route-distinguisher 10:1 [PODxx]ip vpn-instance 20 [PODxx]route-distinguisher 20:1

Step6: Configure VLAN-interfaces 10 and 20 and bind them to VPN 10 and VPN 20 respectively

MCE1 - [PODxx]interface vlan 10 [PODxx]ip binding vpn-instance 10 [PODxx]ip address 192.168.10.1 255.255.255.0 [PODxx]interface vlan 20 [PODxx]ip binding vpn-instance 20 [PODxx]ip address 192.168.20.1 255.255.255.0

MCE2 - [PODxx]interface vlan 10 [PODxx]ip binding vpn-instance 10 [PODxx]ip address 192.168.10.2 255.255.255.0 [PODxx]interface vlan 20 [PODxx]ip binding vpn-instance 20 [PODxx]ip address 192.168.20.2 255.255.255.0


- 8 -

Step7: Configure OSPF for VPN Instances

MCE1 - [PODxx]ospf 10 vpn-instance 10 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.10.0 0.0.0.255 [PODxx]ospf 20 vpn-instance 20 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.20.0 0.0.0.255

MCE2 - [PODxx]ospf 10 vpn-instance 10 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.10.0 0.0.0.255 [PODxx]ospf 20 vpn-instance 20 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.20.0 0.0.0.255

Step8: Configure routing for the edge devices

MCE1 and MCE 2- [PODxx]bgp 65534 [PODxx]ipv4-family vpn-instance 10 [PODxx]import-route direct [PODxx]import-route ospf 10 [PODxx]ipv4-family vpn-instance 20 [PODxx]import-route direct [PODxx]import-route ospf 20

MCE1 and MCE2 - [PODxx]ip vpn-instance 10 [PODxx]vpn-target 10:1 export-extcommunity [PODxx]vpn-target 10:1 20:1 import-extcommunity [PODxx]ip vpn-instance 20 [PODxx]vpn-target 20:1 export-extcommunity [PODxx]vpn-target 20:1 10:1 import-extcommunity

Verify connectivity through PING

PCs in VPN10 should reach PCs in VPN 20.

Display the different routing tables for each VRF Instance on MCE

display ip routing table vpn-instance 10

display ip routing table vpn-instance 20


- 9 -

Step6Save the configuration on all devices [PODxx]quit save mce.cfg startup saved-configuration mce.cfg

This concludes the MCE lab.


- 1 -

Lab5: MPLS L3VPNs and VPLS

LAB5: MPLS L3VPNS AND VPLS .................................................................................................... - 1 -

1.1 OVERVIEW .................................................................................................................................................................................... - 1 - 1.2 LAB PURPOSE ................................................................................................................................................................................ - 1 - 1.3 PROCEDURES ................................................................................................................................................................................ - 1 -

Mission1 Reset Saved Configurations ..................................................................................................................................... - 1 - Mission2 Recable the Lab Topology ........................................................................................................................................ - 2 - Mission3 Assign Basic Configuration: .................................................................................................................................... - 3 - Mission4 Interior Gateway Protocol: ...................................................................................................................................... - 5 - Mission5 MPLS Configuration ................................................................................................................................................ - 6 - Mission6 Customer Connectivity ............................................................................................................................................. - 7 - Pod A Customer Connectivity: .................................................................................................................................................. - 7 - Pod B Customer Connectivity: .................................................................................................................................................. - 8 - Pod C Customer Connectivity: .................................................................................................................................................. - 9 - Mission7 Consider Methods of Distributing Customer Route Information ............................................................................ - 11 - Mission8 Consider Methods of Implementing BGP in the Provider Network ........................................................................ - 11 - Mission9 Configure BGP on the Provider Network: ............................................................................................................. - 14 - Mission10 Share Customer Networks using BGP: ................................................................................................................ - 14 - Mission11 Create MPLS Layer-3 VPNs Create VPN Instances and assign interfaces: ...................................................... - 14 - Mission12 MPLS Layer-3 VPNs Static Routing: ................................................................................................................ - 16 - Mission13 MPLS Layer-3 VPNs MBGP: ............................................................................................................................ - 17 - Mission14 Configuration Examples: ..................................................................................................................................... - 21 - Mission15 Configure VPLS.................................................................................................................................................... - 25 -

1.1 Overview In this lab exercise, you will: Understand the basic operation of MPLS, MPLS L3 VPNs, L2VPNs, and VPLS.

1.2 Lab purpose

1.3 Procedures

Mission1Reset Saved Configurations This Lab will begin by resetting the saved configuration on your four Switches.

Step1Reset the Saved configuration of your Core Switch #1 and Core Switch #2 and reboot: [PODxx]reset saved-configuration [PODxx]reboot Step2Reset the Saved configuration of your Access Switch #1 and Access Switch #2 and reboot: [PODxx]reset saved-configuration [PODxx]reboot


- 2 -

Mission2Recable the Lab Topology

Step1Recable the Lab Topology according to the diagram #1.

T2/0/1

T2/0/2

G1/0/1 G1/0/1

G1/0/1

G1/0/1

G1/0/1

G1/0/1

T2/0/1

T2/0/1

T2/0/1

T2/0/1

G3/0/2G3/0/1

G3/0/2

G3/0/1G3/0/1

G3/0/2

T2/0/3

T2/0/2

T2/0/3 T2/0/2

T2/0/3

Core27506E

Core27506E

Access1S5800

Access1S5800

T2/0/1

Core17506E

Core17506E

Core27506E

Core27506E

Core17506E

Core17506E

Core17506E

Core17506E

Core27506E

Core27506E

Access2S5800

Access2S5800

Access1S5800

Access1S5800

Access2S5800

Access2S5800

Access2S5800

Access2S5800

Access1S5800

Access1S5800

Pod A Pod B

Pod C Diagram # 1.


- 3 -

Mission3Assign Basic Configuration:

Step1Using diagram #2, note the three distinct roles your Switches will serve in this lab.

Core Switch #1 will serve as a Provider router: P router.

Core Switch # 2 will serve as a Provider Edge router: PE router

Both Access Switches will serve as Customer Edge routers, CE routers.

Step2Assign hostnames to your Switches according to this chart: [PODxx]sysname CE-3x enable telnet, tracert, superuser,

Hostnames Pod A Pod B Pod C Core-Switch #1 P-1 P-2 P-3 Core-Switch #2 PE-1 PE-2 PE-3 Access-Switch #1 CE-1A CE-2A CE-3A Access-Switch #2 CE-1B CE-2B CE-3B

Step3Enable telnet, and traceroute on all four of your Switches: [PODxx]sysname Step4Confirm the cabling topology is correct and functional using LLDP protocol. [PODxx]sysname


- 4 -

Step5Create six VLANs and assign interfaces to VLANs as shown in diagram #2. All of these ports should be configured as access ports.

Pod A Pod B Pod C VLAN 11 VLAN 22 VLAN 33 VLAN 101 VLAN 201 VLAN 301 VLAN 102 VLAN 202 VLAN 302 VLAN 161 VLAN 161 VLAN 161 VLAN 162 VLAN 162 VLAN 162

VLAN 163 VLAN 163 VLAN 163

G1/0/1 G1/0/1

G1/0/1G1/0/1

G3/0/2G3/0/1

G3/0/2

G3/0/1G3/0/1

G3/0/2

T2/0/3

T2/0/3 T2/0/2

T2/0/2

T2/0/2T2/0/3

PCore-1

PCore-1

PECore-2PE

Core-2

T2/0/1

T2/0/1

T2/0/1 T2/0/1

T2/0/1

T2/0/1

G1/0/1 G1/0/1

CEAccess-1

CEAccess-1

CEAccess-2

CEAccess-2

CEAccess-1

CEAccess-1

CEAccess-1

CEAccess-1

CEAccess-2

CEAccess-2

CEAccess-2

CEAccess-2

PCore-1

PCore-1

PCore-1

PCore-1

PECore-2PE

Core-2

PECore-2PE

Core-2

Pod A Pod B

Pod C

VLAN 11VLAN 11

VLAN 161VLAN 161

VLAN 163VLAN 163 VLAN 162VLAN 162

VLAN 33VLAN 33

VLAN 202VLAN 202

VLAN 201VLAN 201

VLAN 302VLAN 302VLAN 301VLAN 301

VLAN 101VLAN 101

VLAN 102VLAN 102

VLAN 22VLAN 22

Diagram # 2.


- 5 -

int VLAN 161

OSPFArea 0OSPFArea 016.1.1.2 /30

16.1.1.1 /3016.0.1.1 /30

16.2.2.2 /30

16.2.2.1 /30

16.3.3.1 /3016.3.3.2 /30

16.0.1.2 /30

16.0.3.2 /30

16.0.3.1 /30

16.0.2.1 /30

16.0.2.2 /30

16.0.0.0 /8

Loopback 016.0.0.1Loopback 016.0.0.1

Loopback 016.0.0.11

Loopback 016.0.0.33


Loopback 016.0.0.22


Pod A Pod B

Pod C

int VLAN 163

int VLAN 163 int VLAN 162

int VLAN 161

int VLAN 162

int VLAN 22

int VLAN 22int VLAN 11

int VLAN 11

int VLAN 101int VLAN 101

int VLAN 102

int VLAN 102

int VLAN 201 int VLAN 201

int VLAN 202

int VLAN 202

int VLAN 33

int VLAN 33

int VLAN 301

int VLAN 301

int VLAN 302

int VLAN 302

CE-1ACE-1A

CE-1BCE-1BCE-1B CE-2BCE-2BCE-2B

CE-3BCE-3BCE-3B

CE-2ACE-2A

CE-3ACE-3A

P3P3

P2P2P1P1

PE1PE1

PE3PE3

PE2PE2

Diagram # 3.

Step6On your Provider router (Core Switch #1) create three vlan interfaces and assign IP addresses to these vlan interfaces as shown in diagram #3.

Step7On your Provider-Edge router (Core Switch #2) create three vlan interfaces and assign IP addresses to these vlan interfaces as shown in diagram #3.

Step8On your Customer-Edge routers (Access Switch #1 and Access Switch #2) create one vlan interface on each of these routers as shown in diagram # 3. IP addresses will be assigned to these interfaces later.

Mission4Interior Gateway Protocol:

Step1Create Loopback interface 0 on your Provider router and Provider-Edge router and assign an IP address to this Loopback interface using diagram # 3. Use a /32 mask on this IP address.

Step2Configure the OSPF interior gateway routing protocol on both your Provider routers. Use Loopback 0 as the router ID, and activate OSPF on all interfaces that have been assigned an IP address. All interfaces should belong to OSPF area 0.

Step3Test your OSPF configuration by reviewing your routing tables. Your Provider-Edge router should be able to ping the other two Provider-Edge routers in the classroom. Your Provider-Edge router should be able to ping all three Provider routers.


- 6 -

Mission5MPLS Configuration Configure MPLS on your Provider network.

Step1Configure MPLS on your Provider router and your Provider Edge router. Use the Label Distribution Protocol, LDP, to share and learn MPLS labels from your directly connected neighbors. Choose your Loopback 0 interface as your LDP router-ID.

Step2Confirm that an LDP peer is established between your Provider router and your Provider-Edge router

Step3Confirm that an LDP peer is established between your Provider router and the other two Provider routers.

Step4Review your Label Information Base to ensure your Provider-Edge router has learned labels from your Provider router.

Step5Ping from your Provider-Edge router to the Loopback 0 interface of another Provider-Edge router. This ping should be successful. What label does your PE router push onto this ping? __________.

Step6When this ping is processed by your P router, your P router will replace this label with which label? ____________

Step7When this ping is processed by the next P router, what action will be taken by the next P router? ____________

Step8Ping from your Provider-Edge router to the Loopback 0 interface of the remaining (third) PE router. This ping should be successful. Indentify the set of MPLS labels that are used for this Label Switching Path: ____________.

P3P3

P2P2P1P1

PE1PE1

PE3PE3

PE2PE2LDP

LDP

LDP

LDP

LDP

LDP

AS 100

OSPFArea 0OSPFArea 0

MPLSMPLS

Loopback 016.0.0.1Loopback 016.0.0.1 Loopback 016.0.0.2

Loopback 016.0.0.2



- 7 -

Mission6Customer Connectivity

Pod A Customer Connectivity:

Step1Your Access-Switches will serve as Customer Edge routers.

Step2Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2A.

Step3Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2B.

CE-1A CE-1B PE-2 vlan interface 201.1.1.2 /30 202.1.1.2 /30 CE vlan interface 201.1.1.1 /30 202.1.1.1 /30

Step4 Ensure that you can ping from your PE router to the CE-1A and CE-1B and vice versa.

P1P1

PE1PE1

202.1.1.0 /24202.1.1.0 /24

201.1.1.0 /24201.1.1.0 /24

201.1.1.33 /27

202.1.1.33 /27

CE-1ACE-1ACE-1A

CE-1BCE-1B

201.1.1.65 /27201.1.1.1 /30201.1.1.2 /30

202.1.1.65 /27

202.1.1.2 /30

202.1.1.1 /30

0.0.0.0

0.0.0.0

int VLAN 101

int VLAN 102

Diagram # 4 Pod A

Step5Create two Loopback interfaces on each Customer Edge router to serve as internal Customer networks. If you prefer, use physical interfaces. Assign IP addresses to the two internal Customer networks as follows:

CE-1A CE-1B

Customer LAN interface-1 201.1.1.33 /27 202.1.1.33 /27 Customer LAN interface-2 201.1.1.65 /27 202.1.1.65 /27


- 8 -

Step6Can you ping these two new Loopback interfaces from your PE router? _______ Why not? __________

Step7On your PE router, create a static route to the entire /24 IP address block of Customer A and a static route to the /24 IP address block of Customer B.

Step8Ping from your PE router to both Loopback interfaces of both CE routers. These pings should be successful.

Step9.Confirm that your CE routers can ping the directly connected interface of the PE router. Can your CE routers ping the Loopback 0 interface of the PE router? __________ Why not? __________

Step10Configure a default route on both CE routers. Confirm that your CE routers can ping the Loopback 0 interface of the PE router. Confirm that your CE-A router can ping both Loopback interfaces of CE-B router (and vice versa). These pings should be successful.

Pod B Customer Connectivity:





Step14 Ensure that you can ping from your PE router to the CE-A and CE-B and vice versa.

P2P2

PE2PE2

202.2.2.0 /24202.2.2.0 /24

201.2.2.0 /24201.2.2.0 /24

201.2.2.33 /27

202.2.2.33 /27

CE-2ACE-2ACE-2A

CE-2BCE-2B

201.2.2.65 /27201.2.2.1 /30201.2.2.2 /30

202.2.2.65 /27

202.2.2.2 /30

202.2.2.1 /30

0.0.0.0

0.0.0.0

int VLAN 201

int VLAN 202

Diagram # 4 Pod B


CE-2A CE-2B


- 9 -



Step17On your PE router, create a static route to the entire /24 IP address block of Customer A and a static route to the /24 IP address block of Customer B.




Pod C Customer Connectivity:





Step4 Ensure that you can ping from your PE router to the CE-A and CE-B and vice versa.

P3P3

PE3PE3

202.3.3.0 /24202.3.3.0 /24

201.3.3.0 /24201.3.3.0 /24

201.3.3.33 /27

202.3.3.33 /27

CE-3ACE-3ACE-3A

CE-3BCE-3B

201.3.3.65 /27201.3.3.1 /30201.3.3.2 /30

202.3.3.65 /27

202.3.3.2 /30

202.3.3.1 /30

0.0.0.0

0.0.0.0

int VLAN 301

int VLAN 302

Diagram # 4 Pod C


- 10 -


CE-3A CE-3B



Step7On your PE router, create a static route to the entire /24 IP address block of Customer A and a static router to the /24 IP address block of Customer B.





- 11 -

Mission7Consider Methods of Distributing Customer Route Information

Your PE router now has complete knowledge of both Customer sites, and your PE router can ping the internal Loopback addresses of both Customer sites. However, the other PE routers in the classroom cannot ping your customer sites. Why is this the case? ________ Do the other PE and P routers have a route to your two Customer sites? ___________

Viewing this problem from a different perspective, your PE router cannot ping any other Customer site other than the locally connected site. Most importantly, the Customer Sites cannot ping each other, for it is our primary objective that the Customer site be able to ping each other.

To provide the desired end-to-end connectivity, your two Customer networks must be shared with the routers in the Provider network. Lets consider several methods for sharing your two /24 Customer networks with the other

Method #1 Share routes with the Customer using OSPF and inject the Customer networking into OSPF.

OSPF is designed to function as an interior Gateway Protocol. Injecting Customer prefixes into the Providers IGP will increase the instability of the Provider network. Method # 1 is a bad idea.

Method #2 Import the static routes for each Customer site into OSPF.

Importing routes into OSPF will produces External, type 5 LSAs which will flood thoughout the Autonomous System. It is better to see these Customer networks as external LSAs than internal LSAs as would be the case in Method # 1; however, it would be better to completely eliminate any external customer networks from OSPF. OSPF, the Providers IGP, should include only internal Provider subnets and be free of external routes from foreign networks over which the provider has little control. Method # 2 is better that Method # 1, but still not a good idea.

Method #3 Use BGP, the Border Gateway Protocol, to desiminate the customer prefixes from one PE router to all the other PE routers.

BGP is a much better routing protocol choice to carry external, customer routing information. In fact, BGP is designed as an exterior routing protocol and can carry thousands of external networks. Method # 3 is the best method to share the Customer prefixes from one site to the others.

Mission8Consider Methods of Implementing BGP in the Provider Network Now that we have chosen BGP as the protocol to share the Customer prefixes and provide the desired Customer site-to-site connectivity, lets consider various methods of implementing BGP in our Provider network.

Method #1 Configure a Full-mesh of iBGP on all Provider routers.

BGP Design Method # 1 is shown in diagram # 5.


- 12 -

P3P3

P2P2P1P1

PE3PE3

PE2PE2PE1PE1

iBGP

AS 100


iBGPiBGP

CE-1ACE-1ACE-1A

CE-1BCE-1B CE-2BCE-2B

CE-2ACE-2ACE-2A

202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24

CE-3BCE-3BCE-3ACE-3ACE-3A

201.1.1.0 /24201.1.1.0 /24

202.1.1.0 /24202.1.1.0 /24 202.2.2.0 /24202.2.2.0 /24

201.2.2.0 /24201.2.2.0 /24

Diagram # 5. BGP Design Method # 1 - iBGP Full-Mesh (also known as iBGP Full-Mess) Method # 2 iBGP Full-Mesh with Route-Reflectors

Method # 1, a full-mesh of iBGP on all Provider Routers, will be complicated, difficult to support, and hard to scale. BGP supports the use of Route Reflectors to simplify the iBGP toplogy. Method # 2 identifies the three Provider routers as Route Reflectors with one client each. This topology is much simpler, and more scalable than an iBGP full mesh. Method # 2 is shown in diagram # 6.

P3P3

P2P2P1P1

PE3PE3

PE2PE2PE1PE1

iBGPAS 100

iBGPRoute ReflectorsRoute Reflectors

CE-1ACE-1ACE-1A


CE-2ACE-2ACE-2A

202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24


201.1.1.0 /24201.1.1.0 /24

202.1.1.0 /24202.1.1.0 /24 202.2.2.0 /24202.2.2.0 /24

201.2.2.0 /24201.2.2.0 /24

Diagram # 6. BGP Design Method # 2 - iBGP Full-Mesh with Route Reflectors.


- 13 -

Method # 3 iBGP Removal from Core - Full-Mesh of PE Routers with MPLS One of the benefits of using MPLS in the Provider Network is that iBGP can be removed from the core of the Provider Network; BGP is only necessary on the PE routers. Removing iBGP from the Core of the Provider network will free up resources on the core devices and further simplify the iBGP design. Another advantage of this design is that the Customer devices will no longer have access to the Core of the Provider network. Our objective is to provide Customer site-to-site connectivity. Customer access to the core of the Provider network is not desired. Since MPLS has already been configured in the Provider network, we can take advantage of this and choose Method # 3 as our best method of sharing Customer routes across the provider network. Method # 3, Full mesh of iBGP only on the PE routers, shown in diagram # 7, is our selected method of sharing the customer prefixes from site to site and providing site to site connectivity for both customers. In the next steps, we will proceed to configure BGP following BGP design method # 3.


P3P3

P2P2P1P1

PE3PE3

PE2PE2PE1PE1

iBGP

AS 100

iBGPiBGPMPLSMPLS

CE-1ACE-1ACE-1A


CE-2ACE-2ACE-2A

202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24


201.1.1.0 /24201.1.1.0 /24

202.1.1.0 /24202.1.1.0 /24 202.2.2.0 /24202.2.2.0 /24

201.2.2.0 /24201.2.2.0 /24

Diagram # 7. BGP Design Method # 3 - iBGP Full-Mesh of iBGP on the PE routers only using MPLS.


- 14 -

Mission9Configure BGP on the Provider Network:

Step1Configure an iBGP peer from your PE router to both of the other PE routers. Use Loopback interface 0 as your BGP router-ID.

Step2Use the Loopback interface 0 IP address as the source and destination of all three iBGP sessions.

Step3Confirm that both of your iBGP sessions are established. If not, confirm that you have a /32 OSPF route in your routing table for both of the other PE routers Loopback 0 interface. You should be able to ping the Loopback 0 interface of the PE routers from your PE router.

Mission10Share Customer Networks using BGP:

Step1Import your Static routes to Customer Site A and Customer Site B into BGP on your PE route.

Step2Confirm that the other PE routers see your two Customer networks in their BGP tables.

Step3Ensure that you have achieved site-to-site Customer connectivity for Customer-A by pinging from your CE-A router to the Customer inside networks at the other two Customer A locations.

Step4Ensure that you have achieved site-to-site Customer connectivity for Customer-B by pinging from your CE-B router to the Customer inside networks at the other two Customer B locations

Step5Trace from your Customer CE-A to the internal subnets of both of the other Customer A locations. This trace should show five hops.

Step6Trace from your Customer CE-B to the internal subnets of both of the other Customer B locations. This trace should show five hops.

Step7Confirm that you are label swapping by reviewing the routing table of the P routers. You should find no customer networks in the routing tables of the P routers; yet, customer site-to-site traffic flows through the P routers.

Mission11Create MPLS Layer-3 VPNs Create VPN Instances and assign interfaces:

A logical full-mesh of site-to-site connectivity has now been configured for all locations of Customer-A and Customer-B. However, there is no separation between the Customer-A traffic and the Customer-B traffic. To prove this, ping from your CE-A router to at least one CE-B router. This ping shows that traffic can flow from Customer-A to Customer-B. This traffic flow from one Customer to another is not desired. Each Customer requires private connectivity between their three sites only. To achieve this objective, you will configure two MPLS Layer 3 VPNs. More specifically, you will create the Red VPN for Customer A and the Green VPN for Customer B.


- 15 -

PP

PEPELDP

MP-iBGP

201.1.1.0 /24201.2.2.0 /24202.1.1.0 /24202.2.2.0 /24201.3.3.0 /24202.3.3.0 /24

201.1.1.0 /24201.2.2.0 /24201.3.3.0 /24

202.1.1.0 /24202.2.2.0 /24202.3.3.0 /24

202.3.3.0 /24

201.3.3.0 /24

GreenGreen

RedRed

CE-3BCE-3B

CE-3ACE-3ACE-3A

VPN InstanceRed

VPN InstanceRed

VPN InstanceGreen

VPN InstanceGreen

Route TargetRoute Target

Step1Before beginning this Mission, remove the static route to your Customer site prefix. This will will remove theCustomer networks from the global instance of BGP and disconnect the customer sites. Connectivity will be restored using MPLS Layer-3 VPNs.

=== Customer A ===

Step2Create a VPN instance for each Customer:

Customer VPN Instance Name Route Target Route Distinguisher

Customer A Red 100:201 100:201 Customer B Green 100:202 100:202

.

Step3Display the VPN instance to confirm both the Route Target and the Router Distinguisher are properly set.

Step4Display the routing table for the Red VPN instance. This routing table should exist, but no routes will be found in the table.

Step5Assign the vlan interface that connects to Customer-A to the Red VPN instance.

Step6Confirm that IP address 201.x.0.2 /30 is assigned to this interface. Some vendors remove the IP address from an interface when the interface is assigned to a VPN instance.

Step7Again, review the Red VPN routing table. You should find one directly connected route in the Red routing table.

Step8Connectivity between your Red Customer and your PE router has now been established. Test this connectivity by pinging the PE router from your Red CE router. This ping should be successful.

Step9Test connectivity in the other direction by pinging from your PE router to the directly connected interface of the Customer CE router. This ping should work. Be careful, you must ping from the Red VPN instance!


- 16 -

=== Customer B ===

Step10Create a VPN instance for your Customer on your PE router. The Customer Router will have no knowledge of VPNs or MPLS.

Customer VPN Instance Name Route Target Route Distinguisher

Customer A Red 100:201 100:201 Customer B Green 100:202 100:202

Step11Display the VPN instance to confirm both the Route Target and the Router Distinguisher are properly set.

Step12. Display the routing table for the Green VPN instance. This routing table should exist, but no routes will be found in the table.

Step13Assign the vlan interface that connects to Customer-B to the Green VPN instance.

Step14Confirm that IP address 202.x.0.2 /30 is assigned to this interface. Some vendors remove the IP address from an interface when the interface is assigned to a VPN instance.

Step15Again, review the Green VPN routing table. You should find one directly connected route in the Green routing table.

Step16Connectivity between your Green Customer and your PE router has now been established. Test this connectivity by pinging the PE router from your Green CE router. This ping should be successful.

Step17Test connectivity in the other direction by pinging from your PE router to the directly connected interface of the Customer CE router. This ping should work. Be careful, you must ping from the Green VPN instance!

Mission12MPLS Layer-3 VPNs Static Routing: === Customer A ===

Step1Your PE router can ping the directly connected interface of Customer A within the Red VPN instance, but your PE router cannot ping the internal Customer networks because the PE router has no route to these destinations.

Step2Create a static route to the block of IP addresses at your Red Customer site: 201.x.x.0 /24. Be sure to place this static route in the Red VPN instance.

Step3Display the Red VPN routing table. You should find one directly connected route and one static route in the Red routing table.

Step4Ping within the Red VPN from your PE router to the internal interfaces of your Red Customer router. This ping should be successful.

Step5Can you ping the internal interfaces of any other Red CE router?. ______

Step6Can your CE router ping any other Red Customer site? _____


- 17 -

=== Customer B ===

Step7Your PE router can ping the directly connected interface of Customer B within the Green VPN instance, but your PE router cannot ping the internal Customer networks because the PE router has no route to these destinations.

Step8Create a static route to the block of IP addresses at your Green Customer site: 202.x.x.0 /24. Be sure to place this static route in the Green VPN instance.

Step9Display the Green VPN routing table. You should find one directly connected route and one static route in the Green routing table.

Step10Ping within the Green VPN from your PE router to the internal interfaces of your Green Customer router. This ping should be successful.

Step11Can you ping the internal interfaces of any other Green CE router?. ______

Step12Can your CE router ping any other Green Customer site? _____

Mission13MPLS Layer-3 VPNs MBGP: To provide site-to-site connectivity, the routes in your Red VPN routing table must be advertised to the other PE routers. MPBGP will be used to distribute your VPN routes to the other PE routers, and the BGP extended community Route Target will help to place these routes in the proper VPN routing table on the other PE routers.

202.2.2.0 /24202.1.1.0 /24

201.2.2.0 /24201.1.1.0 /24


P3P3

P2P2P1P1

PE2PE2PE1PE1

MP-iBGP

AS 100

MPLSMPLSMP-iBGP MP-iBGP

Loopback 016.0.0.1

Loopback 016.0.0.1

Loopback 016.0.0.2

Loopback 016.0.0.2

Loopback 016.0.0.3

Loopback 016.0.0.3

CE-1ACE-1ACE-1A


CE-2ACE-2ACE-2A

202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24


PE3PE3


- 18 -

=== Customer A ===

Step1Review your configuration of BGP. Notice that two BGP address families have been automatically created.

Step2Create an address family within the BGP process for vpnv4 prefixes. Enable the sharing of vpnv4 prefixes with both your iBGP peers, (the other PE routers).

Step3Share your Red VPN static route with the other PE routers as a vpnv4 route. To do this, import your static route into the Red address family of BGP.

Step4Telnet to another PE router, and display its Red VPN routing table. Ensure your customer prefix is in the routing table.

Step5Test Customer site-to-site connectivity by pinging from your CE-A router to an internal interface of both the other CE-A routers.

Step6When your lab partner has completed this Mission, test the separation of the Red and Green Customer networks by attempting to ping from your Red Customer site into any Green customer site. This ping should not work since no route to the other customer network exists in the PE Red VPN instance.

201.2.2.0 /24201.1.1.0 /24

201.3.3.0 /24

CE-1ACE-1ACE-1A CE-2ACE-2ACE-2A

CE-3ACE-3ACE-3A

=== Customer B ===


- 19 -

Step7Review your configuration of BGP. Notice that two BGP address families have been automatically created.

Step8Create an address family within the BGP process for vpnv4 prefixes. Enable the sharing of vpnv4 prefixes with both your iBGP peers, (the other PE routers).

Step9Share your Green VPN static route with the other PE routers as a vpnv4 route. To do this, import your static route into the Green address family of BGP.

Step10Telnet to another PE router, and display its Green VPN routing table. Ensure your customer prefix is in the routing table.

Step11Test Customer site-to-site connectivity by pinging from your CE-B router to an internal interface of both the other CE-B routers.

Step12When your lab partner has completed this Mission, test the separation of the Red and Green Customer networks by attempting to ping from your Green Customer site into any Red customer site. This ping should not work since no route to the other customer network exists in the PE Green VPN instance.

202.1.1.0 /24

202.3.3.0 /24

202.2.2.0 /24

CE-1BCE-1B

CE-3BCE-3B

CE-2BCE-2B

201.2.2.0 /24201.1.1.0 /24

201.3.3.0 /24

CE-1ACE-1ACE-1A CE-2ACE-2ACE-2A

CE-3ACE-3ACE-3A

202.1.1.0 /24

CE-1BCE-1B

202.3.3.0 /24

CE-3BCE-3B

202.2.2.0 /24

CE-2BCE-2B


- 20 -


- 21 -

Mission14Configuration Examples:

sysname PE-1

telnet server enable

#

#

user-interface vty 0 4

authentication-mode none

user privilege level 3

#

ip ttl-expires enable

ip unreachables enable

#

lldp enable

#

#### VLAN ####

Guia de laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking

Documents

Transcript of Guia de laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking