Labs

Advanced
CCIERouting&Switching
4.0
www.MicronicsTraining.com
NarbikKocharians
CCIE#12410
R&S,Security,SP
VOLI
CCIER&SbyNarbikKocharians
AdvancedCCIER&SWorkBook4.0
2011 NarbikKocharians.Allrightsreserved
Page1 of 87
TableofContent:
Subject
Page
Volume
Topology
VolI
14
51
84
136
156
180
190
217
235
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
242
257
262
267
273
282
297
305
312
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
321
VolI
327
335
340
VolI
VolI
VolI
362
398
407
418
VolI
VolI
VolI
VolI
3560Switching
Lab1 Basic3560configuration I
Lab2 Basic3560configuration II
Lab3ConfiguringTrunks
Lab4ConfiguringEtherChannels
Lab5AdvancedSTPConfiguration
Lab6 MultipleSpanningtree(802.1s)
Lab7ConfiguringPrivateVLANs
Lab8QinQTunneling
Lab9FallbackBridging
Framerelay
Lab1HubnSpokeUsingFrameMapStatements
Lab2HubnSpokeFramerelayPointtopoint
Lab3 MixtureofP2PandMultipoint
Lab4 MultipointFramerelayW/OFramemaps
Lab5FramerelayandAuthentication
Lab6FramerelayEndtoEndKeepalives
Lab7TrickyFramerelayConfiguration
Lab8FramerelayMultilinking
Lab9 BacktoBack Framerelayconnection
ODR
Lab1OnDemandRouting
RIPv2
Lab1RIPv2andFramerelay
Lab2RIPv2Authentication
Lab3AdvancedRIPv2MiniMockLab
EIGRP
Lab1Eigrpconfiguration
Lab2AdvancedEigrpStubConfiguration
Lab3Eigrp&Defaultinformation
Lab4EigrpFiltering
Page2 of 87
TableofContent:
Subject
Page
Volume
OSPF
Lab1AdvertisingNetworks
Lab2OptimizationofOSPF&AdjustingTimers
Lab3OSPFAuthentication
Lab4OSPFCost
Lab5OSPFSummarization
Lab6VirtuallinksandGRETunnels
Lab7OSPFStub,T/Stub,andNSSAs
Lab8OSPFFiltering
Lab9AdditionalOSPFFiltering
Lab10RedirectingTrafficinOSPF
Lab11DatabaseOverloadProtection
Lab12OSPFNonBroadcastNetworks
Lab13OSPFBroadcastNetworks
Lab14OSPFPointtoPointNetworks
Lab15OSPFPointtoMultipointNetworks
Lab16OSPFPointtoMultiNetwork II
Lab17OSPFPtoMNonBroadcastNet
Lab18OSPFandNBMA
Lab19ForwardAddressSuppression
Lab20OSPFNSSAnoredistribution&Injection
ofdefaultroutes
427
430
437
462
467
474
484
495
522
531
537
542
551
555
559
566
573
579
588
600
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
609
626
642
657
666
686
702
711
715
719
727
738
746
754
761
778
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
VolI
BGP
Lab1EstablishingNeighborAdjacency
Lab2RouteReflectors
Lab3ConditionalAdv&Backdoor
Lab4RouteDampening
Lab5RouteAggregation
Lab6ThecommunityAttribute
Lab7 BGPCostCommunity
Lab8 BGP&LoadBalancing I
Lab9 BGPLoadBalancingII
Lab10 BGPUnequalCostLoadBalancing
Lab11 BGPLocalPreferenceI
Lab12 BGPLocalPreferenceII
Lab13TheASPathAttribute
Lab14TheWeightAttribute
Lab15 MED
Lab16FilteringUsingACLs&Prefixlists
Page3 of 87
Lab17RegularExpressions
Lab18AdvBGPConfigurations
Lab19AdministrativeDistance
Lab20 BGPConfederation
Lab21 BGPHidingLocalASNumber
Lab22 BGPAllowasin
788
805
816
824
829
837
VolI
VolI
VolI
VolI
VolI
VolI
843
VolI
854
874
890
919
VolI
VolI
VolI
VolI
938
944
951
VolI
VolI
VolI
964
974
VolI
VolI
988
1000
1010
1017
VolI
VolI
VolI
VolI
PolicyBasedRouting
Lab1PBRbasedonSourceIPaddress
Redistribution
Lab1 BasicsofRedistributionI
Lab2 BasicsofRedistributionII
Lab3AdvancedRedistribution
Lab4RoutingLoops
IPSLA
Lab1IPSLA
Lab2ReliableStaticRoutingusingIPSLA
Lab3ReliableConditionalDefaultRoute
InjectionusingIPSLA
Lab4ObjectTrackinginHSRPUsingSLA
Lab5ObjectTracking
GRETunnels
Lab1 BasicConfigurationofGRETunnels
Lab2ConfigurationofGRETunnelsII
Lab3ConfigurationofGRETunnelsIII
Lab4GRE&Recursiveloops
QOS
Lab1 MLSQOS
Lab2DSCPMutation
Lab3DSCPCoSMapping
Lab4CoSDSCPMapping
Lab5IPPrecedenceDSCPMapping
Lab6IndividualratePolicing
Lab7PolicedDSCP
Lab8AggregatePolicer
Lab9PriorityQueuing
Lab10CustomQueuing
Lab11WFQ
Lab12RSVP
Lab13 MatchAccessgroup
Lab14 MatchDestination&SourceAddMAC
Lab15 MatchInputInterface
Lab16 MatchFRde&PacketLength
Lab17 MatchIPPrecedencevs.MatchPrecedence
14
30
38
43
49
54
60
65
70
76
80
84
90
95
101
104
112
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
Page4 of 87
Lab18 MatchProtocolHTTPURL,MIME&Host
Lab19 MatchFrdlci
Lab20FramerelayTrafficShaping
Lab21FramerelayTrafficshapingII
Lab22FramerelayFragmentation
Lab23FramerelayPIPQ
Lab24FramerelayDE
Lab25FramerelayandCompression
Lab26CBWFQ
Lab27CBWFQ II
Lab28ConvertingCustomQueuingtoCBWFQ
Lab29LLQ
Lab30CAR
Lab31ClassBasedPolicingI
Lab32CBPolicingII
Lab33WRED&CBWRED
123
131
135
142
151
155
162
165
178
184
186
189
193
200
210
215
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
221
227
231
234
237
241
244
249
253
258
264
267
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
273
277
286
293
305
312
314
315
317
320
329
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
337
VolII
NAT
Lab1StaticNATConfiguration
Lab2AdvancedStaticNATConfiguration
Lab3Configurationof DynamicNATI
Lab4ConfigurationofDynamicNATII
Lab5ConfigurationofDynamicNATIII
Lab6NATandLoadBalancing
Lab7ConfiguringPAT
Lab8ConfiguringPAR
Lab9ConfiguringStaticNATRedundancyW/HSRP
Lab10StatefulTranslationFailoverWithHSRP
Lab11TranslationoftheOutsideSource
Lab12NATonaStick
IPServices
Lab1DHCPConfiguration
Lab2HSRPConfiguration
Lab3VRRPConfiguration
Lab4GLBPConfiguration
Lab5IRDPConfiguration
Lab6ConfiguringDRP
Lab7ConfiguringWCCP
Lab8CoreDumpUsingFTP
Lab9HTTPConnectionManagement
Lab10ConfigutingNTP
Lab11 MoreIPStuff
IPPrefixList
Lab1PrefixLists
Page5 of 87
IPv6
Lab1ConfiguringBasicIPv6
Lab2ConfiguringOSPFv3
Lab3ConfiguringOSPFv3MultiArea
Lab4SummarizationofInternal&ExternalN/W
Lab5OSPFv3Stub,T/StubandNSSAnetworks
Lab6OSPFv3CostandAutocost
Lab7TunnelingIPv6OverIPv4
Lab8EigrpandIPv6
364
385
394
399
408
420
426
452
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
477
484
488
495
501
505
509
512
522
529
533
535
542
544
546
552
559
566
576
587
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
592
610
628
643
665
687
702
720
730
749
760
767
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
VolII
Security
Lab1 BasicRouterSecurityConfiguration
Lab2StandardNamedAccessList
Lab3ControllingTelnetAccessandSSH
Lab4ExtendedAccessListIPandICMP
Lab5ExtendedAccessListOSPF&Eigrp
Lab6UsingMQCasaFilteringtool
Lab7ExtendedAccessListWithEstablished
Lab8DynamicAccessList
Lab9ReflexiveAccessLists
Lab10Accesslist&TimeRange
Lab11ConfiguringBasicCBAC
Lab12ConfiguringCBAC
Lab13ConfiguringCBAC&JavaBlocking
Lab14ConfiguringPAM
Lab15ConfiguringuRPF
Lab16ConfiguringZoneBasedFirewall
Lab17ControlPlanePolicing
Lab18ConfiguringIOSIPS
Lab19Attacks
Lab20AAAAuthentication
Multicasting
Lab1ConfiguringIGMP
Lab2DenseMode
Lab3StaticRPConfiguration
Lab4AutoRP
Lab5AutoRP Filtering&Listener
Lab6ConfiguringBSR
Lab7ConfiguringMSDP
Lab8AnycastRP
Lab9 MSDP/MPBGP
Lab10ConfiguringSSM
Lab11HelperMap
Lab12 BidirectionalPIM
Page6 of 87
MPLS&L3VPNs
Lab1ConfiguringLabelDistributionProtocol
Lab2Static&RIPv2RoutinginaVPN
Lab3OSPFRoutinginaVPN
Lab4 Backdoorlinks&OSPF
Lab5EigrpRoutinginaVPN
Lab6 BGPRoutinginaVPN
Lab7ComplexVPNsandFilters
785
855
886
905
921
937
954
VolII
VolII
VolII
VolII
VolII
VolII
VolII
Page7 of 87
Page8 of 87
TheSerialconnectionbetweenR1andR3
TheSerialconnectionbetweenR4 andR5
Page9 of 87
FramerelaySwitchconnections
S0 /0
S0/0
R1
S0/0
S0/1
R2
S0/1
S0 /0
S0/2
R3
S0/0
R4
S 0/0
R5
S 0/ 0
R6
S0/3
S1/0
S1/1
S1/2
Page10of87
FramerelayDLCIconnections:
Router
R1
R2
R3
R4
R5
R6
LocalDLCI
102
112
103
104
105
106
201
211
203
204
205
206
301
302
304
305
306
401
402
403
405
406
501
502
503
504
506
601
602
603
604
605
Connectingto:
R2
R2
R3
R4
R5
R6
R1
R1
R3
R4
R5
R6
R1
R2
R4
R5
R6
R1
R2
R3
R5
R6
R1
R2
R3
R4
R6
R1
R2
R3
R4
R5
Page11of87
F0/18
F0/19
F0/20
F0/24
F0/23
F0/23
F0/21
F0/22
SW2
F0/22
F0/21
SW1
F0/24
F0/19
SW3
F0/20
SW4
Page12of87
Lab7
ConfiguringPrivateVLANs
Task1
Thefirstswitchshouldbeconfiguredwithahostnameof SW1andthesecondswitch
shouldbeconfiguredwithahostnameof SW2
OntheFirstSwitch
Switch(config)#HostnameSW1
OntheSecondSwitch
Switch(config)#HostnameSW2
Task2
ShutdownportsF0/2124onSW1andSW2
OnBothSwitches:
SWx(config)#intrangef0/2124
SWx(configifrange)#Shut
Task3
Configuretrunkingbetween SW1andSW2usingportsF0/19andF0/20.Useanindustry
standardtrunkingprotocolforthispurpose.Assignabriefmeaningfuldescriptionto
theseinterfaces.
On SW1
SW1(config)#Interfacerangef0/1920
Page13of87
SW1(configifrange)#Switchtrunkencapdot1q
SW1(configifrange)#Switchmodetrunk
SW1(configifrange)#DescriptionTrunktoSW2
On SW2
SW2(config)#Interfacerangef0/1920
SW2(configifrange)#Switchtrunkencapdot1q
SW2(configifrange)#Switchmodetrunk
SW2(configifrange)#DescriptionTrunktoSW1
Toverifytheconfiguration:
OnSW1
SW1#Showinttrunk
PortMode
EncapsulationStatusNativevlan
Fa0/19on802.1qtrunking1
PortVlansallowedontrunk
Fa0/1914094
Fa0/2014094
PortVlansallowedandactiveinmanagementdomain
Fa0/191
Fa0/201
PortVlansinspanningtreeforwardingstateandnotpruned
Fa0/191
Fa0/20none
OnSW2
SW2#Showinttrunk
PortModeEncapsulationStatusNativevlan
Fa0/1914094
Fa0/2014094
Page14of87
PortVlansallowedandactiveinmanagementdomain
Fa0/19
1
Fa0/201
Fa0/191
Fa0/201
Task4
AssignIPaddressingtotheinterfaceoftheroutersusingthefollowingchartandensure
thattheserouterscanpingeachother:Youshouldassignabriefmeaningfulinterface
descriptionontheswitchports.
Router
R1
R2
R3
R4
R5
R6
BB1
BB2
BB3
Interface
F0/0
F0/0
F0/1
F0/0
F0/1
F0/1
F0/1
F0/0
F0/0
IPaddressandSubnetmask
200.1.1.1/24
200.1.1.2/24
200.1.1.3/24
200.1.1.4/24
200.1.1.5/24
200.1.1.6/24
200.1.1.7/24
200.1.1.8/24
200.1.1.9/24
OnR1
R1(config)#IntF0/0
R1(configif)#Ipaddress200.1.1.1255.255.255.0
R1(configif)#Noshut
OnR2
R2(config)#IntF0/0
R2(configif)#Noshut
OnR3
R3(config)#IntF0/1
Page15of87
R3(configif)#Noshut
OnR4
R4(config)#IntF0/0
R4(configif)#Noshut
OnR5
R5(config)#IntF0/1
R5(configif)#Noshut
OnR6
R6(config)#IntF0/1
R6(configif)#Noshut
OnBB1
BB1(config)#IntF0/1
BB1(configif)#Ipaddress200.1.1.7255.255.255.0
BB1(configif)#Noshut
OnBB2
BB2(config)#intF0/0
BB2(configif)#ipaddress200.1.1.8255.255.255.0
OnBB3
BB3(config)#intF0/0
BB3(configif)#ipaddress200.1.1.9255.255.255.0
OnSW1
SW1(config)#IntF0/1
Page16of87
SW1(configif)#DescriptionR1sF0/0
SW1(config)#IntF0/2
SW1(config)#IntrangeF0/3,F0/59,F0/1218,F0/2124
SW1(configifrange)#Description
SW1(config)#IntF0/4
SW1(config)#IntF0/12
SW1(configif)#DescriptionBB2sF0/0
OnSW2
SW2(config)#IntrangeF0/12,F0/4,F0/1018,F0/2124
SW2(configifrange)#Description
SW2(config)#IntF0/3
SW2(config)#IntF0/5
SW2(config)#IntF0/6
Totestandverifytheconfiguration:
OnR1
R1#Ping200.1.1.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto200.1.1.2,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/2/4ms
Page17of87
R1#Ping200.1.1.3
!!!!!
R1#Ping200.1.1.4
!!!!!
R1#Ping200.1.1.5
!!!!!
R1#Ping200.1.1.6
!!!!!
R1#Ping200.1.1.7
!!!!!
R1#Ping200.1.1.8
!!!!!
R1#Ping200.1.1.9
Page18of87
!!!!!
Task5
ConfiguretheswitchessuchthattheportsthatarenotusedareinAdministrativelydown
state.Useminimumnumberofcommandsforthistask.
OnSW1
SW1(config)#intrangeF0/3,F0/5,F0/10,F0/1418,F0/2124
SW1(configifrange)#Shut
To verifytheconfiguration:
OnSW1
SW1#Shintstatus|IncPort|connected
PortNameStatusVlanDuplexSpeedType
Fa0/1
R1'sF0/0
connected1afulla10010/100BaseTX
Fa0/2
R2'sF0/0
Fa0/4
R4'sF0/0
Fa0/12
BB2'sF0/0
Fa0/13
BB3'sF0/0
connected1
afulla10010/100BaseTX
Fa0/19
TrunktoSW2
connectedtrunkafulla10010/100BaseTX
Fa0/20
TrunktoSW2
OnSW2
SW2(config)#intrangeF0/12,F0/4,F0/810,F0/1218,F0/2124
SW2(configif)#Shut
OnSW2
SW2#Shintstatus|IncPort|connected
Page19of87
PortNameStatusVlanDuplexSpeedType
Fa0/3
R3'sF0/1
Fa0/5
R5'sF0/1
Fa0/6
R6'sF0/1
Fa0/11
BB1'sF0/1
Fa0/19
TrunktoSW1
Fa0/20
TrunktoSW1
Notetheinterfacedescriptioncanbeextremelyhelpful especiallyiftheswitchesareconfiguredin
transparentmode,and/orthetaskasksfortheconfigurationofallowedVLANsonthetrunks.
Task6
ConfigurePrivateVLANsbasedonthefollowingpolicy:
Router
R1
R2
R3
R4
R5
R6
BB1
BB2
BB3
Interface
F0/0
F0/0
F0/1
F0/0
F0/1
F0/1
F0/1
F0/0
F0/0
VLANType
Primary
Community
Community
Community
Community
Isolated
Isolated
Isolated
Isolated
VLANID
10
20
20
30
30
40
40
40
40
PrivateVLANsaretypicallyseeninserviceprovidernetworks,thisfeatureaddressestwomajor
problemsthattheprovidersusedtoface:
1. NumberofClients:IfeveryclientwasinaVLANoftheirown,theprovider
willberestrictedto4094clients,whichisthemaximumnumberofVLANs
onagivenswitch.
2. RoutingbetweenVLANs&IPaddressing:RoutingbetweenVLANswillbea
nightmare,andthenumberofwastedIPaddressesthatresultfrom
Subnettingwillbeenormous.
PrivateVLANssolvesthesetwoissues,withPrivateVLANsaVLANissubdividedintosub
VLANsorsubdomains.
PrivateVLANsconsistofoneprimary,andoneormoresecondaryVLANs,thesecondaryVLANs
Page20of87
canbeeitherCommunityVLANsorIsolatedVLANs.
APrimaryVLANcanhavemanyCommunityVLANs,butitcanONLYhaveaSingleIsolated
VLAN.
PortsinaPrivateVLAN:
TherearethreetypesofportsinPrivateVLANandtheyareasfollows:
1. Promiscuous:ApromiscuousportbelongstotheprimaryVLANthisport
cancommunicatewithallportsthatarememberofasecondaryVLAN/s
(Communityand/orIsolated)thatareassociatedwiththeprimaryVLAN
thatitbelongs.
2. Isolated:Anisolatedportisahostportthatbelongstoanisolatedsecondary
VLAN.ThehostportsthatarememberofagivenIsolatedVLANcanNOT
Communicatewitheachother.TheseportscanONLYcommunicatewiththe
PortconfiguredasPromiscuousport.
3. Community:Acommunityportisahostportthatbelongstoacommunity
SecondaryVLAN.Communityportscancommunicatewithportsinthesame
CommunityVLANandwiththeportthatisconfiguredaspromiscuousports.
TheseportscantCommunicatewithotherportsinotherCommunityVLANs.
OnBothSwitches:
Inordertoconfigureprivatevlans,theswitchesmustbeconfiguredinTransparentmodeas
follows:
SWx(config)#vtpmodetransparent
ThefollowingcommandsconfigurestheprimaryVLAN
SWx(config)#vlan10
SWx(configvlan)#privatevlanprimary
SWx(configvlan)#Exit
ThefollowingtwoVLANsaredefinedasthecommunitysecondaryVLANs,therecouldbemany
communityVLANs:
SWx(config)#vlan20
SWx(configvlan)#privatevlancommunity
SWx(config)#vlan30
Page21of87
SWx(configvlan)#privatevlancommunity
TherecanONLYbeoneisolatedsecondaryVLAN:
SWx(config)#vlan40
SWx(configvlan)#privatevlanisolated
ThefollowingcommandassociatesthesecondaryVLANstotheprimary:
SWx(config)#vlan10
SWx(configvlan)#privatevlanassociationadd20,30,40
OnBothSwitches:
SWx#Showvlanprivatevlan
PrimarySecondaryTypePorts
10
20community
1030community
1040isolated
TheoutputoftheaboveshowcommanddisplaysthesecondaryVLANsthatarecreatedsofarand
theprimaryVLANtowhichtheyareassociated.
OnSW1
ThefollowingcommandsetsF0/1interfaceinpromiscuousmode,assignstheporttoprimary
VLAN10andmapsVLANs20,30and40tothisinterface:
SW1(config)#IntF0/1
SW1(configif)#Switchportmodeprivatevlanpromiscuous
SW1(configif)#Switchportprivatevlanmapping10add20,30,40
TheportsthatbelongtoagivensecondaryVLANmustbeconfiguredinhostmode.Thefollowing
commandsetsF0/2interfaceinahostmode,associatesthisporttoVLAN10(TheprimaryVLAN)
andassignsthisporttoVLAN20whichwasconfiguredasacommunitysecondaryVLANearlier:
SW1(configif)#IntF0/2
SW1(configif)#Switchportmodeprivatevlanhost
SW1(configif)#Switchportprivatevlanhostassociation1020
Page22of87
ThefollowingcommandsetsF0/4interfaceinahostmode,associatesthisporttoVLAN10(The
primaryVLAN)andassignsthisporttoVLAN30whichwasconfiguredasacommunitysecondary
VLANearlier:
SW1(configif)#IntF0/4
SW1(configif)#switchportprivatevlanhostassociation1030
ThefollowingcommandsetsF0/12andF0/13interfacesinahostmode,associatestheseportsto
VLAN10(TheprimaryVLAN)andassignstheseportstoVLAN40whichwasconfiguredasan
isolatedsecondaryVLANearlier:
SW1(config)#IntrangeF0/1213
OnSW1
SW1#Shvlanpri
1020communityFa0/1,Fa0/2
1030communityFa0/1,Fa0/4
1040isolatedFa0/1,Fa0/12,Fa0/13
OnSW2
SW2(config)#IntF0/3
SW2(config)#IntF0/5
SW2(config)#IntrangeF0/6,F0/11
SW2(configif)#switchportprivatevlanhostassociation1040
Page23of87
OnSW2
SW2#Showvlanprivatevlan
1020communityFa0/3
1030communityFa0/5
1040isolatedFa0/6,Fa0/11
Totesttheconfiguration:
OnR1
R1#Ping200.1.1.2
!!!!!
R1#Ping200.1.1.3
!!!!!
R1#Ping200.1.1.4
!!!!!
R1#Ping200.1.1.5
!!!!!
R1#Ping200.1.1.6
Page24of87
!!!!!
R1#Ping200.1.1.7
!!!!!
R1#Ping200.1.1.8
!!!!!
R1#Ping200.1.1.9
!!!!!
NoteR1isabletopingallroutersbecauseitisconfiguredtobeinpromiscuousmode,thisinterface
canbethoughtofasthedefaultgateway.
OnR2
R2#Ping200.1.1.1
!!!!!
R2#Ping200.1.1.3
!!!!!
Page25of87
NoteR2isabletopingR1whichisthe portintheprimaryVLANandR3whichisinthesame
communityVLAN.R2canNOTcommunicatewiththehostsintheothersecondaryVLANs.The
followingverifiesthisinformation:
R2#Ping200.1.1.4
.....
Successrateis0percent(0/5)
R2#Ping200.1.1.5
.....
R2#Ping200.1.1.6
.....
R2#Ping200.1.1.7
.....
R2#Ping200.1.1.8
.....
R2#Ping200.1.1.9
.....
Page26of87
OnR3
R3#Ping200.1.1.1
!!!!!
R3#Ping200.1.1.2
!!!!!
NoteR3isabletopingR1whichistheportinprimaryVLANandtherouterinitsowncommunity
secondaryVLAN,whichisR2.
R3#Ping200.1.1.4
.....
R3#Ping200.1.1.5
.....
R3#Ping200.1.1.6
.....
R3#Ping200.1.1.7
.....
Page27of87
R3#Ping200.1.1.8
.....
R3#Ping200.1.1.9
.....
NoteR3canNOTpingtheotherroutersbecausetheyareinanothersecondaryVLAN.
OnR4
R4#Ping200.1.1.1
!!!!!
R4#Ping200.1.1.5
!!!!!
secondaryVLAN,whichisR5.
R4#Ping200.1.1.2
.....
R4#Ping200.1.1.3
Page28of87
.....
R4#Ping200.1.1.6
.....
R4#Ping200.1.1.7
.....
R4#Ping200.1.1.8
.....
R4#Ping200.1.1.9
.....
OnR5
R5#Ping200.1.1.1
!!!!!
R5#Ping200.1.1.4
Page29of87
!!!!!
secondaryVLAN(R2).
R5#Ping200.1.1.2
.....
R5#Ping200.1.1.3
.....
R5#Ping200.1.1.6
.....
R5#Ping200.1.1.7
.....
R5#Ping200.1.1.8
.....
R5#Ping200.1.1.9
Page30of87
.....
OnR6
R6#Ping200.1.1.1
!!!!!
NoteR6isabletopingR1whichistheportinprimaryVLANbutitcanNOTpinganyother
router,eventhoughBB1,BB2andBB3areinthesameVLAN,butrememberthattheVLANis
definedasisolatedthehostsinisolatedVLANdoNOThavereachabilitytoeachother.
R6#Ping200.1.1.2
.....
R6#Ping200.1.1.3
.....
R6#Ping200.1.1.4
.....
R6#Ping200.1.1.5
Page31of87
.....
R6#Ping200.1.1.7
.....
R6#Ping200.1.1.8
.....
R6#Ping200.1.1.9
.....
OnBB1
BB1#Ping200.1.1.1
!!!!!
NoteBB1isabletopingR1whichistheportinprimaryVLANbutitcanNOTpinganyother
router,eventhoughR6,BB2andBB3areinthesameVLAN,butrememberthattheVLANis
definedasanisolatedsecondaryVLANthehostsinisolatedVLANdoNOThavereachabilityto
eachother.
BB1#Ping200.1.1.2
.....
Page32of87
BB1#Ping200.1.1.3
.....
BB1#Ping200.1.1.4
.....
BB1#Ping200.1.1.5
.....
BB1#Ping200.1.1.6
.....
BB1#Ping200.1.1.8
.....
BB1#Ping200.1.1.9
.....
OnBB2
BB2#Ping200.1.1.1
Page33of87
!!!!!
eachother.
BB2#Ping200.1.1.2
.....
BB2#Ping200.1.1.3
.....
BB2#Ping200.1.1.4
.....
BB2#Ping200.1.1.5
.....
BB2#Ping200.1.1.6
.....
Page34of87
BB2#Ping200.1.1.7
.....
BB2#Ping200.1.1.9
.....
OnBB3
BB3#Ping200.1.1.1
!!!!!
eachother.
BB3#Ping200.1.1.2
.....
BB3#Ping200.1.1.3
.....
BB3#Ping200.1.1.4
Page35of87
.....
BB3#Ping200.1.1.5
.....
BB3#Ping200.1.1.6
.....
BB3#Ping200.1.1.7
.....
BB3#Ping200.1.1.8
.....
Task7
ReconfiguretheIPaddressingofthehoststhatbelongtothetwocommunitysecondary
VLANsbasedonthefollowingchartandprovideInterVlanroutingbetweenthem:The
hostsintheothersecondaryVLANsshouldstillbeabletoreachthehostintheprimary
VLAN.YoucanusestaticroutesandanyIPaddressingtoaccomplishthistask.
Page36of87
Routers/Interface
R2F0/0
R3F0/1
R4F0/0
R5F0/1
IPaddress
202.1.1.2/24
202.1.1.3/24
203.1.1.4/24
203.1.1.5/24
VLANID
20
20
30
30
OnR2
R2(config)#intf0/0
R2(configif)#ipaddr202.1.1.2255.255.255.0
R2(config)#iproute0.0.0.00.0.0.0202.1.1.100
OnR3
R3(config)#intf0/1
R3(config)#iproute0.0.0.00.0.0.0202.1.1.100
OnR4
R4(config)#intf0/0
R4(config)#iproute0.0.0.00.0.0.0203.1.1.100
OnR5
R5(config)#intf0/1
R5(config)#iproute0.0.0.00.0.0.0203.1.1.100
OnSW1
SW1(config)#IProuting
NotetwoIPaddressesareconfiguredunderinterfaceVLAN10,aprimaryandasecondary,the
primaryIPaddressisusedbythehostsinVLAN20andthesecondaryisusedbythehostsin
VLAN30.
ThePrivatevlanmappingcommandmapsthesecondaryVLANstotheirlayer3VLAN
interface,inthiscaseVLAN10whichisthelayer3interfaceoftheprimaryVLAN.
Page37of87
SW1(config)#intvlan10
SW1(configif)#ipaddress202.1.1.100255.255.255.0
SW1(configif)#ipaddress203.1.1.100255.255.255.0sec
SW1(configif)#privatevlanmapping20,30
WiththePrivatevlanmappinginterfaceconfigurationcommand,secondaryVLANscanbe
addedorremovedusingthePrivatevlanmappingadd,orPrivatevlanmappingremove
interfaceconfigurationcommand.Afterthiscommandisentered,youshouldgetthefollowing
messages:
%PV6PV_MSG:Createdaprivatevlanmapping,Primary10,Secondary20
%PV6PV_MSG:Createdaprivatevlanmapping,Primary10,Secondary30
OnSW1
SW1#Showinterfacesprivatevlanmapping
InterfaceSecondaryVLANType
vlan1020community
vlan1030community
OnR2
R2#Ping203.1.1.4
!!!!!
R2#Ping203.1.1.5
!!!!!
OnBB1
Page38of87
BB1#Ping200.1.1.1
!!!!!
Task8
Erasethestartupconfigandreloadtheroutersbeforeproceedingtothenexttask.
Page39of87
Advanced
CCIERouting&Switching
4.0
www.MicronicsTraining.com
NarbikKocharians
CCIE#12410
R&S,Security,SP
Framerelay
Page40of87
Lab1HubnSpokeusingFramerelaymap
statements
R1
R1
10.1.100.1/24 S0/0
104
103
102
201
401
301
10.1.100.4/24
S0/0
S0/0
R4
10.1.100.3/24
10.1.100.2/24
R2
S0/0
R3
IPaddressingandDLCIinformationChart:
Routers
IPaddress
R1sFramerelayinterfaceS0/0
10.1.100.1/24
LocalDLCI
Connectingto:
102
103
104
201
R2
R3
R4
R1
10.1.100.3/24
301
R1
R4sFramerelayinterfaceS0/0 10.1.100.4/24
401
R1
R2sFramerelayinterfaceS0/0 10.1.100.2/24
R3sFramerelayinterfaceS0/0
Page41of87
Task1
ConfigureaframerelayHubandspokeusingframerelaymapstatements.UsetheIP
addressingintheabovechart.
Disableinversearpsuchthattheroutersdonotgenerateinversearprequestpackets,and
ensurethatonlytheassignedDLCIsareusedandmapped,thesemappingsshouldbeas
follows:
OnR1:DLCIs102,103and104shouldbemappedtoR2,R3andR4
respectively.
OnR2,R3andR4:DLCIs201,301and401shouldbeusedonR2,R3andR4
respectivelyfortheirmappingtoR1(Thehub).
InthefutureEigrproutingprotocolwillbeconfiguredontheserouters,ensurethatthe
routerscanhandletheMulticasttrafficgeneratedbytheEigrproutingprotocol.DONOT
configureanysubinterface(s)toaccomplishthistask.
OnR1
R1(config)#IntS0/0
R1(configif)#IPaddress10.1.100.1255.255.255.0
R1(configif)#Encapsulationframe
R1(configif)#Framerelaymapip10.1.100.2102broadcast
R1(configif)#NOframerelayinversearp
R1(configif)#NOshut
OnR1
R1#Showframerelaymap
Serial0/0(up):ip10.1.100.2dlci102(0x66,0x1860),static,
broadcast,
CISCO,statusdefined,inactive
broadcast,
broadcast,
Page42of87
NoteyoumayseeDLCIs105and106mappedto0.0.0.0IPaddress,thesedynamicmappingsmaynot
affectUnicasttraffic,buttheywillaffectMulticastand/orBroadcasttraffic,therefore,theyshouldbe
removedfromthemappingtable.TheclearframerelayinarpcommandwillNOThaveanyeffect
ontheseentries,whereas,savingtheconfigurationandthenreloadingtherouterswilldefinitelyclear
the0.0.0.0mappings.Anotherwaytoclearthe0.0.0.0mappingistoremovetheencapsulationand
reconfiguretheencapsulationbackagain,but oncetheencapsulationisremoved,theframerelay
commandsconfiguredundertheinterfacearealsoremoved.
TheoutputoftheaboveshowcommandshowsthattheDLCIsareallininactive status,this means
thattheproblemisontheothersideoftheVC,inthiscase,theotherendoftheseVCsarenot
configuredyet,andoncetheyareconfigured,thestatusshouldtransitiontoactivestate.
Letsconfigurethespokerouters:
OnR2
R2(config)#IntS0/0
R2(configif)#NOshut
OnR2
Letsstartwithlayeroneandseeifwehaveaserial cableconnectedtotheFramerelayswitch,ifso,
whichendofthecableisconnectedtoourrouter,DTEorDCE?
TheoutputofthefollowingshowcommandshowsthattheDTEend ofthecableisconnectedtoour
localrouter,andtheclocksdetectedtellsusthatwearereceivingclockingfromaDCEdevice.This
shouldalwaysbethefirststepintroubleshootingframerelay.Iftheoutputofthefollowingcommand
showedthatwehavetheDCEendofthecableconnectedtoourrouter,then,thelocalrouterhasto
provideclocking,whichmeansthattheclockratecommandMUSTbeconfiguredorelsetheVCwill
NOTtransitionintoUP/UPstate.
R2#ShowcontrollerS0/0|Incclocks
DTEV.35TXandRXclocksdetected.
Inthenextstep,weshouldseeif thelocalrouterisexchangingLMIswiththeframerelayswitch.
NOTE:KeepaliveLMIsareexchangedevery10seconds,whichmeansthatiftheframerelayswitchis
Page43of87
configuredcorrectlyandtheLMItypesarealsoconfiguredcorrectly(Theymatchonbothends),then,
youshouldseethenumberofstatusEnquiressentandreceivedincrementevery10seconds.
R2#Showframerelaylmi|IncNum
NumStatusEnq.Sent68
NumStatusmsgsRcvd69
NumUpdateStatusRcvd0NumStatusTimeouts0
R2#Showframerelaylmi|IncNum
NumStatusEnq.Sent69
NumStatusmsgsRcvd70
Nexttheframerelaymapsarechecked:
R2#Showframerelaymap201
Serial0/0(up):ip10.1.100.1dlci201(0xC9,0x3090),static,
broadcast,
CISCO,statusdefined,active
NOTE:TheoutputoftheaboveshowcommandrevealsthattheremoteIPaddressof10.1.100.1is
mappedtothelocalDLCIof201. MakesureyouseethecorrectIPaddress.
Intheparanthesis, DLCI201,ispresentedinHexadecimalandQ922format.IftheHexadecimal value
of0xC9isconvertedtodecimal,theresultis201,whichisthelocalDLCInumber.
ThesecondHexadecimalvalueof0x3090,indicateshowtheDLCIissplitintotwosectionswithinthe
FramerelayheaderaDLCIisa10bitdigitandthefirst6bits(Themostsignificant6bits)areinthe
firstbyteandthelast4bitsoftheDLCI,isfoundinthebeginningofthesecondbyteoftheFrame
relayframe,asfollows:
FrameRelayheaderstructure
Noticehowthe10bitsaredivided?6bitsareinthefirstBYTEandtheremaining4bitsareinthe
secondByte.
Ifthehexvalueof0x3090isconvertedtodecimal,youwillonceagainseeaDLCIvalueof201.As
follows:
Page44of87
Convert0x3090toBinary:
3
0011
0
0000
9
1001
0
0000
Takethemostsignificant6bits,inthiscase:001100
Takethemostsignificant4bitsofthesecondbyte,inthiscase:1001
Notethemostsignificant6bitsofthefirstbyteandthemostsignificant4bitsofthesecondbyteare
concatenatedintoa10bitvalue,asfollows:
0011001001
Iftheabovebinarynumber isconvertedtodecimal (1+8+64+128),youshouldget201.
Inthefinalstep,anendtoendreachabilityistested:
R2#Ping10.1.100.1
!!!!!
LetsconfigureR3:
OnR3
R3(config)#IntS0/0
R3(configif)#NOshut
OnR3
R3#Ping10.1.100.1
Page45of87
!!!!!
R3#Showframemap
Serial0/0(up):ip10.1.100.1dlci301(0x12D,0x48D0),static,
broadcast,
LetsconfigureR4:
OnR4
R4(config)#IntS0/0
R4(config)#Ipaddress10.1.100.4255.255.255.0
R4(config)#Encapsulationframe
R4(config)#Framerelaymapip10.1.100.1401broadcast
R4(config)#NOframerelayinversearp
R4(config)#NOshut
OnR4
R4#Ping10.1.100.1
!!!!!
broadcast,
Task2
EnsurethateveryroutercanpingeveryIPaddressconnectedtothecloud.When
configuringthistask,ensurethatthehubrouterdoesNOTreceiveredundantrouting
traffic.
Page46of87
NOTE:EveryIPaddressconnectedtothecloudalsoincludesthelocalroutersIPaddress.Letstest
theexistingsituation:
OnR1
R1#Ping10.1.100.1
.....
ThepingisNOTsuccessful.LetsenabletheDebugFramerelaypacketandtrythepingagain:
R1#DebugFramerelaypacket
FrameRelaypacketdebuggingison
R1#Ping10.1.100.1
Serial0/0:Encapsfailednomapentrylink7(IP).
Letsdisablethedebug:
OnR1
R1#uall
TheoutputoftheabovedebugstatesthatthereisNOmappingandencapsulationfailedbecauseof
that Framerelaycanbeconfiguredintwodifferentways:MultipointandPointtopoint.
ThereisONLYonewaytoconfigureframerelayinapointtopointmanner,andthatsthrougha
pointtopointsubinterfaceconfiguration,whereas,amultipointcanbeconfigurdintwoways:
Performtheentireconfigurationdirectlyunderthemaininterface.
Configureasubinterfaceinamultipointmanner.
Sincetheentireconfigurationwasperformedwithouttheuseofsubinterfaces,thisisamultipoint
Page47of87
interface.Inamultipointframerelayconfiguration,twoconditionsmustbemetbeforeanIPaddress
isreachable:
A. ThedestinationIPaddressmustbeintheroutingtablewithavalidnexthop.
B. Theremustbeaframerelaymappingforthatdestination.
InthiscasethedestinationIPaddressisintheroutingtable,buttheframerelaymappingismissing.
Whenconfiguringtheframerelaymapping,youcanuseanyactiveDLCI:
OnR1
R1(config)#InterfaceS0/0
R1(configif)#Framerelaymapip10.1.100.1102
NOTE:Sincethelocalrouterwill NOTbesendingMulticastorBroadcasttraffictoitself,thereisno
needtoaddthebroadcastkeywordforthisconfiguration.
OnR1
R1#Ping10.1.100.1
!!!!!
LetstestR2sreachability,wealreadyknowthatitneedsaframerelaymaporelseitwillnotbeable
topingitsownIPaddress,letsconfigureoneandtest:
OnR2
R2(config)#IntS0/0
OnR2
R2#Ping10.1.100.2
Page48of87
!!!!!
LetsseeifR2canpingtheotherspokes:
OnR2
R2#Ping10.1.100.3
.....
R2#Ping10.1.100.34
.....
Dowehaveaframerelaymappingsforthesedestinations?Letscheck:
OnR2
broadcast,
NOTE:Therearetwoframerelaymappings,onefor10.1.100.2andthesecondoneisfor10.1.100.1IP
addresses.Letsaddtwomoreframerelaymappings,onefor10.1.100.3andthesecondonefor
10.1.100.4:
OnR2
R2(config)#IntS0/0
Page49of87
Therearetwopointsthatyouneedtoremember:
a. ThedestinationIPaddressmustbeintheroutingtablewithavalidnexthop.
b. Theremustbeaframerelaymappingforthatdestination.
OnR2
R2#Ping10.1.100.3
.....
LetsturnontheDebugFramerelaypacketandpingagainandseetheresult:
OnR2
R2#Debframepack
FrameRelaypacketdebuggingison
R2#Ping10.1.100.3
Serial0/0(o):dlci201(0x3091),pkttype0x800(IP),datagramsize104.
Itseemslikethelocalrouter(R2)issendingthepacketsout,letsenablethesamedebuggingonR3and
seetheresult:
OnR2
R2#Ping10.1.100.3
Page50of87
.....
OnR3
Serial0/0(i):dlci301(0x48D1),pkttype0x800,datagramsize104
Serial0/0:Encapsfailednomapentrylink7(IP)
ItlookslikeR3ismissingframerelaymapbacktoR2.LetsconfigureaframerelaymaponR3for
R2andtestagain:
OnR3
R3(config)#IntS0/0
OnR2
R2#Ping10.1.100.3
!!!!!
Perfect..LetsdothesameonR4.
OnR4
R4(config)#IntS0/0
OnR2
R2#Ping10.1.100.4
Page51of87
!!!!!
Whenconfiguringtheframerelaymappingfromonespoketoanotherspoke,thebroadcast
keywordshouldnotbeused,ifthiskeywordisused,thehubrouterwillreceiveredundantrouting
traffic.ThiscanbeverifiedbyrunningRIPv2andperformingadebugipripcommandonthehub
router.
Task3
ConfiguretherouterssuchthattheLMIstatusinquiriesaresentevery5secondsandFull
StatusLMIrequestsaresentevery3cyclesinsteadof6.
BydefaultframerelayroutersgenerateLMIStatusinquiriesevery10seconds,andafullstatus
inquiryevery6th cycle(Every60seconds).Theintervalforstatusinquiriescanbechangedusingthe
Keepalivecommand,whereas,theFramerelaylmin391dtecommandcanbeusedtochangethe
intervalforthecompletestatusinquiries.
NOTE:Theoutputofthefollowingdebugcommandrevealsthestatusinquiriesandfullstatus
inquiries:
OnR1
R1#Debugframelmi
Serial0/0(out):StEnq,myseq125,yourseen124,DTEup
datagramstart=0x3F401ED4,datagramsize=14
FRencap=0x00010308
00759501010103027D7C
Serial0/0(in):Status,myseq125,paksize14
RTIE1,length1,type1
KAIE3,length2,yourseq125,myseq125
datagramstart=0x3F6B0294,datagramsize=14
FRencap=0x00010308
407:00759501010103027E7D
RTIE1,length1,type1
Page52of87
datagramstart=0x3F400C14,datagramsize=14
FRencap=0x00010308
00759501010103027F7E
RTIE1,length1,type1
datagramstart=0x3F6AF394,datagramsize=14
FRencap=0x00010308
0075950101010302807F
RTIE1,length1,type1
datagramstart=0x3F644ED4,datagramsize=14
FRencap=0x00010308
00759501010103028180
RTIE1,length1,type1
datagramstart=0x3F6B03D4,datagramsize=14
FRencap=0x00010308
00759501010003028281
RTIE1,length1,type0
PVCIE0x7,length0x3,dlci102,status0x2
Notethestatusinquiriesaresentevery10seconds,thesemessagesaretype1s,whereas,thecomplete
statusinquiriesaregeneratedbythelocalrouterevery6th cycle,thesemessagearetype0messages,
andwhentheframerelayswitchreceivesthesemessagesitrespondswithalltheDLCIsthatare
Page53of87
configuredforthatgivenrouter.
Tochangethesetimers:
Onallrouters
Rx(config)#InterfaceS0/0
Rx(configif)#Keepalive5
Rx(configif)#Framerelaylmin391dte3
Rx#DebugframeLMI
*Nov2420:13:52.411:Serial0/0(out):StEnq,myseq221,yourseen220,DTEup
*Nov2420:13:52.411:datagramstart=0x3F6AEFD4,datagramsize=14
*Nov2420:13:52.411:FRencap=0x00010308
*Nov2420:13:52.411:0075950101010302DDDC
*Nov2420:13:52.415:Serial0/0(in):Status,myseq221,paksize14
*Nov2420:13:52.415:RTIE1,length1,type1
*Nov2420:13:52.415:KAIE3,length2,yourseq221,myseq221
*Nov2420:13:57.411:datagramstart=0x3F400D54,datagramsize=14
*Nov2420:13:57.411:FRencap=0x00010308
*Nov2420:13:57.411:0075950101010302DEDD
*Nov2420:14:02.411:datagramstart=0x3F6AF394,datagramsize=14
*Nov2420:14:02.411:FRencap=0x00010308
*Nov2420:14:02.411:0075950101000302DFDE
*Nov2420:14:02.423:PVCIE0x7,length0x3,dlci102,status0x2
Noteinitiallytherouterandtheframerelayswitchexchangetwotype1inquiries,andthethird
Page54of87
messagethatthelocalroutergeneratesisatype0messageswhichtellstheswitchtorespondwithall
theDLCIs.
Task4
Erasethestartupconfigurationandreloadtheroutersbeforeproceedingtothenextlab.
Page55of87
Lab9BacktoBack Framerelayconnection
IPaddressing:
Router
R1
Interface/IPaddress
S0/1=200.1.1.1/24
DLCIassignment
113
R3
S0/1=200.1.1.3/24
113
Task1
ConfigureFramerelaybetweenR1andR3,youshouldusetheIPaddress,interfaceand
theDLCIsprovidedintheIPAddressingtableabove.
Inthisscenariowedonothaveaframerelayswitchconnectingtherouterstheseroutersare
connectedbacktobackusingaDTE DCEserialcable.TherouterthatisconnectedtotheDCE
sideshouldprovidetheclockingusingtheClockrateinterfaceconfigurationcommand,theDCE
sidecanbedeterminedusingtheShowcontrollerS0/1commandasfollows:
R1#ShcontrollerS0/1|Incclock
DCEV.35,clockrate64000
InthiscasesincetheframerelayswitchdoesNOTexist,theLMIsshouldbedisabledusingtheNo
Keepaliveinterfaceconfigurationcommand,andtheframerelaymappingshouldbedonestatically.
WhenconfiguringtheFramerelaymapping,theDLCIsshouldbeidenticalonbothends.
Page56of87
OnR1
R1(config)#interfaceSerial0/1
R1(configif)#ipaddress200.1.1.1255.255.255.0
R1(configif)#encapsulationframerelay
R1(configif)#NOkeepalive
R1(configif)#clockrate64000
R1(configif)#framerelaymapip200.1.1.3113
R1(configif)#NOshut
OnR3
Toverify&testtheconfiguration:
OnR1
R1#Ping200.1.1.3
!!!!!
R1#Showframerelaylmi
R1#
NotetherearenoLMIs,becausetheyaredisabled.
R1#Showframerelaypvc
PVCStatisticsforinterfaceSerial0/1(FrameRelayDTE)
ActiveInactiveDeletedStatic
Local1000
Switched0000
Unused000
0
DLCI=113,DLCIUSAGE=LOCAL,PVCSTATUS=STATIC,INTERFACE=Serial0/1
Page57of87
inputpkts5outputpkts10inbytes520
outbytes1040droppedpkts0inpktsdropped0
outpktsdropped0
outbytesdropped0
inFECNpkts0inBECNpkts0outFECNpkts0
outBECNpkts0inDEpkts0outDEpkts0
outbcastpkts0outbcastbytes0
5minuteinputrate0bits/sec,0packets/sec
5minuteoutputrate0bits/sec,0packets/sec
pvccreatetime00:03:53,lasttimepvcstatuschanged00:02:39
Serial0/1(up):ip200.1.1.3dlci113(0x71,0x1c10),static,
CISCO
Task2
ConfiguretherouterssuchthatR1usesDLCI103tosendandDLCI301toreceive
packets,whereas,R3shoulduseDLCI301tosendandDLCI103toreceivepackets.
YoushouldconfigureinterfaceS0/1toaccomplishthistask.
Inthistask weareaskedtoconfiguretheserouterstousedifferentDLCIs,103connectingR1toR3
and301connectingR3toR1.
OnR1
Thefollowingcommandremovestheframerelaymappingthatwasconfiguredintheprevioustask
andaddsthenewmapping:
R1(configif)#NOframerelaymapip200.1.1.3113
OnR3
Page58of87
R3(configif)#NOframerelaymapip200.1.1.1113
Toverifyandtesttheconfiguration:
OnBothRouters:
#DebugFramerelaypacket
OnR1
R1#Ping200.1.1.3
.....
YoushouldseethefollowingdebugoutputonR1andR3:
OnR1
Serial0/1(o):dlci103(0x1871),pkt type0x800(IP),datagramsize104.
OnR3
Serial0/1:FRinvalid/unexpectedpakreceivedonDLCI103
NOTE:TheoutputofthedebugmessagesonR3revealsthereasonthatthepingwasNOTsuccessful.
Itstellingusthatitreceived5invalidandunexpectedpacketsonDLCI103.Thereasonthelocal
router(R3)seesR1sDLCIisbecausetheyaredirectlyconnected.
Tofixthisproblem,R3canbeconfiguredtoreceivedataonDLCI103andsendonDLCI301,as
follows:
Page59of87
OnR3
R3(config)#intS0/1
R3(configif)#framerelayinterfacedlci103
OnR1
R1#Ping200.1.1.3repeat4
OnR3
Serial0/1(i):dlci103(0x1871),pkttype0x800,datagramsize104
Serial0/1(o):dlci301(0x48D1),pkttype0x800(IP),datagramsize104
NotetheincomingtrafficusesDLCI103,whereas,theoutgoingtrafficusesDLCI301.Letstrytoping
R1andseewhythepingsareunsuccessful:
OnR3
OnR1
Noteweareexperiencingthesameproblem onR3,thetrafficcomesinonDLCI301andthelocal
routerisNOTawareofthisDLCI.Tofixthisproblem:
Page60of87
R1(config)#intS0/1
R1(configif)#framerelayinterfacedlci301
OnR3
!!!!
OnR1
Serial0/1(o):dlci103(0x1871),pkttype0x800(IP),datagramsize104
R1#Showframemap
CISCO
OnR3
R3#Showframemap
CISCO
Page61of87
Task3
ReconfigureR1asaframerelayswitchandarouterconnectingtoR3,whereas,R3
shouldbeconfiguredasarouterconnectingtoR1usingS0/1interface.R1shoulduse
DLCI103foritsconnectiontoR3andR3shoulduseDLCI301foritsconnectiontoR1.
YoushouldNOTdisableLMIstoaccomplishthistask.
OnR1
R1(config)#frameswitching
R1(config)#intS0/1
R1(configif)#encapframerelay
R1(configif)#framemapip200.1.1.3103
R1(configif)#frameinterfacedlci301
R1(configif)#framerelayintftypedce
OnR3
R3(configif)#intS0/1
R3(configif)#encapframerelay
R3(configif)#framemapip200.1.1.1301
OnR1
R1#Showframelmi|BNum
NumStatusEnq.Rcvd11NumStatusmsgsSent11
NumUpdateStatusSent0NumStEnq.Timeouts0
OnR3
R3#Showframerelaylmi|BNum
NumStatusEnq.Sent18NumStatusmsgsRcvd19
LastFullStatusReq00:00:00LastFullStatusRcvd00:00:00
Page62of87
R3#Ping200.1.1.1
!!!!!
Task4
Erasethestartupconfigurationandreloadtheroutersbeforeproceedingtothenextlab.
Page63of87
Lab1 MLSQOS
LabSetup:
ConfigureF0/19interfaceofSW1andSW2asaDot1Qtrunk.
ConfigureSW1andSW2inVTPdomaincalledTST
ConfigureF0/1andF0/2interfaceofSW1inVLAN100.
ConfigureF0/3interfaceofSW2asaDot1Qtrunk.
ConfigureF0/1interfaceofR3asaDot1QtrunkforVLAN100.
Youcancopyandpastetheinitialconfigurationfromtheinitdirectory
IPaddressing:
Router
R1
R2
R3
Interface/IPaddress
F0/0=10.1.1.1/24
F0/0=10.1.1.2/24
F0/1.100=10.1.1.3/24
VLAN
100
100
100
Page64of87
Task1
AssignahostnameofSW1toSwitch1andahostnameofSW2toSwitch2.Shutdown
allunusedportsontheseswitches.
OnSwitch1
Switch(config)#HostSW1
SW1(config)#Intrangef0/318,F0/2024
OnSwitch 2
Switch(config)#HostSW2
SW2(config)#Intrangef0/12,F0/418,F0/2024
Task 2
ConfigureSW1sportF0/2suchthatitmarksAllingresstrafficwithaCoSmarkingof2.
Forverificationpurpose,R3shouldbeconfiguredtomatchonCoSvaluesof07
ingressonitsF0/1.100subinterface.
InthisstepR3isconfiguredtomatchonincomingCoSvaluesof07,thisisdonesothepolicycanbe
testedandverified.
OnR3
R3(config)#classmapcos0
R3(configcmap)#matchCoS0
Page65of87
R3(config)#PolicymapTST
R3(configpmap)#Classcos0
R3(config)#IntF0/1.100
R3(configsubif)#ServicepolicyinTST
OnSW1
Bydefault,QOSisdisabledandtheswitchwillNOTmodifytheCoS,IPPrecedenceortheDSCP
valuesofreceivedtraffic.Toverify:
SW1#Showmlsqos
QoSisdisabled
QoSippacketdscprewriteisenabled
ThefollowingcommandenablesMLSQOS toperformanykindofQOS configuration,MLSQOS
mustbeenabled.
SW1(config)#MLSQOS
OnSW1
Page66of87
SW1#Showmlsqos
QoSisenabled
Tocontinuewiththeconfiguration:
SW1(config)#intF0/1
ThefollowingcommandassignsadefaultCoSvalueof2tountaggedtrafficreceivedthroughthis
interface.
SW1(configif)#mlsqoscos2
OnSW1
SW1#Showmlsqosinterf0/1
FastEthernet0/1
truststate:nottrusted
trustmode:nottrusted
trustenabledflag:ena
COSoverride:dis
defaultCOS:2
DSCPMutationMap:DefaultDSCPMutationMap
Trustdevice:none
qosmode:portbased
OnR1
R1#Ping10.1.1.3
.!!!!
Toverifythetest:
Page67of87
OnR3
R3#Showpolicymapinterface|Scos0
Classmap:cos0(matchall)
4packets,472bytes
5minuteofferedrate0bps
Match:cos0
0packets,0bytes
Match:cos2
Note,eventhoughtheinterfaceisconfiguredwithMlsqoscos2thetrafficcominginonthat
interfaceisNOTaffected.Tomark ALLtrafficwithaCoSmarkingof 2,whichmeansalltraffic
regardlessoftheirmarking,theportmustbeconfiguredtooverridetheexistingCoS.
ThemlsqoscoscommandonitsowndoesNOTHING,itshouldbecombinedwitheithertheMls
qoscosoverrideorMlsqostrustcos.WhenitscombinedwithMLSqostrustcos,ONLYthe
untaggedtrafficisaffected,butifitscombinedwithMLSqoscosoverride,then,alltraffic(Tagged
oruntagged)isaffected.
ThefollowingcommandconfigurestheswitchporttotrusttheCoSvalueinALLincoming traffic
throughF0/2interface,theMlsqoscosoverridecommandwillbetestedlater:
SW1(config)#intF0/1
SW1(configif)#mlsqostrustcos
OnSW1
SW1#Shmlsqosinterfacef0/1
FastEthernet0/1
truststate:trustcos
trustmode:trustcos
COSoverride:dis
defaultCOS:2
Page68of87
Trustdevice:none
qosmode:portbased
OnR3
R3#Clearcounters
Clear"showinterface"countersonallinterfaces[confirm]
PressEntertoallowthecounterstobecleared
OnR1
R1#Ping10.1.1.3
!!!!!
Toverifythetest:
OnR3
R3#Shpolicymapinter|Scos0
0packets,0bytes
Match:cos0
5packets,590bytes
Match:cos2
NotetheoutputoftheaboveshowcommandrevealsthatalltrafficthatsourcedfromR1ismarked
withaCoSvalueof0thereasonforthisoutcomeisbecauseSW1isconfiguredwithMlsqosglobal
configurationcommand,therefore,theswitchwillmarkalluntaggedincomingtrafficthroughitsF0/1
interfacewithaCoSvalueof2.
Page69of87
Task3
ConfigureSW1andR1asfollows:
F0/1interfaceofSW1shouldbeconfiguredasaDot1qtrunk.
DisableMlsQOSandremovetheMlsqoscos2commandfromF0/1
interfaceofSW1.
ConfigureF0/0.100subinterfaceonR1,thissubinterfaceshouldbeconfigured
basedonthefollowing:
R1sF0/0.100interfaceshouldbeconfiguredastrunkforVLAN100
R1sF0/0.100shouldbeassignedanIPaddressof10.1.1.1/24
R1sF0/0.100shouldbeconfiguredtomarkallegresstrafficwithaCoS
valueof6.
OnSW1
SW1(config)#intF0/1
SW1(configif)#Defaultinterf0/1
SW1(config)#intF0/1
SW1(configif)#switrunkencdo
SW1(configif)#swimodetrunk
SW1(config)#NOMlsqos
Toverifytheconfiguration
OnSW1
SW1#Showinttrunk
Fa0/114094
Fa0/1914094
Port
Vlansallowedandactiveinmanagementdomain
Fa0/11,100
Fa0/191,100
Page70of87
Fa0/1none
Fa0/191,100
OnR1
R1(config)#DefaultinterF0/0
R1(configif)#intF0/0.100
R1(configsubif)#encapdot1100
R1(configsubif)#ipaddr10.1.1.1255.255.255.0
R1(configpmap)#classclassdefault
R1(configpmapc)#setcos6
R1(configpmapc)#intF0/0.100
R1(configsubif)#servicepolicyoutTST
OnR3
R3#Clearcounters
OnR1
R1#Ping10.1.1.3rep60
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OnR3
R3#Shpolicymapinter|Scos60
60packets,7080bytes
Match:cos6
NotetrafficgeneratedbyR1 hasaCoSmarkingof6.
Page71of87
Task4
SW1shouldbeconfiguredtotrusttheCoSmarkingofanytrafficcomingthroughits
F0/1interface.
OnSW1
SW1(config)#mlsqos
SW1(config)#intF0/1
SW1(configif)#mlsqostrustCoS
Totesttheconfiguration
OnR3
R3#Clearcounters
OnR1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Notetheoutputofthefollowingshowcommandrevealsthatthe trafficretaineditsCoSmarking.
OnR3
60packets,7080bytes
Match:cos6
Task5
ConfigureR1,R2&SW1usingthefollowingpolicy:
Page72of87
1. IftheingresstrafficfromR2isNOTmarkedwithaCoSvalue,SW1shouldbe
configuredtomarkthattrafficwithaCoSvalueof0.
2. IftheingresstrafficfromR1isNOTtagged,SW1shouldbeconfiguredtorewrite
theCoSvalueto1,however,ifthetrafficistagged,SW1shouldNOTrewritethe
CoSvalueoftheincomingtraffic.
Toconfigurethefirstpolicy:
SincetheMlsQoscommandisconfiguredonSW1,whentrafficwithoutaCoSmarkingentersany
portonSW1,thattrafficismarkedwithaCoSvalueof0,therefore,SW1doesNOTneedtobe
configuredforthispolicy:
Toverifyandtestthefirstpolicy:
OnR3
R3#Clearcounter
OnR2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OnR3
SincethetrafficgeneratedbyR2 didnothaveaCoSmarking,thetrafficwillarrivewithaCoS
markingofzero.
0packets,0bytes
Match:cos6
60packets,7080bytes
Page73of87
Match:cos0
Toconfigurethesecondpolicy:
TheMlsqostrustcoscommandthatwasconfiguredinthe previoustask willtrusttheCoSvaluein
theincomingtrafficandwillNOTrewritetheCoSvaluesincethetaskstatsthattheuntaggedtraffic
shouldberewrittentoaCoSvalueof1,whereas,thetaggedtrafficshouldNOTbeaffectedatall,the
followingshouldbeconfigured:
OnR3
R3#Clearcounters
OnSW1
SW1(config)#IntF0/1
TheabovecommandONLYaffectstheuntaggedtraffic,sinceR1sF0/1interfaceisconfiguredasa
trucklink,thisconfigurationshouldNOThaveanyaffect.Thefollowingshowcommandrevealsthis
information:
OnR1
!!!!!!!!!!
OnR3
TheoutputofthefollowingshowcommandrevealsthatthetrafficfromR1retaineditsCoSvalueof6:
R3#Shpolicymapinter|scos6
10packets,1180bytes
Match:cos6
Page74of87
Totesttheuntaggedtraffic:
OnR1
R1(config)#intF0/0.100
R1(configsubif)#encapdot1100native
NOTE:Intheaboveandthefollowingconfiguration, VLAN100isconfiguredtobetheNative VLAN
sothetrafficarriveswithNOtagging:
OnSW1
SW1(configif)#intF0/1
SW1(configif)#switrunknativevlan100
ToseeSW1sconfiguration:
OnSW1
SW1#ShrunintF0/1|Binterface
interfaceFastEthernet0/1
switchporttrunkencapsulationdot1q
switchporttrunknativevlan100
switchportmodetrunk
mlsqoscos1
mlsqostrustcos
OnSW1
SW1#Shinterfacetrunk
Fa0/1on802.1q
trunking100
(Therestoftheoutputisomitted)
OnR3
R3#Clearcounters
Page75of87
OnR1
R1#Ping10.1.1.3rep100
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OnR3
0packets,0bytes
Match:cos6
0packets,0bytes
Match:cos0
100packets,11800bytes
Match:cos1
ThefollowingshowsR1spolicymapconfiguration:
OnR1
R1#ShowpolicymapTST
PolicyMapTST
Classclassdefault
setcos6
Page76of87
Task6
SW2shouldbeconfiguredsuchthatitmarksalltrafficfromanyrouter/sconnectedto
SW1(TaggedorUntagged)withaCoSvalueof7.DONOTconfigureR1,R2orSW1to
accomplishthistask.
OnSW2
SW2(config)#MLSQOS
NOTE:Thisconfigurationisperformedonthe trunklinkofSW2soitcanaffectalltrafficcoming
fromSW1thisaffectsthetrafficthathasmarking,thetrafficthatdoesNOThaveanymarking,
taggedoruntagged:
SW2(config)#intF0/19
SW2(configif)#mlsqoscosoverride
OnSW2
SW2#Shmlsqosinterf0/19
FastEthernet0/19
trustmode:nottrusted
COSoverride:ena
defaultCOS:7
Trustdevice:none
qosmode:portbased
OnR3
R3#Clearcounter
OnR1
R1#Ping10.1.1.3rep100
Page77of87
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OnR3
NotethetrafficmatchedtoCoS7
Match:cos7
OnR2
R2#Ping10.1.1.3rep200
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OnR3
Match:cos7
NotealltrafficregardlessoftheirmarkingaremarkedwithaCoSvalueof7.
Page78of87
Task 7
ErasethestartupconfigurationonR13andSW1&SW2andreloadtheseroutersand
switchesbeforeproceedingtothenextlab.
Page79of87
Lab2DSCPMutation
LabSetup:
Thelabtopologyandsetupisbasedonthepreviouslab,withtheexceptionofR3s
configurationandtheF0/3interfaceofSW2R3sF0/1interfaceshouldbeconfigured
withanIPaddressof10.1.1.3/24andtheF0/3interfaceofSW2shouldbeconfiguredin
VLAN100.
Youcancopyandpastetheinitialconfigurationfromtheinitdirectory
Task1
ConfigureanMQConR1suchthatallpacketsgoingoutofitsF0/0interfacearemarked
withaDSCPvalueof1.Forverificationpurpose,R3sF0/1interfaceshouldbe
configuredtomatchonDSCP07forallingresstraffic.EnsurethatMlsqosis
disabledonbothswitches.
On BothSwitches:
SWx#Shmlsqos
Page80of87
QoSisdisabled
ThefollowingconfigurationonR1marksallegresstrafficwithaDSCPvalueof1:
OnR1
R1(configpmap)#classclassdefault
R1(configpmapc)#setipdscp1
R1(config)#intF0/0
R1(configif)#ServicepolicyoutTST
OnR3
Thefollowingconfigurationisdoneforverificationandtestingpurposes:
R3(config)#ClassmapDSCP0
R3(configcmap)#matchipdscp0
R3(config)#policymapTST
R3(configpmap)#ClassDSCP0
Page81of87
R3(config)#intF0/1
R3(configif)#servicepolicyinTST
OnR1
.!!!!!!!!!
OnR3
R3#ShPolicymapinter|SDSCP1
Classmap:DSCP1(matchall)
9packets,1026bytes
Match:ipdscp1
NotesinceMlsqosisdisabledonbothswitches,thepacketstraversingtheswitcheswillretaintheir
marking.
Task2
ConfigureSW2suchthatiftheincomingtrafficismarkedwithDSCP1,theyare
overwrittentoaDSCPvalueof60.DONOTconfigureaclassmaporPolicymapto
accomplishthistask.UseR3toverifytheconfiguration.
DSCPMutationcanbeconfiguredtoaccomplishthistasktherearefivestepsinconfiguringDSCP
Page82of87
mutation,andtheyareasfollows:
Step1:
MlsqosMUSTbeenabled:
OnSW2
SW2(config)#Mlsqos
Toverifytheconfigurationofthisstep:
OnSW2
SW2#ShowmlsQoS
QoSisenabled
Step2:
Inthisstepa custom DSCPMutationmapisconfigured,rememberthatifthiscustommappingis
NOTconfigured,thedefaultDSCPMutationmapwillbeused,thedefaultDSCPMutationmapcan
NOTbechangedanditisconfiguredasonetoone,meaningthat theincomingDSCPvaluewillalways
matchtothesameoutgoingDSCPvalue:
InthisstepacustomDSCPMutationmapnamedTSTisconfigured,thiscustomDSCPMutation
mapstheincomingDSCPvalue(inthiscase1)toanoutgoing DSCPvalueof 60:
ToseethedefaultDSCPMutationmap:
SW2#Showmlsqosmapdscpmutation
Dscpdscpmutationmap:
DefaultDSCPMutationMap:
d1: d20123456789
0:
00010203040506070809
1:
10111213141516171819
2:
20212223242526272829
3:
30313233343536373839
4:
40414243444546474849
5:
50515253545556575859
6:
60616263
Notethed1:column(highlightedinyellow)specifiesthemostsignificantdigitoftheDSCPvalueof
Page83of87
incomingpackets,whereas,thed2:row(highlightedinblue)specifiestheleastsignificantdigitofthe
DSCPvalueofincomingpackets.
Theintersectionofthed1andd2values(thisisthebodyoftheoutput)providestheDSCPvalueofthe
outgoingpackets.
NOTE:theoutputoftheaboveshowcommandrevealsthattheincomingDSCPvalueof1,isre
writtentotheoutgoingDSCPvalueof1.
LetsconfigureacustomDSCPMutationmapcalledTSTthatmapstheincomingDSCPvalueof1to
anoutgoingDSCPvalueof60:
SW2(config)#MlsqosmapdscpmutationTST1to60
OnSW2
SW2#ShowmlsqosmapdscpmutationTST
Dscpdscpmutationmap:
TST:
d1: d20123456789
0:
00600203040506070809
1:
10111213141516171819
2:
20212223242526272829
3:
30313233343536373839
4:
40414243444546474849
5:
50515253545556575859
6:
60616263
Step3:
Inthisstep,the custom DSCPMutationmapcalledTSTisappliedtotheF0/19interface(Trunk
interface)ofSW2
SW2(configif)#mlsqosdscpmutationTST
OnSW2
SW2#ShowmlsqosintF0/19|IncDSCP
Page84of87
DSCPMutationMap:TST
Step4:
Remember,iftheMlsqostrustDSCPisNOTconfigured,theconfigurationwillNOThaveany
affectonthepackets:
Toseethetrusttruststate(Whatsbeingtrusted)oftheF0/19interface:
OnSW2
SW2#ShowmlsqosintF0/19|Inctruststate
OnSW2
SW2(configif)#mlsqostrustdscp
OnSW2
SW2#ShowmlsqosintF0/19|Inctruststate
truststate:trustdscp
NOTE:IfCoSwastrusted,theoutputoftheabovecommandwouldhavestatedtruststate:trust
CoS,sinceONLYDSCPistrusted,thetruststateisDSCP.
Step5:
EnsurethattheDSCPrewritesareenabled,ifthisisdisabled,then,theDSCPmarkingwillNOTbe
rewritten.
ToverifyiftheDSCPrewritesareenabled:
OnSW2
SW2#Showmlsqos
QoSisenabled
Page85of87
IftheDSCPrewritesaredisabled,then,theDSCPmarkingintheoutgoingpacketswillNOTbere
written.Therearetimesthatthisfeaturemustbedisable,todisablethisfeature,theNOmlsqos
rewriteipdscpglobalcommandcanbeused.
ToprepareR3forverificationpurpose:
OnR3
Thefollowingconfigurationisrequiredfortestingandverification.
R3(config)#policymapTST
Remember,thepolicymapTSTisalreadyapplied.
OnSW2
R3#ShowpolicymapTST
PolicyMapTST
ClassDSCP0
ClassDSCP1
ClassDSCP2
ClassDSCP3
ClassDSCP4
ClassDSCP5
ClassDSCP6
ClassDSCP7
ClassDSCP60
OnR3
R3#clearcounters
OnR1
Page86of87
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
OnR3
R3#Showpolicymapinterface|SDSCP60
Classmap:DSCP60(matchall)
60packets,6840bytes
Match:ipdscp60
Task3
ConfiguretheDefaultinterfaceF0/1commandonR3beforeproceedingtothenext
lab.
Page87of87

Labs

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Labs

Încărcat de

Drepturi de autor:

Formate disponibile

Advanced

S-ar putea să vă placă și