Documente Academic
Documente Profesional
Documente Cultură
Lab Guide
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Lab Guide © 2012 Cisco and/or its affiliates. All rights reserved.
Table of Contents
Lab Guide 1
Overview 1
Outline 1
Job Aids 2
Pod Access Information 2
Device Information 2
IP Addressing 3
Lab 1-1: Verify Host IP Configuration 6
Activity Objective 6
Visual Objective 6
Required Resources 6
Command List 7
Task 1: Verify IP Configuration of a Windows Host 7
Task 2: Verify Connectivity 9
Task 3: Perform Forward and Reverse DNS Lookups 10
Lab 1-2: Configure Subnetting 11
Activity Objective 11
Visual Objective 11
Required Resources 11
Command List 11
Job Aids 11
Task 1: Divide Address Space into Correctly Sized Subnets 11
Lab 2-1: Configure Cisco Switches 13
Activity Objective 13
Visual Objective 14
Required Resources 14
Command List 15
Task 1: Boot Cisco ME340x Switch and Perform Basic Configuration 17
Task 2: Enable SSH Access to the Switch 28
Task 3: Verify STP Operation 28
Task 4: Configuring EtherChannel 30
Task 5: Configuring Port Security 32
Lab 3-1: Configure Basic Router Configuration 35
Activity Objective 35
Visual Objective 35
Required Resources 36
Command List 36
Task 1: Boot Cisco Router and Perform Basic Configuration 38
Task 2: Basic EIGRP Configuration 41
Lab 4-1: Implement Internet Connectivity 44
Activity Objective 44
Visual Objective 44
Required Resources 44
Command List 45
Task 1: Configure DHCP on CE Router 46
Task 2: Configure Static Routing for Internet Access 47
Task 3: Configure PAT on CE Router 48
Lab 4-2: Configure Data Link Layer Encapsulation 50
Activity Objective 50
Visual Objective 50
Required Resources 50
Command List 51
Task 1: Configure a POS Interface on the PE Router 52
Task 2: Configure PPP on POS Interface 53
Lab 5-1: Configure Network Management Tools 58
Activity Objective 58
Visual Objective 58
Required Resources 58
Command List 59
Task 1: Configure and Verify Cisco Discovery Protocol 60
Task 2: Configure Logging 61
Task 3: Configure and Verify NTP 63
Task 4: Configuring and Verifying IP SLA 64
Lab 5-2: Configure AAA 66
Activity Objective 66
Visual Objective 66
Required Resources 66
Command List 67
Task 1: Configure AAA Authentication 68
Answer Key 70
Lab 1-1 Answer Key: Verify Host IP Configuration 70
Lab 1-2 Answer Key: Configure Subnetting 70
Lab 2-1 Answer Key: Configuring Cisco Switches 70
Lab 3-1 Answer Key: Configure Basic Router Configuration 74
Lab 4-1 Answer Key: Implement Internet Connectivity 77
Lab 4-2 Answer Key: Configure Data Link Layer Encapsulation 78
Lab 5-1 Answer Key: Configure Network Management Tools 81
Lab 5-2 Answer Key: Configure AAA 82
Task 1: Configure AAA Authentication 82
Appendix A: Lab Topology 84
ii Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
SPNGN1
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this course.
You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Job Aids
Lab 1-1: Verify Host IP Configuration
Lab 1-2: Configure Subnetting
Lab 2-1: Configure Cisco Switches
Lab 3-1: Configure Basic Router Configuration
Lab 4-1: Implement Internet Connectivity
Lab 4-2: Configure Data Link Layer Encapsulation
Lab 5-1: Configure Network Management Tools
Lab 5-2: Configure AAA
Answer Key
Appendix A: Lab Topology (Tear-Out)
Job Aids
These job aids are available to help you complete lab activities 2-1 through 5-2.
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in each pod and
two pods will work in each team. Each pod has one switch and two routers. Two pods share one
additional switch. All teams share the same core routers (P1 and P2).
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two teams
have a redundant POS connection, as shown in the following topology:
Legend:
Gi
Fa
OC3 POS
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-4
2 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Device Roles and Loopback IP Addresses
Device Name Device Role Lo0 IPv4 Address Lo0 IPv6 Address
The following figure illustrates the interface identification used in this lab setup.
Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1
Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1
Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-5
IP Addressing
The following figure illustrates the IP addressing scheme used in this lab setup.
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.2.0/24
192.168.1.0/24
192.168.1xy.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-6
The following figure illustrates the management IP addresses used in this lab setup.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23
CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-7
Note Replace the “x” or “y” with your pod number to get the IP subnets within your pod. Replace
the “xy” (where x < y) with numbers of the pods within the same team (for example, 12, 34,
56, or 78) to get IP subnets on the link between those pods.
4 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Pod IP Addressing
Device IP Address Peer IP Address
Core IP Addressing
Device Device IP Address Peer Peer IP Address
P1 192.168.1.1/24 P2 192.168.1.2/24
2001:db8:192:168:1::1/80 2001:db8:192:168:1::2/80
192.168.2.1/24 192.168.2.2/24
2001:db8:192:168:2::1/80 2001:db8:192:168:2::2/80
Activity Objective
In this activity, you will be able to use Windows applications and commands to investigate the IP
configuration of your PC and your local network. After completing this activity, you will be able to meet
these objectives:
Use the ipconfig command to determine the current network addressing information of your PC
Use the ping command to test connectivity to the default gateway
Use the nslookup command to perform forward and reverse DNS lookups
Visual Objective
The figure illustrates what you will accomplish in this activity.
NSLOOKUP
Student PC
Determine the current network
addressing information
Internet
Test connectivity
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-8
Required Resources
These are the resources and equipment that are required to complete this lab activity:
A PC connected to a functioning network, with connectivity to the Internet
6 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
Windows Commands
Command Description
Activity Procedure
Step 1 From the Windows desktop, click Start.
Step 2 Enter cmd in the dialog box. Press Return.
Step 3 In the Command Prompt window, enter ipconfig.
Your output should resemble one of these four examples:
Nonworking example 1: The output indicates no connectivity. The Ethernet cable is probably not
physically connected. Notice the Teredo Tunneling Pseudo-Interface that gives full IPv6 connectivity
for IPv6-capable hosts, which are on the IPv4 network but which have no direct connection to an IPv6
network.
C:\Documents and Settings>ipconfig
< text omitted >
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
Nonworking example 2: The output indicates that the PC is waiting to obtain its IP address information
automatically. This will be a transient output—it will either successfully get an address or retry the
ipconfig command periodically until it changes to one of these remaining examples. Notice the link-
local IPv6 address: fe80::21c:25ff:fe97:4aeb%5
C:\Documents and Settings>ipconfig
< text omitted >
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . :
Working example 1: The output indicates that the PC either has a preconfigured IPv4 address or that it
successfully obtained its IP address automatically. Your IPv4 address, subnet mask, or default gateway
will most likely be different from what is shown.
C:\Documents and Settings>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : cisco.com
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . : 192.168.1.1
Step 4 If you have a problem, ask your instructor for assistance. Continue only if you have a valid
IPv4 address. Write the IPv4 values that you obtained from the ipconfig command in these
spaces:
PC IP address ___________________
Subnet mask ___________________
IP default gateway address ___________________
Note There might be more than one network adapter available on a PC. The output of the
ipconfig command will show a different IP configuration for each network adapter.
Activity Verification
You have completed this task when you attain this result:
You obtained valid IP address information from the ipconfig command.
8 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Verify Connectivity
The Windows ping command allows you to test the connectivity of the network. Its output demonstrates
success or failure, and gives an indication of the round-trip time taken.
Activity Procedure
Step 1 In the Command Prompt window, enter ping followed by the address of your default
gateway that you obtained in Task 1.
Step 2 The first example below is an unsuccessful ping. If you get this output, ask your instructor
for assistance.
Nonworking example: The output indicates that no reply was received from the target IP address.
C:\Documents and Settings>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Note Notice that, by default, the Windows ping command sends four packets.
Activity Verification
You have completed this task when you attain these results:
You used the Windows ping command to test the connectivity to your default gateway router.
The round-trip time should be less than 10 ms.
Activity Procedure
Step 1 From the Command Prompt window, enter nslookup www.cisco.com
The first example below shows forward DNS lookup for www.cisco.com. DNS server used
in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup www.cisco.com
Server: lab-x.cisco.com
Address: 192.168.100.100
Non-authoritative answer:
Name: origin-www.cisco.com
Address: 72.163.4.161
Aliases: www.cisco.com, www.cisco.com.akadns.net
geoprod.cisco.com.akadns.net
Step 2 From the Command Prompt window, enter nslookup 8.8.8.8
The second example below shows reverse DNS lookup for IP address 8.8.8.8 which is a
Google public DNS server with hostname google-public-dns-a.google.com. The DNS server
used in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup 8.8.8.8
Server: lab-x.cisco.com
Address: 192.168.100.100
Name: google-public-dns-a.google.com
Address: 8.8.8.8
Activity Verification
You have completed this task when you attain this result:
You used the Windows nslookup command to determine the IP address for http://www.cisco.com
and to determine the hostname for IP address 8.8.8.8.
10 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 1-2: Configure Subnetting
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
In this activity, you will determine subnets of a given address range based on the number of hosts. After
completing this activity, you will be able to meet these objectives:
Determine the subnets based on a given number of hosts
Determine the maximum number of host addresses that are available in a determined subnet
Determine the broadcast address for a determined subnet
Visual Objective
There are no visual objectives for this lab activity.
Required Resources
These are the resources and equipment that are required to complete this activity.
Pen
Paper
Command List
There are no commands that are used in this activity.
Job Aids
These job aids are available to help you complete the lab activity.
Pen
Paper
Activity Procedure
Given a network 192.168.0.0/21 and the required number of hosts, complete the table to
identify the subnet, subnet prefix, maximum number of hosts, and broadcast address for that
subnet.
300
200
150
100
50
40
20
Activity Verification
You have completed this task when you attain this result:
Given a network and maximum number of hosts, you can identify the subnet, subnet prefix,
maximum number of hosts, and broadcast address for that subnet.
12 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 2-1: Configure Cisco Switches
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this lab activity, you will monitor switch bootup procedure and enable basic switch configuration. You
will configure port settings, MOTD, and enable SSH access to the switches. In the second part of the lab
activity, you will enable the port security feature and verify operation of Spanning Tree Protocol.
Note Students from two different pods are working in a team. All Cisco ME340x switches are
running Cisco IOS Software. The first pod in the team will work on the switch SWx (where x
is 1, 3, 5, or 7), while the second pod in the same team will work on the SWy (where y is 2,
4, 6, or 8). Switch SWxy (where xy is 12, 34, 56, or 78) is shared between two pods in the
team, and students from both pods will access a shared switch. Students in the same team
should coordinate their lab activity.
After completing this activity, you will be able to meet these objectives:
Monitor bootup procedure of the switch
Enable basic configuration of the switch
Enable SSH access to the switch
Configure and verify Spanning Tree Protocol
Configure EtherChannel
Configure and verify port security
Fa0/23 Fa0/22
Configure EtherChannel
Fa0/21
Fa0/21
• Configure and verify spanning tree protocol
• Configure and verify port security
Fa0/23
SWxy Fa0/21
Fa0/22
Fa0/23
Gi0/0 Fa0/1
CEy Pod y SWy PEy
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-10
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
14 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
ip domain name name Defines a default domain name that the Cisco IOS
Software uses to complete unqualified hostnames
(names without a dotted-decimal domain name) in
global configuration mode
port-type {eni | nni | uni} Sets the port type in interface configuration mode
show interfaces
show port-security [interface Displays the ports on which port security has been
intf_id] address enabled. Also displays count information and
security actions to be taken per interface
speed {10 | 100 | 1000 Configures the speed for a Fast Ethernet or Gigabit
[negotiate] | auto [speed- Ethernet interface in interface configuration mode
list]}
ssh –l username ip_address Starts an encrypted session with a remote
networking device in privileged EXEC or user EXEC
mode
16 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Task 1: Boot Cisco ME340x Switch and Perform Basic
Configuration
In this task, you will examine switch configuration, erase switch startup configuration, and reload switch.
While the switch is reloading, you will monitor bootup procedure. You will configure switch initial
configuration.
Activity Procedure
Complete these steps on the pod SW switch running Cisco IOS:
Step 1 Log in to the SW switch in your pod and examine the running configuration. Write down the
following parameters from the running configuration:
Parameter Value
Hostname
Enable password
Step 2 On your pod switch and shared switch, erase the startup configuration and reload the switch.
Do not save the configuration, if asked. Confirm the reload and observe the bootup
procedure. Do not enter initial configuration dialog when asked.
Step 3 On your pod switch and shared switch, configure the hostname, enable password, and vty
login password. Set console EXEC timeout to infinity and enable synchronous logging. Save
the configuration. For hostname and passwords, use the information in the Job Aids section.
Step 4 On your pod switch and shared switch, define a MOTD banner, saying “Access for
authorized users only. Please enter your username and password.”
Step 5 On your pod switch and shared switch, set port duplex and speed settings on links connecting
to other switches to “full” and 100 Mb/s. Enable these ports. For port identification, use
information in the Job Aids section.
Step 6 On your pod switch, set port duplex and speed settings on links connecting to CE and PE
routers to “full” and 100 Mb/s. Enable these ports. For port identification, use information in
the Job Aids section.
Step 7 On the CE and PE pod routers, set duplex and speed settings on the link connecting to the
pod switch to “full” and 100 Mb/s. For port identification, use information in the Job Aids
section. The PE router running Cisco IOS XE Software will require disabling duplex
negotiation. Use the no negotiation auto interface command to disable duplex negotiation
and then configure the duplex “full.”
Step 8 On your pod switch, shut down interface Fast Ethernet 0/24, connecting to the shared team
switch. By doing this, you will have only one active connection between your pod switch and
shared team switch.
Step 9 On your pod switch and shared switch, change the port type of interfaces Gigabit Ethernet
0/1 and Gigabit Ethernet 0/2 to UNI. By default, Gigabit Ethernet interfaces are configured
as NNI port types.
Step 10 On your pod switch, change the port type of interface Fast Ethernet 0/2 to NNI.
Step 11 On your pod switch, change the port type of interfaces Fast Ethernet 0/21, Fast Ethernet 0/22,
and Fast Ethernet 0/23 to NNI. On your team shared switch, change the port type of
interfaces Fast Ethernet 0/21 and Fast Ethernet 0/23 to NNI.
Activity Verification
You have completed this task when you attain these results:
On the pod switch, verify the running configuration. The running configuration should include
components configured in this task.
SW1#show running-config
Building configuration...
18 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
duplex full
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
port-type nni
speed 100
duplex full
!
interface FastEthernet0/22
port-type nni
speed 100
duplex full
!
interface FastEthernet0/23
SW1#
SW2#show running-config
Building configuration...
20 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0/1
speed 100
duplex full
!
interface FastEthernet0/2
port-type nni
speed 100
duplex full
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
SW2#
SW12#show running-config
Building configuration...
22 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
!
hostname SW12
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 22
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
24 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
login
line vty 5 15
password cisco
login
!
end
SW12#
Log out from your pod switch and access it again via the console. Verify that the banner appears and
the enable password is required.
SW1#exit
Access for authorized users only. Please enter your username and password.
SW1>enable
Password: cisco
SW1#
Verify duplex and speed settings on interfaces:
SW1#show interfaces FastEthernet 0/23
FastEthernet0/23 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.70b5.6419 (bia e8ba.70b5.6419)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
< text omitted >
On your pod switch, verify the switch status by examining the show version output.
SW1#show version
Cisco IOS Software, ME340x Software (ME340x-METROACCESSK9-M), Version
12.2(53)SE, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 13-Dec-09 17:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02600000
26 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)
SW2#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 Network Node Interface (nni)
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 Network Node Interface (nni)
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)
SW12#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 User Network Interface (uni)
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 User Network Interface (uni)
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)
Activity Procedure
Complete these steps:
Step 1 On your pod switch SWx (where x is your pod number 1, 3, 5, or 7), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.1/24 (where z is your team
number). On your pod switch SWy (where y is your pod number 2, 4, 6, or 8), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.2/24 (where z is your team
number). On your team shared switch SWxy (where xy is 12, 34, 56, or 78), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.3/24 (where z is your team
number). Enable interface Vlan 1 on your pod and shared switch.
Step 2 On your pod switch, configure the domain name to cisco.com.
Step 3 On your pod switch, generate an RSA key pair, which automatically enables SSH.
Step 4 On your pod switch, populate the local database with username “cisco” and password
“cisco.”
Step 5 On your pod switch, on the vty lines, select local password checking from the local database.
Activity Verification
You have completed this task when you attain these results:
You can access your team shared switch via the console and access both pod switches in the team
using SSH:
SW12#ssh -l cisco 10.111.111.1
Password: cisco
Access for authorized users only. Please enter your username and password.
SW1>exit
Password: cisco
Access for authorized users only. Please enter your username and password.
SW2>exit
Activity Procedure
Complete these steps:
Step 1 On your pod switch, verify which ports are in blocking state and what are interface spanning
tree costs. Because there are two physical loops in the topology, two ports should be blocked
to break these two loops.
SW1#show spanning-tree vlan 1
28 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Note By default, interfaces configured as NNI port type participate in spanning tree operation.
Activity Verification
You have completed this task when you attain these results:
On your pod switch, verify which ports are in blocking state and what are interface spanning tree
costs.
On your pod switch, verify which port connects to the root bridge.
Activity Procedure
Complete these steps:
Step 1 On your pod switch, manually bundle interfaces Fast Ethernet 0/21 and Fast Ethernet 0/22
(no negotiation protocol used) to logical interface port-channel 1.
Note If interfaces are put in err-disabled state, administratively disable and then enable interfaces.
Activity Verification
You have completed this task when you attain these results:
On your pod switch, verify that interface port-channel 1 is up and running:
SW1#show interfaces Port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70b5.6417 (bia e8ba.70b5.6417)
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >
30 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >
On your pod switch, verify which ports are members of port-channel 1.
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Activity Procedure
Complete these steps:
Step 1 On your pod switch, enable the port security feature for interface Fast Ethernet 0/1
connecting to your pod CE router.
Step 2 Convert the learned MAC address to a sticky secure MAC address.
Step 3 Define “shutdown” as the action that the interface will take if a nonallowed MAC address
attempts to access interface Fast Ethernet 0/1.
Step 4 On your pod switch and shared switch, save the configuration.
Activity Verification
You have completed this task when you attain these results:
Verify the ports on which port security has been enabled and display violation count information and
security actions to be taken for interface Fast Ethernet 0/1:
SW1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
---------------------------------------------------------------------
------
Fa0/1 1 1 0
Shutdown
---------------------------------------------------------------------
------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120
32 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
SW1#show port-security interface FastEthernet 0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : e8b7.482c.a180:1
Security Violation Count : 0
Compare the MAC address of the CE router interface Gigabit Ethernet 0/0 with the port security
sticky MAC address. They should be the same:
SW1#show port-security address
Secure Mac Address Table
---------------------------------------------------------------------
---
Vlan Mac Address Type Ports Remaining
Age
(mins)
---- ----------- ---- ----- ----------
---
1 e8b7.482c.a180 SecureSticky Fa0/1 -
---------------------------------------------------------------------
---
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120
34 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 3-1: Configure Basic Router Configuration
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will monitor the router bootup procedure, enable basic router configuration, and
configure a basic EIGRP. After completing this activity, you will be able to meet these objectives:
Examine running configuration of the router
Monitor the bootup procedure of the router
Enable a basic configuration on the router
Configure and verify basic EIGRP operations
Note Students from two different pods are working in a team. The CE routers in both pods are
running Cisco IOS Software. The first pod within a team will work on the PE router running
Cisco IOS XR Software, and the second pod within the same team will work on the PE
router running Cisco IOS XE Software.
Students in the same team should coordinate their lab activity.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x EIGRP AS x PEx
CEy PEy
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-11
Command List
The table describes the commands that are used in this lab activity.
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
36 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command Description
show ip eigrp topology Displays lists of information related to the EIGRP topology
for a specific router
show ip interface brief Displays the interface status and IPv4 addresses
configured
address-family ipv4 Enters address family configuration mode for EIGRP (in
unicast EIGRP configuration mode)
domain vrf default name Sets the domain name on the router
domain_name
exec-timeout minutes Sets line EXEC timeout
seconds
hostname hostname Configures the router hostname
interface interface Defines the interfaces on which the EIGRP protocol runs
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
show eigrp topology Displays lists of information related to the EIGRP topology
for a specific router
show ipv4 interface brief Displays interface status and IPv4 addresses configured
show version Displays the router hardware and software version, uptime,
and license activated
Activity Procedure
Complete these steps:
Step 1 Log in to the CE router in your pod and examine the running configuration. Write down the
following parameters from the running configuration:
CE Router Parameters
Parameter Value
Hostname
Enable password
Step 2 On the CE router in your pod, erase the startup configuration and reload the router. Do not
save the configuration when asked. Observe the bootup procedure. Do not enter the initial
configuration dialog when asked.
Step 3 On the CE router in your pod, configure the hostname, enable the password “cisco”, and the
vty login password “cisco”. To set the hostname, use Job Aids. Set the console EXEC
timeout to infinity and enable synchronous logging. Save the configuration.
Step 4 On the CE router in your pod, enable and assign the IP address to Loopback 0 and the first
Gigabit Ethernet interfaces. To assign the IP addresses, use Job Aids.
Step 5 Log in to the PE router running Cisco IOS XR Software in your pod and examine the
running configuration. Write down the following parameters from the running configuration:
Hostname
38 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 6 On the PE router (Cisco IOS XR Software) in your pod, erase the configuration and reload
the router. Observe the bootup procedure. The bootup procedure will take several minutes.
Proceed when you see modules A9K-RSP-4G and A9K-40GE-L running:
RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON
Step 7 On the PE router (IOS XR) in your pod, configure the hostname and domain VRF default
name “ciscolab.com”. Set the console EXEC timeout to infinity. Enable the interface and
start Cisco Discovery Protocol and assign the IP address to the first management interface,
Loopback 0, and the first Gigabit Ethernet interfaces. Set the speed to the first Gigabit
Ethernet interface to “100.” To configure the hostname and interface IP addresses, use the
Job Aids.
Note In the Cisco IOS XR Software, Cisco Discovery Protocol must be enabled globally and on
the interface with the cdp global and interface command.
Step 8 Log in to the PE router running Cisco IOS XE Software in your pod and examine the running
configuration. Write down the following parameters from the running configuration:
Hostname
Enable password
Step 9 On the PE router (Cisco IOS XE Software) in your pod, erase the startup configuration and
reload the router. Do not save the configuration when asked. Observe the bootup procedure.
Do not enter the initial configuration dialog when asked and terminate autoinstall.
Step 10 On the PE router (Cisco IOS XE Software) in your pod, configure the hostname, enable
password “cisco” and the vty password “cisco”. Set the console EXEC timeout to infinity
and synchronous login. Enable the interface and assign the IP address to the management
interface, Loopback 0, and first Gigabit Ethernet interfaces. Enable Cisco Discovery
Protocol. To configure the hostname and interface IP addresses, use Job Aids. Set the duplex
and speed settings on the first Gigabit Ethernet interface to “full” and “100”. The PE router
running Cisco IOS XE Software will require disabling duplex negotiation. Use the no
negotiation auto interface command to disable duplex negotiation and then configure duplex
“full”.
Step 11 On the PE router (Cisco IOS XE Software) in your pod, use the license boot module
asr1001 group all level adventerprise command to configure the adventerprise license.
Platform Revisions/Versions :
===========================
FPGA : 5.02 [Val = 0x502]
Board Rev : 2 [Val = 0x203; Type = 3]
Env Rev : 4.5 [Val = 0x405, Bit 15 = 0]
PSEQ Rev : 3.05 [Val = 0x305]
I/O Ctl Nm : GA 1.1 [Val = 0x47410101]
I/O Ctl Ver: 2 [Val = 0x20316447]
CPU information :
---------------
Company ID = 0xD
Processor ID = 0x7
Revision = 0x8
Company OPTs = 0x0
USB Con BL : 1.01 (Boot Loader)
USB Con FW : 2.02 (Application Firmware)
USB Con FWU: 2.02 (Application Firmware Upgrade)
IOS :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:41 by prod_rel_team
40 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
ROMMON (Readonly) :
System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2010 by cisco Systems, Inc.
RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON
Verify IPv4 connectivity between CE and PE routers in your pod. Ping should be successful.
CE1#ping 192.168.101.10
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Sat Apr 22 03:58:51.887 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On the PE router running Cisco IOS XE Software in your pod, verify that the license is activated.
PE2#show version | include adventerprise
asr1001 adventerprise 1 YES adventerprise
Activity Procedure
Complete these steps:
Step 1 On the CE and PE routers in your pod, enable the EIGRP process. The autonomous system
number should be the same as the pod number. Enable EIGRP on the Loopback0 and first
Gigabit Ethernet interfaces.
Activity Verification
You have completed this task when you attain these results:
On the CE and PE routers in your pod, verify that EIGRP is running on Loopback0 and the first
Gigabit Ethernet interfaces.
CE1#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 1 0/0 5 0/1 50 0
Lo0 0 0/0 0 0/1 0 0
On the CE and PE routers in your pod, verify the EIGRP topology table. You should see the
Loopback0 interface network from the neighboring router.
CE1#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.10.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
42 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
PE2#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(2)/ID(10.2.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
Activity Objective
In this activity, you will connect and configure a customer site to the Internet. After completing this
activity, you will be able to meet these objectives:
Configure DHCP IPv4
Configure DHCP IPv6
Configure static routing for the Internet access
Configure NAT
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x PEx
NAT Gi0/0
Internet
Gi0/1
Corporate
Network
IPv4 and
Static route to Internet
IPv6 DHCP
Corporate
Network
Gi0/1 Internet
NAT Gi0/0
CEy Pod y PEy
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-12
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client that is installed on the PC
44 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ip dhcp excluded-address Specifies the IP addresses that the DHCP server should
low-address [high-address] not assign to DHCP clients
ip dhcp pool name Creates a name for the DHCP server address pool and
places you in DHCP pool configuration mode
ipv6 address ipv6- Specifies an IPv6 address that is assigned to the interface
prefix/prefix-length
ipv6 dhcp pool poolname Enables configured DHCP on interface
ipv6 dhcp server pool_name Associates the IPv6 DHCP pool with the interface
network network- Specifies the subnet network number and mask of the
number[mask|/prefix- DHCP address pool
length]
no shutdown Enables the router interface
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
show ip dhcp Displays a list of all bindings that are created on a specific
binding [address] DHCP server
show ip interface brief Displays the interface status and IPv4 addresses
configured
DHCP Parameters
Parameter Value
Activity Procedure
Complete these steps:
Step 1 On the CE router in your pod, assign an IPv4 address to the Gigabit Ethernet 0/1 interface
according to the following table, and enable the interface. Enable interface Fast Ethernet 0/1
and Fast Ethernet 0/2 on the shared switch.
Step 2 On the CE router in your pod, exclude the range of IPv4 addresses that will be omitted in the
DHCP pool, create a DHCP pool named “CE_pool” and enter the range of IP addresses that
will be provided to network hosts, set the IP default gateway, name server, and domain name
using information that is gathered from the DHCP Parameters table.
Step 3 On the CE router in your pod, enable IPv6 routing.
Step 4 On the CE router in your pod, create an IPv6 DHCP pool called “CE_IPv6”, set the domain
name and DNS server address that is found in the DHCP Parameters table.
Step 5 On the CE router in your pod, enable IPv6 and DHCP IPv6 on interface Gigabit Ethernet 0/1.
Additionally, assign an IPv6 address on that interface, as shown in the table, CE Router
Gigabit Ethernet 0/1 IP Addresses.
Activity Verification
You have completed this task when you attain these results:
On the CE router in your pod, verify interface status. Loopback0 and first and second Gigabit
Ethernet interfaces should be up with an IP address assigned:
CE1#show ip interface brief
Interface IP-Address OK? Method Status
Protocol
46 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
GigabitEthernet0/0 192.168.101.11 YES manual up
up
GigabitEthernet0/1 192.168.255.1 YES manual up
up
Loopback0 10.1.10.1 YES manual up
up
Verify configured DHCP pool information. Output should be similar to the following:
CE1#show ip dhcp pool CE_pool
Pool CE_pool :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range
Leased addresses
192.168.255.1 192.168.255.1 - 192.168.255.254 0
Verify DHCP configuration:
CE1#show running-config | section ipv6 dhcp
ipv6 dhcp pool CE_IPv6
dns-server 2001:DB8:0:ABCD::3
domain-name ciscolab.com
ipv6 dhcp server CE_IPv6
CE1#show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
ip address 192.168.255.1 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:DB8:0:ABCD::1/48
ipv6 enable
ipv6 dhcp server CE_IPv6
Activity Procedure
Complete these steps:
Step 1 On the CE router in your pod, Gigabit Ethernet 0/0 interface is used to access a simulated
Internet network. Configure the default static route to the Internet.
Activity Procedure
Complete these steps:
Step 1 Create a standard access list permitting network hosts from the 192.168.255.0/24 network.
Step 2 On the CE router in your pod, configure PAT so that network hosts from the 192.168.1.0/24
network will translate to the IP address of interface Gigabit Ethernet 0/0.
Step 3 Configure Gigabit Ethernet 0/1 as the inside interface and Gigabit Ethernet 0/0 as the outside
NAT interface.
Step 4 From the CE router in your pod, ping the PE router Gigabit Ethernet 0/0/0/0 interface using
the source IP address of Gigabit Ethernet 0/1 interface. The ping should be successful.
CE1#ping 192.168.101.10 source GigabitEthernet0/1
48 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain this result:
Verify the NAT translation. The output that shows the NAT translation should be similar to the
following:
CE1#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
icmp 192.168.101.11:3 192.168.255.1:3 192.168.101.10:3
192.168.101.10:3
CE2#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
icmp 192.168.102.21:3 192.168.255.1:3 192.168.102.20:3
192.168.102.20:3
Activity Objective
In this activity, you will configure a POS interface on the PE router. You will also implement and
troubleshoot PPP on the POS interface. After completing this activity, you will be able to meet these
objectives:
Configure a POS interface
Configure PPP on the POS interface
Troubleshoot PPP configuration
Visual Objective
The figure illustrates what you will accomplish in this activity.
Legend: Gi
Gi
Fa
OC3 POS
OC3 POS
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-13
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client that is installed on the PC
50 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
show ip interface brief Displays interface status and IPv4 addresses configured
Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XE Software), use the show controllers command to
verify what framing type POS interfaces are using. The default framing type should be
“SONET”:
PE2#show controllers pos 0/2/0 | include Framing
Framing: SONET
PE2#show controllers pos 0/2/1 | include Framing
Framing: SONET
Step 2 On your pod PE router (Cisco IOS XE Software), enable the POS interfaces and set the IP
address. The IP addresses can be found in the Job Aids.
Step 3 On your pod PE router (Cisco IOS XE Software), POS interfaces set a keepalive interval to 5
seconds.
Step 4 On your pod PE router (Cisco IOS XE Software), POS interfaces set the clock source for
both interfaces. The teams 1 and 3 (PE2 and PE6 routers) will set clock source to internal,
teams 2 and 4 (PE4 and PE8) will set clock source to line.
Step 5 On your pod PE router (Cisco IOS XE Software), POS interfaces set CRC to 32 bits.
Note Regarding the FCS length, with one exception, the 32-bit FCS must be used for all
SONET/SDH rates. For Synchronous Transport Signal (STS)-3c- Systems Process
Engineering (SPE)/VC-4 only, the 16-bit FCS may be used, although the 32-bit FCS is
recommended. The FCS length is set by provisioning and is not negotiated.
Activity Verification
You have completed this task when you attain these results:
On the PE router (Cisco IOS XE Software) in your pod, verify the interface status. The status of both
POS interfaces should be up and running with configured IP addresses.
PE2#show ip interface brief | include POS
POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
When you check controller status, the framing should be set to SONET, and clock source should be
set to internal or line:
PE2#show controllers pos 0/2/0 | include Framing|Clock source
Framing: SONET
Clock source: internal
PE2#show controllers pos 0/2/1 | include Framing|Clock source
Framing: SONET
Clock source: internal
52 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Framing: SONET
Clock source: line
PE4#show controllers pos 0/2/1 | include Framing|Clock source
Framing: SONET
Clock source: line
Verify POS interface encapsulation (HDLC), CRC (32 bits) and keepalive interval (5 seconds):
PE2#show int pos 0/2/0 | include line
protocol|Encapsulation|Keepalive
POS0/2/0 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Keepalive set (5 sec)
PE2#show int pos 0/2/1 | include line
protocol|Encapsulation|Keepalive
POS0/2/1 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Keepalive set (5 sec)
Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XE Software), POS interfaces set encapsulation to PPP.
Note If interfaces do not show up, wait while your partner team finishes configuration and then
check again.
Step 2 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 3 On your pod PE router (Cisco IOS XE Software), administratively disable the POS 0/2/0
interface and then enable it again.
Step 4 Observe debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:32:37.848: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:32:37.848: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:32:37.848: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:32:37.849: PPP: Alloc Context [7F5336CD3628]
*Sep 21 23:32:37.849: ppp3 PPP: Phase is ESTABLISHING
*Sep 21 23:32:37.849: PO0/2/0 PPP: Using default call direction
*Sep 21 23:32:37.849: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:32:37.849: PO0/2/0 PPP: Session handle[43000003] Session id[3]
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.849: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 14
*Sep 21 23:32:37.849: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.849: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
Note During this process, your POS interfaces will fall into the down state because one of the
sides is not temporarily configured for CHAP authentication. Wait while your partner team
finishes configuration and then proceed.
54 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 7 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 8 On your pod PE router (Cisco IOS XE Software), administratively disable the POS 0/2/0
interface and then enable it again.
Step 9 Observe the debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:44:26.755: PO0/2/0 PPP: Fast Starting
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing FastStart message
*Sep 21 23:44:26.755: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:44:26.755: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:44:26.756: PPP: Alloc Context [7F5336CD2DB8]
*Sep 21 23:44:26.756: ppp22 PPP: Phase is ESTABLISHING
*Sep 21 23:44:26.756: PO0/2/0 PPP: Using default call direction
*Sep 21 23:44:26.756: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:44:26.756: PO0/2/0 PPP: Session handle[98000018] Session id[22]
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFREQ [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFACK [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.776: PO0/2/0 PPP: Phase is AUTHENTICATING, by both
*Sep 21 23:44:26.776: PO0/2/0 CHAP: O CHALLENGE id 1 len 24 from "PE2"
*Sep 21 23:44:26.776: PO0/2/0 LCP: State is Open
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I CHALLENGE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP SENDAUTH Request
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I RESPONSE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP LOGIN Request
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received SENDAUTH Response PASS
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using hostname from configured hostname
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using password from AAA
Activity Verification
You have completed this task when you attain these results:
On your pod PE router (Cisco IOS XE Software), verify the POS interfaces status.
PE2#show ip interface brief | include POS
POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
On your pod PE router (Cisco IOS XE Software), verify the POS interfaces encapsulation, which
should be PPP:
PE2#show interface pos 0/2/0 | include Encapsulation
56 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Encapsulation PPP, LCP Open
PE2#show interface pos 0/2/1 | include Encapsulation
Encapsulation PPP, LCP Open
On your pod PE router (Cisco IOS XE Software), verify IP connectivity to the neighbor PE router
POS interface by using the ping command:
PE2#ping 192.168.211.40
PE4#ping 192.168.211.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.211.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PE4#ping 192.168.212.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.212.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Activity Objective
In this lab activity, you will discover neighboring devices using Cisco Discovery Protocol and configure
host logging. In the second part of the lab activity, you will use NTP to acquire the correct time on
devices using NTP, and configure IP SLA.
After completing this activity, you will be able to meet these objectives:
Configure and verify Cisco Discovery Protocol
Configure logging
Configure and verify NTP
Configure and verify IP SLA
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x SWx PEx
CDP
NTP client CDP NTP server
Configure IP SLA
Configure host logging
CDP
SWxy
CDP
NTP client CDP NTP server
CEy Pod y SWy PEy
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
58 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
show ipsla statistics Displays operational data and latest statistics for the
operation_number IP SLA operation
Activity Procedure
Complete these steps on the pod switch:
Step 1 On the pod switch and shared team switch, enable Cisco Discovery Protocol globally.
Note Remember that on Cisco ME switches, Cisco Discovery Protocol is enabled by default only
on NNI ports. Ports Fast Ethernet 0/2, Fast Ethernet 0/21, Fast Ethernet 0/22, Fast Ethernet
0/23 on your pod switch should be configured as NNI ports.
Step 2 On the pod PE router, enable Cisco Discovery Protocol globally and on the first Gigabit
Ethernet interface.
60 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
Verify neighbors of your pod switch:
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Version :
Cisco IOS XR Software, Version 4.1.0[Default]
Copyright (c) 2011 by Cisco Systems, Inc.
advertisement version: 2
Duplex: full
Management address(es):
Activity Procedure
Complete these steps:
Step 1 On the pod PE router, configure logging. Messages with all severities should be logged,
including debugging severity.
Step 2 On the pod PE router, configure logging to the logging buffer. Messages with all severities
but debugging should be logged.
Activity Verification
You have completed this task when you attain these results:
On the pod PE router, clear the content of the logging buffer.
RP/0/RSP0/CPU0:PE1#clear logging
Fri Jul 7 14:52:59.185 UTC
Clear logging buffer [confirm] [y/n] :y
RP/0/RSP0/CPU0:PE1#
PE2#clear logging
Clear logging buffer [confirm] < Enter >
PE2#
On the pod PE router, verify that you received the same messages to the logging buffer:
RP/0/RSP0/CPU0:PE1#show logging
Fri Jul 7 15:05:47.791 UTC
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 91 messages logged
Monitor logging: level debugging, 0 messages logged
Trap logging: level informational, 0 messages logged
Buffer logging: level informational, 11 messages logged
62 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Down
RP/0/RSP0/CPU0:Jul 7 14:58:21.507 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000270' to view the changes.
LC/0/0/CPU0:Jul 7 14:58:39.714 : ifmgr[189]: %PKT_INFRA-LINK-3-UPDOWN :
Interface GigabitEthernet0/0/0/1, changed state to Up
LC/0/0/CPU0:Jul 7 14:58:39.715 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Up
RP/0/RSP0/CPU0:Jul 7 15:05:43.689 : config[65728]: %MGBL-SYS-5-CONFIG_I :
Configured from console by root
PE2#show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
Activity Procedure
Complete these steps:
Step 1 Make the pod PE router as the authoritative stratum 1 NTP server and disable all NTP
services on the second Gigabit Ethernet interface.
Step 2 Enable the pod CE router to synchronize the clock to the NTP server.
Verify that the pod CE router clock is synchronized with the clock of the pod PE router.
CE1#show ntp associations
Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XR Software), use the IP SLA ICMP echo operation
number 432 to monitor IP connections to your pod CE router. IP SLA ICMP echo probes
should be sent every 30 seconds, starting now.
Note Wait for a few minutes and verify operational data and the latest statistics for the IP SLA
operation 432.
Activity Verification
You have completed this task when you attain these results:
Verify connectivity from the pod PE router (Cisco IOS XR Software) to the pod CE router.
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On the pod PE router (Cisco IOS XR Software), verify operational data and the latest statistics for
the IP SLA operation 432:
RP/0/RSP0/CPU0:PE1#show ipsla statistics 432
Entry number: 432
Modification time: 17:17:13.246 UTC Fri Jul 07 2000
Start time : 17:17:13.250 UTC Fri Jul 07 2000
Number of operations attempted: 3
Number of operations skipped : 0
Current seconds left in Life : Forever
Operational state of entry : Active
64 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Connection loss occurred : FALSE
Timeout occurred : FALSE
Latest RTT (milliseconds) : 1
Latest operation start time : 17:18:13.457 UTC Fri Jul 07 2000
Latest operation return code : OK
RTT Values:
RTTAvg : 1 RTTMin: 1 RTTMax : 1
NumOfRTT: 1 RTTSum: 1 RTTSum2: 1
Note Use the Cisco IOS XR no ipsla schedule operation 432 and commit commands to clear
IP SLA operation 432.
Activity Objective
In this lab activity, you will configure AAA authentication to authenticate the Telnet sessions to the
router using the local username database.
After completing this activity, you will be able to meet this objective:
Configure and verify AAA authentication to authenticate the Telnet sessions to the router using the
local database
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x PEx
AAA
Telnet
Pod y
AAA
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-15
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
66 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
telnet {ipv4 | ipv6} server Enables Telnet services on a networking device and
max-servers limit sets number of allowable Telnet sessions
transport input { all | none | Defines the transport protocols that can be used to
ssh | telnet } access the router in the appropriate line
configuration mode
Activity Procedure
Complete these steps on the pod PE router running Cisco IOS XR Software:
Step 1 On your pod PE router (Cisco IOS XR Software), enable Telnet services and set the number
of allowable Telnet sessions to 10.
Step 2 On your pod PE router (Cisco IOS XR Software), create a username “user” with password
“user” in local database and put the user in the sysadmin group.
Step 3 On your pod PE router (Cisco IOS XR Software), configure an authentication method list.
Name the method list “vty-authen,” which should use the local username database method
for vty (Telnet) authentication.
Step 4 On your pod PE router (Cisco IOS XR Software), configure a line user-defined template,
named Template, which allows only inbound Telnet connections for vty lines 5 to 50.
Step 5 On your pod PE router (Cisco IOS XR Software), apply the authentication method vty-
authen to line template Template.
Complete these steps on the pod PE router running Cisco IOS XE software:
Step 6 On the pod PE router (Cisco IOS XE Software), enable the AAA access control model.
Step 7 On the pod PE router (Cisco IOS XE Software), create a username “user” with the password
“user” in the local database.
Step 8 On the pod PE router (Cisco IOS XE Software), configure the authentication method list.
Name the method list vty-authen, which should use the local username database method for
vty (Telnet) authentication.
Step 9 On the pod PE router (Cisco IOS XE Software), apply the authentication method vty-authen
to vty lines from 0 to 4.
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, use Telnet to connect to your pod PE router. Log in using the username that
you created in the local database of the pod PE router:
CE1# telnet 192.168.101.10
Trying 192.168.101.10 ... Open
68 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Username: user
Password: <user>
RP/0/RSP0/CPU0:PE1#
CE2#telnet 192.168.102.20
Trying 192.168.102.20 ... Open
Username: user
Password: <user>
PE2>
On the pod PE router, verify that a user with the username “user” is logged in:
PE1 (Cisco IOS XR)
RP/0/RSP0/CPU0:PE1#show users
Fri Jul 7 18:05:17.648 UTC
Line User Service Conns Idle Location
aux0/RSP0/CPU0 hardware 0 1d08h
* con0/RSP0/CPU0 root hardware 0 00:00:00
vty0 user telnet 0 00:01:57
192.168.101.11
PE2 (Cisco IOS XE)
PE2#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user idle 00:01:07 192.168.102.21
50 192.168.4.128/26 62 192.168.4.191
40 192.168.4.192/26 62 192.168.4.255
20 192.168.5.0/27 30 192.168.5.31
Parameter Value
Hostname SW1
70 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Proceed with reload? [confirm] <Enter>
< text omitted >
Would you like to enter the initial configuration dialog? [yes/no]:no
Step 3 Basic configuration entered on the SW1 switch.
Switch>enable
Switch#configure terminal
Switch(config)#hostname SW1
SW1(config)#enable password cisco
SW1(config)#line con 0
SW1(config-line)#exec-timeout 0
SW1(config-line)#logging synchronous
SW1(config)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#end
SW1#copy running-config startup-config
Step 4 Configuring MOTD banner.
SW1(config)# banner motd # Access for authorized users only. Please enter your
username and password. #
Step 5 Configuring duplex and speed settings on inter-switch links.
SW1(config)#interface range FastEthernet 0/21 - 24
SW1(config-if)#duplex full
SW1(config-if)#speed 100
SW1(config-if)#no shutdown
Step 7 Configuring duplex and speed settings on pod router links connecting to your pod switch.
CE1(config)#interface GigabitEthernet0/0
CE1(config-if)#duplex full
CE1(config-if)#speed 100
CE2(config)#interface GigabitEthernet0/0
CE2(config-if)#duplex full
CE2(config-if)#speed 100
PE2(config)#interface GigabitEthernet0/0/0
PE2(config-if)#no negotiation auto
Step 8 Shut down interface Fast Ethernet 0/24 on SW1 and SW2 switches connecting to shared
SW12 switch.
SW1(config)#interface FastEthernet 0/24
SW1(config-if)#shutdown
Step 9 Change the port type of interfaces Gigabit Ethernet 0/1 and Gigabit Ethernet 0/2 to UNI.
SW1(config)#interface range GigabitEthernet 0/1 - 2
SW1(config-if)#port-type uni
Step 10 Change the port type of interface Fast Ethernet 0/2 to NNI on SW1 and SW2 switches.
SW1(config)#interface FastEthernet 0/2
SW1(config-if)#port-type nni
SW2(config)#interface vlan 1
SW2(config-if)#ip address 10.111.111.2 255.255.255.0
SW2(config-if)#no shutdown
SW12(config)#interface vlan 1
SW12(config-if)#ip address 10.111.111.3 255.255.255.0
SW12(config-if)#no shutdown
Step 3 Generate RSA key pair on the pod switch, which automatically enables SSH:
SW1(config)#crypto key generate rsa
72 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
The name for the keys will be: SW1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
*Mar 1 01:27:03.250: RSA key size needs to be atleast 768 bits for ssh
version 2
*Mar 1 01:27:03.258: %SSH-5-ENABLED: SSH 1.5 has been enabled
Step 5 On the vty lines, select the local password checking from local database:
SW1(config)#line vty 0 15
SW1(config-line)#login local
Step 2 On SW1 switch convert learned MAC address to sticky secure MAC address:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security mac-address sticky
Step 3 On SW1 switch define “shutdown” as action which interface will take if a nonallowed MAC
address attempts access interface FastEthernet 0/1:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security violation shutdown
Step 4 On SW1, SW2 and SW12 switches save configuration.
SW1# copy running-config startup-config
Destination filename [startup-config]? <Enter>
Building configuration...
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW1#
Hostname CE1
CE1#reload
74 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 4 Interface configuration entered on the CE1 router.
interface loopback 0
ip address 10.1.10.1 255.255.255.255
exit
interface gigabitethernet 0/0
ip address 192.168.101.11 255.255.255.0
no shutdown
Step 5 Values gathered from the running configuration on PE1 router running Cisco IOS XR
Software.
Hostname PE1
Step 6 Clearing PE1 (Cisco IOS XR) router configuration and reload.
RP/0/RSP0/CPU0:PE1#configure terminal
RP/0/RSP0/CPU0:PE1(config)#commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: yes
RP/0/RSP0/CPU0:ios(config)#end
RP/0/RSP0/CPU0:ios#reload
Standby card not present or not Ready for failover. Proceed?[confirm] <Enter>
Preparing system for backup. This may take a few minutes especially for large
configurations.
Status report: node0_RSP0_CPU0: START TO BACKUP
Status report: node0_RSP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
Proceed with reload? [confirm] <Enter>
Hostname PE2
Step 9 Clearing PE2 (Cisco IOS XE) router configuration and reload.
PE2#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm] <Enter>
[OK]
Erase of nvram: complete
PE2#reload
76 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Task 2: Basic EIGRP Configuration
During this task you need to enter the following commands:
Step 1 Configuration entered on the CE1, CE2, PE1 and PE2 routers:
Configuration entered on CE1 router:
router eigrp 1
network 192.168.101.0
network 10.1.10.0 0.0.0.255
Configuration entered on PE1 router:
router eigrp 1
address-family ipv4
interface loopback 0
exit
interface gigabitethernet 0/0/0/0
commit
78 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
PE2 router:
interface pos 0/2/0
ip address 192.168.211.20 255.255.255.0
no shutdown
interface pos 0/2/1
ip address 192.168.212.20 255.255.255.0
no shutdown
PE4 router:
interface pos 0/2/0
ip address 192.168.211.40 255.255.255.0
no shutdown
interface pos 0/2/1
ip address 192.168.212.40 255.255.255.0
no shutdown
Step 2 Set keepalive interval to 5 seconds:
PE2 and PE4 routers:
interface pos 0/2/0
keepalive 5
interface pos 0/2/1
keepalive 5
80 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lab 5-1 Answer Key: Configure Network Management Tools
When you complete this lab activity, device configuration and device outputs will be similar to the
results shown here, with differences that are specific to your pod.
82 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Step 4 Configure a line user-defined template.
PE1 (Cisco IOS XR):
line template Template
transport input telnet
!
vty-pool my-pool 5 50 line-template Template
!
commit
Step 5 Apply authentication method to line template.
PE1 (Cisco IOS XR):
line template Template
login authentication vty-authen
!
commit
Step 6 Enable the AAA model.
PE2 (Cisco IOS XE):
aaa new-model
Step 7 Create user in local database:
PE2 (Cisco IOS XE):
username user password user
Step 8 Configure authentication method list.
PE2 (Cisco IOS XE):
aaa authentication login vty-authen local
Step 9 Apply authentication method to vty lines.
PE2 (Cisco IOS XE):
line vty 0 4
login authentication vty-authen
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-4
84 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1
Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1
Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-5
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1xy.0/24
192.168.1.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-6
86 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23
CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8
Team 3 Team 4
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.01—LG-7