Solution Lab 40
advertisement
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Network Learning R&S WB Volume 7 Lab 40 Solutions Initial Configurations We recommend that you start all configurations from scratch, but you can use the pre-configuration files to apply proper IP addresses and to name the routers. 1. - Switching. Catalyst Switch Port Assignment Device Sw – Port Number VLAN R1 Fa0/0 1-–0/1 173 R2 Fa0/0 1-–0/2 248 R4 Fa0/0 1-–0/4 248 R4 Fa0/1 2--0/4 12 R5 Fa0/0 1-–0/5 569 R6 Fa0/0 1-–0/6 569 BB1 F0/0 BB2 F0/0 2-–0/9 1–-0/10 811 12 BB3 e0/0 1—0/11 13 A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Set the VTP domain name to ‘CISCO’. This step is straightforward. We are going to name our vtp domain to Cisco In Sw1, this information should be propagated via the trunk ports one they are configured. Sw1(config)#vtp domain CISCO Changing VTP domain name from NULL to CISCO Configure all the VLANs on Sw1 using the VLAN numbers as shown on the table above. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 1/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Sw1(config)#vlan 173 Sw1(config-vlan)#exit Sw1(config)#vlan 248 Sw1(config-vlan)#exit Sw1(config)#vlan 12 Sw1(config-vlan)#exit Sw1(config)#vlan 569 Sw1(config-vlan)#exit Sw1(config)#vlan 811 Sw1(config-vlan)#exit Sw1(config)#vlan 13 Sw1(config-vlan)#exit We take also the opportunity to configure all ports in Sw1 and Sw2 as well Sw1#conf ter Enter configuration commands, one per line. Sw1(config)#int f0/1 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled End with CNTL/Z. Sw1(config-if)#sw a vlan 173 Sw1(config-if)#exit Sw1(config)#int f0/2 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 248 Sw1(config-if)#exit Sw1(config)#int f0/3 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 173 Sw1(config)#int f0/4 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 248 Sw1(config-if)#exit Sw1(config)#int f0/5 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 569 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 2/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Sw1(config-if)#exit Sw1(config)#int f0/6 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 569 Sw1(config-if)#exit Sw1(config)#int f0/10 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 12 Sw1(config-if)#exit Sw1(config)#int f0/11 Sw1(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw1(config-if)#sw a vlan 13 Sw1(config-if)#exit Sw1(config)#^Z Sw1# 10:40:39: %SYS-5-CONFIG_I: Configured from console by console Sw1# Sw2# Sw2#conf ter Enter configuration commands, one per line. Sw2(config)#int f0/4 Sw2(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled End with CNTL/Z. Sw2(config-if)#sw a vlan 12 Sw2(config-if)#exit Sw2(config)#int f0/9 Sw2(config-if)#sw host switchport mode will be set to access spanning-tree portfast will be enabled channel group will be disabled Sw2(config-if)#sw a vlan 811 Sw2(config-if)#exit Sw2(config)#^Z Sw1 and Sw2 are connected to each other by ports 0/19 and 0/22. Bundle these ports together as an ISL trunk There are second is that VLAN configure three steps here. The first is to bundle the ports together, the to configure the bundle as an ISL trunk, and the third is to verify information has successfully propagated to all the other switches. To the Fast Etherchannel bundle, we configure the ports with a port- Copyright © 2007 www.ccbootcamp.com Lab 40 Page 3/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. channel. Since the configuration will be the same on both ports, we will use an interface range to minimize the chances of a typing error. Sw1(config)#int range f0/19 - 22 Sw1(config-if-range)#sw tr en isl Sw1(config-if-range)#sw mo tr Sw1(config-if-range)#sw no Sw1(config-if-range)#channel-group 1 mode desirable Sw2(config)#int range f0/19 - 20 Sw2(config-if-range)#sw tr en isl Sw2(config-if-range)#sw mo tr Sw2(config-if-range)#sw no Sw2(config-if-range)#channel-group 1 mode desirable Sw1(config-if-range)#do show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/23, Fa0/24 Gi0/1, Gi0/2 12 VLAN0012 active 13 VLAN0013 active 173 VLAN0173 active 248 VLAN0248 active 569 VLAN0569 active 811 VLAN0811 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----1 enet 100001 1500 0 0 VLAN ---12 13 173 248 569 811 1002 1003 1004 1005 Type ----enet enet enet enet enet enet fddi tr fdnet trnet SAID ---------100012 100013 100173 100248 100569 100811 101002 101003 101004 101005 MTU ----1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 Parent ------ RingNo ------ BridgeNo -------- Stp ---ieee ibm BrdgMode -------- Trans1 -----0 0 0 0 0 0 0 0 0 0 Trans2 -----0 0 0 0 0 0 0 0 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Copyright © 2007 www.ccbootcamp.com Lab 40 Page 4/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Sw1(config-if-range)#do show vtp status VTP Version : 2 Configuration Revision : 6 Maximum VLANs supported locally : 1005 Number of existing VLANs : 11 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD4 0x13 0x9D 0x8A 0x29 0x22 0xE4 0x79 Configuration last modified by 120.120.7.7 at 3-2-93 01:08:39 Local updater ID is 192.168.173.7 on interface Vl173 (lowest numbered VLAN interface found) Sw1(config-if-range)# Sw1(config-if-range)#do show ether summ Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------1 Po1(SU) PAgP Fa0/19(P) Fa0/20(P) Sw1(config-if-range)# Sw1 and Sw3 are connected to each other by ports 0/21 and 0/22. Bundle these ports together as a dot1q trunk. Sw1(config-if-range)#int range f0/21 - 22 Sw1(config-if-range)#sw tr en do Sw1(config-if-range)#sw mo tr Sw1(config-if-range)#sw no Sw1(config-if-range)# channel-group 2 mode desirable Sw1(config-if-range)# Sw3#conf ter Enter configuration commands, one per line. Sw3(config)#int range f0/21 - 22 Copyright © 2007 www.ccbootcamp.com End with CNTL/Z. Lab 40 Page 5/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Sw3(config-if-range)#sw tr en dot Sw3(config-if-range)#sw mo tr Sw3(config-if-range)#sw no Sw3(config-if-range)#channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 Sw3(config-if-range)#do show ether summ Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------2 Po2(SU) PAgP Fa0/21(P) Fa0/22(P) Sw3(config-if-range)# Sw2 and Sw4 are connected to each other by ports 0/21 and 0/22. Bundle these ports together as a dot1q trunk. Sw2#conf ter Enter configuration commands, one per line. End with CNTL/Z. Sw2(config)#int range f0/21 - 22 Sw2(config-if-range)#sw tr en do Sw2(config-if-range)#sw mo tr Sw2(config-if-range)#sw no Sw2(config-if-range)#channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 Sw4#conf ter Enter configuration commands, one per line. End with CNTL/Z. Sw4(config)#int range f0/21 - 22 Sw4(config-if-range)#sw tr en dot Sw4(config-if-range)#sw mo tr Sw4(config-if-range)#sw no Sw4(config-if-range)#channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 6/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Sw4(config-if-range)#do show ether summ Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------2 Po2(SU) PAgP Fa0/21(P) Fa0/22(P) Sw3 and Sw4 are connected to each other by ports 0/19 and 0/20. Bundle these ports together as an ISL trunk. Sw3# Sw3#conf ter Enter configuration commands, one per line. End with CNTL/Z. Sw3(config)#int range f0/19 - 20 Sw3(config-if-range)#sw tr en isl Sw3(config-if-range)#sw mo tr Sw3(config-if-range)#sw no Sw3(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 Sw4#conf ter Enter configuration commands, one per line. End with CNTL/Z. Sw4(config)#int range f0/19 - 20 Sw4(config-if-range)#sw tr en isl Sw4(config-if-range)#sw mo tr Sw4(config-if-range)#sw no Sw4(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 7/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Sw4(config-if-range)#do show ether summ Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------------1 Po1(SU) PAgP Fa0/19(P) Fa0/20(P) 2 Po2(SU) PAgP Fa0/21(P) Fa0/22(P) Sw4(config-if-range)# Good practice is to verify that all vlans are propagated across the VTP domain Sw4#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/23, Fa0/24 Gi0/1, Gi0/2 12 VLAN0012 active 13 VLAN0013 active 173 VLAN0173 active 248 VLAN0248 active 569 VLAN0569 active 811 VLAN0811 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----1 enet 100001 1500 0 0 VLAN ---12 13 173 248 569 811 1002 1003 1004 1005 Type ----enet enet enet enet enet enet fddi tr fdnet trnet SAID ---------100012 100013 100173 100248 100569 100811 101002 101003 101004 101005 Copyright © 2007 www.ccbootcamp.com MTU ----1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 Parent ------ RingNo ------ BridgeNo -------- Stp ---ieee ibm BrdgMode -------srb - Trans1 -----0 0 0 0 0 0 0 0 0 0 Trans2 -----0 0 0 0 0 0 0 0 0 0 Lab 40 Page 8/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Remote SPAN VLANs -----------------------------------------------------------------------------Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Sw2#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/23, Fa0/24, Gi0/1, Gi0/2 12 VLAN0012 active 13 VLAN0013 active 173 VLAN0173 active 248 VLAN0248 active 569 VLAN0569 active 811 VLAN0811 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN ---1 12 Type ----enet enet SAID ---------100001 100012 MTU ----1500 1500 Parent ------ RingNo ------ BridgeNo -------- Stp ---- BrdgMode -------- Trans1 -----0 0 Trans2 -----0 0 VLAN ---13 173 248 569 811 1002 1003 1004 1005 Type ----enet enet enet enet enet fddi tr fdnet trnet SAID ---------100013 100173 100248 100569 100811 101002 101003 101004 101005 MTU ----1500 1500 1500 1500 1500 1500 1500 1500 1500 Parent ------ RingNo ------ BridgeNo -------- Stp ---ieee ibm BrdgMode -------srb - Trans1 -----0 0 0 0 0 0 0 0 0 Trans2 -----0 0 0 0 0 0 0 0 0 Remote SPAN VLANs -----------------------------------------------------------------------------Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------Sw3#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 9/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/23, Fa0/24 Gi0/1, Gi0/2 12 13 173 248 569 811 1002 1003 1004 1005 VLAN0012 VLAN0013 VLAN0173 VLAN0248 VLAN0569 VLAN0811 fddi-default token-ring-default fddinet-default trnet-default active active active active active active act/unsup act/unsup act/unsup act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----1 enet 100001 1500 0 0 Configure all the switches so that its TCAM is utilized for VLANS. TCAM adjustment is made by specifying a SDM template. There are five templates available: default, access, VLAN, routing and routing extended-match. The TCAM (Ternary Content Addressable Memory) holds L2 and L3 switching information and is used for forwarding lookups. The various templates define memory allocation for each area (QoS ACE, Security ACE, Unicast MAC, VLANs, IGMP Groups, Unicast Routes, Multicast Routes, SVI). The VLAN template does not allocate space for multicast or unicast routes, and will prevent you from configuring ANY routing on the 3550. The current template can be viewed with the command ‘show sdm prefer’, and the profile can be changed with the configuration command ‘sdm prefer ’. Changing the profile will require a reload. In all devices we should configure this: sdm prefer VLAN it would generate an output similar to: Changes to the running SDM preferences have been stored, but cannot take effect until the next reload. Use 'show sdm prefer' to see what SDM preference is currently active. NOTE: Use caution with 'sdm prefer VLAN', as any current Layer3 configuration data will not be saved after a reload. So we must reload the devices in order to have the TCAM working for VLANs A IP Phone will be connected to port f0/15 on Sw4 and Sw3, you have been informed that the phone will be sending VoIP traffic with a 802.1P priority tag, Use the default VLAN for all other non VoIP traffic sent out this interface. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 10/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. On Sw4 and Sw3 interface FastEthernet0/15 switchport voice vlan dot1p The packets from PCs are untagged, but the packets from the IP phone can be either tagged or untagged. The packets from the IP phone are tagged in three different ways, 1. "switchport voice vlan <id>". This is the most common setting, the IP phone is asked by CDP to send the packets tagged by the VLAN <id> to distinguish from PC packets. 2. "switchport voice vlan dot1p (NOT dot1q). This is a tagged packets with VLAN ID = 0. 3. "switchport voice vlan untagged". Although it is stated as untagged, the packets is actually tagged with VLAN ID = 1025". 2. - Frame-relay and Point to Point Links Connect R1, R3, R5, and R4 over the frame-relay. No frame-relay subinterfaces are allowed on router R3. Do not rely on frame relay inverse ARP. Since R4 has one frame interface with two separate networks, it will need two subinterfaces. For the subinterface connecting R4 to R3 and R1, we will use a multipoint subinterface. For the subinterface connecting to R5, we will use a point to point subinterface. R1 and R3 will be configured as a physical interface. As for R5, it will need to be a point to point subinterface, because we chose a point to point subinterface for R4. This is due to the RIP neighbor relationship between R4 and R5. RIP will not form a neighbor relationship between mismatched network types. Remember to use the broadcast keyword on your frame map statements. Use map statements with multipoint or physical interfaces, use interface-dlci with point to point subinterfaces. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 11/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R4#conf ter Enter configuration commands, one per line. R4(config)#default int s0/0/0 Building configuration... End with CNTL/Z. Interface Serial0/0/0 set to default configuration R4(config)#int s0/0/0 R4(config-if)#encap frame-relay R4(config-if)#no frame-relay inverse-arp R4(config-if)#exit R4(config)#int s0/0/0.134 mu R4(config-subif)#ip add 192.168.134.4 255.255.255.0 R4(config-subif)#frame-relay map ip 192.168.134.1 401 b R4(config-subif)#frame-relay map ip 192.168.134.3 403 b R4(config-subif)#exit R4(config)#int s0/0/0.45 point R4(config-subif)#ip add 192.168.45.4 255.255.255.0 R4(config-subif)#frame-relay interface-dlci 405 R3#conf ter Enter configuration commands, one per line. R3(config)#default int s0/0/0 Building configuration... End with CNTL/Z. Interface Serial0/0/0 set to default configuration R3(config)#int s0/0/0 R3(config-if)#encap frame-relay R3(config-if)#ip add 192.168.134.3 255.255.255.0 R3(config-if)#frame-relay map ip 192.168.134.4 304 b R3(config-if)#frame-relay map ip 192.168.134.1 304 R3(config-if)#no frame-relay inverse R3(config-if)#no sh R3(config-if)#exit R3(config)# R1#conf ter Enter configuration commands, one per line. R1(config)#default int s0/0/0 Building configuration... End with CNTL/Z. Interface Serial0/0/0 set to default configuration R1(config)#int s0/0/0 R1(config-if)#ip add 192.168.134.1 255.255.255.0 R1(config-if)#encap frame-relay R1(config-if)#frame-relay map ip 192.168.134.4 104 b R1(config-if)#frame-relay map ip 192.168.134.3 104 R1(config-if)#no frame-relay inverse R1(config-if)#no sh Copyright © 2007 www.ccbootcamp.com Lab 40 Page 12/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R5(config)#int s0/0/0 R5(config-if)#encap frame-relay R5(config-if)#no frame-relay inverse R5(config-if)#exit R5(config)#int s0/0/0.45 point R5(config-subif)#ip add 192.168.45.5 255.255.255.0 R5(config-subif)#frame-relay interface-dlci 504 R5(config-fr-dlci)#exit R5(config-subif)#int s0/0/0 R5(config-if)#no sh Verification: R4#show frame-relay map Serial0/0/0.134 (up): ip 192.168.134.1 dlci 401(0x191,0x6410), static, broadcast, CISCO, status defined, active Serial0/0/0.134 (up): ip 192.168.134.3 dlci 403(0x193,0x6430), static, broadcast, CISCO, status defined, active Serial0/0/0.45 (up): point-to-point dlci, dlci 405(0x195,0x6450), broadcast status defined, active R1, R2 s0/0/1 are preconfigured with a /31 address space. In /31, we would have only 2 IP addresses for the Host portion of it. But we always need 1 IP address for identifying the network, and another IP address for identifying the broadcast address for that particular subnet. They are the all-0´s and all-1´s in the host portion of the IP address. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft31a ddr.htm#wp1030943 Configure the Point to Point Link between R5 and R6 using PPP as the encapsulation protocol; R5 should supply R6’s Serial interface s0/0/1 with the IP address 192.168.56.6. R6#conf ter Enter configuration commands, one per line. R6(config)#int s0/0/1 R6(config-if)#ip address negotiated R6(config-if)#encapsulation ppp R6(config-if)# End with CNTL/Z. R5#conf ter Enter configuration commands, one per line. End with CNTL/Z. R5(config)#int s0/0/1 R5(config-if)#encap ppp R5(config-if)#ip add 192.168.56.5 255.255.255.0 R5(config-if)#peer default ip address 192.168.56.6 R5(config-if)#exit Copyright © 2007 www.ccbootcamp.com Lab 40 Page 13/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Debug ppp negociation in R5 is a good tool to verify any problem Note: it is recommended to test reachability in every single segment; before you continue your lab into the IGP Part. 3. - Interior Gateway routing protocol. Configure OSPF Area 0 on R1, R3, and R4 (per diagram). Include R1 and R3’s Loopback interface in OSPF Area 0. R1(config)#do show ip int brief | ex una Interface IP-Address OK? Method Protocol FastEthernet0/0 192.168.173.1 YES NVRAM Serial0/0/0 192.168.134.1 YES manual Serial0/0/1 192.168.12.1 YES NVRAM Loopback0 110.110.1.1 YES NVRAM R1(config)#router ospf 1 R1(config-router)#router-id 110.110.1.1 R1(config-router)#net 110.110.1.1 0.0.0.0 a 0 R1(config-router)#net 192.168.134.1 0.0.0.0 a 0 R1(config-router)#int s0/0/0 R1(config-if)#ip ospf prio 0 Status up up up up up up up up R3#conf ter Enter configuration commands, one per line. End with CNTL/Z. R3(config)#router ospf 1 R3(config-router)#router-id 110.110.3.3 R3(config-router)#net 110.110.3.3 0.0.0.0 a 0 R3(config-router)#net 192.168.134.3 0.0.0.0 a 0 R3(config-router)#int s0/0/0 R3(config-if)#ip ospf prio 0 R4#conf ter Enter configuration commands, one per line. End with CNTL/Z. R4(config)#router ospf 1 R4(config-router)#router-id 110.110.4.4 R4(config-router)#net 192.168.134.4 0.0.0.0 a 0 R4(config-router)#neigh 192.168.134.1 R4(config-router)#neigh 192.168.134.3 Verification: R4(config-router)#do show ip ospf neigh Neighbor ID Pri State 110.110.1.1 0 FULL/DROTHER Serial0/0/0.134 110.110.3.3 0 FULL/DROTHER Serial0/0/0.134 R4(config-router)#do show ip ospf int Copyright © 2007 www.ccbootcamp.com Dead Time 00:01:49 Address 192.168.134.1 00:01:34 192.168.134.3 Interface brief Lab 40 Page 14/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Interface PID Area IP Address/Mask Cost State Nbrs F/C Se0/0/0.134 1 0 192.168.134.4/24 64 DR 2/2 R4(config-router)#do show ip ospf int Serial0/0/0.134 is up, line protocol is up Internet Address 192.168.134.4/24, Area 0 Process ID 1, Router ID 110.110.4.4, Network Type NON_BROADCAST, Cost: 64 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 110.110.4.4, Interface address 192.168.134.4 No backup designated router on this network Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 oob-resync timeout 120 Hello due in 00:00:20 Supports Link-local Signaling (LLS) Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 2, Adjacent neighbor count is 2 Adjacent with neighbor 110.110.1.1 Adjacent with neighbor 110.110.3.3 Suppress hello for 0 neighbor(s) Designated Routers DR are elected to reduce ADJACANCIES. election facter is RID. the router with highest RID will become DR and runner up router will become BDR. (backup Designated Router) The [priority] option lets you specify a priority value for DR/BDR election, since again, that process uses broadcast but we are using a NBMA network. Make sure the [priority] option matches the set values on the respective routers. http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapt er09186a00800b3f2e.html Because there might be many routers attached to an OSPF network, a designated router is It is necessary to use special configuration parameters in the designated router selection if broadcast capability is not configured. These parameters need only be configured in those devices that are themselves eligible to become the designated router or backup designated router (in other words, routers with a nonzero router priority value). To configure routers that interconnect to nonbroadcast following command in router configuration mode: networks, Command Purpose neighbor ip-address [priority number] [poll-interval seconds] Configure a router interconnecting to nonbroadcast networks. use the You can specify the following neighbor parameters, as required: Priority for a neighboring router Nonbroadcast poll interval Interface through which the neighbor is reachable Copyright © 2007 www.ccbootcamp.com Lab 40 Page 15/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. On point-to-multipoint, nonbroadcast networks, you now use the neighbor command to identify neighbors. Assigning a cost to a neighbor is optional. Prior to Release 12.0, some customers were using point-to-multipoint on nonbroadcast media (such as classic IP over ATM), so their routers could not dynamically discover their neighbors. This feature allows the neighbor command to be used on point-to-multipoint interfaces. On any point-to-multipoint interface (broadcast or not), the Cisco IOS software assumed the cost to each neighbor was equal. The cost was configured with the ip ospf cost command. In reality, the bandwidth to each neighbor is different, so the cost should be different. With this feature, you can configure a separate cost to each neighbor. This feature applies to point-to-multipoint interfaces only. OSPF Frame-relay point-to-point networks: No DR/BDR :: Only: 224.0.0.5 OSPF Frame-relay broadcast networks: DR/BDR :: Hellos: 224.0.0.5 DR/BDR listens to 224.0.0.6 & broadcast on 0.5 OSPF Frame-relay NBMA networks: DR/BDR :: No multicasts :: Neighbors statically defined the Hub should be the DR OSPF Frame-relay point-to-multipoint networks: No DR/BDR :: IP OSPF network point-to-multipoint :: Hellos: 224.0.0.5 [broadcasts] Configure OSPF Area 12 on the serial between R1 and R2. Include R2’s Loopback interface in OSPF Area 20. R2#conf te Enter configuration commands, one per line. End with CNTL/Z. R2(config)#router ospf 1 R2(config-router)#router-id 110.110.2.2 R2(config-router)#net 192.168.12.0 0.0.0.0 a 12 R2(config-router)#net 110.110.2.2 0.0.0.0 a 20 R2(config-router)# *Jun 28 15:09:00.504: %OSPF-5-ADJCHG: Process 1, Nbr 110.110.1.1 on Serial0/0/1 from LOADING to FULL, Loading Done R2(config-router)#area 12 virtual 110.110.1.1 R2(config-router)# R1(config)#router ospf 1 R1(config-router)#area 12 virtual 110.110.2.2 All areas in an OSPF autonomous system must be physically connected to the backbone area (area 0). In some cases where this physical connection is not possible, you can use a virtual link to connect to the backbone through a nonbackbone area. As mentioned above, you can also use virtual links to connect two parts of a partitioned backbone through a non-backbone area. The area through which you configure the virtual link, known as a transit area, must have full routing information. The transit area cannot be a stub area. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 16/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. OSPF_VL0 is up, line protocol is up Internet Address 192.168.12.1/31, Area 0 Process ID 1, Router ID 110.110.1.1, Network Type VIRTUAL_LINK, Cost: 64 Configured as demand circuit. Run as demand circuit. DoNotAge LSA allowed. Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:07 Supports Link-local Signaling (LLS) Index 3/4, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 110.110.2.2 (Hello suppressed) Suppress hello for 1 neighbor(s) the virtual link command uses the remote device's RID, not necessarily the IP address on the interface that's in the transit area. Also, don't worry about this error message *Jun 28 15:16:35.320: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 192.168.12.0, Serial0/0/1 this is normal and you'll see it until you finish building the virtual link. Configure OSPF Area569 between R5; R6 and Sw3 advertise the loopbacks of Sw3 into this routing process. R5(config)#router ospf 1 R5(config-router)#router-id 110.110.5.5 R5(config-router)#net 110.110.5.5 0.0.0.0 a 569 R5(config-router)#net 192.168.56.5 0.0.0.0 a 569 R5(config-router)#net 192.168.156.5 0.0.0.0 a 569 Sw3(config)#ip routing Sw3(config)#router ospf 1 Sw3(config-router)#router-id 110.110.9.9 Sw3(config-router)#net 192.168.156.9 0.0.0.0 a 569 Sw3(config-router)#net 110.110.9.9 0.0.0.0 a 569 R6(config-router)#exit R6(config)#router ospf 1 R6(config-router)#router-id 110.110.6.6 R6(config-router)#net 110.110.6.6 0.0.0.0 a 569 R6(config-router)#net 192.168.156.6 0.0.0.0 a 569 R6(config-router)#net 192.168.56.0 0.0.0.255 area 569 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 17/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Make sure that all of the Loopbacks advertised in OSPF show with their correct subnet masks on all routers. By default, OSPF sees a loopback as a host route, and will add the route with a 32 bit mask, regardless of what the subnet mask is configured as. There are 3 ways to make OSPF loopbacks appear with the correct subnet masks. One way is to redistribute the loopbacks into OSPF and then use an area range. The other method is to set the network type as point to point for the loopback. R1(config-if)#int lo0 R1(config-if)#ip ospf net point-to-point R1(config-if)# R2#conf te Enter configuration commands, one per line. R2(config)#int lo0 R2(config-if)#ip ospf net point-to-point R2(config-if)# End with CNTL/Z. R3#show ip ospf int brief Interface PID Area IP Address/Mask Se0/0/0 1 0 192.168.134.3/24 Lo0 1 0 110.110.3.3/24 R3#conf te Enter configuration commands, one per line. End with R3(config)#int lo0 R3(config-if)#ip ospf net point-to-point R3(config-if)# Cost 64 1 State Nbrs F/C DROTH 1/1 LOOP 0/0 CNTL/Z. Sw3(config)#int lo0 Sw3(config-if)#ip ospf net point-to-point Configure EIGRP 68 between R6 and Sw2 and EIGRP 13 between Sw2 and BB3. Advertise the Loopback of these routers into the EIGRP process. R6#conf te Enter configuration commands, one per line. End with CNTL/Z. R6(config)#router eigrp 68 R6(config-router)#eigrp router-id 110.110.6.6 R6(config-router)#net 110.110.6.6 0.0.0.0 R6(config-router)#net 192.168.68.6 0.0.0.0 R6(config-router)#no auto !! different networks Sw2(config)#router eigrp 68 Sw2(config-router)# eigrp router-id 110.110.8.8 Sw2(config-router)# network 110.110.8.8 0.0.0.0 Sw2(config-router)# network 192.168.68.8 0.0.0.0 Sw2(config-router)# no auto-summary Sw2(config-router)#! Sw2(config-router)# Sw2(config-router)#router eigrp 13 Sw2(config-router)# network 213.3.13.8 0.0.0.0 Sw2(config-router)# no auto-summary Copyright © 2007 www.ccbootcamp.com Lab 40 Page 18/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Sw2(config-router)#! Sw2(config-router)#^Z Verification: Sw2#show ip eigrp neighbors IP-EIGRP neighbors for process 68 H Address Interface Type 0 192.168.68.6 Fa0/6 IP-EIGRP neighbors for process 13 H Address Interface Type 0 213.3.13.254 Hold Uptime SRTT RTO (sec) (ms) 10 00:00:14 1 200 Hold Uptime SRTT RTO (sec) (ms) 12 00:00:12 564 3384 Fa0/11 Q Seq Cnt Num 0 14 Q Seq Cnt Num 0 9 Configure EIGRP on AS 173, between R1, R3 and Sw1, advertise the loopback of R3 and Sw1 into this process Sw1 should Load-Balance without using "variance" command to reach network outside the eigrp domain. R1(config-if)# R1(config-if)#router eigrp 173 R1(config-router)#eigrp router-id 110.110.1.1 R1(config-router)#net 192.168.173.1 0.0.0.0 R1(config-router)#no auto R1(config-router)# R3(config)#router eigrp 173 R3(config-router)#eigrp router-id 110.11.3.3 R3(config-router)#net 110.110.3.3 0.0.0.0 R3(config-router)#net 192.168.173.3 0.0.0.0 R3(config-router)#no auto Sw1(config)#ip routing Sw1(config)#router eigrp 173 Sw1(config-router)#no auto Sw1(config-router)#eigrp router-id 110.110.7.7 Sw1(config-router)#net 110.110.7.7 0.0.0.0 Sw1(config-router)#net 192.168.173.7 0.0.0.0 R3(config)#router eigrp 173 R3(config-router)#red ospf 1 metric 1 1 1 1 1 R3(config-router)# R1(config)#router eigrp 173 R1(config-router)#red ospf 1 metric 1 1 1 1 1 Configure EIGRP on AS 12, between R4 and BB2 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 19/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R4(config)#router eigrp 12 R4(config-router)#eigrp router-id 110.110.4.4 R4(config-router)#net 212.2.12.4 0.0.0.0 R4(config-router)#no auto R4(config-router)# Configure RIPv2 between R5 and R4. Make sure all advertisements are using the correct prefix-length; the loopback of this 2 routers should be advertised into the rip process. By default, RIP performs auto-summarization on the classful network masks. To stop this and make sure the advertisements are done using the correct subnet mask, we add the “no auto-summary” keyword. R4(config)#router rip R4(config-router)#ver 2 R4(config-router)#no auto R4(config-router)#net 192.168.45.0 R4(config-router)#net 110.0.0.0 R5(config)#router rip R5(config-router)#ver 2 R5(config-router)#no auto R5(config-router)#net 110.0.0.0 R5(config-router)#net 192.168.45.0 Make sure RIP is only sent out Serial0/0/0.45 on R4 and R5. Using the “passive-interface” command for all other interfaces will do the job. Even quicker, we can configure all interfaces to be passive by default and then configure Serial0/0/0.45 not to be. R4(config-router)#passive-interface default R4(config-router)#no pass s0/0/0.45 R5(config-router)# passive-interface default R5(config-router)#no pass s0/0/0.45 Configure RIP between R4, R2, Sw4 in Vlan 248. Advertise the loopback of Sw4 into the RIP Process. Make sure that RIP messages are sent as unicast in between this nodes in VLAN 248. R4#conf te Enter configuration commands, one per line. R4(config)#router rip R4(config-router)#net 192.168.248.0 R4(config-router)# R2#conf te Enter configuration commands, one per line. R2(config)#router rip Copyright © 2007 www.ccbootcamp.com End with CNTL/Z. End with CNTL/Z. Lab 40 Page 20/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R2(config-router)#ver 2 R2(config-router)#no auto R2(config-router)#net 192.168.248.0 R2(config-router)# Sw4#conf te Enter configuration commands, one per line. End with CNTL/Z. Sw4(config)#ip routing Sw4(config)#router rip Sw4(config-router)#ver 2 Sw4(config-router)#no auto Sw4(config-router)#net 110.0.0.0 Sw4(config-router)#net 192.168.248.0 Sw4(config-router)#exit Sw4(config)#do show ip route rip R 192.168.45.0/24 [120/1] via 192.168.248.4, 00:00:14, Vlan248 110.0.0.0/24 is subnetted, 3 subnets R 110.110.4.0 [120/1] via 192.168.248.4, 00:00:14, Vlan248 R 110.110.5.0 [120/2] via 192.168.248.4, 00:00:14, Vlan248 Sw4(config)# Sw4(config)#!once we know that Sw4(config)#!the RIP Routes are being received Sw4(config)#!we proced then to configure Unicast RIP Because RIP is normally a broadcast protocol, in order for RIP routing updates to reach nonbroadcast networks, you must configure the Cisco IOS software to permit this exchange of routing information. To do so, use the following command in router configuration mode: Command Purpose neighbor ip-address Define a neighboring router with which to exchange routing information. To control the set of interfaces with which you want to exchange routing updates, you can disable the sending of routing updates on specified interfaces by configuring the passive-interface command. Sw4(config)#router rip Sw4(config-router)#pass default Sw4(config-router)#neigh ? A.B.C.D Neighbor address Sw4(config-router)#neigh 192.168.248.4 Sw4(config-router)#neigh 192.168.248.2 R2(config-router)#router rip R2(config-router)#pass def R2(config-router)#neigh 192.168.248.4 R2(config-router)#neigh 192.168.248.10 R4(config-router)#router rip R4(config-router)#neigh 192.168.248.10 R4(config-router)#neigh 192.168.248.2 R4(config-router)#pass def Copyright © 2007 www.ccbootcamp.com Lab 40 Page 21/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Verification: R2#deb ip rip RIP protocol debugging is on R2# R2#show run | b router rip router rip version 2 passive-interface default network 192.168.248.0 neighbor 192.168.248.10 neighbor 192.168.248.4 no auto-summary R2#clear ip route * *Jun 28 16:32:33.763: RIP: sending v2 update to 192.168.248.10 via FastEthernet0/0 (192.168.248.2) *Jun 28 16:32:33.763: RIP: build update entries - suppressing null update *Jun 28 16:32:33.763: RIP: sending v2 update to 192.168.248.4 via FastEthernet0/0 (192.168.248.2) *Jun 28 16:32:33.763: RIP: build update entries - suppressing null update --More-*Jun 28 16:32:36.783: RIP: received v2 update from 192.168.248.10 on FastEthernet0/0 *Jun 28 16:32:36.783: 110.110.10.0/24 via 0.0.0.0 in 1 hops --More-*Jun 28 16:32:38.651: RIP: received v2 update from 192.168.248.4 on FastEthernet0/0 *Jun 28 16:32:38.651: 110.110.4.0/24 via 0.0.0.0 in 1 hops *Jun 28 16:32:38.651: 110.110.5.0/24 via 0.0.0.0 in 2 hops *Jun 28 16:32:38.651: 192.168.45.0/24 via 0.0.0.0 in 1 hops R2#show ip route rip R 192.168.45.0/24 [120/1] via 192.168.248.4, 00:00:05, FastEthernet0/0 110.0.0.0/24 is subnetted, 6 subnets R 110.110.4.0 [120/1] via 192.168.248.4, 00:00:05, FastEthernet0/0 R 110.110.5.0 [120/2] via 192.168.248.4, 00:00:05, FastEthernet0/0 R 110.110.10.0 [120/1] via 192.168.248.10, 00:00:07, FastEthernet0/0 R4 is a high end router sending at high speed RIP messages to RIP Neighbors you must configure this neighbors to set the input queue to the double of the default size. Consider using the input-queue command if you have a high-end router sending at high speed to a low-speed router that might not be able to receive at the high speed. Configuring this command will help prevent the routing table from losing information. R2(config)#router rip R2(config-router)#inputR2(config-router)#input-queue 100 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 22/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R2(config-router)# Sw4#conf te Enter configuration commands, one per line. Sw4(config)#router rip Sw4(config-router)#input-queue 100 Sw4(config-router)# R5#conf te Enter configuration commands, one per line. R5(config)#router rip R5(config-router)#input-queue 100 End with CNTL/Z. End with CNTL/Z. Configure RIP between Sw4 and BB1, advertise only the 110.0.0.0/8 network to BB1. Sw4(config)#router rip Sw4(config-router)#net 211.1.11.0 Sw4(config-router)#exit Sw4(config)#ip prefix-list 110Net permit 110.0.0.0/8 Sw4(config)#router rip Sw4(config-router)#distribute-list prefix 110Net out vlan 811 Sw4(config-router)#neigh 211.1.11.254 Sw4(config-router)#int vlan 811 Sw4(config-if)#ip summ rip 110.0.0.0 255.0.0.0 Sw4(config-if)#do deb ip rip RIP protocol debugging is on Sw4(config-router)#do deb ip rip RIP protocol debugging is on Sw4(config-router)#do clear ip route * Sw4(config-router)# 16:41:49: RIP: sending v2 flash update to 192.168.248.2 via (192.168.248.10) 16:41:49: RIP: build flash update entries 16:41:49: 110.110.10.0/24 via 0.0.0.0, metric 1, tag 0 16:41:49: 211.1.11.0/24 via 0.0.0.0, metric 1, tag 0 16:41:49: RIP: sending v2 flash update to 192.168.248.4 via (192.168.248.10) 16:41:49: RIP: build flash update entries 16:41:49: 110.110.10.0/24 via 0.0.0.0, metric 1, tag 0 16:41:49: 211.1.11.0/24 via 0.0.0.0, metric 1, tag 0 16:41:49: RIP: sending v2 f Sw4(config-router)#lash update to 211.1.11.254 via Vlan811 (211.1.11.8) 16:41:49: RIP: build flash update entries 16:41:49: 110.0.0.0/8 via 0.0.0.0, metric 1, tag 0 Copyright © 2007 www.ccbootcamp.com Vlan248 Vlan248 Lab 40 Page 23/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. 4. – Redistribution. It is recommended that the deb ip routing is enabled on the routers. On R4, Redistribute RIP into OSPF Area 0 as type 1 routes R4(config)#router ospf 1 R4(config-router)#red rip sub metric-type 1 Verification: R4#show ip route rip R 211.1.11.0/24 [120/1] via 192.168.248.10, 00:00:17, FastEthernet0/0 110.0.0.0/24 is subnetted, 6 subnets R 110.110.5.0 [120/1] via 192.168.45.5, 00:00:18, Serial0/0/0.45 R 110.110.10.0 [120/1] via 192.168.248.10, 00:00:17, FastEthernet0/0 R4# R3#show ip route 110.110.10.0 Routing entry for 110.110.10.0/24 Known via "ospf 1", distance 110, metric 84, type extern 1 Redistributing via eigrp 173 Advertised by eigrp 173 metric 1 1 1 1 1 Last update from 192.168.134.4 on Serial0/0/0, 00:04:39 ago Routing Descriptor Blocks: * 192.168.134.4, from 110.110.4.4, 00:04:39 ago, via Serial0/0/0 Route metric is 84, traffic share count is 1 On R7, Redistribute OSPF into RIP. R4(config)#router rip R4(config-router)#red ospf 1 metric 2 R4(config-router)#^Z R4#show *Jun 28 17:37:30.427: %SYS-5-CONFIG_I: Configured from console by console R4#show ip route ospf 192.168.12.0/31 is subnetted, 1 subnets O IA 192.168.12.0 [110/128] via 192.168.134.1, 00:05:20, Serial0/0/0.134 110.0.0.0/24 is subnetted, 6 subnets O 110.110.1.0 [110/65] via 192.168.134.1, 00:05:20, Serial0/0/0.134 O IA 110.110.2.0 [110/129] via 192.168.134.1, 00:05:20, Serial0/0/0.134 O 110.110.3.0 [110/65] via 192.168.134.3, 00:05:20, Serial0/0/0.134 R4# Verification: Sw4#show ip route 110.110.1.0 Routing entry for 110.110.1.0/24 Known via "rip", distance 120, metric 2 Redistributing via rip Copyright © 2007 www.ccbootcamp.com Lab 40 Page 24/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Last update from 192.168.248.4 on Vlan248, 00:00:07 ago Routing Descriptor Blocks: * 192.168.248.4, from 192.168.248.4, 00:00:07 ago, via Vlan248 Route metric is 2, traffic share count is 1 On R1 and R3, Redistribute OSPF into EIGRP and vice versa. Redistribution of OSPF Routes into EIGRP was done before. R1(config-router)#exit R1(config)#router ospf 1 R1(config-router)#red eigrp 173 sub R1(config-router)# R3#conf te Enter configuration commands, one per line. R3(config)#router ospf 1 R3(config-router)#red eigrp 173 sub R3(config-router)#exit R3(config)# End with CNTL/Z. On R4 Redistribute EIGRP 12 into OSPF R4(config)#router ospf 1 R4(config-router)#red eigrp 12 sub metric 1 On R4 Should only send BB3 routes to BB2 Sw2(config)#router eigrp 68 Sw2(config-router)#red eigrp 13 route-map SETTAG13 Sw2(config-router)#route-map SETTAG13 Sw2(config-route-map)#set tag 13 Sw2(config-route-map)#exit Sw2(config)#^Z Sw2#conf te Enter configuration commands, one per line. End with CNTL/Z. Sw2(config)#router eigrp 68 Sw2(config-router)#red eigrp 13 route-map SETTAG13 Sw2(config-router)#route-map SETTAG13 Sw2(config-route-map)#set tag 13 Sw2(config-route-map)#exit Sw2(config)#^Z Sw2# R6#show ip route eigrp D EX 213.213.8.0/24 [170/412160] via 192.168.68.8, 00:00:23, FastEthernet0/1 D EX 213.213.25.0/24 [170/412160] via 192.168.68.8, 00:00:23, FastEthernet0/1 D EX 213.213.24.0/24 [170/412160] via 192.168.68.8, 00:00:23, FastEthernet0/1 D EX 213.213.9.0/24 [170/412160] via 192.168.68.8, 00:00:23, FastEthernet0/1 D EX 213.213.10.0/24 [170/412160] via 192.168.68.8, 00:00:23, FastEthernet0/1 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 25/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. D D D D EX EX EX EX 213.213.26.0/24 213.213.11.0/24 213.213.12.0/24 213.213.13.0/24 [170/412160] [170/412160] [170/412160] [170/412160] via via via via 192.168.68.8, 192.168.68.8, 192.168.68.8, 192.168.68.8, 00:00:23, 00:00:23, 00:00:23, 00:00:23, FastEthernet0/1 FastEthernet0/1 FastEthernet0/1 FastEthernet0/1 R6#show ip route 213.213.8.0 Routing entry for 213.213.8.0/24 Known via "eigrp 68", distance 170, metric 412160 Tag 1313, type external Redistributing via eigrp 68 Last update from 192.168.68.8 on FastEthernet0/1, 00:00:29 ago Routing Descriptor Blocks: * 192.168.68.8, from 192.168.68.8, 00:00:29 ago, via FastEthernet0/1 Route metric is 412160, traffic share count is 1 Total delay is 6100 microseconds, minimum bandwidth is 10000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 2 Route tag 1313 R6(config)#router ospf 1 R6(config-router)#red eigrp 68 sub R6(config-router)# rack10>5 R5(config-router)#do show ip route 213.213.8.0 Routing entry for 213.213.8.0/24 Known via "ospf 1", distance 110, metric 20 Tag 1313, type extern 2, forward metric 1 Last update from 192.168.156.6 on FastEthernet0/0, 00:00:02 ago Routing Descriptor Blocks: * 192.168.156.6, from 110.110.6.6, 00:00:02 ago, via FastEthernet0/0 Route metric is 20, traffic share count is 1 Route tag 1313 R5(config-router)# R5(config-router)#router rip R5(config-router)#red ospf 1 metric 3 route-map SETTAG R5(config-router)#route-map SETTAG R5(config-route-map)#mat tag 1313 R5(config-route-map)#set tag 1313 R5(config-route-map)#route-map SETTAG permit 2000 R5(config-route-map)#exit R4(config)#router rip R4(config-router)#distance 109 192.168.45.5 Copyright © 2007 www.ccbootcamp.com 0.0.0.0 Lab 40 Page 26/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R4(config-router)#do clear ip route * R4(config-router)#do show ip route rip R4(config-router)#do show ip route rip R4(config-router)#do show ip route rip R 213.213.8.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.25.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.24.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.9.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.10.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.26.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.11.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.12.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R 213.213.13.0/24 [109/3] via 192.168.45.5, 00:00:04, Serial0/0/0.45 R4(config-router)#do show ip route 213.213.8.0 Routing entry for 213.213.8.0/24 Known via "rip", distance 109, metric 3 Tag 1313 Redistributing via ospf 1, rip Advertised by ospf 1 metric-type 1 subnets Last update from 192.168.45.5 on Serial0/0/0.45, 00:00:11 ago Routing Descriptor Blocks: * 192.168.45.5, from 192.168.45.5, 00:00:11 ago, via Serial0/0/0.45 Route metric is 3, traffic share count is 1 Route tag 1313 R4(config)#router eigrp 12 R4(config-router)#red rip route-map ONLY1313 metric 1 1 1 1 1 R4(config-router)#route-map ONLY1313 R4(config-route-map)#ma tag 1313 R4#clear ip eigrp neighbors R4# *Jun 28 18:05:07.811: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 212.2.12.254 (FastEthernet0/1) is down: manually cleared R4# *Jun 28 18:05:07.811: Peer 212.2.12.254 going down *Jun 28 18:05:07.811: Last peer deleted from FastEthernet0/1 R4# *Jun 28 18:05:11.351: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 212.2.12.254 (FastEthernet0/1) is up: new adjacency *Jun 28 18:05:11.351: New peer 212.2.12.254 on FastEthernet0/1 *Jun 28 18:05:11.351: Enqueuing NULL update to 212.2.12.254, flags 0x1 *Jun 28 18:05:11.359: Building STARTUP packet for 212.2.12.254, serno 0-0 *Jun 28 18:05:11.359: No items in range *Jun 28 18:05:11.359: Packet acked from 212.2.12.254 (FastEthernet0/1), serno 0-0 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 27/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. *Jun 28 18:05:11.359: Startup update acked from 212.2.12.254, serno 0-0 *Jun 28 18:05:11.359: No IIDB anchor *Jun 28 18:05:11.359: Packetized serno 1-117, expect reply *Jun 28 18:05:11.359: IP-EIGRP(Default-IP-Routing-Table:12): Processing incoming UPDATE packet *Jun 28 18:05:11.371: Building STARTUP packet for 212.2.12.254, serno 1-117 *Jun 28 18:05:11.371: Items: *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Routing-Table:12): 212.2.12.0/24 - do advertise out FastEthernet0/1 S1 *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Ro R4#uting-Table:12): 213.213.8.0/24 - do advertise out FastEthernet0/1 81 *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Routing-Table:12): Ext 213.213.8.0/24 metric 2560000256 - 2560000000 256 *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Routing-Table:12): 213.213.25.0/24 do advertise out FastEthernet0/1 82 *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Routing-Table:12): Ext 213.213.25.0/24 metric 2560000256 - 2560000000 256 *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Routing-Table:12): 213.213.24.0/24 do advertise out FastEthernet0/1 83 *Jun 28 18:05:11.371: IP-EIGRP(Default-IP-Routing-Table:12): Ext 213.213.24.0/24 metric 2560000256 - 2560000000 256 R4# R4#u all Ensure that R2 prefers the native routes via the routing protocol that was originated, in case of a failure R2 must have reachability to other networks R2(config-router)#distance 121 110.110.1.1 0.0.0.0 ? <1-99> IP Standard access list number <1300-1999> IP Standard expanded access list number WORD Standard access-list name <cr> R2(config-router)# distance 121 0.0.0.0 255.255.255.255 1 R2(config-router)#exit R2(config)#access-list 1 permit 110.110.4.0 0.0.0.255 R2(config)#access-list 1 permit 110.110.10.0 0.0.0.255 R2(config)#do show ip route 110.110.4.4 Routing entry for 110.110.4.0/24 Known via "rip", distance 120, metric 1 Redistributing via rip Last update from 192.168.248.4 on FastEthernet0/0, 00:00:25 ago Routing Descriptor Blocks: * 192.168.248.4, from 192.168.248.4, 00:00:25 ago, via FastEthernet0/0 Route metric is 1, traffic share count is 1 Note: It is recommended that before you move to other task of the lab, to use the TCL Script to verify complete reachability in the entire network. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 28/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. 5. - Multicast Routing. Configure Multicast routing on R4, R5, R3, R1 set all interfaces of these routers in pim sparse mode. Internet Protocol Multicast is an Internet routing protocol designed to provide efficient data transmission to multiple users. Multicast uses Class D addressing to identify and route multicast traffic and Protocol Independent Multicast (PIM) to configure and structure the multicast network. IP Multicast assembles users who wish to receive multicast traffic into multicast groups and assigns each group a specific Class D IP address. The Class D IP address range reserved for multicast addresses is 224.0.0.0 to 239.255.255.255. PIM is enabled on interfaces to provide the routing mechanism to structure the multicast traffic. When a message is sent to a multicast group, the sending host forwards a single copy of the data packet over the network. The intermediate routers replicate these data packets and distribute them to the multicast group members. Enables/disables Protocol Independent Multicast (PIM) sparse-mode on an interface. Syntax: ip pim sparse-mode Description: The ip pim sparse-mode command enables PIM sparse-mode on the interface. Modes in multicast denote specific methods of routing multicast traffic. Enabling PIM on an interface also enables IGMP operation on that interface. An interface can be configured to be in dense mode, sparse mode, or sparse-dense mode. The mode determines how the router populates its multicast routing table and how the router forwards multicast packets it receives from its directly connected LANs. You must enable PIM in one of these modes for an interface to perform IP multicast routing. In populating the multicast routing table, dense-mode interfaces are always added to the table. Sparse-mode interfaces are added to the table only when periodic Join messages are received from downstream routers, or when there is a directly connected member on the interface. When forwarding from a LAN, sparsemode operation occurs if there is an RP known for the group. If so, the packets are encapsulated and sent toward the RP. When no RP is known, the packet is flooded in a dense-mode fashion. If the multicast traffic from a specific source is sufficient, the receiver's first-hop router may send joins toward the source to build a source-based distribution tree. There is no default mode setting. By default, multicast routing is disabled on an interface. If you configure sparse-dense mode, the idea of sparseness or denseness is applied to the group on the router, and the network manager should apply the same concept throughout the network. Another benefit of sparse-dense mode is that Auto-RP information can be distributed in a dense mode manner; yet, Copyright © 2007 www.ccbootcamp.com Lab 40 Page 29/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. multicast groups for user groups can be used in a sparse mode manner. Thus, there is no need to configure a default RP at the leaf routers. R1#conf ter Enter configuration commands, one per line. R1(config)#ip multicast-routing R1(config)#int lo0 R1(config-if)#ip pim sparse R1(config-if)#int f0/0 R1(config-if)#ip pim sparse R1(config-if)#int s0/0/0 R1(config-if)#ip pim sparse R3#conf ter Enter configuration commands, one per line. R3(config)#ip multicast-routing R3(config)#int lo0 R3(config-if)#ip pim sparse R3(config-if)#int f0/0 R3(config-if)#ip pim sparse R3(config-if)#int s0/0/0 R3(config-if)#ip pim sparse R3(config-if)#^Z R4#conf ter Enter configuration commands, one per line. R4(config)#ip multicast-routing R4(config)#int f0/0 R4(config-if)#ip pim sparse R4(config-if)#int f0/1 R4(config-if)#ip pim sparse R4(config-if)#int lo0 R4(config-if)#ip pim sparse R4(config-if)#int s0/0/0.45 R4(config-subif)#ip pim sparse R4(config-subif)#exit R4(config)#int s0/0/0.134 R4(config-subif)#ip pim sparse R4(config-subif)#ip pim nbma R4(config-subif)#exit R4(config)#int lo0 R4(config-if)#ip pim sparse R4(config-if)#exit R5#conf ter Enter configuration commands, one per line. R5(config)#ip multicast-routing Copyright © 2007 www.ccbootcamp.com End with CNTL/Z. End with CNTL/Z. End with CNTL/Z. End with CNTL/Z. Lab 40 Page 30/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R5(config)#int lo0 R5(config-if)#ip pim sparse R5(config-if)#int f0/0 R5(config-if)#ip pim sparse R5(config-if)#int s0/0/0.45 R5(config-subif)#ip pim sparse R5(config-subif)#exit R1 should be the RP for this group only, configures R4 as the Mapping Agent (AUTO-RP) also prevent from RP for this group in particular. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fiprmc_r/mult/1rf mult2.htm#wp1090395 With Auto-RP, you configure the RPs themselves to announce their availability as RPs and mapping agents. The RPs send their announcements using 224.0.1.39. The RP mapping agent listens to the announced packets from the RPs, then sends RP-to-group mappings in a discovery message that is sent to 224.0.1.40. These discovery messages are what the rest of the routers use for their RP-to-group map. You can use one RP that also serves as the mapping agent, or you can configure multiple RPs and multiple mapping agents for redundancy purposes. Generally Auto-RP is used with sparse-dense mode, since then the Auto-RP information can be propagated in dense mode. If your routers are configured with pure sparse-mode on the interfaces, then you can shift to sparse-densemode, so we need to configure on the router ip auto-rp listener ip pim autorp listener is a way of overiding the interface configuration and allowing dense mode operation. Therefore even if you have ip pim sparse mode configured it will override this command and allow the dense mode operation for the groups 224.0.1.39 and 224.0.1.40 to be distributed in dense mode. If a CCIE Lab question restricted you to using ip pim sparse mode only yet still required Auto-RP then this could be the solution for you R1#conf ter Enter configuration commands, one per line. R1(config)#ip pim autorp list R1(config)# R3#conf ter Enter configuration commands, one per line. R3(config)#ip pim autorp list R3(config)# End with CNTL/Z. End with CNTL/Z. R4(config)#ip pim autorp list Copyright © 2007 www.ccbootcamp.com Lab 40 Page 31/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R5(config)#ip pim autorp list R5(config)# The RP itself would have "send-rp-discovery," while the Mapping Agent has "send-rpannounce." R1(config)#ip pim send-rp-announce Loopback0 scope 10 group-list 10 bidir R1(config)#access-list 10 permit 224.1.1.1 R1(config)#ip pim bidir-enable R3(config)#ip pim bidir-enable R4(config)#ip pim bidir-enable R5(config)#ip pim bidir-enable PIM-SM cannot forward traffic in the upstream direction of a tree, because it only accepts traffic from one Reverse Path Forwarding (RPF) interface. This interface (for the shared tree) points toward the RP, therefore allowing only downstream traffic flow. In this case, upstream traffic is first encapsulated into unicast register messages, which are passed from the designated router (DR) of the source toward the RP. In a second step, the RP joins an SPT that is rooted at the source. Therefore, in PIM-SM, traffic from sources traveling toward the RP does not flow upstream in the shared tree, but downstream along the SPT of the source until it reaches the RP. From the RP, traffic flows along the shared tree toward all receivers. To influence which router is the RP for a particular group, when two RPs are announcing for that group, you can configure each router with a loopback address. Place the higher IP address on the preferred RP, then use the loopback interface as the source of the announce packets; for example, ip pim send-RPannounce loopback0. When multiple mapping agents are used, they listen to each other's discovery packets and the mapping agent with the highest IP address wins and becomes the only forwarder of 224.0.1.40. To configure bidir-PIM, use the following commands in global configuration mode, depending on which method you use to distribute group-to-RP mappings: Command Purpose Router(config)# ip pim rp- Configures the address of a PIM RP for a address rp-address [access- particular group, and specifies bidirectional list] [override] bidir mode. Use this command when you are not distributing group-to-RP mappings using either Auto-RP or the PIMv2 BSR mechanism. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 32/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Router(config)# ip pim rp- Configures the router to advertise itself as a candidate type number [group- PIM Version 2 candidate RP to the BSR, and list access-list] bidir specifies bidirectional mode. Use this command when you are using the PIMv2 BSR mechanism to distribute group-to-RP mappings. Router(config)# ip pim send-rpannounce type number scope ttlvalue [group-list access-list] [interval seconds] bidir Configures the router to use Auto-RP to configure for which groups the router is willing to act as RP, and specifies bidirectional mode. Use this command when you are using Auto-RP to distribute group-to-RP mappings. PIM-SM constructs uni-directional shared trees that are used to forward data from senders to receivers of a multicast group. PIM-SM also allows the construction of source specific trees, but this capability is not related to the protocol described in this document. The shared tree for each multicast group is rooted at a multicast router called the Rendezvous Point (RP). Different multicast groups can use separate RPs within a PIM domain. In unidirectional PIM-SM, there are two possible methods for distributing data packets on the shared tree. These differ in the way packets are forwarded from a source to the RP: Initially when a source starts transmitting, its first hop router encapsulates data packets in special control messages (Registers) which are unicast to the RP. After reaching the RP the packets are decapsulated and distributed on the shared tree. A transition from the above distribution mode can be made at a later stage. This is achieved by building source specific state on all routers along the path between the source and the RP. This state is then used to natively forward packets from that source. Both these mechanisms suffer from problems. Encapsulation results in significant processing, bandwidth and delay overheads. Forwarding using source specific state has additional protocol and memory requirements. Bi-directional PIM dispenses with both encapsulation and source state by allowing packets to be natively forwarded from a source to the RP using shared tree state. In contrast to PIM-SM this mode of forwarding does not require any data-driven events. Auto-RP relies on a router designated as RP mapping agent. Potential RP's announce themselves to the mapping agent, and it resolves any conflicts. The mapping agent then sends out the multicast group-RP mapping information to the other routers. R4(config)#ip pim send-rp-discovery Loopback0 scope 10 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 33/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. There is a client at Vlan 173 that is joining group 224.1.1.1 R1(config)#int f0/0 R1(config-if)#ip igmp jopi224.1.1.1 R1(config-if)#ip igmp join 224.1.1.1 Verify the Multicast configuration by pinging the IGMP group address. R5(config)#do ping 224.1.1.1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds: Reply to request 0 from 192.168.134.1, 132 ms Reply to request 0 from 192.168.134.1, 156 ms In regards to prevent RP for this group in particular we configure a test RP with a higher IP Address (preferred by AUTORP) to test the configuration. R5(config)#access-list 10 permit 224.1.1.1 R5(config)#ip pim send-rp-announce Loopback0 scope 10 group-list 10 bidir R4#show ip pim rp map PIM Group-to-RP Mappings This system is an RP-mapping agent (Loopback0) Group(s) 224.1.1.1/32 RP 110.110.5.5 (?), v2v1, bidir Info source: 110.110.5.5 (?), elected via Auto-RP Uptime: 00:00:07, expires: 00:02:52 RP 110.110.1.1 (?), v2v1, bidir Info source: 110.110.1.1 (?), via Auto-RP Uptime: 00:11:13, expires: 00:02:44 R1#show ip pim rp map PIM Group-to-RP Mappings This system is an RP (Auto-RP) Group(s) 224.1.1.1/32 RP 110.110.5.5 (?), v2v1, bidir Info source: 110.110.4.4 (?), elected via Auto-RP Uptime: 00:03:23, expires: 00:02:32 R4(config)#do show ip access-list Copyright © 2007 www.ccbootcamp.com Lab 40 Page 34/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R4(config)#!No Access-list Configured R4(config)# R4(config)#access-list 1 deny 110.110.1.1 R4(config)#access-list 2 deny 224.1.1.1 R4(config)#ip pim rp-announce-filter rp-list 1 group-list 2 R1#show ip pim rp map PIM Group-to-RP Mappings This system is an RP (Auto-RP) Group(s) 224.1.1.1/32 RP 110.110.1.1 (?), v2v1, bidir Info source: 110.110.4.4 (?), elected via Auto-RP Uptime: 00:00:00, expires: 00:02:56 R1# R3#show ip pim rp map PIM Group-to-RP Mappings Group(s) 224.1.1.1/32 RP 110.110.1.1 (?), v2v1, bidir Info source: 110.110.4.4 (?), elected via Auto-RP Uptime: 00:00:05, expires: 00:02:50 R4#show ip pim rp map PIM Group-to-RP Mappings This system is an RP-mapping agent (Loopback0) Group(s) 224.1.1.1/32 RP 110.110.5.5 (?), v2v1, bidir Info source: 110.110.5.5 (?), elected via Auto-RP Uptime: 00:00:13, expires: 00:02:42 RP 110.110.1.1 (?), v2v1, bidir Info source: 110.110.1.1 (?), via Auto-RP Uptime: 00:00:19, expires: 00:02:36 R4#show ip access-list Standard IP access list 1 10 deny 110.110.1.1 (4 matches) Standard IP access list 2 10 deny 224.1.1.1 R4# 6. - QOS Copyright © 2007 www.ccbootcamp.com Lab 40 Page 35/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Configure router R1’s Frame interface for Custom Queuing. Configure HTTP to be able to use up to 50% of the queue. Configure IPv6 for 25%. Configure all other traffic for the remaining 25%. Custom Queueing allows you to define traffic queues of equal priority which will be serviced in round robin fashion. The various queues are assigned to a queue-list, and the queue-list is assigned to an interface using the command ‘custom-queue-list X’ In this lab, we will be assigning queues for IPv6, HTTP, and default traffic. The percentages are calculated based on the ratios of the queue sizes to the total of all the queues. R1(config)#queue-list 1 prot http 1 R1(config)#queue-list 1 prot ipv6 2 R1(config)#queue-list 1 default 3 R1(config)#queue-list 1 queue 1 byte-count 3000 R1(config)#int ser0/0/0 R1(config-if)#custom-queue-list 1 The default byte count for a queue is 1500, so the total for the three queues is 6000 bytes. IP receives 3000 bytes, which is 50%, and the other two queues each receive 25%. Enable Priority Queuing on router R4 FastEthernet interface facing to BB1’s. Configure HTTP traffic to have the highest priority. Configure IPv6 packets larger than 1500 bytes set to medium priority. Configure HTTP packets set to normal priority. Set the IPv6 packets smaller than 1500 bytes to normal. All other traffic should be low priority. The highest number of packets in the high queue should be 15. The medium queue limit should be 20. The normal queue limit should be 20. The low queue limit should be 30. Priority queueing uses 4 queues: high, medium, normal and low. The default priority is normal. The lower queues only can send traffic if none of the higher queues have traffic to send. For example, the normal queue cannot send traffic unless there is no high or medium traffic to send. For priority queuing, traffic is assigned to one of the four queues using the command ‘priority-list’. The command ‘priority group’ assigns the priority queuing to an interface. In this lab, we will be matching based on protocol and packet size. Queue limits can be adjusted with the command ‘priority-list queuelimit’ R4(config)#priority-list 1 protocol http high R4(config)#priority-list 1 protocol ipv6 medium gt 1500 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 36/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R4(config)#priority-list 1 protocol http normal R4(config)#priority-list 1 protocol ipv6 normal lt 1500 R4(config)#priority-list 1 queue-limit 15 20 20 30 R4(config)#int f0/1 R4(config-if)#priority-group 1 We can verify with the command ‘show queueing’. R4#show queueing Current fair queue configuration: Interface Serial0/0/0 Serial0/0/1 Serial0/1/0 Serial0/1/1 Discard threshold 64 64 64 64 Dynamic queues 256 256 256 256 Reserved queues 0 0 0 0 Link queues 8 8 8 8 Priority queues 1 1 1 1 Current DLCI priority queue configuration: Current priority queue configuration: List Queue Args 1 medium protocol ipv6 gt 1500 1 high protocol http 1 normal protocol ipv6 lt 1500 1 high limit 15 1 medium limit 20 1 normal limit 20 1 low limit 30 Current custom queue configuration: Current random-detect configuration: Current per-SID queue configuration: R4# Configure R2 to change the IP Precedence value on all traffic going out its Fast0/0 interface to “5” and R4 to change the IP Precedence value on all traffic going out their Fast0/0 interfaces to “3”. we are matching "all" traffic going out of an interface, we don't need to configure class-maps to classify any traffic. We will be using the default "class-default" class. We will configure the policy-maps PREC3 on R4 and BB1 and and PREC5 on R7, R2(config)#policy-map PREC3 R2(config-pmap)#class class-default R2(config-pmap-c)#set ip prec 3 R4(config)#policy-map PREC5 R4(config-pmap)#class class-default Copyright © 2007 www.ccbootcamp.com Lab 40 Page 37/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R4(config-pmap-c)#set ip prec 5 We will then apply these policy maps on the appropriate interfaces, R2(config)#int fa0/0 R2(config-if)#service-policy input PREC3 R4(config)#int fa0/0 R4(config-if)#service-policy input PREC5 Configure R6 to translate the IP Precedence “3” to IP DSCP “AF31” and IP Precedence “5” to IP DSCP “EF” for all traffic going out its Fast0/1 interface. So we need to remark the traffic with DSCP AF31 or DSCP EF depending on the IP Precedence value. To do this we will need to configure two class-maps. One matching IP Precedence 3 and another matching IP Precedence 5. R6(config)#class-map PREC3 R6(config-cmap)#match ip prec 3 R6(config)#class-map PREC5 R6(config-cmap)#match ip prec 5 We will then create a policy-map to match each of these two classes and set the appropriate DSCP value. R6(config)#policy-map R6(config-pmap)#class R6(config-pmap-c)#set R6(config-pmap)#class R6(config-pmap-c)#set PREC-TO-DSCP PREC3 ip dscp af31 PREC5 ip dscp ef Then, we only need to apply this policy outbound on R6's Fast0/1, R6(config)#int fa0/1 R6(config-if)#service-policy output PREC-TO-DSCP Configure R5 to allocate 20Mbps for all DSCP “EF” traffic and 60Mbps for all DSCP “AF31” traffic when transmitting out it's Fast0/0 interface. Again, we will need to configure class-maps here to match the DSCP value, R5(config)#class-map DSCPAF31 R5(config-cmap)#match ip dscp af31 R5(config)#class-map DSCPEF R5(config-cmap)#match ip dscp ef Copyright © 2007 www.ccbootcamp.com Lab 40 Page 38/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. And then, configure a policy-map. To allocate an LLQ for any traffic, we do this allocation using the "priority" command as opposed to the "bandwidth" command. R5(config)#policy-map FE0/0 R5(config-pmap)#class DSCPEF R5(config-pmap-c)#priority 20000 R5(config-pmap)#class DSCPAF31 R5(config-pmap-c)#bandwidth 60000 Now let's apply this policy to Fast0/0, R5(config)#int fa0/0 R5(config-if)#service-policy output FE0/0 I/f FastEthernet0/0 class DSCPAF31 requested bandwidth 60000 (kbps), available only 55000 (kbps) Here, the router returned an error that the second class is trying to allocate 60000kbps while only 55000kbps are remaining. Even though the FastEthernet interface has a total of 100,000kbps, by default, we are only allowed to allocate 75% of any interface's bandwidth. To solve this problem, we will configure the interface to allow us to allocate 100% and try again, R5(config-if)#max-reserved-bandwidth 100 R5(config-if)#int fa0/0 R5(config-if)#service-policy output FE0/0 7. - Border Gateway Protocol Configure R2 for BGP AS 200. Configure R1 for BGP AS 100. Configure R5 for BGP AS 100. Configure R4 for BGP AS 100. Peer R1 to R2. R5 can only have one neighbor configured. R5(config)#router bgp 100 R5(config-router)#bgp router-id 110.110.5.5 R5(config-router)#no sync R5(config-router)#neighbor 110.110.4.4 remote-as 100 R5(config-router)#neighbor 110.110.4.4 update-source lo0 R1(config)#router bgp 100 R1(config-router)#no sync R1(config-router)#bgp router-id 110.110.1.1 Copyright © 2007 www.ccbootcamp.com Lab 40 Page 39/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R1(config-router)#neighbor R1(config-router)#neighbor R1(config-router)#neighbor R1(config-router)#neighbor R1(config-router)#neighbor 110.110.4.4 110.110.4.4 110.110.2.2 110.110.2.2 110.110.2.2 remote-as 100 update-source lo0 remote-as 200 update-source lo0 ebgp-multihop R4(config)#router bgp 100 R4(config-router)#bgp router-id 110.110.4.4 R4(config-router)#no sync R4(config-router)#neighbor 110.110.5.5 remote-as 100 R4(config-router)#neighbor 110.110.5.5 update-source lo0 R4(config-router)#neighbor 110.110.5.5 route-reflector-client R4(config-router)#neighbor 110.110.1.1 remote-as 100 R4(config-router)#neighbor 110.110.1.1 update-source lo0 R4(config-router)#neighbor 110.110.1.1 route-reflector-client R4(config-router)# R2(config)#router bgp 200 R2(config-router)#neighbor 110.110.1.1 remote-as 100 R2(config-router)#neighbor 110.110.1.1 update-source lo0 R2(config-router)#neighbor 110.110.1.1 ebgp-multihop Verification: R4#show ip bgp summary BGP router identifier 110.110.4.4, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor State/PfxRcd 110.110.1.1 110.110.5.5 V 4 4 AS MsgRcvd MsgSent 100 100 2 2 2 2 TblVer 0 0 InQ OutQ Up/Down 0 0 0 00:00:04 0 00:00:14 0 0 R2#show ip bgp summ BGP router identifier 110.110.2.2, local AS number 200 BGP table version is 1, main routing table version 1 Neighbor State/PfxRcd 110.110.1.1 V 4 AS MsgRcvd MsgSent 100 2 2 TblVer 0 InQ OutQ Up/Down 0 0 00:00:03 0 For verification of our peers, we will use the command ‘show ip bgp summary’ on R4 and R2. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 40/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. Configure three Loopback interfaces on 200.1.2.1 /24, 200.1.3.1 /24. R2 should interfaces to BGP. Creating loopbacks is strait forward. however, make sure to include the mask. router R2: 200.1.1.1 /24, advertise these 3 Loopback When entering the loopbacks into BGP, R2(config)#int lo50 R2(config-if)#ip address 200.1.1.1 255.255.255.0 R2(config-if)#int lo51 R2(config-if)#ip address 200.1.2.1 255.255.255.0 R2(config-if)#int lo52 R2(config-if)#ip address 200.1.3.1 255.255.255.0 R2(config)#router bgp 200 R2(config-router)#no auto-summary R2(config-router)#network 200.1.1.0 mask 255.255.255.0 R2(config-router)#network 200.1.2.0 mask 255.255.255.0 R2(config-router)#network 200.1.3.0 mask 255.255.255.0 Summarize the 3 Loopbacks in to a single route. R1 should see all 3 individual routes, but R5 and R4 should only see a summary. You cannot use the summary-only keyword to accomplish this task. R2 should not see the summarized route. You cannot change anything on R2 to accomplish this. In order to have only one neighbor configured on R5, we will configure R5 as a route reflector client. We will configure R4 as the route reflector, and we will configure R1 as another route reflector client. We will also peer R1 to R2. Since we are peering from loopbacks, we will need the command ‘neighbor x.x.x.x ebgp-multihop’ for our EBGP peering between R1 and R2. For verification, we will check the bgp routes using ‘show ip bgp’ on R2 and R5. R2#show ip bgp BGP table version is 4, local router ID is 110.110.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 200.1.1.0 *> 200.1.2.0 *> 200.1.3.0 Copyright © 2007 www.ccbootcamp.com Next Hop 0.0.0.0 0.0.0.0 0.0.0.0 Metric LocPrf Weight Path 0 32768 i 0 32768 i 0 32768 i Lab 40 Page 41/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. R5#show ip bgp BGP table version is 4, local router ID is 110.110.5.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network *>i200.1.1.0 *>i200.1.2.0 *>i200.1.3.0 Next Hop 110.110.2.2 110.110.2.2 110.110.2.2 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i Since you can’t change anything on R2, we are going to create the summary on R1. Another tricky part is that we cannot use the summary-only keyword. Let’s look at this piece by piece. If we just create the aggregate address, BGP will announce both the summary and the more specific routes. If we add the as-set option, it will keep the as path information, and understand that the more specific routes came from AS 200. We still would be advertising the more specific routes to R4 and R5. If we also add the suppress-map option, we can suppress the more specific routes. In our route-map, we will use a prefix list that will match our more specific routes. The prefix list 200.1.0.0/22 ge 24 le 24 will match any networks that have the first 22 bits common, however the le/ge forces the matching network to also have a 24 bit subnet mask. Although our summary would match the first 22 bits, it does not have a 24 bit subnet mask. R1(config)#ip prefix-list 2 permit 200.1.0.0/22 ge 24 le 24 R1(config)#route-map SUPPRESS R1(config-route-map)#match ip address prefix-list 2 R1(config)#router bgp 100 R1(config-router)#aggregate-address 200.1.0.0 255.255.252.0 as-set suppress-map SUPPRESS Another possible solution would be to configure two prefix lists on R1 for filtering. One prefix list would be applied outbound toward R2, and would block the summary. The other prefix list would be applied outbound toward R4, and would block the 24 bit routes. Copyright © 2007 www.ccbootcamp.com Lab 40 Page 42/43 Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take Cisco Learning credits!. 8. - Router Hardening. Create a user account with username cisco and password ccie. Enable Authentication on R5 only for the VTY lines. DO NOT allow the console or AUX to use AAA. For this task, we will configure local AAA authentication on the VTY lines for R5. You should be very careful when configuring AAA, because improper configuration will lock you out of the router, and you will be forced to do password recovery. For this reason, it is recommended that you save your config before starting AAA configuration, and do not save again until you have verified that your configuration works. We are told to configure authentication only on the VTY lines, so we will create a method list, and apply it to the vty lines. We will also use the reload command. You can use the reload command as a failsafe measure. As long as you don’t save your config, the reload will bring you back to the last configuration written to NVRAM. R5#wr mem Building configuration... [OK] R5#reload in 5 Reload scheduled in 5 minutes Proceed with reload? [confirm] R5#conf t Enter configuration commands, one per line. End with CNTL/Z. R5(config)#aaa new-model R5(config)#aaa authentication login VTY local R5(config)#username cisco password ccie R5(config)#line vty 0 4 R5(config-line)#login authentication VTY Test by telneting from another router. Exit from your console session. If you are locked out, the router will reload when the timer expires, and you will be back to where you last saved, hopefully just before typing ‘aaa new-model’ Congratulations you finished lab 5. GOOD JOB!! Copyright © 2007 www.ccbootcamp.com Lab 40 Page 43/43
