1. Trang chủ
  2. » Công Nghệ Thông Tin

Mcgraw hill all in one cisco ccie lab study guide second edition

896 2,5K 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 896
Dung lượng 6,68 MB

Nội dung

Mcgraw hill all in one cisco ccie lab study guide second edition

Table of Contents All−in−One Cisco CCIE Lab Study Guide, Second Edition Chapter 1: Take the Lab Once and Pass Overview CCIE Lab Exams CCIE Routing and Switching Lab Locations Format of the Book Chapter Format Lab Format .5 CD−ROM Chapter 2: Terminal Servers Overview Introduction Out−of−Band Network Management Commands Discussed in This Chapter Definitions .7 Lab #1: Basic Terminal Server Configuration .7 Equipment Needed Connecting the Terminal Server .7 Basic Terminal Server Configuration Terminal Server Configuration .8 Connecting to a Port Mapping a Host Name to an IP Address Absolute Versus Relative Line Numbers Exiting a Reverse Telnet Session 10 Troubleshooting 11 Displaying Active Sessions 11 Switching Between Sessions 11 Disconnecting a Session 12 Clearing a Line 12 Displaying the Status of a Line .12 Conclusion 13 Chapter 3: ISDN .14 Overview 14 Introduction 14 ISDN Technology Overview .14 ISDN Switches .15 ISDN BRI 16 ISDN PRI 17 ISDN Bearer Capability 17 The ISDN Protocol Stack 17 Layer Link Layer Establishment 19 Layer Link Layer Status Checks 21 ISDN Layer Signaling 22 ISDN Configuration 27 ISDN with Non−ISDN−Equipped Routers 27 Commands Discussed in This Chapter 28 Definitions .28 IOS Requirements 30 ISDN Switch Configuration 30 i Table of Contents Chapter 3: ISDN Lab #2: ISDN Basics and Switch Basics .32 Equipment Needed 32 Configuration Overview 32 ISDN Switch Setup .32 Router Configuration .32 RouterA 32 RouterB 33 Monitoring and Testing the Configuration 34 Lab #3: Backup Interfaces 38 Equipment Needed 38 Configuration Overview 38 ISDN Switch Setup .39 Router Configuration .39 RouterA 39 Router B 40 Monitoring and Testing the Configuration 41 Router A Configuration for interface S0/0 47 Lab #4: Floating Static Routes .49 Equipment Needed 49 Configuration Overview 50 ISDN Switch Setup .50 Router Configuration .50 RouterA 50 RouterB 51 Monitoring and Testing the Configuration 52 Lab #5: Dialer Profiles 61 Equipment Needed 61 Configuration Overview 61 ISDN Switch Setup .61 Router Configuration .61 RouterA 61 RouterB 62 Monitoring and Testing the Configuration 63 Lab #6: ISDN BRI to ISDN PRI 67 Equipment Needed 67 Configuration Overview 67 ISDN Switch Setup .67 Router Configuration .67 RouterA 67 RouterB 68 Monitoring and Testing the Configuration 69 Lab #7: Snapshot Routing 77 Equipment Needed 77 Configuration Overview 77 ISDN Switch Setup .77 Router Configuration .78 RouterA 78 RouterB 79 Monitoring and Testing the Configuration 79 Lab #8: OSPF Demand Circuits 82 Equipment Needed 82 ii Table of Contents Chapter 3: ISDN Configuration Overview 83 ISDN Switch Setup .83 Router Configuration .83 RouterA 83 RouterB 84 Monitoring and Testing the Configuration 85 Lab #9: PPP Callback 89 Equipment Needed 89 Configuration Overview 89 ISDN Switch Setup .89 Router Configuration .89 RouterA 89 RouterB 90 Monitoring and Testing the Configuration 91 Lab #10: Dialer Watch 94 Equipment Needed 94 Configuration Overview 94 ISDN Switch Setup .95 Router Configuration .95 RouterA 95 RouterB 96 Monitoring and Testing the Configuration 97 Lab #11: ISDN Troubleshooting 99 Equipment Needed 100 Configuration Overview 100 ISDN Switch Setup .100 Router Configuration .100 RouterA .100 RouterB .101 Monitoring and Testing the Configuration 102 Conclusion 114 Chapter 4: Frame Relay .115 Overview 115 Introduction 115 Frame Relay Technology Overview 115 The Justification for Frame Relay .115 What Is Frame Relay 116 Frame Relay Terminology .117 Frame Relay Addressing .117 Frame Relay Frame Format 118 Frame Relay Congestion Control 120 Frame Relay Error Handling .120 Frame Relay Class of Service .120 Local Management Interface .121 Status Request from the Router to the Frame Relay Switch .122 Status Reply from the Frame Relay Switch to Router 123 Full Status Request from the Router to the Frame Relay Switch 123 Full Status Reply from the Frame Relay Switch to the Router 124 Asynchronous Status Updates .124 Status Request from the Router to the Frame Relay Switch .125 iii Table of Contents Chapter 4: Frame Relay Status Reply from the Frame Relay Switch to the Router 125 Asynchronous Update from the Frame Relay Switch to the Router 126 Status Request from the Router to the Frame Relay Switch .126 Inverse Address Resolution Protocol (Inverse ARP) 127 Inverse ARP Request 127 Inverse ARP Reply 128 Cisco Frame Relay Capabilities 128 Frame Relay Switching .129 IETF and Cisco Encapsulation 129 Traffic Shaping 130 DE Support 131 BECN Support 131 Payload Compression 131 LMI Autosense 131 Commands Discussed in This Chapter 131 Definitions 132 IOS Requirements 133 Lab #12: Configuring a Cisco Routeras a Frame Relay Switch 133 Equipment Needed 134 Configuration Overview 134 Router Configuration .134 RouterA (Frame Relay DTE) 134 RouterB (Frame Relay DTE) 135 FrameSwitch (Frame Relay Switch) 135 Monitoring and Testing the Configuration 137 Lab #13: Configuring LMI Autosense 141 Equipment Needed 141 Configuration Overview 141 Router Configuration .141 Frameswitch 141 Router B 142 Monitoring and Testing the Configuration 142 Demonstrating the Configuration 144 Annex D Request from RouterB to FrameSwitch .144 Annex A Request from RouterB to FrameSwitch .145 Cisco LMI Request from RouterB to FrameSwitch 145 FrameSwitch Response to RouterB Cisco LMI Status Request 146 Lab #14: Configuring Cisco Discard Eligibility Support 146 Equipment Needed 146 Configuration Overview 146 Router Configuration .147 FrameSwitch (Frame Relay Switch) 147 RouterA (Frame Relay DTE) 148 RouterB (Frame Relay DTE) 148 Monitoring and Testing the Configuration 148 Lab #15: Frame Relay Map Statements .153 Equipment Needed 153 Configuration Overview 153 Router Configuration .153 FrameSwitch (Frame Relay Switch) 153 RouterA (Frame Relay DTE) 154 iv Table of Contents Chapter 4: Frame Relay RouterB (Frame Relay DTE) 155 Monitoring and Testing the Configuration 155 Lab #16: Full Connectivity witha Partial PVC Mesh and FrameRelay Map Statements 159 Equipment Needed 159 Configuration Overview 159 Router Configuration .160 FrameSwitch (Frame Relay Switch) 160 RouterA (Frame Relay DTE) 161 RouterB (Frame Relay DTE) 161 RouterC (Frame Relay DTE) 162 Monitoring and Testing the Configuration 162 Lab #16: Full Connectivity witha Partial PVC Mesh and FrameRelay Map Statements 167 Equipment Needed 167 Configuration Overview 168 Router Configuration .168 FrameSwitch (Frame Relay Switch) 168 RouterA (Frame Relay DTE) 169 RouterB (Frame Relay DTE) 169 RouterC (Frame Relay DTE) 170 Monitoring and Testing the Configuration 170 Lab #17: Full Connectivity with a Partial PVC Mesh and Subinterfaces 176 Equipment Needed 176 Configuration Overview 176 Router Configuration .177 FrameSwitch (Frame Relay Switch) 177 RouterA (Frame Relay DTE) 177 RouterB (Frame Relay DTE) 178 RouterC (Frame Relay DTE) 178 Monitoring and Testing the Configuration 179 Lab #18: Frame Relay Traffic Shaping .184 Equipment Needed 184 Configuration Overview 184 Router Configuration .184 FrameSwitch (Frame Relay Switch) 184 RouterA (Frame Relay DTE) 185 RouterB (Frame Relay DTE) 185 Monitoring and Testing the Configuration 186 Lab #19: Monitoring and Troubleshooting Frame Relay Connections .190 Equipment Needed 190 Configuration Overview 190 Router Configuration .190 FrameSwitch (Frame Relay Switch) 190 RouterA (Frame Relay DTE) 191 RouterB (Frame Relay DTE) 191 Monitoring and Testing the Configuration 192 Conclusion 196 Chapter 5: Asynchronous Transfer Mode (ATM) .197 Overview 197 Introduction 197 ATM Overview 197 v Table of Contents Chapter 5: Asynchronous Transfer Mode (ATM) ATM Protocol Stack 198 ATM Cell Basic Format 199 ATM Cell Header 199 ATM Addressing 200 Components of an ATM Network .200 ATM Physical Interfaces .201 ATM Call Types 201 ATM Switching Operation 201 ATM Classes of Service 202 ATM Quality of Service (QOS) 202 ATM with a Non−ATM Device 202 ATM LANE 203 Cisco ATM Capabilities 204 Commands Discussed in This Chapter 204 Definitions 205 IOS Requirements 205 Lab #20: ATM Configuration on a Cisco 4500 206 Equipment Needed 206 Configuration Overview 206 Router Configuration .206 RouterA .206 RouterB .207 Monitoring and Testing the Configuration 207 Lab #21: ATM Loopbacks on a Cisco 4500 210 Equipment Needed 210 Configuration Overview 210 Router Configuration .211 RouterA .212 RouterB .212 Monitoring and Testing the Configuration Loopback Diagnostic 213 Loopback Line .216 Lab #22: ATM LANE 218 Equipment Needed 218 Configuration Overview 218 Router and Switch Configuration 218 RouterA .219 RouterB .219 LS1010 220 Monitoring and Testing the Configuration 221 Troubleshooting ATM 223 Conclusion 224 Chapter 6: Routing Information Protocol 225 Overview 225 Introduction 225 Technology Overview 225 Routing Loops .226 RIP Message Format 228 Commands Discussed in This Chapter 228 Definitions 229 IOS Requirements 229 vi Table of Contents Chapter 6: Routing Information Protocol Lab #23: Basic RIP Configuration .229 Equipment Needed 229 Configuration Overview 230 Router Configurations 230 RouterA .230 RouterB .231 RouterC .231 Monitoring and Testing the Configuration 232 Lab #24: Passive Interface Configuration 233 Equipment Needed 233 Configuration Overview 233 Router Configurations 234 RouterA .234 RouterB .234 RouterC .235 Monitoring and Testing the Configuration 235 Lab #25: RIP Timer Configurations 236 Equipment Needed 236 Configuration Overview 236 Router Configurations 237 RouterA .237 RouterB .238 RouterC .239 Monitoring and Testing the Configuration 239 Lab #26: Configuring Unicast RIP Updates 241 Equipment Needed 241 Router Configurations 241 RouterA .241 Monitoring and Testing the Configuration 242 Lab #27: RIP and Discontiguous Networks 242 Equipment Needed 242 Router Configurations 243 RouterA .243 RouterB .243 Monitoring and Testing the Configuration 244 Troubleshooting RIP 245 Conclusion 246 Chapter 7: Interior Gateway Routing Protocol 248 Overview 248 Introduction 248 Technology Overview 248 Routing Loops .248 Split Horizon .248 Poison Reverse 249 Holddown 249 Flash Updates 250 IGRP Routes 250 Commands Discussed in This Chapter 250 Definitions 250 IOS Requirements 251 vii Table of Contents Chapter 7: Interior Gateway Routing Protocol Lab #28: Basic IGRP Configuration 251 Equipment Needed 251 Configuration Overview 252 Router Configurations 252 RouterA .252 RouterB .252 RouterC .253 Monitoring and Testing the Configuration 254 Lab #28: Basic IGRP Configuration 255 Equipment Needed 255 Configuration Overview 255 Router Configurations 256 RouterA .256 RouterB .256 RouterC .257 Monitoring and Testing the Configuration 257 Lab #29: Passive Interface Configuration 259 Equipment Needed 259 Configuration Overview 259 Router Configurations 260 RouterA .260 RouterB .261 RouterC .261 Monitoring and Testing the Configuration 262 Lab #30: IGRP Unequal−Cost Load Balancing 263 Equipment Needed 263 Overview .263 Configuration Overview 264 Router Configurations 264 RouterA .264 RouterB .265 RouterC .265 Monitoring and Testing the Configuration 266 Lab #31: IGRP Timer Configurations .267 Equipment Needed 267 Configuration Overview 267 Router Configurations 268 RouterA .268 RouterB .269 RouterC .270 Monitoring and Testing the Configuration 270 Lab #32: Configuring Unicast IGRP Updates 271 Equipment Needed 271 Router Configurations 271 RouterA .271 Monitoring and Testing the Configuration 272 Troubleshooting IGRP .272 Conclusion 274 viii Table of Contents Chapter 8: OSPF 275 Overview 275 Introduction 275 OSPF Terminology 275 Technology Overview 276 Link State Routing Protocol 276 Flooding 277 Dijkstra Algorithm 277 Areas 277 Backbone Area 277 Designated Router (DR) 278 OSPF Protocol Packets 278 Link State Advertisements 279 Router Link 279 Network Link 280 Summary Link .280 External Link .280 How It Works 280 How an Adjacency Is Formed .281 Sniffer Trace of Database Synchronization 282 OSPF Network Types 287 Broadcast .287 Non−Broadcast 288 Point−to−Point 289 Point−to−Multipoint 289 Commands Discussed in This Chapter 289 Definitions 290 IOS Requirements 292 Lab #33: Basic OSPF Configuration 292 Equipment Needed 292 Configuration Overview 292 Enabling OSPF 292 Router Configurations 293 RouterA .293 RouterB .293 Monitoring and Testing the Configuration 294 Lab #34: Configuring OSPF Priority "DR Election" 296 Equipment Needed 296 Configuration Overview 296 Router Configurations 296 RouterA .296 RouterB .297 RouterC .298 RouterD .298 Monitoring and Testing the Configuration 299 Lab #35: Configuring OSPF Virtual Links 300 Equipment Needed 300 Configuration Overview 301 Router Configurations 301 RouterA .301 RouterB .302 RouterC .302 ix ip cef ← CEF must be enabled in all routers running MPLS ! ! interface Serial0/0 ip address 194.1.1.2 255.255.255.252 tag−switching ip ← CEF must be enabled in all ingress interfaces receiving unlabeled packets ! interface Serial0/1 ip address 195.1.1.1 255.255.255.252 tag−switching ip ← CEF must be enabled in all ingress interfaces receiving unlabeled packets clockrate 1000000 ! router ospf 64 log−adjacency−changes network 194.1.1.0 0.0.0.255 area ! ip classless ip http server ! line transport input none line aux line vty login ! end RouterD ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password−encryption ! hostname RouterD ! ip subnet−zero no ip finger ! ! interface Ethernet0/0 ip address 10.1.2.1 255.255.255.0 no keepalive ! interface Serial0/0 ip address 195.1.1.2 255.255.255.252 ! ip classless ip route 0.0.0.0 0.0.0.0 195.1.1.1 ip http server ! line transport input none line aux line vty login ! end 853 Monitoring and Testing the Configuration PE routers (RouterB and RouterC) use MP−iBGP to distribute VPN routes to one another When a PE router advertises VPN routes to another PE, it does so using itself as the BGP next−hop address This address should be the 32−bit loopback address on the router This 32−bit address also needs to be advertised into the IGP routing tables of the backbone This enables MPLS to assign a label corresponding to the route to each PE router The following commands configure a 32−bit loopback address on RouterB and RouterC, and advertise this address via OSPF RouterB(config)#interface loopback RouterB(config−if)#ip address 1.1.1.1 255.255.255.255 RouterB(config−if)#exit RouterB(config)#router ospf 64 RouterB(config−router)#network 1.1.1.1 0.0.0.0 area RouterC(config)#interface loopback RouterC(config−if)#ip address 2.2.2.2 255.255.255.255 RouterC(config−if)#exit RouterC(config)#router ospf 64 RouterC(config−router)#network 2.2.2.2 0.0.0.0 area As discussed earlier in the chapter, MPLS/VPN uses MP−iBGP to distribute VPN routes from PE to PE The next step is to configure MP−iBGP between the two PE routers — in our case, RouterC and RouterB By default, when a BGP session on a Cisco router is configured, it is activated to carry IPV4 addresses The command no bgp default ipv4−unicast disables this behavior The following commands enable the BGP process and disable the default ipv4 Unicast behavior on RouterC and RouterB: RouterB(config)#router bgp RouterB(config−router)#no bgp default ipv4−unicast RouterC(config)#router bgp RouterC(config−router)#no bgp default ipv4−unicast The BGP neighbors are now defined under the global BGP process The neighbor address is the 32−bit loopback address of the remote router The update source (the address that BGP advertises as the next hop) should be the loopback address of the local router The last step is to activate the neighbor The following commands configure the IBGP session between RouterB and RouterC RouterB(config)#router bgp RouterB(config−router)#neighbor 2.2.2.2 remote−as RouterB(config−router)#neighbor 2.2.2.2 update−source loopback RouterB(config−router)#neighbor 2.2.2.2 activate RouterC(config)#router bgp RouterC(config−router)#neighbor 1.1.1.1 remote−as RouterC(config−router)#neighbor 1.1.1.1 update−source loopback RouterC(config−router)#neighbor 1.1.1.1 activate The BGP session now needs to be activated to carry VPN−IPv4 prefixes This is done through the use of an address family The VPN−IPv4 address family is configured under the BGP process and then the neighbor is activated The following commands configure the BGP neighbor session on RouterB and RouterC to carry VPN−IPv4 prefixes RouterB(config)#router bgp RouterB(config−router)#address−family vpnv4 RouterB(config−router−af)#neighbor 2.2.2.2 activate RouterC(config)#router bgp RouterC(config−router)#address−family vpnv4 RouterC(config−router−af)#neighbor 1.1.1.1 activate 854 Verify that the BGP session is established and configured to carry VPN−IPv4 prefixes on RouterC To this, display the BGP neighbors with the command show ip bgp neighbors The following is the truncated output from the command on RouterC Notice the BGP state is established and the neighbor is configured to support VPN−IPv4 RouterC#show ip bgp neighbors BGP neighbor is 1.1.1.1, remote AS 1, internal link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 00:03:03 Last read 00:00:03, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Received 22 messages, notifications, in queue Sent 22 messages, notifications, in queue Route refresh request: received 0, sent Default minimum time between advertisement runs is seconds Next, a VRF instance must be configured on RouterB and RouterC for VPNA Under the VRF, a route distinguisher (RD) must be configured Routes from that VRF will be tagged with the RD The purpose of the RD is to create distinct routes to a common IPv4 address prefix, allowing the same IP address to be used across multiple VPNs The PE can be configured to associate all routes leading to the same CE with the same RD, or it may be configured to associate different routes with different RDs — even if they lead to the same CE In this lab, all routes in VPNA will have the RD of 1:100 The following commands configure vrf VPNA using RD 1:100 on the two routers RouterB(config)#ip vrf VPNA RouterB(config−vrf)#rd 1:100 RouterC(config)#ip vrf VPNA RouterC(config−vrf)#rd 1:100 Configure the import and export policies for each VRF These policies are used to advertise routes out of the VRF (export) and populate routes into the VRF (import) The following commands configure VPNA on RouterA and RouterB to export all routes with the extended community route target of 1:100 and to import all routes into the VRF that have a route target of 1:100 RouterB(config)#ip vrf VPNA RouterB(config−vrf)#route−target both 1:100 RouterC(config)#ip vrf VPNA RouterC(config−vrf)#route−target both 1:100 After the VRF is configured on the PE, you must tell the router which interfaces belong in that particular VRF This is done under the interface with the command ip vrf forwarding The following commands associates interface S0/1 on RouterB connecting to RouterA and interface S0/1 on RouterC connecting to RouterD with vrf VPNA RouterB(config)#interface s0/1 RouterB(config−if)#ip vrf forwarding VPNA RouterC(config)#interface s0/1 RouterC(config−if)#ip vrf forwarding VPNA After you configure the interface, you will receive the following message indicating the IP address has been removed The IP address will need to be re−added 855 % Interface Serial0/1 IP address 195.1.1.1 removed due to enabling VRF VPNA Verify the VPN configuration on RouterC with the command show ip vrf detail VPNA The following is the output from the command Notice that the RD is set to 1:100, interface S0/1 is associated with the VRF, and the import and export policies are configured RouterC#show ip vrf detail VPNA VRF VPNA; default RD 1:100 Interfaces: Serial0/1 Connected addresses are not in global routing table Export VPN route−target communities RT:1:100 Import VPN route−target communities RT:1:100 No import route−map No export route−map The final step is to get the customer prefixes (routes from RouterA and RouterB) into the VRF This can be accomplished by running a dynamic routing protocol such as RIP or OSPF between the PE and CE (RouterA and RouterB) or through static routes This lab will use static routing The static route for vrf VPNA will need to be configured and redistributed into MP−iBGP under the address family The following commands configure the static route and redistribute it into MP−iBGP on RouterB and RouterC RouterB(config)#ip route vrf VPNA 10.1.1.0 255.255.255.0 serial 0/0 RouterB(config)#router bgp RouterB(config−router)#address−family ipv4 vrf VPNA RouterB(config−router−af)#redistribute static RouterC(config)# ip route vrf VPNA 10.1.2.0 255.255.255.0 serial 0/1 RouterC(config)#router bgp RouterC(config−router)#address−family ipv4 vrf VPNA RouterC(config−router−af)#redistribute static From RouterB, view the routing table for VPNA with the command show ip route vrf VPNA The following is the output from the command Notice we have a route to network 10.1.2.0 RouterB#show ip route vrf VPNA Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGP D − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter area N1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGP i − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area * − candidate default, U − per−user static route, o − ODR P − periodic downloaded static route Gateway of last resort is not set B S C 10.0.0.0/24 is subnetted, subnets 10.1.2.0 [200/0] via 2.2.2.2, 00:11:26 10.1.1.0 is directly connected, Serial0/0 193.1.1.0/24 is directly connected, Serial0/0 856 Lab #119: Building MPLS VPNs Using OSPF Equipment Needed The following equipment is needed to perform this lab exercise: • Two Cisco routers, each having one Ethernet and one serial port • Two Cisco routers, each having two serial interfaces • Cisco IOS capable of running MPLS • A PC running a terminal emulation program • Three Cisco DTE/DCE crossover cables • A Cisco rolled cable Configuration Overview This lab will demonstrate a basic MPLS VPN configuration using OSPF from PE to CE All of the routers will be configured for MPLS and use Tag Distribution Protocol (TDP) to distribute label bindings between routers RouterB and RouterC will be configured as provider edge routers, and RouterA and RouterD will be configured as customer edge routers in VPNA MPLS/VPN will be used to create a VPN between RouterA and RouterD across an MPLS core All of the routers are connected serially via crossover cables RouterB will act as the DCE supplying clock to RouterA and RouterC, and RouterC will supply clock to RouterD OSPF will be run between RouterB and RouterC MP−iBGP will be run between RouterB and RouterD to advertise customer VPN routes between the two PE routers RouterB and RouterC learn the routes from VPNA through OSPF TDP will be run on each router to distribute the label−binding information RouterA and RouterD will have a default routing point to RouterB and RouterC, respectively The IP addresses are assigned as per Figure 27−9 Figure 27−9: Building MPLS VPNs using OSPF from PE to CE Router Configurations The configurations for the four routers in this example are as follows Key MPLS configurations are bolded Cisco express forwarding (CEF) must be enabled in all routers running MPLS Routers that are receiving unlabeled IP packets that will be propagated as labeled packets must have the ingress interface configured for CEF MPLS/VPN commands will be added and explained in the monitoring and trouble shooting section RouterA ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password−encryption ! hostname RouterA ip subnet−zero no ip finger ! ! interface Ethernet0/0 857 ip address 10.1.1.1 255.255.255.0 no keepalive ! interface Serial0/0 ip address 193.1.1.1 255.255.255.252 no ip mroute−cache no fair−queue ! ! ip classless no ip http server ! line transport input none line aux line vty login ! end RouterB ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password−encryption ! hostname RouterB ! ip subnet−zero no ip finger ! ip cef ← CEF must be enabled in all routers running MPLS ! interface Serial0/0 ip address 193.1.1.2 255.255.255.252 tag−switching ip ← CEF must be enabled in all ingress interfaces receiving unlabeled packets clockrate 1000000 ! interface Serial0/1 ip address 194.1.1.1 255.255.255.252 tag−switching ip ← CEF must be enabled in all ingress interfaces receiving unlabeled packets clockrate 1000000 ! router ospf 64 log−adjacency−changes network 194.1.1.0 0.0.0.255 area ! ip classless ip http server ! line transport input none line aux line vty login ! end 858 RouterC version 12.1 service timestamps debug uptime service timestamps log uptime no service password−encryption ! hostname RouterC ! ! ip subnet−zero no ip finger ! ip cef ← CEF must be enabled in all routers running MPLS ! ! interface Serial0/0 ip address 194.1.1.2 255.255.255.252 tag−switching ip ← CEF must be enabled in all ingress interfaces receiving unlabeled packets ! interface Serial0/1 ip address 195.1.1.1 255.255.255.252 tag−switching ip ← CEF must be enabled in all ingress interfaces receiving unlabeled packets clockrate 1000000 ! router ospf 64 log−adjacency−changes network 194.1.1.0 0.0.0.255 area ! ip classless ip http server ! line transport input none line aux line vty login ! end RouterD ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password−encryption ! hostname RouterD ! ip subnet−zero no ip finger ! ! interface Ethernet0/0 ip address 10.1.2.1 255.255.255.0 no keepalive ! interface Serial0/0 ip address 195.1.1.2 255.255.255.252 ! ip classless 859 ip http server ! line transport input none line aux line vty login ! end Monitoring and Testing the Configuration PE routers (RouterB and RouterC) use IBGP to distribute VPN routes to one another When a PE router advertises VPN routes to another PE, it does so using itself as the BGP next−hop address This address should be the 32−bit loopback address on the router This 32−bit address also needs to be advertised into the IGP routing tables of the backbone This enables MPLS to assign a label corresponding to the 32−bit loopback address of each PE router The following commands configure a 32−bit loopback address on RouterB and RouterC and advertise this address via OSPF RouterB(config)#interface loopback RouterB(config−if)#ip address 1.1.1.1 255.255.255.255 RouterB(config−if)#exit RouterB(config)#router ospf 64 RouterB(config−router)#network 1.1.1.1 0.0.0.0 area RouterC(config)#interface loopback RouterC(config−if)#ip address 2.2.2.2 255.255.255.255 RouterC(config−if)#exit RouterC(config)#router ospf 64 RouterC(config−router)#network 2.2.2.2 0.0.0.0 area As discussed earlier in the chapter, MPLS/VPN uses MP−iBGP to distribute VPN routes from PE to PE The next step is to configure MP−iBGP between the two PE routers — in our case, RouterC and RouterB By default, when a BGP session on a Cisco router is configured, it is activated to carry IPV4 addresses The command no bgp default ipv4−unicast disables this behavior The following commands enable the BGP process and disable the default ipv4 Unicast behavior on RouterC and RouterB RouterB(config)#router bgp RouterB(config−router)#no bgp default ipv4−unicast RouterC(config)#router bgp RouterC(config−router)#no bgp default ipv4−unicast The BGP neighbors are now defined under the global BGP process The neighbor address is the 32−bit loopback address of the remote router The update source (the address that BGP advertises as the next hop) should be the loopback address of the local router The last step is to activate the neighbor The following commands configure the MP−iBGP session between RouterB and RouterC RouterB(config)#router bgp RouterB(config−router)#neighbor 2.2.2.2 remote−as RouterB(config−router)#neighbor 2.2.2.2 update−source loopback RouterB(config−router)#neighbor 2.2.2.2 activate RouterC(config)#router bgp RouterC(config−router)#neighbor 1.1.1.1 remote−as RouterC(config−router)#neighbor 1.1.1.1 update−source loopback RouterC(config−router)#neighbor 1.1.1.1 activate The BGP session now needs to be activated to carry VPN−IPv4 prefixes This is done through the use of an address family The VPN−IPv4 address family is configured under the BGP process and then the neighbor is activated The following commands configure the BGP neighbor session on RouterB and RouterC to carry VPN−IPv4 prefixes 860 RouterB(config)#router bgp RouterB(config−router)#address−family vpnv4 RouterB(config−router−af)#neighbor 2.2.2.2 activate RouterC(config)#router bgp RouterC(config−router)#address−family vpnv4 RouterC(config−router−af)#neighbor 1.1.1.1 activate Verify that the BGP session is established and configured to carry VPN−IPv4 prefixes on RouterC To this, display the BGP neighbors with the command show ip bgp neighbors The following is the truncated output from the command on RouterC Notice the BGP state is established and the neighbor supports VPN−IPv4 RouterC#show ip bgp neighbors BGP neighbor is 1.1.1.1, remote AS 1, internal link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 00:03:03 Last read 00:00:03, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Received 22 messages, notifications, in queue Sent 22 messages, notifications, in queue Route refresh request: received 0, sent Default minimum time between advertisement runs is seconds Next, a VRF must be configured on RouterB and RouterC for VPNA Under the VRF, a route distinguisher (RD) must be configured Routes from that VRF will be tagged with the RD The purpose of the RD is to create distinct routes to a common IPv4 address prefix, allowing the same IP address to be used across multiple VPNs The PE can be configured to associate all routes leading to the same CE with the same RD, or it may be configured to associate different routes with different RDs, even if they lead to the same CE In this lab, all routes in VPNA will have the RD of 1:100 The following commands configure the vrf VPNA using RD 1:100 on the two routers RouterB(config)#ip vrf VPNA RouterB(config−vrf)#rd 1:100 RouterC(config)#ip vrf VPNA RouterC(config−vrf)#rd 1:100 Configure the import and export policies for each VRF These policies are used to advertise routes out of the VRF (export) and populate routes into the VRF (import) The following commands configure VPNA on RouterA and RouterB to export all routes with the extended community route target of 1:100 and to import all routes into the VRF that have a route target of 1:100 RouterB(config)#ip vrf VPNA RouterB(config−vrf)#route−target both 1:100 RouterC(config)#ip vrf VPNA RouterC(config−vrf)#route−target both 1:100 After the VRF is configured on the PE, you must tell the router which interfaces belong in that particular VRF This is done under the interface with the command ip vrf forwarding The following commands associate interface S0/1 on RouterB connecting to RouterA and interface S0/1 on RouterC connecting to RouterD with vrf VPNA RouterB(config)#interface s0/1 RouterB(config−if)#ip vrf forwarding VPNA 861 RouterC(config)#interface s0/1 RouterC(config−if)#ip vrf forwarding VPNA After you configure the interface, you will receive the following message indicating the IP address has been removed The IP address will need to be re−added % Interface Serial0/1 IP address 195.1.1.1 removed due to enabling VRF VPNA Verify the VPN configuration on RouterC with the command show ip vrf detail VPNA The following is the output from the command Notice that the RD is set to 1:100, interface S0/1 is associated with the VRF, and the import and export policies are configured RouterC#show ip vrf detail VPNA VRF VPNA; default RD 1:100 Interfaces: Serial0/1 Connected addresses are not in global routing table Export VPN route−target communities RT:1:100 Import VPN route−target communities RT:1:100 No import route−map No export route−map The final step is to get the customer prefixes (routes from RouterA and RouterB) into the VRF This can be accomplished by running a dynamic routing protocol such as RIP or OSPF between the PE and CE (RouterA and RouterB) or through static routes This lab will use OSPF The following commands configure OSPF on RouterA and RouterD RouterA(config)#router ospf 100 RouterA(config−router)#network 10.1.1.0 0.0.0.255 area RouterA(config−router)#network 193.1.1.0 0.0.0.255 area RouterD(config)#router ospf 100 RouterD(config−router)#network 10.1.2.0 0.0.0.255 area RouterD(config−router)#network 195.1.1.0 0.0.0.255 area An OSPF process is needed for vrf VPNA on RouterC and RouterB Once configured, this process needs to be redistributed into MP−iBGP under the address family The following commands configure OSPF on RouterB and RouterC Notice that the router OSPF command has been extended to support VPNs RouterB(config)#router ospf 100 vrf VPNA RouterB(config−router)#network 193.1.1.2 0.0.0.0 area RouterC(config)#router ospf 100 vrf VPNA RouterC(config−router)#network 195.1.1.1 0.0.0.0 area Verify that the OSPF process is configured on RouterB with the command show ip ospf The following is the output from the command Notice that OSPF process 100, which is configured for VPNA, is connected to the MPLS VPN backbone RouterB#show ip ospf Routing Process "ospf 100" with ID 193.1.1.2 and Domain ID 0.0.0.100 Supports only single TOS(TOS0) routes Supports opaque LSA Connected to MPLS VPN Superbackbone It is an area border router SPF schedule delay secs, Hold time between two SPFs 10 secs Minimum LSA interval secs Minimum LSA arrival secs Number of external LSA Checksum Sum 0x0 Number of opaque AS LSA Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 862 Number of DoNotAge external and opaque AS LSA Number of areas in this router is 1 normal stub nssa External flood list length Area BACKBONE(0) Number of interfaces in this area is Area has no authentication SPF algorithm executed times Area ranges are Number of LSA Checksum Sum 0x10BA3 Number of opaque link LSA Checksum Sum 0x0 Number of DCbitless LSA Number of indication LSA Number of DoNotAge LSA Flood list length Routing Process "ospf 64" with ID 1.1.1.1 and Domain ID 0.0.0.64 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay secs, Hold time between two SPFs 10 secs Minimum LSA interval secs Minimum LSA arrival secs Number of external LSA Checksum Sum 0x0 Number of opaque AS LSA Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA Number of DoNotAge external and opaque AS LSA Number of areas in this router is 1 normal stub nssa External flood list length Area BACKBONE(0) Number of interfaces in this area is Area has no authentication SPF algorithm executed times Area ranges are Number of LSA Checksum Sum 0xBB67 Number of opaque link LSA Checksum Sum 0x0 Number of DCbitless LSA Number of indication LSA Number of DoNotAge LSA Flood list length Verify that vrf VPNA on RouterB has learned the networks from RouterA, with the command show ip route vrf VPNA The following is the output from the command Note that networks 10.1.1.0 and 193.1.1.0 are in VPNA's routing table RouterB#show ip route vrf VPNA Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGP D − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter area N1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGP i − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area * − candidate default, U − per−user static route, o − ODR P − periodic downloaded static route Gateway of last resort is not set O O C 10.0.0.0/24 is subnetted, subnets 10.1.1.0 [110/58] via 193.1.1.1, 00:13:35, Serial0/0 193.1.1.0/24 is variably subnetted, subnets, masks 193.1.1.0/30 [110/96] via 193.1.1.1, 00:13:35, Serial0/0 193.1.1.0/24 is directly connected, Serial0/0 Once configured, OSPF process 100 needs to be redistributed into MP−iBGP under the address family The following commands redistribute OSPF process 100 into MP−IBGP on RouterB and RouterC RouterB(config)#router bgp RouterB(config−router)#address−family ipv4 vrf VPNA RouterB(config−router−af)#redistribute ospf 100 863 RouterC(config)#router bgp RouterC(config−router)#address−family ipv4 vrf VPNA RouterC(config−router−af)#redistribute ospf 100 From RouterB, view the routing table for VPNA with the command show ip route vrf VPNA The following is the output from the command Notice we now have a route to networks 10.1.2.0 and 195.1.1.0 RouterB#show ip route vrf VPNA Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGP D − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter area N1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGP i − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area * − candidate default, U − per−user static route, o − ODR P − periodic downloaded static route Gateway of last resort is not set B O O C B B 10.0.0.0/24 is subnetted, subnets 10.1.2.0 [200/58] via 2.2.2.2, 00:00:42 10.1.1.0 [110/58] via 193.1.1.1, 00:23:05, Serial0/0 193.1.1.0/24 is variably subnetted, subnets, masks 193.1.1.0/30 [110/96] via 193.1.1.1, 00:23:05, Serial0/0 193.1.1.0/24 is directly connected, Serial0/0 195.1.1.0/24 is variably subnetted, subnets, masks 195.1.1.0/24 [200/0] via 2.2.2.2, 00:00:42 195.1.1.0/30 [200/96] via 2.2.2.2, 00:00:42 Display the routing table on RouterA, with the command show ip route The following is the output Notice that RouterA has not learned about networks 10.1.2.0 or 195.1.1.0 RouterA#show ip route Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGP D − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter area N1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGP i − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area * − candidate default, U − per−user static route, o − ODR P − periodic downloaded static route Gateway of last resort is not set C O C 10.0.0.0/24 is subnetted, subnets 10.1.1.0 is directly connected, Ethernet0/0 193.1.1.0/24 is variably subnetted, subnets, masks 193.1.1.0/24 [110/96] via 193.1.1.2, 00:02:45, Serial0/0 193.1.1.0/30 is directly connected, Serial0/0 The reason is that the routes that are in vrf VPNA that have been learned by MP−iBGP on RouterB need to be redistributed into OSPF process 100 The following commands redistribute the routes in vrf VPNA on RouterB and RouterC learned from MP−iBGP into OSPF process 100 RouterB(config)#router ospf 100 vrf VPNA RouterB(config−router)#redistribute bgp subnets metric 20 Routerc(config)#router ospf 100 vrf VPNA Routerc(config−router)#redistribute bgp subnets metric 20 Display the routing table on RouterA with the command show ip route The following is the output Notice that RouterA now has learned about network 10.1.2.0 or 195.1.1.0 RouterA#show ip route Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGP D − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter area 864 N1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGP i − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area * − candidate default, U − per−user static route, o − ODR P − periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, subnets 10.1.2.0 [110/68] via 193.1.1.2, 00:04:29, Serial0/0 10.1.1.0 is directly connected, Ethernet0/0 193.1.1.0/24 is variably subnetted, subnets, masks O 193.1.1.0/24 [110/96] via 193.1.1.2, 00:04:29, Serial0/0 C 193.1.1.0/30 is directly connected, Serial0/0 195.1.1.0/24 is variably subnetted, subnets, masks O IA 195.1.1.0/30 [110/68] via 193.1.1.2, 00:04:29, Serial0/0 O IA 195.1.1.0/24 [110/68] via 193.1.1.2, 00:04:30, Serial0/0 O IA C Verify that RouterA can reach network 10.1.2.1 on RouterD using the ping command on RouterA RouterA#ping 10.1.2.1 Type escape sequence to abort Sending 5, 100−byte ICMP Echos to 10.1.2.1, timeout is seconds: !!!!! Troubleshooting MPLS The Cisco IOS provides many tools for troubleshooting MPLS The following is a list of key commands along with sample output from each {show tag−switching interfaces} This exec command displays information about the requested interface or about all interfaces on which tag switching is enabled The following example shows a sample output from the command RouterA#show tag−switching interfaces Interface IP Tunnel Operational Serial0/0 Yes No Yes {show tag−switching tdp neighbor} This exec command displays the status of Tag Distribution Protocol (TDP) sessions The following example shows a sample output from the command RouterA#show tag−switching tdp neighbor Peer TDP Ident: 194.1.1.1:0; Local TDP Ident 193.1.1.1:0 TCP connection: 194.1.1.1.11000 − 193.1.1.1.711 State: Oper; PIEs sent/rcvd: 230/232; ; Downstream Up time: 03:18:39 TDP discovery sources: Serial0/0 Addresses bound to peer TDP Ident: 193.1.1.2 194.1.1.1 {show tag−switching tdp bindings} This exec command displays the contents to the tag information base (TIB) The following example shows a sample output from the command RouterA#show tag−switching tdp bindings tib entry: 192.1.1.0/24, rev local binding: tag: imp−null remote binding: tsr: 194.1.1.1:0, tag: 26 tib entry: 193.1.1.0/30, rev local binding: tag: imp−null remote binding: tsr: 194.1.1.1:0, tag: imp−null 865 {show tag−switching forwarding−table} This exec command displays the contents of the tag−forwarding information base (TFIB) The following example shows a sample output from the command RouterD#show tag−switching forwarding−table Local Outgoing Prefix Bytes tag tag tag or VC or Tunnel Id switched 26 26 192.1.1.0/24 27 27 193.1.1.0/30 28 Pop tag 194.1.1.0/30 Outgoing interface Se0/0 Se0/0 Se0/0 Next Hop point2point point2point point2point {show ip bgp neighbors} This exec command displays information about the TCP and BGP connections to neighbors This command can be used with the argument received routes or advertised−routes, which displays all updates that are sent to or received from a particular neighbor The following example shows a sample output from the command RouterC#show ip bgp neighbors BGP neighbor is 1.1.1.1, remote AS 1, internal link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 00:03:03 Last read 00:00:03, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Received 22 messages, notifications, in queue Sent 22 messages, notifications, in queue Route refresh request: received 0, sent Default minimum time between advertisement runs is seconds {show ip vrf detail} This exec command displays the set of defined VRFs and interfaces on the router The following example shows a sample output from the command RD 1:100 Interfaces: Serial0/1 Connected addresses are not in global routing table Export VPN route−target communities RT:1:100 Import VPN route−target communities RT:1:100 {show ip route vrf} This exec command is used to display the IP routing table associated with a VRF The following example shows a sample output from the command RouterB#show ip route vrf VPNA Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGP D − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter area N1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGP i − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area * − candidate default, U − per−user static route, o − ODR P − periodic downloaded static route Gateway of last resort is not set B S C 10.0.0.0/24 is subnetted, subnets 10.1.2.0 [200/0] via 2.2.2.2, 00:11:26 10.1.1.0 is directly connected, Serial0/0 193.1.1.0/24 is directly connected, Serial0/0 866 Conclusion MPLS is an emerging technology that aims to address many of the issues associated with packet forwarding in today's IP networks The ability to stack multiple labels on a packet has given rise to new applications such as traffic engineering, fast reroute, and VPNs 867 ... Contents All? ? ?in? ? ?One Cisco CCIE Lab Study Guide, Second Edition Chapter 1: Take the Lab Once and Pass Overview CCIE Lab Exams CCIE Routing and... .859 Monitoring and Testing the Configuration 860 Troubleshooting MPLS .865 Conclusion 867 xxviii All? ? ?in? ? ?One Cisco CCIE Lab Study Guide, Second Edition Stephen... Bridging, and Voice technology We hope you enjoy reading this book as much as we enjoyed writing it CCIE Lab Exams The CCIE lab exam is a challenging, hands−on assessment of your inter−networking

Ngày đăng: 14/03/2014, 15:12

TỪ KHÓA LIÊN QUAN