Escolar Documentos
Profissional Documentos
Cultura Documentos
Lab Guide
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES
IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER
PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL
IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A
PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product
may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
2 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Table of Contents
Lab Guide........................................................................................................................... 1
Overview ............................................................................................................................. 1
Outline ........................................................................................................................... 1
Job Aids .............................................................................................................................. 2
Pod Access Information ................................................................................................. 2
Device Information......................................................................................................... 2
IP Addressing ................................................................................................................ 3
Lab 1-1: Verify Host IP Configuration .................................................................................. 6
Activity Objective ........................................................................................................... 6
Visual Objective ............................................................................................................. 6
Required Resources ...................................................................................................... 6
Command List ............................................................................................................... 7
Task 1: Verify IP Configuration of a Windows Host ........................................................ 7
Task 2: Verify Connectivity ............................................................................................ 9
Task 3: Perform Forward and Reverse DNS Lookups ................................................. 10
Lab 1-2: Configure Subnetting ........................................................................................... 11
Activity Objective ......................................................................................................... 11
Visual Objective ........................................................................................................... 11
Required Resources .................................................................................................... 11
Command List ............................................................................................................. 11
Job Aids ...................................................................................................................... 11
Task 1: Divide Address Space into Correctly Sized Subnets ....................................... 11
Lab 2-1: Configure Cisco Switches .................................................................................... 13
Activity Objective ......................................................................................................... 13
Visual Objective ........................................................................................................... 14
Required Resources .................................................................................................... 14
Command List ............................................................................................................. 15
Task 1: Boot Cisco ME340x Switch and Perform Basic Configuration ......................... 17
Task 2: Enable SSH Access to the Switch ................................................................... 27
Task 3: Verify STP Operation ...................................................................................... 28
Task 4: Configuring EtherChannel ............................................................................... 30
Task 5: Configuring Port Security ................................................................................ 32
Lab 3-1: Configure Basic Router Configuration ................................................................. 34
Activity Objective ......................................................................................................... 34
Visual Objective ........................................................................................................... 34
Required Resources .................................................................................................... 35
Command List ............................................................................................................. 35
Task 1: Boot Cisco Router and Perform Basic Configuration ....................................... 37
Task 2: Basic EIGRP Configuration ............................................................................. 40
Lab 4-1: Implement Internet Connectivity .......................................................................... 43
Activity Objective ......................................................................................................... 43
Visual Objective ........................................................................................................... 43
Required Resources .................................................................................................... 43
Command List ............................................................................................................. 44
Task 1: Configure DHCP on CE Router ....................................................................... 45
Task 2: Configure Static Routing for Internet Access ................................................... 46
Task 3: Configure PAT on CE Router .......................................................................... 47
Lab 4-2: Configure Data Link Layer Encapsulation ............................................................ 49
Activity Objective ......................................................................................................... 49
Visual Objective ........................................................................................................... 49
Required Resources .................................................................................................... 49
Command List ............................................................................................................. 50
4 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
SPNGN1
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Job Aids
Lab 1-1: Verify Host IP Configuration
Lab 1-2: Configure Subnetting
Lab 2-1: Configure Cisco Switches
Lab 3-1: Configure Basic Router Configuration
Lab 4-1: Implement Internet Connectivity
Lab 4-2: Configure Data Link Layer Encapsulation
Lab 5-1: Configure Network Management Tools
Lab 5-2: Configure AAA
Answer Key
Appendix A: Lab Topology (Tear-Out)
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in each
pod and two pods will work in each team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have a redundant POS connection, as shown in the following topology:
Legend:
Gi
Fa
OC3 POS
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-4
6 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Device Roles and Loopback IP Addresses
Device Name Device Role Lo0 IPv4 Address Lo0 IPv6 Address
The following figure illustrates the interface identification used in this lab setup.
Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1
Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1
Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-5
IP Addressing
The following figure illustrates the IP addressing scheme used in this lab setup.
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1.0/24
192.168.2.0/24
192.168.1xy.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-6
The following figure illustrates the management IP addresses used in this lab setup.
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23
CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8
Team 3 Team 4
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-7
Note Replace the x or y with your pod number to get the IP subnets within your pod. Replace
the xy (where x < y) with numbers of the pods within the same team (for example, 12, 34,
56, or 78) to get IP subnets on the link between those pods.
8 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Pod IP Addressing
Core IP Addressing
P1 192.168.1.1/24 P2 192.168.1.2/24
2001:db8:192:168:1::1/80 2001:db8:192:168:1::2/80
192.168.2.1/24 192.168.2.2/24
2001:db8:192:168:2::1/80 2001:db8:192:168:2::2/80
Activity Objective
In this activity, you will be able to use Windows applications and commands to investigate the
IP configuration of your PC and your local network. After completing this activity, you will be
able to meet these objectives:
Use the ipconfig command to determine the current network addressing information of
your PC
Use the ping command to test connectivity to the default gateway
Use the nslookup command to perform forward and reverse DNS lookups
Visual Objective
The figure illustrates what you will accomplish in this activity.
NSLOOKUP
Student PC
Determine the current network
addressing information
Internet
Test connectivity
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-8
Required Resources
These are the resources and equipment that are required to complete this lab activity:
A PC connected to a functioning network, with connectivity to the Internet
10 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
Windows Commands
Command Description
Activity Procedure
Step 1 From the Windows desktop, click Start.
Step 2 Enter cmd in the dialog box. Press Return.
Step 3 In the Command Prompt window, enter ipconfig.
Your output should resemble one of these four examples:
Nonworking example 1: The output indicates no connectivity. The Ethernet cable is probably
not physically connected. Notice the Teredo Tunneling Pseudo-Interface that gives
full IPv6 connectivity for IPv6-capable hosts, which are on the IPv4 network but which have
no direct connection to an IPv6 network.
C:\Documents and Settings>ipconfig
< text omitted >
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . :
fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
Nonworking example 2: The output indicates that the PC is waiting to obtain its IP address
information automatically. This will be a transient outputit will either successfully get an
address or retry the ipconfig command periodically until it changes to one of these remaining
examples. Notice the link-local IPv6 address: fe80::21c:25ff:fe97:4aeb%5
C:\Documents and Settings>ipconfig
< text omitted >
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . :
fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . :
Working example 1: The output indicates that the PC either has a preconfigured IPv4 address
or that it successfully obtained its IP address automatically. Your IPv4 address, subnet mask, or
default gateway will most likely be different from what is shown.
C:\Documents and Settings>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : cisco.com
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . :
fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . : 192.168.1.1
Step 4 If you have a problem, ask your instructor for assistance. Continue only if you have
a valid IPv4 address. Write the IPv4 values that you obtained from the ipconfig
command in these spaces:
PC IP address ___________________
Subnet mask ___________________
IP default gateway address ___________________
Note There might be more than one network adapter available on a PC. The output of the
ipconfig command will show a different IP configuration for each network adapter.
Activity Verification
You have completed this task when you attain this result:
You obtained valid IP address information from the ipconfig command.
12 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Task 2: Verify Connectivity
The Windows ping command allows you to test the connectivity of the network. Its output
demonstrates success or failure, and gives an indication of the round-trip time taken.
Activity Procedure
Step 1 In the Command Prompt window, enter ping followed by the address of your default
gateway that you obtained in Task 1.
Step 2 The first example below is an unsuccessful ping. If you get this output, ask your
instructor for assistance.
Nonworking example: The output indicates that no reply was received from the target IP
address.
C:\Documents and Settings>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Note Notice that, by default, the Windows ping command sends four packets.
Activity Verification
You have completed this task when you attain these results:
You used the Windows ping command to test the connectivity to your default gateway
router.
The round-trip time should be less than 10 ms.
Activity Procedure
Step 1 From the Command Prompt window, enter nslookup www.cisco.com
The first example below shows forward DNS lookup for www.cisco.com. DNS
server used in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup www.cisco.com
Server: lab-x.cisco.com
Address: 192.168.100.100
Non-authoritative answer:
Name: origin-www.cisco.com
Address: 72.163.4.161
Aliases: www.cisco.com, www.cisco.com.akadns.net
geoprod.cisco.com.akadns.net
Step 2 From the Command Prompt window, enter nslookup 8.8.8.8
The second example below shows reverse DNS lookup for IP address 8.8.8.8 which
is a Google public DNS server with hostname google-public-dns-a.google.com. The
DNS server used in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup 8.8.8.8
Server: lab-x.cisco.com
Address: 192.168.100.100
Name: google-public-dns-a.google.com
Address: 8.8.8.8
Activity Verification
You have completed this task when you attain this result:
You used the Windows nslookup command to determine the IP address for
http://www.cisco.com and to determine the hostname for IP address 8.8.8.8.
14 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Lab 1-2: Configure Subnetting
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
In this activity, you will determine subnets of a given address range based on the number of
hosts. After completing this activity, you will be able to meet these objectives:
Determine the subnets based on a given number of hosts
Determine the maximum number of host addresses that are available in a determined
subnet
Determine the broadcast address for a determined subnet
Visual Objective
There are no visual objectives for this lab activity.
Required Resources
These are the resources and equipment that are required to complete this activity.
Pen
Paper
Command List
There are no commands that are used in this activity.
Job Aids
These job aids are available to help you complete the lab activity.
Pen
Paper
Activity Procedure
Given a network 192.168.0.0/21 and the required number of hosts, complete the table to
identify the subnet, subnet prefix, maximum number of hosts, and broadcast address for that
subnet.
300
200
150
100
50
40
20
Activity Verification
You have completed this task when you attain this result:
Given a network and maximum number of hosts, you can identify the subnet, subnet prefix,
maximum number of hosts, and broadcast address for that subnet.
16 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Lab 2-1: Configure Cisco Switches
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this lab activity, you will monitor switch bootup procedure and enable basic switch
configuration. You will configure port settings, MOTD, and enable SSH access to the switches.
In the second part of the lab activity, you will enable the port security feature and verify
operation of Spanning Tree Protocol.
Note Students from two different pods are working in a team. All Cisco ME340x switches are
running Cisco IOS Software. The first pod in the team will work on the switch SWx (where x
is 1, 3, 5, or 7), while the second pod in the same team will work on the SWy (where y is 2,
4, 6, or 8). Switch SWxy (where xy is 12, 34, 56, or 78) is shared between two pods in the
team, and students from both pods will access a shared switch. Students in the same team
should coordinate their lab activity.
After completing this activity, you will be able to meet these objectives:
Monitor bootup procedure of the switch
Enable basic configuration of the switch
Enable SSH access to the switch
Configure and verify Spanning Tree Protocol
Configure EtherChannel
Configure and verify port security
Fa0/23 Fa0/22
Configure EtherChannel
Fa0/21
Fa0/21
Configure and verify spanning tree protocol
Configure and verify port security
Fa0/23
SWxy Fa0/21
Fa0/22
Fa0/23
Gi0/0 Fa0/1
CEy Pod y SWy PEy
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-10
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
18 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this lab activity.
Cisco IOS Commands
Command Description
ip domain name name Defines a default domain name that the Cisco IOS
Software uses to complete unqualified hostnames
(names without a dotted-decimal domain name) in
global configuration mode
port-type {eni | nni | uni} Sets the port type in interface configuration mode
show interfaces
show port-security [interface Displays the ports on which port security has been
intf_id] address enabled. Also displays count information and
security actions to be taken per interface
speed {10 | 100 | 1000 Configures the speed for a Fast Ethernet or Gigabit
[negotiate] | auto [speed- Ethernet interface in interface configuration mode
list]}
ssh l username ip_address Starts an encrypted session with a remote
networking device in privileged EXEC or user EXEC
mode
20 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Task 1: Boot Cisco ME340x Switch and Perform Basic
Configuration
In this task, you will examine switch configuration, erase switch startup configuration, and
reload switch. While the switch is reloading, you will monitor bootup procedure. You will
configure switch initial configuration.
Activity Procedure
Complete these steps on the pod SW switch running Cisco IOS:
Step 1 Log in to the SW switch in your pod and examine the running configuration. Write
down the following parameters from the running configuration:
Parameter Value
Hostname
Enable password
Step 2 On your pod switch and shared switch, erase the startup configuration and reload the
switch. Do not save the configuration, if asked. Confirm the reload and observe the
bootup procedure. Do not enter initial configuration dialog when asked.
Step 3 On your pod switch and shared switch, configure the hostname, enable password,
and vty login password. Set console EXEC timeout to infinity and enable
synchronous logging. Save the configuration. For hostname and passwords, use the
information in the Job Aids section.
Step 4 On your pod switch and shared switch, define a MOTD banner, saying Access for
authorized users only. Please enter your username and password.
Step 5 On your pod switch and shared switch, set port duplex and speed settings on links
connecting to other switches to full and 100 Mb/s. Enable these ports. For port
identification, use information in the Job Aids section.
Step 6 On your pod switch, set port duplex and speed settings on links connecting to CE
and PE routers to full and 100 Mb/s. Enable these ports. For port identification,
use information in the Job Aids section.
Step 7 On the CE and PE pod routers, set duplex and speed settings on the link connecting
to the pod switch to full and 100 Mb/s. For port identification, use information in
the Job Aids section. The PE router running Cisco IOS XE Software will require
disabling duplex negotiation. Use the no negotiation auto interface command to
disable duplex negotiation and then configure the duplex full.
Step 8 On your pod switch, shut down interface Fast Ethernet 0/24, connecting to the
shared team switch. By doing this, you will have only one active connection
between your pod switch and shared team switch.
Step 9 On your pod switch and shared switch, change the port type of interfaces Gigabit
Ethernet 0/1 and Gigabit Ethernet 0/2 to UNI. By default, Gigabit Ethernet
interfaces are configured as NNI port types.
Step 10 On your pod switch, change the port type of interface Fast Ethernet 0/2 to NNI.
Step 11 On your pod switch, change the port type of interfaces Fast Ethernet 0/21, Fast
Ethernet 0/22, and Fast Ethernet 0/23 to NNI. On your team shared switch, change
the port type of interfaces Fast Ethernet 0/21 and Fast Ethernet 0/23 to NNI.
Activity Verification
You have completed this task when you attain these results:
On the pod switch, verify the running configuration. The running configuration should
include components configured in this task.
SW1#show running-config
Building configuration...
22 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
port-type nni
speed 100
duplex full
!
interface FastEthernet0/22
port-type nni
speed 100
duplex full
!
interface FastEthernet0/23
port-type nni
speed 100
SW1#
SW2#show running-config
Building configuration...
24 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0/1
speed 100
duplex full
!
interface FastEthernet0/2
port-type nni
speed 100
duplex full
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
SW2#
SW12#show running-config
Building configuration...
26 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 22
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
28 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
SW12#
Log out from your pod switch and access it again via the console. Verify that the banner
appears and the enable password is required.
SW1#exit
Access for authorized users only. Please enter your username and password.
SW1>enable
Password: cisco
SW1#
Verify duplex and speed settings on interfaces:
SW1#show interfaces FastEthernet 0/23
FastEthernet0/23 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.70b5.6419 (bia e8ba.70b5.6419)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
< text omitted >
On your pod switch, verify the switch status by examining the show version output.
SW1#show version
Cisco IOS Software, ME340x Software (ME340x-METROACCESSK9-M), Version
12.2(53)SE, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 13-Dec-09 17:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02600000
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
SW2#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 Network Node Interface (nni)
30 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 Network Node Interface (nni)
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)
SW12#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 User Network Interface (uni)
Fa0/3 1 User Network Interface (uni)
Fa0/4 1 User Network Interface (uni)
Fa0/5 1 User Network Interface (uni)
Fa0/6 1 User Network Interface (uni)
Fa0/7 1 User Network Interface (uni)
Fa0/8 1 User Network Interface (uni)
Fa0/9 1 User Network Interface (uni)
Fa0/10 1 User Network Interface (uni)
Fa0/11 1 User Network Interface (uni)
Fa0/12 1 User Network Interface (uni)
Fa0/13 1 User Network Interface (uni)
Fa0/14 1 User Network Interface (uni)
Fa0/15 1 User Network Interface (uni)
Fa0/16 1 User Network Interface (uni)
Fa0/17 1 User Network Interface (uni)
Fa0/18 1 User Network Interface (uni)
Fa0/19 1 User Network Interface (uni)
Fa0/20 1 User Network Interface (uni)
Fa0/21 1 Network Node Interface (nni)
Fa0/22 1 User Network Interface (uni)
Fa0/23 1 Network Node Interface (nni)
Fa0/24 1 User Network Interface (uni)
Gi0/1 1 User Network Interface (uni)
Gi0/2 1 User Network Interface (uni)
Activity Procedure
Complete these steps:
Step 1 On your pod switch SWx (where x is your pod number 1, 3, 5, or 7), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.1/24 (where z is
your team number). On your pod switch SWy (where y is your pod number 2, 4, 6,
or 8), configure the management IP address on logical interface Vlan 1 to
Activity Verification
You have completed this task when you attain these results:
You can access your team shared switch via the console and access both pod switches in
the team using SSH:
SW12#ssh -l cisco 10.111.111.1
Password: cisco
Access for authorized users only. Please enter your username and password.
SW1>exit
Password: cisco
Access for authorized users only. Please enter your username and password.
SW2>exit
Activity Procedure
Complete these steps:
Step 1 On your pod switch, verify which ports are in blocking state and what are interface
spanning tree costs. Because there are two physical loops in the topology, two ports
should be blocked to break these two loops.
SW1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
32 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
--
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/21 Altn BLK 19 128.23 P2p
Fa0/22 Altn BLK 19 128.24 P2p
Fa0/23 Root FWD 19 128.25 P2p
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Note By default, interfaces configured as NNI port type participate in spanning tree operation.
Step 2 On your pod switch, verify which port connects to the root bridge.
SW1#show spanning-tree root
Activity Verification
You have completed this task when you attain these results:
On your pod switch, verify which ports are in blocking state and what are interface
spanning tree costs.
On your pod switch, verify which port connects to the root bridge.
Activity Procedure
Complete these steps:
Step 1 On your pod switch, manually bundle interfaces Fast Ethernet 0/21 and Fast
Ethernet 0/22 (no negotiation protocol used) to logical interface port-channel 1.
Note If interfaces are put in err-disabled state, administratively disable and then enable interfaces.
Activity Verification
You have completed this task when you attain these results:
On your pod switch, verify that interface port-channel 1 is up and running:
SW1#show interfaces Port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70b5.6417 (bia e8ba.70b5.6417)
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >
34 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
d - default port
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Activity Procedure
Complete these steps:
Step 1 On your pod switch, enable the port security feature for interface Fast Ethernet 0/1
connecting to your pod CE router.
Step 2 Convert the learned MAC address to a sticky secure MAC address.
Step 3 Define shutdown as the action that the interface will take if a nonallowed MAC
address attempts to access interface Fast Ethernet 0/1.
Step 4 On your pod switch and shared switch, save the configuration.
Activity Verification
You have completed this task when you attain these results:
Verify the ports on which port security has been enabled and display violation count
information and security actions to be taken for interface Fast Ethernet 0/1:
SW1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
---------------------------------------------------------------------
------
Fa0/1 1 1 0
Shutdown
---------------------------------------------------------------------
------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120
36 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Security Violation Count : 0
Compare the MAC address of the CE router interface Gigabit Ethernet 0/0 with the port
security sticky MAC address. They should be the same:
SW1#show port-security address
Secure Mac Address Table
---------------------------------------------------------------------
---
Vlan Mac Address Type Ports Remaining
Age
(mins)
---- ----------- ---- ----- ----------
---
1 e8b7.482c.a180 SecureSticky Fa0/1 -
---------------------------------------------------------------------
---
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120
Activity Objective
In this activity, you will monitor the router bootup procedure, enable basic router configuration,
and configure a basic EIGRP. After completing this activity, you will be able to meet these
objectives:
Examine running configuration of the router
Monitor the bootup procedure of the router
Enable a basic configuration on the router
Configure and verify basic EIGRP operations
Note Students from two different pods are working in a team. The CE routers in both pods are
running Cisco IOS Software. The first pod within a team will work on the PE router running
Cisco IOS XR Software, and the second pod within the same team will work on the PE
router running Cisco IOS XE Software.
Students in the same team should coordinate their lab activity.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x EIGRP AS x PEx
CEy PEy
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-11
38 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
Command List
The table describes the commands that are used in this lab activity.
Cisco IOS/IOS XE Commands
Command Description
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
show ip eigrp topology Displays lists of information related to the EIGRP topology
for a specific router
show ip interface brief Displays the interface status and IPv4 addresses
configured
Command Description
address-family ipv4 Enters address family configuration mode for EIGRP (in
unicast EIGRP configuration mode)
domain vrf default name Sets the domain name on the router
domain_name
exec-timeout minutes Sets line EXEC timeout
seconds
hostname hostname Configures the router hostname
interface interface Defines the interfaces on which the EIGRP protocol runs
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
show eigrp topology Displays lists of information related to the EIGRP topology
for a specific router
show ipv4 interface brief Displays interface status and IPv4 addresses configured
40 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Command Description
show version Displays the router hardware and software version, uptime,
and license activated
Activity Procedure
Complete these steps:
Step 1 Log in to the CE router in your pod and examine the running configuration. Write
down the following parameters from the running configuration:
CE Router Parameters
Parameter Value
Hostname
Enable password
Step 2 On the CE router in your pod, erase the startup configuration and reload the router.
Do not save the configuration when asked. Observe the bootup procedure. Do not
enter the initial configuration dialog when asked.
Step 3 On the CE router in your pod, configure the hostname, enable the password cisco,
and the vty login password cisco. To set the hostname, use Job Aids. Set the
console EXEC timeout to infinity and enable synchronous logging. Save the
configuration.
Step 4 On the CE router in your pod, enable and assign the IP address to Loopback 0 and
the first Gigabit Ethernet interfaces. To assign the IP addresses, use Job Aids.
Step 5 Log in to the PE router running Cisco IOS XR Software in your pod and examine
the running configuration. Write down the following parameters from the running
configuration:
Cisco IOS XR PE Router Parameters
Parameter Value
Hostname
Note In the Cisco IOS XR Software, Cisco Discovery Protocol must be enabled globally and on
the interface with the cdp global and interface command.
Step 8 Log in to the PE router running Cisco IOS XE Software in your pod and examine
the running configuration. Write down the following parameters from the running
configuration:
Cisco IOS XE PE Router Parameters
Parameter Value
Hostname
Enable password
Step 9 On the PE router (Cisco IOS XE Software) in your pod, erase the startup
configuration and reload the router. Do not save the configuration when asked.
Observe the bootup procedure. Do not enter the initial configuration dialog when
asked and terminate autoinstall.
Step 10 On the PE router (Cisco IOS XE Software) in your pod, configure the hostname,
enable password cisco and the vty password cisco. Set the console EXEC
timeout to infinity and synchronous login. Enable the interface and assign the IP
address to the management interface, Loopback 0, and first Gigabit Ethernet
interfaces. Enable Cisco Discovery Protocol. To configure the hostname and
interface IP addresses, use Job Aids. Set the duplex and speed settings on the first
Gigabit Ethernet interface to full and 100. The PE router running Cisco IOS XE
Software will require disabling duplex negotiation. Use the no negotiation auto
interface command to disable duplex negotiation and then configure duplex full.
Step 11 On the PE router (Cisco IOS XE Software) in your pod, use the license boot
module asr1001 group all level adventerprise command to configure the
adventerprise license.
42 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
On the CE and PE routers in your pod, verify the running configuration. The running
configuration should include components configured in this task.
On the CE and PE routers in your pod, verify the interface status. Loopback 0 and the first
Gigabit Ethernet interfaces should be up with the IP address assigned.
CE1#show ip interface brief | include up
GigabitEthernet0/0 192.168.101.11 YES manual up up
Loopback0 10.1.10.1 YES manual up up
Platform Revisions/Versions :
===========================
FPGA : 5.02 [Val = 0x502]
Board Rev : 2 [Val = 0x203; Type = 3]
Env Rev : 4.5 [Val = 0x405, Bit 15 = 0]
PSEQ Rev : 3.05 [Val = 0x305]
I/O Ctl Nm : GA 1.1 [Val = 0x47410101]
I/O Ctl Ver: 2 [Val = 0x20316447]
CPU information :
---------------
Company ID = 0xD
Processor ID = 0x7
Revision = 0x8
Company OPTs = 0x0
USB Con BL : 1.01 (Boot Loader)
USB Con FW : 2.02 (Application Firmware)
USB Con FWU: 2.02 (Application Firmware Upgrade)
IOS :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:41 by prod_rel_team
RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON
Verify IPv4 connectivity between CE and PE routers in your pod. Ping should be
successful.
CE1#ping 192.168.101.10
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Sat Apr 22 03:58:51.887 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On the PE router running Cisco IOS XE Software in your pod, verify that the license is
activated.
PE2#show version | include adventerprise
asr1001 adventerprise 1 YES adventerprise
Activity Procedure
Complete these steps:
Step 1 On the CE and PE routers in your pod, enable the EIGRP process. The autonomous
system number should be the same as the pod number. Enable EIGRP on the
Loopback0 and first Gigabit Ethernet interfaces.
Activity Verification
You have completed this task when you attain these results:
On the CE and PE routers in your pod, verify that EIGRP is running on Loopback0 and the
first Gigabit Ethernet interfaces.
CE1#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 1 0/0 5 0/1 50 0
Lo0 0 0/0 0 0/1 0 0
44 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0/0/0 1 0/0 4 0/10 50 0
Lo0 0 0/0 0 640/640 0 0
On the CE and PE routers in your pod, verify the EIGRP topology table. You should see
the Loopback0 interface network from the neighboring router.
CE1#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.10.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
46 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Lab 4-1: Implement Internet Connectivity
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will connect and configure a customer site to the Internet. After completing
this activity, you will be able to meet these objectives:
Configure DHCP IPv4
Configure DHCP IPv6
Configure static routing for the Internet access
Configure NAT
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x PEx
NAT Gi0/0
Internet
Gi0/1
Corporate
Network
IPv4 and
Static route to Internet
IPv6 DHCP
Corporate
Network
Gi0/1 Internet
NAT Gi0/0
CEy Pod y PEy
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-12
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client that is installed on the PC
Command Description
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ip dhcp excluded-address Specifies the IP addresses that the DHCP server should
low-address [high-address] not assign to DHCP clients
ip dhcp pool name Creates a name for the DHCP server address pool and
places you in DHCP pool configuration mode
ipv6 address ipv6- Specifies an IPv6 address that is assigned to the interface
prefix/prefix-length
ipv6 dhcp pool poolname Enables configured DHCP on interface
ipv6 dhcp server pool_name Associates the IPv6 DHCP pool with the interface
network network- Specifies the subnet network number and mask of the
number[mask|/prefix- DHCP address pool
length]
no shutdown Enables the router interface
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
show ip dhcp Displays a list of all bindings that are created on a specific
binding [address] DHCP server
show ip interface brief Displays the interface status and IPv4 addresses
configured
48 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Task 1: Configure DHCP on CE Router
In this task, you will configure the IPv4 DHCP server on the CE router for site clients. You will
also configure the IPv6 DHCP for clients who will be assigned a DHCPv6 address. Use the
following table when configuring DHCP on the CE router.
DHCP Parameters
Parameter Value
Activity Procedure
Complete these steps:
Step 1 On the CE router in your pod, assign an IPv4 address to the Gigabit Ethernet 0/1
interface according to the following table, and enable the interface. Enable interface
Fast Ethernet 0/1 and Fast Ethernet 0/2 on the shared switch.
CE Router Gigabit Ethernet 0/1 IP Addresses
Parameter Value
Step 2 On the CE router in your pod, exclude the range of IPv4 addresses that will be
omitted in the DHCP pool, create a DHCP pool named CE_pool and enter the
range of IP addresses that will be provided to network hosts, set the IP default
gateway, name server, and domain name using information that is gathered from the
DHCP Parameters table.
Step 3 On the CE router in your pod, enable IPv6 routing.
Step 4 On the CE router in your pod, create an IPv6 DHCP pool called CE_IPv6, set the
domain name and DNS server address that is found in the DHCP Parameters table.
Step 5 On the CE router in your pod, enable IPv6 and DHCP IPv6 on interface Gigabit
Ethernet 0/1. Additionally, assign an IPv6 address on that interface, as shown in the
table, CE Router Gigabit Ethernet 0/1 IP Addresses.
Activity Verification
You have completed this task when you attain these results:
On the CE router in your pod, verify interface status. Loopback0 and first and second
Gigabit Ethernet interfaces should be up with an IP address assigned:
CE1#show ip interface brief
Interface IP-Address OK? Method
Status Protocol
Pool CE_pool :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range
Leased addresses
192.168.255.1 192.168.255.1 - 192.168.255.254
0
Verify DHCP configuration:
CE1#show running-config | section ipv6 dhcp
ipv6 dhcp pool CE_IPv6
dns-server 2001:DB8:0:ABCD::3
domain-name ciscolab.com
ipv6 dhcp server CE_IPv6
CE1#show running-config | section interface
GigabitEthernet0/1
interface GigabitEthernet0/1
ip address 192.168.255.1 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:DB8:0:ABCD::1/48
ipv6 enable
ipv6 dhcp server CE_IPv6
Activity Procedure
Complete these steps:
Step 1 On the CE router in your pod, Gigabit Ethernet 0/0 interface is used to access a
simulated Internet network. Configure the default static route to the Internet.
50 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain this result:
Verify routing table for the static default route:
CE1#show ip route static
< text omitted >
Activity Procedure
Complete these steps:
Step 1 Create a standard access list permitting network hosts from the 192.168.255.0/24
network.
Step 2 On the CE router in your pod, configure PAT so that network hosts from the
192.168.1.0/24 network will translate to the IP address of interface Gigabit Ethernet
0/0.
Step 3 Configure Gigabit Ethernet 0/1 as the inside interface and Gigabit Ethernet 0/0 as
the outside NAT interface.
Step 4 From the CE router in your pod, ping the PE router Gigabit Ethernet 0/0/0/0
interface using the source IP address of Gigabit Ethernet 0/1 interface. The ping
should be successful.
CE1#ping 192.168.101.10 source GigabitEthernet0/1
52 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Lab 4-2: Configure Data Link Layer Encapsulation
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure a POS interface on the PE router. You will also implement
and troubleshoot PPP on the POS interface. After completing this activity, you will be able to
meet these objectives:
Configure a POS interface
Configure PPP on the POS interface
Troubleshoot PPP configuration
Visual Objective
The figure illustrates what you will accomplish in this activity.
Legend: Gi
Gi
Fa
OC3 POS
OC3 POS
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-13
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client that is installed on the PC
Command Description
show ip interface brief Displays interface status and IPv4 addresses configured
54 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Task 1: Configure a POS Interface on the PE Router
In this task, you will configure a POS interface on pod PE (Cisco IOS XE Software) router. The
PE (IOS XE) routers from two teams are connected with the POS interface.
Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XE Software), use the show controllers
command to verify what framing type POS interfaces are using. The default framing
type should be SONET:
PE2#show controllers pos 0/2/0 | include Framing
Framing: SONET
PE2#show controllers pos 0/2/1 | include Framing
Framing: SONET
Step 2 On your pod PE router (Cisco IOS XE Software), enable the POS interfaces and set
the IP address. The IP addresses can be found in the Job Aids.
Step 3 On your pod PE router (Cisco IOS XE Software), POS interfaces set a keepalive
interval to 5 seconds.
Step 4 On your pod PE router (Cisco IOS XE Software), POS interfaces set the clock
source for both interfaces. The teams 1 and 3 (PE2 and PE6 routers) will set clock
source to internal, teams 2 and 4 (PE4 and PE8) will set clock source to line.
Step 5 On your pod PE router (Cisco IOS XE Software), POS interfaces set CRC to 32 bits.
Note Regarding the FCS length, with one exception, the 32-bit FCS must be used for all
SONET/SDH rates. For Synchronous Transport Signal (STS)-3c- Systems Process
Engineering (SPE)/VC-4 only, the 16-bit FCS may be used, although the 32-bit FCS is
recommended. The FCS length is set by provisioning and is not negotiated.
Activity Verification
You have completed this task when you attain these results:
On the PE router (Cisco IOS XE Software) in your pod, verify the interface status. The
status of both POS interfaces should be up and running with configured IP addresses.
PE2#show ip interface brief | include POS
POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
When you check controller status, the framing should be set to SONET, and clock source
should be set to internal or line:
PE2#show controllers pos 0/2/0 | include Framing|Clock
source
Framing: SONET
Clock source: internal
PE2#show controllers pos 0/2/1 | include Framing|Clock
source
Framing: SONET
Clock source: internal
2012 Cisco Systems, Inc. Lab Guide 55
PE4#show controllers pos 0/2/0 | include Framing|Clock
source
Framing: SONET
Clock source: line
PE4#show controllers pos 0/2/1 | include Framing|Clock
source
Framing: SONET
Clock source: line
Verify POS interface encapsulation (HDLC), CRC (32 bits) and keepalive interval (5
seconds):
PE2#show int pos 0/2/0 | include line
protocol|Encapsulation|Keepalive
POS0/2/0 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Keepalive set (5 sec)
PE2#show int pos 0/2/1 | include line
protocol|Encapsulation|Keepalive
POS0/2/1 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Keepalive set (5 sec)
Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XE Software), POS interfaces set encapsulation
to PPP.
Note If interfaces do not show up, wait while your partner team finishes configuration and then
check again.
Step 2 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 3 On your pod PE router (Cisco IOS XE Software), administratively disable the POS
0/2/0 interface and then enable it again.
Step 4 Observe debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:32:37.848: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:32:37.848: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:32:37.848: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:32:37.849: PPP: Alloc Context [7F5336CD3628]
*Sep 21 23:32:37.849: ppp3 PPP: Phase is ESTABLISHING
*Sep 21 23:32:37.849: PO0/2/0 PPP: Using default call direction
56 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
*Sep 21 23:32:37.849: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:32:37.849: PO0/2/0 PPP: Session handle[43000003] Session id[3]
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.849: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 14
*Sep 21 23:32:37.849: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.849: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:32:37.853: PO0/2/0 LCP: I CONFREQ [REQsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xB982CB71 (0x0506B982CB71)
*Sep 21 23:32:37.853: PO0/2/0 LCP: O CONFACK [REQsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xB982CB71 (0x0506B982CB71)
*Sep 21 23:32:37.853: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:32:37.853: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep
21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.853: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:32:37.864: PO0/2/0 PPP: Queue IPCP code[1] id[1]
*Sep 21 23:32:37.880: PO0/2/0 PPP: No authorization without authentication
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:32:37.880: PO0/2/0 LCP: State is Open
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is ESTABLISHING, Finish LCP
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is UP
*Sep 21 23:32:37.880: PO0/2/0 IPCP: Protocol configured, start CP.
state[Initial]
*Sep 21 23:32:37.880: PO0/2/0 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.881: PO0/2/0 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:32:37.881: PO0/2/0 PPP: Process pending ncp packets
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Redirect packet to PO0/2/0
*Sep 21 23:32:37.881: PO0/2/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]7.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS0/2/0,
changed state to up
*Sep 21 23:32:37.882: PO0/2/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Sep 21 23:32:37.882: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:32:37.882: PO0/2/0 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:32:37.912: PO0/2/0 IPCP: State is Open
*Sep 21 23:32:37.912: PO0/2/0 Added to neighbor route AVL tree: topoid 0,
address 192.168.211.40
*Sep 21 23:32:37.912: PO0/2/0 IPCP: Install route to 192.168.211.40
*Sep 21 23:32:37.850: %LINK-3-UPDOWN: SIP0/2: Interface POS0/2/0, changed
state to up
Step 5 On your pod PE router (Cisco IOS XE Software), turn off debugging.
Note During this process, your POS interfaces will fall into the down state because one of the
sides is not temporarily configured for CHAP authentication. Wait while your partner team
finishes configuration and then proceed.
Step 7 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 8 On your pod PE router (Cisco IOS XE Software), administratively disable the POS
0/2/0 interface and then enable it again.
Step 9 Observe the debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:44:26.755: PO0/2/0 PPP: Fast Starting
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing FastStart message
*Sep 21 23:44:26.755: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:44:26.755: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:44:26.756: PPP: Alloc Context [7F5336CD2DB8]
*Sep 21 23:44:26.756: ppp22 PPP: Phase is ESTABLISHING
*Sep 21 23:44:26.756: PO0/2/0 PPP: Using default call direction
*Sep 21 23:44:26.756: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:44:26.756: PO0/2/0 PPP: Session handle[98000018] Session id[22]
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFREQ [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFACK [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.776: PO0/2/0 PPP: Phase is AUTHENTICATING, by both
*Sep 21 23:44:26.776: PO0/2/0 CHAP: O CHALLENGE id 1 len 24 from "PE2"
*Sep 21 23:44:26.776: PO0/2/0 LCP: State is Open
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I CHALLENGE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP SENDAUTH Request
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I RESPONSE id 1 len 24 from "PE4"
58 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP LOGIN Request
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received SENDAUTH Response PASS
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using hostname from configured hostname
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using password from AAA
*Sep 21 23:44:26.787: PO0/2/0 CHAP: O RESPONSE id 1 len 24 from "PE2"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received LOGIN Response PASS
*Sep 21 23:44:26.787: PO0/2/0 IPCP: Authorizing CP
*Sep 21 23:44:26.787: PO0/2/0 IPCP: CP stalled on event[Authorize CP]
*Sep 21 23:44:26.787: PO0/2/0 IPCP: CP unstall
*Sep 21 23:44:26.788: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:44:26.788: PO0/2/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 21 23:44:26.788: PO0/2/0 CHAP: O SUCCESS id 1 len 4
*Sep 21 23:44:26.795: PO0/2/0 CHAP: I SUCCESS id 1 len 4
*Sep 21 23:44:26.795: PO0/2/0 PPP: Phase is UP
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Protocol configured, start CP.
state[Initial]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Start. Her address 192.168.211.40,
we want 0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Reject 192.168.211.40, using
0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Done. Her address 192.168.211.40,
we want 0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Address 192.168.211.40 (0x0306C0A8D328)
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.796: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS0/2/0, changed state to up
*Sep 21 23:44:26.796: PO0/2/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Sep 21 23:44:26.796: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:44:26.796: PO0/2/0 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.808: PO0/2/0 IPCP: State is Open
*Sep 21 23:44:26.808: PO0/2/0 Added to neighbor route AVL tree: topoid 0,
address 192.168.211.40
*Sep 21 23:44:26.808: PO0/2/0 IPCP: Install route to 192.168.211.40
*Sep 21 23:44:27.440: %LINK-3-UPDOWN: SIP0/2: Interface POS0/2/0, changed
state to up
Step 10 On your pod PE (Cisco IOS XE Software) router, turn off debugging.
Activity Verification
You have completed this task when you attain these results:
On your pod PE router (Cisco IOS XE Software), verify the POS interfaces status.
PE2#show ip interface brief | include POS
PE4#ping 192.168.211.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.211.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PE4#ping 192.168.212.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.212.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
60 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Lab 5-1: Configure Network Management Tools
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this lab activity, you will discover neighboring devices using Cisco Discovery Protocol and
configure host logging. In the second part of the lab activity, you will use NTP to acquire the
correct time on devices using NTP, and configure IP SLA.
After completing this activity, you will be able to meet these objectives:
Configure and verify Cisco Discovery Protocol
Configure logging
Configure and verify NTP
Configure and verify IP SLA
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x SWx PEx
CDP
NTP client CDP NTP server
Configure IP SLA
Configure host logging
CDP
SWxy
CDP
NTP client CDP NTP server
CEy Pod y SWy PEy
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
Command Description
Command Description
62 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Command Description
show ipsla statistics Displays operational data and latest statistics for the
operation_number IP SLA operation
Activity Procedure
Complete these steps on the pod switch:
Step 1 On the pod switch and shared team switch, enable Cisco Discovery Protocol
globally.
Note Remember that on Cisco ME switches, Cisco Discovery Protocol is enabled by default only
on NNI ports. Ports Fast Ethernet 0/2, Fast Ethernet 0/21, Fast Ethernet 0/22, Fast Ethernet
0/23 on your pod switch should be configured as NNI ports.
Step 2 On the pod PE router, enable Cisco Discovery Protocol globally and on the first
Gigabit Ethernet interface.
Version :
Cisco IOS XR Software, Version 4.1.0[Default]
Copyright (c) 2011 by Cisco Systems, Inc.
advertisement version: 2
Duplex: full
Management address(es):
Activity Procedure
Complete these steps:
Step 1 On the pod PE router, configure logging. Messages with all severities should be
logged, including debugging severity.
Step 2 On the pod PE router, configure logging to the logging buffer. Messages with all
severities but debugging should be logged.
Activity Verification
You have completed this task when you attain these results:
On the pod PE router, clear the content of the logging buffer.
RP/0/RSP0/CPU0:PE1#clear logging
Fri Jul 7 14:52:59.185 UTC
Clear logging buffer [confirm] [y/n] :y
RP/0/RSP0/CPU0:PE1#
PE2#clear logging
Clear logging buffer [confirm] < Enter >
PE2#
On the pod PE router, enable the second Gigabit Ethernet interface.
64 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
RP/0/RSP0/CPU0:PE1(config)#interface GigabitEthernet 0/0/0/1
RP/0/RSP0/CPU0:PE1(config-if)#no shutdown
RP/0/RSP0/CPU0:PE1(config-if)#commit
On the pod PE router, verify that you received the same messages to the logging buffer:
RP/0/RSP0/CPU0:PE1#show logging
Fri Jul 7 15:05:47.791 UTC
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 91 messages logged
Monitor logging: level debugging, 0 messages logged
Trap logging: level informational, 0 messages logged
Buffer logging: level informational, 11 messages logged
PE2#show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
Activity Procedure
Complete these steps:
Step 1 Make the pod PE router as the authoritative stratum 1 NTP server and disable all
NTP services on the second Gigabit Ethernet interface.
Step 2 Enable the pod CE router to synchronize the clock to the NTP server.
66 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
Verify that the pod CE router clock is synchronized with the clock of the pod PE router.
CE1#show ntp associations
Activity Procedure
Complete these steps:
Step 1 On your pod PE router (Cisco IOS XR Software), use the IP SLA ICMP echo
operation number 432 to monitor IP connections to your pod CE router. IP SLA
ICMP echo probes should be sent every 30 seconds, starting now.
Note Wait for a few minutes and verify operational data and the latest statistics for the IP SLA
operation 432.
Activity Verification
You have completed this task when you attain these results:
Verify connectivity from the pod PE router (Cisco IOS XR Software) to the pod CE router.
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On the pod PE router (Cisco IOS XR Software), verify operational data and the latest
statistics for the IP SLA operation 432:
RP/0/RSP0/CPU0:PE1#show ipsla statistics 432
Entry number: 432
Modification time: 17:17:13.246 UTC Fri Jul 07 2000
Start time : 17:17:13.250 UTC Fri Jul 07 2000
Number of operations attempted: 3
Number of operations skipped : 0
Current seconds left in Life : Forever
Operational state of entry : Active
Note Use the Cisco IOS XR no ipsla schedule operation 432 and commit commands to clear
IP SLA operation 432.
68 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Lab 5-2: Configure AAA
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this lab activity, you will configure AAA authentication to authenticate the Telnet sessions to
the router using the local username database.
After completing this activity, you will be able to meet this objective:
Configure and verify AAA authentication to authenticate the Telnet sessions to the router
using the local database
Visual Objective
The figure illustrates what you will accomplish in this activity.
Team z
CEx Pod x PEx
AAA
Telnet
Pod y
AAA
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-15
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
Command Description
Command Description
telnet {ipv4 | ipv6} server Enables Telnet services on a networking device and
max-servers limit sets number of allowable Telnet sessions
transport input { all | none | Defines the transport protocols that can be used to
ssh | telnet } access the router in the appropriate line
configuration mode
70 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Command Description
Activity Procedure
Complete these steps on the pod PE router running Cisco IOS XR Software:
Step 1 On your pod PE router (Cisco IOS XR Software), enable Telnet services and set the
number of allowable Telnet sessions to 10.
Step 2 On your pod PE router (Cisco IOS XR Software), create a username user with
password user in local database and put the user in the sysadmin group.
Step 3 On your pod PE router (Cisco IOS XR Software), configure an authentication
method list. Name the method list vty-authen, which should use the local
username database method for vty (Telnet) authentication.
Step 4 On your pod PE router (Cisco IOS XR Software), configure a line user-defined
template, named Template, which allows only inbound Telnet connections for vty
lines 5 to 50.
Step 5 On your pod PE router (Cisco IOS XR Software), apply the authentication method
vty-authen to line template Template.
Complete these steps on the pod PE router running Cisco IOS XE software:
Step 6 On the pod PE router (Cisco IOS XE Software), enable the AAA access control
model.
Step 7 On the pod PE router (Cisco IOS XE Software), create a username user with the
password user in the local database.
Step 8 On the pod PE router (Cisco IOS XE Software), configure the authentication method
list. Name the method list vty-authen, which should use the local username database
method for vty (Telnet) authentication.
Step 9 On the pod PE router (Cisco IOS XE Software), apply the authentication method
vty-authen to vty lines from 0 to 4.
Activity Verification
You have completed this task when you attain these results:
From the pod CE router, use Telnet to connect to your pod PE router. Log in using the
username that you created in the local database of the pod PE router:
CE1# telnet 192.168.101.10
Trying 192.168.101.10 ... Open
RP/0/RSP0/CPU0:PE1#
CE2#telnet 192.168.102.20
Trying 192.168.102.20 ... Open
Username: user
Password: <user>
PE2>
On the pod PE router, verify that a user with the username user is logged in:
PE1 (Cisco IOS XR)
RP/0/RSP0/CPU0:PE1#show users
Fri Jul 7 18:05:17.648 UTC
Line User Service Conns Idle Location
aux0/RSP0/CPU0 hardware 0 1d08h
* con0/RSP0/CPU0 root hardware 0 00:00:00
vty0 user telnet 0 00:01:57
192.168.101.11
PE2 (Cisco IOS XE)
PE2#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user idle 00:01:07 192.168.102.21
72 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Answer Key
The correct answers and expected solutions for the lab activities that are described in this guide
appear here.
50 192.168.4.128/26 62 192.168.4.191
40 192.168.4.192/26 62 192.168.4.255
20 192.168.5.0/27 30 192.168.5.31
Parameter Value
Hostname SW1
Step 7 Configuring duplex and speed settings on pod router links connecting to your pod
switch.
CE1(config)#interface GigabitEthernet0/0
CE1(config-if)#duplex full
CE1(config-if)#speed 100
CE2(config)#interface GigabitEthernet0/0
CE2(config-if)#duplex full
CE2(config-if)#speed 100
PE2(config)#interface GigabitEthernet0/0/0
PE2(config-if)#no negotiation auto
74 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
PE2(config-if)#duplex full
PE2(config-if)#speed 100
Step 8 Shut down interface Fast Ethernet 0/24 on SW1 and SW2 switches connecting to
shared SW12 switch.
SW1(config)#interface FastEthernet 0/24
SW1(config-if)#shutdown
Step 9 Change the port type of interfaces Gigabit Ethernet 0/1 and Gigabit Ethernet 0/2 to
UNI.
SW1(config)#interface range GigabitEthernet 0/1 - 2
SW1(config-if)#port-type uni
Step 10 Change the port type of interface Fast Ethernet 0/2 to NNI on SW1 and SW2
switches.
SW1(config)#interface FastEthernet 0/2
SW1(config-if)#port-type nni
SW2(config)#interface vlan 1
SW2(config-if)#ip address 10.111.111.2 255.255.255.0
SW2(config-if)#no shutdown
SW12(config)#interface vlan 1
SW12(config-if)#ip address 10.111.111.3 255.255.255.0
SW12(config-if)#no shutdown
Step 3 Generate RSA key pair on the pod switch, which automatically enables SSH:
*Mar 1 01:27:03.250: RSA key size needs to be atleast 768 bits for ssh
version 2
*Mar 1 01:27:03.258: %SSH-5-ENABLED: SSH 1.5 has been enabled
Step 5 On the vty lines, select the local password checking from local database:
SW1(config)#line vty 0 15
SW1(config-line)#login local
Step 2 On SW1 switch convert learned MAC address to sticky secure MAC address:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security mac-address sticky
Step 3 On SW1 switch define shutdown as action which interface will take if a
nonallowed MAC address attempts access interface FastEthernet 0/1:
SW1(config)#interface FastEthernet 0/1
SW1(config-if)#switchport port-security violation shutdown
Step 4 On SW1, SW2 and SW12 switches save configuration.
SW1# copy running-config startup-config
Destination filename [startup-config]? <Enter>
Building configuration...
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW1#
76 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Building configuration...
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW2#
Hostname CE1
CE1#reload
Step 5 Values gathered from the running configuration on PE1 router running Cisco IOS
XR Software.
Cisco IOS XR PE1 Router Parameters
Parameter Value
Hostname PE1
Step 6 Clearing PE1 (Cisco IOS XR) router configuration and reload.
RP/0/RSP0/CPU0:PE1#configure terminal
RP/0/RSP0/CPU0:PE1(config)#commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: yes
RP/0/RSP0/CPU0:ios(config)#end
RP/0/RSP0/CPU0:ios#reload
Standby card not present or not Ready for failover. Proceed?[confirm] <Enter>
Preparing system for backup. This may take a few minutes especially for large
configurations.
Status report: node0_RSP0_CPU0: START TO BACKUP
Status report: node0_RSP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
Proceed with reload? [confirm] <Enter>
Step 8 Values gathered from the running configuration on PE2 router running Cisco IOS
XE Software.
78 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Cisco IOS XE PE2 Router Parameters
Parameter Value
Hostname PE2
Step 9 Clearing PE2 (Cisco IOS XE) router configuration and reload.
PE2#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm] <Enter>
[OK]
Erase of nvram: complete
PE2#reload
80 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
ipv6 dhcp pool CE_IPv6
dns-server 2001:db8:0:abcd::3
domain-name ciscolab.com
Step 5 Enabling IPv6 on interface:
CE1 and CE2 routers:
interface GigabitEthernet 0/1
ipv6 enable
ipv6 dhcp server CE_IPv6
82 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Step 2 Enable debugging:
PE2 and PE4 routers:
debug ppp negotiation
debug ppp authentication
Step 3 Disabling and enabling POS interface:
PE2 and PE4 routers:
interface pos 0/2/0
shutdown
no shutdown
Step 4 Observe debugging.
Step 5 Turn off debugging:
PE2 and PE4 routers:
undebug all
Step 6 Enable two-way CHAP authentication:
PE2 router:
username PE4 password cisco
interface pos 0/2/0
ppp authentication chap
interface pos 0/2/1
ppp authentication chap
PE4 router:
username PE2 password cisco
interface pos 0/2/0
ppp authentication chap
interface pos 0/2/1
ppp authentication chap
Step 7 Enable debugging:
PE2 and PE4 routers:
debug ppp negotiation
debug ppp authentication
Step 8 Disabling and enabling POS interface:
PE2 and PE4 routers:
interface pos 0/2/0
shutdown
no shutdown
Step 9 Observe debugging.
Step 10 Turn off debugging:
PE2 and PE4 routers:
undebug all
84 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
ntp master 1
Step 2 NTP server configuration:
CE1 (Cisco IOS):
ntp server 192.168.101.10
CE2 (Cisco IOS):
ntp server 192.168.102.20
86 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Appendix A: Lab Topology
Legend:
Gi
Fa
OC3 POS
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-4
Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1
Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-5
84 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1.0/24
192.168.2.0/24
192.168.1xy.0/24
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-6
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23
CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8
Team 3 Team 4
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-7
86 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.