SPNGN110LG

SPNGN1
Building Cisco Service Provider Next-

Generation Networks, Part 1
Version 1.0
Lab Guide
Text Part Number: 97-3129-01

Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES
IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER
PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL
IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A
PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product
may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
2 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.0 2012 Cisco Systems, Inc.
Table of Contents
Lab Guide........................................................................................................................... 1
Overview ............................................................................................................................. 1
Outline ........................................................................................................................... 1
Job Aids .............................................................................................................................. 2
Pod Access Information ................................................................................................. 2
Device Information......................................................................................................... 2
IP Addressing ................................................................................................................ 3
Lab 1-1: Verify Host IP Configuration .................................................................................. 6
Activity Objective ........................................................................................................... 6
Visual Objective ............................................................................................................. 6
Required Resources ...................................................................................................... 6
Command List ............................................................................................................... 7
Task 1: Verify IP Configuration of a Windows Host ........................................................ 7
Task 2: Verify Connectivity ............................................................................................ 9
Task 3: Perform Forward and Reverse DNS Lookups ................................................. 10
Lab 1-2: Configure Subnetting ........................................................................................... 11
Activity Objective ......................................................................................................... 11
Visual Objective ........................................................................................................... 11
Required Resources .................................................................................................... 11
Command List ............................................................................................................. 11
Job Aids ...................................................................................................................... 11
Task 1: Divide Address Space into Correctly Sized Subnets ....................................... 11
Lab 2-1: Configure Cisco Switches .................................................................................... 13
Command List ............................................................................................................. 15
Task 1: Boot Cisco ME340x Switch and Perform Basic Configuration ......................... 17
Task 2: Enable SSH Access to the Switch ................................................................... 27
Task 3: Verify STP Operation ...................................................................................... 28
Task 4: Configuring EtherChannel ............................................................................... 30
Task 5: Configuring Port Security ................................................................................ 32
Lab 3-1: Configure Basic Router Configuration ................................................................. 34
Command List ............................................................................................................. 35
Task 1: Boot Cisco Router and Perform Basic Configuration ....................................... 37
Task 2: Basic EIGRP Configuration ............................................................................. 40
Lab 4-1: Implement Internet Connectivity .......................................................................... 43
Command List ............................................................................................................. 44
Task 1: Configure DHCP on CE Router ....................................................................... 45
Task 2: Configure Static Routing for Internet Access ................................................... 46
Task 3: Configure PAT on CE Router .......................................................................... 47
Lab 4-2: Configure Data Link Layer Encapsulation ............................................................ 49
Command List ............................................................................................................. 50
2012 Cisco Systems, Inc. Lab Guide 3

Task 1: Configure a POS Interface on the PE Router .................................................. 51
Task 2: Configure PPP on POS Interface .................................................................... 52
Lab 5-1: Configure Network Management Tools ............................................................... 57
Visual Objective........................................................................................................... 57
Command List ............................................................................................................. 58
Task 1: Configure and Verify Cisco Discovery Protocol ............................................... 59
Task 2: Configure Logging .......................................................................................... 60
Task 3: Configure and Verify NTP ............................................................................... 62
Task 4: Configuring and Verifying IP SLA .................................................................... 63
Lab 5-2: Configure AAA .................................................................................................... 65
Command List ............................................................................................................. 66
Task 1: Configure AAA Authentication ......................................................................... 67
Answer Key ....................................................................................................................... 69
Lab 1-1 Answer Key: Verify Host IP Configuration ....................................................... 69
Lab 1-2 Answer Key: Configure Subnetting ................................................................. 69
Lab 2-1 Answer Key: Configuring Cisco Switches ....................................................... 69
Lab 3-1 Answer Key: Configure Basic Router Configuration ........................................ 73
Lab 4-1 Answer Key: Implement Internet Connectivity ................................................. 76
Lab 4-2 Answer Key: Configure Data Link Layer Encapsulation .................................. 77
Lab 5-1 Answer Key: Configure Network Management Tools ...................................... 80
Lab 5-2 Answer Key: Configure AAA ........................................................................... 81
Task 1: Configure AAA Authentication ......................................................................... 81
Appendix A: Lab Topology ................................................................................................ 83
SPNGN1
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Job Aids
Lab 1-1: Verify Host IP Configuration
Lab 1-2: Configure Subnetting
Lab 2-1: Configure Cisco Switches
Lab 3-1: Configure Basic Router Configuration
Lab 4-1: Implement Internet Connectivity
Lab 4-2: Configure Data Link Layer Encapsulation
Lab 5-1: Configure Network Management Tools
Lab 5-2: Configure AAA
Answer Key
Appendix A: Lab Topology (Tear-Out)

Job Aids
These job aids are available to help you complete lab activities 2-1 through 5-2.
Pod Access Information

Instructor will provide you with the team and pod numbers, as well as other team and pod
access information. Write down the information in the table for future reference.
Parameter Default value Value
Team number z=1 - 4
Pod number x=1, 3, 5, 7 or

y=2, 4, 6, 8
Remote lab SSH access IP address 128.107.245.9
Remote lab SSH access username instr
Remote lab SSH access password testMe
Pod PE (Cisco IOS XR) router username root
Pod PE (Cisco IOS XR) router password 1ronMan
Pod CE, SW, and PE privileged level password cisco
Device Information
This lab topology consists of four (4) teams and eight (8) pods. Two students will work in each
pod and two pods will work in each team. Each pod has one switch and two routers. Two pods
share one additional switch. All teams share the same core routers (P1 and P2).
Devices in the lab are connected with Fast Ethernet and Gigabit Ethernet connections, and two
teams have a redundant POS connection, as shown in the following topology:
Legend:
Gi
Fa
OC3 POS
Team 1 Team 2
CE1 Pod 1 SW1 PE1 PE3 SW3 Pod 3 CE3
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
2012 Cisco and/or its affiliates. All rights reserved. SPNGN v1.0LG-4
Device Roles and Loopback IP Addresses
Device Name Device Role Lo0 IPv4 Address Lo0 IPv6 Address
CEx Cisco 2900 pod router 10.x.10.1/32 2001:db8:10:x:10::1/128

CEy 10.y.10.1/32 2001:db8:10:y:10::1/128
PEx Cisco ASR 9000 or Cisco 10.x.1.1/32 2001:db8:10:x:1::1/128

PEy ASR 1000 pod router 10.y.1.1/32 2001:db8:10:y:1::1/128
SWx Cisco ME340x pod switch 10.x.0.1/32 2001:db8:10:x:0::1/128

SWy 10.y.0.1/32 2001:db8:10:y:0::1/128
SWxy Cisco ME340x pod switch 10.xy.0.1/32 2001:db8:10:xy:0::1/128

shared inside a team
P1 Cisco ASR 9000 core router 10.0.1.1/32 2001:db8:10:0:1::1/128
P2 Cisco ASR 9000 core router 10.0.2.1/32 2001:db8:10:0:2::1/128
The following figure illustrates the interface identification used in this lab setup.
Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1
Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1
Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
IP Addressing
The following figure illustrates the IP addressing scheme used in this lab setup.

Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1.0/24
192.168.2.0/24
192.168.1xy.0/24
10.y.10.1 SWxy 10.y.0.1 10.y.1.1
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
The following figure illustrates the management IP addresses used in this lab setup.
Team 1 Team 2
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
10.10.10.13 10.10.10.18 10.10.10.21
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23

10.10.10.30 10.10.10.27 10.10.10.33 10.10.10.40 10.10.10.34 10.10.10.37
10.10.10.29 10.10.10.26 10.10.10.36
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
Team 3 Team 4
Note Replace the x or y with your pod number to get the IP subnets within your pod. Replace
the xy (where x < y) with numbers of the pods within the same team (for example, 12, 34,
56, or 78) to get IP subnets on the link between those pods.
Pod IP Addressing
Device IP Address Peer IP Address
CEx 192.168.10x.x1/24 PEx 192.168.10x.x0/24

(Gi0/0) 2001:db8:192:168:10x::x1/80 (Gi0/0/0/0) 2001:db8:192:168:10x::x0/80
CEy 192.168.10y.y1/24 PEy 192.168.10y.y0/24

(Gi0/0) 2001:db8:192:168:10y::y1/80 (Gi0/0/0) 2001:db8:192:168:10y::y0/80
PEx 192.168.1xy.x0/24 PEy 192.168.1xy.y0/24

(Gi0/0/0/1) 2001:db8:192:168:1xy::x0/80 (Gi0/0/1) 2001:db8:192:168:1xy::y0/80
PEx 192.168.x1.x0/24 P1 192.168.x1.1/24

(Gi0/0/0/2) 2001:db8:192:168:x1::x0/80 2001:db8:192:168:x1::1/80
PEy 192.168.y1.y0/24 P1 192.168.y1.1/24

(Gi0/0/0/2) 2001:db8:192:168:y1::y0/80 2001:db8:192:168:y1::1/80
PEx 192.168.x2.x0/24 P2 192.168.x2.2/24

(Gi0/0/0/3) 2001:db8:192:168:x2::x0/80 2001:db8:192:168:x2::2/80
PEy 192.168.y2.y0/24 P2 192.168.y2.2/24

(Gi0/0/0/3) 2001:db8:192:168:y2::y0/80 2001:db8:192:168:y2::2/80
PE2 192.168.211.20/24 PE4 192.168.211.40/24

(POS0/2/0) 2001:db8:192:168:211::20/80 (POS0/2/0) 2001:db8:192:168:211::40/80
PE2 192.168.212.20/24 PE4 192.168.212.40/24

(POS0/2/1) 2001:db8:192:168:212::20/80 (POS0/2/1) 2001:db8:192:168:212::40/80
PE6 192.168.221.60/24 PE8 192.168.221.80/24

(POS0/2/0) 2001:db8:192:168:221::60/80 (POS0/2/0) 2001:db8:192:168:221::80/80
PE6 192.168.222.60/24 PE8 192.168.222.80/24

(POS0/2/1) 2001:db8:192:168:222::60/80 (POS0/2/1) 2001:db8:192:168:222::80/80
Core IP Addressing
Device Device IP Address Peer Peer IP Address
P1 192.168.1.1/24 P2 192.168.1.2/24
2001:db8:192:168:1::1/80 2001:db8:192:168:1::2/80
192.168.2.1/24 192.168.2.2/24
2001:db8:192:168:2::1/80 2001:db8:192:168:2::2/80

Lab 1-1: Verify Host IP Configuration
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will be able to use Windows applications and commands to investigate the
IP configuration of your PC and your local network. After completing this activity, you will be
able to meet these objectives:
Use the ipconfig command to determine the current network addressing information of
your PC
Use the ping command to test connectivity to the default gateway
Use the nslookup command to perform forward and reverse DNS lookups
Visual Objective
The figure illustrates what you will accomplish in this activity.
Perform forward and

reverse DNS lookups
DNS server
NSLOOKUP
Student PC
Determine the current network
addressing information
Internet
Default gateway PING
Test connectivity
Required Resources
These are the resources and equipment that are required to complete this lab activity:
A PC connected to a functioning network, with connectivity to the Internet
Command List
The table describes the commands that are used in this lab activity.
Windows Commands
Command Description
ipconfig Displays current IP addresses, network mask, and default

gateway IP address
ping Tests IP connectivity between hosts
nslookup Performs DNS lookups
Task 1: Verify IP Configuration of a Windows Host

In order to obtain the current IP address information, it is necessary to use the Windows
ipconfig command. You must open a command window to access Windows commands.
Activity Procedure
Step 1 From the Windows desktop, click Start.
Step 2 Enter cmd in the dialog box. Press Return.
Step 3 In the Command Prompt window, enter ipconfig.
Your output should resemble one of these four examples:
Nonworking example 1: The output indicates no connectivity. The Ethernet cable is probably
not physically connected. Notice the Teredo Tunneling Pseudo-Interface that gives
full IPv6 connectivity for IPv6-capable hosts, which are on the IPv4 network but which have
no direct connection to an IPv6 network.
C:\Documents and Settings>ipconfig
< text omitted >
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . :
fe80::ffff:ffff:fffd%6
Default Gateway . . . . . . . . . :
Nonworking example 2: The output indicates that the PC is waiting to obtain its IP address
information automatically. This will be a transient outputit will either successfully get an
address or retry the ipconfig command periodically until it changes to one of these remaining
examples. Notice the link-local IPv6 address: fe80::21c:25ff:fe97:4aeb%5
< text omitted >
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . :
fe80::21c:25ff:fe97:4aeb%5

Nonworking example 3: The output indicates that the PC network adapter was unable to
obtain an IP address automatically, so the PC will use a generated link-local address. Getting a
link-local address may seem like success, but it really indicates that there is no connectivity to
an IP address server. This address will not be useful for network connectivity. If you see an IP
address beginning with 169.254.x.x, you do not have a valid address.
< text omitted >
IP Address. . . . . . . . . . . . : 169.254.249.221
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . :
fe80::21c:25ff:fe97:4aeb%5
Working example 1: The output indicates that the PC either has a preconfigured IPv4 address
or that it successfully obtained its IP address automatically. Your IPv4 address, subnet mask, or
default gateway will most likely be different from what is shown.
Windows IP Configuration
Connection-specific DNS Suffix . : cisco.com
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . :
fe80::21c:25ff:fe97:4aeb%5
Default Gateway . . . . . . . . . : 192.168.1.1
Step 4 If you have a problem, ask your instructor for assistance. Continue only if you have
a valid IPv4 address. Write the IPv4 values that you obtained from the ipconfig
command in these spaces:
PC IP address ___________________
Subnet mask ___________________
IP default gateway address ___________________
Note There might be more than one network adapter available on a PC. The output of the
ipconfig command will show a different IP configuration for each network adapter.
Activity Verification
You have completed this task when you attain this result:
You obtained valid IP address information from the ipconfig command.
Task 2: Verify Connectivity
The Windows ping command allows you to test the connectivity of the network. Its output
demonstrates success or failure, and gives an indication of the round-trip time taken.
Activity Procedure
Step 1 In the Command Prompt window, enter ping followed by the address of your default
gateway that you obtained in Task 1.
Step 2 The first example below is an unsuccessful ping. If you get this output, ask your
instructor for assistance.
Nonworking example: The output indicates that no reply was received from the target IP
address.
C:\Documents and Settings>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 0, Lost = 4
(100% loss),
Working example: This output indicates successful receipt of replies from the target IP
address.
C:\Documents and Settings>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Note Notice that, by default, the Windows ping command sends four packets.
You have completed this task when you attain these results:
You used the Windows ping command to test the connectivity to your default gateway
router.
The round-trip time should be less than 10 ms.

Task 3: Perform Forward and Reverse DNS Lookups
In this task, you will perform forward and reverse DNS lookups.
Activity Procedure
Step 1 From the Command Prompt window, enter nslookup www.cisco.com
The first example below shows forward DNS lookup for www.cisco.com. DNS
server used in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup www.cisco.com
Server: lab-x.cisco.com
Address: 192.168.100.100
Non-authoritative answer:
Name: origin-www.cisco.com
Address: 72.163.4.161
Aliases: www.cisco.com, www.cisco.com.akadns.net
geoprod.cisco.com.akadns.net
Step 2 From the Command Prompt window, enter nslookup 8.8.8.8
The second example below shows reverse DNS lookup for IP address 8.8.8.8 which
is a Google public DNS server with hostname google-public-dns-a.google.com. The
DNS server used in this query is lab-x.cisco.com with IP address 192.168.100.100.
C:\Documents and Settings>nslookup 8.8.8.8
Server: lab-x.cisco.com
Address: 192.168.100.100
Name: google-public-dns-a.google.com
Address: 8.8.8.8
You used the Windows nslookup command to determine the IP address for
http://www.cisco.com and to determine the hostname for IP address 8.8.8.8.
Lab 1-2: Configure Subnetting
Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
In this activity, you will determine subnets of a given address range based on the number of
hosts. After completing this activity, you will be able to meet these objectives:
Determine the subnets based on a given number of hosts
Determine the maximum number of host addresses that are available in a determined
subnet
Determine the broadcast address for a determined subnet
Visual Objective
There are no visual objectives for this lab activity.
Required Resources
These are the resources and equipment that are required to complete this activity.
Pen
Paper
Command List
There are no commands that are used in this activity.
Job Aids
These job aids are available to help you complete the lab activity.
Pen
Paper
Task 1: Divide Address Space into Correctly Sized Subnets

During this task, you will determine the recommended action that is based on the criteria that is
shown for a series of incident tickets.
Activity Procedure
Given a network 192.168.0.0/21 and the required number of hosts, complete the table to
identify the subnet, subnet prefix, maximum number of hosts, and broadcast address for that
subnet.
Required Number Subnet Maximum Subnet

of Hosts Number of Hosts Broadcast
per Subnet Address
300
200
150
100

per Subnet Address
50
40
20
Given a network and maximum number of hosts, you can identify the subnet, subnet prefix,
maximum number of hosts, and broadcast address for that subnet.
Lab 2-1: Configure Cisco Switches
Activity Objective
In this lab activity, you will monitor switch bootup procedure and enable basic switch
configuration. You will configure port settings, MOTD, and enable SSH access to the switches.
In the second part of the lab activity, you will enable the port security feature and verify
operation of Spanning Tree Protocol.
Note Students from two different pods are working in a team. All Cisco ME340x switches are
running Cisco IOS Software. The first pod in the team will work on the switch SWx (where x
is 1, 3, 5, or 7), while the second pod in the same team will work on the SWy (where y is 2,
4, 6, or 8). Switch SWxy (where xy is 12, 34, 56, or 78) is shared between two pods in the
team, and students from both pods will access a shared switch. Students in the same team
should coordinate their lab activity.
After completing this activity, you will be able to meet these objectives:
Monitor bootup procedure of the switch
Enable basic configuration of the switch
Enable SSH access to the switch
Configure and verify Spanning Tree Protocol
Configure EtherChannel
Configure and verify port security

Visual Objective
Monitor boot procedure

Enable basic configuration
Team z Enable SSH access
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2
Fa0/23 Fa0/22
Configure EtherChannel
Fa0/21
Fa0/21
Configure and verify spanning tree protocol
Configure and verify port security
Fa0/23
SWxy Fa0/21
Fa0/22
Fa0/23
Gi0/0 Fa0/1
CEy Pod y SWy PEy
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
An SSH client installed on the PC
Command List
Cisco IOS Commands
Command Description
banner motd # message # Defines and enables a message-of-the-day banner

in global configuration mode
channel-group number mode on Manually creates a port-channel interface
configure terminal Enters configuration mode
copy running-config startup- Saves running configuration

config
crypto key generate rsa Generates RSA key pairs in global configuration
mode, which enables SSH access on the device
duplex {full | half | auto} Configures duplex operation on an interface in

interface configuration mode
Enable Enters router privileged mode
enable password password Sets router enable password
erase startup-config Clears router startup configuration
exec-timeout minutes seconds Sets line EXEC timeout
hostname hostname Configures the router hostname
interface interface Enters interface configuration mode
interface vlan vlan_id Creates logical interface for management purposes

on the switch
ip address ip_address Sets a primary or secondary IPv4 address for an

subnet_mask interface and the subnet mask
ip domain name name Defines a default domain name that the Cisco IOS
Software uses to complete unqualified hostnames
(names without a dotted-decimal domain name) in
global configuration mode
line con 0 Enters line console configuration
line vty first_line last_line Enters line vty configuration
logging synchronous Synchronizes message output on the line
Login Enables login on the line
login local Enables password checking at login in line

configuration mode. Selects local password
checking. Authentication is based on the username
specified with the username global configuration
command
password password Sets line password
port-type {eni | nni | uni} Sets the port type in interface configuration mode
reload Reloads router
show etherchannel summary Displays one line of information per port-channel
show interfaces

Command Description
show port-security [interface Displays the ports on which port security has been
intf_id] address enabled. Also displays count information and
security actions to be taken per interface
show port-security address Displays MAC address table security information
show running-config Displays running configuration
show spanning-tree root Shows where root bridge resides
show spanning-tree vlan Reveals spanning tree mode, bridge ID of local

vlan_id switch (Bridge ID) and Bridge ID of Root bridge
(Root ID), and also displays port roles and statuses
show ssh Displays SSH connections to the device
show version Displays router hardware and software version,

uptime and license activated
shutdown Shuts down an interface
speed {10 | 100 | 1000 Configures the speed for a Fast Ethernet or Gigabit
[negotiate] | auto [speed- Ethernet interface in interface configuration mode
list]}
ssh l username ip_address Starts an encrypted session with a remote
networking device in privileged EXEC or user EXEC
mode
switchport port-security Enables port security on interface
switchport port-security mac- Converts learned MAC address to sticky secure

address sticky MAC address
switchport port-security Defines what action an interface will take if a

violation {shutdown | restrict nonallowed MAC address attempts access
| protect}
username name password secret Establishes a username-based authentication

system in global configuration mode
Task 1: Boot Cisco ME340x Switch and Perform Basic
Configuration
In this task, you will examine switch configuration, erase switch startup configuration, and
reload switch. While the switch is reloading, you will monitor bootup procedure. You will
configure switch initial configuration.
Activity Procedure
Complete these steps on the pod SW switch running Cisco IOS:
Step 1 Log in to the SW switch in your pod and examine the running configuration. Write
down the following parameters from the running configuration:
Parameter Value
Hostname
Enable password
VTY login password
Step 2 On your pod switch and shared switch, erase the startup configuration and reload the
switch. Do not save the configuration, if asked. Confirm the reload and observe the
bootup procedure. Do not enter initial configuration dialog when asked.
Step 3 On your pod switch and shared switch, configure the hostname, enable password,
and vty login password. Set console EXEC timeout to infinity and enable
synchronous logging. Save the configuration. For hostname and passwords, use the
information in the Job Aids section.
Step 4 On your pod switch and shared switch, define a MOTD banner, saying Access for
authorized users only. Please enter your username and password.
Step 5 On your pod switch and shared switch, set port duplex and speed settings on links
connecting to other switches to full and 100 Mb/s. Enable these ports. For port
identification, use information in the Job Aids section.
Step 6 On your pod switch, set port duplex and speed settings on links connecting to CE
and PE routers to full and 100 Mb/s. Enable these ports. For port identification,
use information in the Job Aids section.
Step 7 On the CE and PE pod routers, set duplex and speed settings on the link connecting
to the pod switch to full and 100 Mb/s. For port identification, use information in
the Job Aids section. The PE router running Cisco IOS XE Software will require
disabling duplex negotiation. Use the no negotiation auto interface command to
disable duplex negotiation and then configure the duplex full.
Step 8 On your pod switch, shut down interface Fast Ethernet 0/24, connecting to the
shared team switch. By doing this, you will have only one active connection
between your pod switch and shared team switch.
Step 9 On your pod switch and shared switch, change the port type of interfaces Gigabit
Ethernet 0/1 and Gigabit Ethernet 0/2 to UNI. By default, Gigabit Ethernet
interfaces are configured as NNI port types.
Step 10 On your pod switch, change the port type of interface Fast Ethernet 0/2 to NNI.
Step 11 On your pod switch, change the port type of interfaces Fast Ethernet 0/21, Fast
Ethernet 0/22, and Fast Ethernet 0/23 to NNI. On your team shared switch, change
the port type of interfaces Fast Ethernet 0/21 and Fast Ethernet 0/23 to NNI.

Note By default, ports configured as NNI port type participate in STP protocol and are able to
bundle interfaces to EtherChannel.
Note All outputs are taken from devices in team 1.
On the pod switch, verify the running configuration. The running configuration should
include components configured in this task.
SW1#show running-config
Building configuration...
Current configuration : 2034 bytes

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
vlan 100
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0/1
speed 100
duplex full
!
port-type nni
speed 100
duplex full
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
port-type nni
speed 100
duplex full
!
port-type nni
speed 100
duplex full
!
port-type nni
speed 100

duplex full
!
shutdown
speed 100
duplex full
!
interface GigabitEthernet0/1
!
!
interface Vlan1
no ip address
no ip route-cache
!
no ip http server
ip http secure-server
ip sla enable reaction-alerts
banner motd ^C Access for authorized users only. Please enter your username
and password. ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
SW1#

!
version 12.2
no service pad
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip address
no ip route-cache
!
speed 100
duplex full
!
port-type nni
speed 100
duplex full
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
port-type nni
speed 100
duplex full
!
port-type nni
speed 100
duplex full
!
port-type nni
speed 100
duplex full
!
shutdown
speed 100
duplex full
!
!
!
interface Vlan1
no ip address
no ip route-cache
!
no ip http server
and password. ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
SW2#

!
version 12.2
no service pad
!
hostname SW12
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
!
vlan 22
!
!
!
no ip address
no ip route-cache
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
port-type nni
speed 100
duplex full
!
speed 100
duplex full
!
port-type nni
speed 100
duplex full
!
speed 100
duplex full
!
!
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
no ip http server
and password. ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
SW12#
Log out from your pod switch and access it again via the console. Verify that the banner
appears and the enable password is required.
SW1#exit
SW1 con0 is now available
Press RETURN to get started.
Access for authorized users only. Please enter your username and password.
SW1>enable
Password: cisco
SW1#
Verify duplex and speed settings on interfaces:
SW1#show interfaces FastEthernet 0/23
FastEthernet0/23 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.70b5.6419 (bia e8ba.70b5.6419)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
< text omitted >
On your pod switch, verify the switch status by examining the show version output.
SW1#show version
Cisco IOS Software, ME340x Software (ME340x-METROACCESSK9-M), Version
12.2(53)SE, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 13-Dec-09 17:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02600000
ROM: Bootstrap program is ME340x boot loader

BOOTLDR: ME340x Boot Loader (ME340x-HBOOT-M) Version 12.2(44r)EY, RELEASE
SOFTWARE (fc1)
SW1 uptime is 1 hour, 7 minutes

System returned to ROM by power-on
System image file is "flash:me340x-metroaccessk9-mz.122-53.SE/me340x-
metroaccessk9-mz.122-53.SE.bin"
This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to

export@cisco.com.
cisco ME-3400E-24TS-M (PowerPC405) processor (revision E0) with 131072K bytes

of memory.
Processor board ID FOC1520V222

Last reset from power-on
1 Virtual Ethernet interface
25 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : E8:BA:70:B5:64:00
Motherboard assembly number : 73-11449-11
Motherboard serial number : FOC151946RU
Model revision number : E0
Motherboard revision number : B0
Model number : ME-3400E-24TS-M
Daughterboard assembly number : 73-11450-02
Daughterboard serial number : FOC151908Y6
System serial number : FOC1520V222
Top Assembly Part Number : 800-29843-03
Top Assembly Revision Number : D0
Version ID : V03
CLEI Code Number : COMBW00BRA
Daughterboard revision number : A0
Hardware Board Revision Number : 0x04
Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------
* 1 26 ME-3400E-24TS-M 12.2(53)SE ME340x-METROACCESSK9-M
Configuration register is 0xF

On your pod switch and shared switch, verify the interface type information by using the
show port-type command.
SW1#show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
Fa0/2 1 Network Node Interface (nni)
Gi0/1 1 User Network Interface (uni)
SW2#show port-type
--------- ------------------ ---------- ----------------------------
SW12#show port-type
--------- ------------------ ---------- ----------------------------
Task 2: Enable SSH Access to the Switch

In this task, you will enable SSH access to your pod switch.
Activity Procedure
Complete these steps:
Step 1 On your pod switch SWx (where x is your pod number 1, 3, 5, or 7), configure the
management IP address on logical interface Vlan 1 to 10.11z.11z.1/24 (where z is
your team number). On your pod switch SWy (where y is your pod number 2, 4, 6,
or 8), configure the management IP address on logical interface Vlan 1 to

10.11z.11z.2/24 (where z is your team number). On your team shared switch SWxy
(where xy is 12, 34, 56, or 78), configure the management IP address on logical
interface Vlan 1 to 10.11z.11z.3/24 (where z is your team number). Enable interface
Vlan 1 on your pod and shared switch.
Step 2 On your pod switch, configure the domain name to cisco.com.
Step 3 On your pod switch, generate an RSA key pair, which automatically enables SSH.
Step 4 On your pod switch, populate the local database with username cisco and
password cisco.
Step 5 On your pod switch, on the vty lines, select local password checking from the local
database.
You can access your team shared switch via the console and access both pod switches in
the team using SSH:
SW12#ssh -l cisco 10.111.111.1
Password: cisco
SW1>exit
[Connection to 10.111.111.1 closed by foreign host]

SW12#ssh -l cisco 10.111.111.2
Password: cisco
SW2>exit
[Connection to 10.111.111.2 closed by foreign host]

SW12#
Task 3: Verify STP Operation

In this task, you will verify STP operation. By default, Rapid PVST+ mode is configured on
Cisco ME340x switches. Your team shared switch has been preconfigured to become root
bridge by setting its bridge priority value to the lowest value.
Activity Procedure
Step 1 On your pod switch, verify which ports are in blocking state and what are interface
spanning tree costs. Because there are two physical loops in the topology, two ports
should be blocked to break these two loops.
SW1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 5835.d9d6.0000
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address e8ba.70b5.6400
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
--
Fa0/2 Desg FWD 19 128.4 P2p
Fa0/21 Altn BLK 19 128.23 P2p
Fa0/22 Altn BLK 19 128.24 P2p
Fa0/23 Root FWD 19 128.25 P2p
VLAN0001
Cost 19

Address e8ba.70b5.5e00
Aging Time 300 sec

------------------- ---- --- --------- -------- ------------------------------
--
Fa0/21 Desg FWD 19 128.23 P2p
Fa0/22 Desg FWD 19 128.24 P2p
Fa0/23 Root FWD 19 128.25 P2p
VLAN0001
This bridge is the root

Aging Time 300 sec

------------------- ---- --- --------- -------- ------------------------------
--
Fa0/21 Desg FWD 19 128.23 P2p
Fa0/23 Desg FWD 19 128.25 P2p
Note By default, interfaces configured as NNI port type participate in spanning tree operation.
Step 2 On your pod switch, verify which port connects to the root bridge.
SW1#show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 5835.d9d6.0000 19 2 20 15 Fa0/23
Root Hello Max Fwd

---------------- -------------------- --------- ----- --- --- ------------

VLAN0001 32769 5835.d9d6.0000 19 2 20 15 Fa0/23
Root Hello Max Fwd

---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 5835.d9d6.0000 0 2 20 15
On your pod switch, verify which ports are in blocking state and what are interface
spanning tree costs.
On your pod switch, verify which port connects to the root bridge.
Task 4: Configuring EtherChannel

In this task, you will configure EtherChannel.
Activity Procedure
Step 1 On your pod switch, manually bundle interfaces Fast Ethernet 0/21 and Fast
Ethernet 0/22 (no negotiation protocol used) to logical interface port-channel 1.
Note If interfaces are put in err-disabled state, administratively disable and then enable interfaces.
On your pod switch, verify that interface port-channel 1 is up and running:
SW1#show interfaces Port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70b5.6417 (bia e8ba.70b5.6417)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >
SW2#show interfaces Port-channel 1

Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70b5.5e17 (bia e8ba.70b5.5e17)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
< text omitted >
On your pod switch, verify which ports are members of port-channel 1.
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+---------------------------------------------
--
1 Po1(SU) - Fa0/21(P) Fa0/22(P)
SW2#show etherchannel summary

Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+---------------------------------------------
--
1 Po1(SU) - Fa0/21(P) Fa0/22(P)
On your pod switch, verify that, instead of interfaces Fast Ethernet 0/21 and Fast Ethernet
0/22, only logical interface port-channel1, with lowered spanning tree cost, participates in
spanning tree operation:
VLAN0001
Cost 19

Address e8ba.70b5.6400
Aging Time 300 sec

------------------- ---- --- --------- -------- ------------------------------
--
Fa0/23 Root FWD 19 128.25 P2p
Po1 Altn BLK 12 128.56 P2p
VLAN0001
Cost 19

Address e8ba.70b5.5e00
Aging Time 300 sec

------------------- ---- --- --------- -------- ------------------------------
--
Fa0/23 Root FWD 19 128.25 P2p
Po1 Desg FWD 12 128.56 P2p
Task 5: Configuring Port Security

In this task, you will configure the port security feature on your pod switch and verify its
operation.
Activity Procedure
Step 1 On your pod switch, enable the port security feature for interface Fast Ethernet 0/1
connecting to your pod CE router.
Step 2 Convert the learned MAC address to a sticky secure MAC address.
Step 3 Define shutdown as the action that the interface will take if a nonallowed MAC
address attempts to access interface Fast Ethernet 0/1.
Step 4 On your pod switch and shared switch, save the configuration.
Verify the ports on which port security has been enabled and display violation count
information and security actions to be taken for interface Fast Ethernet 0/1:
SW1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
---------------------------------------------------------------------
------
Fa0/1 1 1 0
Shutdown
---------------------------------------------------------------------
------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120
SW1#show port-security interface FastEthernet 0/1

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : e8b7.482c.a180:1
Security Violation Count : 0
Compare the MAC address of the CE router interface Gigabit Ethernet 0/0 with the port
security sticky MAC address. They should be the same:
SW1#show port-security address
Secure Mac Address Table
---------------------------------------------------------------------
---
Vlan Mac Address Type Ports Remaining
Age
(mins)
---- ----------- ---- ----- ----------
---
1 e8b7.482c.a180 SecureSticky Fa0/1 -
---------------------------------------------------------------------
---
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 5120
CE1#show interface GigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is e8b7.482c.a180 (bia
e8b7.482c.a180)
Internet address is 192.168.101.11/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is
unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 7000 bits/sec, 0 packets/sec
5 minute output rate 4000 bits/sec, 0 packets/sec
203422 packets input, 209865086 bytes, 0 no buffer
Received 157498 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 157483 multicast, 0 pause input
0 input packets with dribble condition detected
707208 packets output, 616095479 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
3 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
4 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Lab 3-1: Configure Basic Router Configuration
Activity Objective
In this activity, you will monitor the router bootup procedure, enable basic router configuration,
and configure a basic EIGRP. After completing this activity, you will be able to meet these
objectives:
Examine running configuration of the router
Monitor the bootup procedure of the router
Enable a basic configuration on the router
Configure and verify basic EIGRP operations
Note Students from two different pods are working in a team. The CE routers in both pods are
running Cisco IOS Software. The first pod within a team will work on the PE router running
Cisco IOS XR Software, and the second pod within the same team will work on the PE
router running Cisco IOS XE Software.
Students in the same team should coordinate their lab activity.
Visual Objective
Team z
CEx Pod x EIGRP AS x PEx
1. Examine running configuration

2. Monitor boot procedure
3. Enable basic configuration
4. Enable EIGRP in the AS
Pod y EIGRP AS y
CEy PEy
Required Resources
Command List
Cisco IOS/IOS XE Commands
Command Description
cdp enable Enables the Cisco Discovery Protocol on an interface
cdp run Enables the Cisco Discovery Protocol globally
copy running-config Saves the running configuration

startup-config
enable Enters router privilege mode
erase startup-config Clears router startup configuration
exec-timeout minutes Sets line EXEC timeout

seconds
ip address ip_address Sets a primary or secondary IPv4 address for an interface

subnet_mask and the subnet mask
license boot (for Cisco Configures the license on the module

IOS XE only)
line vty first_line Enters line vty configuration

last_line
logging synchronous Synchronizes message output on the line
login Enables login on the line
network network Enables EIGRP on the network

wildcard_mask
password password Sets the line password
ping dest_IP source Verifies connectivity between the source IP and the
source_IP destination IP
reload Reloads the router
router eigrp AS_number Creates an EIGRP process
show ip eigrp interface Displays EIGRP interface information
show ip eigrp neighbor Displays EIGRP neighbor information
show ip eigrp topology Displays lists of information related to the EIGRP topology
for a specific router

Command Description
show ip interface brief Displays the interface status and IPv4 addresses
configured
show ip route Displays the current routes in the routing table
show platform Displays router hardware and software characteristics
show running-config Displays running configuration
show version Displays router hardware and software version, uptime,

and license activated
Cisco IOS XR Commands
Command Description
address-family ipv4 Enters address family configuration mode for EIGRP (in
unicast EIGRP configuration mode)
cdp Enables the Cisco Discovery Protocol globally or on an

interface
commit Commits changes to the running configuration
commit replace Clears the router active configuration
domain vrf default name Sets the domain name on the router
domain_name
exec-timeout minutes Sets line EXEC timeout
seconds
interface interface Defines the interfaces on which the EIGRP protocol runs
ipv4 address Sets a primary or secondary IPv4 address for an interface

ip_address/len and the subnet mask using the prefix length format
reload Reloads the router
router eigrp AS_number Creates an EIGRP process
show eigrp interface Displays EIGRP interface information
show eigrp neighbor Displays EIGRP neighbor information
show eigrp topology Displays lists of information related to the EIGRP topology
for a specific router
show ipv4 interface brief Displays interface status and IPv4 addresses configured
show platform Displays router hardware and software characteristics
show route Displays the current routes in the routing table
show running-config Displays the running configuration
Command Description
show version Displays the router hardware and software version, uptime,
and license activated
speed speed Sets speed on the Ethernet interface
Task 1: Boot Cisco Router and Perform Basic Configuration

In this task, you will examine router configuration, erase router startup configuration, and
reload the router. While the router is reloading, you will monitor the boot procedure. You will
configure the router initial configuration.
Activity Procedure
Step 1 Log in to the CE router in your pod and examine the running configuration. Write
down the following parameters from the running configuration:
CE Router Parameters
Parameter Value
Hostname
Enable password
vty login password
Step 2 On the CE router in your pod, erase the startup configuration and reload the router.
Do not save the configuration when asked. Observe the bootup procedure. Do not
enter the initial configuration dialog when asked.
Step 3 On the CE router in your pod, configure the hostname, enable the password cisco,
and the vty login password cisco. To set the hostname, use Job Aids. Set the
console EXEC timeout to infinity and enable synchronous logging. Save the
configuration.
Step 4 On the CE router in your pod, enable and assign the IP address to Loopback 0 and
the first Gigabit Ethernet interfaces. To assign the IP addresses, use Job Aids.
Step 5 Log in to the PE router running Cisco IOS XR Software in your pod and examine
the running configuration. Write down the following parameters from the running
configuration:
Cisco IOS XR PE Router Parameters
Parameter Value
Hostname
Domain VRF default name
Management interface and IP address
Gigabit Ethernet 0/0/0/0 speed

Step 6 On the PE router (Cisco IOS XR Software) in your pod, erase the configuration and
reload the router. Observe the bootup procedure. The bootup procedure will take
several minutes. Proceed when you see modules A9K-RSP-4G and A9K-40GE-L
running:
RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON
Step 7 On the PE router (IOS XR) in your pod, configure the hostname and domain VRF
default name ciscolab.com. Set the console EXEC timeout to infinity. Enable the
interface and start Cisco Discovery Protocol and assign the IP address to the first
management interface, Loopback 0, and the first Gigabit Ethernet interfaces. Set the
speed to the first Gigabit Ethernet interface to 100. To configure the hostname and
interface IP addresses, use the Job Aids.
Note In the Cisco IOS XR Software, Cisco Discovery Protocol must be enabled globally and on
the interface with the cdp global and interface command.
Step 8 Log in to the PE router running Cisco IOS XE Software in your pod and examine
the running configuration. Write down the following parameters from the running
configuration:
Cisco IOS XE PE Router Parameters
Parameter Value
Hostname
Enable password
vty login password
Management interface and IP address
Step 9 On the PE router (Cisco IOS XE Software) in your pod, erase the startup
configuration and reload the router. Do not save the configuration when asked.
Observe the bootup procedure. Do not enter the initial configuration dialog when
asked and terminate autoinstall.
Step 10 On the PE router (Cisco IOS XE Software) in your pod, configure the hostname,
enable password cisco and the vty password cisco. Set the console EXEC
timeout to infinity and synchronous login. Enable the interface and assign the IP
address to the management interface, Loopback 0, and first Gigabit Ethernet
interfaces. Enable Cisco Discovery Protocol. To configure the hostname and
interface IP addresses, use Job Aids. Set the duplex and speed settings on the first
Gigabit Ethernet interface to full and 100. The PE router running Cisco IOS XE
Software will require disabling duplex negotiation. Use the no negotiation auto
interface command to disable duplex negotiation and then configure duplex full.
Step 11 On the PE router (Cisco IOS XE Software) in your pod, use the license boot
module asr1001 group all level adventerprise command to configure the
adventerprise license.
On the CE and PE routers in your pod, verify the running configuration. The running
configuration should include components configured in this task.
On the CE and PE routers in your pod, verify the interface status. Loopback 0 and the first
Gigabit Ethernet interfaces should be up with the IP address assigned.
CE1#show ip interface brief | include up
GigabitEthernet0/0 192.168.101.11 YES manual up up
Loopback0 10.1.10.1 YES manual up up
RP/0/RSP0/CPU0:PE1#show ipv4 interface brief | include Up

Loopback0 10.1.1.1 Up Up
MgmtEth0/RSP0/CPU0/0 10.10.10.17 Up Up
GigabitEthernet0/0/0/0 192.168.101.10 Up Up
On the CE and PE routers in your pod, verify the router status.

CE1#show version | include uptime | Software
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5,
RELEASE SOFTWARE (fc2)
CE1 uptime is 24 minutes
RP/0/RSP0/CPU0:PE1#show version | include Software

Cisco IOS XR Software, Version 4.1.0[Default]
RP/0/RSP0/CPU0:PE1#show version | include uptime
PE1 uptime is 17 minutes
PE2#show version | include uptime | Software

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version
15.1(1)S, RELEASE SOFTWARE (fc1)
PE2 uptime is 5 minutes
On the CE and PE routers in your pod, monitor system components.
CE1#show platform versions
Platform Revisions/Versions :
===========================
FPGA : 5.02 [Val = 0x502]
Board Rev : 2 [Val = 0x203; Type = 3]
Env Rev : 4.5 [Val = 0x405, Bit 15 = 0]
PSEQ Rev : 3.05 [Val = 0x305]
I/O Ctl Nm : GA 1.1 [Val = 0x47410101]
I/O Ctl Ver: 2 [Val = 0x20316447]
CPU information :
---------------
Company ID = 0xD
Processor ID = 0x7
Revision = 0x8
Company OPTs = 0x0
USB Con BL : 1.01 (Boot Loader)
USB Con FW : 2.02 (Application Firmware)
USB Con FWU: 2.02 (Application Firmware Upgrade)
IOS :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5,
RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:41 by prod_rel_team

ROMMON (Readonly) :
System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Copyright (c) 2010 by cisco Systems, Inc.
RP/0/RSP0/CPU0:PE1#show platform
Node Type State Config State
-----------------------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/0/CPU0 A9K-40GE-L IOS XR RUN PWR,NSHUT,MON
Verify IPv4 connectivity between CE and PE routers in your pod. Ping should be
successful.
CE1#ping 192.168.101.10
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.101.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
Sat Apr 22 03:58:51.887 UTC
!!!!!
On the PE router running Cisco IOS XE Software in your pod, verify that the license is
activated.
PE2#show version | include adventerprise
asr1001 adventerprise 1 YES adventerprise
Task 2: Basic EIGRP Configuration

In this task, you will enable EIGRP between the CE and PE routers in your pod.
Activity Procedure
Step 1 On the CE and PE routers in your pod, enable the EIGRP process. The autonomous
system number should be the same as the pod number. Enable EIGRP on the
Loopback0 and first Gigabit Ethernet interfaces.
On the CE and PE routers in your pod, verify that EIGRP is running on Loopback0 and the
first Gigabit Ethernet interfaces.
CE1#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 1 0/0 5 0/1 50 0
Lo0 0 0/0 0 0/1 0 0
RP/0/RSP0/CPU0:PE1#show eigrp interfaces

IPv4-EIGRP interfaces for AS(1)
Gi0/0/0/0 1 0/0 4 0/10 50 0
Lo0 0 0/0 0 640/640 0 0
PE2#show ip eigrp interfaces

EIGRP-IPv4 Interfaces for AS(2)
Gi0/0/0 1 0/0 1 0/1 50 0
Lo0 0 0/0 0 0/1 0 0
On the CE and PE routers in your pod, verify that the EIGRP neighbor is up.
CE1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.101.10 Gi0/0 10 00:06:08 5 200 0 3
RP/0/RSP0/CPU0:PE1#show eigrp neighbors

IPv4-EIGRP neighbors for AS(1) vrf default

(sec) (ms) Cnt Num
0 192.168.101.11 Gi0/0/0/0 14 00:06:17 4 200 0 3
PE2#show ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(2)
(sec) (ms) Cnt Num
0 192.168.102.21 Gi0/0/0 14 00:01:40 1 200 0 3
On the CE and PE routers in your pod, verify the EIGRP topology table. You should see
the Loopback0 interface network from the neighboring router.
CE1#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.10.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.1.1.1/32, 1 successors, FD is 156160

via 192.168.101.10 (156160/128256), GigabitEthernet0/0
via Connected, GigabitEthernet0/0
via Connected, Loopback0
RP/0/RSP0/CPU0:PE1#show eigrp topology

IPv4-EIGRP Topology Table for AS(1)/ID(10.1.1.1)


via 192.168.101.11 (153856/128256), GigabitEthernet0/0/0/0
via Connected, GigabitEthernet0/0/0/0
PE2#show ip eigrp topology

EIGRP-IPv4 Topology Table for AS(2)/ID(10.2.1.1)

via 192.168.102.21 (156160/128256), GigabitEthernet0/0/0
via Connected, GigabitEthernet0/0/0
On the CE and PE routers in your pod, verify that the EIGRP route is entered into the
routing table.
CE1#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 2 subnets

D 10.1.1.1 [90/156160] via 192.168.101.10, 00:16:03, GigabitEthernet0/0
RP/0/RSP0/CPU0:PE1#show route eigrp

D 10.1.10.1/32 [90/153856] via 192.168.101.11, 00:15:57,
GigabitEthernet0/0/0/0
PE2#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.2.10.1/32
[90/156160] via 192.168.102.21, 00:03:35, GigabitEthernet0/0/0
Verify IPv4 connectivity between the CE and PE router Loopback interfaces in your pod by
using an extended ping command. Ping should be successful.
CE1#ping 10.1.1.1 source 10.1.10.1

Packet sent with a source address of 10.1.10.1
!!!!!
RP/0/RSP0/CPU0:PE1#ping 10.1.10.1 source 10.1.1.1

Fri Apr 21 23:09:05.224 UTC
!!!!!
Lab 4-1: Implement Internet Connectivity
Activity Objective
In this activity, you will connect and configure a customer site to the Internet. After completing
this activity, you will be able to meet these objectives:
Configure DHCP IPv4
Configure DHCP IPv6
Configure static routing for the Internet access
Configure NAT
Visual Objective
Team z
CEx Pod x PEx
NAT Gi0/0
Internet
Gi0/1
Corporate
Network
IPv4 and
Static route to Internet
IPv6 DHCP
Corporate
Network
Gi0/1 Internet
NAT Gi0/0
CEy Pod y PEy
Required Resources
An SSH client that is installed on the PC

Command List
Cisco IOS Commands
Command Description

startup-config
default-router address Specifies the IP address of the default router for a DHCP
client
dns-server address Specifies the IP address of a DNS server that is available

to a DHCP client
domain-name domain Specifies the domain name for the client
enable Enters router privileged mode
ip address ip_address mask Sets an IPv4 address for an interface and the subnet mask
ip dhcp excluded-address Specifies the IP addresses that the DHCP server should
low-address [high-address] not assign to DHCP clients
ip dhcp pool name Creates a name for the DHCP server address pool and
places you in DHCP pool configuration mode
ipv6 address ipv6- Specifies an IPv6 address that is assigned to the interface
prefix/prefix-length
ipv6 dhcp pool poolname Enables configured DHCP on interface
ipv6 dhcp server pool_name Associates the IPv6 DHCP pool with the interface
ipv6 unicast-routing Enables IPv6 on the router globally
network network- Specifies the subnet network number and mask of the
number[mask|/prefix- DHCP address pool
length]
no shutdown Enables the router interface
show ip dhcp Displays a list of all bindings that are created on a specific
binding [address] DHCP server
show ip dhcp pool name Verifies the configured DHCP pool
show ip interface brief Displays the interface status and IPv4 addresses
configured
show ip route Displays the current routes in the routing table
Task 1: Configure DHCP on CE Router
In this task, you will configure the IPv4 DHCP server on the CE router for site clients. You will
also configure the IPv6 DHCP for clients who will be assigned a DHCPv6 address. Use the
following table when configuring DHCP on the CE router.
DHCP Parameters
Parameter Value
IPv4 DHCP range 192.168.255.0/24
IPv4 DHCP excluded addresses 192.168.255.1 192.168.255.99
IPv4 default gateway 192.168.255.1/24
IPv4 DNS server 8.8.8.8
IPv4 domain name ciscolab.com
IPv6 DNS server 2001:db8:0:abcd::3
IPv6 domain name ciscolab.com
Activity Procedure
Step 1 On the CE router in your pod, assign an IPv4 address to the Gigabit Ethernet 0/1
interface according to the following table, and enable the interface. Enable interface
Fast Ethernet 0/1 and Fast Ethernet 0/2 on the shared switch.
CE Router Gigabit Ethernet 0/1 IP Addresses
Parameter Value
IPv6 address 2001:db8:0:abcd::1/48
IPv4 address 192.168.255.1/24
Step 2 On the CE router in your pod, exclude the range of IPv4 addresses that will be
omitted in the DHCP pool, create a DHCP pool named CE_pool and enter the
range of IP addresses that will be provided to network hosts, set the IP default
gateway, name server, and domain name using information that is gathered from the
DHCP Parameters table.
Step 3 On the CE router in your pod, enable IPv6 routing.
Step 4 On the CE router in your pod, create an IPv6 DHCP pool called CE_IPv6, set the
domain name and DNS server address that is found in the DHCP Parameters table.
Step 5 On the CE router in your pod, enable IPv6 and DHCP IPv6 on interface Gigabit
Ethernet 0/1. Additionally, assign an IPv6 address on that interface, as shown in the
table, CE Router Gigabit Ethernet 0/1 IP Addresses.
On the CE router in your pod, verify interface status. Loopback0 and first and second
Gigabit Ethernet interfaces should be up with an IP address assigned:
CE1#show ip interface brief
Interface IP-Address OK? Method
Status Protocol

GigabitEthernet0/0 192.168.101.11 YES manual up
up
GigabitEthernet0/1 192.168.255.1 YES manual up
up
Loopback0 10.1.10.1 YES manual up
up
Verify configured DHCP pool information. Output should be similar to the following:
CE1#show ip dhcp pool CE_pool
Pool CE_pool :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range
Leased addresses
192.168.255.1 192.168.255.1 - 192.168.255.254
0
Verify DHCP configuration:
CE1#show running-config | section ipv6 dhcp
ipv6 dhcp pool CE_IPv6
dns-server 2001:DB8:0:ABCD::3
domain-name ciscolab.com
ipv6 dhcp server CE_IPv6
CE1#show running-config | section interface
GigabitEthernet0/1
ip address 192.168.255.1 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:DB8:0:ABCD::1/48
ipv6 enable
Task 2: Configure Static Routing for Internet Access

In this task, you will configure static routing for Internet access on the CE router.
Activity Procedure
Step 1 On the CE router in your pod, Gigabit Ethernet 0/0 interface is used to access a
simulated Internet network. Configure the default static route to the Internet.
Verify routing table for the static default route:
CE1#show ip route static
< text omitted >
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected,

GigabitEthernet0/0
Task 3: Configure PAT on CE Router

In this task, you will configure Port Address Translation on the CE router. The CE router
Gigabit Ethernet 0/1 will be used as the internal interface and Gigabit Ethernet 0/0 will be used
as the external interface.
Activity Procedure
Step 1 Create a standard access list permitting network hosts from the 192.168.255.0/24
network.
Step 2 On the CE router in your pod, configure PAT so that network hosts from the
192.168.1.0/24 network will translate to the IP address of interface Gigabit Ethernet
0/0.
Step 3 Configure Gigabit Ethernet 0/1 as the inside interface and Gigabit Ethernet 0/0 as
the outside NAT interface.
Step 4 From the CE router in your pod, ping the PE router Gigabit Ethernet 0/0/0/0
interface using the source IP address of Gigabit Ethernet 0/1 interface. The ping
should be successful.
CE1#ping 192.168.101.10 source GigabitEthernet0/1

Sending 5, 100-byte ICMP Echos to 192.168.101.10,
timeout is 2 seconds:
Packet sent with a source address of 192.168.255.1
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 1/1/4 ms

Verify the NAT translation. The output that shows the NAT translation should be similar to
the following:
CE1#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
icmp 192.168.101.11:3 192.168.255.1:3
192.168.101.10:3 192.168.101.10:3
CE2#show ip nat translations
Pro Inside global Inside local Outside local
Outside global
icmp 192.168.102.21:3 192.168.255.1:3
192.168.102.20:3 192.168.102.20:3
Lab 4-2: Configure Data Link Layer Encapsulation
Activity Objective
In this activity, you will configure a POS interface on the PE router. You will also implement
and troubleshoot PPP on the POS interface. After completing this activity, you will be able to
meet these objectives:
Configure a POS interface
Configure PPP on the POS interface
Troubleshoot PPP configuration
Visual Objective
Team z Team z+2

CEx Pod x PEx P1 PEx+2 Pod x+2 CEx+2
Pod y Pod y+2
CEy PEy P2 PEy+2 CEy+2
Configure POS interface
Enable PPP encapsulation
Legend: Gi
Gi
Fa
OC3 POS
OC3 POS
Required Resources
An SSH client that is installed on the PC

Command List
Cisco IOS XE Commands
Command Description

startup-config
clock source {line | Sets the clock source to the interface
internal | loop-timed}
crc size Sets the length of the cyclic redundancy check
debug ppp authentication Enables debug of PPP authentication
debug ppp negotiation Enables debug of PPP negotiation
encapsulation encapsulatio Sets the interface encapsulation method

n-type
ip address ip-address mask Sets an IP address for an interface
keepalive [seconds] Sets the keepalive timer for a specific interface
no shutdown Enables the router interface

ppp authentication {chap | Enables authentication of the remote PPP peer
ms-chap | ms-chap-v2 | eap
|pap} [callin]
show controllers Displays information about controllers on the router
show ip interface brief Displays interface status and IPv4 addresses configured
username name {nopassword Sets the username for establishing a username-based

| password password | authentication system
password encryption-type
encrypted-password}
Task 1: Configure a POS Interface on the PE Router
In this task, you will configure a POS interface on pod PE (Cisco IOS XE Software) router. The
PE (IOS XE) routers from two teams are connected with the POS interface.
Activity Procedure
Step 1 On your pod PE router (Cisco IOS XE Software), use the show controllers
command to verify what framing type POS interfaces are using. The default framing
type should be SONET:
PE2#show controllers pos 0/2/0 | include Framing
Framing: SONET
PE2#show controllers pos 0/2/1 | include Framing
Framing: SONET
Step 2 On your pod PE router (Cisco IOS XE Software), enable the POS interfaces and set
the IP address. The IP addresses can be found in the Job Aids.
Step 3 On your pod PE router (Cisco IOS XE Software), POS interfaces set a keepalive
interval to 5 seconds.
Step 4 On your pod PE router (Cisco IOS XE Software), POS interfaces set the clock
source for both interfaces. The teams 1 and 3 (PE2 and PE6 routers) will set clock
source to internal, teams 2 and 4 (PE4 and PE8) will set clock source to line.
Step 5 On your pod PE router (Cisco IOS XE Software), POS interfaces set CRC to 32 bits.
Note Regarding the FCS length, with one exception, the 32-bit FCS must be used for all
SONET/SDH rates. For Synchronous Transport Signal (STS)-3c- Systems Process
Engineering (SPE)/VC-4 only, the 16-bit FCS may be used, although the 32-bit FCS is
recommended. The FCS length is set by provisioning and is not negotiated.
On the PE router (Cisco IOS XE Software) in your pod, verify the interface status. The
status of both POS interfaces should be up and running with configured IP addresses.
PE2#show ip interface brief | include POS
POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
When you check controller status, the framing should be set to SONET, and clock source
should be set to internal or line:
PE2#show controllers pos 0/2/0 | include Framing|Clock
source
Framing: SONET
Clock source: internal
source
Framing: SONET
Clock source: internal
source
Framing: SONET
Clock source: line
source
Framing: SONET
Clock source: line
Verify POS interface encapsulation (HDLC), CRC (32 bits) and keepalive interval (5
seconds):
PE2#show int pos 0/2/0 | include line
protocol|Encapsulation|Keepalive
POS0/2/0 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
PE2#show int pos 0/2/1 | include line
protocol|Encapsulation|Keepalive
POS0/2/1 is up, line protocol is up
Encapsulation HDLC, crc 32, loopback not set
Task 2: Configure PPP on POS Interface

In this task, you will configure PPP encapsulation on the POS interfaces.
Activity Procedure
Step 1 On your pod PE router (Cisco IOS XE Software), POS interfaces set encapsulation
to PPP.
Note If interfaces do not show up, wait while your partner team finishes configuration and then
check again.
Step 2 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 3 On your pod PE router (Cisco IOS XE Software), administratively disable the POS
0/2/0 interface and then enable it again.
Step 4 Observe debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:32:37.848: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:32:37.848: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:32:37.848: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:32:37.849: PPP: Alloc Context [7F5336CD3628]
*Sep 21 23:32:37.849: ppp3 PPP: Phase is ESTABLISHING
*Sep 21 23:32:37.849: PO0/2/0 PPP: Using default call direction
*Sep 21 23:32:37.849: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:32:37.849: PO0/2/0 PPP: Session handle[43000003] Session id[3]
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.849: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 14
*Sep 21 23:32:37.849: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.849: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.849: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:32:37.853: PO0/2/0 LCP: I CONFREQ [REQsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xB982CB71 (0x0506B982CB71)
*Sep 21 23:32:37.853: PO0/2/0 LCP: O CONFACK [REQsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xB982CB71 (0x0506B982CB71)
*Sep 21 23:32:37.853: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:32:37.853: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 14
*Sep 21 23:32:37.853: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep
21 23:32:37.853: PO0/2/0 LCP: MagicNumber 0xBA03CC66 (0x0506BA03CC66)
*Sep 21 23:32:37.853: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:32:37.864: PO0/2/0 PPP: Queue IPCP code[1] id[1]
*Sep 21 23:32:37.880: PO0/2/0 PPP: No authorization without authentication
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is FORWARDING, Attempting Forward
*Sep 21 23:32:37.880: PO0/2/0 LCP: State is Open
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is ESTABLISHING, Finish LCP
*Sep 21 23:32:37.880: PO0/2/0 PPP: Phase is UP
*Sep 21 23:32:37.880: PO0/2/0 IPCP: Protocol configured, start CP.
state[Initial]
*Sep 21 23:32:37.880: PO0/2/0 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:32:37.881: PO0/2/0 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Address 192.168.211.20 (0x0306C0A8D314)
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:32:37.881: PO0/2/0 PPP: Process pending ncp packets
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Redirect packet to PO0/2/0
*Sep 21 23:32:37.881: PO0/2/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Sep 21 23:32:37.881: PO0/2/0 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]7.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS0/2/0,
changed state to up
*Sep 21 23:32:37.882: PO0/2/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Sep 21 23:32:37.882: PO0/2/0 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:32:37.912: PO0/2/0 IPCP: State is Open
*Sep 21 23:32:37.912: PO0/2/0 Added to neighbor route AVL tree: topoid 0,
address 192.168.211.40
*Sep 21 23:32:37.912: PO0/2/0 IPCP: Install route to 192.168.211.40
*Sep 21 23:32:37.850: %LINK-3-UPDOWN: SIP0/2: Interface POS0/2/0, changed
state to up
Step 5 On your pod PE router (Cisco IOS XE Software), turn off debugging.

Step 6 On your pod PE router (Cisco IOS XE Software), POS interfaces enable two-way
CHAP authentication. Authenticate routers with their hostnames and set the
password to cisco.
Note During this process, your POS interfaces will fall into the down state because one of the
sides is not temporarily configured for CHAP authentication. Wait while your partner team
finishes configuration and then proceed.
Step 7 On your pod PE router (Cisco IOS XE Software), enable PPP negotiation and PPP
authentication debugging.
Step 8 On your pod PE router (Cisco IOS XE Software), administratively disable the POS
0/2/0 interface and then enable it again.
Step 9 Observe the debug output and successful negotiation of the PPP connection.
PE2(config-if)#
*Sep 21 23:44:26.755: PO0/2/0 PPP: Fast Starting
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing FastStart message
*Sep 21 23:44:26.755: %LINK-3-UPDOWN: Interface POS0/2/0, changed state to up
*Sep 21 23:44:26.755: PO0/2/0 PPP: Sending cstate UP notification
*Sep 21 23:44:26.755: PO0/2/0 PPP: Processing CstateUp message
*Sep 21 23:44:26.756: PPP: Alloc Context [7F5336CD2DB8]
*Sep 21 23:44:26.756: ppp22 PPP: Phase is ESTABLISHING
*Sep 21 23:44:26.756: PO0/2/0 PPP: Using default call direction
*Sep 21 23:44:26.756: PO0/2/0 PPP: Treating connection as a dedicated line
*Sep 21 23:44:26.756: PO0/2/0 PPP: Session handle[98000018] Session id[22]
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFREQ [Starting] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: AuthProto CHAP (0x0305C22305)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFREQ [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: O CONFACK [REQsent] id 5 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xB98D7F00 (0x0506B98D7F00)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.756: PO0/2/0 LCP: I CONFACK [ACKsent] id 1 len 19
*Sep 21 23:44:26.756: PO0/2/0 LCP: MRU 4470 (0x01041176)
*Sep 21 23:44:26.756: PO0/2/0 LCP: MagicNumber 0xBA0E9DC1 (0x0506BA0E9DC1)
*Sep 21 23:44:26.756: PO0/2/0 LCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.776: PO0/2/0 PPP: Phase is AUTHENTICATING, by both
*Sep 21 23:44:26.776: PO0/2/0 CHAP: O CHALLENGE id 1 len 24 from "PE2"
*Sep 21 23:44:26.776: PO0/2/0 LCP: State is Open
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I CHALLENGE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP SENDAUTH Request
*Sep 21 23:44:26.787: PO0/2/0 CHAP: I RESPONSE id 1 len 24 from "PE4"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Sep 21 23:44:26.787: PO0/2/0 PPP: Sent CHAP LOGIN Request
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received SENDAUTH Response PASS
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using hostname from configured hostname
*Sep 21 23:44:26.787: PO0/2/0 CHAP: Using password from AAA
*Sep 21 23:44:26.787: PO0/2/0 CHAP: O RESPONSE id 1 len 24 from "PE2"
*Sep 21 23:44:26.787: PO0/2/0 PPP: Received LOGIN Response PASS
*Sep 21 23:44:26.787: PO0/2/0 IPCP: Authorizing CP
*Sep 21 23:44:26.787: PO0/2/0 IPCP: CP stalled on event[Authorize CP]
*Sep 21 23:44:26.787: PO0/2/0 IPCP: CP unstall
*Sep 21 23:44:26.788: PO0/2/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 21 23:44:26.788: PO0/2/0 CHAP: O SUCCESS id 1 len 4
*Sep 21 23:44:26.795: PO0/2/0 CHAP: I SUCCESS id 1 len 4
*Sep 21 23:44:26.795: PO0/2/0 PPP: Phase is UP
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Protocol configured, start CP.
state[Initial]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[UP] State[Starting to REQsent]
*Sep 21 23:44:26.795: PO0/2/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Start. Her address 192.168.211.40,
we want 0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Reject 192.168.211.40, using
0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP AUTHOR: Done. Her address 192.168.211.40,
we want 0.0.0.0
*Sep 21 23:44:26.795: PO0/2/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Sep 21 23:44:26.795: PO0/2/0 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Sep 21 23:44:26.796: %LINEPROTO-5-UPDOWN: Line protocol on Interface
POS0/2/0, changed state to up
*Sep 21 23:44:26.796: PO0/2/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Sep 21 23:44:26.796: PO0/2/0 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Sep 21 23:44:26.808: PO0/2/0 IPCP: State is Open
*Sep 21 23:44:26.808: PO0/2/0 Added to neighbor route AVL tree: topoid 0,
address 192.168.211.40
*Sep 21 23:44:26.808: PO0/2/0 IPCP: Install route to 192.168.211.40
*Sep 21 23:44:27.440: %LINK-3-UPDOWN: SIP0/2: Interface POS0/2/0, changed
state to up
Step 10 On your pod PE (Cisco IOS XE Software) router, turn off debugging.
On your pod PE router (Cisco IOS XE Software), verify the POS interfaces status.
PE2#show ip interface brief | include POS

POS0/2/0 192.168.211.20 YES manual up
up
POS0/2/1 192.168.212.20 YES manual up
up
On your pod PE router (Cisco IOS XE Software), verify the POS interfaces encapsulation,
which should be PPP:
PE2#show interface pos 0/2/0 | include Encapsulation
Encapsulation PPP, LCP Open
PE2#show interface pos 0/2/1 | include Encapsulation
Encapsulation PPP, LCP Open
On your pod PE router (Cisco IOS XE Software), verify IP connectivity to the neighbor PE
router POS interface by using the ping command:
PE2#ping 192.168.211.40

!!!!!
PE2#ping 192.168.212.40

!!!!!
PE4#ping 192.168.211.20
!!!!!
PE4#ping 192.168.212.20
!!!!!
Lab 5-1: Configure Network Management Tools
Activity Objective
In this lab activity, you will discover neighboring devices using Cisco Discovery Protocol and
configure host logging. In the second part of the lab activity, you will use NTP to acquire the
correct time on devices using NTP, and configure IP SLA.
After completing this activity, you will be able to meet these objectives:
Configure and verify Cisco Discovery Protocol
Configure logging
Configure and verify NTP
Configure and verify IP SLA
Visual Objective
Team z
CEx Pod x SWx PEx
CDP
NTP client CDP NTP server
Configure IP SLA
Configure host logging
CDP
SWxy
CDP
NTP client CDP NTP server
CEy Pod y SWy PEy
CDP = Cisco Discovery Protocol

Required Resources

Command List
Command Description
cdp run Enables CDP globally in global configuration mode.
copy running-config startup- Saves the running configuration

config

logging buffered [severity] Copies logging messages to the logging buffer
logging console [severity] Enables logging to the console
ntp server ip_address Forms a server NTP association in global

configuration mode
show cdp neighbors Displays detailed information about neighboring

devices discovered using Cisco Discovery Protocol
show cdp neighbors interface Displays additional details about neighbors,

detail including network addresses, enabled protocols,
and software version
show interfaces Displays interface information
show logging Displays the state of system logging and the

contents of the system logging buffer
show ntp associations Displays the status of NTP associations
show ntp status Displays the status of NTP
Command Description
cdp Enables Cisco Discovery Protocol globally or per

interface

config
destination address ip_address Specifies the destination IP address for ICMP echo
operation
enable Enters router privilege mode
frequency seconds Defines frequency of IP SLA probes, in seconds
interface interface disable Disables NTP services on the specified interface in

NTP configuration mode
Command Description

ipsla Enters IP SLA configuration mode
life forever Defines that IP SLA operation runs indefinitely
logging buffered [severity] Copies logging messages to the logging buffer
logging console [severity] Enables logging to the console
master stratum Makes the router an authoritative NTP server
ntp Enters NTP configuration mode
operation operation_number Specifies the operation number for IP SLA
ping ip_address Verifies connectivity of the IP address
schedule operation Enters schedule operation mode

operation_number
show cdp neighbors Displays detailed information about neighboring
devices discovered using Cisco Discovery Protocol
show cdp neighbors interface Displays additional details about neighbors,

detail including network addresses, enabled protocols,
and software version
show interfaces Displays interface information
show ipsla statistics Displays operational data and latest statistics for the
operation_number IP SLA operation
show logging Displays the state of system logging and the

contents of the system logging buffer
start-time now Defines that IP SLA operation starts immediately
type icmp echo Defines ICMP echo operation type
Task 1: Configure and Verify Cisco Discovery Protocol

In this task, you will configure and verify Cisco Discovery Protocol. You will discover
neighbors of your pod switch using Cisco Discovery Protocol.
Activity Procedure
Complete these steps on the pod switch:
Step 1 On the pod switch and shared team switch, enable Cisco Discovery Protocol
globally.
Note Remember that on Cisco ME switches, Cisco Discovery Protocol is enabled by default only
on NNI ports. Ports Fast Ethernet 0/2, Fast Ethernet 0/21, Fast Ethernet 0/22, Fast Ethernet
0/23 on your pod switch should be configured as NNI ports.
Step 2 On the pod PE router, enable Cisco Discovery Protocol globally and on the first
Gigabit Ethernet interface.

Verify neighbors of your pod switch:
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID

SW12 Fas 0/23 135 S I ME-3400E- Fas 0/23
SW2.cisco.com Fas 0/22 134 S I ME-3400E- Fas 0/22
SW2.cisco.com Fas 0/21 134 S I ME-3400E- Fas 0/21
PE1.ciscolab.com Fas 0/2 128 R ASR9K Ser Gig
0/0/0/0
Mgmt-S1 Fas 0 124 S I WS-C3560G Gig 0/1
From the pod switch, verify pod PE router software version and IP address using Cisco
Discovery Protocol:
SW1#show cdp neighbors FastEthernet 0/2 detail
-------------------------
Device ID: PE1.ciscolab.com
Entry address(es):
IP address: 192.168.101.10
Platform: cisco ASR9K Series, Capabilities: Router
Interface: FastEthernet0/2, Port ID (outgoing port): GigabitEthernet0/0/0/0
Holdtime : 164 sec
Version :
Cisco IOS XR Software, Version 4.1.0[Default]
Copyright (c) 2011 by Cisco Systems, Inc.
advertisement version: 2
Duplex: full
Management address(es):
Task 2: Configure Logging

In this task, you will configure logging to the router console and logging buffer.
Activity Procedure
Step 1 On the pod PE router, configure logging. Messages with all severities should be
logged, including debugging severity.
Step 2 On the pod PE router, configure logging to the logging buffer. Messages with all
severities but debugging should be logged.
On the pod PE router, clear the content of the logging buffer.
RP/0/RSP0/CPU0:PE1#clear logging
Fri Jul 7 14:52:59.185 UTC
Clear logging buffer [confirm] [y/n] :y
RP/0/RSP0/CPU0:PE1#
PE2#clear logging
Clear logging buffer [confirm] < Enter >
PE2#
On the pod PE router, enable the second Gigabit Ethernet interface.
RP/0/RSP0/CPU0:PE1(config)#interface GigabitEthernet 0/0/0/1
RP/0/RSP0/CPU0:PE1(config-if)#no shutdown
RP/0/RSP0/CPU0:PE1(config-if)#commit
PE2(config)#interface GigabitEthernet 0/0/1

PE2(config-if)#no shutdown
On the pod PE router, verify that you received messages on the console about the state of
this interface going down and later up, when your neighbor pod enables interface on their
PE router.
PE1 (Cisco IOS XR Software) output:
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINK-3-UPDOWN :
Interface GigabitEthernet0/0/0/1, changed state to Down
LC/0/0/CPU0:Jul 7 14:58:19.925 : ifmgr[189]: %PKT_INFRA-LINEPROTO-5-UPDOWN :
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Down
RP/0/RSP0/CPU0:Jul 7 14:58:21.507 : config[65728]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000270' to view the changes.
RP/0/RSP0/CPU0:PE1(config-if)#LC/0/0/CPU0:Jul 7 14:58:39.714 : ifmgr[189]:
%PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to
Up
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Up
PE2 (Cisco IOS XE Software) output:

*Sep 22 16:00:20.218: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed
state to down
PE2(config-if)#
*Sep 22 16:00:20.628: %LINK-3-UPDOWN: SIP0/0: Interface GigabitEthernet0/0/1,
changed state to down
PE2(config-if)#
state to up
GigabitEthernet0/0/1, changed state to up
changed state to up
On the pod PE router, verify that you received the same messages to the logging buffer:
RP/0/RSP0/CPU0:PE1#show logging
Fri Jul 7 15:05:47.791 UTC
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 91 messages logged
Monitor logging: level debugging, 0 messages logged
Trap logging: level informational, 0 messages logged
Buffer logging: level informational, 11 messages logged
Log Buffer (307200 bytes):

LC/0/0/CPU0:Jul 7 14:58:03.946 : ifmgr[189]: %PKT_INFRA-LINK-5-CHANGED :
Interface GigabitEthernet0/0/0/10, changed state to Administratively Down

Interface GigabitEthernet0/0/0/1, changed state to Up
Line protocol on Interface GigabitEthernet0/0/0/1, changed state to Up
RP/0/RSP0/CPU0:Jul 7 15:05:43.689 : config[65728]: %MGBL-SYS-5-CONFIG_I :
Configured from console by root
PE2#show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 623 messages logged, xml disabled,

filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level informational, 624 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 157 message lines logged
Log Buffer (4096 bytes):

state to down
changed state to down
state to up
GigabitEthernet0/0/1, changed state to up
changed state to up
*Sep 22 16:08:00.016: %SYS-5-CONFIG_I: Configured from console by console
Task 3: Configure and Verify NTP

In this task, you will configure your pod PE router as the authoritative NTP server and your pod
CE router as an NTP client. The NTP client will synchronize the clock with the PE router.
Activity Procedure
Step 1 Make the pod PE router as the authoritative stratum 1 NTP server and disable all
NTP services on the second Gigabit Ethernet interface.
Step 2 Enable the pod CE router to synchronize the clock to the NTP server.
Note NTP synchronization may take up to 10 minutes.
Verify that the pod CE router clock is synchronized with the clock of the pod PE router.
CE1#show ntp associations
address ref clock st when poll reach delay offset disp

*~192.168.101.10 .LOCL. 1 33 64 17 2.364 0.166 939.07
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
On the pod CE router, verify status of NTP.
CE1#show ntp status
Clock is synchronized, stratum 2, reference is 192.168.101.10
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24
reference time is BD1090C4.A8525CDC (17:24:20.657 UTC Fri Jul 7 2000)
clock offset is 0.1667 msec, root delay is 2.36 msec
root dispersion is 943.34 msec, peer dispersion is 939.07 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 64, last update was 37 sec ago.
Task 4: Configuring and Verifying IP SLA

In this task, you will configure IP SLA on the pod PE router, running Cisco IOS XR Software.
IP SLA will be used to monitor IP connections to the pod CE router by using the IP SLA ICMP
echo operation.
Activity Procedure
Step 1 On your pod PE router (Cisco IOS XR Software), use the IP SLA ICMP echo
operation number 432 to monitor IP connections to your pod CE router. IP SLA
ICMP echo probes should be sent every 30 seconds, starting now.
Note Wait for a few minutes and verify operational data and the latest statistics for the IP SLA
operation 432.
Verify connectivity from the pod PE router (Cisco IOS XR Software) to the pod CE router.
RP/0/RSP0/CPU0:PE1#ping 192.168.101.11
!!!!!
On the pod PE router (Cisco IOS XR Software), verify operational data and the latest
statistics for the IP SLA operation 432:
RP/0/RSP0/CPU0:PE1#show ipsla statistics 432
Entry number: 432
Modification time: 17:17:13.246 UTC Fri Jul 07 2000
Start time : 17:17:13.250 UTC Fri Jul 07 2000
Number of operations attempted: 3
Number of operations skipped : 0
Current seconds left in Life : Forever
Operational state of entry : Active

Connection loss occurred : FALSE
Timeout occurred : FALSE
Latest RTT (milliseconds) : 1
Latest operation start time : 17:18:13.457 UTC Fri Jul 07 2000
Latest operation return code : OK
RTT Values:
RTTAvg : 1 RTTMin: 1 RTTMax : 1
NumOfRTT: 1 RTTSum: 1 RTTSum2: 1
Note Use the Cisco IOS XR no ipsla schedule operation 432 and commit commands to clear
IP SLA operation 432.
Lab 5-2: Configure AAA
Activity Objective
In this lab activity, you will configure AAA authentication to authenticate the Telnet sessions to
the router using the local username database.
After completing this activity, you will be able to meet this objective:
Configure and verify AAA authentication to authenticate the Telnet sessions to the router
using the local database
Visual Objective
Team z
CEx Pod x PEx
AAA
Telnet
Pod y
AAA
CEy Telnet PEy
Required Resources

Command List
Command Description

config
aaa new-model Enables the AAA access control model in global

configuration mode
username name {nopassword | Establishes a username-based authentication

password password | password system in global configuration mode
encryption-type encrypted-
password}
aaa authentication login Sets AAA authentication at login in global
{default | list-name} { configuration mode
method1 [method2..
line [aux | console | tty | Identifies a specific line for configuration and enters
vty] line-number [ending-line- line configuration collection mode in global
number] configuration mode
login authentication {default Enables AAA authentication for logins in line

| list-name} configuration mode
Command Description
group {root-system | root-lr | Adds a user to a group in username configuration

netadmin | sysadmin | operator mode
| cisco-support | serviceadmin
| group-name}
line template template-name Specifies a user-defined line template and enters
line template configuration mode in global
configuration mode
login authentication {default Enables AAA authentication for logins in line

| list-name} template configuration mode
password password Creates a login password for a user in the username

configuration mode or line template configuration
mode
ping ip_address Verifies connectivity of IP address
telnet {ipv4 | ipv6} server Enables Telnet services on a networking device and
max-servers limit sets number of allowable Telnet sessions
transport input { all | none | Defines the transport protocols that can be used to
ssh | telnet } access the router in the appropriate line
configuration mode
Command Description
username user-name Configures a new user with a username and enters

username configuration mode in either global
configuration or administration configuration mode
vty-pool { default | eem | Creates a vty pool in global configuration mode

pool-name } first-vty last-vty
[ line-template { default |
template-name } ]
Task 1: Configure AAA Authentication

In this task, you will configure and verify AAA authentication to authenticate the Telnet
sessions to the router. Any user accessing PE via Telnet will be authenticated against the PE
local database using AAA.
Activity Procedure
Complete these steps on the pod PE router running Cisco IOS XR Software:
Step 1 On your pod PE router (Cisco IOS XR Software), enable Telnet services and set the
number of allowable Telnet sessions to 10.
Step 2 On your pod PE router (Cisco IOS XR Software), create a username user with
password user in local database and put the user in the sysadmin group.
Step 3 On your pod PE router (Cisco IOS XR Software), configure an authentication
method list. Name the method list vty-authen, which should use the local
username database method for vty (Telnet) authentication.
Step 4 On your pod PE router (Cisco IOS XR Software), configure a line user-defined
template, named Template, which allows only inbound Telnet connections for vty
lines 5 to 50.
Step 5 On your pod PE router (Cisco IOS XR Software), apply the authentication method
vty-authen to line template Template.
Complete these steps on the pod PE router running Cisco IOS XE software:
Step 6 On the pod PE router (Cisco IOS XE Software), enable the AAA access control
model.
Step 7 On the pod PE router (Cisco IOS XE Software), create a username user with the
password user in the local database.
Step 8 On the pod PE router (Cisco IOS XE Software), configure the authentication method
list. Name the method list vty-authen, which should use the local username database
method for vty (Telnet) authentication.
Step 9 On the pod PE router (Cisco IOS XE Software), apply the authentication method
vty-authen to vty lines from 0 to 4.
From the pod CE router, use Telnet to connect to your pod PE router. Log in using the
username that you created in the local database of the pod PE router:
CE1# telnet 192.168.101.10
Trying 192.168.101.10 ... Open
User Access Verification

Username: user
Password: <user>
RP/0/RSP0/CPU0:PE1#
CE2#telnet 192.168.102.20
Trying 192.168.102.20 ... Open
User Access Verification
Username: user
Password: <user>
PE2>
On the pod PE router, verify that a user with the username user is logged in:
PE1 (Cisco IOS XR)
RP/0/RSP0/CPU0:PE1#show users
Fri Jul 7 18:05:17.648 UTC
Line User Service Conns Idle Location
aux0/RSP0/CPU0 hardware 0 1d08h
* con0/RSP0/CPU0 root hardware 0 00:00:00
vty0 user telnet 0 00:01:57
192.168.101.11
PE2 (Cisco IOS XE)
PE2#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user idle 00:01:07 192.168.102.21
Interface User Mode Idle Peer Address

PO0/2/0 PE4 Sync PPP 00:00:01 192.168.211.40
PO0/2/1 PE4 Sync PPP 00:00:03 192.168.212.40
Answer Key
The correct answers and expected solutions for the lab activities that are described in this guide
appear here.
Lab 1-1 Answer Key: Verify Host IP Configuration

This lab activity has no answer key, since answers and verifications are performed during lab
procedure.
Lab 1-2 Answer Key: Configure Subnetting

When you complete this activity, your results will match the results here.
Task 1: Divide Address Space into Correctly Sized Subnets

Given a network 192.168.0.0/21 and maximum number of hosts, the completed table is shown
here.

per Subnet Address
300 192.168.0.0/23 510 192.168.1.255
200 192.168.2.0/24 254 192.168.2.255
150 192.168.3.0/24 254 192.168.3.255
100 192.168.4.0/25 126 192.168.4.127
50 192.168.4.128/26 62 192.168.4.191
40 192.168.4.192/26 62 192.168.4.255
20 192.168.5.0/27 30 192.168.5.31
Lab 2-1 Answer Key: Configuring Cisco Switches

When you complete this lab activity, device configuration and device outputs will be similar to
the results shown here, with differences that are specific to your pod.
Task 1: Boot Cisco ME340x Switch and Perform Basic Configuration

Step 1 Values gathered with running configuration from SW1 switch.
Parameter Value
Hostname SW1
Enable password Cisco
vty login password cisco
Step 2 Clearing SW1 switch configuration.

SW1#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm] <Enter>
[OK]
Erase of nvram: complete
SW1#reload
System configuration has been modified. Save? [yes/no]: no

Proceed with reload? [confirm] <Enter>
< text omitted >
Would you like to enter the initial configuration dialog? [yes/no]:no
Step 3 Basic configuration entered on the SW1 switch.
Switch>enable
Switch#configure terminal
Switch(config)#hostname SW1
SW1(config)#enable password cisco
SW1(config)#line con 0
SW1(config-line)#exec-timeout 0
SW1(config-line)#logging synchronous
SW1(config)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#end
SW1#copy running-config startup-config
Step 4 Configuring MOTD banner.
SW1(config)# banner motd # Access for authorized users only. Please enter your
username and password. #
Step 5 Configuring duplex and speed settings on inter-switch links.
SW1(config)#interface range FastEthernet 0/21 - 24
SW1(config-if)#duplex full
SW1(config-if)#speed 100
SW1(config-if)#no shutdown
SW2(config)# interface range FastEthernet 0/21 - 24


Step 6 Configuring duplex and speed settings on pod 1 and 2 switches for links connecting
to pod CE and PE routers.

Step 7 Configuring duplex and speed settings on pod router links connecting to your pod
switch.
CE1(config)#interface GigabitEthernet0/0
CE1(config-if)#duplex full
CE1(config-if)#speed 100
RP/0/RSP0/CPU0:PE5(config)#interface GigabitEthernet 0/0/0/0

RP/0/RSP0/CPU0:PE5(config-if)#speed 100
RP/0/RSP0/CPU0:PE5(config-if)#commit
CE2(config)#interface GigabitEthernet0/0
CE2(config-if)#duplex full
CE2(config-if)#speed 100
PE2(config)#interface GigabitEthernet0/0/0
PE2(config-if)#no negotiation auto
PE2(config-if)#duplex full
PE2(config-if)#speed 100
Step 8 Shut down interface Fast Ethernet 0/24 on SW1 and SW2 switches connecting to
shared SW12 switch.
SW1(config)#interface FastEthernet 0/24
SW1(config-if)#shutdown

SW2(config-if)#shutdown
Step 9 Change the port type of interfaces Gigabit Ethernet 0/1 and Gigabit Ethernet 0/2 to
UNI.
SW1(config)#interface range GigabitEthernet 0/1 - 2
SW1(config-if)#port-type uni


Step 10 Change the port type of interface Fast Ethernet 0/2 to NNI on SW1 and SW2
switches.
SW1(config-if)#port-type nni

Step 11 Change the port type to NNI on SW1, SW2, and SW12 switches.


Task 2: Enable SSH Access to the Switch

Step 1 Set management IP on logical interface vlan 1 on SW1, SW2, and SW12.
SW1(config)#interface vlan 1
SW1(config-if)#ip address 10.111.111.1 255.255.255.0
Step 2 Configure domain name on pod switch to cisco.com:

SW1(config)#ip domain name cisco.com
Step 3 Generate RSA key pair on the pod switch, which automatically enables SSH:

SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: <Enter>

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 01:27:03.250: RSA key size needs to be atleast 768 bits for ssh
version 2
*Mar 1 01:27:03.258: %SSH-5-ENABLED: SSH 1.5 has been enabled
Step 4 Specify username and password on pod switch local database:

SW1(config)#username cisco password cisco
Step 5 On the vty lines, select the local password checking from local database:
SW1(config)#line vty 0 15
SW1(config-line)#login local
Task 3: Verify STP Operation

There is no configuration needed to complete this task.
Task 4: Configuring EtherChannel

Step 1 EtherChannel configured on SW1 and SW 2 switches.
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1

SW2(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
Task 5: Configuring Port Security

Step 1 On SW1 switch enable port security feature for interface FastEthernet 0/1:
SW1(config-if)#switchport port-security
Step 2 On SW1 switch convert learned MAC address to sticky secure MAC address:
SW1(config-if)#switchport port-security mac-address sticky
Step 3 On SW1 switch define shutdown as action which interface will take if a
nonallowed MAC address attempts access interface FastEthernet 0/1:
SW1(config-if)#switchport port-security violation shutdown
Step 4 On SW1, SW2 and SW12 switches save configuration.
SW1# copy running-config startup-config
Destination filename [startup-config]? <Enter>
[OK]
0 bytes copied in 0.831 secs (0 bytes/sec)
SW1#

[OK]
SW2#

[OK]
SW12#
Lab 3-1 Answer Key: Configure Basic Router Configuration

When you complete this activity, your configuration will be similar to the results here, with
differences that are specific to your device, pod, or team:
Task 1: Boot Cisco Router and Perform Basic Configuration

During this task you need to enter the following commands:
Step 1 Values gathered from the running configuration on CE1 router.
CE1 Router Parameters
Parameter Value
Hostname CE1
VTY login password Cisco
Step 2 Clearing CE1 router configuration and reload.

CE1#erase startup-config
[confirm] <Enter>
[OK]
CE1#reload

<...output omitted...>
Step 3 Basic configuration entered on the CE1 router.
enable
configure terminal
hostname CE1
line con 0
exec-timeout 0
logging synchronous
line vty 0 15
password cisco
login
end
copy running-config startup-config
Step 4 Interface configuration entered on the CE1 router.

interface loopback 0

ip address 10.1.10.1 255.255.255.255
exit
interface gigabitethernet 0/0
ip address 192.168.101.11 255.255.255.0
no shutdown
Step 5 Values gathered from the running configuration on PE1 router running Cisco IOS
XR Software.
Cisco IOS XR PE1 Router Parameters
Parameter Value
Hostname PE1
Domain VRF default name ciscolab.com
Management interface and IP address MgmtEth0/RSP0/CPU0/0, 10.10.10.17/24
GigabitEthernet0/0/0/0 speed 100
Step 6 Clearing PE1 (Cisco IOS XR) router configuration and reload.
RP/0/RSP0/CPU0:PE1#configure terminal
RP/0/RSP0/CPU0:PE1(config)#commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: yes
RP/0/RSP0/CPU0:ios(config)#end
RP/0/RSP0/CPU0:ios#reload
Standby card not present or not Ready for failover. Proceed?[confirm] <Enter>
Preparing system for backup. This may take a few minutes especially for large
configurations.
Status report: node0_RSP0_CPU0: START TO BACKUP
Status report: node0_RSP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
Step 7 Configuration entered on the PE1 (Cisco IOS XR) router:

configure terminal
hostname PE1
cdp
domain vrf default name ciscolab.com
line con 0
exec-timeout 0
ipv4 address 10.1.1.1 255.255.255.255
interface mgmteth0/rsp0/cpu0/0
cdp
ipv4 address 10.10.10.17 255.255.255.0
no shutdown
interface gigabitethernet0/0/0/0
cdp
ipv4 address 192.168.101.10 255.255.255.0
speed 100
no shutdown
commit
Step 8 Values gathered from the running configuration on PE2 router running Cisco IOS
XE Software.
Cisco IOS XE PE2 Router Parameters
Parameter Value
Hostname PE2
VTY login password Cisco
Management interface and IP address GigabitEthernet0, 10.10.10.16/24
Step 9 Clearing PE2 (Cisco IOS XE) router configuration and reload.
PE2#erase startup-config
[confirm] <Enter>
[OK]
PE2#reload

<...output omitted...>
Step 10 Configuration entered on the PE2 (Cisco IOS XE) router.

enable
configure terminal
hostname PE2
line con 0
exec-timeout 0
logging synchronous
line vt 0 15
password cisco
login
cdp run
interface loopback0
ip address 10.2.1.1 255.255.255.0
interface gigabitethernet0/0/0
ip address 192.168.102.20 255.255.255.0
cdp enable
no negotiation auto
speed 100
duplex full
no shutdown
interface gigabitethernet0
ip address 10.10.10.16 255.255.255.0
cdp enable
no shutdown
Task 2: Basic EIGRP Configuration

Step 1 Configuration entered on the CE1, CE2, PE1 and PE2 routers:
Configuration entered on CE1 router:
router eigrp 1
network 192.168.101.0
network 10.1.10.0 0.0.0.255

Configuration entered on PE1 router:
router eigrp 1
address-family ipv4
exit
interface gigabitethernet 0/0/0/0
commit
Configuration entered on CE2 router:

router eigrp 2
network 192.168.102.0
network 10.2.10.0 0.0.0.255
Configuration entered on PE2 router:

router eigrp 2
network 192.168.102.0
network 10.2.1.0 0.0.0.255
Lab 4-1 Answer Key: Implement Internet Connectivity

Task 1: Configure DHCP on CE Router

During this task, you need to enter the following commands:
Step 1 Assign IPv4 address to the GigabitEthernet0/1 interface and enable interface:
CE1 and CE2 routers:
ip address 192.168.255.1 255.255.255.0
no shutdown
SW12 switch:
interface range FastEthernet0/1 0/2
no shutdown
Step 2 In global configuration mode, exclude range of IPv4 addresses that will be omitted
in DHCP pool.
ip dhcp excluded-address 192.168.255.1 192.168.255.99
ip dhcp pool CE_pool
network 192.168.255.0 /24
dns-server 8.8.8.8
default-router 192.168.255.1
Step 3 Enable globally IPv6 routing:
ipv6 unicast-routing
Step 4 Creating IPv6 DHCP pool:
ipv6 dhcp pool CE_IPv6
dns-server 2001:db8:0:abcd::3
Step 5 Enabling IPv6 on interface:
interface GigabitEthernet 0/1
ipv6 enable
ipv6 address 2001:db8:0:abcd::1/48
Task 2: Configure Static Routing for Internet Access

During this task, you need to enter the following commands:
Step 1 Configuring the default route to the Internet:
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/0
Task 3: Configure PAT on CE Router

Step 1 Create standard access list permitting network hosts from 192.168.255.0/24
network:
access-list 10 permit 192.168.255.0 0.0.0.255
Step 2 Configuring PAT on CE router:

ip nat inside source list 10 interface
GigabitEthernet0/0 overload
Step 3 Configure inside and outside NAT interface:
ip nat inside
ip nat outside
Lab 4-2 Answer Key: Configure Data Link Layer Encapsulation

Task 1: Configure a POS Interface on the PE Router

Step 1 Enable POS interfaces and set IP addresses on the PE2 and PE4 routers:
PE2 router:
interface pos 0/2/0
ip address 192.168.211.20 255.255.255.0
no shutdown

interface pos 0/2/1
ip address 192.168.212.20 255.255.255.0
no shutdown
PE4 router:
interface pos 0/2/0
ip address 192.168.211.40 255.255.255.0
no shutdown
interface pos 0/2/1
ip address 192.168.212.40 255.255.255.0
no shutdown
Step 2 Set keepalive interval to 5 seconds:
PE2 and PE4 routers:
interface pos 0/2/0
keepalive 5
interface pos 0/2/1
keepalive 5
Step 3 Set clock source:

PE2 router:
interface pos 0/2/0
clock source internal
interface pos 0/2/1
clock source internal
PE4 router:
interface pos 0/2/0
clock source line
interface pos 0/2/1
clock source line
Step 4 Set CRC length:

interface pos 0/2/0
crc 32
interface pos 0/2/1
crc 32
Task 2: Configure PPP on POS Interface

Step 1 Set POS interface encapsulation to PPP:
interface pos 0/2/0
encapsulation ppp
interface pos 0/2/1
encapsulation ppp
Step 2 Enable debugging:
debug ppp negotiation
debug ppp authentication
Step 3 Disabling and enabling POS interface:
interface pos 0/2/0
shutdown
no shutdown
Step 4 Observe debugging.
Step 5 Turn off debugging:
undebug all
Step 6 Enable two-way CHAP authentication:
PE2 router:
username PE4 password cisco
interface pos 0/2/0
ppp authentication chap
interface pos 0/2/1
PE4 router:
username PE2 password cisco
interface pos 0/2/0
interface pos 0/2/1
Step 7 Enable debugging:
debug ppp negotiation
debug ppp authentication
Step 8 Disabling and enabling POS interface:
interface pos 0/2/0
shutdown
no shutdown
Step 9 Observe debugging.
Step 10 Turn off debugging:
undebug all

Lab 5-1 Answer Key: Configure Network Management Tools
Task 1: Configure and Verify Cisco Discovery Protocol

Step 1 Enable Cisco Discovery Protocol globally.
SW1, SW2, and SW12 switches:
cdp run
Step 2 Enable Cisco Discovery Protocol globally and on the interface:
PE1 (Cisco IOS XR):
cdp
interface GigabitEthernet0/0/0/0
cdp
!
commit
PE2 (Cisco IOS XE):
cdp run
!
interface GigabitEthernet0/0/0
cdp enable
Task 2: Configure Logging

Step 1 Configure logging to the console (including debugging severity):
PE1 (Cisco IOS XR):
logging console debugging
!
commit
PE2 (Cisco IOS XE):
logging console debugging
Step 2 Configure logging to the buffer (excluding debugging severity):
PE1 (Cisco IOS XR):
logging buffered informational
!
commit
PE2 (Cisco IOS XE):
logging buffered informational
Task 3: Configure and Verify NTP

Step 1 NTP server configuration and disabling all NTP services on interface:
PE1 (Cisco IOS XR):
ntp
interface GigabitEthernet0/0/0/1
disable
!
master 1
!
commit
PE2 (Cisco IOS XE):
interface GigabitEthernet0/0/1
ntp disable
!
ntp master 1
Step 2 NTP server configuration:
CE1 (Cisco IOS):
ntp server 192.168.101.10
CE2 (Cisco IOS):
ntp server 192.168.102.20
Task 4: Configure and Verify IP SLA

Step 1 IP SLA configuration on the pod PE router (Cisco IOS XR):
PE1 (Cisco IOS XR):
ipsla
operation 432
type icmp echo
destination address 192.168.101.11
frequency 30
!
!
schedule operation 432
start-time now
life forever
!
commit
Lab 5-2 Answer Key: Configure AAA

Task 1: Configure AAA Authentication

Complete these steps for configuring pod PE router running Cisco IOS XR.
Step 1 Enable telnet services.
PE1 (Cisco IOS XR):
telnet ipv4 server max-servers 10
!
commit
Step 2 Create user and put it into group.
PE1 (Cisco IOS XR):
username user
group sysadmin
password user
!
commit
Step 3 Configure authentication method list.
PE1 (Cisco IOS XR):
aaa authentication login vty-authen local
!
commit
Step 4 Configure a line user-defined template.
PE1 (Cisco IOS XR):
line template Template
transport input telnet

!
vty-pool my-pool 5 50 line-template Template
!
commit
Step 5 Apply authentication method to line template.
PE1 (Cisco IOS XR):
line template Template
login authentication vty-authen
!
commit
Step 6 Enable the AAA model.
PE2 (Cisco IOS XE):
aaa new-model
Step 7 Create user in local database:
PE2 (Cisco IOS XE):
username user password user
Step 8 Configure authentication method list.
PE2 (Cisco IOS XE):
aaa authentication login vty-authen local
Step 9 Apply authentication method to vty lines.
PE2 (Cisco IOS XE):
line vty 0 4
login authentication vty-authen
Appendix A: Lab Topology
Legend:
Gi
Fa
OC3 POS
Team 1 Team 2
P1
SW12 SW34
SW56 P2 SW78
Team 3 Team 4
2012 Cisco Systems, Inc. Lab Guide Appendix A 83

Team z
CEx Pod x SWx PEx
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0/2
P1
Gi0/0/0/0
Fa0/23
Gi0/1 Fa0/24 Gi0/0/0/1
Fa0/21 Gi0/0/0/3
Fa0/21
Fa0/22 Fa0/22
Fa0/1
Fa0/2
Fa0/23
SWxy
Fa0/24
Fa0/21 Gi0/0/2
Fa0/23 Gi0/0/1
Gi0/1 Fa0/22
Fa0/24
Gi0/0/3
P2
Gi0/0 Fa0/1 Fa0/2 Gi0/0/0
POS0/2/0
CEy Pod y SWy PEy
POS0/2/1
POS0/2/0
Legend: Gi POS0/2/1
Fa Connections to
OC3 POS PE(y+2)
Team z 10.0.1.1
CEx Pod x SWx PEx
192.168.10x.0/24 192.168.10x.0/24 192.168.x1.0/24
P1
.x1 .x0 .x0 .1
10.xy.0.1 .x0 .1 .1
.x0 .1
10.x.10.1 10.x.0.1 10.x.1.1
192.168.1.0/24
192.168.2.0/24
192.168.1xy.0/24
10.y.10.1 SWxy 10.y.0.1 10.y.1.1
.y0 .2
.y0 .2 .2
.y1 .y0 .y0 .2
P2
192.168.10y.0/24 192.168.10y.0/24 192.168.y2.0/24
.y0
CEy Pod y SWy PEy .y0
10.0.2.1
z = 1,2,3,4
Legend: Gi
x = 1,3,5,7 192.168.2w2.0/24 192.168.2w1.0/24
Fa y = 2,4,6,8
OC3 POS w = 1 (for teams 1 and 2) Connections to
Loopback 2 (for teams 3 and 4) PE(y+2)
2012 Cisco Systems, Inc. Lab Guide Appendix A 85

Team 1 Team 2
10.10.10.14 10.10.10.11 10.10.10.17 10.10.10.25 10.10.10.19 10.10.10.22
P1
10.10.10.13 10.10.10.18 10.10.10.21
SW12 SW34
10.10.10.15 10.10.10.12 10.10.10.16 10.10.10.24 10.10.10.20 10.10.10.23

10.10.10.30 10.10.10.27 10.10.10.33 10.10.10.40 10.10.10.34 10.10.10.37
10.10.10.29 10.10.10.26 10.10.10.36
SW56 P2 SW78
10.10.10.31 10.10.10.28 10.10.10.32 10.10.10.39 10.10.10.35 10.10.10.38
Team 3 Team 4

SPNGN110LG

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

SPNGN110LG

Enviado por

Direitos autorais:

Formatos disponíveis

SPNGN1

Building Cisco Service Provider Next-

Text Part Number: 97-3129-01

2012 Cisco Systems, Inc. Lab Guide 3

2012 Cisco Systems, Inc. Lab Guide 5

Pod Access Information

Parameter Default value Value

Team number z=1 - 4

Pod number x=1, 3, 5, 7 or

Remote lab SSH access IP address 128.107.245.9

Remote lab SSH access username instr

Remote lab SSH access password testMe

Pod PE (Cisco IOS XR) router username root

Pod PE (Cisco IOS XR) router password 1ronMan

Pod CE, SW, and PE privileged level password cisco

CE2 Pod 2 SW2 PE2 PE4 SW4 Pod 4 CE4

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7

CE6 Pod 6 SW6 PE6 PE8 SW8 Pod 8 CE8

CEx Cisco 2900 pod router 10.x.10.1/32 2001:db8:10:x:10::1/128

PEx Cisco ASR 9000 or Cisco 10.x.1.1/32 2001:db8:10:x:1::1/128

SWx Cisco ME340x pod switch 10.x.0.1/32 2001:db8:10:x:0::1/128

SWxy Cisco ME340x pod switch 10.xy.0.1/32 2001:db8:10:xy:0::1/128

P1 Cisco ASR 9000 core router 10.0.1.1/32 2001:db8:10:0:1::1/128

P2 Cisco ASR 9000 core router 10.0.2.1/32 2001:db8:10:0:2::1/128

2012 Cisco Systems, Inc. Lab Guide 7

10.y.10.1 SWxy 10.y.0.1 10.y.1.1

10.10.10.13 10.10.10.18 10.10.10.21

CE5 Pod 5 SW5 PE5 PE7 SW7 Pod 7 CE7

10.10.10.29 10.10.10.26 10.10.10.36

Device IP Address Peer IP Address

CEx 192.168.10x.x1/24 PEx 192.168.10x.x0/24

CEy 192.168.10y.y1/24 PEy 192.168.10y.y0/24

PEx 192.168.1xy.x0/24 PEy 192.168.1xy.y0/24

PEx 192.168.x1.x0/24 P1 192.168.x1.1/24

PEy 192.168.y1.y0/24 P1 192.168.y1.1/24

PEx 192.168.x2.x0/24 P2 192.168.x2.2/24

PEy 192.168.y2.y0/24 P2 192.168.y2.2/24

PE2 192.168.211.20/24 PE4 192.168.211.40/24

PE2 192.168.212.20/24 PE4 192.168.212.40/24

PE6 192.168.221.60/24 PE8 192.168.221.80/24

PE6 192.168.222.60/24 PE8 192.168.222.80/24

Device Device IP Address Peer Peer IP Address

2012 Cisco Systems, Inc. Lab Guide 9

Perform forward and

Default gateway PING

ipconfig Displays current IP addresses, network mask, and default

ping Tests IP connectivity between hosts

nslookup Performs DNS lookups

Task 1: Verify IP Configuration of a Windows Host

2012 Cisco Systems, Inc. Lab Guide 11

Ping statistics for 192.168.1.1:

Ping statistics for 192.168.1.1:

2012 Cisco Systems, Inc. Lab Guide 13

Task 1: Divide Address Space into Correctly Sized Subnets

Required Number Subnet Maximum Subnet

2012 Cisco Systems, Inc. Lab Guide 15

2012 Cisco Systems, Inc. Lab Guide 17

Monitor boot procedure

banner motd # message # Defines and enables a message-of-the-day banner

channel-group number mode on Manually creates a port-channel interface

configure terminal Enters configuration mode

copy running-config startup- Saves running configuration

duplex {full | half | auto} Configures duplex operation on an interface in

Enable Enters router privileged mode