Labs CE

Do not delete this graphic elements in here:
Section 8
Lab Exercises
Module 1
Basic Configuration
Service Router Operating System (SROS)

All Rights Reserved © Alcatel-Lucent 2009
All Rights Reserved © 2009, Alcatel-Lucent
Section 8 Module 1 Page 1

Objectives
Lab Exercises Basic Configuration 812
Upon successful completion of this module, the student will be

familiar with CLI navigation and be able to perform the following
operations:
Log in to the system
Change the system time and date
Change the system name
Manipulate the BOF
Saving the configuration
Operate the File system
Activate the IOMs, MDAs, and ports


Introduction
Switch to notes view!
Lab Instruction Format
Note: The following information explains the format used for the labs and is for information
purposes only.
The CLI system prompt is shown in bolded text followed by # or $, for example:
Node#
or
Node>config>system>security#
The CLI command string is shown in unbolded text.
Node# show time ↵
The ↵ symbol indicates that the Enter All

key should
Rights Reserved ©be pressed.
Alcatel-Lucent 2009
As shown above, system commands such configure, show, security, etc. are shown as unbolded.
These commands can be typed in or partially typed in and completed by pressing the Tab,
Space or Enter key. Text that must be manually entered is shown delimited by the < and >
symbols.
Node# admin set-time <YYYY/MM/DD hh:mm> ↵
This indicates that the year, month, day, and time must be entered manually.
Note: Network nodes store the BOF and configuration files on Compact Flash 3 (CF3). Simulators
store the BOF file on the floppy drive (CF1); configuration files can be stored on CF1 or the
hard drive (CF2), if so equipped.
Try the help commands ( ? ) and auto-completion commands as much as possible. This will greatly
improve your CLI configuration skills and understandings.

Switch
Save thetoBOF
notes
andview!
Configuration File
Note: When a 7750 SR boots up, it will execute the bootloader (boot.ldr) on the Compact Flash
card CF3 (CF1 for a simulator), then load the BOF (bof.cfg), also on CF3 (CF1 for a simulator),
which indicates where to find the image (.tim files) and configuration files (.cfg files), installs
the management Ethernet and serial console port (default value 115200) and (de)activates
persistence, used for the SAM application.
1. View the BOF and verify the configuration and image files and their location on the flash cards
using the file structure. What is the image file used, and where is it stored?
PEx# show bof ↵

PEx# file ↵
PEx>file cf3: \# dir ↵
2. Create your personal directory that will contain your configuration file.
PEx>file cf3: \# md <your_directory> ↵
3. Change
Service the configuration
Router Operating System (SROS) file in theAllBOF to a filename of your choice in the directory created
Rights Reserved © Alcatel-Lucent 2009
in step 2.
PEx# bof ↵
PEx>bof# primary-config cf3:\<your_directory>\<your_filename>.cfg ↵
4. Activate persistence on the BOF
PEx>bof# persist on ↵
5. Save the BOF
PEx>bof# save ↵
PEx>bof# exit ↵
PEx#
6. Reboot
PEx# admin reboot ↵

Switch
Log In totoYour
notes view!
Node
1. Fill in the IP addresses of the management Ethernet ports and the port numbers of the network
ports for each PE in the network diagram drawing at the end of the module. Make sure these
Management IP-addresses, provided by the instructor, match the respective Node. You can ping
the address from you workstation and verify the activity on the management Ethernet port that
was assigned to you.
2. Check the wiring on the hardware to find the network port numbers.
3. Telnet from your workstation to your assigned Node using the management Ethernet port IP
address configured in the BOF.
Note: By default, Telnet is disabled. This means that the attempt to connect to the PE using
Telnet will fail. Use SSH to connect to your PE. The username and password is “admin”.
4. Verify your SSH connection. Can you see your connection? Does the Remote address match your
workstation’s IP-address?
Node# show system security ssh ↵

Node# show system connectionsAll ↵
Rights Reserved © Alcatel-Lucent 2009
5. After the SSH connection is established, enable the Telnet-server and retry Step 2. The Telnet
connection should now be allowed.
Node# configure ↵
Node>config# system ↵
Node>config>system# security ↵
Node>config>system>security# telnet-server ↵
6. Verify your configuration.
Node>config>system>security# info ↵
Note: The “info” command shows the most important, often non-default, settings within a
configuration context. The “info detail” command shows ALL settings, including the default,
within a configuration context.
7. Verify your Telnet connection (see step 4). What has changed in the Connections-list?

Switch
Set to notes
the Login view!
Settings
1. Disable the login idle timeout (default 30 minutes).
Node# configure system login-control idle-timeout 5 ↵

<minutes> : [1..1440]
<disable> : keyword
2. Set the number of incoming telnet sessions to the maximum.
Node# configure system login-control telnet inbound-max-sessions 7 ↵
Set the System Time and Date
1. Set the time and date to the local time and date. Verify your configuration.
Node# admin set-time <YYYY/MM/DD hh:mm> ↵

Service
Node# Router Operating
show System↵(SROS)
time
Change the System Name
1. Change the system name to PE<x> (<x> = your PE number).
Node# configure system name PE<x> ↵
Note: After you have successfully changed the system name the CLI system prompt will now
display the new system name.
PEx#

6.Switch
Save theto notes view!
configuration. What has changed to the prompt (Release 5)?
*PEx# admin save ↵
Note: The configuration will now be saved to the file and directory specified in step 3. Since the
BOF is now pointing to this file, this configuration will be loaded when the node boots.
7. Verify the new file created in your directory.
PEx# file ↵
PEx>file cf3: \# cd <your_directory> ↵
PEx>file cf3:\<your_directory>\# dir ↵
Note: The “ndx”-files are used for the SAM application software. These will only be created when
the persistence is turned on.
8. Change the backup configuration number to 3 and save the configuration 5 times in a row and
view the directory (see step 7), how many files have been created? How many old configuration
files are stored?
PEx# config system config-backup 3 ↵
8. Delete the old configuration files.
PEx>file cf3:\<your_directory>\# delete *.*.* ↵
Note: this command will only delete all the old configuration files, the most recent file will not
be removed. Press “y” for each file. Adding “force” to the command deletes the files without
asking for confirmation.

Switch to
Activate notes
the view!
IOMs, MDAs and MDA ports
1. Verify the state of the IOMs. How many IOMs are provisioned?
PEx# show card ↵
Note: The “show card detail” command provides more detail information and includes detail
information on the flash cards as well.
2. Provision the IOMs and verify the new state as shown in step 1. What is the state now?
PEx# configure card <1> ↵

PEx>config>card# card-type <equipped card-type> ↵
3. Verify the state of the MDAs. How many MDAs are provisioned?
PEx>config>card# show mda ↵
4. Provision the MDAs and verify the new state as shown in step 1. What is the state now?
PEx>config>card# mda <1> ↵
PEx>config>card>mda# mda-type <equipped mda-type> ↵
5. Verify the state of the ports. What is their state?
PEx# show port ↵
6. Enable the ports.
PEx# configure port <X/X/X> no shutdown ↵
Note: you can enable each port one by one, or use a range command to enable a series of ports.
PEx# configure port <X/X/[Y..Z]> no shutdown ↵
Note: The brackets denoting the range of ports. Auto-completion does not work after closing the
bracket.
7. Verify that all the ports shown in the network diagram are Administratively and Operationally
UP and are configured as network ports (mode) (see step 5). What is their MTU size?

End of Module
Lab Exercises Basic Configuration


Section 8
Lab Exercises
Module 2
Security Configuration


Objectives
Lab Exercises Security Configuration 822

familiar with the Security options and be able to perform the following:
Set the number of login attempts and lockout time
Change the default password
Create and apply a management access filter
Create a new user with a new profile


Set theSwitch
Numberto of
notes view!
Login Attempts and Lockout Time
Note: you can configure the number of login attempts allowed in a specified time period. If the
number of login attempts is exceeded, you will be locked out for a specified time.
1. Configure your node to allow three login attempts in a one minute time period. If the number of
log in attempts is exceeded within one minute, you will be locked out for one minute.
PEx# configure system security password ↵

PEx>config>system>security>password# attempts <3> time <1> lockout <1> ↵
PEx>config>system>security>password# exit all ↵
2. Logout and try to log in 4 times within a minute with a wrong password. See how long it takes
to be able to receive a new attempt.
PEx# logout ↵
Change the Default Password

1. Change the default password to “pass”.
Node# password ↵
Enter current password: <admin> ↵
Enter new password: <pass> ↵
Re-enter new password: <pass> ↵
new password does not meet system password policy
MINOR: CLI Failed to change password.
2. Find out why your new password was not accepted and make the necessary changes to allow
the new password.
Note: “pass” has only 4 letters.
PEx# show system security password-options ↵
3. When you have successfully changed the password, test it by logging out of the node and
logging back in using the new password.
Pex# configure system security password minimum-length 4 ↵

Switch
4. When you to noteschanged
have successfully view! the password, test it by logging out of the node and
logging back in using the new password.
PEx# logout ↵
Create a Management Access Filter
Note: The management access filter runs on the CPM’s Control Processor and affects traffic
terminating on a node.
1. Create a filter that allows only your and the instructor’s PC-workstation to SSH to your PE.
Note: Do NOT set the default-action to deny before permitting your workstation, or you will be
locked out after typing “y” since management access filter is instantly active.
PEx>config>system>security# management-access-filter ↵
PEx>config>system>security>mgmt-access-filter# default-action permit ↵
PEx>config>system>security>mgmt-access-filter# entry 10 ↵
PEx>config>system>security>mgmt-access-filter>entry# src-ip <IP address of
your PC workstation/32> ↵ All Rights Reserved © Alcatel-Lucent 2009
PEx>config>system>security>mgmt-access-filter>entry# dst-port <22> ↵
PEx>config>system>security>mgmt-access-filter>entry# action permit ↵
PEx>config>system>security>mgmt-access-filter>entry# back ↵
PEx>config>system>security>mgmt-access-filter# entry 20 ↵
PEx>config>system>security>mgmt-access-filter>entry# src-ip <IP address of
the instructor’s PC workstation/32> ↵
PEx>config>system>security>mgmt-access-filter>entry# action permit ↵
PEx>config>system>security>mgmt-access-filter>entry# back ↵
PEx>config>system>security>mgmt-access-filter># entry 30 ↵
PEx>config>system>security>mgmt-access-filter>entry# action deny ↵
PEx>config>system>security>mgmt-access-filter>entry# exit all ↵
2. Verify the management access filter configuration.
PEx# show system security management-access-filter ↵
3. Verify that only you can connect to your PE over the management access port, none of the
other students should be able to.

Create Switch
a New to notes
User withview!
No Configuration Authorization
1. Create a new user with your first name (password = your last name) and allow access through
console and ftp.
PEx>config>system>security# user <your_first_name> ↵

PEx>config>system>security>user$ password <your_last_name> ↵
PEx>config>system>security>user$ access console ↵
PEx>config>system>security>user$ access ftp ↵
PEx>config>system>security>user$ exit ↵
2. Create a profile that denies access to the “configure” menu.
PEx>config>system>security# profile <your_first_name> ↵

PEx>config>system>security>profile$ entry 10 ↵
PEx>config>system>security>profile>entry$ match <configure> ↵
PEx>config>system>security>profile>entry$ action deny ↵
PEx>config>system>security>profile>entry$ exit ↵
All Rights Reserved
PEx>config>system>security>profile# © Alcatel-Lucent 2009
default-action permit-all ↵
PEx>config>system>security>profile# exit all ↵
3. Apply the profile to your new user.
PEx# configure system security user <your_first_name> console member

<your_first_name> ↵
4. Create an admin-password, which will allow any user to enter a special administrative mode by
entering the enable-admin command.
PEx# configure system security password admin-password <secret> ↵
5. Log out of the router and log back in with the newly created user. Verify the inability to access
the “configure” menu. Then enable the admin rights for the user.
PEx# enable-admin ↵
Password: secret ↵

6. Verify Switch to notes

the users and profiles. view!
What indicates a user to be in admin mode?
PEx# show system security profile <your_first_name> ↵

PEx# show users ↵
7. Try to FTP to your dedicated node with the admin/admin login, and then with your new
user/password. Which one works? Why?


End of Module
Lab Exercises Security Configuration


Section 8
Lab Exercises
Module 3
Alarms and Logs


Objectives
Lab Exercises Alarms and Logs 832

familiar with LAG operation and be able to perform the following:
Create and delete event logs


LoggingSwitch to notes view!
1. Create two log files. File 1 will contain the Main event stream logs and File 2 will contain the
Security event stream. Set the rollover to 120 and the retention to 24.
PEx# configure log file-id <1> ↵

PEx>config>log>file-id$ description <“Main Stream Log File”> ↵
Note: Quotes are required when entering the description.
PEx>config>log>file-id$ location <cfX:> ↵

PEx>config>log>file-id$ rollover <120> retention <24> ↵
Note: <cfX:> = Can be cf1:, cf2: or cf3: depending on simulator versus Service Router.
Note: Rollover features configure how often an event or accounting log is rolled over. The
retention time specifies the amount of time the file should be retained on the system, based
on the creation time of the file. The retention time is used as a factor to determine which
files should be deleted first if the file system device nears 100% usage. When a log file is
rolled over, the current log file is closed and a new log file is created. Rollover time is
Serviceexpressed in minutes.
Router Operating Default is 1440, range is 60-2880. Retention time is expressed in hours.
System (SROS)
Default is 12, range is 1-500. All Rights Reserved © Alcatel-Lucent 2009
PEx# configure log file-id <2> ↵

PEx>config>log>file-id$ description <“Security Stream Log File”> ↵
PEx>config>log>file-id$ location <cfX:> ↵
Note: <cfX:> = Can be cf1:, cf2: or cf3: depending on simulator versus Service Router.
PEx>config>log>file-id$ rollover <120> retention <24> ↵
2. Verify the Log files.
PEx# show log file-id <1> ↵

PEx# show log file-id <2> ↵
Note: The file is not yet attached to an Log.

3. CreateSwitch to Direct
two log-ids. notes theview!
Main event stream logs to File 1 and the Security event stream
logs to File 2.
PEx# configure log log-id <1> ↵

PEx>config>log>log-id$ description <“Main Stream Log”> ↵
PEx>config>log>log-id$ from main ↵
PEx>config>log>log-id$ to file <1> ↵

PEx>config>log>log-id$ description <“Security Stream Log”> ↵
PEx>config>log>log-id$ from security ↵
PEx>config>log>log-id$ to file <2> ↵
4. Verify the contents of the log files. Verify their location on the compact flash cards.
PEx# show log log-id <X> ↵

PEx# file ↵
PEx>file cfX:\ # cd log ↵
PEx>file cfX:\log\ # dir ↵
Note: The file-ids 1 and 2 are now associated with a log file located on cfX: in a newly created
“log” directory. The file format is log<log-id><file-id>-<date>-<time> eg. log0101-20040130-
150447.
5. Create a log that prompts debugging messages on your telnet/SSH session.

PEx>log>log-id$ from debug-trace ↵
PEx>log>log-id$ to session ↵
PEx>log>log-id$ exit all ↵
PEx# debug router ip packet ↵
Note: Now all the IP packets will be shown briefly on the telnet/ssh session. To de-activate this,
type no debug.

6. CreateSwitch
and applyto notes
a filter view!
on log-id 1 that only records alarms greater then critical.
PEx# configure log filter <1> ↵

PEx>config>log>filter$ description <“Alarms greater than or equal to
major”> ↵
PEx>config>log>filter$ default-action drop ↵
PEx>config>log>filter$ entry 10 ↵
PEx>config>log>filter>entry$ match severity gte major ↵
PEx>config>log>filter>entry$ action forward ↵
PEx>config>log>filter>entry$ exit all ↵
Note: Now apply the filter to the log-id.
PEx# configure log log-id 1 ↵

PEx>config>log>log-id# filter 1 ↵
Note: To view the severity of all the possible alarms:
PEx# show log event-control ↵


End of Module
Lab Exercises Alarms and Logs


Section 8
Lab Exercises
Module 4
LAG Configuration


Objectives
Lab Exercises LAG Configuration 842

familiar with LAG operation and be able to perform the following:
Configure a LAG
Configure dynamic-cost
Configure a port-threshold
Test LAG robustness and behaviour


LAG Switch to notes view!
1. Connect two PE’s with three links and disable autonegotiate on the ports facing these links.
PEx# configure port <X/X/X> ethernet no autonegotiate ↵
Note: Repeat this for every port facing the links that will be included in the LAG.
2. Make sure these ports are not used by a router interface and create a LAG containing these
ports. Enable the global dynamic-cost and a port threshold of 1 which brings the LAG down.
PEx# configure lag <1> ↵

PEx>config>lag# port <X/X/X> ↵
Note: Repeat this for every port facing the links that will be included in the LAG.
PEx>config>lag# dynamic-cost ↵
PEx>config>lag# port-threshold 1 action down ↵

Note: Create one PE in the active LACP mode, the other one in the passive LACP mode.
PEx>config>lag# lacp active ↵

OR
PEx>config>lag# lacp passive ↵
3. Activate and verify the LAG.
PEx>config>lag# no shutdown ↵
PEx# show lag ↵
PEx# show lag <1> detail ↵

This page left blank intentionally.


End of Module
Lab Exercises LAG Configuration


Section 8
Lab Exercises
Module 5
System And Network Configuration


Objectives
Lab Exercises System And Network Configuration 852
Upon successful completion of this module, the student will be able

to provision system physical and logical interfaces and be able to
perform the following operations:
Configure the system and network interfaces
Ping a neighbor
Debug the ICMP and ARP messages


Switch to the
Configure notes view!Interface
System
Note: The system interface identifies each node within a network as a logical entity. It is a
loopback interface with no physical port assigned to it. This way, when a port should go down,
the system interface can still be available in the network.
1. Configure the System Interface (‘system’ is a fixed reserved name to identify the node in a
network topology).
PEx# configure router ↵

PEx>config>router# interface system ↵
PEx>config>router>if# address <X.X.X.X>/32 ↵
Note: <X.X.X.X> = your assigned PE number as shown on the lab diagram.
2. Verify the state of the configured system interface. Make sure that the interface is
administratively and operationally UP.
PEx# show router interface ↵

Configure the Network Interfaces
1. Configure the network interfaces as shown in the lab diagram.
PEx# configure router ↵

PEx>config>router# interface <topex> ↵
Note: Use a name that will easily identify the interface, for example <topex> where x is the PE
number of the neighboring router.
PEx>config>router>if# address <X.X.X.X/X> ↵

PEx>config>router>if# port <Y/Y/Y> ↵
Note: Use the IP-addresses and port numbers as shown on the lab diagram.
<X.X.X.X/X> = the IP-address and subnet mask of the interface.
<Y/Y/Y> = the port number of the interface.
2. Check the router interfaces, they should all be administratively and operationally UP.
PEx# show router interface ↵

Switch
Ping to notes view!
a neighbour
1. Verify the routing table that should now contain the locally attached networks, including the
system interface’s IP-address. What is the preference and metric of the locally connected
networks?
PEx# show router route-table ↵
Note: these local destinations were manually configured, no remote addresses are known at this
point.
2. Activate the debug-trace session for the ICMP and ARP packets.
PEx# configure log log-id 10 ↵

PEx>config>log>log-id$ from debug-trace ↵
PEx>config>log>log-id$ to session ↵
PEx# debug router ip arp ↵
Pex# debug router ip icmp ↵
Clear and view the ARP cache.

PEx# clear router arp all ↵
PEx# show router arp ↵
4. Ping the network interfaces of the neighbouring routers. Is the ping successful if you change the
source IP-address to your system address? If not, why not?
PEx# ping X.X.X.X ↵
Note: the ARP and ICMP messages are going in two directions and the router’s ARP cache will be
updated with a new entry.
5. Re-evaluate the ARP cache. What is the new entry? Where is this entry coming from, verify with
your neighbour.
Note: these messages will only be displayed for the duration of this session. To deactivate the
debug:
PEx# no debug ↵
Note: To see the MAC-address of a port:
PE<x># show port <X/X/X> detail ↵

End of Module
Lab Exercises System And Network Configuration


Section 8
Lab Exercises
Module 6
IGP Configuration


Objectives
Lab Exercises IGP Configuration 862

to configure the static and dynamic interior routing protocols on a
node and be able to perform the following operations:
Configure IS-IS
Influence metrics
Enable route redistribution using route policies


Switch to ISIS
Configure notes view!
Note: In this course only single hierarchical topologies are used. Disable OSPF when enabled.
1. Configure IS-IS using area 49.0051.
PEx# configure router isis ↵

PEx>config>router>isis# area-id 49.0051 ↵
2. Configure IS-IS on the system interface and all the network interfaces.
PEx>config>router>isis# interface system ↵

PEx>config>router>isis>if# back ↵
PEx>config>router>isis# interface <topex> ↵
(PEx>config>router>isis>if$ interface-type point-to-point ↵)
Note: It is common practice to configure the interfaces point-to-point rather than the default
broadcast to avoid the DIS overhead.
PEx>config>router>isis>if# back ↵
Note: The last 2 (3) lines must be entered for all the network interfaces.
PEx>config>router>isis# reference-bandwidth 100000000 ↵
Note: With this command the reference bandwidth can be set and the metrics of the links will be
calculated: reference-bandwidth/bandwidth (In OSPF this is done by default).
3. Special case for IS-IS: In regular IS-IS SPF operation, “narrow metrics” are used, meaning the
maximum metric value of any given link will be limited to 63, regardless of the result of
calculation in relation to the reference bandwidth given above.
To overcome this restriction, “wide metrics” can be enabled, which is an additional attribute
carried in the so called “traffic engineering TLVs (Type-Length-Value packet field formats).
Wide metric support necessitates the support for traffic engineering extensions on the IGP,
which is an optionally enabled feature. Some other uses of traffic engineering is discussed
further in the next MPLS section.
PEx>config>router>isis# traffic engineering ↵

PEx>config>router>isis# level 1 wide-metrics-only ↵
PEx>config>router>isis# level 2 wide-metrics-only ↵

4.Switch to configuration.
Verify your notes view!
PEx# show router isis status ↵
Note: this command shows the area-ids this node belongs to. There can be up to 3 area-ids
configured.
PEx# show router isis interface ↵
Note: There are 4 interfaces. The system interface has a metric of 0, all the links have a metric of
10 by default. A reference bandwidth can be configured (same as OSPF by default).
5. When all the nodes have finished step 3, view the ISIS forwarding database. Make sure all the
networks and system addresses are included and reachable, use Ping to verify. What is the
preference and metric to reach the other PEs?
PEx# show router route-table protocol isis ↵
6. View the Is-IS adjacency database.
PEx# show router isis adjacency ↵

7. View the IS-IS link state database.
PEx# show router isis database ↵
8. Turn on simple authentication (password) with a matching authentication key (choose one with
your neighbour).
PEx>config>router>isis>if# hello-authentication-type password ↵

PEx>config>router>isis>if# hello-authentication-key <your_password> ↵
Note: this configuration must match between neighbours’ interfaces or the adjacency will fail.
9. Debug the IS-IS packets. Perform a shut/no shut on IS-IS and evaluate the packets. What is the
difference between Hello-packets with and without authentication?
PEx# debug router isis packets ptop-hello detail ↵
10. Turn debug off.
PEx# no debug ↵

Metrics
1. Verify that the routing table contains all the destinations. What is the metric of the system
interface of the opposite router? Trace the route to this IP-address. What path is taken?
2. Adjust the metric of the outgoing interface used by the path in Step 1 to 5000.
PEx# configure router ospf area 0 interface <topex> metric 5000 ↵

PEx# configure router isis interface <topex> level 1 metric 5000 ↵
3. Repeat Step 1. What has changed?
Note: When a router learns more then one route to a certain destination, the best route will be
selected. First the preference of the routing protocol the destination was learned on is
compared and the lowest preference is selected. Then, if this routing protocol still offers
more then one route to the destination, the route with the lowest metric will be selected and
inserted into the routing table. The administrator can influence this process by changing the
preference and the metrics as demonstrated in this lab exercise (metric). When a prefix has
multiple routes with equal preferences and metrics, only one is selected except when ECMP is
activated.
4. Turn on ECMP up to 2 possible routes and evaluate the routing table once more. Are there
routes occurring twice in the routing table now? How is this possible?
PEx# configure router ecmp 2 ↵
5. Set the metrics back to the default value and disable ECMP.
PEx# configure router ospf area 0 interface <topex> no metric ↵

PEx# configure router isis interface <topex> level 1 no metric ↵
PEx# configure router no ecmp ↵

End of Module
Lab Exercises IGP Configuration


Section 8
Lab Exercises
Module 7
EFM Configuration


Objectives
Lab Exercises EFM Configuration 872

to perform the following operations:
EFM configuration


Switch
EFM to notes view!
configuration
1. Configure EFM
P1# configure port x/x/x

P1>config>port# ethernet efm-oam
P1>config>port>ethernet>efm-oam# transmit-interval 500 multiplier 5
P1>config>port>ethernet>efm-oam# no shutdown
Ensure EFM on both ends of the link is enabled, if not the interface will go down
2. Display EFM
P1# show port 1/1/1 ethernet efm-oam
===============================================
Ethernet Oam (802.3ah)
===============================================
Admin State : up All Rights Reserved © Alcatel-Lucent 2009
Oper State : operational

Mode : active
Pdu Size : 2047
Config Revision : 0
Function Support : LB
Transmit Interval : 50000 ms
Multiplier : 5
Tunneling : false
Peer Mac Address : 00:03:fa:91:1a:dc

Peer Vendor OUI : 00:16:4d
Peer Vendor Info : 00:00:00:00
Peer Mode : active
Peer Pdu Size : 2047
Peer Cfg Revision : 0
Peer Support : LB
Loopback State : None

Loopback Ignore Rx : Ignore

3. Switch
Configure to notes
Remote view!
Loopback
Enable ability to react to remote loopback OAMPDU’s (enable on both ends of the link)
P1# configure port 1/1/1
P1>config>port# ethernet efm-oam accept-remote-loopback
Initiate remote loopback
P1# oam efm 1/1/1 remote-loopback start
3. Results of remote loopback tests
P1>config>port>ethernet>efm-oam# show port 1/1/1 ethernet efm-oam
===============================================
Ethernet Oam (802.3ah)
===============================================
Admin State : up
Oper State : operational
Mode : active
Pdu Size : 2047
Config Revision : 1
Function Support : LB
Transmit Interval : 20000 ms
Multiplier : 5
Tunneling : false
Peer Mac Address : 00:03:fa:91:1a:dc

Peer Vendor OUI : 00:16:4d
Peer Vendor Info : 00:00:00:00
Peer Mode : active
Peer Pdu Size : 2047
Peer Cfg Revision : 1
Peer Support : LB
Loopback State : Remote Loopback

Loopback Ignore Rx : Process
When test is completed stop the test as during remote loopback test operation all other frames
except EFM OAMPDU’s are dropped (all protocol sessions will go down)
P1# oam efm 1/1/1 remote-loopback stop

End of Module
Lab Exercises EFM Configuration


Section 8
Lab Exercises
Module 7
MPLS Configuration


Objectives
Lab Exercises MPLS Configuration 882

to configure:
LDP


Switch to LDP
Configure notes view!
1. Enable and provision LDP on all your network interfaces.
PEx# configure router ldp ↵

PEx>config>router>ldp$ interface-parameters ↵
PEx>config>router>ldp>if-params$ interface <topex> ↵
PEx>config>router>ldp>if-params>if$ back ↵
Note: repeat the last 2 commands for all the network interfaces.
PEx>config>router>ldp# no shutdown ↵
Note: when LDP is enabled, by default targeted LDP is also enabled. This will be used later on by
the service and can be disabled at this point, but this is not necessary. It must be reactivated
later when Layer 2 VPN’s are configured.
2. Verify
Service the state
Router Operating of (SROS)
System the LDP
parameters.
All RightsHow
Reservedmany sessions
© Alcatel-Lucent 2009 are active? What is the label
distribution, the label retention and control mode? Are the interfaces up?
PEx# show router ldp status ↵

PEx# show router ldp discovery ↵
PEx# show router ldp session ↵
PEx# show router ldp parameters ↵
PEx# show router ldp interface ↵
3. Verify the Label Information Base (LIB). Why are some of the ingress and egress labels empty?
PEx# show router ldp bindings ↵
Note: By default LDP will signal labels for the system address of the PE. To have labels
distributed for directly connected networks, an export policy is needed (see Step 8).
4. Verify the Label Forwarding Information Base (LFIB). What label will your router use to send a
packet to the system address (FEC) of your own router, your clockwise router, your opposite
router and your counter clockwise router?
PEx# show router ldp bindings active ↵

5. Verify the LSP across the network.

PEx# oam lsp-ping prefix <X.X.X.X>/32 ↵
PEx# oam lsp-trace prefix <X.X.X.X>/32 ↵
Note: <X.X.X.X> = the IP-address of the system interface of your opposite router.
6. Change the metric of the IGP interface on the diagonal link to your opposite router to 5000 and
retry step 5. Why is the LSP trace different now?
7. Set the metric of the IGP back to it’s default value (no metric).
8. Export the directly connected networks into LDP with an export policy. Verify the LIB and LFIB.
Note: You can use the policy defined in the IGP Lab.
PEx>config>router>ldp# export <policy> ↵
9. Verify again the LIB and LFIB. Which additional entries do you see now in the databases?
PEx# show router ldp bindings active↵
10. Remove the export policy.
PEx>config>router>ldp# no export ↵

End of Module
Lab Exercises MPLS Configuration


Section 8
Lab Exercises
Module 8
Services Configuration


Objectives
Lab Exercises Services Configuration 892

Configure a customer
Configure an SDP
Perform an SDP Ping
Perform an SDP MTU Test
Mirror a Local Network Port
Mirror a Remote Network Port


Switch toa notes

Configure view!
Customer
1. Create two customers (100 and 200). Provide the customer a description, contact information and
a phone number.
Note: A customer is locally significant, but it is advisable to be consistent throughout the network
(SAM).
PEx# configure service customer 100 create ↵

Pex>config>service>cust# description <customer_name> ↵
Pex>config>service>cust# contact <customer_contact> ↵
Pex>config>service>cust# phone <customer_phone> ↵
Prepare the Ports
1. Change the port facing the customer (see lab diagram) to an access port.
configure port X/X/X ↵

PEx#
Pex>port# shutdown ↵
Pex>port# ethernet mode access ↵
Pex>port# no shutdown ↵
2. Change the Maximum Transmission Unit (MTU) size of each network port. What minimum value is
necessary?
Note: Since MPLS has been configured on the network interfaces, the port that supports that
interface must have its MTU changed to 1540 bytes. If GRE were used the MTU would have to
be changed to 1560. Configure the MTU size on both network ports on each of the nodes in your
network.
PEx# configure port <X/X/[1..4]> ethernet mtu 1600 ↵

PEx# show port <X/X> ↵

Switch toa notes

Configure view!of SDPs
full mesh
1. Configure a full mesh of SDPs to the other PEs in the network using LDP.
PEx# configure service sdp <1X> mpls create ↵

PEx>config>service>sdp$ far-end <X.X.X.X> ↵
PEx>config>service>sdp$ description <“SDP to PE X over LDP”> ↵
PEx>config>service>sdp$ ldp ↵
PEx>config>service>sdp$ no shutdown ↵
PEx>config>service>sdp$ exit all ↵
Note: Repeat the above steps for all the other PEs where X is the PE number.
2. Verify the configured SDPs.
PE# show service sdp (detail) ↵
Note: In case the SDPs are remaining in the operationally down state, check
Service Router Operating command
System (SROS) output carefully to look for some clues.
the detail All Rights Reserved © Alcatel-Lucent 2009

Switch
OAM to notes view!
Tools
Note: SDP Ping performs in-band uni-directional or round-trip connectivity tests on SDPs. The SDP
Ping OAM packets are sent in-band, in the tunnel encapsulation, so it will follow the same path
as traffic within the service. The SDP Ping response can be received out-of-band in the control
plane, or in-band using the data plane for a round-trip test.
1. Perform a uni-directional SDP Ping. What is the Path MTU? Why is there no Remote SDP-ID?
PEx# oam sdp-ping <XX> ↵
Note: You have tested the local SDP but have not performed a round-trip test.
<XX> is the local SDP.
2. Perform a round-trip SDP Ping Test. What is the Remote SDP-ID?
PEx# oam sdp-ping <XX> resp-sdp <YY> ↵
Note: This is a round-trip test, both directions are using the SDP.
<XX> is the local SDP and <YY> is the remote SDP.
3. Discover the MTU size supported over your SDPs. What is the MTU?
Note: The Path MTU Discovery tool provides a powerful tool that enables a service provider to get
the exact MTU supported between the service ingress and service termination points (accurate to
one byte). It is important to understand the MTU of the entire path end-to-end when
provisioning services, especially for virtual leased line (VLL) services where the service must
support the ability to transmit the largest customer packet.
PEx# oam sdp-mtu <XX> size-inc 1500 1600 step 10 ↵
Note: <XX> is the local SDP.

Switch
Local to notes
Mirror view!
Service
Note: The mirror service feature provides a way to capture packets from a port on a router, and
sends a copy of the traffic to another port on the same router or a port on a remote router
where they can be captured by a packet analyzer or sniffer. Each router can mirror packets from
a specific port or service to any destination point in the network, regardless of interface type or
speed.
1. Mirror locally a network port of your choice to your access port.
PEx# configure mirror ↵

PEx>config>mirror# mirror-dest 1000 create ↵
Note: The mirror destination defines a mirror service ID and a destination for copies of the packets.
The mirrored frame size that is to be transmitted to the mirror destination can be explicitly
configured by using slicing features. This enables mirroring only the parts needed for analysis.
PEx>config>mirror>mirror-dest$ sap X/X/X create ↵

Note: The SAP is your access port (see lab diagram).
PEx>config>mirror>mirror-dest>sap$ exit ↵
PEx>config>mirror>mirror-dest# no shutdown ↵
2. Verify that the mirror service is operational.
Pex# show mirror mirror-dest 1000 ↵
3. Mirror the ingress and egress traffic on a local network port, the mirror source. Use a sniffer
connected to the SAP to verify if the mirror service works.
PEx# debug mirror-source 1000 port X/X/X ingress egress ↵
4. Remove the local mirror service.
PEx# configure mirror mirror-dest 1000 shutdown ↵

PEx# configure mirror no mirror-dest 1000 ↵

SwitchMirror
Remote to notes view!
Service
Note: A port can be mirrored to any of the devices in the network. The mirrored frames are sent
from the source over an SDP service tunnel to a destination node, where they can be analyzed.
The mirror SDP uses static label assignments. This static label must match the static label that
you are going to assign on the remote node.
1. Configure your PE to accept mirrored frames from your clockwise neighbor.
PEx# configure mirror mirror-dest 1001 create ↵

PEx>config>mirror>mirror-dest# remote-source far-end <system address of
remote mirror source PE> ing-svc-label 2048 ↵
PEx>config>mirror>mirror-dest$ sap <X/X/X> create ↵
Note: A packet analyser (sniffer) can be connected on the SAP to monitor the
traffic.
PEx>config>mirror>mirror-dest>sap$ back ↵
PEx>config>mirror>mirror-dest# no shutdown ↵
2. Verify that the mirror service is operational.

PEx# show mirror mirror-dest 1001 ↵
3. Configure your PE as a remote mirror source for your opposite neighbour. Direct the ingress and
egress traffic from the source port to the SDP and assign an egress label.
Note: The mirror services uses an SDP as a tunnel for mirrored frames. Because the mirror service
only sends traffic in one direction, it is not strictly necessary to create a bi-directional SDP.
PEx# configure mirror mirror-dest 1002 create ↵

PEx>config>mirror>mirror-dest$ sdp <XX> egr-svc-label 2048 ↵
Note: <XX> is the SDP configured earlier to your counter clockwise
neighbour.
PEx>config>mirror>mirror-dest$ no shutdown ↵
PEx# debug mirror-source 1002 port X/X/X ingress egress ↵
4. Verify that the mirror service works.
PEx# show mirror mirror-dest 1002 ↵

End of Module
Lab Exercises Services Configuration


Section 8
Lab Exercises
Module 10
VPLS Configuration


Objectives
Lab Exercises VPLS Configuration 8 10 2

Configure a VPLS
Verify a VPLS


Switch
VPLS to notes view!
Configuration
1. Configure a VPLS service 600 according to the lab diagram at the end of this module.
Note: Remove the SAP from the ePipe service to use it for this lab exercise (VPLS service).
PEx# configure service vpls 600 customer 100 create ↵

PEx>config>service>vpls# sap <X/X/X>:0 create ↵
Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being
used on the port. Null encapsulation is used if there is only one service being used on the port. If
multiple services will be using the port, you would configure it to use Dot1q or qinq
encapsulation. Now an access port has been assigned to this service on which customer
equipment can be connected.
PEx>config>service>vpls>sap$ back ↵
PEx>config>service>vpls# mesh-sdp <2X>:600 create ↵
PEx>config>service>vpls>mesh-sdp$ back ↵

Note: Repeat the last two commands for all the remote PEs. The SDPs must form a full mesh to al
the participants in the VPLS service. Use the SDPs over RSVP-TE. These SDPs have TLDP enabled
in the previous lab exercise. The :600 binds the SDP to the service. At this point TLDP labels are
signalled to identify the service on all the participants of the VPLS service.
PEx>config>service>vpls# no shutdown ↵
2. Verify the VPLS. What are the labels used to reach the other PEs? What are the labels used to
reach the VPLS service on these remote PEs?
PEx# show service sap-using ↵

PEx# show service service-using ↵
PEx# show service id 600 all ↵
PEx# show service id 600 labels ↵
3. Connect CPEs to the SAPs of the VPLS Service and test your VPLS by passing traffic across it such
as a video file or a Ping test. Disconnect a network link and see if traffic gets lost. Verify if the
RSVP-TE backup scenario’s are operational.
Note: An VPLS is the equivalent of a VLAN connecting one or more switches. In order to ping
successfully, all CPEs will have to be members of the same subnet.

4. Switch
Verify theto notes database.
forwarding view! What are the age timers? How can you verify the age timer per
mac entry?
PEx# show service fdb-info ↵

PEx# show service fdb-mac ↵
PEx# show service fdb-mac expiry ↵
OAM Tools
1. Perform a MAC Ping and a MAC Trace to a remote CPE. What information is gained from this OAM
tool? Verify the forwarding database. What MAC address is added from this operation? Is the
information aging out as it is supposed to?
PEx# oam mac-ping service 600 destination <XX:XX:XX:XX:XX:XX> ↵

PEx# oam mac-trace service 600 destination <XX:XX:XX:XX:XX:XX> ↵
Note: <XX:XX:XX:XX:XX:XX> is the MAC address of a remotely connected CPE.

fdb-mac ↵
PEx# show service All Rights Reserved © Alcatel-Lucent 2009
PEx# show chassis ↵
Note: This command shows the CPM MAC address.
2. Populate and Purge a random MAC address. What command can flood this information to the
remote PEs participating in the VPLS? Is the information aging out as it is supposed to?
PEx# oam mac-populate 600 mac <00:XX:XX:XX:XX:XX> (flood) ↵

PEx# oam mac-purge 600 target <XX:XX:XX:XX:XX:XX> (flood) ↵
3. Activate a continuous Ping form one CPE to another. Next, perform a CPE Ping to one of the CPEs
as the destination IP-address and the other CPE as the source IP-address. Is the initial continuous
Ping still operational? Why not? How can we resolve this?
PEx# oam cpe-ping service 600 destination <X.X.X.X> source <Y.Y.Y.Y> ↵

End of Module
Lab Exercises VPLS Configuration


Section 8
Lab Exercises
Module 11
MC-LAG Configuration


Objectives
Lab Exercises MC-LAG Configuration 8 11 2

Configure MC-LAG


Switch
LAG to notes view!
Configuration on CE
Prepare the Ports
1. Change the ports facing the Access Switch (see lab diagram) to an access port and disable auto-
negotiate (or set to limited)
CE-1# configure port <X/X/X> shutdown

CE-1# configure port <X/X/X> ethernet mode network
CE-1# configure port <X/X/X> ethernet no autonegotiate
CE-1# configure port <X/X/X> no shutdown
Repeat for all ports participating in the LAG
LAG Configuration
1. Configure the LAG mode (network or access), encasulation type (null, dot1q) to match the ports.
Configure
Service LACPSystem
Router Operating on the LAG.
(SROS) At leastAllone
Rightsside
Reserved © Alcatel-Lucent 2009
CE-1# configure lag 1

CE-1>config>lag$ mode network
CE-1>config>lag$ port <1/1/1 1/1/2 1/1/3 1/1/4>
CE-1>config>lag$ lacp active
CE-1>config>lag$ no shutdown

Switch
LAG to notes view!
Configuration on PEs
Prepare the Ports
1. Change the ports facing the Access Switch (see lab diagram) to an access port and disable auto-
negotiate (or set to limited)
PE1# configure port 1/2/1 shutdown

PE1# configure port 1/2/1 ethernet mode access
PE1# configure port 1/2/1 ethernet encap-type dot1q
PE1# configure port 1/2/1 ethernet no autonegotiate
PE1# configure port 1/2/1 no shutdown
Repeat for all ports participating in the MC-LAG
LAG Configuration
1. Configure the LAG mode (network orAllaccess), encasulation
Rights Reserved © Alcatel-Lucent 2009type (null, dot1q) to match the ports.
Configure LACP on the LAG. At least one side
PE1# configure lag 10

PE1>config>lag$ mode access
PE1>config>lag$ encap-type dot1q
PE1>config>lag$ port 1/2/1 1/2/2
PE1>config>lag$ lacp active
PE1>config>lag$ no shutdown

SwitchConfiguration
MC-LAG to notes view!
1. Configure multi-chassis redundancy with a peering session toward the redundant PE system
address and enable mc-lag redundancy
PE1# configure redundancy multi-chassis

PE1>config>redundancy>multi-chassis# peer <X.X.X.X> create
PE1>config>redundancy>multi-chassis>peer# mc-lag
PE1>config>redundancy>mc>peer>mc-lag# lag 10 lacp-key 1 system-id
00:00:00:00:00:11 system-priority 100
PE1>config>redundancy>mc>peer>mc-lag# no shutdown
PE1>config>redundancy>mc>peer>mc-lag# exit
PE1>config>redundancy>multi-chassis>peer# no shutdown
MC-LAG Verification
PE1# show lag 1

PE1# show lag 1 detail
PE1# show redundancy multi-chassis sync
PE1# show redundancy multi-chassis mc-lag peer <X.X.X.X>

End of Module
Lab Exercises Services Configuration


Labs CE

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Labs CE

Enviado por

Direitos autorais:

Formatos disponíveis

Do not delete this graphic elements in here:

Service Router Operating System (SROS)

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 1

Upon successful completion of this module, the student will be

Service Router Operating System (SROS)

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 2

Lab Instruction Format

The CLI command string is shown in unbolded text.

Node# show time ↵

The ↵ symbol indicates that the Enter All

Node# admin set-time <YYYY/MM/DD hh:mm> ↵

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 3

PEx# show bof ↵

PEx>file cf3: \# md <your_directory> ↵

4. Activate persistence on the BOF

5. Save the BOF

PEx# admin reboot ↵

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 4

Node# show system security ssh ↵

6. Verify your configuration.

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 5

1. Disable the login idle timeout (default 30 minutes).

Node# configure system login-control idle-timeout 5 ↵

2. Set the number of incoming telnet sessions to the maximum.

Node# configure system login-control telnet inbound-max-sessions 7 ↵

Set the System Time and Date

Node# admin set-time <YYYY/MM/DD hh:mm> ↵

Change the System Name

1. Change the system name to PE<x> (<x> = your PE number).

Node# configure system name PE<x> ↵

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 6

*PEx# admin save ↵

7. Verify the new file created in your directory.

8. Delete the old configuration files.

PEx>file cf3:\<your_directory>\# delete *.*.* ↵

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 7

PEx# show card ↵

PEx# configure card <1> ↵

PEx>config>card# show mda ↵

5. Verify the state of the ports. What is their state?

PEx# show port ↵

6. Enable the ports.

PEx# configure port <X/X/X> no shutdown ↵

PEx# configure port <X/X/[Y..Z]> no shutdown ↵

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 8

Service Router Operating System (SROS)

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 1  Page 9

Service Router Operating System (SROS)

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 2  Page 1

Upon successful completion of this module, the student will be

Service Router Operating System (SROS)

All Rights Reserved © 2009, Alcatel-Lucent

Section 8  Module 2  Page 2

Section 8 Module 1 Page 1

Section 8 Module 1 Page 2

Section 8 Module 1 Page 3

Section 8 Module 1 Page 4

Section 8 Module 1 Page 5

Section 8 Module 1 Page 6

PEx>file cf3:\<your_directory>\# delete ..* ↵

Section 8 Module 1 Page 7

Section 8 Module 1 Page 8

Section 8 Module 1 Page 9

Section 8 Module 2 Page 1

Section 8 Module 2 Page 2

Section 8 Module 2 Page 3

Section 8 Module 2 Page 4

Section 8 Module 2 Page 5

Section 8 Module 2 Page 6

Section 8 Module 2 Page 7

Section 8 Module 3 Page 1

Section 8 Module 3 Page 2

Section 8 Module 3 Page 3

Section 8 Module 3 Page 4

Section 8 Module 3 Page 5

Section 8 Module 3 Page 6

Section 8 Module 4 Page 1