Академический Документы
Профессиональный Документы
Культура Документы
2 (V80+)
R4
interface Serial1/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial1/0.1 point-to-point
ip address 172.5.47.4 255.255.255.0
frame-relay interface-dlci 407
!
interface Serial1/0.2 point-to-point
ip address 172.5.48.4 255.255.255.0
frame-relay interface-dlci 408
R7
interface Serial1/0
ip address 172.5.47.7 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.5.47.4 704 broadcast
no frame-relay inverse-arp
R8
interface Serial1/0
ip address 172.5.48.8 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.5.48.4 804 broadcast
no frame-relay inverse-arp
When to Reload?
1. If no frame-relay inverse-arp not configured on interface, configure that and clear farmarelay
inarp and check frame-relay mappings, if you still found mappings, reload the device.
2. Show frame-relay map shows you any 0000 entry.
3. To avoid reload you can shutdown the interface, clear frame inverse arp, default int s0/0
if 0000 still exists, if this doesnt not solve the issue go ahead and reload.
1.4. Configure PPP encapsulation and clock rate 252000 on interface connected
to R3 - R8.
Configure PPP encapsulation and clock rate 252000 on interface connected to R1
- R7.
Notes:
- Once configured the PPP encapsulation. Verify the clock rate on R1 R7 and R3 - R8.
- Issue show controllers serial2/1 command to check the interface type (DCE or DTE) and
current clock rate.
- change the clock rate only on the DCE router.
- My case both R8 and R7 were the DCE interface.
R8
interface Serial1/1
encapsulation ppp
clockrate 252000
R7
interface Serial1/2
encapsulation ppp
clockrate 252000
2.1 OSPF
OSPF is pre-configured in AS 278 devices R2, R7 and R8 on interfaces mentioned
in bellow table.
All devices are pre-configured for OSPF Area 0.
Initial configuration has some problem, make all devices can ping each other
loopback 0 interfaces.
Dont advertise any additional interface except mentioned in bellow chart:
Router Name
Interface
Area
Rack05R2
Loopback0
OSPF Area 0
GigabitEthernet0/0.27
OSPF Area 0
GigabitEthernet0/0.28
OSPF Area 0
Rack05R7
Loopback0
OSPF Area 0
GigabitEthernet0/0.27
OSPF Area 0
Rack05R8
GigabitEthernet0/0.78
Loopback0
GigabitEthernet0/0.78
GigabitEthernet0/0.27
OSPF Area 0
OSPF Area 0
OSPF Area 0
OSPF Area 0
After the correct configuration and connectivity, OPSF peering will not come up due to timers
mismatch, match the timers like bellow:
R2
router ospf 278
network 5.5.2.2 0.0.0.0 area 0
network 5.5.27.2 0.0.0.0 area 0
network 5.5.28.2 0.0.0.0 area 0
R7
router ospf 278
network 5.5.7.7 0.0.0.0 area 0
network 5.5.27.7 0.0.0.0 area 0
network 5.5.78.7 0.0.0.0 area 0
int GigabitEthernet0/0.27
ip ospf dead-interval 30
R8
router ospf 278
network 5.5.8.8 0.0.0.0 area 0
network 5.5.78.8 0.0.0.0 area 0
network 5.5.28.8 0.0.0.0 area 0
Verification:
R2
R7
R8
2.3 R2, R7 and R8 should assign automatic metric to their interfaces as shown
bellow:
Interface
Type
Metric
Loopback
Auto
metric 1
GigabitEthernet
Auto
metric 10
FastEthernet Auto
metric
100
Ethernet
Auto
metric 1000
On R2, R7 and R8
router ospf 278
auto-cost reference-bandwidth 10000
Verification:
R2
R7
Notes: Answer is based on Level-1 Question, if you get question for Level-2 just change the
IS-TYPE to LEVEL-2
R6
router isis
net 47.0069.0000.0000.0006.00
is-type level-1
!
interface FastEthernet0/0.69
ip router isis
! interface Loopback0
ip router isis
R9
router isis
net 47.0069.0000.0000.0009.00
is-type level-2-only
metric-style wide
!
interface FastEthernet0/0.69
ip router isis
!
interface Loopback0
ip router isis
! interface FastEthernet0/0.99
ip router isis
Verification:
Verification: bellow output need to update based on old question, not this one please
manipulated according to above question.
Section 3 BGP
3.1 Basic BGP IPv4 Unicast has been pre-configured in AS 278 for R2, R7 and
R8.
All devices in AS 278 are using their loopback 0 address as update source.
Each device in AS 278 having 2 IBGP neighbors.
Configure BGP so that IPv4 Unicast update should not be sent to any peer
unless they are explicitly stated to send.
Advertise all loopback0 addresses in AS 278.
Initial configuration has some problem; please troubleshoot those so that R2,
R2
router bgp 278
bgp router-id 5.5.2.2
no bgp default ipv4-unicast
neighbor 5.5.8.8 remote-as 278
neighbor 5.5.8.8 update-source Loopback0
neighbor 5.5.7.7 remote-as 278
neighbor 5.5.7.7 update-source Loopback0
!
address-family ipv4
neighbor 5.5.8.8 activate
neighbor 5.5.8.8 send-community both
neighbor 5.5.7.7 activate
neighbor 5.5.7.7 send-community both
network 5.5.2.2 mask 255.255.255.255
exit-address-family
R7
router bgp 278
bgp router-id 5.5.7.7
no bgp default ipv4-unicast
neighbor 5.5.2.2 remote-as 278
neighbor 5.5.2.2 update-source Loopback0
neighbor 5.5.8.8 remote-as 278
neighbor 5.5.8.8 update-source Loopback0
!
address-family ipv4
neighbor 5.5.2.2 activate
neighbor 5.5.8.8 activate
network 5.5.7.7 mask 255.255.255.255
exit-address-family
R8
router bgp 278
bgp router-id 5.5.8.8
no bgp default ipv4-unicast
neighbor 5.5.2.2 remote-as 278
neighbor 5.5.2.2 update-source Loopback0
neighbor 5.5.7.7 remote-as 278
neighbor 5.5.7.7 update-source Loopback0
!
address-family ipv4
neighbor 5.5.2.2 activate
neighbor 5.5.2.2 send-community both
neighbor 5.5.7.7 activate
neighbor 5.5.7.7 send-community both
network 5.5.8.8 mask 255.255.255.255
exit-address-family
3.2 Basic BGP IPv4 Unicast has been pre-configured in AS 69 for R6 and R9.
Configure BGP so that IPv4 Unicast update should not be sent to any other peer
unless they are explicitly stated to send.
Both are using their loopback 0 address as update source.
Advertise all loopback0 addresses in AS 69.
Make sure they can each other loopback0 in BGP IPv4 Unicast routing table.
Notes: Configure and advertise routes.
R6
router bgp 69
bgp router-id 5.5.6.6
no bgp default ipv4-unicast
neighbor 5.5.9.9 remote-as 69
neighbor 5.5.9.9 update-source Loopback0
!
address-family ipv4
neighbor 5.5.9.9 activate
neighbor 5.5.9.9 send-community both
network 5.5.6.6 mask 255.255.255.255
exit-address-family
R9
router bgp 69
bgp router-id 5.5.9.9
no bgp default ipv4-unicast
neighbor 5.5.6.6 remote-as 69
neighbor 5.5.6.6 update-source Loopback0
!
address-family ipv4
neighbor 5.5.6.6 activate
network 5.5.9.9 mask 255.255.255.255
network 5.5.9.9 mask 255.255.255.25
exit-address-family
3.3 R6 needs to have peering with Backbone (BB2) with IP address 150.2.YY.254
which is located in AS 254.
Configure R6 to establish a BGP IPv4 Unicast peering session with Backbone.
Backbone has pre-configured R6 as in AS YY.
Configure BGP IPv4 Unicast peering between R2 and R6, R6 and R8. They should
use directly connected interface IP for establishing BGP session.
Make sure after peering AS 278 and AS 69 can ping each other loopback0
addresses.
AS 278 and AS 69 should be able to ping 197.67.Z.0 networks learned from BB2
with source of their loopback 0 addresses.
Inter-AS network links like YY.YY.28.0 or 150.2.YY.0 of AS 278, 69, 254 are
not allowed to advertise either in BGP or IGP.
Notes: Configure EBGP peering and check the routes and neighbor status. Make sure you have
configured next-hop-self on all ASBRs to Local routers. Sh ip bgp summary, sh ip bgp
R2
router bgp 278
neighbor 5.5.26.6 remote-as 69
! address-family ipv4
neighbor 5.5.26.6 activate
neighbor 5.5.8.8 next-hop-self
neighbor 5.5.7.7 next-hop-self
exit-address-family
R8
router bgp 278
neighbor 5.5.68.6 remote-as 69
!
address-family ipv4
Verification:
Verification:
Verification:
Verification:
Verification:
3.4 Route learned from BB2 should have additional community 278:278 in AS 278
and 69:69 in AS 69.
Or
3.4 Route learned from BB2 should have additional communities 278:278, 69:69
in AS 278 and AS 69.
Notes: Make sure you have configured IP BGP community new-format, and send community end to
end to achieve this. Routes learned via backbone will already have a community value 254:254,
make sure you have this community on R6 for routes learned via Backbone.
Sh ip bgp backbone route.
Bellow answer is for question at Top:
R6
ip community-list standard 254:254 permit 254:254 (Use backbone routes existing community)
! route-map BB2_IN permit 10
set community 69:69 additive
!
route-map AS_267_OUT permit 10
match community 254:254
set community 278:278 254:254
!
route-map AS_267_OUT permit 20
!
router bgp 69
address-family ipv4
neighbor 5.5.26.2 route-map AS_267_OUT out
neighbor 5.5.68.8 route-map AS_267_OUT out
neighbor 150.200.5.254 route-map BB2_IN in
Verification:
3.5 Configure AS 278 access BB2 using the using the R8 as primary exit and R2
as a backup.
Configure AS 278 so that traffic from AS 278 to AS 69 should use R2 as
primary, if link between R2 and R6 is down should re-rout to any available
path.
OR
Configure R2 to ensure that traffic from R7 destined to AS 69 chooses R2 as
primary exit point and R8 as a backup.
Configure R2 to ensure that traffic from R7 destined to Backbone (197.68.Z.0)
choose R8 as primary exit point and R2 as a backup.
Notes: Please verify via trace from R7 and R8.This question they usually change for each
candidate, be careful and do good practice of change paths and analyzing long term impacts on
VPNv4 route control question.
Bellow answer is for question on Top:
R2
ip community-list standard 254:254 permit 254:254
route-map FROM_R6_IN permit 10
match community 254:254
set local-preference 99
!
route-map FROM_R6_IN permit 20
set local-preference 200
!
router bgp 278
add ipv4
nei 5.5.26.6 route-map FROM_R6_IN in
Verification:
Section 4 MPLS
4.1 Enable MPLS on AS 278 interface specified in bellow table.
Use Industry Standard label distribution protocol to propagate labels.
Configure AS 278 devices loopback0 address as their router ID
Dont enable MPLS on any additional interfaces than shown in bellow chart:
Router
Interfaces
R2
GigabitEthernet 0/0.27
GigabitEthernet 0/0.28
R8
GigabitEthernet0/0.28
GigabitEthernet0/1.78
R7
GigabitEthernet 0/0.27
GigabitEthernet 0/0.78
Verification:
Verification:
4.3 AS 278 has decided to test MPLS Traffic Engineering feature between R2 and
R8 loopback2.
To make this test successful enable MPLS Traffic Engineering support in AS 278
and reserve 20 Mbit on required interfaces.
Path from R2 and R8 lo2 should transit R7.
R2
mpls traffic-eng tunnels
!
router ospf 278
mpls traffic-eng router-id Loopback2
mpls traffic-eng area 0
!
interface GigabitEthernet0/0.27
mpls traffic-eng tunnels
ip rsvp bandwidth 20000
R7
mpls traffic-eng tunnels
!
router ospf 278
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
!
interface GigabitEthernet0/0.27
mpls traffic-eng tunnels
ip rsvp bandwidth 20000
!
interface GigabitEthernet0/0.78
mpls traffic-eng tunnels
ip rsvp bandwidth 20000
R8
mpls traffic-eng tunnels
!
router ospf 278
mpls traffic-eng router-id Loopback2
mpls traffic-eng area 0
!
interface GigabitEthernet0/0.78
mpls traffic-eng tunnels
ip rsvp bandwidth 20000
Verification:
Output Ommitted
Verification:
4.4 Create Tunnel 28 on R2 and Tunnel 82 on R8, both should access their
loopback2 IP address via these tunnels.
Explicit path is not allowed to achieve this.
Tunnel should use 5 Mbit of reserved RSVP bandwidth.
Two static routes are allowed, one on each device.
OR
Static route is not permitted to achieve this
Make sure traffic from R2 loopback2 to R8 loopback2 should use Tunnel 28 and
traffic from R8 loopback2 to R2 loopback2 should use Tunnel 82.
R8
interface Tunnel82
ip unnumbered Loopback2
tunnel destination 5.5.2.22
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth 5000
tunnel mpls traffic-eng path-option 1 dynamic
ip route 5.5.2.22 255.255.255.255 tunnel 82
R2
interface Tunnel28
ip unnumbered Loopback2
tunnel destination 5.5.8.88
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth 5000
tunnel mpls traffic-eng path-option 1 dynamic
ip route 5.5.8.88 255.255.255.255 tunnel 28
Vrification:
RD Value
278:78
278:2
69:9
35:35
35:35
RT Value
278:78
278:2
69:9
35:35
35:35
5.1 MP-IBGP (BGP VPNv4 Unicast) in AS 278 is pre-configured, but there are
some issues left in configuration, please troubleshoot those and make sure R2
and R8 have BGP VPNv4 Unicast peering with R7.
Peering between except above, other devices in AS 278 is not allowed.
Devices in AS 278 should use their loopback0 as source of peering.
MP-BGP Unicast should not be sent to any other device than specified in
question.
Notes:
R7 is already configured as VPNv4 RR.
Check both neighbors of R7 and make sure next-hop-self is configured on ASBRS for IPV4 before
starting MPBGP configs.
R2
router bgp 278
!
address-family vpnv4
neighbor 5.5.7.7 activate
neighbor 5.5.7.7 send-community both
R7
router bgp 278
!
address-family vpnv4
neighbor 5.5.2.2 activate
neighbor 5.5.2.2 route-ref
neighbor 5.5.2.2 send-community both
neighbor 5.5.8.8 activate
neighbor 5.5.8.8 route-ref
neighbor 5.5.8.8 send-community both
R8
router bgp 278
!
address-family vpnv4
neighbor 5.5.7.7 activate
neighbor 5.5.7.7 send-community both
5.2 MP-IBGP (BGP VPNv4 Unicast) in AS 69 is pre-configured, but there are some
issues left in configuration, please troubleshoot those and make sure R6 and
R9 have BGP VPNv4 Unicast peering with each other.
Devices in AS 69 should use their loopback0 as a source for BGP VPNv4 Unicast
session between them.
Notes: Check and correct, probably need to activate both in their VPNv4 AFI
R6
router bgp 69
! address-family vpnv4
neighbor 5.5.9.9 activate
neighbor 5.5.9.9 send-community both
R9
router bgp 69
!
address-family vpnv4
neighbor 5.5.6.6 activate
neighbor 5.5.9.9 send-community both
Verification:
Verification:
R7
ip vrf ABC
rd 278:278
route-target export 278:78
route-target import 278:78
!
interface Serial1/0
ip vrf forwarding ABC
ip address 172.5.47.7 255.255.255.0
!
int lo1
ip vrf forwarding ABC
ip address 172.5.7.7 255.255.255.0
!
router bgp 278
address-family ipv4 vrf ABC
neighbor 172.5.47.4 remote-as 34
neighbor 172.5.47.4 activate
network 172.5.7.0 mask 255.255.255.0
R8
ip vrf ABC
rd 278:278
route-target export 278:78
route-target import 278:78
! interface Serial1/0
ip vrf forwarding ABC
ip address 172.5.48.8 255.255.255.0
!
int lo1
ip vrf forwarding ABC
ip address 172.5.8.8 255.255.255.0
!
router bgp 278
address-family ipv4 vrf ABC
neighbor 172.5.48.4 remote-as 34
neighbor 172.5.48.4 activate
network 172.5.8.0 mask 255.255.255.0
R4
router bgp 34
no bgp default ipv4-unicast --------(Optional)
neighbor 172.5.47.7 remote-as 278
neighbor 172.5.48.8 remote-as 278
!
address-family ipv4
neighbor 172.5.47.7 activate
neighbor 172.5.48.8 activate
network 172.5.4.4 mask 255.255.255.255
network 172.5.47.0 mask 255.255.255.0
network 172.5.48.0 mask 255.255.255.0
exit-address-family
int lo1
ip add 172.5.4.44 255.255.255.255
!
router ospf 34
redistribute bgp 34 subnets
network 172.5.34.4 0.0.0.0 area 0
network 172.5.4.44 0.0.0.0 area 0
R3
router ospf 34
Verification:
Output is taken after configuring ABC Site 2 as well:
Verification:
Verification:
R2
ip vrf ABC
rd 278:2
route-target export 278:2
route-target import 278:2
route-target import 278:78
interface GigabitEthernet0/0.10
ip vrf forwarding ABC
ip address 150.100.5.2 255.255.255.0
!
interface GigabitEthernet0/0.12
ip vrf forwarding ABC
ip address 172.5.12.2 255.255.255.0
!
interface GigabitEthernet0/0.13
enca dot 13
ip vrf forwarding ABC
ip address 172.5.22.22 255.255.255.0
!
int lo1
ip vrf forwarding ABC
ip address 172.5.2.2 255.255.255.255
router eigrp 1
R1
router eigrp 100
network 172.5.1.1 0.0.0.0
network 172.5.12.1 0.0.0.255
Lets make vpn connectivity: Please do Ping Check between ABC Site 1 and Site 2
R2
router rip
add ipv4 vrf ABC
red bgp 278 met tra
red eigrp 100 met 1
!
router eig 1
add ipv4 vrf ABC
red bgp 278 metric 1000 100 255 1 1500
red rip metric 1000 100 255 1 1500
autonomous-system 100
!
router bgp 278
add ipv4 vrf ABC
red rip
red eigrp 100
network 172.5.2.2 mask 255.255.255.255
R7/R8
ip vrf ABC
rout im 278:2
R4
router ospf 34
redistribute bgp 34 subnets
! router bgp 34
add ipv4
red ospf 34 mat i e
Verification:
Verification:
Verification:
Verification:
Verification:
Verification:
Verification:
R7
router bgp 278
neighbor 5.5.9.9 remote-as 69
neighbor 5.5.9.9 update-source Loopback0
neighbor 5.5.9.9 ebg
!
add vpn
neighbor 5.5.9.9 activate
neighbor 5.5.9.9 next-hop-unchanged
!
add ipv4
nei 5.5.2.2 send-label
nei 5.5.8.8 send-label
R6
router bgp 69
no bgp default route filter
!
add ipv4
nei 5.5.26.2 send-label
nei 5.5.68.8 send-label
nei 5.5.9.9 send-label
!
route-map AS_267_OUT permit 20
set mpls-label
R2
router bgp 278
add ipv4
nei 5.5.26.6 send-label
nei 5.5.7.7 send-label
route-map FROM_R6_IN permit 20 ----- Route-map is applied for BGP IPV4 Route Control Question
match mpls-label
R8
router bgp 278
add ipv4
nei 5.5.68.6 send-label
nei 5.5.7.7 send-label
Verification:
Understand IGP and BGP Label on R6, R2, R8, R9 and R7
Verification:
Verification:
R2/R7/R8
ip vrf ABC
rout im 69:9
Verification:
R7
Router bgp 278
address-family vpnv4
neighbor 5.5.8.8 next-hop-self
!
address-family ipv4 vrf ABC
neighbor 172.5.47.4 route-map P_C_R4_OUT out
exit-address-family
!
route-map P_C_R4_OUT permit 10
set origin igp
set mpls-label
Verification:
Verification:
2. ABC Site-3 should use link between R6-R8 to access ABC Site-1 and ABC Site1.
R6
ip as-path access-list 278 permit ^278$
!
route-map P_C_R6_IN
match as-path 278
set local-preference 101
match mpls-label
!
Verification:
R1
ip vrf PPP-FR
rd 51:51
! interface Loopback1
ip vrf forwarding PPP-FR
ip address 172.5.1.11 255.255.255.255
!
interface Serial1/2
ip vrf forwarding PPP-FR
ip address 172.5.15.1 255.255.255.0
encapsulation ppp
ip ospf network point-to-point
! router ospf 200 vrf PPP-FR
network 172.5.1.11 0.0.0.0 area 0
network 172.5.15.1 0.0.0.0 area 0
R5
ip vrf PPP-FR
rd 51:51
!
interface Loopback1
ip vrf forwarding PPP-FR
ip address 172.5.5.55 255.255.255.255
!
interface Serial1/2
ip vrf forwarding PPP-FR
ip address 172.5.15.5 255.255.255.0
encapsulation fram
fram map ip 172.5.15.1 100 br
ip ospf net point-to-point
! router ospf 200 vrf PPP-FR
network 172.5.1.55 0.0.0.0 area 0
network 172.5.15.5 0.0.0.0 area 0
R7
pseudowire-class L2TPV3
encapsulation l2tpv3
interworking ip
ip local interface Loopback0
ip tos value 160
!
interface Serial1/2
encapsulation ppp
clock rate 252000
xconnect 5.5.9.9 79 pw-class L2TPV3
R9
pseudowire-class L2TPV3
encapsulation l2tpv3
interworking ip
ip local interface Loopback0
ip tos value 160
!
frame switching
interface Serial1/2
encapsulation fram
fram intf-type dce
fram interface-dlci 100 switch
clock rate 252000
!
connect PPP-FR Serial1/2 100 l2transport
xconnect 5.5.7.7 79 pw-class L2TPV3
Verification:
Verification:
R3
ip vrf PPP-ETH
rd 123:123
! int lo1
ip vrf forwarding PPP-ETH
ip address 172.5.3.33 255.255.255.255
!
int s1/1
ip vrf forwarding PPP-ETH
ip address 172.5.123.3 255.255.255.0
encapsulation ppp
no shutdown
ip ospf network point-to-point
!
router ospf 200 vrf PPP-ETH
log-adjacency-changes
network 172.5.123.3 0.0.0.0 area 0
network 172.5.3.33 0.0.0.0 area 0
SW2
interface Vlan123
ip address 172.5.123.12 255.255.255.0
ip ospf network point-to-point
!
interface Loopback0
ip address 172.5.12.12 255.255.255.255
! router ospf 200
network 172.5.12.12 0.0.0.0 area 0
network 172.5.123.12 0.0.0.0 area
R8
pseudowire-class ATOM
encapsulation mpls
interworking ip
!
interface Serial1/1
encapsulation ppp
clockrate 252000
xconnect 5.5.7.7 78 pw-class ATOM
no sh
R7
pseudowire-class ATOM
encapsulation mpls
interworking ip
! interface GigabitEthernet0/0.123
encapsulation dot1Q 123
Verification:
Verification:
Verification:
5.10 CSC
ABC Site-1 (AS 34) and ABC Site-2 (AS 50) are two POPs of a Service Provider,
who provides VPN services to his customers and contracted AS 278 and AS 69 to
act as transit Service Providers to carrier supporting carrier VPN.
Configure AS 278, AS 69 AS 34 to support this so that AS 45 (POPs AS 34, AS
50) can provide VPN services to his Customer Company XYZ.
Network 172.YY.47.0 and 172.YY.48.0 are not allowed to enable LDP/TDP.
Configure a VPNv4 BGP Unicast between R3 (AS34) and R5 (AS 50) to support this
requirement.
Use their Loopback0 interfaces as update source.
Create VRF XYZ on R3 and R5 with RD/RT 35:35, and configure bellow interfaces
on R3 and R5 in to this VRF.
Device
Interface
R5
Loopback1, FastEthernet0/0
R3
Loopback1, FastEthernet0/1.33
Configure RIP V2 as IGP for XYZ Site-2 between R5 and SW2, bellow interfaces
should be advertised in to RIP V2.
Device
Interface
R5
Loopback1, FastEthernet0/0
SW2
Loopback0, FastEthernet0/5
Ensure Customer XYZ Site-1 and Site-2 have full reachability to each other and
make sure SW1 routing table output should be as following:
Note: if you are unable to ping R5 interface from SW1, enable cef on R5 and reload both SW1
and R5, you will be able to ping. This is because R5 is 2600 series router, and CEF is
disabled by default. Cisco has not enabled during the vrf XYZ creation, thats why vrf doesnt
have separate CEF table. Once you will enable the CEF and reload the device, CEF table will be
created and you will be able to ping. BGP AS Number they change in this lab for R3 and R5,
sometimes they run IBGP, sometimes EBGP.
R5
ip vrf XYZ
rd 34:34
route-target export 34:34
route-target import 34:34
!
interface Loopback2
ip vrf for XYZ
ip address 172.5.55.55 255.255.255.255
! interface FastEthernet0/0.57
ip vrf for XYZ
ip address 172.5.115.5 255.255.255.0
!
router bgp 50
no bgp default ipv4-unicast
neighbor 172.5.3.3 remote-as 34
neighbor 172.5.3.3 update-source Loopback0
neighbor 172.5.3.3 ebgp
! address-family vpnv4
neighbor 172.5.3.3 activate
neighbor 172.5.3.3 send-community extended
exit-address-family
! address-family ipv4 vrf XYZ
redistribute rip
redistribute connected
no synchronization
exit-address-family
router rip
!
address-family ipv4 vrf XYZ
redistribute bgp 50 metric 3
! interface FastEthernet0/0.59
mpls ip
R9
interface FastEthernet0/0.59
mpls ip
R7
router bgp 278
address-family ipv4 vrf ABC
neighbor 172.5.47.4 send-label
R8
router bgp 278
address-family ipv4 vrf ABC
neighbor 172.5.48.4 send-label
R4
router bgp 34
add ipv4
neighbor 172.5.48.8 send-label
neighbor 172.5.47.7 send-label
! int f0/0.34
mpls ip
mpls label pro tdp
R3
int f0/0.34
mpls ip
mpls label pro tdp
!
ip vrf XYZ
rd 34:34
route-target export 34:34
route-target import 34:34
!
interface FastEthernet0/0.33
ip vrf forwarding XYZ
ip address 172.5.33.3 255.255.255.0
! interface FastEthernet0/0.35
ip vrf forwarding XYZ
ip address 172.5.35.3 255.255.255.0
!
router bgp 34
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.5.5.5 remote-as 50
neighbor 172.5.5.5 ebgp
neighbor 172.5.5.5 update-source Loopback0
!
address-family vpnv4
neighbor 172.5.5.5 activate
Verification:
Verification:
Verification:
Section 6 Multicast
6.1 PIM Sparse Mode
Configure PIM SM in AS 278 and AS 69 as per bellow chart.
Device
R2
R7
R8
R6
R9
Interface
Loopback0, GigabitEthernet0/0.26, GigabitEthernet0/0.27, GigabitEthernet0/0.28
Loopback0, GigabitEthernet0/0.27, GigabitEthernet0/0.78
Loopback0, GigabitEthernet0/0.28, GigabitEthernet0/0.78
Loopback0, FastEthernet0/0.26, FastEthernet0/0.69
Loopback0, FastEthernet0/0.69, FastEthernet0/0.99
R2
interface Loopback0
ip pim sparse-mode
!
interface GigabitEthernet0/0.27
ip pim sparse-mode
! interface GigabitEthernet0/0.28
ip pim sparse-mode
!
interface GigabitEthernet0/0.26
ip pim sparse-mode
R7
interface Loopback0
ip pim sparse-mode
!
interface GigabitEthernet0/0.27
ip pim sparse-mode
ip igmp join-group 239.255.1.1
! interface GigabitEthernet0/0.78
ip pim sparse-mode
R8
interface Loopback0
ip pim sparse-mode
!
interface GigabitEthernet0/0.28
ip pim sparse-mode
!
interface GigabitEthernet0/0.78
ip pim sparse-mode
!
ip pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
Verification:
Verification:
R9
interface Loopback0
ip pim sparse-mode
!
interface f0/0.69
ip pim sparse-mode
Verification:
Verification:
int f0/0.34
ip pim sparse-mode
!
ip pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
R3
int lo0
ip pim sparse-mode
ip igmp join-group 239.255.3.3
! int f0/0.34
ip pim sparse-mode
Verification:
Verification:
Verification:
6.7 Configure AS 278 to support Multicast services between ABC Site-1 and ABC
Site-2.
Make sure R1 can get RP information and ping multicast group 239.255.3.3.
R2
ip vrf ABC
mdt default 238.0.0.1
R7
ip multicast-routing vrf ABC
interface s1/0
ip pim sparse-mode
!
int lo1
ip pim sparse-mode
!
ip vrf ABC
mdt default 238.0.0.1
R8
ip multicast-routing vrf ABC
interface s1/0
ip pim sparse-mode
!
int lo1
ip pim sparse-mode
!
ip vrf ABC
mdt default 238.0.0.1
Verification:
Verification:
7.2 To make LDP session secure between R5 and R9 configure MD-5 authentication
between both LDP neighbors.
R5
mpls ldp neighbor 172.5.59.9 password cisco
R9
mpls ldp neighbor vrf ABC 172.5.5.5 password cisco
interface FastEthernet0/0.59
mpls ldp discovery transport-address interface
Verification:
7.3 Protect AS 69 from spoof attacks use uRPF feature to achieve this and make
sure this doesnt interfere AS 278 accesses to AS 69.
access-list 101 permit ip host 5.5.2.2 5.5.0.0 0.0.255.255
access-list 101 permit ip host 5.5.7.7 5.5.0.0 0.0.255.255
access-list 101 permit ip host 5.5.8.8 5.5.0.0 0.0.255.255
access-list 101 permit ip 5.5.27.0 0.0.0.255 5.5.0.0 0.0.255.255
access-list 101 permit ip 5.5.78.0 0.0.0.255 5.5.0.0 0.0.255.255
access-list 101 permit ip 5.5.28.0 0.0.0.255 5.5.0.0 0.0.255.255
interface FastEthernet0/0.26
ip verify unicast source reachable-via any 101
!
interface FastEthernet0/0.68
ip verify unicast source reachable-via any 101
Verification:
7.4 Configure R7 and R8 so that AS 278 and AS 69 have IP Precedence 5 for all
L2TPv3 Packets.
R7
pseudowire-class L2TPV3
ip tos value 160
R9
pseudowire-class L2TPV3
ip tos value 160
Verification:
7.5 NTP
Configure R9 as a stratum 6 NTP Server.
Enable NTP service in AS 278 to get time from R9 in AS 69.
Ensure clock of R2, R7 and R8 is synchronized from R9.
ABC Site-1 devices R3 and R4 should get their clock synchronized with R8; R8
will be acting as time source for them.
Notes: this doesnt work in Dynamips but will work smoothly in Lab.
R9
clock timezone GMT 5 30
ntp master 6
ntp source lo0
R2
clock timezone GMT 5 30
ntp server 5.5.9.9 prefer
ntp peer 5.5.8.8
ntp peer 5.5.7.7
ntp source lo0
R7
clock timezone GMT 5 30
ntp server 5.5.9.9 prefer
ntp peer 5.5.8.8
ntp peer 5.5.2.2
ntp source lo0
R8