Treinamento HPn-Hk644s.b.00 Lab

HP LAN Switching Installation and Administration
Lab Guide
HK644S B.00
HP LAN Switching Installation and Administration
Lab Guide
HK644S B.00
Use of this material to deliver training without prior written permission from HP is prohibited.
Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. This is an HP copyrighted work that may not be reproduced without the written permission of HP. You may not use these materials to deliver training to any person outside of your organization without the written permission of HP. UNIX is a registered trademark of The Open Group. Export Compliance Agreement Export Requirements. You may not export or re-export products subject to this agreement in violation of any applicable laws or regulations. Without limiting the generality of the foregoing, products subject to this agreement may not be exported, re-exported, otherwise transferred to or within (or to a national or resident of) countries under U.S. economic embargo and/or sanction including the following countries: Cuba, Iran, North Korea, Sudan and Syria. This list is subject to change. In addition, products subject to this agreement may not be exported, re-exported, or otherwise transferred to persons or entities listed on the U.S. Department of Commerce Denied Persons List; U.S. Department of Commerce Entity List (15 CFR 744, Supplement 4); U.S. Treasury Department Designated/Blocked Nationals exclusion list; or U.S. State Department Debarred Parties List; or to parties directly or indirectly involved in the development or production of nuclear, chemical, or biological weapons, missiles, rocket systems, or unmanned air vehicles as specified in the U.S. Export Administration Regulations (15 CFR 744); or to parties directly or indirectly involved in the financing, commission or support of terrorist activities. By accepting this agreement you confirm that you are not located in (or a national or resident of) any country under U.S. embargo or sanction; not identified on any U.S. Department of Commerce Denied Persons List, Entity List, US State Department Debarred Parties List or Treasury Department Designated Nationals exclusion list; not directly or indirectly involved in the development or production of nuclear, chemical, biological weapons, missiles, rocket systems, or unmanned air vehicles as specified in the U.S. Export Administration Regulations (15 CFR 744), and not directly or indirectly involved in the financing, commission or support of terrorist activities.
Printed in US HP LAN Switching Installation and Administration Lab guide December 2011
Contents
Lab Precautions ..........................................................................................L1 - 1 Initial Notes ...............................................................................................L1 - 2 Lab 1 - Basic System Configuration ...............................................................L1 - 3 Overview ............................................................................................L1 - 3 Console ..............................................................................................L1 - 4 Management Interface..........................................................................L1 - 6 Telnet..................................................................................................L1 - 7 SSH with Password Authentication ......................................................... L1 - 11 SSH with Public-key Authentication........................................................ L1 - 13 Configuration File Management ........................................................... L1 - 17 TFTP Client Configuration ......................................................................L1 - 18 Lab 2 - Port and Link Management............................................................... L2 - 1 Overview ........................................................................................... L2 - 1 MAC Address Table ............................................................................ L2 - 2 Manual Port Groups ............................................................................ L2 - 3 Bridge Aggregation Groups ................................................................. L2 - 4 Lab 3 - VLANs........................................................................................... L3 - 1 Overview ........................................................................................... L3 - 1 Port-based VLANs ............................................................................... L3 - 2 Protocol-based VLANs ......................................................................... L3 - 3 IP Subnet-based VLANs ....................................................................... L3 - 5 MAC Address-based VLANs ................................................................. L3 - 6 Basic QinQ ........................................................................................ L3 - 9 Lab 4 Layer 2 Topology Management Technologies .................................... L4 - 1 Overview ........................................................................................... L4 - 1 MSTP................................................................................................. L4 - 2 RRPP.................................................................................................. L4 - 5 SmartLink ........................................................................................... L4 - 8 Lab 5 - IPv4 Basics..................................................................................... L5 - 1 Overview ........................................................................................... L5 - 1 IP Interfaces........................................................................................ L5 - 2 DHCP Client and Server....................................................................... L5 - 4 DHCP Relay ....................................................................................... L5 - 6 Lab 6 - IPv4 Routing ................................................................................... L6 - 1 Overview ........................................................................................... L6 - 1 Static Routes ....................................................................................... L6 - 3 RIPv2 ................................................................................................. L6 - 5
hk644s b.00 2011 Hewlett-Packard Development Company, L.P. i
HP LAN Switching Installation and Administration Professional Training
OSPF Single Area ............................................................................ L6 - 6 OSPF Case 2: Multi-Area ..................................................................... L6 - 8 OSPF with BFD ..................................................................................L6 - 13 VRRP ................................................................................................L6 - 19 Lab 7 - IPv4 Multicast Routing ..................................................................... L7 - 1 Overview ........................................................................................... L7 - 1 IGMP................................................................................................. L7 - 2 PIM-DM ............................................................................................. L7 - 6 Multicast VLAN................................................................................... L7 - 9 Lab 8 - Quality of Service ........................................................................... L8 - 1 Overview ........................................................................................... L8 - 1 Priority Mapping ................................................................................. L8 - 2 Queue Scheduling .............................................................................. L8 - 3 Rate Limiting ....................................................................................... L8 - 3 Traffic Policies ..................................................................................... L8 - 4 Traffic Filtering .................................................................................... L8 - 7 Traffic Mirroring .................................................................................. L8 - 8 Lab 9 - Security ......................................................................................... L9 - 1 Overview ........................................................................................... L9 - 1 Securing Telnet ................................................................................... L9 - 2 802. 1X with Local Authentication........................................................... L9 - 4 Local MAC Authentication .....................................................................L9 - 6 Lab 10 - Network Management .................................................................. L10 - 1 Overview .......................................................................................... L10 - 1 Local Port Mirroring ............................................................................ L10 - 2 Remote Port Mirroring ......................................................................... L10 - 4 LLDP ................................................................................................. L10 - 7 1-1 Lab 1 1 IRFv2 ......................................................................................... L1 1-1 HP A5500-EI/A5800 Series................................................................ L1 1 - 11 HP A7500/A9500/A12500 Series .................................................... L1
ii
2011 Hewlett-Packard Development Company, L.P.
hk644s b.00
Lab Precautions
!
CAUTION: Electrostatic discharge (ESD) can damage static-sensitive devices on modules. Follow these precautions when you handle a module.
Do not remove a module from its antistatic bag until you are ready to inspect or install it. Handle the module by the faceplate only. Use proper grounding techniques when you install a module. These techniques include wearing a grounded static discharge wrist strap, or touching a grounded source just before you handle the module.
WARNING: Do not look into the end of a fiber optic cable or fiber optic port.
hk644s b.00
L1 - 1
Initial Notes
1. Groups Unless stated differently in the instructions of a particular exercise, students will work in groups of two. Each group will work with one Switch A5500 and one A7500 2. Port numbering As the actual port numbers in switches and modules used can vary from class to class. In these switches the notation for the ethernet ports is: s/ss/n, where s is the slot number (always 1) ss is the subslot number (always 0) n is the port number within the slot/subslot In this LAB Guide you will need to replace the slot number in the given instructions. 3. System prompt In this guide a generic system prompt will be used: <switch> and [switch] and it will correspond to <A5500> and [A5500] or <A7500> and [A7500] respectively. 4. Example: The following LAB Guide instruction: [switch]interface gig s/0/10 must be written in a switch: [A5500]interface GigabitEthernet 1/0/10 or [A7500]interface GigabitEthernet 1/0/10
hk644s b.00
L1 - 2
Lab 1 - Basic System Configuration

Overview
In this lab, you will: Connect to the switchs management interface using the console port Configure the management interfaces IP address Configure and test Telnet SSH in Password Authentication Mode SSH in Public Key Authentication Mode Save the configuration and manage the Configuration File
PC1 Et he Ethernet Cable Serial port Console Cable
Switch 1 gi
Console port
PC2 Et he Ethernet Cable Serial port Console Cable
Switch 2 g
Console port
Figure 2.1
hk644s b.00
L1 - 3
Console
1) Connect the console cable a) cables RJ45 connector b) cables DB9 connector switchs console port PCs serial port
Note: - If the PC does not have a serial port, you need to use a USB-Serial adapter cable 2) Configure the terminal emulation program Notes: - The following instructions are for Windows HyperTerminal. - If you want to use a different terminal emulation utility, please locate its configuration menu and enter the parameters detailed in Table 2.1. a) Open HyperTerminal b) In the File menu select: Properties c) In the Configure Using box select the COM port you will use and click on the Configure button
d) Complete the COM Properties configuration form using the parameters shown in Table 2.1:
Switch SA7500 Baud Rate Data Bits Parity Stop Bits Flow Control 9600 8 None 1 None
Table 2.1 Console Port Parameters
hk644s b.00
L1 - 4
e) click on the OK button f) close the Properties window 3) Turn on the Switch and observe the messages that appear on the screen. Wait until the following prompt appears:
Press enter to start
4) Press enter i) No login is necessary by default ii) the <S7902E> prompt will appear b) Enter the system view <switch>system [switch]
hk644s b.00
L1 - 5
Management Interface
1) Configure the IP addresses and parameters of the devices using the values shown in Table 2.2 IP address Switch 1 PC1 Switch 2 PC2 10.0.1.1 10.0.1.101 10.0.1.2 10.0.1.102 Table 2.2 a) Switchs management interface (VLAN 1) [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.n 24 where n is the Switch number b) PCs: follow the standard procedure to configure the IP parameters c) Verify [switch]display ip interface d) Test i) Open a command line window (cmd) in windows ii) Enter: c:\>ping 10.0.1.n where n is the Switch number iii) Leave the cmd window open and return to HyperTerminal Mask Length 24 24 24 24 10.0.1.2 10.0.1.1 Default Gateway
hk644s b.00
L1 - 6
Telnet
1) Enable telnet [switch]telnet server enable 2) Configure Password authentication a) Set the authentication mode for telnet [switch]user-interface vty 0 4 [switch-ui-vty0-4]authentication-mode password [switch-ui-vty0-4]set authentication password simple pass [switch-ui-vty0-4]user privilege level 0 [switch-ui-vty0-4]quit 3) Verify [switch]display user-interface vty 0 4) Test a) In the command line window (cmd) enter: c:\>telnet 10.0.1.n where n is the Switch number b) Login by entering the password password: pass c) at the system prompt try to enter the system view <switch>system what happened? d) Logout and close the telnet session <switch>quit e) Leave the cmd window open and return to HyperTerminal 5) Configure the super password with privilege level 3 [switch]super password level 3 simple super a) Test i) In the command line window (cmd) enter: c:\>telnet 10.0.1.n where n is the Switch number
hk644s b.00
L1 - 7
b) Login by entering the password password: pass c) Switch to super level <switch>super at the prompt enter the super password: super d) Try to enter the system view <switch>system what happened? e) Return to user view, logout and close the telnet session [switch]quit <switch>quit f) Leave the cmd window open and return to HyperTerminal 6) Configure Local Scheme authentication a) Change the authentication mode [switch]user-interface vty 0 4 [switch-ui-vty0-4]authentication-mode scheme [switch-ui-vty0-4]display this [switch-ui-vty0-4]quit [switch]display user-interface vty 0 b) Create a new user: i) username: level0 ii) password: 12345 iii) user level: 0 [switch]local-user level0 New local user added [switch-luser-level0]service-type telnet [switch-luser-level0]authorization-attribute level 0 [switch-luser-level0]password simple 12345 [switch-luser-level0]quit NOTE: depending on the software release The following commands: [switch-luser-level0]service-type telnet [switch-luser-level0]authorization-attribute level 0 Must be replaced by: [switch-luser-level0]service-type telnet level 0
hk644s b.00
L1 - 8
c) Create a new user: i) username: level3 ii) password: 12345 iii) user level: 3 [switch]local-user level3 New local user added [switch-luser-level3]service-type telnet [switch-luser-level3]authorization-attribute level 3 [switch-luser-level3]password simple 12345 [switch-luser-level3]quit NOTE: depending on the software release The following commands: [switch-luser-level0]service-type telnet [switch-luser-level0]authorization-attribute level 3 Must be replaced by: [switch-luser-level0]service-type telnet level 3 d) Test i) In the command line window (cmd) enter: c:\>telnet 10.0.1.n where n is the Switch number ii) Login as user level3 username: level3 password: 12345 iii) Try to enter the system view <switch>system what happened? iv) Return to user view, logout and close the telnet session [switch]quit <switch>quit v) In the command line window (cmd) enter: c:\>telnet 10.0.1.n where n is the Switch number vi) Login as user level0 username: level0 password: 12345
hk644s b.00
L1 - 9
vii) Try to enter system view <switch>system what happened? viii) Switch to super level <switch>super at the prompt enter the super password: super ix) Enter system view <switch>system what happened? x) Return to user view, logout and close the telnet session [switch]quit <switch>quit
hk644s b.00
L1 - 10
SSH with Password Authentication

1) Configure SSH using password authentication a) Enable SSH Server and define the inbound protocol of VTYs 0-4 as SSH only [switch]ssh server enable Info: Enable SSH server. [switch]user-interface vty 0 4 [switch-ui-vty0-4]authentication-mode scheme [switch-ui-vty0-4]protocol inbound ssh [switchui-vty0-4]quit b) Create the public key [switch]public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... c) Create a local user [switch]localuser sshu New local user added. [switch-luser-sshu]service-type ssh [switch-luser-sshu]authorization-attibute level 3 [switch-luser-sshu]password simple sshu [switch-luser-sshu]quit NOTE: depending on the software release The following commands: [switch-luser-level0]service-type ssh [switch-luser-level0]authorization-attribute level 3 Must be replaced by: [switch-luser-level0]service-type ssh level 3
hk644s b.00
L1 - 11
d) Define the service type of the user as telnet with password authentication Note: the same configuration can be user for SFTP [switch]ssh user sshu service-type stelnet authentication-type password e) Start the SSH Client, i) enter the server IP address (Host Name), ii) select SSH and iii) click Open
Figure 10.2 iv) Ignore the following Alert window
Figure 10.3
v) and Login as user: sshu with password: sshu
hk644s b.00
L1 - 12
SSH with Public-key Authentication

1) Configure SSH using public key authentication a) undo the ssh user [switch]undo ssh user sshu b) Generate an RSA key pair (using the client software) on the client, save the public key in a file named key.pub, and then upload the file to the SSH server through FTP or TFTP c) Run PuTTYGen.exe, choose SSH-2 RSA and click Generate.
Figure 10.4 d) While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar.
Figure 10.5 e) After the key pair is generated
hk644s b.00
L1 - 13
i) click Save public key to save the key in a file: key.pub in the desktop folder ii) click Save private key to save the key in a file: private.ppk in the desktop folder iii) Close Puttygen.exe f) Transfer the key.pub file to the switch using TFTP i) Open the 3CServer in PC1 and point it to the folder in which you saved the SSH keys (desktop). ii) Go to the user view and get the file: [switch] quit <switch>tftp 10.0.1.100 get key.pub iii) Verify: <switch>dir Directory of flash:/ 0 -rw- 10319701 Apr 30 2008 09:44:16 s7900eg-cmw520-r2101.bin 1 -rw294 Apr 26 2000 13:08:30 g) Return to system view <switch>system h) Import the remote public key from the file key.pub. [switch] public-key peer client import sshkey key.pub i) Specify the authentication type for user sshu as publickey, and assign the public key client for the user. [switch]ssh user sshu service-type stelnet authentication-type publickey assign publickey client j) Connect PC 1:
key.pub
hk644s b.00
L1 - 14
Figure 10.6 i) and click open:
Figure 10.7
k) Disconnect the SSH session (the SSH window will close automatically) <switch>quit 2) Delete the public key file [switch]quit <switch> delete /unreserved key.pub The contents cannot be restored!!! Delete flash:/key.pub?[Y/N]:y
hk644s b.00
L1 - 15
Deleting a file permanently will take a long time. Please wait..... %Delete file flash:/key.pub...Done. 3) And reboot the switch.
hk644s b.00
L1 - 16
Configuration File Management

1) Display the current and saved configuration (any view) <switch>display startup <switch>display saved-configuration <switch>display current-configuration 2) Save the current configuration and activate it <switch>save test.cfg <switch>dir <switch>display startup <switch>startup saved-configuration test.cfg <switch>display startup <switch>display saved-configuration 3) Test the saved configuration a) Reboot the switch <switch>reboot b) Login c) Display the current configuration (any view) <switch>dir <switch>display current-configuration d) Ping the switch from your PC e) Reset the configuration (return the switch to factory default) <switch>reset saved-configuration f) Test the saved configuration i) Reboot the switch <switch>reboot ii) Login iii) Display the current configuration (any view) <switch>dir
<switch>display current-configuration
hk644s b.00
L1 - 17
TFTP Client Configuration

1) Return both switches to factory default
gig s/0/1
Figure 12.2
a) Configure the IP addresses according to table 12.1 Device Interface IP Address Switch PC VLAN 1 Ethernet 10.0.1.1 10.0.1.100
Mask Length 24 24
Table 12.1 b) Configure the IP address of VLAN 1s interface [switch]interface vlan 1 [switch-vlan1-interface]ip address 10.0.1.1 24 c) Configure the IP address of the PC (test by sending pings to the switch) d) Generate the Diagnostics File <switch>display diagnostic-information Note: this file contains all the current information of the switch, and it is especially useful when requesting technical support. i) Answer yes to the Save or display ... prompt. ii) Accept the default file name: default.diag
hk644s b.00
L1 - 18
e) Start the TFTP Server in the PC i) If you dont have one, ask the instructor to provide the 3CServer.exe ii) Ensure that the TFTP server is enabled iii) Configure the TFTP Server to store the received file on the desktop. f) Copy the diagnostics file to the PC using tftp <switch>tftp 10.0.1.100 put default.diag g) Verify : i) Go to the TFTP server window and that the transmission finishes successfully. ii) In the PC, open the file using WordPad. h) Delete the diagnostics file <switch>delete /unreserved default.diag
hk644s b.00
L1 - 19
hk644s b.00
L1 - 20
Lab 2 - Port and Link Management

Overview
In this lab, you will: Analyze the MAC address table and create MAC address blackholes Configure Manual Port Groups and perform group-wide configurations Create Manual and Static Link Aggregation Groups
Switch 1
Switch 2
gig s/0/1 PC1
gig s/0/1 gig s/0/10 gig s/0/10 PC2
Figure 3-1
hk644s b.00
L2 - 1
MAC Address Table

1) Configure the IP addresses of the PCs and Switches according to Table 3.1 Device Switch 1 Switch 2 PC1 PC2 Interface VLAN 1 VLAN 1 Ethernet Ethernet IP address Mask Length 10.0.1.1 24 10.0.1.2 24 10.0.1.101 24 10.0.1.102 24 Table 3.1 Def. Gw.
10.0.1.1 10.0.1.1
2) MAC address table (using the console) a) Display the MAC address table (in system view) [switch]display mac-address b) Run pings from each PC to the other PC and to the Switchs management address C:\>ping 10.0.1.1 C:\>ping 10.0.1.2 c) Display the MAC address table (in system view) and find the MAC address of each PC: [switch]display mac-address mac-add-pc1 mac-add-pc2 : : : :
3) MAC address blackhole a) Create a blackhole for PC 2s MAC Address [switch]mac-address blackhole <mac-add-pc1> vlan 1 [switch]mac-address blackhole <mac-add-pc2> vlan 1 b) Test sending Pings from PC 1 to PC 2 c) Undo the blackholes [switch]undo mac-address blackhole vlan 1
hk644s b.00
L2 - 2
Manual Port Groups

4) Manual Port Groups a) Create a manual port group i) Name: group1 ii) Members: gig s/0/5-6 [switch]display interface gig s/0/5 [switch]display interface gig s/0/6 [switch]port-group manual group1 [switch-port-group-manual-group1]group-member gig s/0/5 to gig s/0/6 b) Verify [switch-port-group-manual-group1]display this [switch-port-group-manual-group1]display port-group manual name group1 c) Test the group mechanism by changing some port settings [switch-port-group-manual-group1]broadcast-suppression 50 [switch-port-group-manual-group1]jumboframe enable 2000 [switch-port-group-manual-group1]quit [switch]display interface gig s/0/5 [switch]display interface gig s/0/6
hk644s b.00
L2 - 3
Bridge Aggregation Groups

PC 1 Switch 1 Switch 2 PC 2
gig s/0/1
gig s/0/1
1) Create a static aggregation group with ports gig s/0/8-gig s/0/10 [switch]interface bridge-aggregation 1 [switch-Bridge-Aggregation]quit [switch]interface gig s/0/8 [switch-gigs/0/8]port link-aggregation group 1 [switch-gigs/0/8]interface gig s/0/9 [switch-gigs/0/9]port link-aggregation group 1 [switch-gigs/0/9]interface gig s/0/10 [switch-gigs/0/10]port link-aggregation group 1 [switch-gigs/0/10]quit d) Test i) When step d) has been completed at both switches ii) Connect ports 8, 9 and 10 on one switch to ports 8, 9 and 10 on the other switch iii) Verify [switch]display link-aggregation summary [switch]display link-aggregation verbose iv) Discuss with your lab partner the following two commands: [switch]display link-aggregation load-sharing mode [switch]link-aggregation load-sharing mode ? e) Disconnect all links between the switches and undo the Manual Aggregation group [switch]undo interface bridge-aggregation 1
hk644s b.00
L2 - 4
2) Create a dynamic aggregation group with the same ports [switch]interface bridge-aggregation 1 [switch-Bridge-Aggregation]link-aggregation mode dynamic [switch-Bridge-Aggregation]quit [switch]interface gig s/0/8 [switch-gigs/0/8]port link-aggregation group 1 [switch-gigs/0/8]interface gig s/0/9 [switch-gigs/0/9]port link-aggregation group 1 [switch-gigs/0/9]interface gig s/0/10 [switch-gigs/0/10]port link-aggregation group 1 f) Test i) When step d) has been completed at both switches ii) Connect ports 8, 9 and 10 on one switch to ports 8, 9 and 10 on the other switch iii) Verify [switch]display link-aggregation summary [switch]display link-aggregation verbose g) Disconnect all links between the switches and undo the Manual Aggregation group [switch] undo interface bridge-aggregation 1
hk644s b.00
L2 - 5
hk644s b.00
L2 - 6
Lab 3 - VLANs
Overview
In this lab, you will: Create Port-based VLANs Create Protocol-based VLANs Create IP-subnet-based VLANs Create MAC-address-based VLANs Configure Basic QinQ
Switch 1
Switch 2
gig s/0/1 PC1
gig s/0/10 gig s/0/5
gig s/ 0/10 gig s/0/5
gi g s/0/1 PC2
Figure 4.1 Device Switch 1 Switch 2 PC1 PC2 Interface VLAN 1 VLAN 1 Ethernet Ethernet IP address Mask Length 10.0.1.1 24 10.0.1.2 24 10.0.1.101 24 10.0.1.102 24 Table 4.1 Def. Gw.
10.0.1.1 10.0.1.1
hk644s b.00
L3 - 1
Port gig s/0/1 gig s/0/5
Link-Type Access Port Access Port
Switch 1 VLAN 1 VLAN 2
Switch 2 VLAN 1 VLAN 2
gig s/0/10 Trunk Port
VLAN 1 Untagged VLAN 1 Untagged VLAN 2 Tagged Table 4.2 VLAN 2 Tagged
Port-based VLANs
1) Create Port Based VLANs according to figure 4.1, table 4.1 and 4.2 a) Enter the management IP address (VLAN 1) [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.g 24 [switch-interface-vlan1]quit b) Create VLAN 2 and assign port gig s/0/5 as an access port [switch]vlan 2 [switch-vlan2]port gig s/0/5 [switch-vlan2]quit c) Configure port gig s/0/10 as trunk and configure its VLANs [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan all [switch-gigs/0/10]quit d) Verify the configuration [switch]display interface gig s/0/5 [switch]display interface gig s/0/10 [switch]display vlan all e) Test the configuration i) Connect a PC to port gig s/0/1 of each switch and ping the other PC and each switch
hk644s b.00
L3 - 2
ii) Connect a PC to port gig s/0/5 of each switch and ping the other PC and each switch iii) Analyze the results and discuss them with the other group members f) Undo port link-type trunk in port gig s/0/10 [switch-gigs/0/10]undo port link-type g) Undo VLAN 2 [switch]undo vlan 2
Protocol-based VLANs
1) Configure IPv6 in your PC and setup the IPv6 link-local address of your ethernet card a) Open a cmd window C:\>ipv6 install b) Create VLAN 2 and 3, configure them protocol based VLANs and assign IPv4 as the protocol for VLAN 2 and IPv6 as the protocol for VLAN 3 [switch]vlan 2 [switch-vlan2]protocol-vlan ipv4 [switch-vlan2]quit [switch]vlan 3 [switch-vlan3]protocol-vlan ipv6 [switch-vlan3]quit c) Configure the ports according to table 4.3 Port gig s/0/1 Link-Type Access Port Switch 1 VLAN 1 VLAN 1 untagged gig s/0/5 Hybrid Port VLAN 2 untagged VLAN 3 untagged gig s/0/10 Trunk Port VLAN all Table 4.3 [switch]interface gig s/0/5 Switch 2 VLAN 1 VLAN 1 untagged VLAN 2 untagged VLAN 3 untagged VLAN all
hk644s b.00
L3 - 3
[switch-gigs/0/5]port [switch-gigs/0/5]port [switch-gigs/0/5]port [switch-gigs/0/5]port [switch-gigs/0/5]port [switch-gigs/0/5]quit
link-type hybrid hybrid vlan 1 2 3 untagged hybrid pvid vlan 1 hybrid protocol-vlan vlan 2 all hybrid protocol-vlan vlan 3 all
[switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan all [switch-gigs/0/10]quit d) Verify the configuration [switch]display vlan all [switch]display protocol-vlan interface gig s/0/5 [switch]display protocol-vlan interface all e) Test the configuration i) Connect each PC to port 1 of the corresponding switch and ping the other PC and each switch. ii) Repeat sending ping6 (ping for IPv6) to the other PC. iii) Connect each PC to port 5 of the corresponding switch and ping the other PC and each switch. iv) Repeat sending ping6 (ping for IPv6) to the other PC. v) Analyze the results of the pings f) Return ports gig s/0/5 and gig s/0/10 to VLAN 1 as access ports [switch-gigs/0/5]undo port hybrid protocol-vlan all [switch-gigs/0/5]undo port link-type [switch-gigs/0/10]undo port hybrid protocol-vlan all [switch-gigs/0/10]undo port link-type g) Undo VLAN 2 and 3 [switch]vlan 2 [switch-vlan2]undo protocol-vlan all [switch-vlan2]quit [switch]undo vlan 2 [switch]vlan 3
hk644s b.00
L3 - 4
[switch-vlan3]undo protocol-vlan all [switch-vlan3]quit [switch]undo vlan 3
IP Subnet-based VLANs
1) Create IP-subnet-based VLANs a) Create VLAN 2 and VLAN 3 and configure them as IP Subnet-based VLANs [switch]vlan 2 [switch-vlan2]ip-subnet-vlan ip 10.0.2.0 255.255.255.0 [switch-vlan2]quit [switch]vlan 3 [switch-vlan3]ip-subnet-vlan ip 10.0.3.0 255.255.255.0 [switch-vlan3]quit b) Configure the ports according to table 4.3 Port Link-Type Switch 1 gig s/0/1 Access Port VLAN 1 VLAN 1 untagged gig s/0/5 Hybrid Port VLAN 2 untagged VLAN 3 untagged gig s/0/10 Trunk Port VLAN all Table 4.3 [switch]interface gig s/0/5 [switch-gigs/0/5]port link-type hybrid [switch-gigs/0/5]port hybrid vlan 1 2 3 untagged [switch-gigs/0/5]port hybrid pvid vlan 1 [switch-gigs/0/5]port hybrid ip-subnet-vlan vlan 2 [switch-gigs/0/5]port hybrid ip-subnet-vlan vlan 3 [switch-gigs/0/5]display this [switch-gigs/0/5]quit [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan all
Switch 2 VLAN 1 VLAN 1 untagged VLAN 2 untagged VLAN 3 untagged VLAN all
hk644s b.00
L3 - 5
[switch-gigs/0/10]quit c) Verify the configuration [switch]display vlan all [switch]display ip-subnet-vlan interface gig s/0/5 [switch]display ip-subnet-vlan interface all d) Test the configuration i) Connect each PC to port 1 of the corresponding switch and ping the other PC and each switch. ii) Connect each PC to port 5 of the corresponding switch and ping the other PC and each switch. iii) Change the IP address of each PC to 10.0.2.1g1 and 10.0.2.1g2 respectively and restart the pings. iv) Analyze the results of the pings e) Return ports gig s/0/5 and gig s/0/10 to VLAN 1 as access ports and delete VLAN 2. Take all the necessary steps.
MAC Address-based VLANs

1) Create MAC-address-based VLANs a) Get the MAC address of each PCs ethernet card: [switch]display mac-address mac-add-pc1 mac-add-pc2 : : : :
b) Create VLAN 2 and configure it as a MAC-address-based VLAN [switch]vlan 2 [switch-vlan2]quit (mac-address must be in the format: 1122-3344-5566) [switch]mac-vlan mac-address mac-add-pc1 vlan 2 [switch]mac-vlan mac-address mac-add-pc2 vlan 2
hk644s b.00
L3 - 6
c) Configure the ports according to table 4.4 Port Link-Type Switch 1 gig s/0/1 Access Port VLAN 1 VLAN 1 untagged gig s/0/5 Hybrid Port VLAN 2 untagged VLAN 3 untagged gig s/0/10 Trunk Port VLAN all Table 4.4
Switch 2 VLAN 1 VLAN 1 untagged VLAN 2 untagged VLAN 3 untagged VLAN all
[switch]interface gig s/0/5 [switch-gigs/0/5]port link-type hybrid [switch-gigs/0/5]port hybrid vlan 1 2 untagged [switch-gigs/0/5]port hybrid pvid vlan 1 [switch-gigs/0/5]mac-vlan enable [switch-gigs/0/5]quit [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan all [switch-gigs/0/10]quit d) Verify the configuration [switch]display vlan all [switch]display mac-vlan all e) Test the configuration i) Connect each PC to port 1 of the corresponding switch and ping the other PC and each switch. ii) Connect each PC to port 5 of the corresponding switch and ping the other PC and each switch. iii) Analyze the results of the pings
hk644s b.00
L3 - 7
f) Verify the configuration [switch]display vlan all [switch]display mac-vlan all g) Return ports gig s/0/5 and gig s/0/10 to VLAN 1 as access ports and delete VLAN 2. Take all the necessary steps.
hk644s b.00
L3 - 8
Basic QinQ
1) Working with another group create a basic QinQ network
VLAN1
Customer VLANs gig s/0/10 gig s/0/10
Service VLAN
Customer VLANs gig s/0/10
VLAN1 gig s/0/1 gig s/0/5 VLAN5
gig s/0/1 gig s/0/5
gig s/0/1
gig s/0/1
gig s/0/10
VLAN5 Switch 3
Switch 1
Switch 2
Switch4
Figure 4.2 a) Configure Switch 3 and Switch 4 according to table 4.6 Port Link-Type Switch 3 and 4 gig s/0/1 gig s/0/5 gig s/0/10 Access Port Access Port Trunk Port Table 4.6 [switch]vlan 5 [switch-vlan5]port gig s/0/5 [switch-vlan5]quit [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan 1 5 [switch-gigs/0/10]port trunk pvid vlan 1 [switch-gigs/0/10]quit b) Configure Switch 1 and Switch 2 according to table 4.7 Port Link-Type Switch 1 and 2 gig s/0/1 gig s/0/10 Trunk Port Access Port w/ qinq enabled Table 4.7 [switch]vlan 101 VLAN all VLAN 101 VLAN 1 VLAN 5 VLAN 1 and 5
hk644s b.00
L3 - 9
[switch-vlan101]port gig s/0/10 [switch-vlan101]quit [switch]interface gig s/0/10 [switch-gigs/0/10]qinq enable [switch-gigs/0/10]quit [switch]interface gig s/0/1 [switch-interface-gigs/0/1]jumboframe enable [switch-interface-gigs/0/1]port link-type trunk [switch-interface-gigs/0/1]port trunk permit vlan all [switch-interface-gigs/0/1]quit c) Verify: make sure that VLAN 1 and 5 are not being transported between switches 1 and 2 . In switches 1 and 2: [switch]display vlan all d) Test Send pings between PCs in VLAN 1. Send pings between PCs in VLAN 5.
hk644s b.00
L3 - 10
Lab 4 Layer 2 Topology Management Technologies

Overview
In this lab, you will: Create an MSTP network Create an RRPP network Create a SmartLink
PC1 gig s/0/5 gig s/0/1 Switch 1 gig s/0/10 gig s/0/10 gig s/0/1
PC2
gig s/0/5
Switch 2
gig s/0/1 gig s/0/1 Switch 4 gig s/0/10 gig s/0/5 gig s/0/5
gig s/0/10 Switch 3
PC4
PC3
Figure 5.1 Device Switch 1 PC1 Switch 2 PC2 Switch 3 PC3 Interface VLAN 1 Ethernet VLAN 1 Ethernet VLAN 1 Ethernet IP address 10.0.1.1 10.0.1.101 10.0.1.2 10.0.1.102 10.0.1.3 10.0.1.103 Mask Length 24 24 24 24 24 24 Def. Gw. 10.0.1.1 10.0.1.1 10.0.1.1
hk644s b.00
L4 - 1
Switch 4 PC4
VLAN 1 Ethernet
10.0.1.4 10.0.1.104 Table 5.1
24 24
10.0.1.1
MSTP
1) Create an MSTP Network according to Figure 5.1 a) Configure the IP addresses according to Table 5.1 b) Create VLANs 101-104 [switch]vlan 101 [switch-vlan101]vlan 102 [switch-vlan102]vlan 103 [switch-vlan103]vlan 104 [switch-vlan104]quit c) Configure the trunk ports to permit VLANs 101-104 [switch]interface gig s/0/1 [switch-gigs/0/1]port link-type trunk [switch-gigs/0/1]port trunk permit vlan 101 102 103 104 [switch-gigs/0/1]quit [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan 101 102 103 104 [switch-gigs/0/10]quit d) Configure the MSTP region with name region1. [switch]stp region-configuration [switch-mst-region]region-name region1 e) Create and configure four MST instances according to Table 5.2 Instance 1 2 Mapped to VLAN 101 VLAN 102 Primary Root Switch 1 Switch 2 Secondary Root Switch 2 Switch 3
hk644s b.00
L4 - 2
3 4
VLAN 103 Switch 3 VLAN 104 Switch 4 Table 5.2
Switch 4 Switch 1
[switch-mst-region]instance 1 vlan 101 [switch-mst-region]instance 2 vlan 102 [switch-mst-region]instance 3 vlan 103 [switch-mst-region]instance 4 vlan 104 [switch-mst-region]revision-level 1 [switch-mst-region]check region-configuration [switch-mst-region]active region-configuration [switch-mst-region]quit i) Switch 1 only [switch]stp instance 1 root primary [switch]stp instance 2 root secondary ii) Switch 2 only [switch]stp instance 2 root primary [switch]stp instance 3 root secondary iii) Switch 3 only [switch]stp instance 3 root primary [switch]stp instance 4 root secondary iv) Switch 4 only [switch]stp instance 4 root primary [switch]stp instance 1 root secondary f) Configure port gig s/0/5 as an stp edge port [switch]interface gig s/0/5 [switch-gigs/0/5]stp edge-port enable [switch-gigs/0/5]quit g) Enable stp [switch]stp enable h) Connect Ports 1 and 10 to the previous and next switch in the ring.
hk644s b.00
L4 - 3
i) Verify the MSTP status [switch]display stp [switch]display stp [switch]display stp [switch]display stp [switch]display stp
root brief instance 1 (repeat for all instances) interface gig s/0/1 interface gig s/0/10
j) Disconnect each switch from the ring and return it to factory default [switch]quit <switch> reboot
hk644s b.00
L4 - 4
RRPP
1) Create an RRPP Network according to Figure 5.1 a) Configure the IP addresses according to Table 5.1 b) Configure the Master Node (Switch 1): i) Configure ports gig s/0/1 and gig s/0/10 as trunk ports and disable stp [switch]interface gig s/0/1 [switch-gigs/0/1]port link-type trunk [switch-gigs/0/1]port trunk permit vlan all [switch-gigs/0/1]port trunk pvid vlan 1 [switch-gigs/0/1]stp disable [switch-gigs/0/1]quit [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan all [switch-gigs/0/10]port trunk pvid vlan 1 [switch-gigs/0/10]stp disable [switch-gigs/0/10]quit ii) Create the RRPP domain, associate the control VLAN, and define the switch as the master node [switch]rrpp domain 1 [switch-domain1]control-vlan 1000 Note: the control vlan is created in this step and should not exist previously [switch-domain1]protected-vlan reference-instance 0 [switch-domain1]ring 1 node-mode master primary-port gig s/0/1 secondary-port gig s/0/10 level 0 [switch-domain1]ring 1 enable [switch-domain1]quit [switch]rrpp enable c) Configure the Transit Nodes (Switches 2, 3 and 4): i) Configure ports gig s/0/1 and gig s/0/10 as trunk ports and disable stp [switch]interface gig s/0/1 [switch-gigs/0/1]port link-type trunk
hk644s b.00
L4 - 5
[switch-gigs/0/1]port trunk permit vlan all [switch-gigs/0/1]port trunk pvid vlan 1 [switch-gigs/0/1]stp disable [switch-gigs/0/1]quit [switch]interface gig s/0/10 [switch-gigs/0/10]port link-type trunk [switch-gigs/0/10]port trunk permit vlan all [switch-gigs/0/10]port trunk pvid vlan 1 [switch-gigs/0/10]stp disable [switch-gigs/0/10]quit ii) Create the RRPP domain, associate the control VLAN, and define the switch as the transit node [switch]rrpp domain 1 [switch-domain1]control-vlan 1000 [switch-domain1]protected-vlan reference-instance 0 [switch-domain1]ring 1 node-mode transit primary-port gig s/0/1 secondary-port gig s/0/10 level 0 [switch-domain1]ring 1 enable [switch-domain1]quit [switch]rrpp enable d) Connect the ring and verify and test i) Verify the master nodes configuration [switch]display rrpp brief [switch]display rrpp verbose domain 1 ii) Verify each transit nodes configuration [switch]display rrpp brief [switch]display rrpp verbose domain 1 e) Test i) Disconnect the secondary port of one of the transit nodes and (1) at the master node [switch]display rrpp brief [switch]display rrpp verbose domain 1
hk644s b.00
L4 - 6
(2) at each transit node [switch]display rrpp brief [switch]display rrpp verbose domain 1 ii) Reconnect the secondary port of one of the transit nodes and (1) at the master node [switch]display rrpp brief [switch]display rrpp verbose domain 1 [switch]display rrpp statistics domain 1 (2) at each transit node [switch]display rrpp brief [switch]display rrpp verbose domain 1 [switch]display rrpp statistics domain 1 b) Disconnect each switch from the ring and return it to factory default [switch]quit <switch> reboot
hk644s b.00
L4 - 7
SmartLink
1) Return all switches to factory default 2) Configure the Access Layer Switch (SwitchA) a) Enter system view <SwitchB1>system-view b) Prepare the VLANs for load balancing (observe that you are using the same commands as in MSTP), and configure the ports to be used for Smartlink as trunks. [SwitchA]vlan 2 to 200 [SwitchA]stp region-configuration [SwitchA-stp-region]instance 0 vlan 1 to 100 [SwitchA-stp-region]instance 2 vlan 101 to 200 [SwitchA-stp-region]active region-configuration [SwitchA-stp-region]quit [SwitchA]int gig 1/0/1 [SwitchA-interface-gig1/0/1]stp disable [SwitchA-interface-gig1/0/1]port link-type trunk [SwitchA-interface-gig1/0/1]port trunk permit vlan all [SwitchA-interface-gig1/0/1]quit [SwitchA]int gig 1/0/2 [SwitchA-interface-gig1/0/2]stp disable [SwitchA-interface-gig1/0/2]port link-type trunk [SwitchA-interface-gig1/0/2]port trunk permit vlan all [SwitchA-interface-gig1/0/2]quit
hk644s b.00
L4 - 8
c) Configure SmartLink [SwitchA]smart-link group 1 [SwitchA-smartlink1]protected-vlan reference-instance 0 what is a "protected vlan"? [SwitchA-smartlink1]port gig 1/0/1 master [SwitchA-smartlink1]port gig 1/0/2 slave [SwitchA-smartlink1]preemption mode role what is "preemption mode"? [SwitchA-smartlink1]flush enable control-vlan 100 [SwitchA-smartlink1]quit [SwitchA]smart-link group 2 [SwitchA-smartlink2]protected-vlan reference-instance 2 [SwitchA-smartlink2]port gig 1/0/2 master [SwitchA-smartlink2]port gig 1/0/1 slave [SwitchA-smartlink2]preemption mode role what is a "flush vlan"? [SwitchA-smartlink2]flush enable control-vlan 101 [SwitchA-smartlink2]quit [SwitchA]quit 3) Configure the first Aggregation Layer Switch (SwitchB1) a) Enter system view <SwitchB1>system-view b) Prepare the VLANs for load balancing (observe that you are using the same commands as in MSTP), and configure the ports to be used for Smartlink as trunks. [SwitchB1]vlan 2 to 200 [SwitchB1]int gig 1/0/1 [SwitchB1-interface-gig1/0/1]port link-type trunk [SwitchB1-interface-gig1/0/1]port trunk permit vlan all [SwitchB1-interface-gig1/0/1]smart-link flush enable control-vlan 100 101 [SwitchB1-interface-gig1/0/1]quit [SwitchB1]int gig 1/0/24 [SwitchB1-interface-gig1/0/24]port link-type trunk [SwitchB1-interface-gig1/0/24]port trunk permit vlan all [SwitchB1-interface-gig1/0/24]smart-link flush enable control-vlan 100 101 [SwitchB1-interface-gig1/0/24]quit
hk644s b.00
L4 - 9
4) Configure the second Aggregation Layer Switch (SwitchB2) a) Enter system view <SwitchB1>system-view [SwitchB2]vlan 2 to 200 [SwitchB2]int gig 1/0/1 [SwitchB2-interface-gig1/0/1]port link-type trunk [SwitchB2-interface-gig1/0/1]port trunk permit vlan all [SwitchB2-interface-gig1/0/1]smart-link flush enable control-vlan 100 101 [SwitchB2-interface-gig1/0/1]quit [SwitchB2]int gig 1/0/24 [SwitchB2-interface-gig1/0/24]port link-type trunk [SwitchB2-interface-gig1/0/24]port trunk permit vlan all [SwitchB2-interface-gig1/0/24]smart-link flush enable control-vlan 100 101 [SwitchB2-interface-gig1/0/24]quit
5) Configure the Core Layer Switch (SwitchC) a) Enter system view and complete the configuration <SwitchB1>system-view [SwitchC]vlan 2 to 200 [SwitchC]int gig 1/0/1 [SwitchC-interface-gig1/0/1]port link-type trunk [SwitchC-interface-gig1/0/1]port trunk permit vlan all [SwitchC-interface-gig1/0/1]smart-link flush enable control-vlan 100 101 [SwitchC-interface-gig1/0/1]quit [SwitchC]int gig 1/0/3 [SwitchC-interface-gig1/0/3]port link-type trunk [SwitchC-interface-gig1/0/3]port trunk permit vlan all [SwitchC-interface-gig1/0/3]smart-link flush enable control-vlan 100 101 [SwitchC-interface-gig1/0/3]quit 6) Verify configuration a) Connect console to SwitchA i) Disconnect cable from port gig 1/0/1 of SwitchA ii) Read messages - what happened? which group changed active port?
hk644s b.00
L4 - 10
iii) iv) v) vi)
Reconnect... - what happened? which group changed active port? Disconnect cable from port gig 1/0/2 of SwitchA Read messages - what happened? which group changed active port? Reconnect... - what happened? which group changed active port?
b) Connect console to Core Switch i) Disconnect cable from port gig 1/0/1 of SwitchC display smart-link flush ii) In the message displayed, look for the question marks shown below
Received flush packets : ? <==== Receiving interface of the last flush packet : GigabitEthernet1/0/? <==== Receiving time of the last flush packet : 12:07:51 2000/04/26 Device ID of the last flush packet : 000f-e2c1-b240 Control VLAN of the last flush packet : 100
iii) Disconnect cable from port gig 1/0/1 display smart-link flush iv) In the message displayed, look for the question marks shown below
Received flush packets : ? <==== Receiving interface of the last flush packet : GigabitEthernet1/0/? <==== Receiving time of the last flush packet : 12:07:51 2000/04/26 : 000f-e2c1-b240 Device ID of the last flush packet Control VLAN of the last flush packet : 100
hk644s b.00
L4 - 11
hk644s b.00
L4 - 12
Lab 5 - IPv4 Basics

Overview
In this lab, you will: Create IP Interfaces Configure DHCP Server Configure DHCP Relay
hk644s b.00
L5 - 1
IP Interfaces
1) Create IP Interfaces
PC1
PC2 gig s/0/10 VLAN 2
gig s/0/1
VLAN 1
Figure 6.1
Device Switch Interface VLAN 1 VLAN 1 PC 1 PC2 Ethernet Ethernet IP Address 10.0.1.1 10.0.2.1 10.0.1.100 10.0.2.100 Length 24 24 24 24 10.0.1.1 10.0.2.1 Gateway
Table 6.1 a) Create vlan 2 and assign it port gig s/0/10 (as an access port) [switch]vlan 2 [switch-vlan2]port gig s/0/10 [switch-vlan2]quit b) Configure the IP addresses of both VLAN interfaces [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.1 24 [switch-interface-vlan1]quit [switch]interface vlan 2 [switch-interface-vlan1]ip address 10.0.2.1 24 [switch-interface-vlan1]quit c) Verify
hk644s b.00
L5 - 2
[switch]display interface ip d) Test: i) Configure the IP address, mask and Default Gateway of each PC (see table above). ii) Send pings between the PCs, and the IP interfaces of the VLANs.
hk644s b.00
L5 - 3
DHCP Client and Server

Int-vlan1 10.0.1.1 /24
Switch 1 DHCP Server
Switch 2 DHCP Client

gig s/0/10
gig s/0/1 gig s/0/5
DHCP Clients
Figure 6.2
1) Configure DHCP Client and Server in a single VLAN (single IP subnet) a) Switch 1 i) Assign the IP address to the VLAN 1 interface [switch]interface vlan1 [switch-vlan-interface1]ip address 10.0.1.1 24 ii) Configure the DHCP Server (1) enable DHCP [switch]dhcp enable [switch]interface vlan1 [switch-vlan-interface1]dhcp select server global-pool [switch-vlan-interface1]quit (2) Configure the IP address pool [switch]dhcp server ip-pool 1 [switch-dhcp-pool-1]network 10.0.1.0 24 [switch-dhcp-pool-1]gateway-list 10.0.1.1 [switch-dhcp-pool-1]dns-list 10.0.1.1
hk644s b.00
L5 - 4
[switch-dhcp-pool-1]domain-name classdomain.com [switch-dhcp-pool-1]quit (3) Exclude an address range for manual assignment [switch]dhcp server forbidden-ip 10.0.1.1 10.0.1.19 b) Switch 2 i) Configure the Switch as a DHCP client [switch]interface vlan 1 [switch-vlan-interface1]ip address dhcp-alloc [switch-vlan-interface1]quit
c) PCs i) Configure both PCs as DHCP Clients d) Verify i) Switch 2 [switch]display ip interface brief ii) Verify that the PCs have received the IP parameters from the server c:\>ipconfig /all e) Test i) Send pings between all four devices
hk644s b.00
L5 - 5
DHCP Relay
1) Configure DHCP Client and Server in a single VLAN (single IP subnet)
Int-vlan1 10.0.1.1 /24 gig s/0/1
Switch 1 DHCP Server VLAN 1 10.0.2.0/24 gig s/0/1
Switch 2 DHCP Relay Agent gig s/0/10
gig s/0/5 VLAN 2: 10.0.2.0/24 DHCP Clients
Figure 6.3
a) Switch 1 i) Complete the DCHP Server Configuration (1) Configure a new address pool for VLAN 2 [switch]interface vlan 1 [switch]dhcp server ip-pool 2 [switch-dhcp-pool-2]network 10.0.2.0 24 [switch-dhcp-pool-2]gateway-list 10.0.2.1 [switch-dhcp-pool-2]dns-list 10.0.1.1 [switch-dhcp-pool-2]domain-name classdomain.com [switch-dhcp-pool-2]quit (2) Exclude an address range for manual assignment [switch]dhcp server forbidden-ip 10.0.2.1 10.0.2.19 ii) Create a static route to subnet 10.0.2.0 [switch]ip route-static 10.0.2.0 24 10.0.1.2
hk644s b.00
L5 - 6
b) Switch 2 i) Assign IP addresses the interface of VLAN 1 [switch]interface vlan 1 [switch-vlan-interface1]ip address 10.0.1.2 24 [switch-vlan-interface1]quit ii) Configure VLAN 2 and assign an IP address to its interface [switch]vlan 2 [switch-vlan2]port gig 2/0/5 [switch-vlan2]port gig 2/0/10 [switch-vlan2]quit [switch]interface vlan 2 [switch-vlan-interface2]ip address 10.0.2.1 24 [switch-vlan-interface2]quit iii) Enable and configure the DHCP Relay agent at VLAN 2s interface [switch]dhcp enable [switch]dhcp relay server-group 1 ip 10.0.1.1 [switch]interface vlan 2 [switch-vlan-interface2]dhcp select relay [switch-vlan-interface2]dhcp relay server-select 1 [switch-vlan-interface2]quit iv) Verify the DHCP Relay Agent configuration [switch]display dhcp relay all v) Test: (1) At each PC C:\>ipconfig /release C:\>ipconfig /renew C:\>ipconfig /all (2) Finally display and read the DHCP relay statistics [switch]display dhcp relay statistics (3) Return both switches to factory default.
hk644s b.00
L5 - 7
hk644s b.00
L5 - 8
Lab 6 - IPv4 Routing

Overview
In this lab, you will: Configure Static Routes Configure RIPv2 Configure OSPF Single Area Configure OSPF Multi-Area
VLAN 2
VLAN 1
VLAN 3
PC 1 Switch 1 gig s/0/1 gig s/0/10 Switch 2 gig s/ 0/1
PC 2
gig s/0/10
Figure 7.1
Device PC 1 Switch Gr 1
Interface Ethernet VLAN 2 VLAN 1
IP Address 10.0.2.100 10.0.2.1 10.0.1.1 10.0.1.2 10.0.3.1 10.0.3.100 Table 7.1
Length 24 24 24 24 24 24
Gateway 10.0.2.1
Switch Gr 3
VLAN 1 VLAN 3
PC2
Ethernet
10.0.3.1
hk644s b.00
L6 - 1
Static Routes
1) Switch 1 a) Configure VLANs [switch]vlan 2 [switch-vlan2]port ge10 [switch-vlan2]quit b) Configure VLAN interfaces [switch]interface vlan 1 [switch-vlan-interface1]ip address 10.0.1.1 24 [switch-vlan-interface1]quit [switch]interface vlan 2 [switch-vlan-interface2]ip address 10.0.2.1 24 [switch-vlan-interface2]quit c) Configure a Static Route to the subnet in VLAN 3 [switch]ip route-static 10.0.3.0 24 10.0.1.2 d) Verify the configuration [switch]display ip routing-table 2) Switch 2 a) Configure VLANs [switch]vlan 3 [switch-vlan3]port ge10 [switch-vlan3]quit b) Configure VLAN interfaces [switch]interface vlan 1 [switch-vlan-interface1]ip address 10.0.1.2 24 [switch-vlan-interface1]quit [switch]interface vlan 3 [switch-vlan-interface3]ip address 10.0.3.1 24 [switch-vlan-interface3]quit c) Configure a Static Route to the subnet in VLAN 2 [switch]ip route-static 10.0.2.0 24 10.0.1.1
hk644s b.00
L6 - 2
3) Verify the configuration [switch]display ip routing-table 4) Test a) Configure the IP parameters at each PC and send pings between them. b) Undo the static routes at each switch i) Switch 1 [switch]undo ip route-static 10.0.3.0 24 ii) Switch Gr2 [switch]undo ip route-static 10.0.2.0 24
hk644s b.00
L6 - 3
RIPv2
1) Configure RIPv2 a) Switch 1 [switch]rip 1 [switch-rip-1]version 2 [switch-rip-1]network 10.0.0.0 [switch-rip-1]quit b) Switch 2 [switch]rip 1 [switch-rip-1]version 2 [switch-rip-1]network 10.0.0.0 [switch-rip-1]quit 2) Verify the configuration [switch]display ip routing-table 3) Test a) Configure the IP parameters at each PC and send pings between them. 4) Disable RIP a) Switch 1 [switch]undo rip 1 Warning : Undo RIP process? [Y/N]:y b) Switch 2 [switch]undo rip 1 Warning : Undo RIP process? [Y/N]:y
hk644s b.00
L6 - 4
OSPF Single Area

1) Configure OSPF in a single area
Area 0
VLAN 2 VLAN 1 VLAN 3
PC 1 Switch 1 gig s/0/1 gig s/0/10 Switch 2 gig s/ 0/1
PC 2
gig s/0/10
Figure 7.2 a) Start an OSPF process i) Switch 1 [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255 [switch-ospf-1-area-0.0.0.0]network 10.0.2.0 0.0.0.255 ii) Switch 2 [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255 [switch-ospf-1-area-0.0.0.0]network 10.0.3.0 0.0.0.255 b) Verify the configuration [switch]display ip routing-table c) Test i) Configure the IP parameters at each PC and send pings between them. d) Disable OSPF i) Switch 1 [switch]undo ospf 1
hk644s b.00
L6 - 5
Warning : Undo OSPF process? [Y/N]:y ii) Switch 2 [switch]undo ospf 1 Warning : Undo OSPF process? [Y/N]:y
hk644s b.00
L6 - 6
OSPF Case 2: Multi-Area

Note: In this exercise all groups will work together. Ask the instructor to assign you a Switch and PC number.
Area 1
Area 0
Area 2
VLAN 101 Sw 11
VLAN 11
gig gig
VLAN 10 Sw 1
gig s/0/10 gig s/0/10 gig s/0/11
VLAN 12 Sw 2
gig gig
VLAN 102 Sw 12
s/0/1 s/0/1
s/0/1 s/0/1
gig s/0/5
gig s/0/5
gig s/0/5
gig s/0/5
gig
PC 11
PC 1 Sw 3 VLAN 13 Area 3 Sw 13 VLAN 103
s/0/11
PC 2
PC 12
gig s/0/5
PC 3
gig s/0/5
PC 13
Figure 7.2
hk644s b.00
L6 - 7
i) IP Addresses
Device Sw 1
Interface VLAN 10 VLAN 11
IP Address 10.0.10.1 10.0.11.1 10.0.11.100 10.0.10.2 10.0.12.1 10.0.12.100 10.0.10.3 10.0.13.1 10.0.13.100 10.0.11.2 10.0.101.1 10.0.101.100 10.0.12.2 10.0.102.1 10.0.102.100 10.0.13.2 10.0.103.1 10.0.103.100 Table 7.2
Length 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24
Gateway
PC 1 Sw 2
Ethernet VLAN 10 VLAN 12
10.0.11.1
PC 2 Sw 3
10.0.12.1
PC 3 Sw 11
10.0.13.1
PC 11 Sw 12
10.0.101.1
PC 12 Sw 13
10.0.102.1
PC13
Ethernet
10.0.103.1
hk644s b.00
L6 - 8
1) Configure OSPF multiple areas a) Configure all VLANs and Interfaces Note: Do not configure an IP interface for VLAN 1 b) Switch 1 - VLANs and IP Interfaces [switch]vlan 10 [switch-vlan10]port Gig s/0/10 [switch-vlan10]vlan 11 [switch-vlan11]port Gig s/0/1 [switch-vlan11]port Gig s/0/5 [switch-vlan11]quit [switch]interface vlan 10 [switch-Vlan-interface10]ip address 10.0.10.1 24 [switch-Vlan-interface10]interface vlan 11 [switch-Vlan-interface11]ip address 10.0.11.1 24 [switch-Vlan-interface11]quit c) Switch 2 - VLANs and IP interfaces [switch]vlan 10 [switch-vlan10]port gig 2/0/10 [switch-vlan10]port gig 2/0/11 [switch-vlan10]vlan 12 [switch-vlan12]port gig 2/0/1 [switch-vlan12]port gig 2/0/5 [switch-vlan12]quit [switch]interface vlan 10 [switch-Vlan-interface10]ip address 10.0.10.2 24 [switch-Vlan-interface10]interface vlan 12 [switch-Vlan-interface12]ip address 10.0.12.1 24 [switch-Vlan-interface12]quit d) Switch 3 - VLANs and IP interfaces [switch]vlan 10 [switch-vlan10]port gig 2/0/11 [switch-vlan10]vlan 13 [switch-vlan13]port gig 2/0/1 [switch-vlan13]port gig 2/0/5 [switch-vlan13]quit
hk644s b.00
L6 - 9
[switch]interface vlan 10 [switch-Vlan-interface10]ip address 10.0.10.3 24 [switch-Vlan-interface10]interface vlan 13 [switch-Vlan-interface12]ip address 10.0.13.1 24 [switch-Vlan-interface12]quit e) Switch 11 - VLANs and IP interfaces [switch]vlan 11 [switch-vlan11]port gig 2/0/1 [switch-vlan11]vlan 101 [switch-vlan101]port gig 2/0/5 [switch-vlan101]quit [switch]interface vlan 11 [switch-Vlan-interface11]ip address 10.0.11.2 24 [switch-Vlan-interface11]interface vlan 101 [switch-Vlan-interface101]ip address 10.0.101.1 24 [switch-Vlan-interface101]quit f) Switch 12 - VLANs and IP interfaces [switch]vlan 12 [switch-vlan12]port gig 2/0/1 [switch-vlan12]vlan 102 [switch-vlan102]port gig 2/0/5 [switch-vlan102]quit [switch]interface vlan 12 [switch-Vlan-interface12]ip address 10.0.12.2 24 [switch-Vlan-interface12]interface vlan 102 [switch-Vlan-interface102]ip address 10.0.102.1 24 [switch-Vlan-interface102]quit g) Switch 13 - VLANs and IP interfaces [switch]vlan 13 [switch-vlan13]port gig 2/0/1 [switch-vlan13]vlan 103 [switch-vlan103]port gig 2/0/5 [switch-vlan103]quit [switch]interface vlan 13 [switch-Vlan-interface13]ip address 10.0.13.2 24
hk644s b.00
L6 - 10
[switch-Vlan-interface13]interface vlan 103 [switch-Vlan-interface103]ip address 10.0.103.1 24 [switch-Vlan-interface103]quit 2) Start OSPF process 1, add the Areas and Configure their networks a) Switch 1 - OSPF - Areas - Networks [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255 [switch-ospf-1-area-0.0.0.0]quit [switch-ospf-1]area 1 [switch-ospf-1-area-0.0.0.1]network 10.0.11.0 0.0.0.255 [switch-ospf-1-area-0.0.0.1]quit [switch-ospf-1]quit b) Switch 2 - OSPF - Areas - Networks [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255 [switch-ospf-1-area-0.0.0.0]quit [switch-ospf-1]area 2 [switch-ospf-1-area-0.0.0.2]network 10.0.12.0 0.0.0.255 [switch-ospf-1-area-0.0.0.2]quit [switch-ospf-1]quit c) Switch 3 - OSPF - Areas - Networks [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255 [switch-ospf-1-area-0.0.0.0]quit [switch-ospf-1]area 3 [switch-ospf-1-area-0.0.0.3]network 10.0.13.0 0.0.0.255 [switch-ospf-1-area-0.0.0.3]quit [switch-ospf-1]quit
hk644s b.00
L6 - 11
d) Switch 11 - OSPF - Areas - Networks [switch]ospf 1 [switch-ospf-1]area 1 [switch-ospf-1-area-0.0.0.1]network 10.0.11.0 0.0.0.255 [switch-ospf-1-area-0.0.0.1]network 10.0.101.0 0.0.0.255 [switch-ospf-1-area-0.0.0.1]quit [switch-ospf-1]quit [switch] e) Switch 12 - OSPF - Areas - Networks [switch]ospf 1 [switch-ospf-1]area 2 [switch-ospf-1-area-0.0.0.2]network 10.0.12.0 0.0.0.255 [switch-ospf-1-area-0.0.0.2]network 10.0.102.0 0.0.0.255 [switch-ospf-1-area-0.0.0.2]quit [switch-ospf-1]quit [switch] f) Switch 13 - OSPF - Areas - Networks [switch]ospf 1 [switch-ospf-1]area 3 [switch-ospf-1-area-0.0.0.3]network 10.0.13.0 0.0.0.255 [switch-ospf-1-area-0.0.0.3]network 10.0.103.0 0.0.0.255 [switch-ospf-1-area-0.0.0.3]quit [switch-ospf-1]quit [switch]
hk644s b.00
L6 - 12
OSPF with BFD
Device PC1 Switch A
Interface VLAN 2 VLAN 3 VLAN 4 VLAN 3 VLAN 5 VLAN 4 VLAN 6 VLAN 5 VLAN 6 VLAN 7
Switch B1 Switch B2 Switch C
PC2
IP Address 10.0.2.100/24 10.0.2.1/24 10.0.3.1/24 10.0.2.1/24 10.0.3.2/24 10.0.5.1/24 10.0.4.2/24 10.0.6.1/24 10.0.5.2/24 10.0.6.2/24 10.0.7.1/24 10.0.7.100/24
Gateway 10.0.2.1
10.0.7.1
hk644s b.00
L6 - 13
1) Configure Switch A a) Configure VLANs and VLAN interfaces <SwitchA>system-view [SwitchA]vlan 2 [SwitchA-vlan-2]port gig 1/0/2 [SwitchA-vlan-2]quit [SwitchA]vlan 3 [SwitchA-vlan-3]port gig 1/0/3 [SwitchA-vlan-3]quit [SwitchA]vlan 3 [SwitchA-vlan-3]port gig 1/0/4 [SwitchA-vlan-3]quit [SwitchA]int vlan 2 [SwitchA-interface-vlan2]ip address 10.0.2.1 24 [SwitchA-interface-vlan2]quit [SwitchA]int vlan 3 [SwitchA-interface-vlan3]ip address 10.0.3.1 24 [SwitchA-interface-vlan3]quit [SwitchA]int vlan 4 [SwitchA-interface-vlan3]ip address 10.0.4.1 24 [SwitchA-interface-vlan3]quit b) Configure OSFP [SwitchA]ospf 1 [SwitchA-ospf1]area 0 [SwitchA-ospf1-area0]network 10.0.0.0 0.0.255.255 [SwitchA-ospf1-area0]quit [SwitchA-ospf1]quit 2) Configure Switch B1 a) Configure VLANs and VLAN interfaces <SwitchB1>system-view [SwitchB1]vlan 3 [SwitchB1-vlan3]port gig 1/0/3 [SwitchB1-vlan3]quit [SwitchB1]vlan 5 [SwitchB1-vlan5]port gig 1/0/5 [SwitchB1-vlan5]quit [SwitchB1]int vlan 3
hk644s b.00
L6 - 14
[SwitchB1-interface-vlan1]ip address 10.0.3.2 24 [SwitchB1-interface-vlan1]quit [SwitchB1]int vlan 5 [SwitchB1-interface-vlan2]ip address 10.0.5.1 24 [SwitchB1-interface-vlan2]quit b) Configure OSFP [SwitchB1]ospf 1 [SwitchB1-ospf1]area 0 [SwitchB1-ospf1-area0]network 10.0.0.0 0.0.255.255 [SwitchB1-ospf1-area0]quit [SwitchB1-ospf1]quit 3) Configure Switch B2 a) Configure VLANs and VLAN interfaces <SwitchB2>system-view [SwitchB2]vlan 4 [SwitchB2-vlan4]port gig 1/0/4 [SwitchB2-vlan4]quit [SwitchB2]vlan 6 [SwitchB2-vlan6]port gig 1/0/6 [SwitchB2-vlan6]quit [SwitchB2]int vlan 4 [SwitchB1-interface-vlan4]ip address 10.0.4.2 24 [SwitchB1-interface-vlan4]quit [SwitchB2]int vlan 6 [SwitchB1-interface-vlan6]ip address 10.0.6.1 24 [SwitchB1-interface-vlan6]quit b) Configure OSFP [SwitchB2]ospf 1 [SwitchB2-ospf1]area 0 [SwitchB2-ospf1-area0]network 10.0.0.0 0.0.255.255 [SwitchB2-ospf1-area0]quit [SwitchB2-ospf1]quit 4) Configure Switch C a) Configure VLANs and VLAN interfaces <SwitchC>system-view
hk644s b.00
L6 - 15
[SwitchC]vlan 5 [SwitchC-vlan5]port gig 1/0/12 [SwitchC-vlan5]quit [SwitchC]vlan 6 [SwitchC-vlan6]port gig 1/0/6 [SwitchC-vlan6]quit [SwitchC]vlan 7 [SwitchC-vlan7]port gig 1/0/7 [SwitchC-vlan7]quit [SwitchC]int vlan 5 [SwitchB1-interface-vlan5]ip address 10.0.5.2 24 [SwitchB1-interface-vlan5]quit [SwitchC]int vlan 6 [SwitchB1-interface-vlan6]ip address 10.0.6.2 24 [SwitchB1-interface-vlan6]quit [SwitchC]int vlan 7 [SwitchB1-interface-vlan7]ip address 10.0.7.1 24 [SwitchB1-interface-vlan7]quit b) Configure OSFP [SwitchC]ospf 1 [SwitchC-ospf1]area 0 [SwitchC-ospf1-area0]network 10.0.0.0 0.0.255.255 [SwitchC-ospf1-area0]quit [SwitchC-ospf1]quit c) Verify Connect the cables according to the following table Device 1 PC1 SwA G1/0/3 SwA G1/0/4 SwB1 G1/0/5 SwB2 G1/0/6 SwC G1/0/7 Device 2 SwA G1/0/2 SwB1 G1/0/3 SwB2 G1/0/4 SwC G1/0/5 SwC G1/0/6 PC2
hk644s b.00
L6 - 16
Verify IP Routing Tables in each Switch (any view) display ip routing display ip routing protocol ospf
d) Test i) from the PC at 10.0.11.100 send pings to 10.0.41.100. Use the "-t" for continuous pings. ii) Disconnect the cable between Switch 2 and 4 and count how many pings are lost in the PC if it is more than 10 seconds of pings go to next task (Activate BFD) else reconnect the cable disconnect the cable between Switch 3 and 4 count how many pings are lost in the PC iii) Reconnect the cable 5) Configure BFD on SwitchA
[SwitchA]interface vlan 1 [SwitchA-interface-vlan1]ospf bfd enable [SwitchA-interface-vlan1]quit [SwitchA]interface vlan 2 [SwitchA-interface-vlan2]ospf bfd enable [SwitchA-interface-vlan2]quit [SwitchA]interface vlan 3 [SwitchA-interface-vlan3]ospf bfd enable [SwitchA-interface-vlan3]quit
6) Configure BFD on SwitchB1
[SwitchB1]interface vlan 1 [SwitchB1-interface-vlan1]ospf bfd enable [SwitchB1-interface-vlan1]quit [SwitchB1]interface vlan 2 [SwitchB1-interface-vlan2]ospf bfd enable [SwitchB1-interface-vlan2]quit
7) Configure BFD on SwitchB2
[SwitchB2]interface vlan 1 [SwitchB2-interface-vlan1]ospf bfd enable [SwitchB2-interface-vlan1]quit [SwitchB2]interface vlan 2
hk644s b.00
L6 - 17
[SwitchB2-interface-vlan2]ospf bfd enable [SwitchB2-interface-vlan2]quit

8) Configure BFD on SwitchC
[SwitchC]interface vlan 1 [SwitchC-interface-vlan1]ospf bfd enable [SwitchC-interface-vlan1]quit [SwitchC]interface vlan 2 [SwitchC-interface-vlan2]ospf bfd enable [SwitchC-interface-vlan2]quit [SwitchC]interface vlan 3 [SwitchC-interface-vlan3]ospf bfd enable [SwitchC-interface-vlan3]quit 9) Verify in each Switch display bfd session display bfd interface
a) Test i) from the PC at 10.0.2.100 send pings to 10.0.7.100. Use the "-t" for continuous pings. ii) Disconnect the cable between Switch 2 and 4 and count how many pings are lost in the PC if it is more than 10 seconds of pings go to next task else reconnect the cable disconnect the cable between Switch 3 and 4 count how many pings are lost in the PC 10) When finished disconnect all cables and return all switches to factory default.
hk644s b.00
L6 - 18
VRRP
Switch 1
VLAN 1 10.0.1.0 /24

PC 1
VLAN 2 10.0.2.0 /24

PC 2
gig
gig s/0/10
Switch 3
s/0/1
Switch 4
Switch 2
Figure 7.3 Device Sw 1 Interface VLAN 1 VLAN 2 Sw 2 VLAN 1 VLAN 2 Virtual Rtr 1 Virtual Rtr 2 PC 1 PC 2 VLAN 1 VLAN 2 Ethernet Ethernet IP Address 10.0.1.11 10.0.2.11 10.0.1.12 10.0.2.12 10.0.1.1 10.0.2.1 10.0.1.100 10.0.2.100 Table 7.3 Length 24 24 24 24 24 24 24 24 10.0.1.1 10.0.2.1 Gateway
hk644s b.00
L6 - 19
1) a) Configure VLANs and IP interfaces

Note: Switch 3 and 4 are present only to provide connectivity to both Switch 1 and 2 and do not need to be configured.
i) Switch 1 (1) VLANs and Interfaces [switch]vlan 2 [switch-vlan2]port gig 2/0/10 [switch-vlan2]quit [switch]interface vlan 1 [switch-Vlan-interface1]ip address 10.0.1.11 24 [switch-Vlan-interface1]interface vlan 2 [switch-Vlan-interface2]ip address 10.0.2.11 24 [switch-Vlan-interface2]quit (2) VRRP [switch]interface vlan 1 [switch-Vlan-interface1]vrrp vrid 1 virtual-ip 10.0.1.1 [switch-Vlan-interface1]int vlan 2 [switch-Vlan-interface2]vrrp vrid 2 virtual-ip 10.0.2.1 [switch-Vlan-interface2]quit ii) Switch 2 (1) Vlans and Interfaces [switch]vlan 2 [switch-vlan2]port gig 2/0/10 [switch-vlan2]quit [switch]interface vlan 1 [switch-Vlan-interface1] [switch-Vlan-interface1]ip address 10.0.1.12 24 [switch-Vlan-interface1]interface vlan 2 [switch-Vlan-interface2]ip address 10.0.2.12 24 [switch-Vlan-interface2]quit (2) VRRP [switch-Vlan-interface1]vrrp vrid 1 virtual-ip 10.0.1.1 [switch-Vlan-interface1]int vlan 2
hk644s b.00
L6 - 20
[switch-Vlan-interface2]vrrp vrid 2 virtual-ip 10.0.2.1 [switch-Vlan-interface2]quit iii) Verify (1) Switch 1 [switch]display vrrp [switch]display vrrp verbose (2) Switch 2 [switch]display vrrp [switch]display vrrp verbose (3) Which switch is the Master (a) for vlan 1? (b) for vlan 2? 2) Test a) Run continuous pings between the PCs b) Disconnect the cable between switch 3 and the master of vlan 1 i) what happened? ii) did the system recover? (1) Switch 1 [switch]display vrrp [switch]display vrrp verbose (2) Switch 2 [switch]display vrrp [switch]display vrrp verbose c) Disconnect the cable between switch 4 and the master of vlan 2 i) what happened? ii) did the system recover? (1) Switch 1 [switch]display vrrp [switch]display vrrp verbose
hk644s b.00
L6 - 21
(2) Switch 2 [switch]display vrrp [switch]display vrrp verbose d) Reconnect both cables and verify (1) Switch 1 [switch]display vrrp [switch]display vrrp verbose (2) Switch 2 [switch]display vrrp [switch]display vrrp verbose
3) Reboot all switches to return them to factory defaults
hk644s b.00
L6 - 22
Lab 7 - IPv4 Multicast Routing

Overview
In this lab, you will: Configure a Network that supports IGMP Queries and Snooping Configure a Multicast Routing Network using IGMP and PIM-DM Configure a Multicast VLAN
hk644s b.00
L7 - 1
IGMP
1) Configure a network that supports multicast using IGMP queries and snooping
PC 1 Multicast Sender Switch 1 (L3) IGMP Querier Switch 2 (L2) IGMP Snooping PC 2 Multicast Receiver
gig s/0/10 gig s/0/1 gig s/0/10 gig s/0/1
VLAN 2
VLAN 1
Figure 8.1 Device Sw 1 Interface VLAN 1 VLAN 2 Sw 2 PC 1 PC 2 VLAN 1 Ethernet Ethernet IP Address 10.0.1.1 10.0.2.1 10.0.1.2 10.0.2.100 10.0.1.100 Table 8.1 Length 24 24 24 24 24
10.0.2.1 10.0.1.1 Gateway
a) Switch 1 i) Configure VLANs and IP interfaces [switch]vlan 2 [switch-vlan2]port gig s/0/1 [switch-vlan2]quit [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.1 24 [switch-interface-vlan1]interface vlan 2 [switch-interface-vlan2]ip address 10.0.2.1 24 [switch-interface-vlan2]quit ii) Verify if IGMP snooping it enabled by default. If it is: [switch]undo igmp-snooping
hk644s b.00
L7 - 2
iii) Configure the IGMP Querier [switch]multicast routing-enable [switch]interface vlan 1 [switch-interface-vlan1]igmp enable [switch-interface-vlan1]pim dm [switch-interface-vlan1]interface vlan 2 [switch-interface-vlan2]pim dm [switch-interface-vlan2]quit iv) Verify the configuration [switch]display igmp group b) Switch 2 i) Configure VLAN 1s IP interface [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.2 24 [switch-interface-vlan1]quit ii) Configure IGMP snooping (1) Verify if IGMP snooping is enabled by default. If not: [switch]igmp-snooping [switch]vlan 1 [switch-vlan1]igmp-snooping enable [switch-vlan1]quit iii) Verify the configuration [switch]display igmp-snooping group vlan 1 c) Test the configuration i) In PC 1 run UDP multicast test.exe and configure a Multicast Sender and start sending multicasts.
hk644s b.00
L7 - 3
Figure 8.2 ii) From the Local Interfaces box, drag the active Network interface to the Local Interface Address field iii) Enter a descriptive message in the Message field iv) Start the Sender by clicking on Start Sender v) Record the multicast address of the multicasts being sent:
d) In PC 2 run UDP multicast test.exe and configure a Multicast Receiver for the same multicast address sent by PC 1. i) Click on Start Receiver on the receiving workstation, ii) Verify that the multicast messages are being received.
hk644s b.00
L7 - 4
iii) Verify that igmp-snooping is actually working. In Switch 2: [switch]display igmp-snooping group vlan 1 e) Finally i) Preserve the configuration of both switches. ii) Keep the Multicast Sender running. iii) Stop the Multicast Receiver.
hk644s b.00
L7 - 5
PIM-DM
1) Configure a network that supports multicast Routing using PIM-DM and IGMP
PC 1 Multicast Sender
Switch 1 PIM DM
Switch 2 PIM DM + IGMP
PC 2 Multicast Receiver
gig s/0/10 gig s/0/1 gi g s/0/10 g s/0/1 gi
VLAN 2
VLAN 1
VLAN 3
Figure 8.3
Device Sw 1
Interface VLAN 2 VLAN 1
IP Address 10.0.2.1 10.0.1.1 10.0.1.2 10.0.3.1 10.0.2.100 10.0.3.100
Length 24 24 24 24 24 24
Gateway
Sw 2
VLAN 1 VLAN 3
PC 1 PC 2
Ethernet Ethernet
10.0.2.1 10.0.3.1
Table 8.2
a) Switch 1 i) Disable the IGMP querier on Vlan interface 1 [switch]interface vlan 1 [switch-interface-vlan1]undo igmp enable [switch-interface-vlan1]quit ii) Configure OSPF [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0]network 10.0.1.0 0.0.0.255 [switch-ospf-1-area-0]network 10.0.2.0 0.0.0.255
hk644s b.00
L7 - 6
[switch-ospf-1-area-0]quit [switch-ospf-1]quit iii) Verify the configuration [switch]display pim interface vlan 1 verbose [switch]display pim interface vlan 2 verbose b) Switch 2 i) Configure VLANs and IP interfaces [switch]vlan 3 [switch-vlan3]port gig s/0/1 [switch-vlan3]quit [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.2 24 [switch-interface-vlan1]interface vlan 3 [switch-interface-vlan3]ip address 10.0.3.1 24 [switch-interface-vlan3]quit ii) Configure OSPF [switch]ospf 1 [switch-ospf-1]area 0 [switch-ospf-1-area-0]network 10.0.1.0 0.0.0.255 [switch-ospf-1-area-0]network 10.0.3.0 0.0.0.255 [switch-ospf-1-area-0]quit [switch-ospf-1]quit iii) Verify if IGMP snooping is enabled by default. If it is: [switch]undo igmp-snooping iv) Configure PIM-DM [switch]multicast routing-enable [switch]interface vlan 1 [switch-interface-vlan1]pim dm [switch-interface-vlan1]interface vlan 3 [switch-interface-vlan3]pim dm [switch-interface-vlan3]igmp enable [switch-interface-vlan3]quit
hk644s b.00
L7 - 7
c) Test: i) Shut down and restart the Multicast Receiver. ii) Verify the configuration [switch]display pim interface vlan 2 verbose [switch]display pim interface vlan 3 verbose [switch]display igmp group iii) Switch 1: [switch]display pim routing-table [switch]display multicast forwarding-table port-info iv) Switch 2: [switch]display pim routing-table [switch]display igmp group [switch]display multicast forwarding-table port-info d) Reboot both switches to return them to factory default.
hk644s b.00
L7 - 8
Multicast VLAN
1) Configure a Multicast VLAN
PC1 Multicast Sender
Switch 1
gig s/0/10
Switch 2
gig s/0/1 gig /5 s/0
VLAN 5 PC 5 Multicast Receiver
VLAN 5 VLAN 100

gig s/0/1
VLAN 6
gig s/0/6
VLAN 2
PC 6 Multicast Receiver VLAN 6
Figure 8.4
Device Sw 1 Interface VLAN 2 VLAN 100 VLAN 5 VLAN 6 PC 1 Sw 2 Ethernet VLAN 100 VLAN 5 VLAN 6 PC 5 PC 5 Ethernet Ethernet IP Address 10.0.2.1 10.0.100.1 10.0.5.1 10.0.6.1 10.0.2.100 10.0.100.2 None None 10.0.5.100 10.0.6.100 24 24 10.0.5.1 10.0.6.1 Length Gateway 24 24 24 24 24 24 10.0.2.1
Table 8.3 Notes: You only need 2 PCs. The multicast receiver can be moved from the PC5 position to the PC6 position. Remember to change the IP address of this PC when you move it from VLAN 5 to 6 or vice versa.
hk644s b.00
L7 - 9
a) Configure PCs i) the Multicast Sender in the PC1 position ii) the Multicast Receiver in the PC5 position (initially) b) Switch 1 i) Configure VLANs and Interfaces <switch>system [switch]vlan 100 [switchvlan100]vlan 2 [switchvlan2]port gig s/0/1 [switch-vlan2]vlan 5 [switch-vlan5]vlan 6 [switch-vlan6]quit [switch]interface gig s/0/10 [switch-interface-gigs/0/10]port link-type trunk [switch-interface-gigs/0/10]port trunk permit vlan all [switch-interface-gigs/0/10]port trunk pvid vlan 1 [switch-interface-gigs/0/10]quit [switch]interface vlan-interface 100 [switch-vlan-interface100]ip address 10.0.100.1 24 [switch-vlan-interface100]quit [switch]interface vlan-interface 2 [switch-vlan-interface2]ip address 10.0.2.1 24 [switch-vlan-interface2]quit [switch]interface vlan-interface 5 [switch-vlan-interface5]ip address 10.0.5.1 24 [switch-vlan-interface5]quit [switch]interface vlan-interface 6 [switch-vlan-interface6]ip address 10.0.6.1 24 [switch-vlan-interface6]quit ii) Multicast Routing: PIM-DM and IGMP Querier Verify if IGMP snooping is enabled by default. If it is: [switch]undo igmp-snooping [switch]multicast routing-enable [switch]interface vlan 100 [switch-interface-vlan100]pim dm
hk644s b.00
L7 - 10
[switch-interface-vlan100]igmp enable [switch-interface-vlan100]quit [switch]interface vlan 2 [switch-interface-vlan2]pim dm [switch-interface-vlan2]quit c) Switch 2 i) Configure VLANs and Interfaces <switch>system [switch]vlan 5 [switch-vlan5]port gig s/0/5 [switch-vlan5]quit [switch]vlan 6 [switch-vlan6]port gig s/0/6 [switch-vlan6]quit [switch]vlan 100 [switch-vlan100]quit [switch]interface gig s/0/1 [switch-interface-gigs/0/1]port link-type trunk [switch-interface-gigs/0/1]port trunk permit vlan all [switch-interface-gigs/0/1]quit [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.2 24 [switch-interface-vlan1]quit ii) Configure the Multicast VLAN [switch]igmp-snooping [switch-interface-vlan100]igmp-snooping enable [switch-interface-vlan100]quit [switch]multicast-vlan 100 enable [switch]multicast-vlan 100 subvlan 5 6 d) Verify [switch]display multicast-vlan e) Test as in the previous exercise.
hk644s b.00
L7 - 11
i) If needed, click refresh at the Multicast Receivers local interfaces box and replace the receivers Local Interface and Local Multicast Interface addresses. Then restart the receiver.
Reboot both switches to return them to factory default.
hk644s b.00
L7 - 12
Lab 8 - Quality of Service

Overview
In this lab, you will: Configure Priority Mappings Configure Queue Scheduling
Configure Rate Limit Configure Traffic Policies
Configure Traffic Filters Configure Traffic Mirroring Configure VLAN Mapping (optional)
hk644s b.00
L8 - 1
Priority Mapping
1) Configure Priority Mapping
PC1 10.0.1.101/24 Switch 1 10.0.1. 1/24 PC2 10.0.1.102/24
gig s/0/1
gig s/0/10
Figure 9.1 a) Configure the IP address of the PCs and the Switch b) Review the default settings i) Display trust mode and port priority: [switch]display qos trust int gig s/0/1 ii) Display the mapping table: [switch]display qos map-table [switch]display qos map-table [switch]display qos map-table [switch]display qos map-table [switch]display qos map-table
dot1p-lp dot1p-dp dscp-dot1p dscp-dp dscp-dscp
iii) Modify the default settings: (1) Modify the trust mode and port priority: [switch]interface gig s/0/1 [switch-gigs/0/1]qos trust dscp [switch-gigs/0/1]qos priority 5 [switch-gigs/0/1]quit [switch]display qos trust int gig s/0/1 (2) Modify the mapping table: [switch]qos map-table dot1p-lp [switch-maptbl-dot1p-lp]import 0 1 2 3 export 0 [switch-maptbl-dot1p-lp]display qos map-table dot1p-lp [switch-maptbl-dot1p-lp]quit
hk644s b.00
L8 - 2
Queue Scheduling
1) Configure Queue Scheduling c) Review the default settings i) Display SP and WRR: [switch]display qos sp interface gig s/0/1 [switch]display qos wrr interface gig s/0/1 ii) What is the default queuing mode?
d) Modify queues 6 and 7 to SP and keep the rest in WRR queuing mode: [switch]interface gig s/0/1 [switch-gigs/0/1]qos wrr [switch-gigs/0/1]qos wrr 6 group sp [switch-gigs/0/1]qos wrr 7 group sp [switch-gigs/0/1]display this [switch-gigs/0/1]quit [switch]display qos sp interface gig s/0/1 [switch]display qos wrr interface gig s/0/1
Rate Limiting
1) Configure Rate Limiting a) Review and modify the default settings [switch]display qos lr int gig s/0/1 [switch]interface gig s/0/1 [switch-gigs/0/1]qos lr out cir 640000 [switch-gigs/0/1]quit [switch]display qos lr int gig s/0/1
hk644s b.00
L8 - 3
Traffic Policies
1) Configure Traffic Accounting
PC1 10.0.1.101/24 Switch 1 10.0.1.1/24 PC2 10.0.1.102/24
gig s/0/1
gig s/0/10
Figure 9.2 a) Configure the IP address of the PCs and the Switch b) Create an advanced ACL for traffic: i) TCP Port : 12287 (HEX 2FFF) ii) Source IP address: 10.0.1.101 [switch]acl number 3001 [switch-acl-adv-3001]rule permit ip source 10.0.1.101 0 [switch-acl-adv-3001]quit [switch]acl number 3002 [switch-acl-adv-3002]rule permit tcp source-port eq 12287 [switch-acl-adv-3002]quit [switch]display acl all c) Create a classifier that applies both acl (AND) [switch]traffic classifier pc1tcp [switch-classifier-pc1tcp]if-match acl 3001 [switch-classifier-pc1tcp]if-match acl 3002 [switch-classifier-pc1tcp]display this [switch-classifier-pc1tcp]quit d) Create a traffic behavior: accounting [switch]traffic behavior stats [switch-behavior-stats]accounting [switch-behavior-stats]display this [switch-behavior-stats]quit
hk644s b.00
L8 - 4
e) Create a traffic policy that mandates that the accounting behavior is applied to the pc1tcp traffic class [switch]qos policy pc1traffic [switch-qospolicy-pc1traffic]classifier pc1tcp behavior stats [switch-qospolicy-pc1traffic]display this [switch-qospolicy-pc1traffic]quit b) Apply the pc1traffic qos policy globally [switch]qos vlan-policy pc1traffic vlan 1 inbound 2) Verify [switch]display qos vlan-policy vlan 1 3) Test a) In PC2 run LAN100.exe i) Select the option: TCP/IP Listen using port 0x2FFF
Figure 9.3 b) In PC1 run LAN100.exe i) Select the option: TCP/IP Connect using port 0x2FFF at PC1: 10.0.1.102
Figure 9.4
ii) Start transferring packets
hk644s b.00
L8 - 5
(1) On both PCs open the Data Transfer window
(2) Click on the Start bottom and bring the Requested Data Rate to 25Mbps
Figure 9.5 iii) Check the statistics obtained: [switch]display qos vlan-policy vlan 1 Vlan 1 Direction: Inbound Policy: pc1traffic Classifier: pc1tcp Operator: AND Rule(s) : If-match acl 3001 If-match acl 3002 Behavior: stats Accounting Enable: 155 (Packets) 4) Keep the configurations for the next exercise.
hk644s b.00
L8 - 6
Traffic Filtering
1) Configure Traffic Filtering
a) Using the same classifier as before, i) delete the behavior stats [switch]undo qos vlan-policy vlan 1 inbound [switch]undo qos policy pc1traffic [switch]undo traffic behavior stats ii) and create a new behavior block-count [switch]traffic behavior blkcnt [switch-behavior-blkcnt]accounting [switch-behavior-blkcnt]filter deny [switch-behavior-blkcnt]quit iii) build the qos policy and apply it to port gig s/0/1 [switch]qos policy blkpc1 [switch-qospolicy-blkpc1]classifier pc1tcp behavior blkcnt [switch-qospolicy-blkpc1]quit [switch]interface gig s/0/1 [switch-gigs/0/1]qos apply policy blkpc1 inbound [switch-gigs/0/1]quit b) Test i) Use LAN100.exe as before. ii) Check the statistics obtained: [switch]display qos policy interface gig s/0/1 inbound
hk644s b.00
L8 - 7
Traffic Mirroring
1) Configure Traffic Mirroring a) ICMP to PC1 mirrored to PC 2 i) Configure the ACL, classifier and behavior, create the policy and apply it to Vlan 1 inbound [switch]acl number 3010 [switch-acl-adv-3010]rule permit icmp destination 10.0.1.101 0 [switch-acl-adv-3010]quit [switch]traffic classifier pingpc1 [switch-classifier-pingpc1]if-match acl 3010 [switch-classifier-pingpc1]quit [switch]traffic behavior mir2pc2 [switch-behavior-mir2pc2]mirror-to interface gig s/0/10 [switch-behavior-mir2pc2]quit [switch]qos policy mir1to2 [switch-qospolicy-mir1to2]classifier pingpc1 behavior mir2pc2 [switch-qospolicy-mir1to2]quit [switch]qos vlan-policy mir1to2 vlan 1 inbound Please Wait... Done. Note: - To complete this exercise Wireshark needs to be installed in PC2 - Install Wireshark making sure you select the option to install WinPCap - For more information about Wireshark: http://www.wireshark.org/ and http://www.wiresharktraining.com/ - Keep it installed for the Port Mirroring exercises in Module 11 - When removing Wireshark from PC2 remember to remove WinPCap also ii) Test (1) In PC2: open Wireshark and start capturing traffic. (2) Send Pings from the Switch to PC1 (3) Send Pings from PC1 to the Switch (4) In PC2: stop capturing traffic and verify that the pings where captured
hk644s b.00
L8 - 8
iii) Remove the policy from VLAN 1 and undo the acl [switch]undo qos vlan-policy vlan 1 inbound [switch]undo qos policy mir1to2 [switch]undo traffic classifier pingpc1 [switch]acl number 3010 [switch-acl-adv-3010]undo rule 0 permit icmp destination 10.0.1.101 0 [switch-acl-adv-3010]quit
hk644s b.00
L8 - 9
hk644s b.00
L8 - 10
Lab 9 - Security
Overview
In this lab, you will: Configure Device Security Features, including: Telnet
Configure Network Security Features, including: 802.1X (with local scheme) MAC Authentication (with local scheme)
hk644s b.00
L9 - 1
Securing Telnet
PC1 Switch
gig s/0/1 10.0.1.100 /24 10.0.1.1 /24
Figure 10.1 1) Configure Securing telnet a) Start the telnet server [switch]telnet server enable % Telnet server has been started b) Create a Basic ACL [switch]acl number 2010 match-order auto [switch-acl-basic-2010]rule permit source 10.0.1.100 0 [switch-acl-basic-2010]rule deny source any [switch-acl-basic-2010]quit [switch]display acl 2010 Basic ACL 2010, named -none-, 2 rules, match-order is auto, ACL's step is 5 rule 0 permit source 10.0.1.100 0 rule 5 deny c) Apply the ACL to the VTY interfaces [switch]user-interface vty 0 4 [switch-ui-vty0-4]acl 2010 inbound [switch-ui-vty0-4]display this # user-interface aux 0 authentication-mode scheme user-interface vty 0 4 acl 2010 inbound authentication-mode scheme # return
hk644s b.00
L9 - 2
[switch-ui-vty0-4]quit 2) Test: Try telnetting the switch from each PC. 3) Remove the ACL from the VTY interfaces but keep it (do not delete the ACL).
hk644s b.00
L9 - 3
802.1X with Local Authentication

1) Configure AAA 802.1X with Local Authentication
PC1
Switch
gig s/0/1 10.0.1.100 /24 10.0.1.1 /24
a) Configure the Switch i) Configure the IP address to the interface of VLAN 1 [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.1 24 [switch-interface-vlan1]quit ii) Create the local user database (1 user for this exercise) for LAN access, the corresponding domain and define that domain as the default domain for the switch [switch]local-user open New local user added. [switch-luser-open]password simple sesame [switch-luser-open]service-type lan-access [switch-luser-open]quit [switch]domain localdom.net [switch-isp-localdom.net]authorization lan-access local [switch-isp-localdom.net]authentication lan-access local [switch-isp-localdom.net]accounting lan-access local [switch-isp-localdom.net]quit [switch]domain default enable localdom.net iii) Enable dot1x globally and at the 1s0/5 port [switch]dot1x port-method macbased [switch]dot1x
hk644s b.00
L9 - 4
[switch]interface gig s/0/5 [switch-gigs/0/5]dot1x [switch-gigs/0/5]quit b) Make sure the 802.1X Client in you PC is up and running. i) Open the Local Area Network Properties window ii) If the Authentication tab is visible, the 802.1X client has been started. If not, open your PCs Services configuration window (in the Control Panel/Administrative Services) iii) Click on the Authentication tab and make sure that (1) IEEE 802.1X Authentication is enabled (2) The Authentication method is MD5-Challenge c) Connect the PC to gig s/0/5 and when windows prompts for login, authenticate with: username: open password: sesame d) Test by sending pings to 10.0.1.1 (VLAN 1s IP interface) e) Verify: [switch]dis dot1x interface gig 1/0/5 Equipment 802.1X protocol is enabled CHAP authentication is enabled EAD quick deploy is disabled Configuration: Transmit Period 30 s,Handshake Period 15 s Quiet Period 60 s,Quiet Period Timer is disable Supp Timeout 30 s, Server Timeout100 s The maximal retransmitting times 2 EAD quick deploy configuration: EAD timeout: 30 m
hk644s b.00
L9 - 5
Local MAC Authentication

1) Configure Local MAC Authentication a) Configure VLAN 1 Interfaces IP address [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.1 24 [switch-interface-vlan1]quit b) Obtain your PCs MAC address i) Send pings to the Vlan 1 interface ii) Display the MAC table and read your PCs MAC address (at port gig s/0/1) -
iii) Create a local user with the mac address as name and password (simple) using your PCs MAC address [switch]local-user 000d-6076-f614 [switch-luser-000d-6076-f614]password simple 00-0d-60-76-f6-14 [switch-luser-000d-6076-f614]service-type lan-access [switch-luser-000d-6076-f614]quit iv) Create and configure a domain for local mac authentication. [switch]domain macdom.net [switch-isp-localdom.net]authorization lan-access local [switch-isp-localdom.net]authentication lan-access local [switch-isp-localdom.net]accounting lan-access local [switch-isp-localdom.net]quit [switch]mac-authentication domain macdom.net v) Enable MAC-authentication [switch]mac-authentication Mac-auth is enabled globally. [switch]interface gig 1/0/5 [switch-GigabitEthernet1/0/5]mac-authentication Mac-auth is enabled on port GigabitEthernet1/0/5.
hk644s b.00
L9 - 6
2) Test: a) Connect to ge5 b) Test by sending pings to 10.0.1.1 (VLAN 1s IP interface) 3) Verify: [switch]dis mac-authentication int gig 1/0/5 MAC address authentication is enabled. User name format is MAC address, like xx-xx-xx-xx-xx-xx Fixed username:mac Fixed password:not configured Offline detect period is 300s Quiet period is 60s Server response timeout value is 100s The max allowed user number is 1024 per slot Current user number amounts to 1 Current domain is macdom Silent MAC User info: MAC Addr Index
From Port
Port
GigabitEthernet1/0/5 is link-up MAC address authentication is enabled Authenticate success: 1, failed: 0 Current online user number is 1 MAC Addr Authenticate State Index 000d-6076-f614 MAC_AUTHENTICATOR_SUCCESS 4) Reboot the Switch to return it to factory default
Auth 1
hk644s b.00
L9 - 7
hk644s b.00
L9 - 8
Lab 10 - Network Management

Overview
In this lab, you will: Configure Local and Remote Port Mirroring Configure LLDP
hk644s b.00
L10 - 1
Local Port Mirroring

1) Configure Local Port Mirroring
PC1
Switch
Monitor PC
Figure 11.1 Device Switch PC1 Monitor PC Interface VLAN 1 Ethernet Ethernet IP Address Mask Length 10.0.1.1 10.0.1.100 10.0.1.101 24 24 24
Table 11.1
a) Configure the IP address of VLAN 1s interface [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.1 24 [switch-interface-vlan1]quit b) Configure the IP address of each PC according to Table 11.1 c) Mirror port gig s/0/1 to port gig s/90/10 [switch]mirroring-group 1 local [switch]mirroring-group 1 mirroring-port gig s/0/1 both [switch]mirroring-group 1 monitor-port gig s/0/10 2) Verify [switch]display mirroring-group 1 3) Test i) If Wireshark is not installed in the monitor PC ii) Open Wireshark in the Monitor PC and start capturing traffic.
hk644s b.00
L10 - 2
iii) Send pings between PC 1 and the Switch: [switch]ping 10.0.1.100 c:\> ping 10.0.1.1 b) Stop capturing and verify that the pings have been captured. 4) Return the switch to factory default.
hk644s b.00
L10 - 3
Remote Port Mirroring

1) Configure Remote Port Mirroring
PC1
Switch 1 Source gig s/0/10 gig s/0/1 gig s/0/1
Switch 2 Destination
Monitor PC
gig s/0/10
Figure 11.2 a) Configure the IP addresses according to table 11.2 Device Interface IP Address Mask Length Switch 1 Switch 2 PC1 Monitor PC VLAN 1 VLAN 1 Ethernet Ethernet 10.0.1.1 10.0.1.2 10.0.1.100 10.0.1.101 24 24 24 24
Table 11.2 b) Configure the IP address of VLAN 1s interface of each switch i) Switch 1 (Source) [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.1 24 ii) Switch 2 (Destination) [switch]interface vlan 1 [switch-interface-vlan1]ip address 10.0.1.2 24 c) Configure the IP address of each PC according to Table 11.2 d) Configure Mirroring in the Source Switch (Switch 1) [switch1]mirroring-group 1 remote-source [switch1]vlan 10 [switch1-vlan10]quit
hk644s b.00
L10 - 4
[switch1]mirroring-group 1 remote-probe vlan 10 [switch1]mirroring-group 1 mirroring-port gig s/0/10 both [switch1]mirroring-group 1 monitor-egress gig s/0/1 [switch1]interface gig s/0/1 [switch1-gigs/0/1]port link-type trunk [switch1-gigs/0/1]port trunk permit vlan 10 [switch1-gigs/0/1]quit e) Verify Switch 1 [switch1]display mirroring-group 1 f) Configure Mirroring in the Destination Switch (Switch 2) [switch2]vlan 10 [switch2-vlan10]port gig s/0/10 [switch2-vlan10]quit [switch2]interface gig s/0/1 [switch2-gigs/0/1]port link-type trunk [switch2-gigs/0/1]port trunk permit vlan 10 [switch2-gigs/0/1]quit [switch2]mirroring-group 1 remote-destination [switch2]mirroring-group 1 remote-probe vlan 10 [switch2]mirroring-group 1 monitor-port gig s/0/10 g) Verify Switch 2 [switch2]display mirroring-group 1 5) Test a) Open Wireshark in the Monitor PC and start capturing traffic. b) Send pings between PC 1 and the Source Switch: [switch]ping 10.0.1.100 c:\> ping 10.0.1.1
hk644s b.00
L10 - 5
c) Stop capturing and verify that the pings have been captured. 6) Return both switches to factory default.
hk644s b.00
L10 - 6
LLDP
1) Configure LLDP
Switch A 10.0.1.1/24 Switch B 10.0.1.2/24
PC1 10.0.1.101/24
gig s/0/1
gig s/0/10
gig s/0/10
gig s/0/1
PC2 10.0.g.102/24
Figure 11.3 a) Configure Switch A [SwitchA]interface gigs/0/10 [SwitchA-gigs/0/10]lldp admin-status txrx [SwitchA-gigs/0/10]quit b) Verify Switch A [SwitchA]display [SwitchA]display [SwitchA]display [SwitchA]display
lldp lldp lldp lldp
status local-configuration neighbor-information statistics
c) Configure Switch B [SwitchB]interface gigs/0/10 [SwitchB-gigs/0/10]lldp admin-status txrx [SwitchB-gigs/0/10]quit d) Verify Switch B [SwitchB]display [SwitchB]display [SwitchB]display [SwitchB]display
lldp lldp lldp lldp
local-configuration status neighbor-information statistics
2) Return both switches to factory default
hk644s b.00
L10 - 7
hk644s b.00
L10 - 8
Lab 11 IRFv2
HP A5500-EI/A5800 Series
Device PC1 Switch B IRF Switch C PC2
Interface VLAN 1 VLAN 2 VLAN 2 VLAN 3 VLAN 3 VLAN 4
IP Address 10.0.1.100/24 10.0.1.1/24 10.0.2.2/24 10.0.2.1/24 10.0.3.1/24 10.0.3.2/24 10.0.4.1/24 10.0.4.100/24 IRF Port 1/1 1/2 2/1 2/2
Gateway 10.0.1.1
10.0.4.1
Switch A1 Switch A2
Gig Interface 1/0/25 1/0/26 2/0/25 2/0/26
Note: remember that IRF ports must be connected 1/1<>2/2 and 1/2<>2/1
1. Configure Switch A1 (This is going to be the IRF Master) a) Configure the IRF priority and the IRF Ports
<Switch>system-view [Switch]irf member 1 priority 32 [Switch]int ten 1/0/25 [Switch-int-ten1/0/25]shutdown [Switch-int-ten1/0/25]quit [Switch]int ten 1/0/26 [Switch-int-ten1/0/26]shutdown [Switch-int-ten1/0/26]quit [Switch]irf-port 1/1
hk644s b.00 2011 Hewlett-Packard Development Company, L.P. L11 - 1
[Switch-irf-port1/1]port group int ten 1/0/25 [Switch]irf-port 1/2 [Switch-irf-port1/2]port group int ten 1/0/26 [Switch-irf-port1/2]quit [Switch]int ten 1/0/25 [Switch-int-ten1/0/25]undo shutdown [Switch-int-ten1/0/25]quit [Switch]int ten 1/0/26 [Switch-int-ten1/0/26]undo shutdown [Switch-int-ten1/0/26]quit [Switch]quit <Switch>display irf <Switch>display irf configuration <Switch>display irf topology <Switch>save
b) Turn off the Switch 2. Configure Switch A2 a) Change the device id to 2 (unit number)
<Switch>system-view [Switch]irf member 1 renumber 2 [Switch]quit <Switch>display irf <Switch>reboot

b) Configure the the IRF Ports
<Switch>system-view [Switch]int ten 2/0/25 [Switch-int-ten2/0/25]shutdown [Switch-int-ten2/0/25]quit [Switch]int ten 2/0/26 [Switch-int-ten2/0/26]shutdown [Switch-int-ten2/0/26]quit [Switch]irf-port 2/1 [Switch-irf-port1/1]port group int ten 2/0/25 [Switch]irf-port 2/2 [Switch-irf-port2/2]port group int ten 2/0/26 [Switch-irf-port2/2]quit [Switch]int ten 2/0/25
hk644s b.00
L11 - 2
[Switch-int-ten2/0/25]undo shutdown [Switch-int-ten2/0/25]quit [Switch]int ten 2/0/26 [Switch-int-ten2/0/26]undo shutdown [Switch-int-ten2/0/26]quit [Switch]quit <Switch>display irf <Switch>display irf configuration <Switch>display irf topology <Switch>save
c) Turn off the Switch d) Connect the cables to complete the IRF Topology:
1/0/25 <> 2/0/26 1/0/26 <> 2/0/27

e) Connect the console cable to the IRF master (Switch A1) f) Turn on Switch A1 and wait until boot process is completed. g) Turn on Switch A2 and wait until boot process is completed, pay attention to the messages on the console of Switch A1. h) Check the result:
<Switch>display irf <Switch>display irf config <Switch>display irf topology

i) Status: IRF should be up and running
3. Complete the configuration of the IRF system a) Configure VLAN interfaces and OSPF in the IRF system (Console Cable connected to Switch A1)
<Switch>system-view [Switch]vlan 2 [Switch-vlan2]quit [Switch]vlan 3 [Switch-vlan3]quit [Switch]int vlan 2 [Switch-int-vlan2]ip address 10.0.2.1 24
hk644s b.00
L11 - 3
[Switch-int-vlan2]quit [Switch]int vlan 3 [Switch-int-vlan3]ip address 10.0.3.1 24 [Switch-int-vlan3]quit [Switch]ospf 1 [Switch-ospf1]area 0 [Switch-ospf1-area0]network 10.0.0.0 0.0.255.255 [Switch-ospf1-area0]quit [Switch-ospf1-area0]quit [Switch-ospf1]quit
b) Configure Bridge Aggregation Groups 1 and 2
[Switch]int bridge-aggregation 1 [Switch-int-bragg1]link-aggregation mode dynamic [Switch-int-bragg1]quit [Switch]int gig 1/0/12 [Switch-int-g1/0/12]port link-aggregation group 1 [Switch-int-g1/0/12]quit [Switch]int gig 2/0/12 [Switch-int-g2/0/12]port link-aggregation group 1 [Switch-int-g2/0/12]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]port link-type access [Switch-int-bragg1]port access vlan 2 [Switch-int-bragg1]quit [Switch]int bridge-aggregation 2 [Switch-int-bragg2]link-aggregation mode dynamic [Switch-int-bragg2]quit [Switch]int gig 1/0/24 [Switch-int-g1/0/24]port link-aggregation group 2 [Switch-int-g1/0/24]quit [Switch]int gig 2/0/24 [Switch-int-g2/0/24]port link-aggregation group 2 [Switch-int-g2/0/24]quit [Switch]int bridge-aggregation 2 [Switch-int-bragg2]port link-type access [Switch-int-bragg2]port access vlan 3 [Switch-int-bragg2]quit [Switch]quit
hk644s b.00
L11 - 4
4. Configure Switch B
<Switch>system-view [Switch]vlan 2 [Switch-vlan2]quit [Switch]int vlan 1 [Switch-int-vlan1]ip address 10.0.1.1 24 [Switch-int-vlan1]quit [Switch]int vlan 2 [Switch-int-vlan2]ip address 10.0.2.1 24 [Switch-int-vlan2]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]link-aggregation mode dynamic [Switch-int-bragg1]quit [Switch]int gig 1/0/23 [Switch-int-gig1/0/23]port link-aggregation group 1 [Switch-int-gig1/0/23]quit [Switch]int gig 1/0/24 [Switch-int-gig1/0/24]port link-aggregation group 1 [Switch-int-gig1/0/24]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]port link-type access [Switch-int-bragg1]port access vlan 2 [Switch-int-bragg1]quit [Switch]ospf 1 [Switch-ospf1]area 0 [Switch-ospf1-area0]network 10.0.0.0 0.0.255.255 [Switch-ospf1-area0]quit [Switch-ospf1-area0]quit [Switch-ospf1]quit
5. Configure Switch C
<Switch>system-view [Switch]vlan 3 [Switch-vlan3]quit [Switch]vlan 4 [Switch-vlan4]quit [Switch]int vlan 3 [Switch-int-vlan3]ip address 10.0.3.2 24
hk644s b.00
L11 - 5
[Switch-int-vlan3]quit [Switch]int vlan 4 [Switch-int-vlan4]ip address 10.0.4.1 24 [Switch-int-vlan4]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]link-aggregation mode dynamic [Switch-int-bragg1]quit [Switch]int gig 1/0/23 [Switch-int-gig1/0/23]port link-aggregation group 1 [Switch-int-gig1/0/23]quit [Switch]int gig 1/0/24 [Switch-int-gig1/0/24]port link-aggregation group 1 [Switch-int-gig1/0/24]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]port link-type access [Switch-int-bragg1]port access vlan 4 [Switch-int-bragg1]quit [Switch]ospf 1 [Switch-ospf1]area 0 [Switch-ospf1-area0]network 10.0.0.0 0.0.255.255 [Switch-ospf1-area0]quit [Switch-ospf1-area0]quit [Switch-ospf1]quit
6. Connect all cables 7. Verify: a) In the IRF and then in Switch B and Switch C:
[Switch]display link-aggregation summary [Switch]display link-aggregation verbose [Switch]display ip routing-table

8. Test: a) Configure the IP address in PC1 and 2 b) Ping between PCs 9. Keep the configuration for the following two exercises
hk644s b.00
L11 - 6
10. Configure MAD/LACP in the IRF (with the Console Cable connected to the IRF Master) a) Enable MAD/LACP
[Switch]int bridge-aggregation 1 [Switch-int-bragg1]mad enable [Switch-int-bragg1]quit [Switch]display mad verbose

b) Test: shutdown the IRF Link:
[Switch]int ten 1/0/25 [Switch-int-ten1/0/25]shutdown [Switch-int-ten1/0/25]quit [Switch]int ten 1/0/26 [Switch-int-ten1/0/26]shutdown [Switch-int-ten1/0/26]quit
i) Observe the messages in the console.
ii) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned off iii) In the Master:

iv) Ping between PCs c) Recover the IRF Link:
[Switch]int ten 1/0/25 [Switch-int-ten1/0/25]undo shutdown [Switch-int-ten1/0/25]quit [Switch]int ten 1/0/26 [Switch-int-ten1/0/26]undo shutdown [Switch-int-ten1/0/26]quit
i) What happens to the Slave? Does it reboot?
ii) Observe the messages in the console. Wait until the IRF is recovered.
hk644s b.00
L11 - 7
iii) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned on iv) Verify the recovery [Switch]display
irf [Switch]display irf configuration [Switch]display irf topology

v) Disable MAD/LACP
[Switch]int bridge-aggregation 1 [Switch-int-bragg1]undo mad enable [Switch-int-bragg1]quit

11. Keep the configuration for the following two exercises
hk644s b.00
L11 - 8
12. Configure MAB with BFD a) Create the MAD/BFD VLAN and assign the MAD connection ports
[Switch]vlan 4094 [Switch-vlan4094]port gig 1/0/22 [Switch-vlan4094]port gig 2/0/22 [Switch-vlan4094]quit

b) Enter the MAD/BFD vlan interface and: i) Enable MAD/BFD ii) Configure MAD ip addresses for all units
[Switch]interface vlan 4094 [Switch-int-vlan4094]mad bfd enable [Switch-int-vlan4094]mad ip address 10.255.255.1 24 member 1 [Switch-int-vlan4094]mad ip address 10.255.255.2 24 member 2 [Switch-int-vlan4094]quit [Switch]display mad verbose
You should get a report like this: Current
MAD status: Detect Excluded ports(configurable): Excluded ports(can not be configured): Ten-GigabitEthernet1/0/25 Ten-GigabitEthernet1/0/26 Ten-GigabitEthernet2/0/25 Ten-GigabitEthernet2/0/26 MAD LACP disabled. MAD BFD enabled interface: Vlan-interface4094 mad ip address 10.255.255.1 255.255.255.0 member 1 mad ip address 10.255.255.2 255.255.255.0 member 2
iii) Test: shutdown the IRF Link:
[Switch]int ten 1/0/25 [Switch-int-ten1/0/25]shutdown [Switch-int-ten1/0/25]quit [Switch]int ten 1/0/26 [Switch-int-ten1/0/26]shutdown
hk644s b.00
L11 - 9
[Switch-int-ten1/0/26]quit
iv) Observe the messages in the console. v) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned off. vi) Recover the IRF Link:
vii) What happens to the Slave? Does it reboot? viii) Observe the messages in the console. Wait until the IRF is recovered. ix) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned on x) Verify the recovery
[Switch]display irf [Switch]display irf configuration [Switch]display irf topology

12. Turn off the IRF 13. Disconnect all cables 14. Return all switches to their factory default:
<Switch>reset save
15. In Switch A2 (IRF Member 2) return the IRF Member ID to 1
<Switch>system-view [Switch]irf member 2 renumber 1 [Switch]quit <Switch>reset save
hk644s b.00
L11 - 10
HP A7500/A9500/A12500 Series
Device PC1 Switch B IRF Switch C PC2
Interface VLAN 1 VLAN 2 VLAN 2 VLAN 3 VLAN 3 VLAN 4
IP Address 10.0.1.100/24 10.0.1.1/24 10.0.2.2/24 10.0.2.1/24 10.0.3.1/24 10.0.3.2/24 10.0.4.1/24 10.0.4.100/24
Gateway 10.0.1.1
10.0.4.1
In this guide it is assumed that each Switch A7500 has, in slot 2, a module with 24 10/100/100 Base-T ports and 2 10GbE XFP ports and these XFP port have CX4 XFP transceivers. Then, IRF ports will be mapped to: Switch A1 Switch A2 IRF Port 1/1 1/2 1/1 1/2 Physical Port 1/2/0/25 1/2/0/26 2/2/0/25 2/2/0/26
Note: remember that IRF ports must be connected 1/1<>2/2 and 1/2<>2/1
13. Configure Switch A1 (This is going to be the IRF Master) a) Configure the IRF priority and the IRF Ports
<Switch>system-view [Switch]irf member 1 priority 32 [Switch]int ten 1/2/0/25 [Switch-int-ten1/2/0/25]shutdown
hk644s b.00
L11 - 11
[Switch-int-ten1/2/0/25]quit [Switch]int ten 1/2/0/26 [Switch-int-ten1/2/0/26]shutdown [Switch-int-ten1/2/0/26]quit [Switch]irf-port 1/1 [Switch-irf-port1/1]port group int ten 1/2/0/25 [Switch]irf-port 1/2 [Switch-irf-port1/2]port group int ten 1/2/0/26 [Switch-irf-port1/2]quit [Switch]int ten 1/2/0/25 [Switch-int-ten1/2/0/25]undo shutdown [Switch-int-ten1/2/0/25]quit [Switch]int ten 1/2/0/26 [Switch-int-ten1/2/0/26]undo shutdown [Switch-int-ten1/2/0/26]quit [Switch]quit <Switch>display irf <Switch>display irf configuration <Switch>display irf topology <Switch>save
b) Turn off the Switch 14. Configure Switch A2 a) Change the device id to 2 (unit number)
<Switch>system-view [Switch]irf member 1 renumber 2 [Switch]quit <Switch>display irf <Switch>reboot

b) Configure the the IRF Ports
<Switch>system-view [Switch]int ten 2/2/0/25 [Switch-int-ten2/2/0/25]shutdown [Switch-int-ten2/2/0/25]quit [Switch]int ten 2/2/0/26 [Switch-int-ten2/2/0/26]shutdown [Switch-int-ten2/2/0/26]quit [Switch]irf-port 2/1
hk644s b.00
L11 - 12
[Switch-irf-port2/1]port group int ten 2/2/0/25 [Switch-irf-port2/1]quit [Switch]irf-port 2/2 [Switch-irf-port2/2]port group int ten 2/2/0/26 [Switch-irf-port2/2]quit [Switch]int ten 2/2/0/25 [Switch-int-ten2/2/0/25]undo shutdown [Switch-int-ten2/2/0/25]quit [Switch]int ten 2/2/0/26 [Switch-int-ten2/2/0/26]undo shutdown [Switch-int-ten2/2/0/26]quit [Switch]quit <Switch>display irf <Switch>display irf configuration <Switch>display irf topology <Switch>save
c) Turn off the Switch d) Connect the cables to complete the IRF Topology:
1/2/0/25 <> 2/2/0/26 1/2/0/26 <> 2/2/0/27

e) Connect the console cable to the IRF master (Switch A1) f) Turn on Switch A1 and wait until boot process is completed. g) Turn on Switch A2 and wait until boot process is completed, pay attention to the messages on the console of Switch A1. h) Check the result:
<Switch>display irf <Switch>display irf config <Switch>display irf topology

i) Status: IRF should be up and running
15. Complete the configuration of the IRF system a) Configure VLAN interfaces and OSPF in the IRF system (Console Cable connected to Switch A1)
<Switch>system-view
hk644s b.00
L11 - 13
[Switch]vlan 2 [Switch-vlan2]quit [Switch]vlan 3 [Switch-vlan3]quit [Switch]int vlan 2 [Switch-int-vlan2]ip address 10.0.2.1 24 [Switch-int-vlan2]quit [Switch]int vlan 3 [Switch-int-vlan3]ip address 10.0.3.1 24 [Switch-int-vlan3]quit [Switch]ospf 1 [Switch-ospf1]area 0 [Switch-ospf1-area0]network 10.0.0.0 0.0.255.255 [Switch-ospf1-area0]quit [Switch-ospf1-area0]quit [Switch-ospf1]quit
b) Configure Bridge Aggregation Groups 1 and 2
[Switch]int bridge-aggregation 1 [Switch-int-bragg1]link-aggregation mode dynamic [Switch-int-bragg1]quit [Switch]int gig 1/2/0/12 [Switch-int-g1/2/0/12]port link-aggregation group [Switch-int-g1/2/0/12]quit [Switch]int gig 2/2/0/12 [Switch-int-g2/2/0/12]port link-aggregation group [Switch-int-g2/2/0/12]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]port link-type access [Switch-int-bragg1]port access vlan 2 [Switch-int-bragg1]quit [Switch]int bridge-aggregation 2 [Switch-int-bragg2]link-aggregation mode dynamic [Switch-int-bragg2]quit [Switch]int gig 1/2/0/24 [Switch-int-g1/2/0/24]port link-aggregation group [Switch-int-g1/2/0/24]quit [Switch]int gig 2/2/0/24 [Switch-int-g2/2/0/24]port link-aggregation group
hk644s b.00
L11 - 14
[Switch-int-g2/2/0/24]quit [Switch]int bridge-aggregation 2 [Switch-int-bragg2]port link-type access [Switch-int-bragg2]port access vlan 3 [Switch-int-bragg2]quit [Switch]quit
16. Configure Switch B
<Switch>system-view [Switch]vlan 2 [Switch-vlan2]quit [Switch]int vlan 1 [Switch-int-vlan1]ip address 10.0.1.1 24 [Switch-int-vlan1]quit [Switch]int vlan 2 [Switch-int-vlan2]ip address 10.0.2.1 24 [Switch-int-vlan2]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]link-aggregation mode dynamic [Switch-int-bragg1]quit [Switch]int gig 1/0/23 [Switch-int-gig1/0/23]port link-aggregation group 1 [Switch-int-gig1/0/23]quit [Switch]int gig 1/0/24 [Switch-int-gig1/0/24]port link-aggregation group 1 [Switch-int-gig1/0/24]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]port link-type access [Switch-int-bragg1]port access vlan 2 [Switch-int-bragg1]quit [Switch]ospf 1 [Switch-ospf1]area 0 [Switch-ospf1-area0]network 10.0.0.0 0.0.255.255 [Switch-ospf1-area0]quit [Switch-ospf1-area0]quit [Switch-ospf1]quit
17. Configure Switch C
<Switch>system-view
hk644s b.00
L11 - 15
[Switch]vlan 3 [Switch-vlan3]quit [Switch]vlan 4 [Switch-vlan4]quit [Switch]int vlan 3 [Switch-int-vlan3]ip address 10.0.3.2 24 [Switch-int-vlan3]quit [Switch]int vlan 4 [Switch-int-vlan4]ip address 10.0.4.1 24 [Switch-int-vlan4]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]link-aggregation mode dynamic [Switch-int-bragg1]quit [Switch]int gig 1/0/23 [Switch-int-gig1/0/23]port link-aggregation group 1 [Switch-int-gig1/0/23]quit [Switch]int gig 1/0/24 [Switch-int-gig1/0/24]port link-aggregation group 1 [Switch-int-gig1/0/24]quit [Switch]int bridge-aggregation 1 [Switch-int-bragg1]port link-type access [Switch-int-bragg1]port access vlan 4 [Switch-int-bragg1]quit [Switch]ospf 1 [Switch-ospf1]area 0 [Switch-ospf1-area0]network 10.0.0.0 0.0.255.255 [Switch-ospf1-area0]quit [Switch-ospf1-area0]quit [Switch-ospf1]quit
18. Connect all cables 19. Verify: a) In the IRF and then in Switch B and Switch C:
hk644s b.00
L11 - 16
20. Test: a) Configure the IP address in PC1 and 2 b) Ping between PCs 21. Keep the configuration for the following two exercises 22. Configure MAD/LACP in the IRF (with the Console Cable connected to the IRF Master) a) Enable MAD/LACP
[Switch]int bridge-aggregation 1 [Switch-int-bragg1]mad enable [Switch-int-bragg1]quit [Switch]display mad verbose

b) Test: shutdown the IRF Link:
[Switch]int ten 1/0/25 [Switch-int-ten1/0/25]shutdown [Switch-int-ten1/0/25]quit [Switch]int ten 1/0/26 [Switch-int-ten1/0/26]shutdown [Switch-int-ten1/0/26]quit
i) Observe the messages in the console.
ii) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned off iii) In the Master:

iv) Ping between PCs c) Recover the IRF Link:
i) What happens to the Slave? Does it reboot?
ii) Observe the messages in the console. Wait until the IRF is recovered.
hk644s b.00
L11 - 17
iii) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned on iv) Verify the recovery [Switch]display
irf [Switch]display irf configuration [Switch]display irf topology

v) Disable MAD/LACP
[Switch]int bridge-aggregation 1 [Switch-int-bragg1]undo mad enable [Switch-int-bragg1]quit

23. Keep the configuration for the following two exercises
hk644s b.00
L11 - 18
24. Configure MAB with BFD a) Create the MAD/BFD VLAN and assign the MAD connection ports
[Switch]vlan 4094 [Switch-vlan4094]port gig 1/0/22 [Switch-vlan4094]port gig 2/0/22 [Switch-vlan4094]quit

b) Enter the MAD/BFD vlan interface and: i) Enable MAD/BFD ii) Configure MAD ip addresses for all units
[Switch]interface vlan 4094 [Switch-int-vlan4094]mad bfd enable [Switch-int-vlan4094]mad ip address 10.255.255.1 24 member 1 [Switch-int-vlan4094]mad ip address 10.255.255.2 24 member 2 [Switch-int-vlan4094]quit [Switch]display mad verbose
You should get a report like this: Current
MAD status: Detect Excluded ports(configurable): Excluded ports(can not be configured): Ten-GigabitEthernet1/0/25 Ten-GigabitEthernet1/0/26 Ten-GigabitEthernet2/0/25 Ten-GigabitEthernet2/0/26 MAD LACP disabled. MAD BFD enabled interface: Vlan-interface4094 mad ip address 10.255.255.1 255.255.255.0 member 1 mad ip address 10.255.255.2 255.255.255.0 member 2
iii) Test: shutdown the IRF Link:
[Switch]int ten 1/2/0/25 [Switch-int-ten1/2/0/25]shutdown [Switch-int-ten1/2/0/25]quit [Switch]int ten 1/2/0/26 [Switch-int-ten1/2/0/26]shutdown
hk644s b.00
L11 - 19
[Switch-int-ten1/0/26]quit
iv) Observe the messages in the console. v) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned off. vi) Recover the IRF Link:
[Switch]int ten 1/2/0/25 [Switch-int-ten1/2/0/25]undo shutdown [Switch-int-ten1/2/0/25]quit [Switch]int ten 1/2/0/26 [Switch-int-ten1/2/0/26]undo shutdown [Switch-int-ten1/2/0/26]quit
vii) Observe the messages in the console. Wait until the IRF is recovered. viii) If the Switch A2 does not reboot automatically, connect to its console and reboot it manually. ix) Verify that the LEDs of the ports in the IRF Member number 2 (Slave) have been turned on x) Verify the recovery
[Switch]display irf [Switch]display irf configuration [Switch]display irf topology

16. Turn off the IRF 17. Disconnect all cables 18. Return all switches to their factory default:
<Switch>reset save
19. In Switch A2 (IRF Member 2) return the IRF Member ID to 1
<Switch>system-view [Switch]irf member 2 renumber 1 [Switch]quit <Switch>reset save
End of LABs
hk644s b.00
L11 - 20

Treinamento HPn-Hk644s.b.00 Lab

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Treinamento HPn-Hk644s.b.00 Lab

Загружено:

Авторское право:

Доступные форматы

HP LAN Switching Installation and Administration

HP LAN Switching Installation and Administration

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

Lab 1 - Basic System Configuration

PC1 Et he Ethernet Cable Serial port Console Cable

PC2 Et he Ethernet Cable Serial port Console Cable

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

Table 2.1 Console Port Parameters

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

SSH with Password Authentication

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

Figure 10.2 iv) Ignore the following Alert window

v) and Login as user: sshu with password: sshu

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

SSH with Public-key Authentication

Figure 10.5 e) After the key pair is generated

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

Figure 10.6 i) and click open:

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

Configuration File Management

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

TFTP Client Configuration

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

Lab 2 - Port and Link Management

gig s/0/1 PC1

gig s/0/1 gig s/0/10 gig s/0/10 PC2

2011 Hewlett-Packard Development Company, L.P.

HP LAN Switching Installation and Administration Professional Training

MAC Address Table