Академический Документы
Профессиональный Документы
Культура Документы
This document (the Document) contains confidential information of Dell and embodies trade secret and
proprietary intellectual property of Dell. It is legally protected and shall not be copied, modified, reverse
engineered, published, disclosed, disseminated outside of Dell or otherwise used, in whole or in part, without
Dells written consent, provided, however, that you have the right to use the Document solely for your internal
use and solely as necessary for you to enjoy the benefit of Services under the applicable SOW (or other
agreement) you have entered into with Dell. Copyright 2015 by Dell Inc. The copyright notice does not imply
publication of this document or its contents.
TABLE OF CONTENTS
Lab 1: Lab Equipment Access ...........................................................................................5
Lab 2: VLAN Configuration and Verification ................................................................... 9
Exercise 1: Preliminary Configuration .................................................................................. 10
Exercise 2: Configuration and Verification of Port-based VLANs on N-Series Switches........... 13
Exercise 3: Verify End-to-End Connectivity Across VLANs ..................................................... 19
Exercise 4: Configuration and Verification of Port-based VLANs on S-Series Switches ........... 21
Lab 3: Spanning Tree Protocols .................................................................................... 26
Exercise 1: RSTP Configuration with S-Series Switches ......................................................... 27
Exercise 2: RSTP with N-series Switches.............................................................................. 31
Exercise 3: Integrated S-series & N-series RSTP.................................................................... 35
Exercise 4: Influence Root Bridge Selection with Priority Setting .......................................... 37
Exercise 5: RSTP Portfast and BPDU Filtering ....................................................................... 38
Exercise 6: Single Region MSTP with S-series and N-series Switches..................................... 41
Lab 4: Link Aggregation with Port Channels ................................................................ 50
Exercise 1: Static Port Channels on S-series Switches........................................................... 51
Exercise 2: Dynamic Link Aggregation with LACP on S-series Switches.................................. 56
Exercise 3: Static Port Channels on N-series Switches .......................................................... 58
Exercise 4: Dynamic Link Aggregation with LACP on N-series Switches ................................. 63
Lab 5: VLT and MLAG ..................................................................................................... 65
Exercise 1: VLT Configuration with S-Series Switches ........................................................... 66
Exercise 2: MLAG Configuration with N-series Switches ...................................................... 72
Lab 6: OSPFv2 Configuration and Verification ..............................................................77
Exercise 1: Pre-Lab Checklist ............................................................................................... 78
Exercise 2: OSPF Configuration and Verification on S-series Switches................................... 80
Exercise 3: OSPF Configuration and Verification on N-series Switches .................................. 92
Exercise 4: OSPF Interoperability Configuration and Verification Between N -series and S-series
Switches............................................................................................................................. 96
Lab 7: Policy-based Routing (PBR) ............................................................................... 101
Exercise 1: Configuration and Verification PBR on an S-series Switch ................................. 102
Exercise 2: Configuration and Verification PBR on an N-series Switch................................. 108
Lab 8: Virtual Router Redundancy Protocol (VRRP) ................................................... 115
Exercise 1: VRRP with S-series VRRP Group ....................................................................... 117
Exercise 2: VRRP with N-series VRRP Group....................................................................... 129
Lab 9: Border Gateway Protocol (BGP) .......................................................................143
Exercise 1: Configure and Verify IP Connectivity ................................................................ 144
By completing this lab, you will perform the following tasks on your workstation:
1. Review the generic lab topology diagram showing the devices used in the
labs to follow, and their interconnectivity.
2. Test access to lab equipment.
When to Use:
Equipment:
Three Dell Networking S-series switches (DNOS v9.7), four Dell Networking N-series
switches (DNOS v6.2), and five PCs (Linux Ubuntu).
Step 1:
Examine the topology diagram. It provides a view of the network topology for each lab station.
Each course participant will have an entire station with seven switches and five PCs.
S1
S2
S3
N1
N2
N3
N4
PC1
PC2
PC3
PC4
PC5
Notice that there are seven switches. There are three S-series switches, with host names S1,
S2 and S3. There are four N-series switches, with host names N1, N2, N3 and N4. There are
five PCs: PC1 connected to N1; PC2 & PC3 connected to N3; and, PC4 & PC5 connected to
N4.
Lab Note
The lab hardware is on a private network that is only accessible from a Jump Server that has connectivity to
both the public and private networks.
In this exercise, you will log in to the remote Jump Server. Once logged in, you will now have access to the
private network.
Step 2:
Open https://rresvlab.us.dell.com page in your browser. Choose Round Rock and click Next.
Step 3:
Type in the username and password that was provided by your instructor and click Log in.
You will now see 8 Jump Servers listed (two per course participant station). Click on the one
that has been assigned to you by your instructor.
Step 4:
After logging onto the Jump Server. Double click on the Remote Desktop Manager icon on
your desktop. RDM is preconfigured to connect to the hardware in your station. The example
below should be similar to what you will see. If you do not see your devices, please notify the
instructor. The example shown is for Station 1.
Step 5:
Test each connection by double clicking each device in the menu. Once you have a
connection, use the Enter key to get a device prompt. You should see the host name for the
device. For example, for N1 you should see the prompt N1>.
At this point, we only want to ensure that you can connect to your devices. It isnt necessary to
perform any tasks on any device at this time.
If you are not able to connect to all devices in your station (seven switches and 3 PCs),
notify your instructor.
By completing this lab, you will perform the following tasks on your workstation:
1.
2.
3.
4.
Create VLANs.
Configure access ports for VLAN membership.
Configure trunks to carry traffic for multiple VLANs.
Verify end-to-end connectivity across VLANs.
When to Use:
When creating VLANs with Dell Networking S-series and N-series switches.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7), and four Dell Networking Nseries switches (DNOS v6.2).
View the topology diagram to become familiar with the devices and interfaces used in the initial
exercises of this lab.
Te 1/0/7
N1
VLAN 1
Te 1/0/7
N2
Te 1/0/5
Te 1/0/5
Te 1/0/4
Te 1/0/4
VLAN 1
VLAN 1
VL
AN
1
N1
LA
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
PC2
192.168.10.19/24
Step 1.2:
Gi 1/0/2
Gi 1/0/1
PC3
PC4
192.168.12.10/24
192.168.10.20/24
N4
Gi 1/0/2
PC5
192.168.12.11/24
On N2, N3, and N4, disable all interfaces with the shutdown command. Then, refer to the
topology diagram and use the no shutdown command to enable only the interfaces needed
for this exercise. Use the interface range command to configure multiple interfaces at one
time.
On N2, enable only interfaces Te 1/0/4 and Te 1/0/5.
10
On N2, N3, and N4, issue the show interfaces status command to verify that (only) the interfaces
enabled in the previous step have an UP link state. The example output is from N2. On N3 and
N4, you should see three interfaces up.
Description
VLAN
Duplex
Speed
Neg
Link
Flow M
State
Ctrl
------- ---- ------ ----- -- -----------------Unknown
Unknown
Unknown
1000
1000
Unknown
11
Auto
Auto
Auto
Auto
Auto
Auto
Down
Down
Down
Up
Up
Down
Off
Off
Off
On
On
Off
A
A
A
A
A
A
1
1
1
1
1
1
Note that all interfaces remain members of the Default VLAN 1 (until configured to become
members of other VLANs).
Step 1.4:
On N2, N3, and N4 view the running configuration for the interfaces enabled in Step 1.2. The
example output is from N2.
On N2, N3, and N4 issue the show vlan command. An example is shown here on N2:
Ports
------------Po1-128,
Te1/0/1-24,
Te1/1/1-4
Type
-------------Default
The verification commands confirm that all interfaces are members of VLAN 1, the Default VLAN,
as part of the switch factory default configuration. In this lab, you will create custom (nondefault) VLANs and configure interfaces to be members of the VLANs you create.
12
Device
N3
N3
N4
N4
Create VLANs on N3 and N4, referring to the table for VLAN numbering and names .
VLAN
10
12
10
12
VLAN Name
Engineering
Marketing
Engineering
Marketing
The example is shown on N3. Be sure to also configure both VLANs on N4.
N3(config)# vlan 10
N3(config-vlan10)# name Engineering
N3(config-vlan10)# vlan 12
N3(config-vlan12)# name Marketing
Step 2.2:
On N3 and N4, issue the show vlan command to verify the creation of the VLANs you created
in the previous step. Notice that at this time, there are no member ports/interfaces in these
newly created VLANs.
10 Engineering
12 2.3
Marketing
Step
Ports
Type
----------- --------Po1-128,
Default
Gi1/0/1-24,
Te1/0/1-2
Static
Static
13
Refer to the table and the diagram. On N3 and N4, configure the specified interfaces as access
ports with membership in the designated VLANs.
Device
N3
N3
N4
N4
VLAN
10
12
10
12
Description
Engineering
Marketing
Engineering
Marketing
Te 1/0/7
N1
Physical Interface
Gi 1/0/1
Gi 1/0/2
Gi 1/0/1
Gi 1/0/2
VLAN 1
Te 1/0/7
Te 1/0/5
N2
Te 1/0/5
Te 1/0/4
Te 1/0/4
VLAN 1
VLAN 1
VL
AN
1
N1
LA
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
Gi 1/0/2
VLAN 10
Gi 1/0/1
VLAN 12
PC2
192.168.10.19/24
Gi 1/0/2
VLAN 10
PC3
VLAN 12
PC4
192.168.12.10/24
192.168.10.20/24
N4
14
PC5
192.168.12.11/24
On N3 and N4, issue the show vlan command to verify port membership configured in the
previous step.
10
Engineering
Ports
------------Po1-128,
Gi1/0/3-24,
Te1/0/1-2
Gi1/0/1
12
Marketing
Gi1/0/2
Step 2.4:
Type
-------------Default
Static
Static
Refer to the diagram. On N3, configure interface Gi 1/0/5 as a trunk port. On N4, configure
interface Gi 1/0/4 as a trunk port.
Te 1/0/7
N1
VLAN 1
N2
Te 1/0/5
Te 1/0/5
Te 1/0/4
AN
VL
VLAN 1
Te 1/0/7
Te 1/0/4
nk
u
r
T
VLAN
Trunk
VL
AN
1
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
Gi 1/0/2
VLAN 10
Gi 1/0/1
VLAN 12
PC2
192.168.10.19/24
Gi 1/0/2
VLAN 10
PC3
VLAN 12
PC4
192.168.12.10/24
192.168.10.20/24
N3 Configuration:
N4
15
PC5
192.168.12.11/24
N4 Configuration:
Refer to the diagram. On N2, configure VLAN 10 and VLAN 12, and configure interfaces Te 1/0/4
and Te 1/0/5 as trunk ports.
On N3 and N4, issue the show vlan command to verify port membership in accordance with
your configuration. Note that on N3, Gi 1/0/5 is a trunk port since it is carrying traffic for multiple
VLANs. On N4, Gi 1/0/4 is the trunk port.
10
Engineering
12
Marketing
Ports
------------Po1-128,
Gi1/0/3-24,
Te1/0/1-2
Gi1/0/1,
Gi1/0/5
Gi1/0/2,
Gi1/0/5
Type
-------------Default
Static
Static
16
On N2, issue the show vlan command to verify port membership in accordance with your
configuration. Note that both Te 1/0/4 and Te 1/0/5 are both trunk ports as they send and
receive frames from both VLAN 10 and VLAN 12.
10
12
VLAN0010
VLAN0012
Step 2.8:
Ports
------------Po1-128,
Te1/0/1-24,
Te1/1/1-4
Te1/0/4-5
Te1/0/4-5
Type
-------------Default
Static
Static
On N3, issue the show interfaces status command for Gi 1/0/1, Gi 1/0/2, and Gi 1/0/5.
Description
Duplex
Speed Neg
Description
Duplex
Speed Neg
Link Flow M
VLAN
State Ctrl
--------- --------------- ------ ------- ---- ------ ----- -- ------------------Gi1/0/2
Full
1000 Auto
Up On
A 12
N3# show interfaces status gigabitethernet 1/0/5
Port
Description
Link Flow M
VLAN
State Ctrl
--------- --------------- ------ ------- ---- ------ ----- -- ------------------Gi1/0/5
Duplex
Speed Neg
Full
1000
Auto
Up
On
T (1),2-4096
Notice that the show interfaces status command verifies that interfaces Gi 1/0/1 and Gi 1/0/2
are in access port mode (A) and Gi 1/0/5 is in trunk port mode (T).
17
On N2, verify the interface status of Te 1/0/4 and Te 1/0/5. You should see that both interfaces
are in trunk mode.
On N4, verify the interface status of Gi 1/0/1, Gi 1/0/2, and Gi 1/0/4. As with N3, you should see
two ports (Gi 1/0/1, Gi 1/0/2) in access mode and one port (Gi 1/0/4) in trunk mode.
18
View the topology diagram, focusing on the four PCs in your network topology. Notice which
switch they are connected to and the VLAN membership of the connecting port.
Te 1/0/7
N1
VLAN 1
N2
Te 1/0/5
Te 1/0/5
Te 1/0/4
AN
VL
VLAN 1
Te 1/0/7
Te 1/0/4
nk
Tr u
VLAN
Trunk
VL
AN
1
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
Gi 1/0/2
VLAN 10
VLAN 12
PC2
192.168.10.19/24
Step 3.2:
Gi 1/0/1
N4
Gi 1/0/2
VLAN 10
PC3
VLAN 12
PC4
192.168.12.10/24
192.168.10.20/24
PC5
192.168.12.11/24
On all four PCs (PC2, PC3, PC4, and PC5) verify that the IP address assigned to interface eth0 is
the address shown in the table below.
Device
PC2
PC3
PC4
PC5
IP Address / Mask
192.168.10.19 255.255.255.0
192.168.12.10 255.255.255.0
192.168.10.20 255.255.255.0
192.168.12.11 255.255.255.0
Issue the ifconfig eth0 command to see the IP address (inet addr). Also verify that the mask is
correct (255.255.255.0).
If the address on any or all of the PCs is not present or not correct, configure the address to
what it should be.
19
To configure the IP address on the PCs, use the sudo ifconfig eth0 <address> netmask <mask>
command. The [sudo] password is Passw0rd. Once you have issued the sudo password, it is not
necessary to repeat the command to set the IP address.
If it was necessary for you to change the IP address on the station, verify with the ifconfig eth0
command that the change has been made.
Step 3.3:
Using the ping command, test connectivity between PC2 and PC4 (VLAN 10), and between PC3
and PC5 (VLAN 12).
From PC2, ping PC4 (CTRL + C to stop the continuous ping).
20
Step 4.1:
Fo 0/48
VLAN 101
Fo 0/48
Trunk
VLAN 123
S2
Te 0/47
VLAN 101
S3
Te 0/46
Te 0/46
Te 0/47
VLAN 123
VLAN 123
VLAN 101
On both S2 and S3, interfaces Te 0/46 and Te 0/47 are connected to N-series switches, N1 and
N2. Although these are inter-switch links, for this exercise, the links will simulate links to hosts.
Te 0/46 and Te 0/47 will therefore be configured as access ports with membership in the VLANs
shown. Between S2 and S3 will be a trunk that will carry traffic from both VLANs. Fo 0/48 will
therefore be configured as trunk ports on both switches.
Step 4.2:
On N1 and N2, ensure that interfaces Te 1/1/3 and Te 1/1/4 are UP. The example is shown on
N1, but be sure to complete the step on N2 also.
Step 4.3:
On S2, issue the show vlan command and examine the output.
Status
Description
Inactive
21
Ports
Notice that VLAN 1, the default VLAN, is inactive and has no member ports.
Step 4.4:
On S2, configure Te 0/46 and Te 0/47 for Layer 2 functionality with the switchport command.
Step 4.5:
On S2, issue the show vlan command and examine the output.
Status
Description
Inactive
Ports
Te 0/46-47
Notice that VLAN 1, the default VLAN, is still inactive but now has the member ports you
configured as switchports in the previous step. Recall that VLAN 1 is the default VLAN for access
mode ports. The U designates untagged interfaces (frames are not tagged to identify VLAN
membership).
Step 4.6:
On S2, enable interfaces Te 0/46 and Te 0/47 with the no shutdown command.
S2(conf-if-range-te-0/46-47)# no shutdown
Step 4.7:
On S2, issue the show vlan command again, and note that VLAN 1 now has an ACTIVE status.
Status
Description
Active
22
Ports
Te 0/46-47
Step 4.8:
On S2, make Te 0/47 a member of VLAN 101, and issue the no shutdown command for the
VLAN interface.
On S2, issue the show vlan command and notice that VLAN 101 is now ACTIVE with Te 0/47 as
an untagged member port. Also note that Te 0/47 is no longer a member of the default VLAN.
Status
Active
Active
Description
Q
U
U
Ports
Te 0/46
Te 0/47
On S2, make Te 0/46 a member of VLAN 123, and issue the no shutdown command for the
VLAN interface.
On S2, issue the show vlan command and notice that VLAN 123 is now ACTIVE with Te 0/46 as
an untagged member port. Also note that Te 0/46 is no longer a member of the default VLAN,
and that the default VLAN is now in an INACTIVE state, since there are no Active ports assigned
to it.
Status Description
Inactive
Active
Active
23
Ports
U
U
Te 0/47
Te 0/46
Step 4.12:
On S3, complete Steps 4.3 through 4.11. Since the interfaces used are the same and the VLAN
numbering is the same, the commands will be identical to the ones you configured on S2.
Step 4.13:
On S3, issue the show vlan command and notice that VLAN 123 is now ACTIVE with Te 0/46 as
an untagged member port.
Status Description
Inactive
Active
Active
Ports
U
U
Te 0/47
Te 0/46
Refer to the topology diagram and observe the inter-switch link between S2 and S3 that will be
configured as a trunk to carry traffic traffic for both VLAN 101 and VLAN 123. The port on both
switches that will be configured in trunk mode is Fo 0/48.
Fo 0/48
VLAN 101
Fo 0/48
Trunk
VLAN 123
S2
Te 0/47
VLAN 101
Step 4.15:
S3
Te 0/46
Te 0/46
Te 0/47
VLAN 123
VLAN 123
VLAN 101
24
Step 4.16:
On S2, configure Fo 0/48 to carry traffic for both VLAN 101 and VLAN 123. Frames will be tagged
to distinguish VLAN membership on the inter-switch trunk link.
On S2, issue the show vlan command and observe the output. You should now see that for the
access ports (Te 0/46 and Te 0/47), frames are untagged. You should see that for the trunk port
(Te 0/48) frames are tagged to distinguish VLAN membership across the trunk.
NUM
* 1
101
123
Step 4.18:
Status
Inactive
Active
Description
Active
Ports
T
U
T
Fo 0/48
Te 0/47
Fo 0/48
Te 0/46
25
By completing this lab, you will perform the following tasks on your workstation:
1. Configuration and verification of RSTP on S-series and N-series switches in a
mixed network environment of both.
2. Configuration and verification of MSTP on S-series and N-series switches in a
mixed environment of both.
When to Use:
When deploying network architectures that require RSTP or MSTP on Dell Networking
switches.
Equipment:
Three Dell Networking S-series switches (DNOS v9.7), and four Dell Networking N-series
switches (DNOS v6.2).
26
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
S1
FortyGigE 0/20
FortyGigE 0/28
FortyGigE 0/60
S2
Step 1.2:
FortyGigE 0/60
FortyGigE 0/48
FortyGigE 0/48
On S1, S2, and S3, verify that all interfaces are DOWN, their default status.
STP
MSTP
MSTP instance
Per VLAN spanning tree protocol information
RSTP
For this exercise, we will focus on RSTP.
Step 1.4:
S3
27
Lab Note
On S-series swtiches, RSTP is disabled by default.
Dell Networking OS supports a single Rapid Spanning Tree (RST) instance.
All interfaces in VLANs and all enabled interfaces in Layer 2 mode are automatically added to the RST
topology.
Configuring RSTP is a two-step process:
1. Configure interfaces for Layer 2 mode.
2. Enable RSTP
Step 1.5:
Referring to the topology diagram above, place the interfaces connecting your S-series
switches in Layer 2 mode with the switchport command, and enable the interfaces with the
no shutdown command.
On S1, S2, and S3, issue the show interfaces status command to verify that (only) the interfaces
you have just enabled have an UP status.
28
Step 1.7:
On S1, S2 , and S3, enable RSTP globally, as shown in the example on S1.
On S1, S2, and S3, issue the show spanning-tree rstp brief command and observe the output.
Determine which switch is the root of the spanning tree. The root will display the same address
for the Root ID and the Bridge ID, and will also display the message, We are the root. Since
there are no configured priorities on these switches (they all have the default priority 32768),
RSTP has determined the root.
Observe also the RSTP bridge port roles and the port states and ensure that you understand
what they indicate (as discussed in the theory presentation prior to this lab). If you have questions
about port roles and states, ask your instructor.
Designated
Cost
Sts
Cost
Bridge ID
------- ----------- ------- -------------------1400
FWD 1400 32768 0001.e88b.5d14
1400
BLK 1400 32768 0001.e88b.6572
PortID
-------128.150
128.158
Prio
---128
128
Cost
------1400
1400
Sts
----------FWD
BLK
Cost Link-type
------- ----1400 P2P
1400 P2P
Edge
---No
No
For the three switches configured to provide this example, you can see that S1 is not the root.
Further examination of the other two switches though provides the discovery that S2 is the root
for the three switches on which this lab was developed, as shown in the next output example.
The root for your three switches may not be S2. The root for your switches will depend on
their MAC addresses.
29
Recall that the Bridge ID is determined by the bridge priority and the switch MAC address. The
priority being the same on all switches, the MAC address will be used by RSTP to determine
which switch is the root.
Designated
Cost Sts
Cost
Bridge ID
------- ----------- ------- -----------------1400 FWD
0
32768 0001.e88b.5d14
1400 FWD
0
32768 0001.e88b.5d14
Interface
Name
Role PortID
Prio Cost Sts
Cost
Link-type
Edge
---------- ------ -------- ---- ------- ----------- ------- --------- ---Fo 0/48 Desg 128.178 128 1400 FWD
0
P2P
No
Fo 0/60
1400
FWD
Learning Check
Recall that RSTP has the following port roles and port states:
Port Roles:
- Root port
- Designated port
- Alternate port
- Backup port
- Disabled port
Port States:
- Discarding
- Learning
- Forwarding
30
P2P
No
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
Te 1/0/7
Te 1/0/7
N1
Te 1/0/5
Te 1/0/5
Te 1/0/4
Te 1/0/4
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
N3
Step 2.2:
N2
N4
On N1, N2, N3, and N4, shut all ports down. By default, they are enabled for Layer 2 mode on
N-series switches. The intention is to shut all ports down, then selectively enable only the ports
to be used in this exercise.
An example is shown here for N1. Both N1 and N2 are N4xxx switches, with both 10G and 40G
interfaces. Be sure to shut the same interfaces down on N2.
31
Step 2.3:
Again, refer to the topology diagram to see which interfaces are used for this exercise and enable
them.
As can be seen, for N1 and N2, Te 1/0/4, Te 1/0/5 and Te 1/0/7 are used. The example shown
is on N1. Be sure to enable these three interfaces on N2 also.
Learning Check
Recall that for N-series switches, ports are enabled for Layer 2 mode by default.
RSTP is gloabally enabled on the switch for all ports and LAGs by default. This differs from S-series
switches which require enabling ports in Layer 2 mode and enabling RSTP.
Classic STP, STP-PV, RSTP-PV and MSTP are disabled.
Step 2.4:
On N1, N2, N3, and N4, issue the show spanning-tree active command and observe the output.
Determine which switch is the root of the spanning tree. The root will diplay the message, This
Switch is the Root. Since there are no configured priorities on these switches (they all have the
default priority 32768), RSTP has determined the root.
Also, observe the RSTP bridge port roles and the port states and ensure that you understand
what they indicate (as discussed in the theory presentation prior to this lab). If you have any
questions about the port roles and states, ask your instuctor.
For the switches on which this lab was developed, N2 is the root, as can be seen in the following
output. Your root switch may not be N2, depending on the MAC addresses of your switches.
32
33
RestrictedPort
-------------No
No
No
34
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
FortyGigE 0/20
S1
FortyGigE 0/60
FortyGigE 0/60
FortyGigE 0/48
S2
FortyGigE 0/28
FortyGigE 0/48
Te 0/46
Te 0/46
Te 0/47
Te 0/47
Te 1/1/3
Te 1/1/3
Te 1/1/4
Te 1/1/4
Te 1/0/7
N1
S3
Te 1/0/7
Te 1/0/5
N2
Te 1/0/5
Te 1/0/4
Te 1/0/4
VLAN x08
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
N4
N3
In this exercise, you will connect the S-series switches from Exercise 1 with the N-series switches
from Exercise 2. The links shown in red in the topology diagram will be enabled for Layer 2 mode
and RSTP.
Step 3.2:
Enable the interfaces connecting the S-series and N-series switches for Layer 2 mode.
On N1 and N2, enable Te 1/1/3 and Te 1/1/4. The example is shown on N1. Be sure to also
enable the two interfaces on N2.
35
On S2 and S3, configure Te 0/46 and Te 0/47 for Layer 2 mode and enable the interfaces. The
example is shown on S2. Be sure to also enable the two interfaces on S3.
On S2 and S3, enable RSTP as shown. The example is on S2. Be sure to enable RSTP on S3 also.
Step 3.4:
Now that all seven switches are participating in the same spanning tree, issue the show
spanning-tree rstp brief command on your S-series switches and the show spanning-tree
active command on your N-series switches. Identify the root bridge and examine port roles and
port states on the different swtiches to verify that they are what you would expect, based on
your knowledge of RSTP operations.
--output abbreviated
ROOT ID
Priority
Address
32768
0001.E88B.5D14
For the switches used to write this lab, the root bridge is the one with the MAC address
highlighted in the example output above. This indicates that switch S2 is the root bridge of this
spanning tree, as can be verified below by observing the show spanning-tree rstp brief output
on S2. As mentioned previously, the root bridge on your network may differ depending on the
MAC addresses of your switches.
36
On S1, change the bridge priority from the default value (32768) to 4096 to have it now become
the root bridge. If your S1 switch is already the root bridge, complete this step on S2 instead
to have it become the root bridge.
On N4, issue the show spanning-tree active command to verify that S1 is now the root bridge,
as indicated by S1s MAC address in the output. (Your MAC address for S1 will be different from
the one in the example.)
37
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
Gi 1/0/4
Gi 1/0/5
Gi 1/0/1
N3
PC2
Step 5.2:
Gi 1/0/2
PC3
On N3, issue the show spanning-tree active command and observe that currently, Gi 1/0/4 and
Gi 1/0/5 are enabled.
--output abbreviated-Interfaces
Name
State
Prio.Nbr
Cost
--------- -------- --------- --------Gi1/0/4 Enabled 128.4
20000
Sts
Role RestrictedPort
---- ----- -------------DSC Altn No
Gi1/0/5 Enabled
FWD Root No
Step 5.3:
128.5
20000
On N3, enable interfaces Gi 1/0/1 and Gi 1/0/2, ports connected to PC2 and PC3, respectively.
38
Step 5.4:
On N3, issue the show spanning-tree active command to verify that Gi 1/0/1 and Gi 1/0/2 are
now enabled.
--output abbreviated
Interfaces
Name
State
--------- -------Gi1/0/1 Enabled
Gi1/0/2 Enabled
Gi1/0/4 Enabled
Gi1/0/5 Enabled
Step 5.5:
Prio.Nbr
Cost
Sts
Role RestrictedPort
--------- --------- ---- ----- -------------128.1
20000
FWD Desg No
128.2
20000
FWD Desg No
128.4
20000
DSC Altn No
128.5
20000
FWD Root No
On N3, for ports Gi 1/0/1 and Gi 1/0/2, enable portfast and BPDU filtering as shown below.
Lab Note
The PortFast feature reduces STP convergence time by allowing edge ports connected to end devices to
transition to the forwarding state quicker than non-edge ports.
Ports that have the PortFast featue enabled continue to transmit BPDUs.
Enabling BPDU filtering on a specific port prevents the port from sending BPDUs and allows the port to
drop any BPDUs it receives.
39
Step 5.6:
On N3, for Gi 1/0/1 and Gi 1/0/2, verify that the PortFast feature is enabled as well as BPDU
filtering.
40
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
MSTI 1
ROOT
Fo 0/48
Fo 0/48
MSTI 2
ROOT
S2
S3
Te 0/46
Te 0/47
MSTI 1
VLANs 2,4,6,8,10
MSTI 2
VLANs 3,5,7,9,11
Te 1/1/4
Te 1/1/3
N1
The topology diagram represents the end objective of this exercise. There will be incremental
steps to achieve this solution.
Lab Note
On S-series and N-series swtiches, MSTP is not enabled by default.
Configuring MSTP is a four-step process:
1. Configure interfaces for Layer 2 mode.
2. Place the interfaces in VLANs.
3. Enable MSTP.
4. Create multiple spanning tree instances and map VLANs to them.
41
Step 6.2:
On S2 and S3, shut the interfaces down that are not used in this exercise. The objective is to
have only the interfaces shown in the topology diagram above enabled.
On S2 and S3, issue the show interfaces status command and verify that only the interfaces
used in this exercise are enabled. Refer to the topology diagram above.
For S2, only Te 0/47 and Fo 0/48 should have an UP status.
For S3, only Te 0/46 and Fo 0/48 should have an UP status.
Step 6.4:
On N1, enable Te 1/1/3 and Te 1/1/4, the interfaces used in this exercise, as shown in the
topology diagram above.
On N1, issue the show interfaces status command to verify that Te 1/1/3 and Te 1/1/4 are the
only interfaces with an UP link state.
42
The first step to configure MSTP is to have all interfaces enabled for Layer 2. Since default
settings on N-series meet the requirement, and since the S-series interfaces should stilll have
these settings based on their configuration for RSTP, all interfaces shown above in the topology
diagram should be ready for the next step for configuring MSTP.
On S2 and S3, verify that the interfaces used in this exercise are configured with the switchport
command and are enabled with the no shutdown command.
On S2, S3, and N1, create VLAN trunks between all three switches to exchange tagged frames
for VLANs 2-11.
43
Step 6.10:
On N1, verfiy creation of the VLANs from the previous step, and that Te 1/1/3 and Te 1/1/4 are
serving as trunks for these VLANs.
2
3
4
5
6
7
8
9
10
11
VLAN0002
VLAN0003
VLAN0004
VLAN0005
VLAN0006
VLAN0007
VLAN0008
VLAN0009
VLAN0010
VLAN0011
Ports
------------Po1-128,
Te1/0/1-24,
Te1/1/1-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Type
-------------Default
Static
Static
Static
Static
Static
Static
Static
Static
Static
Static
On S2 and S3, verify creation of the VLANs and trunks from the previous step.
On S2, verify that Te 0/47 and Fo 0/48 are serving as trunks for these VLANs.
44
The example below is shown on S2. Be sure to also verify VLAN creation on S3, and that Te 0/46
and Fo 0/48 are trunking for the created VLANs.
--output abbreviated
NUM
* 1
Status
Inactive
Active
Active
Active
Active
Active
Active
Active
Active
10
Active
11
Active
Step 6.11:
Description
Q Ports
U Te 0/46
U Fo 0/60
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
45
On S2 and S3, enable MSTP globally, naming the MST region DellNet. Create MST Intance 1 and
map VLANs 2,4,6,8, and 10 to it. Create MST Instance 2 and map VLANs 3,5,7,9, and 11 to it.
On N1, enable MSTP globally, naming the MST region DellNet. Create MST Intance 1 and map
VLANs 2,4,6,8, and 10 to it. Create MST Instance 2 and map VLANs 3,5,7,9, and 11 to it.
On S2 and S3, with the show spanning-tree mst configuration command, verify your MSTP
configuration - including region name and VLANs mapped to the appropriate MST instances.
The revison number is the default, 0.
46
Vlan Mapped
---------------1
2, 4, 6, 8, 10
3, 5, 7, 9, 11
Having verified the MSTP configuration on S2, S3, and N1, the objective now is to determine
which switch in the MST region is the root bridge.
For the three switches used to write this lab, S2 was the root bridge. Because no priorities have
been set to specify which switch you want to be the root, MSTP has determined the root based
on MAC addresses. For your network, S2 may not be the root. Use the show spanning-tree
msti command on S2 and S3; and on N1, use the show spanning-tree active instance instanceID command for MSTI 1 and MSTI 2 to determine the root bridge for your network.
Example output for the show spanning-tree msti command on S2 from the course
development network is shown here. Your output will differ depending on which switch is
elected as the root in your network (based on the MAC addresses of your switches).
47
Example output for the show spanning-tree active instance instance-ID command for MSTI 1
and MSTI 2 on N1 from the course development network is shown here. Your output will differ
depending on which switch is elected as the root in your network.
Lab Note
Although you now have mutiple spanning tree instances with different VLANs mapped to each MSTI, both
MSTIs are still using the same switch for its root bridge.
To take full advantage of the MST protocol, you can configure different switches to be the root for
different MSTIs so all VLANs do not take the same path. Having different root bridges for your two MSTIs
will allow load balancing.
The remainder of this lab will be dedicated to this objective.
48
Configure S2 to be the root of MSTI 1 by lowering the bridge priority from the default to 4096.
Step 6.16:
On S2, issue the show spanning-tree msti command and observe the output. You should see
that S2 is the root of MSTI 1.
As you did in Step 6.14, on N1, issue the show spanning-tree active instance instance-ID for
MSTI 1 and MSTI 2. Notice now that for the two instances, the root ID is now different, as is the
root port, since S2 and S3 are now the root bridges for MSTI 1 and MSTI 2, respectively.
49
Purpose:
By completing this lab, you will perform the following tasks on your workstation:
1. Create static port channels (LAGs).
2. Create dynamic port channels with LACP.
When to Use:
When using port channels for link aggregation with Dell Networking S-series and Nseries switches.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7), and two Dell Networking Nseries switches (DNOS v6.2).
50
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
S2
Fo 0/48
Fo 0/48
Fo 0/52
Fo 0/52
S3
Po1
Step 1.2:
On S2, issue the show vlan command and observe the output.
Status Description
Inactive
Q Ports
Recall that there are no interfaces or port channels as members of VLAN 1 by default on S-series
switches.
Step 1.3:
On S2, create a port channel with an id-number 1. With the switchport command, place the
port channel in Layer 2 mode, and enable it with the no shutdown command.
Step 1.4:
51
Step 1.5:
On S2, issue the show vlan command. Observe that your Po1 has been assigned as a member
in the default VLAN. The VLAN status is though Inactive and there are no physical ports
associated with the port channel, as indicated by the empty brackets next to Po1, ( ) .
Step 1.6:
Status Description
Inactive
Q
U
Ports
Po1 ( )
On S2, assign Fo 0/48 and Fo 0/52 as channel members of the newly created port channel.
On S2, issue the show vlan command and observe the output. Verify that Fo 0/48 and Fo 0/52
are members of Po1.
Status
Description
Q Ports
Inactive
U Po1(Fo 0/48,52)
52
Step 1.9:
LAG Mode
1
L2
Status
Uptime
Ports
down
00:00:00
Fo 0/48
(Down)
Fo 0/52
(Down)
Verify that the LAG is in Layer 2 mode, and that Fo 0/48 and Fo 0/52 are members.
Step 1.10:
On S3, create interface port-channel 1, and place it in Layer 2 mode. Assign Fo 0/48 and Fo
0/52 as channel members, and enable the port channel interface.
53
Step 1.12:
Mode
Status
L2
up
Step 1.14:
Uptime
Ports
00:01:03
Fo 0/48
(Up)
Fo 0/52
(Up)
Status
Description
Q Ports
Active
U Po1(Fo 0/48,52)
On S3, issue the show interfaces port-channel 1 command to verify its up status and channel
members.
--output truncated--
54
Step 1.16:
On S3, verify the up status of the channel member physical interfaces and their membership in
Po1.
--output omitted--
55
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
S2
Fo 0/48
Fo 0/48
Fo 0/52
Fo 0/52
S3
Po1
Step 2.2:
On both S2 and S3, remove interfaces Fo 0/48 and Fo 0/52 from port channel 1.
On both S2 and S3, create a new LAG interface, port-channel 7, as shown in the example below
on S2.
On both S2 and S3, configure Fo 0/48 and Fo 0/52 as dynamic LAG interfaces.
56
Step 2.5:
--output omitted
Members in this channel: Fo 0/48(U) Fo 0/52(U)
Step 2.6:
On S2, verify the up status of the channel member physical interfaces and their membership in
Po1.
--output omitted--
On S2, issue the show vlan command to verify that VLAN 1 is active and that Po7 is untagged
with members Fo 0/48 and Fo 0/52.
--output omitted-NUM
* 1
Status
Active
Description
Q Ports
U Po1()
U Po7(Fo 0/48,52)
57
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
N1
Te 1/0/7
Te 1/0/7
Te 1/0/8
Te 1/0/8
N2
Po1
Step 3.2:
On N1, issue the show vlan command and observe the output. Notice that for N-series switches,
all port channels are members of VLAN 1 by default.
VLAN Name
----- -----1
default
Step 3.3:
Ports
Type
---------- -------------Po1-128,
Default
Te1/0/1-24,
Te1/1/1-4
On N1, enter configuration mode for the specified LAG (use port-channel 3). Configure a
description for the LAG (use N1_N2_LAG). Set the minimum links that must be up for the LAG
to be active as two (both) links.
58
Step 3.5:
description "N1_N2_LAG"
port-channel min-links 2
Step 3.6:
On N1, configure Te 1/0/7 and Te 1/0/8 to be member of a static LAG, Po3. Specify the keyword
on for the mode with the channel-group command to have the ports join a static LAG (without
using LACP).
Step 3.7:
On N1, issue the show interfaces port-channel 3 command and observe the output. Note the
Ch-Type is Static. At this time the status is inactive.
Channel
------Po3
Ports
-----------------------Inactive: Te1/0/7, Te1/0/8
Ch-Type
-------Static
59
Step 3.9:
On N1, issue the show interfaces port-channel 3 command and observe the output. Note that
the status is now Active.
Channel
------Po3
Ports
-----------------------Active: Te1/0/7, Te1/0/8
Ch-Type
-------Static
Step 3.11:
On N2, shut interface Te 1/0/8 down, and then issue the show interfaces port-channel 3
command and observe the output. Notice that the LAG is now inactive.
Channel
------Po3
Ports
-----------------------Inactive: Te1/0/7, Te1/0/8
Ch-Type
-------Static
--output abbreviated--
60
Step 3.12:
On N2, view the configuration for the port channel. Recall that you have configured the
minimum number of links for the LAG to be considered active as two (both links).
On N1 and N2, modify the configuration for the LAG to return to the default number of minimum
links that must be up to consider the LAG active (1 link).
On either N1 or N2, issue the show interfaces port-channel 3 command and observe the output.
Notice that the LAG is now active on Te 1/0/7 since only one link being up is now the minimum
requirement to consider the LAG active.
Channel
------Po3
Ports
-----------------------Active: Te1/0/7
Inactive: Te1/0/8
Ch-Type
-------Static
On both N1 and N2, remove the static LAG configuration from Te 1/0/7 and Te 1/0/8 with the
no channel-group command.
61
Step 3.16:
On either N1 or N2, issue the show interfaces port-channel 3 command and verify that there
are no configured ports for the LAG.
Channel
------Po3
Ports
-----------------------No Configured Ports
Ch-Type
-------Static
--output abbreviated--
62
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
N1
Te 1/0/7
Te 1/0/7
Te 1/0/8
Te 1/0/8
N2
Po1
Step 4.2:
On both N1 and N2, configure Te 1/0/7 and Te 1/0/8 to be member of a dynamic LAG, Po3.
Specify the keyword active for the mode with the channel-group command to have the ports
join a dynamic LAG using LACP.
On either N1 or N2, issue the show interfaces port-channel 3 command and verify that there
Te 1/0/7 and Te 1/0/8 are active members of the dynamic (LACP) LAG.
Ports
-----------------------Active: Te1/0/7, Te1/0/8
Ch-Type
-------Dynamic
On N1, issue the show lacp tengigabitethernet 1/0/7 command to see LACP parameters
(including ACTIVE LACP Activity) and LACP Statistics (to verify that LACP PDUs are being sent
and received). Alternatively, the output of these two commands can be viewed separately with
63
the show lacp tengigabitethernet 1/0/7 parameters command and the show lacp
tengigabitethernet 1/0/7 statistics command.
Te 1/0/7 on N1 is used here as an example, but these commands can be used on either switch
with LAG member interfaces.
64
By completing this lab, you will perform the following tasks on your workstation:
1. Configure VLT with Dell Networking S-series switches.
2. Configure MLAG with Dell Networking N-series switches.
When to Use:
When deploying network architectures that include VLT or MLAG for link aggregation
group (LAG) termination on two separate distribution or core switches with Dell
Networking S-series or N-series switches.
Equipment:
Three Dell Networking S-series switches (DNOS v9.7), and three Dell Networking N-series
switches (DNOS v6.2).
Lab Note
This lab covers VLT (S-series) and MLAG (N-series). Although there are differences between VLT and MLAG,
they both allow a downstream device to view a LAG to two separate physical switches upstream to appear
as a single virtual link.
Commonly, the link between two VLT or MLAG peers that maintains a health check between the two
devices will be over the OoB network. For this lab, the OoB network is simulated by connections between
VLT and MLAG peers that are preconfigured. These links require Layer 3 configuration with IP addressing,
topics which are covered later in the course.
For this lab, VLT LAGs will be static. MLAG port channels will be dynamic. This is in keeping with the
recommendations in the Dell Networking S-series and N-series configuration guides.
Also noteworthy is that one of the benefits of virtual LAGs is a loop-free topology with the elimination of
STP-blocked ports. However, a spanning tree protocol is commonly used prior to the establishement of
the virtual LAG to prevent potential loops, and thereafter to prevent loops from forming with new links that
are incorrectly connected outside of the VLT/MLAG domain.
65
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
N1
Te 1/1/4
Te 0/47
VLT
Peer 1
Te 0/46
Fo 0/48
S2
Fo 0/48
Fo 0/52
Fo 0/60
Fo 0/52
S3
VLT
Peer 2
Fo 0/60
VLTi
Po 100
VLT
Po 32
Fo 0/20
Fo 0/28
S1
Step 1.2:
The backup link has been preconfigured between S2 and S3, via N1. From S2, ping S3s Te
0/46 address, 192.168.10.3 to verify connectivity across the backup link. Heartbeat messages
are exchanged between the two chassis over the backup link for health checks.
66
On S2 and S3, create a port-channel for link aggregation across the ports in the VLT
interconnect (VLTi). Dell Networking recommends configuring a static LAG for the VLTi. Specify
100 for the channel-number. Add interfaces Fo 0/48 and Fo 0/52 to the port channel, as shown
in the example on S2, below.
Step 1.4:
On S2, configure the VLT domain with domain-id 777. Specify port channel 100 as the chassis
interconnect trunk between VLT peers in the domain. Configure the IP address of the interface
to be used as the endpoint of the VLT backup link. The end point is S3s Te 0/46 address,
192.168.10.3.
67
Notice that once both sides have been configured, you should see a message that the heart
beat link is up.
Step 1.6:
On both S2 and S3, connect the VLT domain to the attached access device, in this case switch
S1. Configure the same port channel ID number 32 on each peer switch in the VLT domain (S2
& S3). Place the port channel in Layer 2 mode with the switchport command. Assign interface
Fo 0/60 to the port channel (on both S2 and S3, Fo 0/60 connects to S1). Associate the port
channel to the corresponding port channel in the VLT peer for the VLT con nection to the
attached device with the vlt-peer-lag port-channel command, specifying 32 as the id-number.
On both S2 and S3, enable interface Fo 0/60, for the link on both switches to S1.
On S1, the downstream access switch, configure port channel 32 with interface members Fo
0/20 and Fo 0/28. From the topology diagram, you can see that Fo 0/20 is connected to S2 and
Fo 0/28 is connected to S3.
68
Step 1.10:
On S1, isue the show interfaces port-channel 32 brief command, and verfiy that the LAG is
operational - although from the perspective of this device, it is unaware that there are multiple
physical devices on the other end.
Mode
Status
Uptime
Ports
32
L2
up
00:02:19
Fo 0/20
(Up)
Fo 0/28
(Up)
Step 1.11:
On S2, observe the status of the LAG to the downstream access switch, S1.
Fo 0/60 is the single member interface on S2 for lag 32. If you observe the status on S3, you will
see that S3s interface Fo 0/60 is the other channel member of the virtual link.
Mode
Status
Uptime
Ports
32
L2
up
00:03:08
Fo 0/60
Step 1.12:
(Up)
On S2, observe the status of the LAG to its VLT peer, S3.
LAG
Mode
Status
100
L2
up
Uptime
00:37:34
69
Ports
Fo 0/48
(Up)
Fo 0/52
(Up)
Note that the the show interfaces port-channel brief command (without specifying the port
channel number) will show the combined output from this and the previous step.
Step 1.13:
On S2, issue the show vlt backup-link command to verify that the peer heartbeat status is up.
The destination address is the backup-link endpoint interface (S3s Te 0/46) address.
192.168.10.3
Up
On S2, issue the show vlt brief command and observe the output. Verify the VLT domain ID that
you have configured (777). Verify that the HeartBeat Status and VLT Peer Status are Up. Note
that S2 has the Primary role, based on its lower MAC address (compared with S3, the remote
system).
777
Primary
32768
Up
Up
Up
00:01:e8:8b:5d:14
00:01:e8:8b:65:72
--output truncated--
70
Step 1.15:
On S2, issue the show vlt role command. This is another way to see the roles of the VLT peers.
The same command run on S3 would show the same default Local System Role Priority, 32768.
As mentioned in the previous step, without configuring priorities, the lowest system MAC
address is used to determine the primary and secondary peers.
Primary
00:01:e8:8b:5d:14
32768
00:01:e8:8b:5d:14
32768
On S2, issue the show vlt detail command to display status information for the virtual LAG.
71
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
MLAG Domain
Te 1/0/9
MLAG
Peer 1
Te 1/0/9
Te 1/0/7
N1
Te 1/0/4
Te 1/0/7
Te 1/0/8
N2
Te 1/0/8
MLAG
Peer 2
Te 1/0/5
Po 2
Gi 1/0/4
Gi 1/0/5
N3
MLAG
Partner
Step 2.2:
From N1, ping N2. Both N1 and N2 are preconfigured with VLAN 3, with Te 1/0/9 as member
ports on each switch. The IP address for N1 is 192.168.1.10, and the IP address for N2 is
192.168.1.11. This link will be used for keepalive exchange between the two MLAG peers as a
health check to monitor chassis up state.
72
Step 2.3:
Configure the vPC domain on the MLAG peer devices, N1 and N2, as shown. Use the number 1
as the VPC domain ID. Configure the device priority using the role command. For N1, configure
a priority of 50. For N2, configure a priority of 250.
On both N1 and N2, configure a port channel as the VPC peer-link between the MLAG peers.
Enable trunking on the peer-link.
73
The example above is shown on N1. Be sure to complete these tasks on N2 also.
Step 2.5:
On both N1 and N2, associate the port-channel with physical links, as shown. Note the use of
dynamic LAG configuration for the port channel, as recommended by Dell Networking for MLAG
peering.
On both N1 and N2, create the port channel facing the MLAG partner device, N3.
On both N1 and N2, associate the partner-facing port-channel with physical links.
74
On N3, the downstream MLAG partner device, create the dynamic port channel to the upstream
devices as shown.
On N1, issue the show vpc brief command and observe the output.
75
VPC Details
----------Number of VPCs configured...................... 1
Number of VPCs operational..................... 1
VPC id# 2
----------Interface.......................................................... Po2
Configured VLANs........................................ 1,3
VPC interface state....................................... Active
Local Members
Status
----------------- -----Te1/0/4
Up
Peer Members
Using the Status
output above, verify operational consistency with the configuration of your VPC
domain.
--------------------Te1/0/5
Up
Step 2.11:
On N3, examine the status and details of the LAG to the two upstream switches. Recall that from
the perspective of this device, N3, it is unaware that the LAG connects to two different physical
devices.
Ports
---------------------Active: Gi1/0/4, Gi1/0/5
Ch-Type
-------Dynamic
Hash Type
--------7
Min-links
--------1
--output truncated--
76
S-series
Configuration
& Verification
S1
S2
S3
S-series / N-series
Interoperability
Configuration and
Verification
N1
N2
N-series
Configuration
& Verification
N3
N4
Purpose:
When to Use:
This lab includes configuration and verification of a basic single-area OSPF network
with steps that are commonly used when deploying OSPF as an interior gateway
dynamic routing protocol.
Three Dell Networking S-series switches (DNOS v9.7) and four Dell Networking Nseries switches (DNOS v6.2)
Equipment:
77
On all seven switches, issue the command show running-config to view the current
configuration and verify that all configuration parameters exist that should- those that
establish IP connectivity between switches.
Step 1.2:
Before configuring a new dynamic routing protocol for your network, ensure that you have full
IP connectivity throughout your network. Referring to the topology diagram, you should be
able to ping across all directly connected links to neighboring switches and should see all
directly connected networks and the loopback address for the switch you are on by examining
the routing table with the show ip route command. For switches N3 and N4, you should be
able to ping the PC from the switch on the Ethernet segment where the PC resides. If you do
not have full IP connectivity throughout your network and cannot see the directly connected
links and loopback address in the routing table of each switch, do not continue with this lab
until you have resolved connectivity issues.
Lab Note
The topology diagram for the entire seven switch network is provided.
You will use this single view of your network topology to complete the tasks in this lab. This simulates real
world network implementation using topology diagrams.
The topology diagram shows switch hostnames, the physical interfaces connecting the switches (the
cabling), the addresses assigned to cabled interfaces (on S-series) and on VLANs (on N-series), the
addresses assigned to loopback interfaces, the OSPF area, and networks that you will redistribute into OSPF
(shown in purple). Shown also are the PCs connected to N3 and N4.
78
OSPF Area 0
Lo0
192.168.19.1/32
FortyGigE 0/20
S1
.1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
144.254.2.0/24
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
144.254.3.0/24
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
.13
Te 0/46
Te 0/47 .17
Te 0/47
19 VLAN
2.1
68 103
.1.
12
/30
5
10 /30
0
AN
VL 8.1.2
6
1
.
2
19
Te 1/1/3
Lo0
192.168.19.4/32
VLAN 106
192.168.1.28/30
.34 Gi 1/0/4
.18
Te 1/0/5
Lo0
192.168.19.5/32
Te 1/0/7
.30
Te 1/0/5
.41
N2
Te 1/0/4 .37
.33 Te 1/0/4
VLAN 107
192.168.1.32/30
Te 1/1/3
Te 1/1/4
Te 1/0/7
.29
.45
VLAN 104
192.168.1.16/30
.14
.22
Te 1/1/4
N1
S3
.21
VLAN 102
192.168.1.8/30
.10
Te 0/46
19 VLAN
2.1
68 110
.1.
44
/30
9
10 /30
0
AN
VL 8.1.4
.16
2
19
.42
VLAN 108
192.168.1.36/30
Gi 1/0/4
.38
.46
Gi 1/0/5
Gi 1/0/5
Lo0
192.168.19.6/32
Lo0
192.168.19.7/32
N3
.1
N4
Gig1/0/2
Gig1/0/1
PC3
VLAN 12
192.168.12.0/24
.1
PC4
.10
.20
VLAN 10
192.168.10.0/24
ping
79
Configure S1
LAST
S1
Configure S2
SECOND
Configure S3
FIRST
S2
S3
Lab Note
The order for configuring your three S-series switches is being specified to ensure that we observe the
default process by which OSPF will elect Designated Routers (DRs). As mentioned in the theory portion of
this module, there are rules governing which device is elected as the DR. However, because DR election is
considered non-deterministic - without preemption, the order in which devices join the OSPF process (and
which device sends the initial HELLO message) can result in a device becoming a DR, which appears to be
contrary to the defined election process.
In this exercise, we will observe S3 being elected as the DR on both of the network segments it is directly
attached to (adjacencies with S1 and S2). S1 will initially have the Backup Designated Router (BDR) role on
both of its directly connected links (to S2 and S3), but we will configure S1 to assume the role of DR on
those two links, causing a change in the election roles determined by the default process.
Complete Steps 2.1 through 2.5 on S1, S2 and S3. Complete all five steps first on S3 before beginning them
on S2; and, complete them on S2 before beginning them on S1.
Step 2.1:
80
Configure the router-id using the same four octets of the switchs loopback address as the
router-id. (S3 = 192.168.19.3; S2 = 192.168.19.2; S1 = 192.168.19.1)
Step 2.3:
Referring to your network topology diagram, use the network command to have your
loopback address participate in the OSPF process and be advertised by OSPF. Use a prefix of
/32, since this is a host address. Specify area 0 as the area-id.
Step 2.4:
Referring to your network topology diagram, use the network command to have BOTH of the
directly connected links to the other two S-series switches participate in the OSPF process
with their subnets advertised by OSPF. Specify SUBNETS (not interface addresses) of directly
connected links. Note that the prefix length of these subnets is /30. Specify area 0 as the areaid.
An EXAMPLE of performing steps 2.1 through 2.4 is shown below on S3.
Loopback Interface
Directly Connected
Networks
Step 2.5:
Confirm that you have configured Steps 2.1 through 2.5 on S1, S2 and S3 before you continue.
81
Step 2.6:
Verification of formed adjacencies. On switch S1, using the show ip ospf neighbor command,
verify that you have a FULL adjacency established with the other two S-series switches. You
should see the router-id of the other two switches (which is the same as their loopback
address, since you have configured them to match). You should also see the local interface
that connects your switch directly to the neighbor and the neighbors interface address on the
connecting network.
The EXAMPLE below is shown on S1. The addresses on S1 switches in other stations will vary.
State
FULL/DR
Dead Time
00:00:39
192.168.19.3
FULL/DR
00:00:36
Step 2.7:
Address
Interface Area
192.168.1.2 Fo 0/20 0
192.168.1.6
Fo 0/28 0
Now compare the output of the show ip ospf neighbor command on all three switches,
focusing on the role of the neighbor DR vs. BDR roles.
Issue the show ip ospf neighbor command on S1, S2 and S3. Output from the show ip ospf
neighbor command on these devices is shown below. Note the roles of the different switches
for the adjacencies they have formed.
The output from the show ip ospf neighbor command on the three switches and the diagram
are examples from Station 1, however except for the subnet addresses, the examples will
appear the same for all stations.
82
Router-id
192.168.19.1
BDR
.1
BDR
FortyGigE 0/28
.5
19
2.
16
8.
1.
FortyGigE 0/60
DR
30
4/
1.
8.
16
2.
19
0/
30
FortyGigE 0/20
S1
.2
DR
.6
.25
S2
FortyGigE 0/60
192.168.1.24/30
FortyGigE 0/48
.26
FortyGigE 0/48
BDR
DR
Router-id
192.168.19.2
Lo0 192.168.19.2/32
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
Dead Time
00:00:39
00:00:36
Address
Interface Area
192.168.1.2 Fo 0/20 0
192.168.1.6 Fo 0/28 0
Dead Time
00:00:32
00:00:39
Address
Interface Area
192.168.1.1 Fo 0/60 0
192.168.1.26 Fo 0/48 0
Dead Time
00:00:32
00:00:32
Address
Interface Area
192.168.1.5 Fo 0/60 0
192.168.1.25 Fo 0/48 0
83
Learning Check
From your knowledge of OSPF and our discussion of the OSPF DR/BDR election process, do the roles of
the switches correspond with what you would expect them to be?
Recall that with no priorities set to influence DR/BDR election, all switches will have a priority of 1 (as can
be seen in the output of the show ip ospf neighbor command in the Pri column).
With all switches having the same priority setting, other factors will be used to determine the DR/BDR on a
LAN segment, namely: the highest router-id, the highest loopback interface address, or the address on a
physical interface that is up (examined in that order).
We have configured the router-id to match the loopback addresses on our switches. With all priorities
equal, S3 is the DR on adjacencies with S1 and S2 due to its higher router-id.
Likewise, S1 is not elected as the DR on either of its adjacencies because it has the lowest router -id in both
cases.
Step 2.8:
Influencing DR election with a priority setting. In this step, you will configure a priority to
have S1 now become the DR for its adjacency with S3.
Use the ip ospf priority command, applied to S1s interface connecting it to S3, and set a
priority of 150.
The example configuration and verification below is shown on S1.
84
To have S1 assume the role of DR on the Ethernet segment between S1 and S3, S3 must be
reloaded. Be sure to save the running configuration on S3 before the reload.
After S3 has had time to fully reload and complete the DR election process (be patient), issue
the show ip ospf neighbor command on S3 and S1 and notice the change (compare the
output with what you observed in Step 2.7). You can see that from S3s perspective, S1 (routerid 192.168.19.1) is now the DR.
Dead Time
00:00:37
00:00:37
Address
Interface Area
192.168.1.5 Fo 0/60 0
192.168.1.25 Fo 0/48 0
Dead Time
00:00:33
00:00:33
Address
Interface Area
192.168.1.2 Fo 0/20 0
192.168.1.6 Fo 0/28 0
85
Learning Check
Q: Why was it necessary to reload S3 to have S1 assume role as DR?
A: Because the OSPF DR election process is non-preemptive, meaning that simply changing settings will
not trigger a new election. Even if a device that was previously the DR comes back on line with a higher
priority than the device with the DR role, no preemption will occur.
Step 2.11:
Using the show ip ospf database command, view the OSPF Link State Database (LSDB) and
verify that you have three Router (Type 1) LSAs (one for each switch configured so far) and
three Network (Type 2) LSAs (one for each of the Ethernet segments connecting the three
switches).
The EXAMPLE below is shown on S1 in Station 1. Output on other switches will vary.
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
Age
121
122
122
Seq#
0x80000012
0x80000011
0x8000000e
Checksum
0x3fb3
0x05c1
0xd5e8
Age
Seq#
1746 0x8000000a
126 0x80000001
127 0x8000000b
Checksum
0x73f9
0x73ff
0x92be
Link count
3
3
3
Network (Area 0)
Link ID
192.168.1.2
192.168.1.5
192.168.1.26
Step 2.12:
ADV Router
192.168.19.2
192.168.19.1
192.168.19.3
Examine the routing table on each of your three S-series switches to verify the existence of
routes learned by OSPF. At this point, when you view the routing table on a particular switch,
you should see the network between the other two switches (not directly connected to the
switch on which you are viewing the routing table) and the loopback addresses of the other
two switches.
86
192.168.19.1/32
192.168.19.2/32
192.168.19.3/32
Step 2.13:
Gateway
------Direct, Fo 0/20
Direct, Fo 0/28
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
via 127.0.0.1, Lo 0
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
2w1d
00:06:20
00:03:18
Issue the command show ip protocols to verify OSPF is running, that the switch has the
proper Router ID, that the area assignment (area 0) is correct, and that OSPF is routing for the
networks you specified with the network command.
EXAMPLE shown below is on S1.
In Step 2.5, you examined the OSPF database and viewed Router (Type 1) LSAs and Network
(Type 2 LSAs). In this step, we will configure and redistribute static routes into OSPF. This will
result in non-native OSPF routes now being advertised via OSPF. They will be seen in the OSPF
database as AS External (Type 5) LSAs.
87
Refer to your network topology diagram and/or the table below, and create a static route for
the network on each of your S-series switches. These routes are shown next to each switch in
purple on the topology diagram (Step 1.2).
After you have created the ONE static route on each switch (as specified in the table below),
redistribute this route into OSPF. Do this for each switch, but configure and redistribute ONLY
the ONE network shown next to the switch (do NOT configure all three static routes on each
switch.
Switch
S1
S2
S3
You should now have ONE static route configured and redistributed into OSPF on each of
your three S-series switches.
Step 2.15:
Examine the OSPF database to verify that you now have Type 5 AS External LSAs in your
database in addition to the Router and Network LSAs that were already present. There should
be one Type 5 for each of the routes you redistributed into OSPF in the previous step for a
total of three. The ADV Router column will verify which of the three switches injected which
route into OSPF.
88
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
Age
273
170
110
Seq#
0x8000000b
0x8000000a
0x8000000b
Checksum
0x53a4
0x19b2
0xe1dd
Age
Seq#
1101 0x80000007
1102 0x80000007
1098 0x80000007
Checksum
0x79f6
0x6706
0x9aba
Link count
3
3
3
Network (Area 0)
Link ID
192.168.1.2
192.168.1.5
192.168.1.26
ADV Router
192.168.19.2
192.168.19.1
192.168.19.3
Type-5 AS External
Link ID
144.254.1.0
144.254.2.0
144.254.3.0
Step 2.16:
ADV Router
Age
Seq#
192.168.19.1
274 0x80000001
192.168.19.2
171 0x80000001
192.168.19.3
111 0x80000001
Checksum
0xbdf2
0xac02
0x9b11
Tag
0
0
0
89
192.168.19.1/32
Learning Check
Why does the output of the show ip protocols command now indicate that the switch is an ASBR
(Autonomous System Boundary Router)?
Although the name might imply that an ASBR is a switch/router is connected to another autonomous
system (separate routing domain), any switch/router that redistributes non-native OSPF routes into OSPF
becomes an ASBR.
In this case, because S1, S2 and S3 have static routes redistributed into OSPF, they have become ASBRs.
Step 2.17:
Examine the routing table again. In addition to the routes you saw when you examined the
routing table in Step 2.6, you should now see the three routes you redistributed into OSPF.
For the switch you are issuing the command on, the route redistributed into OSPF should be
shown as a static route (code S), but the static route redistributed into OSPF on the other two
switches should be shown as learned via OSPF (code O).
The two redistributed routes learned via OSPF should also be shown as being OSPF external
routes, type 5 (code E2).
90
S
O
O
C
C
O
Destination
----------144.254.1.0/24
E2 144.254.2.0/24
E2 144.254.3.0/24
192.168.1.0/30
192.168.1.4/30
192.168.1.24/30
C
O
O
192.168.19.1/32
192.168.19.2/32
192.168.19.3/32
Gateway
------Direct, Nu 0
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
Direct, Fo 0/20
Direct, Fo 0/28
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
via 127.0.0.1, Lo 0
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
03:26:49
03:24:37
03:24:37
Before you continue with Exercise 3, refer to your topology diagram and be sure that you can see
the following in the routing table on each of your S-series switches:
91
N2(config)# ip routing
Step 3.2:
Access ROUTER OSPF CONFIGURATION mode on your switches. (Note that on N-series
switches, no OSPF process-id is required to enter this mode (but is required on S-series).
Step 3.3:
Configure the router-id on the switch using the same four octets of the switchs loopback
address as the router-id (N1 = 192.168.19.4; N2 = 192.168.19.5; N3 = 192.168.19.6; and N4 =
192.168.19.7).
Step 3.4:
Referring to your network topology diagram, use the network command to have the switchs
loopback address participate in the OSPF process and be advertised by OSPF. Use a wildcard
mask of 0.0.0.0, since this is a host address. Specify area 0 as the area-id.
Step 3.5:
Although OSPF is enabled globally by default, configure OSPF for particular interfaces and
identify which area the interface is associated with. Referring to your network topology
diagram, use the ip ospf area command to configure your VLAN interfaces for OSPF. Again,
the area-id is 0. COMPLETE THIS STEP FOR LINKS CONNECTED TO OTHER N-SERIES. (For
N1 and N2 there are three links to other N-series switches, and for N3 and N4 there are two
links to other N-series switches.) ALSO COMPLETE THIS STEP FOR VLAN INTERFACES ON N3
(VLAN 12) AND N4 (VLAN 10) FOR THE SEGMENTS WHERE THE PCs RESIDE.
92
As you did with your S-series switches, verify adjacencies (OSPF connections to neighbors)
with the show ip ospf neighbor command.
When you have configured all four N-series switches, you should see FULL state adjacencies
with the other three N-series switches if you are viewing neighbors on N1 or N2. If you are
viewing neighbors on N3 or N4, you should see two OSPF neighbors.
Learning Check
How can you change which switch on an Ethernet segment is elected as the DR/BDR if you want to
change the results of the default election?
As with S-series, you can change the priority on an interface basis, but with N-series, the priority setting will
be applied to a VLAN interface.
For example:
N1(config-if-vlan106)# ip ospf priority 150
93
If you do not see a FULL neighbor relationship with the other three N-series switches on N1
and N2 and with the two switches connected to N3 and N4 (with neighbors identified by their
Router ID) do not continue until you have identified and solved the issue(s).
Step 3.7:
Examine the OSPF database on each of your N-series switches. All should contain the same
information. Since you have configured four N-series switches to be in Area 0, there should
be four Router LSAs, and since there are five Ethernet networks connecting these four
switches, there should be five Network LSAs.
An EXAMPLE is shown for N1:
Adv Router
Age
--------------- ----192.168.19.4 978
192.168.19.5 834
192.168.19.6 984
192.168.19.7 458
Sequence
-------8000000e
8000000d
8000000b
8000000a
Chksm
----1be8
e818
f25b
d06b
Adv Router
Age
--------------- ----192.168.19.4 995
192.168.19.4 456
192.168.19.5 835
192.168.19.5 475
192.168.19.4 696
Sequence
-------80000003
80000003
80000003
80000003
80000003
Chksm
----aea2
94b7
7ec6
48f9
2a15
Note: What you actually view should show the four switches (by router-id) with Router LSAs.
The specific output of the Network LSAs, however, will differ depending on which switches
have been elected as the DR. What is important here is that you see FIVE Network LSAs for
the five networks that exists between all of your N-series switches.
94
Step 3.8:
Examine the routing table on your N1 switch. An example output from N1 in station 1 is shown
here. If you are examining the routing table on N1 in another station, the output will be similar
but specifics will vary.
Look for the following routes:
Networks learned via OSPF OSPF networks connecting other switches that N1 is not
directly connected to (code O). There
Directly connected routes networks connected directly to N2, N3 and N4 (code C).
Loopback addresses of N2, N3 and N4 learned via OSPF (code O).
N1s own loopback address directly connected (code C).
Ethernet segments connected to N3 and N4 to which PCs are connected learned via
OSPF (code O).
95
Exercise 4: OSPF Interoperability Configuration and Verification Between N -series and S-series
Switches
Step 4.1:
Using the knowledge and skills you have acquired in this module, configure operational OSPF
on S2 and S3 for the links that are connected to N1 and N2. You can scroll up to look at
configuration examples in exercise 2, or look at the running configuration on your S-series
switches for examples.
Step 4.2:
Using the knowledge and skills you have acquired in this module, configure operational OSPF
on N1 and N2 for the links that are connected to S2 and S3. You can scroll up to look at
configuration examples in exercise 3, or look at the running configuration on your N-series
switches for examples.
Step 4.3:
Verify that your new adjacencies (neighbor relationships) have been formed.
Step 4.4:
View the Link State Database on S1 (although you should see the same information on any
switch in your network).
Look for the following output:
You should see first a Router (Type 1) LSA for each switch in your area for a total of
seven.
You should see below that a Network (Type 2) LSA for every Ethernet segment in your
area for a total of twelve.
Below that, you should see an AS External (Type 5) LSA for the static routes
redistributed into OSPF by your S-series switches for a total of three.
96
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
192.168.19.4
192.168.19.5
192.168.19.6
192.168.19.7
Age
281
23
217
29
374
1760
1079
Seq#
Checksum
0x8000003b 0xf2d4
0x8000003f 0xdfbe
0x8000003f 0xc5ad
0x80000054 0xe9d3
0x8000004e 0x912e
0x80000033 0x5c38
0x8000002a 0x0587
Age
1110
1111
29
434
254
221
1106
1455
921
59
1820
418
Seq#
Checksum
0x80000037 0x1927
0x80000037 0x0736
0x80000001 0x4722
0x80000003 0x1f42
0x80000002 0x0756
0x80000001 0xdc7f
0x80000037 0x3aea
0x80000006 0x94b7
0x80000007 0x6ed6
0x80000007 0x58e5
0x80000006 0x2e0f
0x80000007 0xf93d
Link count
3
5
5
6
6
4
4
Network (Area 0)
Link ID
ADV Router
192.168.1.2
192.168.19.2
192.168.1.5
192.168.19.1
192.168.1.10 192.168.19.4
192.168.1.14 192.168.19.5
192.168.1.18 192.168.19.5
192.168.1.22 192.168.19.4
192.168.1.26 192.168.19.3
192.168.1.30 192.168.19.5
192.168.1.34 192.168.19.6
192.168.1.38 192.168.19.7
192.168.1.42 192.168.19.6
192.168.1.46 192.168.19.7
Type-5 AS External
Link ID
144.254.1.0
144.254.2.0
144.254.3.0
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
Age
285
181
122
Seq#
Checksum
0x80000031 0x5d23
0x80000031 0x4c32
0x80000031 0x3b41
97
Tag
0
0
0
144.254.1.0/24
OSPF Area 0
Lo0
192.168.19.1/32
FortyGigE 0/20
S1
.1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
144.254.2.0/24
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
144.254.3.0/24
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
Te 0/46
.13
Te 0/47 .17
5
10 /30
0
AN
VL 8.1.2
.16
2
19
Te 1/1/3
19 VLAN
2.1
68 103
.1.
12
/30
Lo0
192.168.19.4/32
Te 1/1/3
.18
Te 1/1/4
Te 1/0/7
.29
.45
VLAN 104
192.168.1.16/30
.14
.22
Te 1/1/4
N1
S3
.21
Te 0/47
VLAN 102
192.168.1.8/30
.10
Te 0/46
VLAN 106
192.168.1.28/30
Te 1/0/5
Lo0
192.168.19.5/32
Te 1/0/7
.30
Te 1/0/5
.41
N2
Te 1/0/4 .37
.33 Te 1/0/4
VLAN 107
192.168.1.32/30
9
10 /30
0
AN
VL 8.1.4
6
1
.
2
19
.34 Gi 1/0/4
19 VLAN
2.1
68 110
.1.
44
/30
.42
VLAN 108
192.168.1.36/30
Gi 1/0/4 .38
.46
Gi 1/0/5
Gi 1/0/5
Lo0
192.168.19.6/32
Lo0
192.168.19.7/32
N3
.1
N4
Gig1/0/2
Gig1/0/1
PC3
VLAN 12
192.168.12.0/24
Step 4.5:
.10
.1
PC4
.20
VLAN 10
192.168.10.0/24
Examine the routing table on your S1 switch. An example output from S1 is displayed. Look for
the following routes (which are color-coded to correspond with the following descriptions):
The static route you configured and redistributed into OSPF (code S).
The static route configured on other S-series switches that were redistributed into
OSPF, and are therefore considered external routes (code E2). There should be two.
Networks learned via OSPF OSPF networks connecting other switches that S1 is
not directly connected to (code O). There should be ten.
98
S1s own loopback address directly connected (code C). There should be one.
Loopback addresses of all other switches learned via OSPF (code O). There should
be six.
99
Step 4.6:
Verify that each switch in your network has a FULL view of the entire seven switch network.
Step 4.7:
As a final check, from S1 ping the PCs connected to N3 and N4 across the OSPF network.
The EXAMPLE shows S1 pinging the PCs .
Show your instructor the routing table on your S1 switch to confirm that S1 has a FULL view of
your network.
If you do not see the expected output when viewing the LSDB and routing table discover the
issues and resolve them.
Step 4.9:
Issue the command copy running-config startup-config on each of your seven switches.
YOU WILL USE THIS CONFIGUATION AS IS FOR THE NEXT LAB.
100
Purpose:
When to Use:
Equipment:
101
Examine the diagram below to become familiar with the topology for this exercise. Policybased routing will be configured on S2 to redirect traffic onto a new path that differs from the
OSPF-determined best path. Refer to this diagram as needed as you work through this
exercise.
.1
S1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
S3
Te 0/47
VLAN 102
192.168.1.8/30
.10
Te 1/1/3
Lo0
192.168.19.4/32
N1
.33 Te 1/0/4
VLAN 107
192.168.1.32/30
.34 Gi 1/0/4
Lo0
192.168.19.6/32
N3
OSPF Area 0
102
Step 1.2:
To have active links only for the ones shown in the topology diagrams, above, for this exercise,
shut down the following interfaces on N1 and N3:
On N1, shut down interfaces: Te 1/0/5, Te 1/0/7, and Te 1/1/4
On S2 (the switch where policy-based routing will be configured), issue the show cam-acl
command to ensure that there are CAM resources allocated on S2 to support PBR.
Default CAM allocation does not dedicate blocks to PBR, as can be shown here on S2 which
has the default settings
If there are no CAM resources dedicated for ipv4pbr when you issue the show cam-acl
command on S2, reduce the L2Acl resource allocation (default 6 blocks) to 4 blocks, and
allocate 2 blocks for ipv4pbr.
103
S2(conf)# cam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos
0 ecfmacl 0 ipv4pbr 2
Step 1.5:
If you found it necessary to allocate ipv4pbr resources as described above on S2, following
the command issued in the previous step, you will need to copy the running configuration to
the startup configuration and reboot the switch. Do this only if you needed to allocate ipv4pbr
CAM resources.
Step
1.6 copy running-config startup-config
S2(conf)#
S2(conf)# reload
Step 1.6:
If you found it necessary to allocate ipv4pbr resources as described above, following the
switch reload, verify that there are now ipv4pbr CAM resources allocated.
Step 1.7:
:
:
:
:
:
2
0
0
0
0
On N3, verify that S1s loopback address (192.168.19.1) is present in the routing table, derived
by OSPF.
Derived
104
Step 1.9:
0. time=
1. time=
2. time=
3. time=
1324 usec.
836 usec.
871 usec.
792 usec.
On N3, using the traceroute command, verify that packets from N3 to S1 take the most
optimal path (N3-> N1-> S2-> S1) in accordance with OSPF default operations/policy. The
example output below is from N3.
192.168.1.33
192.168.1.9
0.0.0.0
0.0.0.0
<1 ms <1 ms
<1 ms <1 ms
*
*
*
*
*
<1 ms
<1 ms
Hop Count = 4
Step 1.10:
On S2, create a redirect-list to redirect traffic from the OSPF-defined path to now reach S1 via
path N3->N1->S2->S3->S1. This new path, compared to the path seen in Step 1.9 includes S3.
The example shown here is for the redirect-list on S2. See the table beneath the example
configuration to understand what the different addresses represent.
The redirect-list is named Green to represent the green-colored path in the topology
diagram.
105
Device
S2
Forwarding Switchs
Address (on S3)
192.168.1.26
Source Address /
Network
192.168.1.32/30
Destination Host
192.168.19.1
Note, the second sequence statement of the redirect-list allows for traffic from any source to
any destination not defined in the first sequence statement.
Step 1.11:
On S2, with the ip redirect-group command, apply the redirect-list to Te 0/47 (the interface
connected to N1, though which traffic from 192.168.1.32/30 will flow).
Step 1.12:
On S2, verify the creation of your redirect-list and that it has been applied to interface Te0/47.
Now that S2 has been configured to redirect traffic from the network connecting N3 to N1,
trace the route from N3 to S1s loopback address to see that traffic now flows over the policybased path you have defined and not the OSPF-determined best path.
You should see that S3 is now in the path, with traffic being redirected to S3s 192.168.1.26
address.
The example is shown on N3 in Station 1.
Verification
<1 ms <1 PRB
ms on an N-series Switch
<1 ms <1 ms
<1 ms <1 ms
*
106
Step 1.15:
On S2, issue the command show ip redirect-list again. Notice that although you have deleted
the redirect-list in the previous step, it still appears that the redirect-list is applied to Te 0/47.
This allows for ease of management in case you should want to redefine the specifics of the
redirect-list without having to again assign it to a particular interface.
On S2, since we do not want to redefine the redirect-list, remove it from the Te 0/47 interface.
Step 1.17:
On N3, trace the route to S1s loopback address to verify that the path taken is now the OSPF determined best path (N3-> N1-> S2-> S1).
N3#traceroute 192.168.19.1
Traceroute to 192.168.19.1 ,30 hops max 0 byte packets:
1
2
3
4
192.168.1.33
<1 ms <1 ms <1 ms
192.168.1.9
<1 ms <1 ms <1 ms
0.0.0.0
*
*
*
0.0.0.0
*
*
107
Examine the diagram below to become familiar with the topology for this exercise.
Policy-based routing will be configured on N1 to redirect traffic onto a new path that differs
from the OSPF-determined best path. Refer to the topology diagram as needed as you work
through this exercise.
108
Lo0
192.168.19.1/32
FortyGigE 0/20
.1
S1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
Te 0/46
Te 0/47 .17
Te 0/47
VLAN 102
192.168.1.8/30
.10
S3
.21
VLAN 104
192.168.1.16/30
5
10 30
AN 1.20/
L
V 8.
6
2.1
19
Te 1/1/3
Te 1/1/3
.18
.22
Te 1/1/4
Lo0
192.168.19.4/32
Te 1/0/7
.29
VLAN 106
192.168.1.28/30
Lo0
192.168.19.5/32
Te 1/0/7
.30
N1
N2
.33 Te 1/0/4
VLAN 107
192.168.1.32/30
.34 Gi 1/0/4
Lo0
192.168.19.6/32
N3
OSPF Area 0
Step 2.2:
On N1, to have active links only for the ones shown in the topology diagrams above, for this
exercise, bring up Te 1/0/7 and Te 1/1/4 (that were shut down in Exercise 1).
Leave Te 1/0/5 shutdown.
109
Step 2.3:
On N3, verify that S1s loopback address (192.168.19.1/32) is present in the routing table,
derived by OSPF.
On N3, using the traceroute command, verify that the paths taken to reach S1 are the most
optimal routes as determined by traditional routing in this case, by OSPF.
Note that there are two equal-cost paths, via S2 (192.168.1.9) and S3 (192.168.1.21), so you
may get one or both paths indicated, depending on how many times you issue the command.
110
192.168.1.33
<1 ms <1 ms
192.168.1.9
<1 ms <1 ms
0.0.0.0
*
*
*
0.0.0.0
*
*
<1 ms
<1 ms
192.168.1.33
<1 ms
192.168.1.21
<1 ms
0.0.0.0
*
*
0.0.0.0
*
*
<1 ms
<1 ms
*
<1 ms
<1 ms
On N1, create an access-list named TRAFFIC_TO_S1 to create a filter that matches any traffic
destined for S1s loopback address, 192.168.19.1/32. Note the use of a wildcard mask (0.0.0.0)
for S1s loopback host address which has a mask of /32 = 255.255.255.255.
Step 2.6:
On N1, create a route-map named REDIRECT_TRAFFIC to define the action to take for traffic
matching the source traffic (any) and destination (192.168.19.1) specified in the access-list you
created in Step 2.5. The action specified for matching traffic is to have it redirected to reach S1
via N2 across VLAN 106, by indicating the next-hop address - the interface address of N2 on
the link.
Refer to the topology diagram and/or the following table for addressing and VLAN specifics for
the different stations, for this step and for Step 2.7.
111
Device
N1
Next-hop address
(on N2)
192.168.1.30
VLAN Interface to
apply route-map to
107
Step 2.8:
On N1, verify the creation of the access-list you configured in Step 2.5
You can simply verify that the access-list exists with the show ip access-lists command, or
complete the command indicating the name of the access-list to see the specifics of the
rule(s) defined.
112
On N1, use the show route-map command to verify the existence of the route-map you
configured and to see the details of the MATCH and SET clauses that define the filter and
actions for matching traffic for your route-map.
On N1, issue the show ip policy command to verify that the route-map has been applied to
the VLAN connecting N1 to N3.
Step 2.11:
Route-Map
----------------------------------------REDIRECT_TRAFFIC
Now that you have used policy-based routing to configure traffic steering on a path different
from the path OSPF would determine to forward traffic between N3 and S1s loopback
address, verify that your policy-redirected path is working properly. Trace the path of traffic
from N3 to S1s loopback address (192.168.19.1).
<1 ms [192.168.1.30
<1 ms
You should now see the path N3 -> N1 -> N2 (192.168.1.30) -> S3 -> S1.
113
] reports:
Step 2.12:
To now return to normal OSPF-determined forwarding, remove the route-map on N1. This
will also delete the route-map from the VLAN interface you applied it to.
Step 2.13:
Although it is not applied, for good management and having a clean configuration that does
not confuse someone who may be troubleshooting the system, remove the ip-access list
configured in Step 2.5 from N1.
Step 2.14:
Restore the network to full IP connectivity and an OSPF network that allows all switches in
your network to have routes to all other switches, either via direct connections or via OSPF.
On N1, N2 and N3, bring up the shutdown interfaces shown below.
Step 2.15:
To verify proper restoration of normal OSPF routing in the network, on S1, issue the show ip
route command and ensure that you can see all twelve networks connecting all switches in
the network in the routing table. Also ensure that all seven switches loopback addresses are
present.
114
Configuration and verification of VRRP with Dell S-series switches forming the VRRP group,
performing VRRP Master and Backup gateway roles.
Configuration and verification of VRRP with Dell N-series switches forming the VRRP group,
performing VRRP Master and Backup gateway roles.
Purpose:
When to Use:
Equipment:
115
116
INTERNET
MASTER
PHYSICAL
GATEWAY
BACKUP
PHYSICAL
GATEWAY
VIRTUAL
GATEWAY
Examine the generic topology diagram below to become familiar with the devices you will
configure in this step - the ones within the green rectangle, your S2, S3 and N1 switches. Your
S2 switch will be configured to be the VRRP MASTER gateway, and your S3 switch will be the
BACKUP gateway. All three switches will be members of a common IP subnet on the links
shown below in blue. Switch N1 represents the switch to which hosts would normally be
connected to - and reaching the Internet via the MASTER gateway.
S1 will simulate the global Internet or an enterprises internet. This simulation uses the OSPF
network you have already configured. Testing reachability to the Internet will be done by
pinging S1s loopback address (192.168.19.1).
INTERNET
FortyGigE 0/20
S1
FortyGigE 0/28
FortyGigE 0/60
MASTER
PHYSICAL
GATEWAY
FortyGigE 0/60
S2
S3
VIRTUAL
GATEWAY
Te 0/45
Te 1/1/1
Te 1/1/2
N1
Te 0/45
117
BACKUP
PHYSICAL
GATEWAY
Step 1.2:
Now that you are familiar the generic topology used in this lab, examine the detailed topology
to become familiar with specific addressing and VLAN assignment (for N1) you will use for this
exercise.
S1
.1
.5
FortyGigE 0/60
FortyGigE 0/28
30
4/
1.
8.
16
2.
19
19
2.1
68
.1.
0/
30
FortyGigE 0/20
.2
MASTER
PHYSICAL
GATEWAY
Priority
150
.6
S2
S3
VIRTUAL
GATEWAY
192.168.101.111 /24
Te 0/45
192.168.101.1 /24
VLAN 111
Te 0/45
VLAN 111
Te 1/1/1
Te 1/1/2
N1
118
BACKUP
PHYSICAL
GATEWAY
Priority
100
192.168.101.2 /24
192.168.101.3 /24
FortyGigE 0/60
Step 1.3:
Examine the routing table on S2 and S3 to verify that S1s loopback address (192.168.19.1) is
present and learned via OSPF. This address will simulate connectivity to the Internet. We will
be pinging this address in this exercise to verify connectivity to the Internet. Ping the address
from S2 and S3.
If you cannot ping 192.168.19.1 from S2 and S3, troubleshoot the issue before you continue to
the next step.
Step 1.4:
Referring to the topology diagram, configure S2, S3 and N1 to be hosts on the same subnet.
NOTE THAT YOU WILL BE ADDING LINKS IN THIS LAB NOT PREVIOUSLY CONFIGURED AND
USED IN EARLIER LABS.
As done in earlier labs, addresses will be assigned to physical interfaces on the S-series
switches, and to the VLAN interface on N1. Refer, if necessary, to previous labs if a refresher is
needed on configuring switch interfaces.
Two physical interfaces will be assigned to one VLAN on N1 (this is different from what we
have configured in previous labs where we have had only one physical interface assigned to
each VLAN). An example configuration is provided showing this done, below.
VLAN Interface
111
Physical Interface(s)
Te 0/45
Te 0/45
Te 1/1/1
Te 1/1/2
119
IP Address
192.168.101.1/24
192.168.101.2/24
192.168.101.3/24
Verify connectivity on the links you have just configured by pinging the addresses you have
assigned to S2, S3 and N1.
Ping S2 from N1
Ping S3 from N1
Ping S3 from S2
Step 1.6:
120
Step 1.7:
Step 1.8:
Note that S2 is the Master gateway, because it has a priority higher than S3s priority (which has
the default priority of 100). With this command, you can also verify the physical interface
address, the virtual IP address, and that they are in the same subnet.
Notice also that preemption is enabled by default (Preempt: TRUE). This means that if a
MASTER gateway fails and the BACKUP gateway takes over when the original MASTER
gateway comes back online, it will resume the role as MASTER.
121
Step 1.9:
Note that S3 is the Backup gateway, because it has a priority less than S2s priority. Although
you did not configure a priority on S3, it has a priority of 100 because that is the default value.
Notice also that in addition to sharing a virtual IP address (which you had to configure), both
gateways also share a virtual MAC address (which you do not have to configure).
Step 1.10:
Issue the show vrrp brief command on S2 and S3. This command provides yet another way to
verify proper VRRP specifics.
As mentioned, for this exercise, pinging the loopback address of switch S1 will simulate
connectivity to the Internet or an enterprises internetwork (common destinations that
gateways help us to reach). S1s loopback address is 192.168.19.1.
Because you currently have an operational OSPF network, you can ping 192.168.19.1.
However, you would be using OSPF links already configured on your switches.
In order to simulate N1 being able to reach the Internet via our VRRP Master gateway (S2)
using the newly configured subnet shared by S2, N1, and S3, we need to create an
environment that allows us to demonstrate using our VRRP gateway over this subnet to reach
192.168.19.1 (instead of OSPF connections on N1).
122
S2
S3
VIRTUAL
GATEWAY
Step 1.12:
On N1, create a default route (a static route to any destination) using the virtual address of
vrrp-group 1 as the default gateway address.
On N1, view the routing table. Verify that the Default Gateway is the address of your virtual
address for your VRRP group. Also notice the presence of the subnet that N1 shares with S2
and S3.
123
Step1.14:
On S2 and S3, issue the command redistribute connected to have S2 and S3 advertise the
VRRP group subnet beyond the gateway. Although no routing protocol is used within our
VRRP group, this will allow reachability to the simulated Internet for N1 beyond the gateway.
S2#conf
S2(conf)# router ospf 1
S2(conf-router_ospf-1)# redistribute connected
Be sure that you have completed this step on both S2 and S3!
Step 1.15:
From N1, verify that you can ping the simulated Internet address 192.168.19.1.
Step 1.16:
0. time=
1. time=
2. time=
3. time=
1296 usec.
814 usec.
795 usec.
827 usec.
From N1, use the traceroute command to verify that you are reaching the simulated Internet
via the Master Gateway. You should be reaching 192.168.19.1 via S2s Te 0/45 address.
<1 ms
<1 ms
<1 ms
-output truncated-
Step 1.17:
You will now cause S2 to fail by reloading it. Because preemption is enabled by default, you
will need to verify failover of the MASTER gateway role to S3 (Step 1.18) before S2 reloads.
Be sure to save the configuration on S2 first, before reloading it!
124
INTERNET
S1
MASTER
PHYSICAL
GATEWAY
S2# reload
Proceed with reload [confirm
S3
BACKUP
PHYSICAL
GATEWAY
VIRTUAL
GATEWAY
yes/no]: y
N1
Step 1.18:
On N1, repeat the traceroute to 192.168.19.1. You should now see that you are reaching the
cloud via S3, which has taken over as the MASTER gateway. You should be reaching
192.168.19.1 via S3s Te 0/45 address.
192.168.101.2
<1 ms
- output truncated -
Step 1.19
<1 ms
<1 ms
You should now see that S3 has assumed the role as MASTER gateway.
125
Continue to view the output from S3 while S2 reloads. When S2 reloads, you will see a
message on S3 that it has reverted to the role of BACKUP gateway.
On S2, issue the command show vrrp to verify that it has resumed the role of MASTER
gateway following its completed reload.
Step 1.21:
You will now configure S2 to track its interface to the simulated Internet. Since the main
purpose for S2 to have the role of MASTER gateway is to allow N1 to reach the Internet, if S2s
connection to the Internet fails, we would like to see S3 take over as the MASTER gateway.
INTERNET
S1
fortyGigE 0/60
MASTER
PHYSICAL
GATEWAY
S2
S3
VIRTUAL
GATEWAY
N1
126
BACKUP
PHYSICAL
GATEWAY
S2(conf-if-fo-0/60)# shutdown
S2(conf-if-fo-0/60)#00:37:39: %STKUNIT0-M:CP %IFMGR-5-ASTATE_DN: Changed interface
Admin state to down: Fo 0/60
00:37:40: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Fo
0/60
00:37:42: %STKUNIT0-M:CP %VRRP-6-VRRP_BACKUP: IPv4 vrid-1 on Te 0/45 VRF default
entering BACKUP.
Note from the output that as you shut down S2s connection to the Internet, it enters BACKUP
mode for the VRRP group.
Step 1.23:
Verify that S3 has assumed the role as MASTER gateway by issuing the show vrrp command
on S2 and/or S3.
Verify that N1 is using S3 as the gateway to reach the Internet by issuing a traceroute to
192.168.19.1.
With the remaining steps in Exercise 1, you will restore your network to the configuration
that existed prior to configuring and verifying VRRP with S-series switches forming the
VRRP group.
Step 1.24:
Step 1.25:
127
Step 1.26:
On both S2 and S3, remove the VRRP group and IP address configuration from the Te 0/45
interface, and shut down the interface.
On N1, remove the default route to the VRRP groups virtual address.
128
Examine the generic topology diagram below to become familiar with the devices you will
configure in this step - the ones within the green rectangle, your N1, N2 and N4 switches. Your
N1 switch will be configured to be the VRRP MASTER gateway, and your N2 switch will be the
BACKUP gateway. All three switches will be members of a common IP subnet on the links
shown below in blue. Switch N4 represents the switch to which hosts would normally be
connected to - and reaching the Internet via the MASTER gateway.
S3 will simulate the global Internet or an enterprises internet. This simulation uses the OSPF
network you have already configured. Testing reachability to the Internet will be done by
pinging S3s loopback address (192.168.19.3).
INTERNET
TE 0/46
S3
TE 0/47
TE 1/1/4
MASTER
PHYSICAL
GATEWAY
Te 1/1/3
N1
N2
VIRTUAL
GATEWAY
Te 1/0/6
Gi 1/0/6
Gi 1/0/3
N4
Te 1/0/3
129
BACKUP
PHYSICAL
GATEWAY
Step 2.2:
Now that you are familiar the generic topology used in this lab, examine the detailed topology
to become familiar with specific addressing and VLAN assignment you will use for this
exercise.
INTERNET
Lo0
192.168.19.3/32
S3
Te 0/46
.17
Te 1/1/4
4 0
10 6/3
1
AN .1.
VL 68
1
2.
19
19 V
2. LA
16 N
8. 10
1. 5
20
/3
0
.21
Te 0/47
.22
.18
N1
N2
VIRTUAL
GATEWAY
192.168.121.111 /24
Te 1/0/6
192.168.121.1 /24
192.168.121.2 /24
1
12
AN
VL
192.168.121.3 /24
Gi 1/0/6
Gi 1/0/3
N4
130
BACKUP
PHYSICAL
GATEWAY
Priority
100
Te 1/0/3
VL
AN
12
1
MASTER
PHYSICAL
GATEWAY
Priority
150
Te 1/1/3
Step 2.3:
Examine the routing table on N1 and N2 to verify that S3s loopback address (192.168.19.3) is
present and learned via OSPF. This address will simulate connectivity to the Internet. We will
be pinging this address in this exercise to verify connectivity to the Internet. Ping 192.168.19.3
from N1 and N2.
If you cannot ping 192.168.19.3 from N1 and N2, troubleshoot the issue before you continue
to the next step.
Step 2.4:
Referring to the topology diagram and/or the following table, configure N1, N2 and N4 to be
hosts on the same subnet.
NOTE THAT YOU WILL ADDING LINKS IN THIS LAB NOT PREVIOUSLY CONFIGURED AND
USED IN EARLIER LABS.
As done in earlier labs, addresses will be assigned to the VLAN interface on N1, N2 & N4. Refer,
if necessary, to previous labs if a refresher is needed on configuring switch interfaces.
Two physical interfaces will be assigned to one VLAN on N4 (this is different from what we
have configured in previous labs where we have had only one physical interface assigned to
each VLAN). An example configuration is provided showing this done, below.
VLAN Interface
121
121
121
Physical Interface(s)
Te 1/0/6
Te 1/0/3
Gi 1/0/3
Gi 1/0/6
IP Address
192.168.121.1/24
192.168.121.2/24
192.168.121.3/24
131
Note that spanning tree has been disabled on N4s physical interfaces.
Step 2.5:
Verify connectivity on the links you have just configured by pinging the addresses you have
assigned to N2, N4 and N1.
Ping N1 from N4
Ping N2 from N4
Ping N2 from N1
Step 2.6:
With the ip vrrp command, enable VRRP globally on N1 and N2 (the two switches that will be
in the VRRP group).
Example shown on N1:
N1(config)# ip vrrp
Step 2.7:
N1#configure
N1(config)# interface vlan 121
N1(config-if-vlan121)# vrrp 1
N1(config-if-vlan121)# vrrp 1 ip 192.168.121.111
N1(config-if-vlan121)# vrrp 1 mode
N1(config-if-vlan121)# vrrp 1 priority 150
132
Step 2.8:
Step 2.9:
Note that VRRP is enabled administratively globally and also for VRRP group 1.
Note that N1 is the Master gateway, because it has a priority higher than N2s priority (which
has the default priority of 100). With this command, you can also verify the VLAN interface
associated with the VRRP group, the Primary IP Address (which is the Virtual Gateway Address
for the group, and the Virtual MAC address associated with the group.
133
Notice also that preemption is enabled by default. This means that if a MASTER gateway fails
and the BACKUP gateway takes over when the original MASTER gateway comes back online,
it will resume the role as MASTER.
Step 2.10:
134
Step 2.11:
Issue the show vrrp brief command on N1 and N2. This command provides yet another way
to verify proper VRRP specifics.
Grp
--1
Prio
---150
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Master
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Backup
Grp
--1
Prio
---100
This command also allows you to verify the VLAN interface associated with the VRRP group,
the VRRP priority to determine the Master Gateway of the group, the groups virtual gateway
address, the mode (enabled), and the role of the switch (Master or Backup).
Step 2.12:
As mentioned, for this exercise, pinging the loopback address of switch S3 will simulate
connectivity to the Internet or an enterprises internetwork (common destinations that
gateways help us to reach). S3s loopback address is 192.168.19.3 (for all stations).
Because you currently have an operational OSPF network, you can ping 192.168.19.3.
However, you would be using OSPF links already configured on your switches.
In order to simulate N4 being able to reach the Internet via our VRRP Master gateway (N1)
using the newly configured subnet shared by N1, N2, and N4, we need to create an
environment that allows us to demonstrate using our VRRP gateway over this subnet to reach
192.168.19.3 (instead of OSPF connections to N1).
To temporarily disable OSPF functionality on N4s interfaces for this exercise, you will issue the
shutdown command on N4s Gi 1/0/4 and Gi 1/0/5 interfaces (the ones mapped to OSPFenabled VLANs 108 and 110).
You do not have to shut each interface down separately, use the interface range command to
shut down multiple interfaces at the same time, as shown below.
Note that there is NO spacing used when specifying the range of interfaces (gi1/0/4-5).
135
Step 2.13:
Step 2.14:
From N4, verify that you can ping the simulated Internet address 192.168.19.3.
Step 2.15:
0. time=
1. time=
2. time=
3. time=
1274 usec.
837 usec.
772 usec.
776 usec.
From N4, using the traceroute command, verify that you are reaching the simulated Internet
via the Master Gateway. You should be reaching 192.168.19.3 via N1s VLAN 121 address.
<1 ms
<1 ms
<1 ms
output truncated -
Step 2.16:
You will now cause N1 to fail by reloading it. Because preemption is on by default, you will
need to verify failover of the MASTER gateway role to N2 (Step 2.11) before N1 reloads.
Be sure to save the configuration on N1 first, before reloading it!
136
S3
Te 1/1/4
MASTER
PHYSICAL
GATEWAY
Configuration Saved!
N1
N2
BACKUP
PHYSICAL
GATEWAY
VIRTUAL
GATEWAY
N1# reload
Are you sure you want to reload the stack?
(y/n) y
Step 2.17:
N4
On N4, repeat the traceroute to 192.168.19.3. You should now see that you are reaching the
cloud via N2, which has taken over as the MASTER gateway. You should be reaching
192.168.19.3 via N2s VLAN 121 address.
<1 ms
<1 ms
<1 ms
output truncated -
Step 2.18:
Grp
--1
Prio
---100
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Master
You should now see that N2 has assumed the role as MASTER gateway. Because preemption is
enabled by default, when N1 reloads it will again assume the role of Master gateway. After N1
137
reloads, you can confirm this default behavior by again issuing the show vrrp brief command
on N2, and you will now see that its state (role) is that of the Backup gateway.
Grp
--1
Prio
---100
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Backup
Step 2.19:
On N1, issue the command show vrrp brief to verify that it has resumed the role of MASTER
gateway following its completed reload.
Step 2.20:
You will now configure N1 to track its interface to the simulated Internet. Since the main
purpose for N1 to have the role of MASTER gateway is to allow N4 to reach the Internet, if N1s
connection to the Internet fails, we would like to see N2 take over as the MASTER gateway.
Shown below is the configuration for tracking N1s VLAN 105 (its connection to the simulated
Internet / enterprise internetwork). The decrement value is 110. (Recall that with S-series, we
set the priority cost to 60 to accomplish the same thing.) This will cause N1s priority to be
reduced by the value of 110 when N1 loses its link to the Internet. This will leave N1 with a
lower VRRP priority value than N2 and will trigger an election resulting in N2 assuming the role
of the MASTER gateway.
The configuration and verification for interface tracking on N1 are shown here:
138
Shut down N1s connection to the simulated Internet (S3s loopback address (192.168.19.3).
This is the physical interface mapped to VLAN 105 that we configured interface tracking for in
the previous step. That physical interface is Te 1/1/4 on N1.
139
INTERNET
S3
Te 1/1/4
MASTER
PHYSICAL
GATEWAY
N1(config-if-Te1/1/4)# shutdown
N1
N2
VIRTUAL
GATEWAY
N4
Step 2.22:
Verify that N2 has assumed the role as MASTER gateway by issuing the show vrrp brief
command on N1 and/or N2.
Grp
--1
Prio
---150
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Backup
Verify that N4 is using N2 as the gateway to reach the Internet by issuing a traceroute to
192.168.193.
<1 ms
<1 ms
<1 ms
output truncated -
140
BACKUP
PHYSICAL
GATEWAY
On N1, issue the command show vrrp to verify that N1 is now performing the Backup gateway
role. Notice also that the Track Interface State is Down (which triggered the new election
when N1s priority was decremented (reduced) by 110 when the tracked interface failed).
With the remaining steps in Exercise 2, you will restore your network to the configuration
that existed prior to configuring and verifying VRRP with N-series switches forming the
VRRP group.
Step 2.24:
141
Step 2.25:
Step 2.26:
N1(config)# no ip vrrp
Step 2.27:
On N1, N2 and N4, delete VLAN 121 (Station 1), VLAN 122 (Station 2), VLAN 123 (Station 3), or
VLAN 124 (Station 4).
Note: Prior to the next lab, your instructor will load reset files onto your switches that
have only hostnames configured.
142
By completing this lab, you will perform the following tasks on your workstation:
1. Configure IP Connectivity.
2. Configure OSPF as the interior gateway protocol to support iBGP within an
autonomous system (AS).
3. Configure iBGP for intra-area BGP operation.
4. Configure eBGP for inter-area BGP operation.
5. Redistribute routes into BGP
When to Use:
Equipment:
143
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
.1
S1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
.2
.6
.25
S2
FortyGigE 0/60
FortyGigE 0/48
Router-id
192.168.19.2
Lo0 192.168.19.2/32
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
In this lab, we will use BGP for inter-AS connectivity and route advertisements. Switch S1 is in
AS 64510, and S2 and S3 are in AS 64530. External BGP (eBGP) will be used to allow S2 and S3
to peer with S1 in a remote AS. Within AS 64530, S2 and S3 will be internal BGP (iBGP) peers.
S2 and S3 will also be OSPF neighbors to allow for iBGP loopback-based peering.
Step 1.2:
Configure IP addresses on S1, S2 and S3. Refer to the topology diagram and the table below
for the correct addressing for the interfaces to be configured.
Device
S1
S1
S1
S2
S2
S2
S3
S3
S3
Interface
Loopback 0
FortyGigE 0/20
FortyGigE 0/28
Loopback 0
FortyGigE 0/48
FortyGigE 0/60
Loopback 0
FortyGigE 0/48
FortyGigE 0/60
IP Address
192.168.19.1/32
192.168.1.1/30
192.168.1.5/30
192.168.19.2/32
192.168.1.25/30
192.168.1.2/30
192.168.19.3/32
192.168.1.26/30
192.168.1.6/30
144
Step 1.3:
By examining the running configuration, on S1, S2 and S3, verify that the interfaces you have
configured have the correct IP addresses and that they are enabled (with the no shutdown
command). An example is shown here on S1:
Examine the routing table on S1, S2 and S3 to verify that the networks between switches and
loopback addresses appear as directly connected routes as a result of your address
configuration on the three switches. An example is shown here on S2:
output abbreviated-
Destination
Gateway
----------------C 192.168.1.0/30 Direct, Fo 0/20
C 192.168.1.4/30 Direct, Fo 0/28
C
192.168.19.1/32
Dist/Metric
----------0/0
0/0
via 127.0.0.1, Lo 0
0/0
145
Last Change
----------00:07:01
00:02:23
00:12:25
Step 1.5:
Test IP connectivity across the three links in your network. From S1 ping S2 (ping 192.168.1.2)
and S3 (ping 192.168.1.6). From S2 ping S3 (ping 192.168.1.26).
If you cannot successfully ping across these three links, do not continue until you have
resolved the issue that is preventing connectivity.
Lab Note
As will be demonstrated in this lab, configuring BGP is not particularly complicated. Often issues with BGP
are actually related to basic configuration parameters, such as IP connectivity. It is therefore important to
ensure that IP connectivity can be verified before configuring BGP.
146
View the topology diagram to become familiar with the devices and interfaces used in this
exercise. OSPF will be configured ONLY between S2 and S3, as indicated by the green line
between them in the diagram.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
S1
.1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
OSPF
.2
.6
.25
S2
Router-id
192.168.19.2
Lo0 192.168.19.2/32
FortyGigE 0/60
FortyGigE 0/48
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
Lab Note
The purpose for configuring OSPF between S2 and S3 in this lab is to allow for loopback-based peering
between the two devices. We will configure Internal BGP (iBGP) with loopback-based peering for
switches within AS 64530.
For External BGP, S2 and S3 will be peering with S1 which in a different AS. Therefore, since we will not
use an interior gateway protocol (OSPF) between ASs, for eBGP we will peer with physical addresses, not
with loopback addresses.
147
Step 2.2:
On S2 and S3, configure and verify functioning OSPF between these two switches (only). Refer
to previous labs where you have configured OSPF if you need a refresher on specific OSPF
configuration requirements.
OSPF configuration and verification for S2:
148
Verify that S2 and S3 are OSPF neighbors with a FULL adjacency state. The example is shown
on S3:
State
FULL/DR
Dead Time
00:00:37
Address
Interface
192.168.1.25 Fo 0/48
Area
0
Examine the routing table on S2 and S3 to verify that each switch has installed the other
switchs Loopback 0, learned via OSPF. The example is shown on S3:
C
C
O
C
Destination
----------192.168.1.4/30
192.168.1.24/30
192.168.19.2/32
192.168.19.3/32
Gateway
Dist/Metric Last Change
----------------- ----------Direct, Fo 0/60
0/0 00:25:59
Direct, Fo 0/48
0/0 00:26:39
via 192.168.1.25, Fo 0/48
110/1 00:01:31
via 127.0.0.1, Lo 0
0/0 00:27:28
Lab Note
As will be demonstrated in this lab, configuring BGP is not particularly complicated. Often issues with
Internal BGP are actually related to OSPF configuration (or configuration of another IGP used to support
loopback-based connectivity for iBGP peering, such as IS-IS).
It is therefore important to ensure that OSPF is working properly before configuring iBGP in the step to
follow.
149
View the topology diagram to become familiar with the devices and interfaces used in this
exercise. Internal BGP will be configured ONLY between S2 and S3, as indicated by the green
line between them in the diagram.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
.1
S1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
.2
.6
.25
S2
FortyGigE 0/48
Router-id
192.168.19.2
Lo0 192.168.19.2/32
Step 3.2:
FortyGigE 0/60
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
150
Step 3.3:
151
Step 3.4:
On S2 and S3 issue the show ip bgp neighbors command. Observe the neighbor address and
confirm that it is correct. Notice also the AS number of the neighbor. Although it is listed as
remote AS, the neighbor is in the SAME AS, as indicated by the output internal link, following
the AS number. Confirm that the BGP state is ESTABLISHED.
Output on S2:
-output abbreviated-
Output on S3:
- output abbreviated -
152
View the topology diagram to become familiar with the devices and interfaces used in this
exercise. External BGP will be configured between S1 and S2, and between S1 and S3, as
indicated by the green lines shown in the diagram.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
.1
S1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
.2
.6
.25
S2
FortyGigE 0/48
Router-id
192.168.19.2
Lo0 192.168.19.2/32
Step 4.2:
FortyGigE 0/60
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
Configure S2 and S3 as External BGP peers with S1. Note that now the remote-AS number will
in fact be different since S1 is in a different AS AS 64510. The network command specifies
the networks between S2 and S1 and between S3 and S1. The neighbor command specifies
the PHYSICAL addresses used for peering with S1.
EBGP Configuration for S2 to peer with S1:
153
Step 4.3:
Configure S1 as an External BGP peer with S2 and S3. Again, note that switches are peering
with PHYSICAL addresses for eBGP.
Since S2 and S3 have already been configured, notice that as you complete the eBGP
configuration on S1 to peer with S2 and S3, you will see the adjacency state changed to UP.
On all three switches, issue the command show ip bgp neighbors and observe the output.
Notice that S1 has two neighbors (S2 and S3) in other ASs, and therefore each neighbor will be
shown as an external link. S2 and S3 will both have one internal link (to each other) and one
external link (to S1). Again, be sure that the BGP state is ESTABLISHED.
154
- output truncated
-output abbreviated
Neighbor
AS
192.168.1.1
64510
192.168.19.3
64530
155
Step 4.6:
On all three switches, issue the show ip route bgp command to see routes learned via BGP. In
all three cases, the network shown will be the one the switch is not directly connected to.
On S1, network 192.168.1.24/30 is learned via External BGP (B EX), advertised by S2 (192.168.1.2).
On S2, network 192.168.1.4/30 is learned via Internal BGP (B IN), advertised by S3 (192.168.19.3).
On S3, network 192.168.1.0/30 is learned via Internal BGP (B IN), advertised by S2 (192.168.19.2).
Step 4.7:
Device
S1
S2
S3
Refer to the table and configure the one static route indicated, and then redistribute the route
with the command redistribute static into BGP.
156
Step 4.8:
On all three switches, issue the show ip route bgp command. On each switch, you should see
the routes redistributed into BGP in the previous step, in addition to the destinations you saw in
the routing table in Step 4.6. You will not see the static route for the switch you are on advertised
via BGP due to the lower administrative distance for static routes compared with BGP learned
routes.
Gateway
-----------
-------
B EX 144.254.32.0/24
via 192.168.1.2
B EX 144.254.33.0/24
via 192.168.1.6
B EX 192.168.1.24/30
S2# show ip route bgp
via 192.168.1.2
Destination
Gateway
-----------
-------
B EX 144.254.31.0/24
via 192.168.1.1
B IN 144.254.33.0/24
via 192.168.19.3
B IN 192.168.1.4/30
S3# show ip route bgp
via 192.168.19.3
Destination
Gateway
-----------
-------
B EX 144.254.31.0/24
via 192.168.1.5
B IN 144.254.32.0/24
via 192.168.19.2
B IN 192.168.1.0/30
via 192.168.19.2
157
Configuration and verification of IPv6 addressing on both Dell S-series switches and Dell N-series
switches.
Configuration and verification of an OSPFv3 single-area network on both Dell S-series switches and
Dell N-series switches.
Purpose:
When to Use:
This lab includes configuration and verification of basic switch parameters that are
commonly used to deploy an OSPFv3 network.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7) and one Dell Networking N-series
switch (DNOS v6.2)
158
Step 1.1:
Examine the topology diagram below to become familiar with the devices and interfaces you
will configure in this step. Shown are the IPv6 networks connecting switches and the
addresses for the physical interfaces for S2 and S3, and for the VLAN interfaces for N1. Also
shown is the network and associated addressing for the link connecting N1 to PC1.
For example, the network between S2 and S3 is 2001:db8:face::/64, and the interface address
for S2s FortyGigE 0/48 interface for that network is 2001:db8:face::1/64.
IPv6 Topology
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
AN
L
V
VLAN 102
2001:db8:beef::/64
Te 1/1/3
S3
:db
01
0
2
2
2
N1
/64
e::
b
a
8:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
Step 1.2:
Enable IPv6 routing functionality with the ipv6 unicast-routing command on S2 and S3.
This is a global configuration setting.
Step 1.3:
Using the topology diagram and/or the table below for reference, assign IPv6 addresses to
physical interfaces on S2 and S3.
159
Note you DO NOT have to configure VLANs on the S-series side of the link connecting to
N-series switches.
Physical Interface(s)
FortyGigE 0/48
IPv6 Address
2001:db8:face::1/64
S2
S3
S3
Te 0/47
FortyGigE 0/48
Te 0/46
2001:db8:beef::1/64
2001:db8:face::2/64
2001:db8:babe::1/64
The configuration on S2 for Steps 1.2 and 1.3 is provided here as an example. You will need to
also configure S3.
Step 1.4:
Step 1.5:
Enable IPv6 routing functionality with the ipv6 unicast-routing command on N1.
This is a global configuration setting.
Step 1.6:
Using the topology diagram and/or the table below for reference, assign IPv6 addresses to
N1s VLAN interfaces.
160
Addressing for N1
Device
N1
N1
N1
VLAN Interface
102
105
88
Physical Interface(s)
Te 1/1/3
Te 1/1/4
Te 1/0/1
IPv6 Address
2001:db8:beef::2/64
2001:db8:babe::2/64
2001:DB8:cafe::1/64
N1(config)# vlan 88
N1(config)# interface tengigabitethernet 1/0/1
N1(config-if-Te1/0/1)# switchport access vlan 88
N1(config)# ipv6 unicast-routing
N1(config)# interface vlan 102
N1(config-if-vlan102)# ipv6 enable
N1(config-if-vlan102)# ipv6 address 2001:db8:beef::2/64
N1(config-if-vlan102)# interface vlan 105
N1(config-if-vlan105)#
ipv6 enable
Do
show run
N1(config-if-vlan105)# ipv6 address 2001:db8:babe::2/64
N1(config-if-vlan105) #interface vlan 88
N1(config-if-vlan88)# ipv6 enable
N1(config-if-vlan88)# ipv6 address 2001:db8:cafe::1/64
Step 1.7:
161
Step 1.8:
Verify connectivity between switches on the links you have just configured by pinging the
addresses you have assigned to S2, S3, and N1.
Ping S3 from S2
Ping S2 from N1
Ping S3 from N1
Note the difference between pinging IPv6 addresses on S-series (with ping command) versus
pinging IPv6 addresses on N-series (with ping ipv6 command). Examples are shown below.
Step 1.9:
From N1, verify connectivity between N1 and PC1 by pinging PC1s IPv6 address, as shown
here:
162
On N1, issue the show ipv6 route command to examine the IPv6 routing table.
2001:db8:babe::/64 [0/0]
via ::, Vl105
2001:db8:beef::/64 [0/0]
via ::, Vl102
2001:db8:cafe::/64 [0/0]
via ::, Vl88
You should see the three active links over the three directly connected IPv6 networks (show in
green in the diagram below).
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
VL
ab
VLAN 102
2001:db8:beef::/64
Te 1/1/3
8
:db
01
20
2
2
N1
Step 1.11:
S3
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
On N1, Issue the show ip route command to examine the IPv4 routing table. This, combined
with Step 1.10 demonstrates the dual-stack (IPv4 and IPv6) protocols operational on the
switches.
You should see in your IPv4 routing table the five directly connected links configured in Lab 2.
You should also see your loopback address (192.168.19.4/32), also shown as a connected
network.
163
S2
.9
Te 0/46
.21
Te 0/47
5
10 /30
0
AN
VL 8.1.2
6
2.1
9
1
VLAN 102
192.168.1.8/30
.10
Te 1/1/3
.22
Te 1/1/4
Te 1/0/7
.29
Lo0
192.168.19.4/32
N1
.33
S3
.45
Te 1/0/4
VLAN 107
192.168.1.32/30
VLAN 106
192.168.1.28/30
Te 1/0/7
.30
N2
Te 1/0/5
19 VLAN
2.1
68 110
.1.
44
/30
.34 Gi 1/0/4
.46
Gi 1/0/5
N3
N4
164
Examine the topology diagram showing the network you will create in this exercise. In addition
to the IPv6 routed protocol you configured in Exercise 1, you will now configure the OSPFv3
dynamic link-state routing protocol. This will allow each switch to have knowledge of how to
reach IPv6 networks not directly connected to the switch.
For example, although S2 is not directly connected to networks 2001:db8:babe::/64 and
2001:db8:cafe::/64, the OSPFv3 protocol will allow S2 to learn about and install these
networks in its IPv6 routing table and therefore be aware of these networks and the path to
reach them.
OSPFv3 Topology
OSPFv3 Area 0
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
VLAN 102
V
2001:db8:beef::/64
Te 1/1/3
b
1:d
0
20
2
2
N1
5
10
N
LA
4
::/6
e
ab
8:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
2001:DB8:cafe::/64
165
PC1
S3
Step 2.2:
On S2 and S3, enter router configuration mode for IPv6, specifying a process id of 1. Configure
S2 with a router ID of 192.168.19.2. Configure S3 with a router ID of 192.168.19.3. The
configuration for S2 is shown here:
Step 2.3:
Referring to the topology diagram from Step 1.1, configure the physical interfaces on S2 and
S3 to participate in the OSPFv3 process 1 in area 0. The configuration for S2 is shown here:
Step 2.4:
Step 2.5:
Refer to the topology diagram from Step 1.1. On N1, configure VLAN interfaces 102 and 105 to
participate in the OSPFv3 process in area 0. The configuration for N1 is shown here:
166
Step 2.6:
From each switch, verify that OSPF adjacencies have been formed with the other two
switches. On both S-series and N-series, this is done using the show ipv6 ospf neighbor
command.
Priority
Intf
ID
----1054596
1054468
---------------- -------192.168.19.2
1
192.168.19.3
1
Interface
State
Dead
Time
---34
34
----------- ---------------Vl102
Full/BACKUP-DR
Vl105
Full/DR
Dead Time
00:00:39
00:00:39
Interface ID Interface
947
Te 0/47
1054725
Fo 0/48
Dead Time
00:00:35
00:00:31
Interface ID Interface
948
Te 0/46
1054725
Fo 0/48
BDR
DR
Router ID
192.168.19.2
S2
Te 0/47
Te 0/46
DR
5
10
AN
VL
2001:db8:beef::/64
Te 1/1/3
8
:db
01
20
2
2
DR
4
::/6
be
:ba
Te 1/1/4
BDR
N1
S3
VLAN 102
Router ID
192.168.19.3
2
2001:db8:face::/64
BDR
Router ID
192.168.19.4
FortyGigE 0/48
FortyGigE 0/48
1
Te 1/0/1
VLAN 88
2001:DB8:cafe::/64
167
PC1
Viewing the output above, focus on the State column. You should see a FULL neighbor state
between switches. Additionally, you will see the role the other switch is performing either
Designated Router (DR) or Backup Designated Router (BDR).
For now, the most important thing to note is that each switch has a FULL adjacency state
formed with each neighbor. It is possible that the DR/BDR roles will be different for the output
on your switches.
Lab Note
The configured Router ID (shown as Neighbor ID) appears to be an IPv4 address. Although in Lab 2, we did
configure our Router IDs to match the IPv4 loopback address of each switch, this is actually optional. The
Router ID should be expressed in a four-octet dotted decimal format. Many administrators configure the
Router ID to match loopback addresses. Others use a numbering scheme such as 1.1.1.1 for Router 1 and
2.2.2.2 for Router 2, for example.
Step 2.7:
Using the show ipv6 route command, view the IPv6 routing table on N1. When you viewed the
routing table on N1 in Step 1.10, you saw the three directly connected links (shown in green).
You should now see installed in the routing table the network not directly connected to N1 the network between S2 and S3 (shown in blue), learned by OSPF.
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
VL
ab
VLAN 102
2001:db8:beef::/64
Te 1/1/3
8
:db
01
20
2
2
N1
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
2001:DB8:cafe::/64
168
PC1
S3
2001:db8:babe::/64 [0/0]
via ::, Vl105
2001:db8:beef::/64 [0/0]
via ::, Vl102
2001:db8:cafe::/64 [0/0]
via ::, Vl88
2001:db8:face::/64 [110/11]
via fe80::201:e8ff:fe8b:5d16, Vl102
via fe80::201:e8ff:fe8b:6574, Vl105
Step 2.8:
View the routing table on S2 to verify that OSPF-learned routes for non-directly-connected
networks are installed in the routing table.
169
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
b
VL
a
VLAN 102
2001:db8:beef::/64
Te 1/1/3
S3
8
:db
01
0
2
2
2
N1
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
One thing we do not see in S2s routing table, however, is knowledge of the network between
N1 and PC1.
To allow S2 to install network 2001:DB8:cafe::/64 as an OSPF-learned route, we will
redistribute this network into OSPF.
Step 2.9:
View the routing table on S2 to verify that OSPF-learned routes for non-directly-connected
networks are installed in the routing table.
170
Step 2.10:
Now view the routing table on S2 again to verify that network 2001:DB8:cafe::/64 has been
installed as an OSPF learned route.
171
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
b
VL
a
VLAN 102
2001:db8:beef::/64
Te 1/1/3
S3
8
:db
01
0
2
2
2
N1
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
Note that network 2001:DB8:cafe::/64 appears in S2s routing table as an external OSPF route.
This is because this network is not a native OSPF route. It is a non-native route that has been
injected/redistributed into OSPF. This is different from network 2001:db8:babe::/64, which is
learned as a native OSPF route.
172
Purpose:
When to Use:
The tasks completed in this lab demonstrate processes to follow when the desire is to
deploy VRF multi-tenancy on Dell Networking switches. The two scenarios configured
in this lab achieve similar results with respect to control and data plane isolation for
each VRF instance. There are, however, differences with respect to scope and approach
to achieving these results with the two different exercises to demonstrate deployment
varieties and options, including the use of overlapping/duplicate addressing used with
different VRF instances.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7) are used for Exercise 1. Four Dell
Networking N-series switches (DNOS v6.2) and two S-series switches are used for
Exercise 2.
173
Examine the diagram below to become familiar with the topology for this exercise. Shown are:
Switches to be configured (S2 and S3)
VRF instances (default, red, and blue)
VLANs mapped to each VRF instance
The port channel between switches
Addressing for the VLANs and multiple loopback interfaces
lo 1: 172.17.1.1/24
VLAN 200
100.1.1.1/24
VLAN 100
100.1.1.1/24
VLAN 20
10.1.1.1/24
VLAN 30
10.1.1.1/24
VLAN 10
10.1.1.1/24
S2
VRF Red
VLAN 300
100.1.1.1/24
VRF Default
lo 2: 192.168.1.1/24
lo 0: 172.16.1.1/24
Fo 0/48
Fo 0/52
PO 10
Fo 0/48
Fo 0/52
VRF Red
VRF Default
lo 0: 172.16.2.1/24
VLAN 100
100.1.1.2/24
VLAN 200
100.1.1.2/24
lo 2: 192.168.2.1/24
VLAN 10
10.1.1.2/24
VLAN 30
10.1.1.2/24
VLAN 20
10.1.1.2/24
S3
VRF Blue
lo 1: 172.17.2.1/24
174
VLAN 300
100.1.1.2/24
Lab Note
This exercise demonstrates multi-tenancy with VRF-lite with three tenants. Each color represents a different
tenant.
Each tenant has unique VLANs but all three use the same (overlapping) IP addresses on their respective
VLANs. This is possible since the three virtual routers associated with the three separate VRF instances do
not share routing information. OSPF is used to exchange routing information within VRFs only.
A single port-channel connection between S2 and S3 is used to carry traffic from all three tenants.
Step 1.2:
On both S2 and S3, create Port Channel 10 connecting the two switches. The example is
shown here on S2.
Step 1.3:
On S2 and S3, load the VRF CAM profile with the feature vrf command, and create two VRF
instances, VRF red 1 and VRF blue 2. The example is shown here on S2.
Note that there are three VRF instances used in this exercise, but one is the default instance, so
it does not need to be created.
175
Step 1.4:
On S2 and S3, add loopback interfaces to VRF instances and assign IP addresses to them. The
table below shows the IP addresses and VRF instances associated with the different loopback
interfaces on each device.
Device
S2
Loopback Interface
Lo 0
IP Address
172.16.1.1/24
VRF Instance
red
S2
Lo 1
172.17.1.1/24
blue
S2
S3
S3
Lo 2
Lo 0
Lo 1
192.168.1.1/24
172.16.2.1/24
172.17.2.1/24
default
red
blue
S3
Lo 2
192.168.2.1/24
default
Step 1.5:
On S2 and S3, place port-channel 10 in switchport mode. The example is shown here on S2.
Step 1.6:
On S2 and S3, create VLANs for the VRF instances and configure them to trunk over the portchannel. Refer to the table below to see the IP addresses and VRF instances to associate with
the VLANs on the two devices.
176
Device
S2
VLAN
10
IP Address
10.1.1.1/24
VRF Instance
red
S2
S2
S2
S2
S2
S3
S3
100
20
200
30
300
10
100
100.1.1.1/24
10.1.1.1/24
100.1.1.1/24
10.1.1.1/24
100.1.1.1/24
10.1.1.2/24
100.1.1.2/24
red
blue
blue
default
default
red
red
S3
S3
20
200
10.1.1.2/24
100.1.1.2/24
blue
blue
S3
S3
30
300
10.1.1.2/24
100.1.1.2/24
default
default
The example shows the VLAN configuration on S2 for VLANs 10 and 100, which are part of
VRF RED.
For VLANs 30 and 300 on both devices, the ip vrf forwarding command is not necessary
because these VLANs are part of the default VRF instance.
177
Step 1.7:
On S2 and S3, configure routing with OSPF using a single-area topology with area-id 0. Map
VRF instances to separate OSPF instances. The table below shows the OSPF process ID to
associate with each VRF instance for each device. Also shown are the Router IDs to use with
the different OSPF/VRF instances.
Device
S2
OSPF Process ID
1
VRF Instance
red
Router ID
100.1.1.10
S2
blue
100.1.1.20
S2
S3
S3
S3
3
1
2
3
default
red
blue
default
100.1.1.30
100.1.1.11
100.1.1.21
100.1.1.31
Use the network command to have VLAN and loopback interfaces included in the OSPF
process. Refer to Step 1.4 for loopback addressing and Step 1.6 for VLAN addressing. Recall
that this command indicates the subnet, and not the specific interface addresses. For example,
as seen in the example below, although the VLAN address on S2 for VLAN 10 is 10.1.1.1/24, the
network command specifies the subnet address of 10.1.1.0/24.
Note that the configuration of OSPF process 3 does not require specifying the VRF because
this process is used for the default VRF.
178
On S3, verify that OSPF adjacencies have been formed with S2 with the show ip ospf neighbor
command. This command will need to be issued separately for individual VRF instances. Focus
on having a FULL adjacency state with neighbor S2.
First, without specifying a VRF, the adjacency associated with the default VRF (only) is shown.
Pri
1
1
State
FULL/DR
FULL/DR
Dead Time
00:00:35
00:00:30
Address
10.1.1.1
100.1.1.1
Interface
Vl 30
Vl 300
Area
0
0
Interface
Vl 10
Vl 100
Area
0
0
Interface
Vl 20
Vl 200
Area
0
0
Next, view the adjacency state with neighbor S2 for VRF instance RED.
Pri
1
1
State
FULL/DR
FULL/DR
Now, view the adjacency state with neighbor S2 for VRF instance BLUE.
Step 1.9:
Pri
1
1
State
FULL/DR
FULL/DR
Dead Time
00:00:38
00:00:31
Address
10.1.1.1
100.1.1.1
On S3, view the routing table for the Default, Red, and Blue VRF instances. Note that the VRF
routing tables have some overlapping subnet entries.
First view the routing table for the DEFAULT VRF instance.
Gateway
------Direct, Vl 30
Direct, Vl 300
179
Dist/Metric
----------0/0
0/0
Last Change
----------01:24:56
01:24:07
Here, you should see the loopback address of S2s Lo 2 interface (DEFAULT VRF) learned via
OSPF.
Next, view the routing table for the RED VRF instance.
Gateway
------Direct, Vl 10
Direct, Vl 100
via 10.1.1.1, Vl 10
via 100.1.1.1, Vl 100
Direct, Lo 0
172.16.2.0/24
Dist/Metric
----------- 0/0
0/0
110/1
Last Change
---------01:33:20
01:32:16
01:19:10
0/0
01:36:38
Here, you should see the loopback address of S2s Lo 0 interface (RED VRF) learned via OSPF.
Next, view the routing table for the BLUE VRF instance.
172.17.2.0/24
Gateway
------Direct, Vl 20
Direct, Vl 200
via 10.1.1.1, Vl 20
via 100.1.1.1, Vl 200
Direct, Lo 1
Dist/Metric
----------0/0
0/0
110/1
Last Change
----------01:30:18
01:29:08
01:11:38
0/0
01:36:31
Here, you should see the loopback address of S2s Lo 1 interface (BLUE VRF) learned via OSPF.
180
Step 1.10:
On S3, issue the show ip interface brief vlan command to observe the overlapping IP
addresses on different VLANs on the switch.
OK
YES
Method
Manual
Status
up
Protocol
up
OK
YES
Method
Manual
Status
up
Protocol
up
OK
YES
Method
Manual
Status
up
Protocol
up
OK
YES
Method
Manual
Status
up
Protocol
up
OK
YES
Method
Manual
Status
up
Protocol
up
OK
YES
Method
Manual
Status
up
Protocol
up
Step 1.11:
On S3, test connectivity with the ping command for each VRF by pinging the three loopback
interfaces associated with the three different VRF instances on S2.
The normal ping command will work for the DEFAULT VRFs loopback address.
181
For VRF RED and VRF BLUE, specify the VRF, the IP address of the loopback address for the
VRF on S2, and the source IP loopback address on S3. An example is shown below.
182
Examine the topology diagram to become familiar with the topology for this exercise.
VRF
brancha
Branch A
S2
VRF
branchb
Central
Office
.2
Branch B
S3
.2
Te 0/46
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
Te 1/1/4
.1
.1
N1
VLAN 20
192.168.20.0/24
VR1 VR2
.1
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
Te 1/0/8
.2
.2
N2
VLAN 11
192.168.11.0/24
.1
VR3 VR4
Te 1/0/5
Te 1/0/4
.1
VLAN 21
192.168.21.0/24
Gi 1/0/4
Gi 1/0/5
.2
.2
N3
N4
183
Step 2.2:
Step 2.3:
For this step and Step 2.4, you will be challenged to use the knowledge and skills you have
developed in previous labs and Exercise 1 of this lab. Provided are configuration output
snippets showing configuration parameters that should exist on the central office and branch
switches once you have configured them.
Refer to the following topology diagrams and configuration snippets to configure your
switches in accordance with the working solution they illustrate.
You should be able to determine from the configuration snippets provided if the command
should be entered as a global configuration command [N1(config)#] or under a more specific
configuration mode [for example, N1(config-if-Te1/0/7)#, N1(config-if-vlan10)#, N1(configvrf-brancha)#, N1(Config-router-vrf-brancha)#, etc.)
If you have any questions or do not fully understand what is expected, please ask your
instructor to clarify the expectations.
184
Branch A
S2
Central
Office
.2
vlan 10,12
VRF
branchb
Branch B
S3
.2
interface Te1/1/3
switchport access vlan 10
Te 0/46
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
Te 1/1/4
.1
.1
N1
ip vrf brancha
ip routing
VLAN 20
192.168.20.0/24
VR1 VR2
.1
interface Te1/0/7
switchport access vlan 12
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
Te 1/0/8
.2
.2
interface vlan 12
ip vrf forwarding brancha
ip address 192.168.12.1 /24
ip ospf area 0
N2
VLAN 11
192.168.11.0/24
.1
VR3 VR4
Te 1/0/5
Te 1/0/4
.1
VLAN 21
192.168.21.0/24
Gi 1/0/4
Gi 1/0/5
.2
.2
N3
N4
vlan 20,22
interface Te1/0/8
switchport access vlan 22
interface Te1/1/4
switchport access vlan 20
ip routing
router ospf vrf brancha
router-id 192.168.0.253
network 192.168.0.0 0.0.0.255 area 0
redistribute connected
enable
ip vrf branchb
ip routing
interface vlan 20
ip vrf forwarding branchb
ip address 192.168.20.1 /24
ip ospf area 0
interface vlan 10
ip vrf forwarding brancha
ip address 192.168.10.1 /24
ip ospf area 0
interface vlan 22
ip vrf forwarding branchb
ip address 192.168.22.1 /24
ip ospf area 0
185
Branch A
S2
Central
Office
.2
vlan 11,12
VRF
branchb
Branch B
S3
.2
Te 0/46
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
.1
.1
N1
VLAN 20
192.168.20.0/24
ip vrf brancha
ip routing
VR1 VR2
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
Te 1/0/8
.2
.2
N2
VLAN 11
192.168.11.0/24
VR3
.1
Te 1/0/5
interface Te1/0/7
switchport access vlan 12
Te 1/1/4
.1
interface Te1/0/5
switchport access vlan 11
VR4
Te 1/0/4
.1
interface vlan 11
ip vrf forwarding brancha
ip address 192.168.11.1 /24
ip ospf area 0
interface vlan 12
ip vrf forwarding brancha
ip address 192.168.12.2 /24
ip ospf area 0
VLAN 21
192.168.21.0/24
Gi 1/0/4
Gi 1/0/5
.2
.2
N3
N4
interface Te1/0/8
switchport access vlan 22
ip vrf branchb
ip routing
interface vlan 21
ip vrf forwarding branchb
ip address 192.168.21.1 /24
ip ospf area 0
interface vlan 22
ip vrf forwarding branchb
ip address 192.168.22.2 /24
ip ospf area 0
186
VRF
brancha
Branch A
S2
VRF
branchb
Central
Office
.2
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
Branch B
S3
.2
Te 0/46
Te 1/1/4
.1
.1
N1
VLAN 20
192.168.20.0/24
VR1 VR2
.1
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
Te 1/0/8
.2
.2
N2
VLAN 11
192.168.11.0/24
.1
VR3
Te 1/0/5
VR4
.1
Te 1/0/4
VLAN 21
192.168.21.0/24
Gi 1/0/5
Gi 1/0/4
.2
.2
N3
N4
vlan 11
interface vlan 11
ip address 192.168.11.2 /24
interface vlan 21
ip address 192.168.21.2 /24
interface Gi 1/0/5
switchport access vlan 11
interface Gi 1/0/4
switchport access vlan 21
ip default-gateway 192.168.11.1
ip default-gateway 192.168.21.1
187
Step 2.4:
Although not included in the configuration snippets provided above (which focus on the
necessary configuration on switches to achieve VRF-lite functionality), recall from prior labs
that depending on the specific topology it is necessary on N-series to disable spanning tree
on certain interfaces to prevent port blocking in your routed environment.
As an example, shown below is a portion of the configuration on switch N4. Here, Gi 1/0/4 is
mapped to VLAN 21. Spanning tree is disabled on Gi 1/0/4, the physical interface (not on
interface VLAN 21).
Step 2.5:
On N3, verify that you can successfully ping the default gateway address on N2 that you
configured in the previous step.
Step 2.6:
0. time=
1. time=
2. time=
3. time=
2131 usec.
1254 usec.
1216 usec.
1170 usec.
On N4, verify that you can ping the default gateway address on N2.
0. time=
1. time=
2. time=
3. time=
2145 usec.
1220 usec.
1227 usec.
1205 usec.
188
Step 2.7:
On N3, verify that you can successfully ping S2s Te 0/47 interface (connected to N1) via N2
and N1.
Step 2.8:
0. time=
1. time=
2. time=
3. time=
1357 usec.
904 usec.
4687 usec.
876 usec.
On N4, verify that you can successfully ping S3s Te 0/46 interface (connected to N1) via N2
and N1.
Step 2.9:
0. time=
1. time=
2. time=
3. time=
1332 usec.
898 usec.
997 usec.
917 usec.
On N3, using the traceroute command, verify that the path from N3 to S2 traverses N2s VLAN
11 address and N1s VLAN 12 address (brancha VRF instance).
<1 ms <1 ms
<1 ms <1 ms
*
*
*
<1 ms
<1 ms
189
Step 2.10:
On N4, using the traceroute command, verify that the path from N4 to S3 traverses N2s VLAN
21 address and N1s VLAN 22 address (branchb VRF instance).
Step 2.11:
<1 ms <1 ms
<1 ms <1 ms
*
*
*
<1 ms
<1 ms
On N1, examine the routing table for the brancha VRF instance.
Step 2.12:
On N1, examine the routing table for the branchb VRF instance.
190
Step 2.13:
On N1, verify that OSPF adjacencies have been formed with N2 for both VRF instances.
Priority
---------------- -------192.168.0.251
1
IP Address
Interface
State
---------------Full/BACKUP-DR
Dead
Time
-----32
Priority
---------------192.168.0.250
-------1
IP Address
Interface
--------------- ----------192.168.22.2
Vl22
State
---------------Full/BACKUP-DR
Dead
Time
-----36
In addition to seeing a FULL adjacency state, you should see the router-ids you configured in
Step 2.3 and N2s VLAN interface addresses associated with the two different VRF instances.
Ensure that the adjacency state is FULL.
Step 2.14:
Interface
---------Vl10
Vl12
Vl20
Vl22
State
----Up
Up
Up
Up
IP Address
--------------192.168.10.1
192.168.12.1
192.168.20.1
192.168.22.1
IP Mask
--------------255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
Method
------Manual
Manual
Manual
Manual
Referring to the topology diagram, you should see the VLAN interfaces connected to S2 and
S3 (the two branch office switches) and the corresponding VRF instance membership. You
should also see the two VLAN interfaces connected to the other central office switch (N2) and
their corresponding VRF instances.
Step 2.15:
191
Purpose:
By completing this lab, you will perform the following tasks on your workstation:
1. Stacking with front panel user ports on S-series switches.
2. Stacking with front panel user ports on N-series switches.
When to Use:
Equipment:
Two Dell Networking S-series switches (DNOS v9.7) and two Dell Networking N-series
switches (DNOS v6.2).
Lab Note
With the Dell Networking OS stacking feature, depending on the switch model, you can interconnect
multiple switch units with dedicated stacking ports or front end user ports. The stack is manageable as a
single switch through the stack management unit.
For this lab, both the S-series and N-series switches used will be stacked with front end user ports. In both
cases, two switches will be used. One will serve as the management (master) unit, and the other will be the
standby unit, able to assume the role of the management unit in the event of failure of the initial master
device.
Among the benefits of stacking, demonstrating the ability to manage multiple switches from one
management unit is the primary focus of this lab. Refer to Dell documentation for more detailed
information on stacking specific switch models in more complex scenarios where using additional
configuration options may be desired.
192
View the topology diagram to become familiar with the devices and interfaces that will be used
for this exercise.
UNIT 0
MANAGEMENT
(MASTER)
DEVICE
S2
FortyGigE 0/48
FortyGigE 0/48
UNIT 1
STANDBY
DEVICE
Step 1.2:
S3
Verify that the Dell Networking OS version is the same on both switches. This is a requirment for
stacking.
On S2, issue the show system brief command and observe the output.
: 00:01:e8:d8:ed:6b
: normal-reload [Next boot : normal-reload]
193
Notice that the switch sees itself as the Management device in a stack of one unit with the
switch default settings. The default Unit number for the Management device is 0.
Issue the show system brief command on S3, and you will see similar output.
Step 1.4:
On S2, configure interface Fo 0/48 to support stacking. Interface Fo 0/48 corresponds with
stack-group 12. To actually change the port from normal Ethernet framing to support stacking,
the configuration must be saved (with the write memory command), and then the switch must
be reloaded (with the reload command).
After you reload S2, allow about 30 seconds to begin this step. Complete the same process on
S3 that you did for S2 in the previous step. Once S3 has fully reloaded, you will notice that it has
now adopted the name of the management device (S2) and is in standby mode to assume
mastership if S2 fails.
S3 prompt changed to S2(standby).
S2(standby)>
194
Step 1.6:
Now that S2 has assumed the management role for the stack, all commands should be issued
on S2. Recall, that this is the primary benefit of stacking being able to manage multiple
switches as if they were one device, from the management unit.
On S2 (the management device), issue the show system stack-ports command and observe the
output.
Notice that the output displays the interfaces connecting the two switches in the stack. Both
lines of output actually indicate the same connection, but from the perspective of the two
different physical switches (there is actually only one link connecting the two switches).
Interface 0/48 (on the management device, Unit 0) is connected to interface 1/48 (on the
standby device, Unit 1). Notice that interface 0/48 on the standby device has been renamed to
interface 1/48, since the standby device is now Unit 1.
Step 1.7:
On S2 (the management device), issue the show system brief command and observe the output.
: 00:01:e8:d8:ed:6b
: normal-reload [Next boot : normal-reload]
195
Step 1.8
On S2 (the management device), issue the show system stack-unit unit-id command for both
Unit 0 and Unit 1, and observe another way to verify unit roles and status.
: Management Unit
: online
: online
: S4810 - 52-port GE/TE/FG (SE)
: S4810 - 52-port GE/TE/FG (SE)
:0
: Standby Unit
: online
: online
: S4810 - 52-port GE/TE/FG (SE)
Current Type
196
View the topology diagram to become familiar with the devices and interfaces that will be used
for this exercise.
You will be stacking two N-4000 series switches, N1 and N2. The concept is the same as with
the previous exercise, but the procedure differs somewhat.
UNIT 0
MANAGEMENT
DEVICE
N1
Te 1/0/7
Te 1/0/7
UNIT 1
STANDBY
DEVICE
Step 2.2:
N2
On both N1 and N2, issue the show switch command and observe the output. Notice that the
default switch settings result in each device seeing itself as the Management switch in a stack
of one unit. Notice also that (different from S-series switches) the default switch ID number is 1.
SW
--1
Management
Status
---------Mgmt Sw
Standby
Preconfig Plugged-in
Status
Model ID
Model ID
--------- ------------- ------------N4032F
N4032F
197
Switch
Status
-----OK
Code
Version
------6.2.1.6
SW
--1
Step 2.3:
Management
Status
---------Mgmt Sw
Standby
Preconfig Plugged-in
Status
Model ID
Model ID
--------- ------------- ------------N4032F
N4032F
Switch
Status
-----OK
Code
Version
------6.2.1.6
On N1, view the additional options for the show switch command by appending a question
mark to the command.
Step 2.4:
On both N1 and N2, issue the show switch 1 command and observe the results. On both
switches, before stacking, the stack-member-number is the default, 1. The examle is shown on
N1, but you should see similar output on N2.
--output truncated--
198
Step 2.5:
On both N1 and N2, issue the show switch stack-standby command. Since the switches are
not yet stacked, both switches have a Management role, so there is no Standby unit at this
time.
On N1 and N2, observe the status and mode of interface Te 1/0/7, the interface on each
switch that will be used to connect the switches for stacking. The show interfaces status
command and the show switch stack-ports command can be used to verify the current status
and later to observe the changes in the output once a stack has been created. Currently, the
interface is supporting normal Ethernet framing and is not yet configured to support stacking.
Description
Duplex
Speed
Neg
Full
10000
Off
Up
On
Ethernet
Ethernet
Link Up
10
N1# configure
N1(config)# stack
N1(config-stack)# stack-port tengigabitethernet 1/0/7 stack
199
Disabled
Step 2.8:
Although you have configured Te 1/0/7 to support stacking in the previous exercise, to actually
change the port from normal Ethernet framing to now support stacking, the configuration must
be saved (with the copy running-config startup-config command), and then the switch must
be reloaded (with the reload command), as shown.
N1# reload
Are you sure you want to reload the stack? (y/n) y
Allow N1 to fully reboot before you continue.
Step 2.9:
After the swtich has fully reloaded, on N1, issue the show switch stack-ports command and
observe that now Te 1/0/7 is now configured for Stack Mode (it is no longer operating as a
normal Ethernet port).
200
Step 2.10:
N2# conf
N2(config)# stack
N2(config-stack)# stack-port tengigabitethernet 1/0/7 stack
N2(config-stack)# exit
Step 2.11:
On N2, change the default Unit number from 1 to 2 as shown. This will result in a message
indicating that a system reset is necessary to make the change. Answer y (yes) to initiate the
reboot.
Once N2 has fully reloaded, you should see the prompt displayed below, indicating that no
configuration is available on Unit 2. Recall that this is the primary advantage of stacking to be
able to manage multipe switches from the management device. Unit 1 (N1) is the management
(master) device, so entering commands on Unit 2 is not necessary (or allowed).
201
Step 2.13:
Now that you have successfully created a stack with the two switches, on N1, the
Management/Master switch, issue the show switch command and observe the output. You
should see that Unit 1 is the Management Switch and that Unit 2 is a Stack Member with a
Standby status.
Stack Mbr
Oper Stby
N4032F
N4032F
OK
202
6.2.1.6