Dell Networking Installation and Configuration Course Lab Guide v1b PDF

Dell Networking
Installation and Configuration

Student Lab Exercise Guide
Version: 1.1 Rev B
DELL NETWORKING INSTALLATION AND CONFIGURATION
Dell Confidential and Proprietary
This document (the Document) contains confidential information of Dell and embodies trade secret and
proprietary intellectual property of Dell. It is legally protected and shall not be copied, modified, reverse
engineered, published, disclosed, disseminated outside of Dell or otherwise used, in whole or in part, without
Dells written consent, provided, however, that you have the right to use the Document solely for your internal
use and solely as necessary for you to enjoy the benefit of Services under the applicable SOW (or other
agreement) you have entered into with Dell. Copyright 2015 by Dell Inc. The copyright notice does not imply
publication of this document or its contents.
Dell - Restricted - Confidential
TABLE OF CONTENTS
Lab 1: Lab Equipment Access ...........................................................................................5
Lab 2: VLAN Configuration and Verification ................................................................... 9
Exercise 1: Preliminary Configuration .................................................................................. 10
Exercise 2: Configuration and Verification of Port-based VLANs on N-Series Switches........... 13
Exercise 3: Verify End-to-End Connectivity Across VLANs ..................................................... 19
Exercise 4: Configuration and Verification of Port-based VLANs on S-Series Switches ........... 21
Lab 3: Spanning Tree Protocols .................................................................................... 26
Exercise 1: RSTP Configuration with S-Series Switches ......................................................... 27
Exercise 2: RSTP with N-series Switches.............................................................................. 31
Exercise 3: Integrated S-series & N-series RSTP.................................................................... 35
Exercise 4: Influence Root Bridge Selection with Priority Setting .......................................... 37
Exercise 5: RSTP Portfast and BPDU Filtering ....................................................................... 38
Exercise 6: Single Region MSTP with S-series and N-series Switches..................................... 41
Lab 4: Link Aggregation with Port Channels ................................................................ 50
Exercise 1: Static Port Channels on S-series Switches........................................................... 51
Exercise 2: Dynamic Link Aggregation with LACP on S-series Switches.................................. 56
Exercise 3: Static Port Channels on N-series Switches .......................................................... 58
Exercise 4: Dynamic Link Aggregation with LACP on N-series Switches ................................. 63
Lab 5: VLT and MLAG ..................................................................................................... 65
Exercise 1: VLT Configuration with S-Series Switches ........................................................... 66
Exercise 2: MLAG Configuration with N-series Switches ...................................................... 72
Lab 6: OSPFv2 Configuration and Verification ..............................................................77
Exercise 1: Pre-Lab Checklist ............................................................................................... 78
Exercise 2: OSPF Configuration and Verification on S-series Switches................................... 80
Exercise 3: OSPF Configuration and Verification on N-series Switches .................................. 92
Exercise 4: OSPF Interoperability Configuration and Verification Between N -series and S-series
Switches............................................................................................................................. 96
Lab 7: Policy-based Routing (PBR) ............................................................................... 101
Exercise 1: Configuration and Verification PBR on an S-series Switch ................................. 102
Exercise 2: Configuration and Verification PBR on an N-series Switch................................. 108
Lab 8: Virtual Router Redundancy Protocol (VRRP) ................................................... 115
Exercise 1: VRRP with S-series VRRP Group ....................................................................... 117
Exercise 2: VRRP with N-series VRRP Group....................................................................... 129
Lab 9: Border Gateway Protocol (BGP) .......................................................................143
Exercise 1: Configure and Verify IP Connectivity ................................................................ 144
Exercise 2: Configure and Verify OSPF in AS 64530 ............................................................ 147

Exercise 3: Internal BGP (iBGP) Configuration and Verification ........................................... 150
Exercise 4: External BGP (eBGP) Configuration and Verification ......................................... 153
Lab 10: IPv6 & OSPFv3 ..................................................................................................158
Exercise 1: IPv6 Addressing Configuration and Verification ................................................ 159
Exercise 2: OSPFv3 Configuration and Verification ............................................................. 165
Lab 11: Virtual Routing and Forwarding VRF-lite ..................................................... 173
Exercise 1: Configuration and Verification of VRF-lite on S-series switches ......................... 174
Exercise 2: Configuration and Verification of VRF-lite on N-series switches ........................ 183
Lab 12: Stacking Dell Networking Switches ................................................................192
Exercise 1: S-series Stacking with Front Panel User Ports ................................................... 193
Exercise 2: N4000 Series Stacking with Front Panel User Ports ........................................... 197
Lab 1: Lab Equipment Access

Lab Directions:
This lab introduces you to the hardware that will be used to complete the labs in this Lab Guide.
Purpose:
By completing this lab, you will perform the following tasks on your workstation:
1. Review the generic lab topology diagram showing the devices used in the
labs to follow, and their interconnectivity.
2. Test access to lab equipment.
When to Use:
For lab equipment access during this course.
Equipment:
Three Dell Networking S-series switches (DNOS v9.7), four Dell Networking N-series
switches (DNOS v6.2), and five PCs (Linux Ubuntu).
Step 1:
Examine the topology diagram. It provides a view of the network topology for each lab station.
Each course participant will have an entire station with seven switches and five PCs.
S1
S2
S3
N1
N2
N3
N4
PC1
PC2
PC3
PC4
PC5
Notice that there are seven switches. There are three S-series switches, with host names S1,
S2 and S3. There are four N-series switches, with host names N1, N2, N3 and N4. There are
five PCs: PC1 connected to N1; PC2 & PC3 connected to N3; and, PC4 & PC5 connected to
N4.
Lab Note
The lab hardware is on a private network that is only accessible from a Jump Server that has connectivity to
both the public and private networks.
In this exercise, you will log in to the remote Jump Server. Once logged in, you will now have access to the
private network.
Step 2:
Open https://rresvlab.us.dell.com page in your browser. Choose Round Rock and click Next.
Step 3:
Type in the username and password that was provided by your instructor and click Log in.
You will now see 8 Jump Servers listed (two per course participant station). Click on the one
that has been assigned to you by your instructor.
Step 4:
After logging onto the Jump Server. Double click on the Remote Desktop Manager icon on
your desktop. RDM is preconfigured to connect to the hardware in your station. The example
below should be similar to what you will see. If you do not see your devices, please notify the
instructor. The example shown is for Station 1.
Step 5:
Test each connection by double clicking each device in the menu. Once you have a
connection, use the Enter key to get a device prompt. You should see the host name for the
device. For example, for N1 you should see the prompt N1>.
At this point, we only want to ensure that you can connect to your devices. It isnt necessary to
perform any tasks on any device at this time.
If you are not able to connect to all devices in your station (seven switches and 3 PCs),
notify your instructor.
Notify the instructor you have completed Lab 1.

Please do not continue on to the next lab exercise until
directed by the instructor to do so.
Lab 2: VLAN Configuration and Verification

Lab Directions:
This lab guides the course participant through port-based VLAN configuration and verification.
Purpose:
1.
2.
3.
4.
Create VLANs.
Configure access ports for VLAN membership.
Configure trunks to carry traffic for multiple VLANs.
Verify end-to-end connectivity across VLANs.
When to Use:
When creating VLANs with Dell Networking S-series and N-series switches.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7), and four Dell Networking Nseries switches (DNOS v6.2).
Exercise 1: Preliminary Configuration

Step 1.1:
View the topology diagram to become familiar with the devices and interfaces used in the initial
exercises of this lab.
Te 1/0/7
N1
VLAN 1
Te 1/0/7
N2
Te 1/0/5
Te 1/0/5
Te 1/0/4
Te 1/0/4
VLAN 1
VLAN 1
VL
AN
1
N1
LA
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
PC2
192.168.10.19/24
Step 1.2:
Gi 1/0/2
Gi 1/0/1
PC3
PC4
192.168.12.10/24
192.168.10.20/24
N4
Gi 1/0/2
PC5
192.168.12.11/24
On N2, N3, and N4, disable all interfaces with the shutdown command. Then, refer to the
topology diagram and use the no shutdown command to enable only the interfaces needed
for this exercise. Use the interface range command to configure multiple interfaces at one
time.
On N2, enable only interfaces Te 1/0/4 and Te 1/0/5.
N2(config)# interface range tengigabitethernet all

N2(config-if)# shutdown
N2(config-if)# interface range tengigabitethernet 1/0/4-5
N2(config-if)# no shutdown
On N3, enable only interfaces Gi 1/0/1, Gi 1/0/2, and Gi 1/0/5.
10

N3(config)# interface range gigabitethernet all
N3(config-if)# interface range gigabitethernet 1/0/1-2,gi1/0/5
On N4, enable only interfaces Gi 1/0/1, Gi 1/0/2, and Gi 1/0/4.

N4(config-if)# interface range gigabitethernet 1/0/2,gi1/0/4
Note that N2s interfaces are Ten Gigabit Ethernet, but N3 and N4 have Gigabit Ethernet
interfaces.
Step 1.3:
On N2, N3, and N4, issue the show interfaces status command to verify that (only) the interfaces
enabled in the previous step have an UP link state. The example output is from N2. On N3 and
N4, you should see three interfaces up.
N2(config-if)# do show interfaces status

Port
Description
VLAN
Duplex
--------- --------------- -----Te1/0/1

N/A
Te1/0/2
N/A
Te1/0/3
N/A
Te1/0/4
Full
Te1/0/5
Full
Te1/0/6
N/A
Speed
Neg
Link
Flow M
State
Ctrl
------- ---- ------ ----- -- -----------------Unknown
Unknown
Unknown
1000
1000
Unknown
11
Auto
Auto
Auto
Auto
Auto
Auto
Down
Down
Down
Up
Up
Down
Off
Off
Off
On
On
Off
A
A
A
A
A
A
1
1
1
1
1
1
Note that all interfaces remain members of the Default VLAN 1 (until configured to become
members of other VLANs).
Step 1.4:
On N2, N3, and N4 view the running configuration for the interfaces enabled in Step 1.2. The
example output is from N2.
N2# show running-config interface tengigabitethernet 1/0/4

N2# show running-config interface tengigabitethernet 1/0/5
Note that there is no output when you issue the command to view the configuration of these
interfaces that are in an UP state because interfaces are enabled by default on N-series switches.
They therefore appear un-configured.
Step 1.5:
On N2, N3, and N4 issue the show vlan command. An example is shown here on N2:
N2# show vlan

VLAN Name
----- --------------1
default
Ports
------------Po1-128,
Te1/0/1-24,
Te1/1/1-4
Type
-------------Default
The verification commands confirm that all interfaces are members of VLAN 1, the Default VLAN,
as part of the switch factory default configuration. In this lab, you will create custom (nondefault) VLANs and configure interfaces to be members of the VLANs you create.
12

Exercise 2: Configuration and Verification of Port-based VLANs on N-Series Switches
Step 2.1:
Device
N3
N3
N4
N4
Create VLANs on N3 and N4, referring to the table for VLAN numbering and names .
VLAN
10
12
10
12
VLAN Name
Engineering
Marketing
Engineering
Marketing
The example is shown on N3. Be sure to also configure both VLANs on N4.
N3(config)# vlan 10
N3(config-vlan10)# name Engineering
N3(config-vlan10)# vlan 12
N3(config-vlan12)# name Marketing
Step 2.2:
On N3 and N4, issue the show vlan command to verify the creation of the VLANs you created
in the previous step. Notice that at this time, there are no member ports/interfaces in these
newly created VLANs.
N3(config-vlan12)# do show vlan

VLAN Name
----- --------------1
default
10 Engineering
12 2.3
Marketing
Step
Ports
Type
----------- --------Po1-128,
Default
Gi1/0/1-24,
Te1/0/1-2
Static
Static
13
Refer to the table and the diagram. On N3 and N4, configure the specified interfaces as access
ports with membership in the designated VLANs.
Device
N3
N3
N4
N4
VLAN
10
12
10
12
Description
Engineering
Marketing
Engineering
Marketing
Te 1/0/7
N1
Physical Interface
Gi 1/0/1
Gi 1/0/2
Gi 1/0/1
Gi 1/0/2
VLAN 1
Te 1/0/7
Te 1/0/5
N2
Te 1/0/5
Te 1/0/4
Te 1/0/4
VLAN 1
VLAN 1
VL
AN
1
N1
LA
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
Gi 1/0/2
VLAN 10
Gi 1/0/1
VLAN 12
PC2
192.168.10.19/24
Gi 1/0/2
VLAN 10
PC3
VLAN 12
PC4
192.168.12.10/24
192.168.10.20/24
The example is shown on N3. Be sure to also configure N4.
N3(config)# interface gigabitethernet 1/0/1

N3(config-if-Gi1/0/1)# switchport access vlan 10
N3(config-if-Gi1/0/1)# interface gigabitethernet 1/0/2
N3(config-if-Gi1/0/2)# switchport access vlan 12
N4
14
PC5
192.168.12.11/24

Step 2.3:
On N3 and N4, issue the show vlan command to verify port membership configured in the
previous step.
N3(config-if-Gi1/0/2)# do show vlan

VLAN Name
----- --------------1
default
10
Engineering
Ports
------------Po1-128,
Gi1/0/3-24,
Te1/0/1-2
Gi1/0/1
12
Marketing
Gi1/0/2
Step 2.4:
Type
-------------Default
Static
Static
Refer to the diagram. On N3, configure interface Gi 1/0/5 as a trunk port. On N4, configure
interface Gi 1/0/4 as a trunk port.
Te 1/0/7
N1
VLAN 1
N2
Te 1/0/5
Te 1/0/5
Te 1/0/4
AN
VL
VLAN 1
Te 1/0/7
Te 1/0/4
nk
u
r
T
VLAN
Trunk
VL
AN
1
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
Gi 1/0/2
VLAN 10
Gi 1/0/1
VLAN 12
PC2
192.168.10.19/24
Gi 1/0/2
VLAN 10
PC3
VLAN 12
PC4
192.168.12.10/24
192.168.10.20/24
N3 Configuration:

N3(config-if-Gi1/0/5)# switchport mode trunk
N4
15
PC5
192.168.12.11/24
N4 Configuration:

N4(config-if-Gi1/0/4)# switchport mode trunk
Step 2.5:
Refer to the diagram. On N2, configure VLAN 10 and VLAN 12, and configure interfaces Te 1/0/4
and Te 1/0/5 as trunk ports.
N2(config)# vlan 10,12
N2(config)# interface range tengigabitethernet 1/0/4-5

N2(config-if)# switchport mode trunk
Step 2.6:
On N3 and N4, issue the show vlan command to verify port membership in accordance with
your configuration. Note that on N3, Gi 1/0/5 is a trunk port since it is carrying traffic for multiple
VLANs. On N4, Gi 1/0/4 is the trunk port.
N3# show vlan

VLAN Name
----- --------------1
default
10
Engineering
12
Marketing
Ports
------------Po1-128,
Gi1/0/3-24,
Te1/0/1-2
Gi1/0/1,
Gi1/0/5
Gi1/0/2,
Gi1/0/5
Type
-------------Default
Static
Static
16

Step 2.7:
On N2, issue the show vlan command to verify port membership in accordance with your
configuration. Note that both Te 1/0/4 and Te 1/0/5 are both trunk ports as they send and
receive frames from both VLAN 10 and VLAN 12.
N2# show vlan

VLAN Name
----- --------------1
default
10
12
VLAN0010
VLAN0012
Step 2.8:
Ports
------------Po1-128,
Te1/0/1-24,
Te1/1/1-4
Te1/0/4-5
Te1/0/4-5
Type
-------------Default
Static
Static
On N3, issue the show interfaces status command for Gi 1/0/1, Gi 1/0/2, and Gi 1/0/5.
N3# show interfaces status gigabitethernet 1/0/1

Port
Description
Duplex
Speed Neg
Link Flow M VLAN

State Ctrl
--------- --------------- ------ ------- ---- ------ ----- -- ------------------Gi1/0/1
Full
1000 Auto
Up On
A 10
Port
Description
Duplex
Speed Neg
Link Flow M
VLAN
State Ctrl
--------- --------------- ------ ------- ---- ------ ----- -- ------------------Gi1/0/2
Full
1000 Auto
Up On
A 12
Port
Description
Link Flow M
VLAN
State Ctrl
--------- --------------- ------ ------- ---- ------ ----- -- ------------------Gi1/0/5
Duplex
Speed Neg
Full
1000
Auto
Up
On
T (1),2-4096
Notice that the show interfaces status command verifies that interfaces Gi 1/0/1 and Gi 1/0/2
are in access port mode (A) and Gi 1/0/5 is in trunk port mode (T).
17
On N2, verify the interface status of Te 1/0/4 and Te 1/0/5. You should see that both interfaces
are in trunk mode.
On N4, verify the interface status of Gi 1/0/1, Gi 1/0/2, and Gi 1/0/4. As with N3, you should see
two ports (Gi 1/0/1, Gi 1/0/2) in access mode and one port (Gi 1/0/4) in trunk mode.
18

Exercise 3: Verify End-to-End Connectivity Across VLANs
Step 3.1:
View the topology diagram, focusing on the four PCs in your network topology. Notice which
switch they are connected to and the VLAN membership of the connecting port.
Te 1/0/7
N1
VLAN 1
N2
Te 1/0/5
Te 1/0/5
Te 1/0/4
AN
VL
VLAN 1
Te 1/0/7
Te 1/0/4
nk
Tr u
VLAN
Trunk
VL
AN
1
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
Gi 1/0/1
N3
Gi 1/0/2
VLAN 10
VLAN 12
PC2
192.168.10.19/24
Step 3.2:
Gi 1/0/1
N4
Gi 1/0/2
VLAN 10
PC3
VLAN 12
PC4
192.168.12.10/24
192.168.10.20/24
PC5
192.168.12.11/24
On all four PCs (PC2, PC3, PC4, and PC5) verify that the IP address assigned to interface eth0 is
the address shown in the table below.
Device
PC2
PC3
PC4
PC5
IP Address / Mask
192.168.10.19 255.255.255.0
192.168.12.10 255.255.255.0
192.168.10.20 255.255.255.0
192.168.12.11 255.255.255.0
Issue the ifconfig eth0 command to see the IP address (inet addr). Also verify that the mask is
correct (255.255.255.0).
If the address on any or all of the PCs is not present or not correct, configure the address to
what it should be.
19
To configure the IP address on the PCs, use the sudo ifconfig eth0 <address> netmask <mask>
command. The [sudo] password is Passw0rd. Once you have issued the sudo password, it is not
necessary to repeat the command to set the IP address.
If it was necessary for you to change the IP address on the station, verify with the ifconfig eth0
command that the change has been made.
Step 3.3:
Using the ping command, test connectivity between PC2 and PC4 (VLAN 10), and between PC3
and PC5 (VLAN 12).
From PC2, ping PC4 (CTRL + C to stop the continuous ping).
From PC3, ping PC5.
20

Exercise 4: Configuration and Verification of Port-based VLANs on S-Series Switches
Step 4.1:
Examine the topology diagram for this exercise.
Fo 0/48
VLAN 101
Fo 0/48
Trunk
VLAN 123
S2
Te 0/47
VLAN 101
S3
Te 0/46
Te 0/46
Te 0/47
VLAN 123
VLAN 123
VLAN 101
On both S2 and S3, interfaces Te 0/46 and Te 0/47 are connected to N-series switches, N1 and
N2. Although these are inter-switch links, for this exercise, the links will simulate links to hosts.
Te 0/46 and Te 0/47 will therefore be configured as access ports with membership in the VLANs
shown. Between S2 and S3 will be a trunk that will carry traffic from both VLANs. Fo 0/48 will
therefore be configured as trunk ports on both switches.
Step 4.2:
On N1 and N2, ensure that interfaces Te 1/1/3 and Te 1/1/4 are UP. The example is shown on
N1, but be sure to complete the step on N2 also.

Although not shown in the topology diagram, N1 and N2 are connected to both S2 and S3 to
simulate host networks.
Step 4.3:
On S2, issue the show vlan command and examine the output.
S2# show vlan

-- output abbreviated -Codes: * - Default VLAN
NUM
* 1
Status
Description
Inactive
21
Ports
Notice that VLAN 1, the default VLAN, is inactive and has no member ports.
Step 4.4:
On S2, configure Te 0/46 and Te 0/47 for Layer 2 functionality with the switchport command.
S2(conf)# interface range tengigabitethernet 0/46-47

S2(conf-if-range-te-0/46-47)# switchport
Step 4.5:
On S2, issue the show vlan command and examine the output.
S2(conf-if-range-te-0/46-47)# do show vlan

NUM
* 1
Status
Description
Inactive
Ports
Te 0/46-47
Notice that VLAN 1, the default VLAN, is still inactive but now has the member ports you
configured as switchports in the previous step. Recall that VLAN 1 is the default VLAN for access
mode ports. The U designates untagged interfaces (frames are not tagged to identify VLAN
membership).
Step 4.6:
On S2, enable interfaces Te 0/46 and Te 0/47 with the no shutdown command.
S2(conf-if-range-te-0/46-47)# no shutdown
Step 4.7:
On S2, issue the show vlan command again, and note that VLAN 1 now has an ACTIVE status.
S2(conf-if-range-te-0/46-47)# do show vlan

NUM
* 1
Status
Description
Active
22
Ports
Te 0/46-47
Step 4.8:
On S2, make Te 0/47 a member of VLAN 101, and issue the no shutdown command for the
VLAN interface.
S2(conf)# interface vlan 101

S2(conf-if-vl-101)# untagged tengigabitethernet 0/47
S2(conf-if-vl-101)# no shutdown
Step 4.9:
On S2, issue the show vlan command and notice that VLAN 101 is now ACTIVE with Te 0/47 as
an untagged member port. Also note that Te 0/47 is no longer a member of the default VLAN.
S2(conf-if-vl-101)# do show vlan

-- output abbreviated
Codes: * - Default VLAN
NUM
* 1
101
Step 4.10:
Status
Active
Active
Description
Q
U
U
Ports
Te 0/46
Te 0/47
On S2, make Te 0/46 a member of VLAN 123, and issue the no shutdown command for the
VLAN interface.

S2(conf-if-vl-123)# untagged tengigabitethernet 0/46
Step 4.11:
an untagged member port. Also note that Te 0/46 is no longer a member of the default VLAN,
and that the default VLAN is now in an INACTIVE state, since there are no Active ports assigned
to it.

NUM
* 1
101
123
Status Description
Inactive
Active
Active
23
Ports
U
U
Te 0/47
Te 0/46
Step 4.12:
On S3, complete Steps 4.3 through 4.11. Since the interfaces used are the same and the VLAN
numbering is the same, the commands will be identical to the ones you configured on S2.
Step 4.13:
an untagged member port.

NUM
* 1
101
123
Status Description
Inactive
Active
Active
Ports
U
U
Te 0/47
Te 0/46
Output squashed together in ebook

Also note that Te 0/46 is no longer a member of the default VLAN, and that the default VLAN is
now in an INACTIVE state, since there are no Active ports assigned to it.
Step 4.14:
Refer to the topology diagram and observe the inter-switch link between S2 and S3 that will be
configured as a trunk to carry traffic traffic for both VLAN 101 and VLAN 123. The port on both
switches that will be configured in trunk mode is Fo 0/48.
Fo 0/48
VLAN 101
Fo 0/48
Trunk
VLAN 123
S2
Te 0/47
VLAN 101
Step 4.15:
S3
Te 0/46
Te 0/46
Te 0/47
VLAN 123
VLAN 123
VLAN 101
On S2, place Fo 0/48 in Layer 2 mode.
S2(conf)# interface fortyGigE 0/48

S2(conf-if-fo-0/48)# switchport
S2(conf-if-fo-0/48)# no shutdown
24
Step 4.16:
On S2, configure Fo 0/48 to carry traffic for both VLAN 101 and VLAN 123. Frames will be tagged
to distinguish VLAN membership on the inter-switch trunk link.
S2(conf)# interface range vlan 101 , vlan 123

S2(conf-if-range-vl-101,vl-123)# tagged fortyGigE 0/48
S2(conf-if-range-vl-101,vl-123)# no shutdown
Step 4.17:
On S2, issue the show vlan command and observe the output. You should now see that for the
access ports (Te 0/46 and Te 0/47), frames are untagged. You should see that for the trunk port
(Te 0/48) frames are tagged to distinguish VLAN membership across the trunk.
S2# show vlan

Q: U - Untagged, T Tagged
NUM
* 1
101
123
Step 4.18:
Status
Inactive
Active
Description
Active
Ports
T
U
T
Fo 0/48
Te 0/47
Fo 0/48
Te 0/46
Complete Steps 4.14 through 4.17 on S3.

25
Lab 3: Spanning Tree Protocols

Lab Directions:
This lab guides the course participant through configuration and verification of RSTP and MSTP on Dell
Networking N & S series switches.
Purpose:
1. Configuration and verification of RSTP on S-series and N-series switches in a
mixed network environment of both.
2. Configuration and verification of MSTP on S-series and N-series switches in a
mixed environment of both.
When to Use:
When deploying network architectures that require RSTP or MSTP on Dell Networking
switches.
Equipment:
Three Dell Networking S-series switches (DNOS v9.7), and four Dell Networking N-series
switches (DNOS v6.2).
26

Exercise 1: RSTP Configuration with S-Series Switches
Step 1.1:
View the topology diagram to become familiar with the devices and interfaces used in this
exercise.
S1
FortyGigE 0/20
FortyGigE 0/28
FortyGigE 0/60
S2
Step 1.2:
FortyGigE 0/60
FortyGigE 0/48
FortyGigE 0/48
On S1, S2, and S3, verify that all interfaces are DOWN, their default status.
S1# show interfaces status

Step 1.3:
On S1, view the primary options for spanning tree protocols.
S1# show spanning-tree ?

<0-0>
mst
msti
pvst
rstp
STP
MSTP
MSTP instance
Per VLAN spanning tree protocol information
RSTP
For this exercise, we will focus on RSTP.
Step 1.4:
S3
On S1, observe the output of the show spanning-tree rstp command.
S1# show spanning-tree rstp
27
Lab Note
On S-series swtiches, RSTP is disabled by default.
Dell Networking OS supports a single Rapid Spanning Tree (RST) instance.
All interfaces in VLANs and all enabled interfaces in Layer 2 mode are automatically added to the RST
topology.
Configuring RSTP is a two-step process:
1. Configure interfaces for Layer 2 mode.
2. Enable RSTP
Step 1.5:
Referring to the topology diagram above, place the interfaces connecting your S-series
switches in Layer 2 mode with the switchport command, and enable the interfaces with the
no shutdown command.
S1(conf)# interface range fortyGigE 0/20, fortyGigE 0/28

S1(conf-if-range-fo-0/20,fo-0/28)# switchport
S1(conf-if-range-fo-0/20,fo-0/28)# no shutdown
Step 1.6:
On S1, S2, and S3, issue the show interfaces status command to verify that (only) the interfaces
you have just enabled have an UP status.
28
Step 1.7:
On S1, S2 , and S3, enable RSTP globally, as shown in the example on S1.
S1(conf)# protocol spanning-tree rstp

S1(conf-rstp)# no disable
The example is shown on S1. Be sure to enable RSTP on S2 and S3 also.
Step 1.8:
On S1, S2, and S3, issue the show spanning-tree rstp brief command and observe the output.
Determine which switch is the root of the spanning tree. The root will display the same address
for the Root ID and the Bridge ID, and will also display the message, We are the root. Since
there are no configured priorities on these switches (they all have the default priority 32768),
RSTP has determined the root.
Observe also the RSTP bridge port roles and the port states and ensure that you understand
what they indicate (as discussed in the theory presentation prior to this lab). If you have questions
about port roles and states, ask your instructor.
S1# show spanning-tree rstp brief

Executing IEEE compatible Spanning Tree Protocol
Root ID Priority 32768, Address 0001.e88b.5d14
Root Bridge hello time 2, max age 20, forward delay 15
Bridge ID Priority 32768, Address 90b1.1cf4.a692
Configured hello time 2, max age 20, forward delay 15
Interface
Name
PortID
Prio
---------- -------- ---Fo 0/20 128.150 128
Fo 0/28 128.158 128
Interface
Name
Role
---------- -----Fo 0/20 Root
Fo 0/28 Altr
Designated
Cost
Sts
Cost
Bridge ID
------- ----------- ------- -------------------1400
FWD 1400 32768 0001.e88b.5d14
1400
BLK 1400 32768 0001.e88b.6572
PortID
-------128.150
128.158
Prio
---128
128
Cost
------1400
1400
Sts
----------FWD
BLK
Cost Link-type
------- ----1400 P2P
1400 P2P
Edge
---No
No
For the three switches configured to provide this example, you can see that S1 is not the root.
Further examination of the other two switches though provides the discovery that S2 is the root
for the three switches on which this lab was developed, as shown in the next output example.
The root for your three switches may not be S2. The root for your switches will depend on
their MAC addresses.
29
Recall that the Bridge ID is determined by the bridge priority and the switch MAC address. The
priority being the same on all switches, the MAC address will be used by RSTP to determine
which switch is the root.

Bridge ID Priority 32768, Address 0001.e88b.5d14
We are the root
Configured hello time 2, max age 20, forward delay 15
Interface
Name
PortID
Prio
---------- -------- ---Fo 0/48 128.178 128
Fo 0/60 128.190 128
Designated
Cost Sts
Cost
Bridge ID
------- ----------- ------- -----------------1400 FWD
0
32768 0001.e88b.5d14
1400 FWD
0
32768 0001.e88b.5d14
Interface
Name
Role PortID
Prio Cost Sts
Cost
Link-type
Edge
---------- ------ -------- ---- ------- ----------- ------- --------- ---Fo 0/48 Desg 128.178 128 1400 FWD
0
P2P
No
Fo 0/60
Desg 128.190 128
1400
FWD
Learning Check
Recall that RSTP has the following port roles and port states:
Port Roles:
- Root port
- Designated port
- Alternate port
- Backup port
- Disabled port
Port States:
- Discarding
- Learning
- Forwarding
30
P2P
No

Exercise 2: RSTP with N-series Switches
Step 2.1:
exercise.
Te 1/0/7
Te 1/0/7
N1
Te 1/0/5
Te 1/0/5
Te 1/0/4
Te 1/0/4
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
N3
Step 2.2:
N2
N4
On N1, N2, N3, and N4, shut all ports down. By default, they are enabled for Layer 2 mode on
N-series switches. The intention is to shut all ports down, then selectively enable only the ports
to be used in this exercise.
An example is shown here for N1. Both N1 and N2 are N4xxx switches, with both 10G and 40G
interfaces. Be sure to shut the same interfaces down on N2.

N1(config)# interface range fortygigabitethernet all
An example is shown here for N3. Both N3 and N4 are N3xxx switches, with both 1G and 10G
interfaces. Be sure to shut the same interfaces down on N4.

N3(config-if)# interface range tengigabitethernet all
31
Step 2.3:
Again, refer to the topology diagram to see which interfaces are used for this exercise and enable
them.
As can be seen, for N1 and N2, Te 1/0/4, Te 1/0/5 and Te 1/0/7 are used. The example shown
is on N1. Be sure to enable these three interfaces on N2 also.
N1(config)# interface range tengigabitethernet 1/0/4-5,te1/0/7

For N3 and N4, Gi 1/0/4 and Gi 1/0/5 are used. The example shown is on N3. Be sure to enable
these two interfaces on N4 also.
N3(config)# interface range gigabitethernet 1/0/4-5

Learning Check
Recall that for N-series switches, ports are enabled for Layer 2 mode by default.
RSTP is gloabally enabled on the switch for all ports and LAGs by default. This differs from S-series
switches which require enabling ports in Layer 2 mode and enabling RSTP.
Classic STP, STP-PV, RSTP-PV and MSTP are disabled.
Step 2.4:
On N1, N2, N3, and N4, issue the show spanning-tree active command and observe the output.
Determine which switch is the root of the spanning tree. The root will diplay the message, This
Switch is the Root. Since there are no configured priorities on these switches (they all have the
default priority 32768), RSTP has determined the root.
Also, observe the RSTP bridge port roles and the port states and ensure that you understand
what they indicate (as discussed in the theory presentation prior to this lab). If you have any
questions about the port roles and states, ask your instuctor.
For the switches on which this lab was developed, N2 is the root, as can be seen in the following
output. Your root switch may not be N2, depending on the MAC addresses of your switches.
32
N2# show spanning-tree active

Spanning Tree: Enabled (BPDU Flooding: Disabled) Portfast BPDU Filtering: Disabled
Mode: rstp
CST Regional Root:
80:00:00:1E:C9:DD:BA:77
Regional Root Path Cost: 0
###### MST 0 Vlan Mapped: 1
ROOT ID
Priority
32768
Address
001E.C9DD.BA77
This Switch is the Root.
Hello Time: 2s Max Age: 20s Forward Delay: 15s
Interfaces
Name
State
Prio.Nbr
Cost
Sts
Role
--------- -------- -------------------- ----Te1/0/4 Enabled 128.4
20000
FWD Desg
Te1/0/5 Enabled 128.5
20000
FWD Desg
Te1/0/7 Enabled 128.7
2000
FWD Desg
33
RestrictedPort
-------------No
No
No

Spanning Tree: Enabled (BPDU Flooding: Disabled) Portfast BPDU Filtering: Disabled
Mode: rstp
CST Regional Root:
80:00:F8:B1:56:67:D9:6D
Regional Root Path Cost: 0
###### MST 0 Vlan Mapped: 1
ROOT ID
Priority
32768
Address
001E.C9DD.BA77
Path Cost
20000
Root Port
Gi1/0/5
Bridge ID
Priority
32768
Address
F8B1.5667.D96D
Interfaces
Name
State
Prio.Nbr
Cost
Sts
Role RestrictedPort
--------- -------- ----------------- ---- ----- -------------Gi1/0/4 Enabled 128.4
20000
DSC Altn No
Gi1/0/5 Enabled 128.5
20000
FWD Root No
Recall that Bridge ID is determined by the bridge priority and the switch MAC address. The
priority being the same on all switches, the MAC address will be used by RSTP to determine
which switch is the root.
34

Exercise 3: Integrated S-series & N-series RSTP
Step 3.1:
exercise.
FortyGigE 0/20
S1
FortyGigE 0/60
FortyGigE 0/60
FortyGigE 0/48
S2
FortyGigE 0/28
FortyGigE 0/48
Te 0/46
Te 0/46
Te 0/47
Te 0/47
Te 1/1/3
Te 1/1/3
Te 1/1/4
Te 1/1/4
Te 1/0/7
N1
S3
Te 1/0/7
Te 1/0/5
N2
Te 1/0/5
Te 1/0/4
Te 1/0/4
VLAN x08
Gi 1/0/4
Gi 1/0/4
Gi 1/0/5
Gi 1/0/5
N4
N3
In this exercise, you will connect the S-series switches from Exercise 1 with the N-series switches
from Exercise 2. The links shown in red in the topology diagram will be enabled for Layer 2 mode
and RSTP.
Step 3.2:
Enable the interfaces connecting the S-series and N-series switches for Layer 2 mode.
On N1 and N2, enable Te 1/1/3 and Te 1/1/4. The example is shown on N1. Be sure to also
enable the two interfaces on N2.

35
On S2 and S3, configure Te 0/46 and Te 0/47 for Layer 2 mode and enable the interfaces. The
example is shown on S2. Be sure to also enable the two interfaces on S3.
S2(conf)# interface range tengigabitethernet 0/46, tengigabitethernet 0/47

S2(conf-if-range-te-0/46-47)# switchport
S2(conf-if-range-te-0/46-47)# no shutdown
Step 3.3:
On S2 and S3, enable RSTP as shown. The example is on S2. Be sure to enable RSTP on S3 also.

S2(conf-rstp)# no disable
Step 3.4:
Now that all seven switches are participating in the same spanning tree, issue the show
spanning-tree rstp brief command on your S-series switches and the show spanning-tree
active command on your N-series switches. Identify the root bridge and examine port roles and
port states on the different swtiches to verify that they are what you would expect, based on
your knowledge of RSTP operations.
--output abbreviated
ROOT ID
Priority
Address
32768
0001.E88B.5D14
For the switches used to write this lab, the root bridge is the one with the MAC address
highlighted in the example output above. This indicates that switch S2 is the root bridge of this
spanning tree, as can be verified below by observing the show spanning-tree rstp brief output
on S2. As mentioned previously, the root bridge on your network may differ depending on the
MAC addresses of your switches.

Bridge ID Priority 32768, Address 0001.e88b.5d14
We are the root
--output abbreviated--
36

Exercise 4: Influence Root Bridge Selection with Priority Setting
Step 4.1:
On S1, change the bridge priority from the default value (32768) to 4096 to have it now become
the root bridge. If your S1 switch is already the root bridge, complete this step on S2 instead
to have it become the root bridge.

S1(conf-rstp)# bridge-priority 4096
S1(conf-rstp)#04:44:51: %STKUNIT0-M:CP %SPANMGR-5-STP_ROOT_CHANGE: RSTP
root changed.
My Bridge ID: 4096:90b1.1cf4.a692 Old Root: 32768:0001.e88b.5d14 New Root:
4096:90b1.1cf4.a692
Step 4.2:
On N4, issue the show spanning-tree active command to verify that S1 is now the root bridge,
as indicated by S1s MAC address in the output. (Your MAC address for S1 will be different from
the one in the example.)

ROOT ID
Priority
4096
Address
90B1.1CF4.A692
37
Exercise 5: RSTP Portfast and BPDU Filtering

Step 5.1:
exercise.
Gi 1/0/4
Gi 1/0/5
Gi 1/0/1
N3
PC2
Step 5.2:
Gi 1/0/2
PC3
On N3, issue the show spanning-tree active command and observe that currently, Gi 1/0/4 and
Gi 1/0/5 are enabled.
--output abbreviated-Interfaces
Name
State
Prio.Nbr
Cost
--------- -------- --------- --------Gi1/0/4 Enabled 128.4
20000
Sts
Role RestrictedPort
---- ----- -------------DSC Altn No
Gi1/0/5 Enabled
FWD Root No
Step 5.3:
128.5
20000
On N3, enable interfaces Gi 1/0/1 and Gi 1/0/2, ports connected to PC2 and PC3, respectively.

38
Step 5.4:
On N3, issue the show spanning-tree active command to verify that Gi 1/0/1 and Gi 1/0/2 are
now enabled.
Interfaces
Name
State
--------- -------Gi1/0/1 Enabled
Gi1/0/2 Enabled
Gi1/0/4 Enabled
Gi1/0/5 Enabled
Step 5.5:
Prio.Nbr
Cost
Sts
Role RestrictedPort
--------- --------- ---- ----- -------------128.1
20000
FWD Desg No
128.2
20000
FWD Desg No
128.4
20000
DSC Altn No
128.5
20000
FWD Root No
On N3, for ports Gi 1/0/1 and Gi 1/0/2, enable portfast and BPDU filtering as shown below.

N3(config-if)# spanning-tree portfast
N3(config-if)# spanning-tree portfast bpdufilter default
Lab Note
The PortFast feature reduces STP convergence time by allowing edge ports connected to end devices to
transition to the forwarding state quicker than non-edge ports.
Ports that have the PortFast featue enabled continue to transmit BPDUs.
Enabling BPDU filtering on a specific port prevents the port from sending BPDUs and allows the port to
drop any BPDUs it receives.
39
Step 5.6:
On N3, for Gi 1/0/1 and Gi 1/0/2, verify that the PortFast feature is enabled as well as BPDU
filtering.
N3# show spanning-tree gigabitethernet 1/0/1

Port: Gi1/0/1 Enabled
State: Forwarding
Role: Designated
Port ID: 128.1
Port Cost: 20000
Port Fast: Yes
Root Protection: No
Designated Bridge Priority: 32768
Address: F8B1.5667.D96D
Designated Port ID: 128.1
Designated Path Cost: 23400
CST Regional Root: 80:00:F8:B1:56:67:D9:6D
Root Guard..................................... False
Loop Guard..................................... False
TCN Guard...................................... False
Auto Portfast.................................. True
BPDU Filter Mode............................... Enabled
Time Since Counters Last Cleared............... 0d0h14m14s
BPDUs: Sent: 5196, Received: 0
40

Exercise 6: Single Region MSTP with S-series and N-series Switches
Step 6.1:
exercise.
MSTI 1
ROOT
Fo 0/48
Fo 0/48
MSTI 2
ROOT
S2
S3
Te 0/46
Te 0/47
MSTI 1
VLANs 2,4,6,8,10
MSTI 2
VLANs 3,5,7,9,11
Te 1/1/4
Te 1/1/3
N1
The topology diagram represents the end objective of this exercise. There will be incremental
steps to achieve this solution.
Lab Note
On S-series and N-series swtiches, MSTP is not enabled by default.
Configuring MSTP is a four-step process:
1. Configure interfaces for Layer 2 mode.
2. Place the interfaces in VLANs.
3. Enable MSTP.
4. Create multiple spanning tree instances and map VLANs to them.
41
Step 6.2:
On S2 and S3, shut the interfaces down that are not used in this exercise. The objective is to
have only the interfaces shown in the topology diagram above enabled.
On S2, shut Fo 0/46 and Te 0/60 down.
S2(conf)# interface tengigabitethernet 0/46

S2(conf-if-te-0/46)# shutdown
S2(conf-if-fo-0/60)# shutdown
On S3, shut Fo 0/47 and Te 0/60 down.

Step 6.3:
On S2 and S3, issue the show interfaces status command and verify that only the interfaces
used in this exercise are enabled. Refer to the topology diagram above.
For S2, only Te 0/47 and Fo 0/48 should have an UP status.
For S3, only Te 0/46 and Fo 0/48 should have an UP status.
Step 6.4:
On N1, shut all ports down as shown here.

N1(config)# interface range fortygigabitethernet all
Step 6.5:
On N1, enable Te 1/1/3 and Te 1/1/4, the interfaces used in this exercise, as shown in the
topology diagram above.

Step 6.6:
On N1, issue the show interfaces status command to verify that Te 1/1/3 and Te 1/1/4 are the
only interfaces with an UP link state.
42

Step 6.7:
The first step to configure MSTP is to have all interfaces enabled for Layer 2. Since default
settings on N-series meet the requirement, and since the S-series interfaces should stilll have
these settings based on their configuration for RSTP, all interfaces shown above in the topology
diagram should be ready for the next step for configuring MSTP.
On S2 and S3, verify that the interfaces used in this exercise are configured with the switchport
command and are enabled with the no shutdown command.
S2# show running-config interface tengigabitethernet 0/47

!
interface TenGigabitEthernet 0/47
no ip address
switchport
no shutdown
S2# show running-config interface fortyGigE 0/48
!
interface fortyGigE 0/48
no ip address
switchport
no shutdown
The example shown is on S2. Verify these settings on S3 for Te 0/46 and Fo 0/48 also.
Step 6.8:
On N1, S2 and S3, create VLANs 2 through 11.
N1(config)# vlan 2-11

N1(config-vlan2-11)#
S2(conf)# interface group vlan 2-11
S2(conf-if-group-vl-2-11)# no shutdown
For S-series, the example is shown on S2. Be sure to create and enable these VLANs on S3 also.
Step 6.9:
On S2, S3, and N1, create VLAN trunks between all three switches to exchange tagged frames
for VLANs 2-11.
S2(conf)# interface range vlan 2-11

S2(conf-if-range-vl-2-11)# tagged tengigabitethernet 0/47
S2(conf-if-range-vl-2-11)# tagged fortyGigE 0/48
43
S3(conf)# interface range vlan 2-11

S3(conf-if-range-vl-2-11)# tagged tengigabitethernet 0/46
S3(conf-if-range-vl-2-11)# tagged fortyGigE 0/48

N1(config-if)# switchport mode trunk
Step 6.10:
On N1, verfiy creation of the VLANs from the previous step, and that Te 1/1/3 and Te 1/1/4 are
serving as trunks for these VLANs.
N1(config-if)# do show vlan

VLAN Name
----- --------------1
default
2
3
4
5
6
7
8
9
10
11
VLAN0002
VLAN0003
VLAN0004
VLAN0005
VLAN0006
VLAN0007
VLAN0008
VLAN0009
VLAN0010
VLAN0011
Ports
------------Po1-128,
Te1/0/1-24,
Te1/1/1-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Te1/1/3-4
Type
-------------Default
Static
Static
Static
Static
Static
Static
Static
Static
Static
Static
On S2 and S3, verify creation of the VLANs and trunks from the previous step.
On S2, verify that Te 0/47 and Fo 0/48 are serving as trunks for these VLANs.
44
The example below is shown on S2. Be sure to also verify VLAN creation on S3, and that Te 0/46
and Fo 0/48 are trunking for the created VLANs.
S2# show vlan
NUM
* 1
Status
Inactive
Active
Active
Active
Active
Active
Active
Active
Active
10
Active
11
Active
Step 6.11:
Description
Q Ports
U Te 0/46
U Fo 0/60
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
T Te 0/47
T Fo 0/48
On S2, S3, disable RSTP.
S2(conf)# no protocol spanning-tree rstp
45
The example is shown on S2. Be sure to also disable RSTP on S3.

Step 6.12:
On S2 and S3, enable MSTP globally, naming the MST region DellNet. Create MST Intance 1 and
map VLANs 2,4,6,8, and 10 to it. Create MST Instance 2 and map VLANs 3,5,7,9, and 11 to it.
S2(conf)# protocol spanning-tree mstp

S2(conf-mstp)# name DellNet
S2(conf-mstp)# no disable
S2(conf-mstp)# msti 1 vlan 2,4,6,8,10
S2(conf-mstp)# msti 2 vlan 3,5,7,9,11
The example is shown on S2. Be sure to configure these tasks on S3 also.
On N1, enable MSTP globally, naming the MST region DellNet. Create MST Intance 1 and map
VLANs 2,4,6,8, and 10 to it. Create MST Instance 2 and map VLANs 3,5,7,9, and 11 to it.
N1(config)# spanning-tree mode mst

N1(config)# spanning-tree mst configuration
N1(config-mst)# instance 1 add vlan 2,4,6,8,10
N1(config-mst)# instance 2 add vlan 3,5,7,9,11
N1(config-mst)# name DellNet
Step 6.13:
On S2 and S3, with the show spanning-tree mst configuration command, verify your MSTP
configuration - including region name and VLANs mapped to the appropriate MST instances.
The revison number is the default, 0.
S2# show spanning-tree mst configuration

MST region name: DellNet
Revision: 0
MSTI
VID
1
2,4,6,8,10
2
3,5,7,9,11
46
Verify MST settings on N1.
N1# show spanning-tree mst-configuration

Name: DellNet
Revision: 0
Instance
---------0
1
2
Step 6.14:
Vlan Mapped
---------------1
2, 4, 6, 8, 10
3, 5, 7, 9, 11
Having verified the MSTP configuration on S2, S3, and N1, the objective now is to determine
which switch in the MST region is the root bridge.
For the three switches used to write this lab, S2 was the root bridge. Because no priorities have
been set to specify which switch you want to be the root, MSTP has determined the root based
on MAC addresses. For your network, S2 may not be the root. Use the show spanning-tree
msti command on S2 and S3; and on N1, use the show spanning-tree active instance instanceID command for MSTI 1 and MSTI 2 to determine the root bridge for your network.
Example output for the show spanning-tree msti command on S2 from the course
development network is shown here. Your output will differ depending on which switch is
elected as the root in your network (based on the MAC addresses of your switches).
S2# show spanning-tree msti
--output abbreviated-MSTI 1 VLANs mapped 2, 4, 6, 8, 10

Root Identifier has priority 32768, Address 0001.e88b.5d14
Bridge Identifier has priority 32768, Address 0001.e88b.5d14
We are the root of MSTI 1
Current root has priority 32768, Address 0001.e88b.5d14
MSTI 2 VLANs mapped 3, 5, 7, 9, 11
47
Example output for the show spanning-tree active instance instance-ID command for MSTI 1
and MSTI 2 on N1 from the course development network is shown here. Your output will differ
depending on which switch is elected as the root in your network.
N1(config)# show spanning-tree active instance 1
--output abbreviated-Mode: mst

###### MST 1 Vlan Mapped: 2, 4, 6, 8, 10
ROOT ID
Priority
32768
Address
0001.E88B.5D14
Path Cost
2000
Root Port
Te1/1/3
N1(config)# show spanning-tree active instance 2
--output abbreviated-Mode: mst

###### MST 2 Vlan Mapped: 3, 5, 7, 9, 11
ROOT ID
Priority
32768
Address
0001.E88B.5D14
Path Cost
2000
Root Port
Te1/1/3
Lab Note
Although you now have mutiple spanning tree instances with different VLANs mapped to each MSTI, both
MSTIs are still using the same switch for its root bridge.
To take full advantage of the MST protocol, you can configure different switches to be the root for
different MSTIs so all VLANs do not take the same path. Having different root bridges for your two MSTIs
will allow load balancing.
The remainder of this lab will be dedicated to this objective.
48

Step 6.15:
Configure S2 to be the root of MSTI 1 by lowering the bridge priority from the default to 4096.

S2(conf-mstp)# msti 1 bridge-priority 4096
Configure S3 to be the root of MST2 by lowering the bridge priority from the default to 8192.

S3(conf-mstp)# msti 2 bridge-priority 8192
Step 6.16:
On S2, issue the show spanning-tree msti command and observe the output. You should see
that S2 is the root of MSTI 1.

On S3, issue the show spanning-tree msti command and observe the output. You should see
that S3 is the root of MSTI 2.

Root Identifier has priority 8192, Address 0001.e88b.6572
Bridge Identifier has priority 8192, Address 0001.e88b.6572
Current root has priority 8192, Address 0001.e88b.6572
Step 6.17:
As you did in Step 6.14, on N1, issue the show spanning-tree active instance instance-ID for
MSTI 1 and MSTI 2. Notice now that for the two instances, the root ID is now different, as is the
root port, since S2 and S3 are now the root bridges for MSTI 1 and MSTI 2, respectively.

49
Lab 4: Link Aggregation with Port Channels

Lab Description:
This lab guides the course participant through link aggregation configuration and verification.
Purpose:
1. Create static port channels (LAGs).
2. Create dynamic port channels with LACP.
When to Use:
When using port channels for link aggregation with Dell Networking S-series and Nseries switches.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7), and two Dell Networking Nseries switches (DNOS v6.2).
50

Exercise 1: Static Port Channels on S-series Switches
Step 1.1:
exercise.
S2
Fo 0/48
Fo 0/48
Fo 0/52
Fo 0/52
S3
Po1
Step 1.2:
On S2, issue the show vlan command and observe the output.
S2# show vlan

NUM
* 1
Status Description
Inactive
Q Ports
Recall that there are no interfaces or port channels as members of VLAN 1 by default on S-series
switches.
Step 1.3:
On S2, create a port channel with an id-number 1. With the switchport command, place the
port channel in Layer 2 mode, and enable it with the no shutdown command.
S2(conf)# interface port-channel 1

S2(conf-if-po-1)# switchport
S2(conf-if-po-1)# no shutdown
Step 1.4:
On S2, verify your configuration.
S2(conf-if-po-1)# show config

!
interface Port-channel 1
no ip address
switchport
no shutdown
51
Step 1.5:
On S2, issue the show vlan command. Observe that your Po1 has been assigned as a member
in the default VLAN. The VLAN status is though Inactive and there are no physical ports
associated with the port channel, as indicated by the empty brackets next to Po1, ( ) .
S2(conf-if-po-1)# do show vlan

NUM
* 1
Step 1.6:
Status Description
Inactive
Q
U
Ports
Po1 ( )
On S2, assign Fo 0/48 and Fo 0/52 as channel members of the newly created port channel.

S2(conf-if-po-1)# channel-member fortyGigE 0/48,52
Step 1.7:
On S2, verify the configuration of the port channel.
S2(conf-if-po-1)# show config

!
interface Port-channel 1
no ip address
switchport
channel-member fortyGigE 0/48,52
no shutdown
Step 1.8:
On S2, issue the show vlan command and observe the output. Verify that Fo 0/48 and Fo 0/52
are members of Po1.
S2(conf-if-po-1)#do show vlan

--output abbreviated-NUM
* 1
Status
Description
Q Ports
Inactive
U Po1(Fo 0/48,52)
52
Step 1.9:
On S2, issue the show interfaces port-channel 1 brief command.
S2(conf-if-po-1)# do show interfaces port-channel 1 brief
LAG Mode
1
L2
Status
Uptime
Ports
down
00:00:00
Fo 0/48
(Down)
Fo 0/52
(Down)
Verify that the LAG is in Layer 2 mode, and that Fo 0/48 and Fo 0/52 are members.
Step 1.10:
On S2, enable Fo 0/48 and Fo 0/52.

S2(conf-if-fo-0/48)#00:26:30: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP:
Changed interface Admin state to up: Fo 0/48
S2(conf-if-fo-0/48)# interface fortyGigE 0/52

S2(conf-if-fo-0/52)#00:26:46: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP:
Changed interface Admin state to up: Fo 0/52
Step 1.11:
On S3, create interface port-channel 1, and place it in Layer 2 mode. Assign Fo 0/48 and Fo
0/52 as channel members, and enable the port channel interface.

53
Step 1.12:
On S3, enable Fo 0/48 and Fo 0/52.

no shutdown
AsS3(conf-if-range-fo-0/48,fo-0/52)#
you bring up these interfaces, you should notice
messages that the physical interfaces AND the port channel
interface change to an up state.
Step 1.13:
On S3, verify the up status of the LAG and physical interfaces.
S3(conf-if-fo-0/52)# do show interfaces port-channel 1 brief

LAG
1
Mode
Status
L2
up
Step 1.14:
Uptime
Ports
00:01:03
Fo 0/48
(Up)
Fo 0/52
(Up)
On S3, verify that VLAN 1 is now active.
S3(conf-if-fo-0/52)# do show vlan

--output abbreviated-NUM
* 1
Step 1.15:
Status
Description
Q Ports
Active
U Po1(Fo 0/48,52)
On S3, issue the show interfaces port-channel 1 command to verify its up status and channel
members.
S3# show interfaces port-channel 1

Port-channel 1 is up, line protocol is up
Hardware address is 00:01:e8:8b:65:74, Current address is 00:01:e8:8b:65:74
Interface index is 1258291712
Minimum number of links to bring Port-channel up is 1
Internet address is not set
Mode of IPv4 Address Assignment : NONE
DHCP Client-ID :0001e88b6574
MTU 1554 bytes, IP MTU 1500 bytes
LineSpeed 80000 Mbit
Members in this channel: Fo 0/48(U) Fo 0/52(U)
--output truncated--
54
Step 1.16:
On S3, verify the up status of the channel member physical interfaces and their membership in
Po1.
S3# show interfaces fortyGigE 0/48

fortyGigE 0/48 is up, line protocol is up
Port is part of Port-channel 1
--output omitted-S3# show interfaces fortyGigE 0/52

--output omitted--
55
Exercise 2: Dynamic Link Aggregation with LACP on S-series Switches

Step 2.1:
exercise.
S2
Fo 0/48
Fo 0/48
Fo 0/52
Fo 0/52
S3
Po1
Step 2.2:
On both S2 and S3, remove interfaces Fo 0/48 and Fo 0/52 from port channel 1.

S2(conf-if-po-1)# no channel-member fortyGigE 0/48,52
Step 2.3:
On both S2 and S3, create a new LAG interface, port-channel 7, as shown in the example below
on S2.

S2(conf-if-po-7)#6d1h35m: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP:
Changed interface Admin state to up: Po 7
Step 2.4:
On both S2 and S3, configure Fo 0/48 and Fo 0/52 as dynamic LAG interfaces.

S2(conf-if-range-fo-0/48,fo-0/52)#no shutdown
S2(conf-if-range-fo-0/48,fo-0/52)# port-channel-protocol lacp
S2(conf-if-range-fo-0/48,fo-0/52-lacp)# port-channel 7 mode active
56
Step 2.5:
On S2, verify the up status of port-channel 7, and confirm channel members.
S2# show interfaces port-channel 7

Port-channel 7 is up, line protocol is up
Created by LACP protocol
--output omitted
Members in this channel: Fo 0/48(U) Fo 0/52(U)
Step 2.6:
On S2, verify the up status of the channel member physical interfaces and their membership in
Po1.

--output omitted--

--output omitted-Step 2.7:
On S2, issue the show vlan command to verify that VLAN 1 is active and that Po7 is untagged
with members Fo 0/48 and Fo 0/52.
S2# do show vlan
--output omitted-NUM
* 1
Status
Active
Description
Q Ports
U Po1()
U Po7(Fo 0/48,52)
57
Exercise 3: Static Port Channels on N-series Switches

Step 3.1:
exercise.
N1
Te 1/0/7
Te 1/0/7
Te 1/0/8
Te 1/0/8
N2
Po1
Step 3.2:
On N1, issue the show vlan command and observe the output. Notice that for N-series switches,
all port channels are members of VLAN 1 by default.
N1# show vlan
VLAN Name
----- -----1
default
Step 3.3:
Ports
Type
---------- -------------Po1-128,
Default
Te1/0/1-24,
Te1/1/1-4
On N1, shut all 10 gigabit interfaces down.

Step 3.4:
On N1, enter configuration mode for the specified LAG (use port-channel 3). Configure a
description for the LAG (use N1_N2_LAG). Set the minimum links that must be up for the LAG
to be active as two (both) links.
N1(config-if)# interface port-channel 3

N1(config-if-Po3)# port-channel min-links 2
N1(config-if-Po3)# description N1_N2_LAG
58
Step 3.5:
On N1, verify the configuration of the port channel.
N1(config-if-Po3)# show running-config interface port-channel 3
description "N1_N2_LAG"
port-channel min-links 2
Step 3.6:
On N1, configure Te 1/0/7 and Te 1/0/8 to be member of a static LAG, Po3. Specify the keyword
on for the mode with the channel-group command to have the ports join a static LAG (without
using LACP).

N1(config-if)# channel-group 3 mode on
Step 3.7:
On N1, issue the show interfaces port-channel 3 command and observe the output. Note the
Ch-Type is Static. At this time the status is inactive.
N1# show interfaces port-channel 3
Channel
------Po3
Ports
-----------------------Inactive: Te1/0/7, Te1/0/8
Ch-Type
-------Static
--output abbreviated-Step 3.8:
On N1, bring up Te 1/0/7 and Te 1/0/8.

N1(config-if)# no shut
59
Hash Type Min-links

--------------7
2
Step 3.9:
On N1, issue the show interfaces port-channel 3 command and observe the output. Note that
the status is now Active.
Channel
------Po3
Ports
-----------------------Active: Te1/0/7, Te1/0/8
Ch-Type
-------Static
Hash Type Min-links

--------------7
2
On N2, repeat steps 3.3 through 3.9.
Step 3.11:
On N2, shut interface Te 1/0/8 down, and then issue the show interfaces port-channel 3
command and observe the output. Notice that the LAG is now inactive.
N2(config)# interface tengigabitethernet 1/0/8

N2(config-if-Te1/0/8)# shut
N2(config-if-Te1/0/8)# do show interfaces port-channel 3
Channel
------Po3
Ports
-----------------------Inactive: Te1/0/7, Te1/0/8
Ch-Type
-------Static
60
Hash Type Min-links

--------------7
2
Step 3.12:
On N2, view the configuration for the port channel. Recall that you have configured the
minimum number of links for the LAG to be considered active as two (both links).
N2# show running-config interface port-channel 3

description "N1_N2_LAG"
port-channel min-links 2
Step 3.13:
On N1 and N2, modify the configuration for the LAG to return to the default number of minimum
links that must be up to consider the LAG active (1 link).
N1(config-if)# interface port-channel 3

N1(config-if-Po3)# no port-channel min-links
Complete this step on N2 also.
Step 3.14:
On either N1 or N2, issue the show interfaces port-channel 3 command and observe the output.
Notice that the LAG is now active on Te 1/0/7 since only one link being up is now the minimum
requirement to consider the LAG active.
Channel
------Po3
Ports
-----------------------Active: Te1/0/7
Inactive: Te1/0/8
Ch-Type
-------Static
Hash Type Min-links

--------------7
2
On both N1 and N2, remove the static LAG configuration from Te 1/0/7 and Te 1/0/8 with the
no channel-group command.

N1(config-if)# no channel-group
61
Step 3.16:
On either N1 or N2, issue the show interfaces port-channel 3 command and verify that there
are no configured ports for the LAG.
Channel
------Po3
Ports
-----------------------No Configured Ports
Ch-Type
-------Static
62
Hash Type Min-links

--------------7
2

Exercise 4: Dynamic Link Aggregation with LACP on N-series Switches
Step 4.1:
exercise.
N1
Te 1/0/7
Te 1/0/7
Te 1/0/8
Te 1/0/8
N2
Po1
Step 4.2:
On both N1 and N2, enable interface Te 1/0/8. Example is shown on N1.

N1(config-if-Te1/0/8)# no shutdown
Step 4.3:
On both N1 and N2, configure Te 1/0/7 and Te 1/0/8 to be member of a dynamic LAG, Po3.
Specify the keyword active for the mode with the channel-group command to have the ports
join a dynamic LAG using LACP.

N1(config-if)# channel-group 3 mode ?
active
on
Force the port to port-channel with LACP.

Force the port to port-channel without LACP.
N1(config-if)# channel-group 3 mode active

Step 4.4:
On either N1 or N2, issue the show interfaces port-channel 3 command and verify that there
Te 1/0/7 and Te 1/0/8 are active members of the dynamic (LACP) LAG.
N2(config-if)# do show interfaces port-channel 3

Channel
------Po3
Ports
-----------------------Active: Te1/0/7, Te1/0/8
Ch-Type
-------Dynamic
Hash Type Min-links

--------------7
2
On N1, issue the show lacp tengigabitethernet 1/0/7 command to see LACP parameters
(including ACTIVE LACP Activity) and LACP Statistics (to verify that LACP PDUs are being sent
and received). Alternatively, the output of these two commands can be viewed separately with
63
the show lacp tengigabitethernet 1/0/7 parameters command and the show lacp
tengigabitethernet 1/0/7 statistics command.
Te 1/0/7 on N1 is used here as an example, but these commands can be used on either switch
with LAG member interfaces.

64
Lab 5: VLT and MLAG

Lab Description:
This lab guides the course participant through VLT configuration (on S-series switches) and MLAG
configuration (on N-series switches).
Purpose:
1. Configure VLT with Dell Networking S-series switches.
2. Configure MLAG with Dell Networking N-series switches.
When to Use:
When deploying network architectures that include VLT or MLAG for link aggregation
group (LAG) termination on two separate distribution or core switches with Dell
Networking S-series or N-series switches.
Equipment:
Three Dell Networking S-series switches (DNOS v9.7), and three Dell Networking N-series
Lab Note
This lab covers VLT (S-series) and MLAG (N-series). Although there are differences between VLT and MLAG,
they both allow a downstream device to view a LAG to two separate physical switches upstream to appear
as a single virtual link.
Commonly, the link between two VLT or MLAG peers that maintains a health check between the two
devices will be over the OoB network. For this lab, the OoB network is simulated by connections between
VLT and MLAG peers that are preconfigured. These links require Layer 3 configuration with IP addressing,
topics which are covered later in the course.
For this lab, VLT LAGs will be static. MLAG port channels will be dynamic. This is in keeping with the
recommendations in the Dell Networking S-series and N-series configuration guides.
Also noteworthy is that one of the benefits of virtual LAGs is a loop-free topology with the elimination of
STP-blocked ports. However, a spanning tree protocol is commonly used prior to the establishement of
the virtual LAG to prevent potential loops, and thereafter to prevent loops from forming with new links that
are incorrectly connected outside of the VLT/MLAG domain.
65
Exercise 1: VLT Configuration with S-Series Switches

Step 1.1:
exercise.
VLT Domain 777

Te 1/1/3
N1
Te 1/1/4
Te 0/47
VLT
Peer 1
Te 0/46
Fo 0/48
S2
Fo 0/48
Fo 0/52
Fo 0/60
Fo 0/52
S3
VLT
Peer 2
Fo 0/60
VLTi
Po 100
VLT
Po 32
Fo 0/20
Fo 0/28
S1
Step 1.2:
The backup link has been preconfigured between S2 and S3, via N1. From S2, ping S3s Te
0/46 address, 192.168.10.3 to verify connectivity across the backup link. Heartbeat messages
are exchanged between the two chassis over the backup link for health checks.
S2# ping 192.168.10.3

Type Ctrl-C to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100.0 percent (5/5), round-trip min/avg/max = 0/4/20 (ms)
If you cannot successfully ping S3, tell your instructor, and do not continue with the lab until
the problem is resloved.
66

Step 1.3:
On S2 and S3, create a port-channel for link aggregation across the ports in the VLT
interconnect (VLTi). Dell Networking recommends configuring a static LAG for the VLTi. Specify
100 for the channel-number. Add interfaces Fo 0/48 and Fo 0/52 to the port channel, as shown
in the example on S2, below.

The example is shown on S2. Be sure to also configure the port channel and assign channel
members on S3.
Step 1.4:
On S2 and S3, enable Fo 0/48 and Fo 0/52.

S2(conf-if-range-fo-0/48,fo-0/52)# no shut
The example is shown on S2. Be sure to also enable these two interfaces on S3.
Step 1.5:
On S2, configure the VLT domain with domain-id 777. Specify port channel 100 as the chassis
interconnect trunk between VLT peers in the domain. Configure the IP address of the interface
to be used as the endpoint of the VLT backup link. The end point is S3s Te 0/46 address,
192.168.10.3.
S2(conf)# vlt domain 777

S2(conf-vlt-domain)# peer-link port-channel 100
S2(conf-vlt-domain)# back-up destination 192.168.10.3
On S3, configure the VLT domain with domain-id 777. Specify port channel 100 as the chassis
interconnect trunk between VLT peers in the domain. Configure the IP address of the interface
to be used as the endpoint of the VLT backup link. The endpoint is S2s Te 0/47 address,
192.168.10.1.
S3(conf)# vlt domain 777

S3(conf-vlt-domain)# peer-link port-channel 100
S3(conf-vlt-domain)# back-up destination 192.168.10.1
S3(conf-vlt-domain)#ex00:37:59: %STKUNIT0-M:CP %VLTMGR-6-VLT_HBEAT_UP:
Heart beat link is up.
67
Notice that once both sides have been configured, you should see a message that the heart
beat link is up.
Step 1.6:
On both S2 and S3, connect the VLT domain to the attached access device, in this case switch
S1. Configure the same port channel ID number 32 on each peer switch in the VLT domain (S2
& S3). Place the port channel in Layer 2 mode with the switchport command. Assign interface
Fo 0/60 to the port channel (on both S2 and S3, Fo 0/60 connects to S1). Associate the port
channel to the corresponding port channel in the VLT peer for the VLT con nection to the
attached device with the vlt-peer-lag port-channel command, specifying 32 as the id-number.

S2(conf-if-po-32)# channel-member fortyGigE 0/60
S2(conf-if-po-32)# vlt-peer-lag port-channel 32
The example is shown on S2. Be sure to also commplete these tasks on S3.
Step 1.7:
On both S2 and S3, enable interface Fo 0/60, for the link on both switches to S1.

S2(conf-if-fo-0/60)# no shut
The example is shown on S2. Be sure to complete the step on S3 also.
Step 1.8:
On S1, the downstream access switch, configure port channel 32 with interface members Fo
0/20 and Fo 0/28. From the topology diagram, you can see that Fo 0/20 is connected to S2 and
Fo 0/28 is connected to S3.

S1(conf-if-po-32)# no shut
It is noteworthy here that from the perspective of S1, the two chassis members that comprise
the VLT domain appear as a single (logical) device. This is the virtual component of VLT.
68

Step 1.9:
On S1, enable interfaces Fo 0/20 and Fo 0/28.

S1(conf-if-range-fo-0/20,fo-0/28)# no shut
Step 1.10:
On S1, isue the show interfaces port-channel 32 brief command, and verfiy that the LAG is
operational - although from the perspective of this device, it is unaware that there are multiple
physical devices on the other end.
S1# show interfaces port-channel 32 brief

LAG
Mode
Status
Uptime
Ports
32
L2
up
00:02:19
Fo 0/20
(Up)
Fo 0/28
(Up)
Step 1.11:
On S2, observe the status of the LAG to the downstream access switch, S1.
Fo 0/60 is the single member interface on S2 for lag 32. If you observe the status on S3, you will
see that S3s interface Fo 0/60 is the other channel member of the virtual link.

LAG
Mode
Status
Uptime
Ports
32
L2
up
00:03:08
Fo 0/60
Step 1.12:
(Up)
On S2, observe the status of the LAG to its VLT peer, S3.
LAG
Mode
Status
100
L2
up
Uptime
00:37:34
69
Ports
Fo 0/48
(Up)
Fo 0/52
(Up)
Note that the the show interfaces port-channel brief command (without specifying the port
channel number) will show the combined output from this and the previous step.
Step 1.13:
On S2, issue the show vlt backup-link command to verify that the peer heartbeat status is up.
The destination address is the backup-link endpoint interface (S3s Te 0/46) address.
S2# show vlt backup-link

VLT Backup Link
----------------Destination:
Peer HeartBeat status:
192.168.10.3
Up
-- output truncated -Step 1.14:
On S2, issue the show vlt brief command and observe the output. Verify the VLT domain ID that
you have configured (777). Verify that the HeartBeat Status and VLT Peer Status are Up. Note
that S2 has the Primary role, based on its lower MAC address (compared with S3, the remote
system).
S2# show vlt brief

VLT Domain Brief
-----------------Domain ID:
Role:
Role Priority:
ICL Link Status:
HeartBeat Status:
VLT Peer Status:
777
Primary
32768
Up
Up
Up
Local System MAC address:

Remote System MAC address:
00:01:e8:8b:5d:14
00:01:e8:8b:65:72
70
Step 1.15:
On S2, issue the show vlt role command. This is another way to see the roles of the VLT peers.
The same command run on S3 would show the same default Local System Role Priority, 32768.
As mentioned in the previous step, without configuring priorities, the lowest system MAC
address is used to determine the primary and secondary peers.
S2# show vlt role

VLT Role
---------VLT Role:
System MAC address:
Primary Role Priority:
Local System MAC address:
Local System Role Priority:
Step 1.16:
Primary
00:01:e8:8b:5d:14
32768
00:01:e8:8b:5d:14
32768
On S2, issue the show vlt detail command to display status information for the virtual LAG.
S2# show vlt detail

Local LAG Id
Peer LAG Id Local Status
---------------------- -----------32
32
UP
Peer Status Active VLANs

----------- ------------UP
1
Notify the instructor you have completed Exercise 1.

A new configuration file will be loaded onto your switches
before you continue with Exercise 2 (MLAG).
71
Exercise 2: MLAG Configuration with N-series Switches

Step 2.1:
exercise.
MLAG Domain
Te 1/0/9
MLAG
Peer 1
Te 1/0/9
Te 1/0/7
N1
Te 1/0/4
Te 1/0/7
Te 1/0/8
N2
Te 1/0/8
MLAG
Peer 2
Te 1/0/5
MLAG Peer Link

Po 1
MLAG
Po 2
Gi 1/0/4
Gi 1/0/5
N3
MLAG
Partner
Step 2.2:
From N1, ping N2. Both N1 and N2 are preconfigured with VLAN 3, with Te 1/0/9 as member
ports on each switch. The IP address for N1 is 192.168.1.10, and the IP address for N2 is
192.168.1.11. This link will be used for keepalive exchange between the two MLAG peers as a
health check to monitor chassis up state.
N1# ping 192.168.1.11

Pinging 192.168.1.11 with 0 bytes of data:
Reply From 192.168.1.11: icmp_seq = 0. time= 2063 usec.
72

If you cannot successfully ping N2, tell your instructor, and do not continue with the lab until
the problem is resloved.
Step 2.3:
Configure the vPC domain on the MLAG peer devices, N1 and N2, as shown. Use the number 1
as the VPC domain ID. Configure the device priority using the role command. For N1, configure
a priority of 50. For N2, configure a priority of 250.
N1(config)# vpc domain 1

N1(config-vpc 1)# role priority 50
N1(config-vpc 1)# peer-keepalive enable
N1(config-vpc 1)# peer-keepalive destination 192.168.1.11 source 192.168.1.10
N1(config-vpc 1)# peer detection enable
N2(config)# vpc domain 1
N2(config-vpc 1)# role priority 250
N2(config-vpc 1)# peer-keepalive enable
N2(config-vpc 1)# peer-keepalive destination 192.168.1.10 source 192.168.1.11
N2(config-vpc 1)# peer detection enable
Step 2.4:
On both N1 and N2, configure a port channel as the VPC peer-link between the MLAG peers.
Enable trunking on the peer-link.
N1(config)# interface port-channel 1

N1(config-if-Po1)# description MLAG-PEER-LINK
N1(config-if-Po1)# spanning-tree disable
N1(config-if-Po1)# switchport mode trunk
N1(config-if-Po1)# vpc peer-link
73
The example above is shown on N1. Be sure to complete these tasks on N2 also.
Step 2.5:
On both N1 and N2, associate the port-channel with physical links, as shown. Note the use of
dynamic LAG configuration for the port channel, as recommended by Dell Networking for MLAG
peering.

N1(config-if)# description MLAG-PEER-LINK
The example above is shown on N1. Be sure to complete these task on N2 also.
Step 2.6:
On both N1 and N2, create the port channel facing the MLAG partner device, N3.

N1(config-if-Po2)# vpc 2
N1(config-if-Po2)# no shutdown
The example above is shown on N1. Be sure to complete this step on N2 also.
Step 2.7:
On both N1 and N2, associate the partner-facing port-channel with physical links.

N1(config-if-Te1/0/4)# channel-group 2 mode active
The example above is shown on N1. Be sure to complete this step on N2 also. Note that the
interface on N2 facing the partner device, N3, is Te 1/0/5 (different from the example shown
above for N1).
Step 2.8:
On both N1 and N2, enable MLAG globally.
74

N1(config)# feature vpc
The example above is shown on N1. Be sure to complete this step on N2 also.
Step 2.9:
On N3, the downstream MLAG partner device, create the dynamic port channel to the upstream
devices as shown.

N3(config-if)# exit
Step 2.10:
On N1, issue the show vpc brief command and observe the output.
N1# show vpc brief

VPC domain ID........................................... 1
VPC admin status....................................... Enabled
Keep-alive admin status........................... Enabled
VPC operational status............................. Enabled
Self role........................................................ Primary
Peer role....................................................... Secondary
Peer detection admin status.................... Peer detected, VPC Operational
Peer-Link details
----------------Interface..................................................... Po1
Peer-link admin status............................ Enabled
Peer-link STP admin status..................... Disabled
Configured VLANs..................................... 1,3
Egress tagged VLANs................................. 3
75
VPC Details
----------Number of VPCs configured...................... 1
Number of VPCs operational..................... 1
VPC id# 2
----------Interface.......................................................... Po2
Configured VLANs........................................ 1,3
VPC interface state....................................... Active
Local Members
Status
----------------- -----Te1/0/4
Up
Peer Members
Using the Status
output above, verify operational consistency with the configuration of your VPC
domain.
--------------------Te1/0/5
Up
Step 2.11:
On N3, examine the status and details of the LAG to the two upstream switches. Recall that from
the perspective of this device, N3, it is unaware that the LAG connects to two different physical
devices.

Channel
------Po2
Ports
---------------------Active: Gi1/0/4, Gi1/0/5
Ch-Type
-------Dynamic
Hash Type
--------7
Min-links
--------1

76
Lab 6: OSPFv2 Configuration and Verification

Lab Description:
This lab guides you through configuration and verification of the Open Shortest Path First (OSPFv2) routing
protocol.
There are 3 parts to the lab, including:
Configuration and verification of OSPF on Dell S-series switches.

Configuration and verification of OSPF on Dell N-series switches.
Integration/interoperability OSPF configuration and verification between S-series and N-series
switches.
S-series
Configuration
& Verification
S1
S2
S3
S-series / N-series
Interoperability
Configuration and
Verification
N1
N2
N-series
Configuration
& Verification
N3
N4
Purpose:
By completing this lab, you will perform the following tasks:

1. Configure basic single-area OSPF on switches.
2. Influence the election of Designated Routers.
3. Configure static routes on selected switches, and redistribute them into OSPF.
4. Verify proper OSPF operation with various show commands.
When to Use:
This lab includes configuration and verification of a basic single-area OSPF network
with steps that are commonly used when deploying OSPF as an interior gateway
dynamic routing protocol.
Three Dell Networking S-series switches (DNOS v9.7) and four Dell Networking Nseries switches (DNOS v6.2)
Equipment:
77
Exercise 1: Pre-Lab Checklist

Step 1.1:
On all seven switches, issue the command show running-config to view the current
configuration and verify that all configuration parameters exist that should- those that
establish IP connectivity between switches.
Step 1.2:
Before configuring a new dynamic routing protocol for your network, ensure that you have full
IP connectivity throughout your network. Referring to the topology diagram, you should be
able to ping across all directly connected links to neighboring switches and should see all
directly connected networks and the loopback address for the switch you are on by examining
the routing table with the show ip route command. For switches N3 and N4, you should be
able to ping the PC from the switch on the Ethernet segment where the PC resides. If you do
not have full IP connectivity throughout your network and cannot see the directly connected
links and loopback address in the routing table of each switch, do not continue with this lab
until you have resolved connectivity issues.
Lab Note
The topology diagram for the entire seven switch network is provided.
You will use this single view of your network topology to complete the tasks in this lab. This simulates real
world network implementation using topology diagrams.
The topology diagram shows switch hostnames, the physical interfaces connecting the switches (the
cabling), the addresses assigned to cabled interfaces (on S-series) and on VLANs (on N-series), the
addresses assigned to loopback interfaces, the OSPF area, and networks that you will redistribute into OSPF
(shown in purple). Shown also are the PCs connected to N3 and N4.
78
STATION NETWORK TOPOLOGY DIAGRAM

144.254.1.0/24
OSPF Area 0
Lo0
192.168.19.1/32
FortyGigE 0/20
S1
.1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
144.254.2.0/24
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
144.254.3.0/24
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
.13
Te 0/46
Te 0/47 .17
Te 0/47
19 VLAN
2.1
68 103
.1.
12
/30
5
10 /30
0
AN
VL 8.1.2
6
1
.
2
19
Te 1/1/3
Lo0
192.168.19.4/32
VLAN 106
192.168.1.28/30
.34 Gi 1/0/4
.18
Te 1/0/5
Lo0
192.168.19.5/32
Te 1/0/7
.30
Te 1/0/5
.41
N2
Te 1/0/4 .37
.33 Te 1/0/4
VLAN 107
192.168.1.32/30
Te 1/1/3
Te 1/1/4
Te 1/0/7
.29
.45
VLAN 104
192.168.1.16/30
.14
.22
Te 1/1/4
N1
S3
.21
VLAN 102
192.168.1.8/30
.10
Te 0/46
19 VLAN
2.1
68 110
.1.
44
/30
9
10 /30
0
AN
VL 8.1.4
.16
2
19
.42
VLAN 108
192.168.1.36/30
Gi 1/0/4
.38
.46
Gi 1/0/5
Gi 1/0/5
Lo0
192.168.19.6/32
Lo0
192.168.19.7/32
N3
.1
N4
Gig1/0/2
Gig1/0/1
PC3
VLAN 12
192.168.12.0/24
.1
PC4
.10
.20
VLAN 10
192.168.10.0/24
ping
79
Exercise 2: OSPF Configuration and Verification on S-series Switches

For this exercise, configure your switches in the following order:
1. First, configure S3
2. Second, configure S2
3. Third, configure S1
Configure S1
LAST
S1
Configure S2
SECOND
Configure S3
FIRST
S2
S3
Lab Note
The order for configuring your three S-series switches is being specified to ensure that we observe the
default process by which OSPF will elect Designated Routers (DRs). As mentioned in the theory portion of
this module, there are rules governing which device is elected as the DR. However, because DR election is
considered non-deterministic - without preemption, the order in which devices join the OSPF process (and
which device sends the initial HELLO message) can result in a device becoming a DR, which appears to be
contrary to the defined election process.
In this exercise, we will observe S3 being elected as the DR on both of the network segments it is directly
attached to (adjacencies with S1 and S2). S1 will initially have the Backup Designated Router (BDR) role on
both of its directly connected links (to S2 and S3), but we will configure S1 to assume the role of DR on
those two links, causing a change in the election roles determined by the default process.
Complete Steps 2.1 through 2.5 on S1, S2 and S3. Complete all five steps first on S3 before beginning them
on S2; and, complete them on S2 before beginning them on S1.
Step 2.1:
Enter the ROUTER OSPF CONFIGURATION mode specifying a process-id of 1.
80

Step 2.2:
Configure the router-id using the same four octets of the switchs loopback address as the
router-id. (S3 = 192.168.19.3; S2 = 192.168.19.2; S1 = 192.168.19.1)
Step 2.3:
Referring to your network topology diagram, use the network command to have your
loopback address participate in the OSPF process and be advertised by OSPF. Use a prefix of
/32, since this is a host address. Specify area 0 as the area-id.
Step 2.4:
Referring to your network topology diagram, use the network command to have BOTH of the
directly connected links to the other two S-series switches participate in the OSPF process
with their subnets advertised by OSPF. Specify SUBNETS (not interface addresses) of directly
connected links. Note that the prefix length of these subnets is /30. Specify area 0 as the areaid.
An EXAMPLE of performing steps 2.1 through 2.4 is shown below on S3.
S3(conf)# router ospf 1

S3(conf-router_ospf-1)# router-id 192.168.19.3
Changing router-id will bring down existing OSPF
adjacency [y/n]: y
S3(conf-router_ospf-1)# network 192.168.19.3/32 area 0
Loopback Interface
Directly Connected
Networks
Step 2.5:
Verify your configuration:
S3(conf-router_ospf-1)# show config

!
router ospf 1
router-id 192.168.19.3
network 192.168.19.3/32 area 0
network 192.168.1.4/30 area 0
network 192.168.1.24/30 area 0
Confirm that you have configured Steps 2.1 through 2.5 on S1, S2 and S3 before you continue.
81
Step 2.6:
Verification of formed adjacencies. On switch S1, using the show ip ospf neighbor command,
verify that you have a FULL adjacency established with the other two S-series switches. You
should see the router-id of the other two switches (which is the same as their loopback
address, since you have configured them to match). You should also see the local interface
that connects your switch directly to the neighbor and the neighbors interface address on the
connecting network.
The EXAMPLE below is shown on S1. The addresses on S1 switches in other stations will vary.
S1# show ip ospf neighbor

Neighbor ID Pri
192.168.19.2 1
State
FULL/DR
Dead Time
00:00:39
192.168.19.3
FULL/DR
00:00:36
Step 2.7:
Address
Interface Area
192.168.1.2 Fo 0/20 0
192.168.1.6
Fo 0/28 0
Now compare the output of the show ip ospf neighbor command on all three switches,
focusing on the role of the neighbor DR vs. BDR roles.
Issue the show ip ospf neighbor command on S1, S2 and S3. Output from the show ip ospf
neighbor command on these devices is shown below. Note the roles of the different switches
for the adjacencies they have formed.
The output from the show ip ospf neighbor command on the three switches and the diagram
are examples from Station 1, however except for the subnet addresses, the examples will
appear the same for all stations.
82

Lo0 192.168.19.1/32
Router-id
192.168.19.1
BDR
.1
BDR
FortyGigE 0/28
.5
19
2.
16
8.
1.
FortyGigE 0/60
DR
30
4/
1.
8.
16
2.
19
0/
30
FortyGigE 0/20
S1
.2
DR
.6
.25
S2
FortyGigE 0/60
192.168.1.24/30
FortyGigE 0/48
.26
FortyGigE 0/48
BDR
DR
Router-id
192.168.19.2
Lo0 192.168.19.2/32
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32

Neighbor ID Pri
State
192.168.19.2 1
FULL/DR
192.168.19.3 1
FULL/DR
Dead Time
00:00:39
00:00:36
Address
Interface Area
192.168.1.2 Fo 0/20 0
192.168.1.6 Fo 0/28 0

Neighbor ID Pri
State
192.168.19.1 1
FULL/BDR
192.168.19.3 1
FULL/DR
Dead Time
00:00:32
00:00:39
Address
Interface Area
192.168.1.1 Fo 0/60 0
192.168.1.26 Fo 0/48 0

Neighbor ID Pri
State
192.168.19.1 1
FULL/BDR
192.168.19.2 1
FULL/BDR
Dead Time
00:00:32
00:00:32
Address
Interface Area
192.168.1.5 Fo 0/60 0
192.168.1.25 Fo 0/48 0
83
Learning Check
From your knowledge of OSPF and our discussion of the OSPF DR/BDR election process, do the roles of
the switches correspond with what you would expect them to be?
Recall that with no priorities set to influence DR/BDR election, all switches will have a priority of 1 (as can
be seen in the output of the show ip ospf neighbor command in the Pri column).
With all switches having the same priority setting, other factors will be used to determine the DR/BDR on a
LAN segment, namely: the highest router-id, the highest loopback interface address, or the address on a
physical interface that is up (examined in that order).
We have configured the router-id to match the loopback addresses on our switches. With all priorities
equal, S3 is the DR on adjacencies with S1 and S2 due to its higher router-id.
Likewise, S1 is not elected as the DR on either of its adjacencies because it has the lowest router -id in both
cases.
Step 2.8:
Influencing DR election with a priority setting. In this step, you will configure a priority to
have S1 now become the DR for its adjacency with S3.
Use the ip ospf priority command, applied to S1s interface connecting it to S3, and set a
priority of 150.
The example configuration and verification below is shown on S1.
S1(conf-if-fo-0/28)# ip ospf priority 150

S1(conf-if-fo-0/28)# show config
!
ip address 192.168.1.5/30
ip ospf priority 150
no shutdown
84

Step 2.9:
To have S1 assume the role of DR on the Ethernet segment between S1 and S3, S3 must be
reloaded. Be sure to save the running configuration on S3 before the reload.
S3# copy running-config startup-config

File with same name already exist.
Proceed to copy the file [confirm yes/no]: y
!
5014 bytes successfully copied
06:38:08: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config in flash by
default
S3#
S3# reload
Proceed with reload [confirm yes/no]:y
Note: We are reloading this switch to simulate failure of the device in a lab environment. IN
A PRODUCTION NETWORK, NEVER RELOAD A SWITCH UNLESS ABSOLUTELY NECESSARY
AND WITHOUT INFORMING ALL WHO MIGHT BE IMPACTED IF SERVICE DISRUPTION WILL
OCCUR!
Step 2.10:
After S3 has had time to fully reload and complete the DR election process (be patient), issue
the show ip ospf neighbor command on S3 and S1 and notice the change (compare the
output with what you observed in Step 2.7). You can see that from S3s perspective, S1 (routerid 192.168.19.1) is now the DR.

Neighbor ID Pri
State
192.168.19.1 150 FULL/DR
192.168.19.2 1
FULL/BDR
Dead Time
00:00:37
00:00:37
Address
Interface Area
192.168.1.5 Fo 0/60 0
192.168.1.25 Fo 0/48 0

Neighbor ID Pri
State
192.168.19.2 1
FULL/DR
192.168.19.3 1
FULL/BDR
Dead Time
00:00:33
00:00:33
Address
Interface Area
192.168.1.2 Fo 0/20 0
192.168.1.6 Fo 0/28 0
85
Learning Check
Q: Why was it necessary to reload S3 to have S1 assume role as DR?
A: Because the OSPF DR election process is non-preemptive, meaning that simply changing settings will
not trigger a new election. Even if a device that was previously the DR comes back on line with a higher
priority than the device with the DR role, no preemption will occur.
Step 2.11:
Using the show ip ospf database command, view the OSPF Link State Database (LSDB) and
verify that you have three Router (Type 1) LSAs (one for each switch configured so far) and
three Network (Type 2) LSAs (one for each of the Ethernet segments connecting the three
switches).
The EXAMPLE below is shown on S1 in Station 1. Output on other switches will vary.
S1# show ip ospf database

OSPF Router with ID (192.168.19.1) (Process ID 1)
Router (Area 0)
Link ID
192.168.19.1
192.168.19.2
192.168.19.3
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
Age
121
122
122
Seq#
0x80000012
0x80000011
0x8000000e
Checksum
0x3fb3
0x05c1
0xd5e8
Age
Seq#
1746 0x8000000a
126 0x80000001
127 0x8000000b
Checksum
0x73f9
0x73ff
0x92be
Link count
3
3
3
Network (Area 0)
Link ID
192.168.1.2
192.168.1.5
192.168.1.26
Step 2.12:
ADV Router
192.168.19.2
192.168.19.1
192.168.19.3
Examine the routing table on each of your three S-series switches to verify the existence of
routes learned by OSPF. At this point, when you view the routing table on a particular switch,
you should see the network between the other two switches (not directly connected to the
switch on which you are viewing the routing table) and the loopback addresses of the other
two switches.
86

The EXAMPLE below is shown on S1. Output on other switches will vary.
S1# show ip route

Codes: C - connected, S - static, R - RIP,
B - BGP, IN - internal BGP, EX - external BGP, LO - Locally Originated,
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1,
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default,
> - non-active route, + - summary route
Gateway of last resort is not set
Destination
----------C 192.168.1.0/30
C 192.168.1.4/30
O 192.168.1.24/30
C
O
O
192.168.19.1/32
192.168.19.2/32
192.168.19.3/32
Step 2.13:
Gateway
------Direct, Fo 0/20
Direct, Fo 0/28
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
via 127.0.0.1, Lo 0
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
Dist/Metric Last Change

--------------------0/0
2w1d
0/0
1w6d
110/2 00:03:18
0/0
110/1
110/1
2w1d
00:06:20
00:03:18
Issue the command show ip protocols to verify OSPF is running, that the switch has the
proper Router ID, that the area assignment (area 0) is correct, and that OSPF is routing for the
networks you specified with the network command.
EXAMPLE shown below is on S1.
S1# show ip protocols

Routing Protocol is "ospf 1"
Router ID is 192.168.19.1
It is Flooding according to RFC 2328
Area
Routing for Networks
0
192.168.1.0/30
0
192.168.1.4/30
0
192.168.19.1/32
Step 2.14:
In Step 2.5, you examined the OSPF database and viewed Router (Type 1) LSAs and Network
(Type 2 LSAs). In this step, we will configure and redistribute static routes into OSPF. This will
result in non-native OSPF routes now being advertised via OSPF. They will be seen in the OSPF
database as AS External (Type 5) LSAs.
87
Refer to your network topology diagram and/or the table below, and create a static route for
the network on each of your S-series switches. These routes are shown next to each switch in
purple on the topology diagram (Step 1.2).
After you have created the ONE static route on each switch (as specified in the table below),
redistribute this route into OSPF. Do this for each switch, but configure and redistribute ONLY
the ONE network shown next to the switch (do NOT configure all three static routes on each
switch.
Switch
S1
S2
S3
Route to redistribute into

OSPF
144.254.1.0/24
144.254.2.0/24
144.254.3.0/24
EXAMPLE shown below is on S1.
S1(conf)# ip route 144.254.1.0/24 null 0

S1(conf-router_ospf-1)# redistribute static
You should now have ONE static route configured and redistributed into OSPF on each of
your three S-series switches.
Step 2.15:
Examine the OSPF database to verify that you now have Type 5 AS External LSAs in your
database in addition to the Router and Network LSAs that were already present. There should
be one Type 5 for each of the routes you redistributed into OSPF in the previous step for a
total of three. The ADV Router column will verify which of the three switches injected which
route into OSPF.
88
EXAMPLE shown below is on S1 in Station 1.

Router (Area 0)
Link ID
192.168.19.1
192.168.19.2
192.168.19.3
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
Age
273
170
110
Seq#
0x8000000b
0x8000000a
0x8000000b
Checksum
0x53a4
0x19b2
0xe1dd
Age
Seq#
1101 0x80000007
1102 0x80000007
1098 0x80000007
Checksum
0x79f6
0x6706
0x9aba
Link count
3
3
3
Network (Area 0)
Link ID
192.168.1.2
192.168.1.5
192.168.1.26
ADV Router
192.168.19.2
192.168.19.1
192.168.19.3
Type-5 AS External
Link ID
144.254.1.0
144.254.2.0
144.254.3.0
Step 2.16:
ADV Router
Age
Seq#
192.168.19.1
274 0x80000001
192.168.19.2
171 0x80000001
192.168.19.3
111 0x80000001
Checksum
0xbdf2
0xac02
0x9b11
Tag
0
0
0
As you did in Step 2.13, issue the command show ip protocols.

Note the difference in the output seen now, compared with the last time you issued this
command.
89
EXAMPLE shown is on S1 in Station 1.
S1# show ip protocols

Routing Protocol is "ospf 1"
Router ID is 192.168.19.1
It is an Autonomous System Boundary Router
It is Flooding according to RFC 2328
Area
Routing for Networks
0
192.168.1.0/30
0
192.168.1.4/30
0
192.168.19.1/32
Learning Check
Why does the output of the show ip protocols command now indicate that the switch is an ASBR
(Autonomous System Boundary Router)?
Although the name might imply that an ASBR is a switch/router is connected to another autonomous
system (separate routing domain), any switch/router that redistributes non-native OSPF routes into OSPF
becomes an ASBR.
In this case, because S1, S2 and S3 have static routes redistributed into OSPF, they have become ASBRs.
Step 2.17:
Examine the routing table again. In addition to the routes you saw when you examined the
routing table in Step 2.6, you should now see the three routes you redistributed into OSPF.
For the switch you are issuing the command on, the route redistributed into OSPF should be
shown as a static route (code S), but the static route redistributed into OSPF on the other two
switches should be shown as learned via OSPF (code O).
The two redistributed routes learned via OSPF should also be shown as being OSPF external
routes, type 5 (code E2).
90

EXAMPLE shown is on S1.
S1# show ip route

Codes: C - connected, S - static, R - RIP,
B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated,
> - non-active route, + - summary route
S
O
O
C
C
O
Destination
----------144.254.1.0/24
E2 144.254.2.0/24
E2 144.254.3.0/24
192.168.1.0/30
192.168.1.4/30
192.168.1.24/30
C
O
O
192.168.19.1/32
192.168.19.2/32
192.168.19.3/32
Gateway
------Direct, Nu 0
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
Direct, Fo 0/20
Direct, Fo 0/28
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
via 127.0.0.1, Lo 0
via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28

--------------------0/0
00:11:17
110/20
00:09:13
110/20
00:08:14
0/0
03:25:31
0/0
03:25:32
110/2
03:24:37
0/0
110/1
110/1
03:26:49
03:24:37
03:24:37
Before you continue with Exercise 3, refer to your topology diagram and be sure that you can see
the following in the routing table on each of your S-series switches:
All directly connected links (code C).

Your static route (code S)
Two static routes redistirbuted into OSPF and therefore learned as OSPF routes on
the switch viewed (code O learned via OSPF, and code E2 external (type 2) routes
(non-OSPF routes redistributed into OSPF).
Non-directly connected routes/networks learned via OSPF - connections between
other switches that are not directly connected to switch (code O).
91
Exercise 3: OSPF Configuration and Verification on N-series Switches
Complete Steps 3.1 through 3.5 on your four N-series switches.

Step 3.1:
Enable ip routing globally on the switches.

Example on N2:
N2(config)# ip routing
Step 3.2:
Access ROUTER OSPF CONFIGURATION mode on your switches. (Note that on N-series
switches, no OSPF process-id is required to enter this mode (but is required on S-series).
Step 3.3:
Configure the router-id on the switch using the same four octets of the switchs loopback
address as the router-id (N1 = 192.168.19.4; N2 = 192.168.19.5; N3 = 192.168.19.6; and N4 =
192.168.19.7).
Step 3.4:
Referring to your network topology diagram, use the network command to have the switchs
loopback address participate in the OSPF process and be advertised by OSPF. Use a wildcard
mask of 0.0.0.0, since this is a host address. Specify area 0 as the area-id.
Step 3.5:
Although OSPF is enabled globally by default, configure OSPF for particular interfaces and
identify which area the interface is associated with. Referring to your network topology
diagram, use the ip ospf area command to configure your VLAN interfaces for OSPF. Again,
the area-id is 0. COMPLETE THIS STEP FOR LINKS CONNECTED TO OTHER N-SERIES. (For
N1 and N2 there are three links to other N-series switches, and for N3 and N4 there are two
links to other N-series switches.) ALSO COMPLETE THIS STEP FOR VLAN INTERFACES ON N3
(VLAN 12) AND N4 (VLAN 10) FOR THE SEGMENTS WHERE THE PCs RESIDE.
92

An EXAMPLE configuration for steps 3.2 through 3.5 is shown below on N2.
N2(config)# router ospf

N2(config-router)# router-id 192.168.19.5
N2(config-router)# network 192.168.19.5 0.0.0.0 area 0
N2(config-router)# exit
N2(config)# interface vlan 106
N2(config-if-vlan106)# ip ospf area 0
N2(config-if-vlan106)# interface vlan 108
Step 3.6:
As you did with your S-series switches, verify adjacencies (OSPF connections to neighbors)
with the show ip ospf neighbor command.
When you have configured all four N-series switches, you should see FULL state adjacencies
with the other three N-series switches if you are viewing neighbors on N1 or N2. If you are
viewing neighbors on N3 or N4, you should see two OSPF neighbors.
Learning Check
How can you change which switch on an Ethernet segment is elected as the DR/BDR if you want to
change the results of the default election?
As with S-series, you can change the priority on an interface basis, but with N-series, the priority setting will
be applied to a VLAN interface.
For example:
N1(config-if-vlan106)# ip ospf priority 150
93
If you do not see a FULL neighbor relationship with the other three N-series switches on N1
and N2 and with the two switches connected to N3 and N4 (with neighbors identified by their
Router ID) do not continue until you have identified and solved the issue(s).
Step 3.7:
Examine the OSPF database on each of your N-series switches. All should contain the same
information. Since you have configured four N-series switches to be in Area 0, there should
be four Router LSAs, and since there are five Ethernet networks connecting these four
switches, there should be five Network LSAs.
An EXAMPLE is shown for N1:
N1# show ip ospf database

Router Link States (Area 0.0.0.0)
Link Id
--------------192.168.19.4
192.168.19.5
192.168.19.6
192.168.19.7
Adv Router
Age
--------------- ----192.168.19.4 978
192.168.19.5 834
192.168.19.6 984
192.168.19.7 458
Sequence
-------8000000e
8000000d
8000000b
8000000a
Chksm
----1be8
e818
f25b
d06b
Network Link States (Area 0.0.0.0)

Link Id
1
--------------192.168.1.29
192.168.1.33
192.168.1.37
192.168.1.41
192.168.1.45
Adv Router
Age
--------------- ----192.168.19.4 995
192.168.19.4 456
192.168.19.5 835
192.168.19.5 475
192.168.19.4 696
Sequence
-------80000003
80000003
80000003
80000003
80000003
Chksm
----aea2
94b7
7ec6
48f9
2a15
Note: What you actually view should show the four switches (by router-id) with Router LSAs.
The specific output of the Network LSAs, however, will differ depending on which switches
have been elected as the DR. What is important here is that you see FIVE Network LSAs for
the five networks that exists between all of your N-series switches.
94
Step 3.8:
Examine the routing table on your N1 switch. An example output from N1 in station 1 is shown
here. If you are examining the routing table on N1 in another station, the output will be similar
but specifics will vary.
Look for the following routes:
Networks learned via OSPF OSPF networks connecting other switches that N1 is not
directly connected to (code O). There
Directly connected routes networks connected directly to N2, N3 and N4 (code C).
Loopback addresses of N2, N3 and N4 learned via OSPF (code O).
N1s own loopback address directly connected (code C).
Ethernet segments connected to N3 and N4 to which PCs are connected learned via
OSPF (code O).
N1# show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S U - Unnumbered Peer, L - Leaked Route
* Indicates the best (lowest metric) route for the subnet.
No default gateway is configured.
O
*192.168.1.12/30 [110/20] via 192.168.1.30, Vl106
O
*192.168.1.16/30 [110/20] via 192.168.1.30, Vl106
C
*192.168.1.28/30 [0/1] directly connected, Vl106
C
O
*192.168.1.36/30 [110/20] via 192.168.1.30, Vl106
via 192.168.1.46, Vl110
O
*192.168.1.40/30 [110/20] via 192.168.1.30, Vl106
via 192.168.1.34, Vl107
C
O
*192.168.10.0/24 [110/20] via 192.168.1.46, Vl110
O
*192.168.12.0/24 [110/20] via 192.168.1.34, Vl107
C
*192.168.19.4/32 [0/1] directly connected, Lo0
O
*192.168.19.5/32 [110/11] via 192.168.1.30, Vl106
O
*192.168.19.6/32 [110/11] via 192.168.1.34, Vl107
O
*192.168.19.7/32 [110/11] via 192.168.1.46, Vl110
95
Exercise 4: OSPF Interoperability Configuration and Verification Between N -series and S-series
Switches
Step 4.1:
Using the knowledge and skills you have acquired in this module, configure operational OSPF
on S2 and S3 for the links that are connected to N1 and N2. You can scroll up to look at
configuration examples in exercise 2, or look at the running configuration on your S-series
switches for examples.
Step 4.2:
Using the knowledge and skills you have acquired in this module, configure operational OSPF
on N1 and N2 for the links that are connected to S2 and S3. You can scroll up to look at
configuration examples in exercise 3, or look at the running configuration on your N-series
switches for examples.
Step 4.3:
Verify that your new adjacencies (neighbor relationships) have been formed.
Step 4.4:
View the Link State Database on S1 (although you should see the same information on any
switch in your network).
Look for the following output:
You should see first a Router (Type 1) LSA for each switch in your area for a total of
seven.
You should see below that a Network (Type 2) LSA for every Ethernet segment in your
area for a total of twelve.
Below that, you should see an AS External (Type 5) LSA for the static routes
redistributed into OSPF by your S-series switches for a total of three.
96
An EXAMPLE view of the LSDB on S1 is shown.

Router (Area 0)
Link ID
192.168.19.1
192.168.19.2
192.168.19.3
192.168.19.4
192.168.19.5
192.168.19.6
192.168.19.7
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
192.168.19.4
192.168.19.5
192.168.19.6
192.168.19.7
Age
281
23
217
29
374
1760
1079
Seq#
Checksum
0x8000003b 0xf2d4
0x8000003f 0xdfbe
0x8000003f 0xc5ad
0x80000054 0xe9d3
0x8000004e 0x912e
0x80000033 0x5c38
0x8000002a 0x0587
Age
1110
1111
29
434
254
221
1106
1455
921
59
1820
418
Seq#
Checksum
0x80000037 0x1927
0x80000037 0x0736
0x80000001 0x4722
0x80000003 0x1f42
0x80000002 0x0756
0x80000001 0xdc7f
0x80000037 0x3aea
0x80000006 0x94b7
0x80000007 0x6ed6
0x80000007 0x58e5
0x80000006 0x2e0f
0x80000007 0xf93d
Link count
3
5
5
6
6
4
4
Network (Area 0)
Link ID
ADV Router
192.168.1.2
192.168.19.2
192.168.1.5
192.168.19.1
192.168.1.10 192.168.19.4
192.168.1.14 192.168.19.5
192.168.1.18 192.168.19.5
192.168.1.22 192.168.19.4
192.168.1.26 192.168.19.3
192.168.1.30 192.168.19.5
192.168.1.34 192.168.19.6
192.168.1.38 192.168.19.7
192.168.1.42 192.168.19.6
192.168.1.46 192.168.19.7
Type-5 AS External
Link ID
144.254.1.0
144.254.2.0
144.254.3.0
ADV Router
192.168.19.1
192.168.19.2
192.168.19.3
Age
285
181
122
Seq#
Checksum
0x80000031 0x5d23
0x80000031 0x4c32
0x80000031 0x3b41
97
Tag
0
0
0
144.254.1.0/24
OSPF Area 0
Lo0
192.168.19.1/32
FortyGigE 0/20
S1
.1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
144.254.2.0/24
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
144.254.3.0/24
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
Te 0/46
.13
Te 0/47 .17
5
10 /30
0
AN
VL 8.1.2
.16
2
19
Te 1/1/3
19 VLAN
2.1
68 103
.1.
12
/30
Lo0
192.168.19.4/32
Te 1/1/3
.18
Te 1/1/4
Te 1/0/7
.29
.45
VLAN 104
192.168.1.16/30
.14
.22
Te 1/1/4
N1
S3
.21
Te 0/47
VLAN 102
192.168.1.8/30
.10
Te 0/46
VLAN 106
192.168.1.28/30
Te 1/0/5
Lo0
192.168.19.5/32
Te 1/0/7
.30
Te 1/0/5
.41
Make sure that all networks are

reflected in the routing table.
N2
Te 1/0/4 .37
.33 Te 1/0/4
VLAN 107
192.168.1.32/30
9
10 /30
0
AN
VL 8.1.4
6
1
.
2
19
.34 Gi 1/0/4
19 VLAN
2.1
68 110
.1.
44
/30
.42
VLAN 108
192.168.1.36/30
Gi 1/0/4 .38
.46
Gi 1/0/5
Gi 1/0/5
Lo0
192.168.19.6/32
Lo0
192.168.19.7/32
N3
.1
N4
Gig1/0/2
Gig1/0/1
PC3
VLAN 12
192.168.12.0/24
Step 4.5:
Refer to the topology diagram and

compare it to the content of the
routing table on S1 in the following
step.
.10
.1
PC4
.20
VLAN 10
192.168.10.0/24
Examine the routing table on your S1 switch. An example output from S1 is displayed. Look for
the following routes (which are color-coded to correspond with the following descriptions):
The static route you configured and redistributed into OSPF (code S).
The static route configured on other S-series switches that were redistributed into
OSPF, and are therefore considered external routes (code E2). There should be two.
Directly connected routes OSPF networks connected directly to S2 and S3 (code

C). There should be two.
Networks learned via OSPF OSPF networks connecting other switches that S1 is
not directly connected to (code O). There should be ten.
Ethernet segments connected to N3 and N4 to which PCs are connected learned

via OSPF (code O). There should be two.
98
S1s own loopback address directly connected (code C). There should be one.
Loopback addresses of all other switches learned via OSPF (code O). There should
be six.
S1# show ip route

Destination
Gateway
----------------S
144.254.1.0/24 Direct, Nu 0
O E2 144.254.2.0/24 via 192.168.1.2, Fo 0/20
O E2 144.254.3.0/24 via 192.168.1.6, Fo 0/28
C
192.168.1.0/30 Direct, Fo 0/20
C
192.168.1.4/30 Direct, Fo 0/28
O
192.168.1.8/30 via 192.168.1.2, Fo 0/20
O
192.168.1.12/30 via 192.168.1.2, Fo 0/20
O
192.168.1.16/30 via 192.168.1.6, Fo 0/28
O
192.168.1.20/30 via 192.168.1.6, Fo 0/28
O
192.168.1.24/30 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.1.28/30 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.1.32/30 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.1.36/30 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.1.40/30 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.1.44/30 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.10.0/24 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.12.0/24 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
C
192.168.19.1/32 via 127.0.0.1, Lo 0
O
192.168.19.2/32 via 192.168.1.2, Fo 0/20
O
192.168.19.3/32 via 192.168.1.6, Fo 0/28
O
192.168.19.4/32 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.19.5/32 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.19.6/32 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
O
192.168.19.7/32 via 192.168.1.2, Fo 0/20
via 192.168.1.6, Fo 0/28
99
Step 4.6:
Verify that each switch in your network has a FULL view of the entire seven switch network.
Step 4.7:
As a final check, from S1 ping the PCs connected to N3 and N4 across the OSPF network.
The EXAMPLE shows S1 pinging the PCs .
S1# ping 192.168.12.10

!!!!!
S1# ping 192.168.10.20
!!!!!
S1#
Add default gateway on PC3 and PC4

sudo route add default gw 192.168.10.1 dev eth0
sudo route add default gw 192.168.12.1 dev eth0
Step 4.8:
Show your instructor the routing table on your S1 switch to confirm that S1 has a FULL view of
your network.
If you do not see the expected output when viewing the LSDB and routing table discover the
issues and resolve them.
Step 4.9:
Issue the command copy running-config startup-config on each of your seven switches.
YOU WILL USE THIS CONFIGUATION AS IS FOR THE NEXT LAB.

100
Lab 7: Policy-based Routing (PBR)

Lab Descriptions:
This lab guides you through configuration and verification of PBR on Dell Networking switches.
There are two primary parts to the lab, including:
Configuration and verification of PBR on a Dell S-series switch.

Configuration and verification of PBR on a Dell N-series switch.
Purpose:
When to Use:
Equipment:

1. Configure policy-based routing on Dell Networking switches to modify the
default behavior of a routing protocol, OSPF. Traffic will be redirected onto
alternative paths that would not normally be selected as the best path
determined by the Dijkstra algorithm used by OSPF.
2. Verify that access-lists and route-maps are properly configured.
3. In accordance with the applied policy-based routing, verify that traffic between
a source and destination follows a different path from the OSPF-determined
path.
The tasks completed in this lab demonstrate processes to follow when the desire is to
redirect traffic onto alternative paths that differ from the path that would be determined
by a dynamic routing protocol. This is a process that overrides the behavior of the
routing protocol(s) used in a network. Modification of routing protocol decisions (which,
in effect, define default routing policy on a network) may be used for such things as
traffic steering, traffic isolation, load sharing, etc.
Select switches from the previously configured OSPF network will be used for both
Exercises in this lab to create topologies necessary to demonstrate policy-based
routing. However, the actual PBR configuration will be done on one Dell S-series switch
(DNOS v9.7) for Exercise 1, and on one Dell N-series switch (DNOS v6.2) for Exercise 2.
101
Exercise 1: Configuration and Verification PBR on an S-series Switch

Step 1.1:
Examine the diagram below to become familiar with the topology for this exercise. Policybased routing will be configured on S2 to redirect traffic onto a new path that differs from the
OSPF-determined best path. Refer to this diagram as needed as you work through this
exercise.
PBR Topology for Exercise 1

Lo0
192.168.19.1/32
FortyGigE 0/20
.1
S1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
S3
Te 0/47
VLAN 102
192.168.1.8/30
.10
Te 1/1/3
Lo0
192.168.19.4/32
N1
OSPF-determined path from N3 to S1
.33 Te 1/0/4
Redirected path from N3 to S1

configured with Policy-based Routing
VLAN 107
192.168.1.32/30
.34 Gi 1/0/4
Lo0
192.168.19.6/32
N3
OSPF Area 0
102
Step 1.2:
To have active links only for the ones shown in the topology diagrams, above, for this exercise,
shut down the following interfaces on N1 and N3:
On N1, shut down interfaces: Te 1/0/5, Te 1/0/7, and Te 1/1/4
N1(config)# interface range tengigabitethernet 1/0/5,te1/0/7,te1/1/4

On N3, shut down interface Gi 1/0/5

N3(config-if-Gi1/0/5)# shutdown
Step 1.3:
On S2 (the switch where policy-based routing will be configured), issue the show cam-acl
command to ensure that there are CAM resources allocated on S2 to support PBR.
Default CAM allocation does not dedicate blocks to PBR, as can be shown here on S2 which
has the default settings
S2# show cam-acl

-- Chassis Cam ACL -Current Settings(in block sizes)
1 block = 128 entries
L2Acl
:
6
Ipv4Acl
:
4
Ipv6Acl
:
0
Ipv4Qos
:
2
L2Qos
:
1
L2PT
:
0
IpMacAcl
:
0
VmanQos
:
0
VmanDualQos
:
0
EcfmAcl
:
0
FcoeAcl
:
0
iscsiOptAcl
:
0
ipv4pbr
:
0
vrfv4Acl
:
0
Openflow
:
0
fedgovacl
:
0
nlbclusteracl
:
0
Step 1.4:
If there are no CAM resources dedicated for ipv4pbr when you issue the show cam-acl
command on S2, reduce the L2Acl resource allocation (default 6 blocks) to 4 blocks, and
allocate 2 blocks for ipv4pbr.
103
S2(conf)# cam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos
0 ecfmacl 0 ipv4pbr 2
Step 1.5:
If you found it necessary to allocate ipv4pbr resources as described above on S2, following
the command issued in the previous step, you will need to copy the running configuration to
the startup configuration and reboot the switch. Do this only if you needed to allocate ipv4pbr
CAM resources.
Step
1.6 copy running-config startup-config
S2(conf)#
S2(conf)# reload
Step 1.6:
If you found it necessary to allocate ipv4pbr resources as described above, following the
switch reload, verify that there are now ipv4pbr CAM resources allocated.
S2# show cam-acl

-- Chassis Cam ACL -Current Settings(in block sizes)
1 block = 128 entries
L2Acl
:
4
Ipv4Acl
:
4
Ipv6Acl
:
0
Ipv4Qos
:
2
L2Qos
:
1
--- partial output omitted --ipv4pbr
vrfv4Acl
Openflow
fedgovacl
nlbclusteracl
Step 1.7:
:
:
:
:
:
2
0
0
0
0
On N3, verify that S1s loopback address (192.168.19.1) is present in the routing table, derived
by OSPF.
N3# show ip route

--- output abbreviated ---Route
Codes:
O - OSPF
Dell
- Restricted
- Confidential
O
Derived
104
*192.168.19.1/32 [110/21] via 192.168.1.33, Vl107

Step 1.8:
On N3, verify that you can ping S1s loopback address.
N3# ping 192.168.19.1

Reply
Reply
Reply
Reply
From 192.168.19.1: icmp_seq =

From 192.168.19.1: icmp_seq =
From 192.168.19.1: icmp_seq =
From 192.168.19.1: icmp_seq =
Step 1.9:
0. time=
1. time=
2. time=
3. time=
1324 usec.
836 usec.
871 usec.
792 usec.
On N3, using the traceroute command, verify that packets from N3 to S1 take the most
optimal path (N3-> N1-> S2-> S1) in accordance with OSPF default operations/policy. The
example output below is from N3.
N3# traceroute 192.168.19.1

Traceroute to 192.168.19.1 ,30 hops max 0 byte packets:
1
2
3
4
192.168.1.33
192.168.1.9
0.0.0.0
0.0.0.0
<1 ms <1 ms
<1 ms <1 ms
*
*
*
*
*
<1 ms
<1 ms
Hop Count = 4
Step 1.10:
On S2, create a redirect-list to redirect traffic from the OSPF-defined path to now reach S1 via
path N3->N1->S2->S3->S1. This new path, compared to the path seen in Step 1.9 includes S3.
The example shown here is for the redirect-list on S2. See the table beneath the example
configuration to understand what the different addresses represent.
The redirect-list is named Green to represent the green-colored path in the topology
diagram.
S2(conf)# ip redirect-list Green

S2(conf-redirect-list)# description ROUTE N3 TRAFFIC OVER PATH GREEN
S2(conf-redirect-list)# redirect 192.168.1.26 ip 192.168.1.32/30 host 192.168.19.1
S2(conf-redirect-list)# permit ip any any
105
Device
S2
Forwarding Switchs
Address (on S3)
192.168.1.26
Source Address /
Network
192.168.1.32/30
Destination Host
192.168.19.1
Note, the second sequence statement of the redirect-list allows for traffic from any source to
any destination not defined in the first sequence statement.
Step 1.11:
On S2, with the ip redirect-group command, apply the redirect-list to Te 0/47 (the interface
connected to N1, though which traffic from 192.168.1.32/30 will flow).

S2(conf-if-te-0/47)# ip redirect-group Green
Step 1.12:
On S2, verify the creation of your redirect-list and that it has been applied to interface Te0/47.
S2# show ip redirect-list

IP redirect-list Green:
Defined as:
seq 5 redirect 192.168.1.26 ip 192.168.1.32/30 host 192.168.19.1, Next -hop reachable
(via Fo 0/48)
seq 10 permit ip any any
Applied interfaces:
Te 0/47
Step 1.13:
Now that S2 has been configured to redirect traffic from the network connecting N3 to N1,
trace the route from N3 to S1s loopback address to see that traffic now flows over the policybased path you have defined and not the OSPF-determined best path.
You should see that S3 is now in the path, with traffic being redirected to S3s 192.168.1.26
address.
The example is shown on N3 in Station 1.

Exercise
2: Configuration
and
1 192.168.1.33
<1 ms
2 192.168.1.9
<1 ms
3 192.168.1.26
<1 ms
4 0.0.0.0
*
*
5 0.0.0.0
*
*
Verification
<1 ms <1 PRB
ms on an N-series Switch
<1 ms <1 ms
<1 ms <1 ms
*
106

Step 1.14:
On S2, delete the ip redirect-list Green.
S2(conf)# no ip redirect-list Green
Step 1.15:
On S2, issue the command show ip redirect-list again. Notice that although you have deleted
the redirect-list in the previous step, it still appears that the redirect-list is applied to Te 0/47.
This allows for ease of management in case you should want to redefine the specifics of the
redirect-list without having to again assign it to a particular interface.
S2# show ip redirect-list

IP redirect-list Green:
Defined as:
None
Applied interfaces:
Te 0/47
Step 1.16:
On S2, since we do not want to redefine the redirect-list, remove it from the Te 0/47 interface.

S2(conf-if-te-0/47)# no ip redirect-group Green
Now, you should see no redirect-list if you issue the show ip redirect-list command.
Step 1.17:
On N3, trace the route to S1s loopback address to verify that the path taken is now the OSPF determined best path (N3-> N1-> S2-> S1).
N3#traceroute 192.168.19.1
1
2
3
4
192.168.1.33
<1 ms <1 ms <1 ms
192.168.1.9
<1 ms <1 ms <1 ms
0.0.0.0
*
*
*
0.0.0.0
*
*
107
Exercise 2: Configuration and Verification PBR on an N-series Switch

Step 2.1:
Examine the diagram below to become familiar with the topology for this exercise.
Policy-based routing will be configured on N1 to redirect traffic onto a new path that differs
from the OSPF-determined best path. Refer to the topology diagram as needed as you work
through this exercise.
108
PBR Topology for Exercise 2
Lo0
192.168.19.1/32
FortyGigE 0/20
.1
S1
.5
FortyGigE 0/28
19
2. 1
68
.1.
0/
30
30
4/
1.
8.
16
2.
19
.2
FortyGigE 0/60
Lo0
192.168.19.2/32
FortyGigE 0/60
.6
Lo0
192.168.19.3/32
FortyGigE 0/48
FortyGigE 0/48
.25
.26
192.168.1.24/30
S2
.9
Te 0/46
Te 0/47 .17
Te 0/47
VLAN 102
192.168.1.8/30
.10
S3
.21
VLAN 104
192.168.1.16/30
5
10 30
AN 1.20/
L
V 8.
6
2.1
19
Te 1/1/3
Te 1/1/3
.18
.22
Te 1/1/4
Lo0
192.168.19.4/32
Te 1/0/7
.29
VLAN 106
192.168.1.28/30
Lo0
192.168.19.5/32
Te 1/0/7
.30
N1
N2
.33 Te 1/0/4
OSPF-determined path from N3

to S1 (two equal-cost paths)
VLAN 107
192.168.1.32/30
.34 Gi 1/0/4
Redirected path from N3 to S1

configured with Policy-based
Routing
Lo0
192.168.19.6/32
N3
OSPF Area 0
Step 2.2:
On N1, to have active links only for the ones shown in the topology diagrams above, for this
exercise, bring up Te 1/0/7 and Te 1/1/4 (that were shut down in Exercise 1).
Leave Te 1/0/5 shutdown.
109
N1(config)# interface range tengigabitethernet 1/0/7,te1/1/4

On N2, shut down Te 1/1/4 (connected to S2).

N2(config-if-Te1/1/4)# shutdown
Step 2.3:
On N3, verify that S1s loopback address (192.168.19.1/32) is present in the routing table,
derived by OSPF.
N3# show ip route

--- output abbreviated --Route Codes: O - OSPF Derived,
No default gateway is configured.
O
*192.168.1.0/30 [110/21] via 192.168.1.33, Vl107
O
*192.168.1.4/30 [110/21] via 192.168.1.33, Vl107
O
*192.168.1.8/30 [110/20] via 192.168.1.33, Vl107
O
*192.168.1.16/30 [110/21] via 192.168.1.33, Vl107
O
*192.168.1.20/30 [110/20] via 192.168.1.33, Vl107
O
*192.168.1.24/30 [110/21] via 192.168.1.33, Vl107
O
*192.168.1.28/30 [110/20] via 192.168.1.33, Vl107
C
C
O
*192.168.19.1/32 [110/21] via 192.168.1.33, Vl107
O
*192.168.19.2/32 [110/20] via 192.168.1.33, Vl107
O
*192.168.19.3/32 [110/20] via 192.168.1.33, Vl107
O
*192.168.19.4/32 [110/11] via 192.168.1.33, Vl107
--More-- or (q)uit
Step 2.4:
On N3, using the traceroute command, verify that the paths taken to reach S1 are the most
optimal routes as determined by traditional routing in this case, by OSPF.
Note that there are two equal-cost paths, via S2 (192.168.1.9) and S3 (192.168.1.21), so you
may get one or both paths indicated, depending on how many times you issue the command.
110

1
2
3
4
192.168.1.33
<1 ms <1 ms
192.168.1.9
<1 ms <1 ms
0.0.0.0
*
*
*
0.0.0.0
*
*
<1 ms
<1 ms
Hop Count = 4 Last TTL = 4 Test attempt = 11 Test Success = 6

1
2
3
4
192.168.1.33
<1 ms
192.168.1.21
<1 ms
0.0.0.0
*
*
0.0.0.0
*
*
<1 ms
<1 ms
*
<1 ms
<1 ms
Hop Count = 4 Last TTL = 4 Test attempt = 11 Test Success = 6

Step 2.5:
On N1, create an access-list named TRAFFIC_TO_S1 to create a filter that matches any traffic
destined for S1s loopback address, 192.168.19.1/32. Note the use of a wildcard mask (0.0.0.0)
for S1s loopback host address which has a mask of /32 = 255.255.255.255.
N1(config)# ip access-list TRAFFIC_TO_S1

N1(config-ip-acl)# permit ip any 192.168.19.1 0.0.0.0
Step 2.6:
On N1, create a route-map named REDIRECT_TRAFFIC to define the action to take for traffic
matching the source traffic (any) and destination (192.168.19.1) specified in the access-list you
created in Step 2.5. The action specified for matching traffic is to have it redirected to reach S1
via N2 across VLAN 106, by indicating the next-hop address - the interface address of N2 on
the link.
Refer to the topology diagram and/or the following table for addressing and VLAN specifics for
the different stations, for this step and for Step 2.7.
111
Device
N1
Next-hop address
(on N2)
192.168.1.30
VLAN Interface to
apply route-map to
107
N1(config)# route-map REDIRECT_TRAFFIC

N1(route-map)# match ip address TRAFFIC_TO_S1
N1(route-map)# set ip next-hop 192.168.1.30
Step 2.7:
On N1, apply the route-map to the VLAN connected to N3 (VLAN 107).

N1(config-if-vlan107)# ip policy route-map REDIRECT_TRAFFIC
Step 2.8:
On N1, verify the creation of the access-list you configured in Step 2.5
You can simply verify that the access-list exists with the show ip access-lists command, or
complete the command indicating the name of the access-list to see the specifics of the
rule(s) defined.
N1# show ip access-lists

Current number of ACLs: 1 Maximum number of ACLs: 100
ACL Name
Rules
Interface(s)
Direction
------------------------------- ----- ------------------------- --------TRAFFIC_TO_S1
1
N1# show ip access-lists TRAFFIC_TO_S1
IP ACL Name: TRAFFIC_TO_S1
Rule Number: 1
Action......................................... permit
Match All...................................... FALSE
Protocol....................................... 255(ip)
Source IP Address............................ any
Destination IP Address.......................192.168.19.1
Destination IP Mask.......................... 0.0.0.0
112

Step 2.9:
On N1, use the show route-map command to verify the existence of the route-map you
configured and to see the details of the MATCH and SET clauses that define the filter and
actions for matching traffic for your route-map.
N1# show route-map

route-map "REDIRECT_TRAFFIC" permit 10
Match clauses:
ip address (access-lists) : TRAFFIC_TO_S1
Set clauses:
ip next-hop 192.168.1.30
Policy routed: 0 packets, 0 bytes
Step 2.10:
On N1, issue the show ip policy command to verify that the route-map has been applied to
the VLAN connecting N1 to N3.
N1# show ip policy

Interface
--------Vl107
Step 2.11:
Route-Map
----------------------------------------REDIRECT_TRAFFIC
Now that you have used policy-based routing to configure traffic steering on a path different
from the path OSPF would determine to forward traffic between N3 and S1s loopback
address, verify that your policy-redirected path is working properly. Trace the path of traffic
from N3 to S1s loopback address (192.168.19.1).

1 192.168.1.33
<1 ms
2 192.168.1.33
3 192.168.1.30
4 192.168.1.17
5 0.0.0.0
*
6 0.0.0.0
*
<1 ms [192.168.1.30
] reports: <1 ms [192 .168.1.30
<1 ms [192.168.1.30 ] reports: <1 ms

<1 ms <1 ms <1 ms
<1 ms <1 ms <1 ms
*
*
*
<1 ms
You should now see the path N3 -> N1 -> N2 (192.168.1.30) -> S3 -> S1.
113
] reports:
Step 2.12:
To now return to normal OSPF-determined forwarding, remove the route-map on N1. This
will also delete the route-map from the VLAN interface you applied it to.
N1(config)# no route-map REDIRECT_TRAFFIC
Step 2.13:
Although it is not applied, for good management and having a clean configuration that does
not confuse someone who may be troubleshooting the system, remove the ip-access list
configured in Step 2.5 from N1.
N1(config)# no ip access-list TRAFFIC_TO_S1
Step 2.14:
Restore the network to full IP connectivity and an OSPF network that allows all switches in
your network to have routes to all other switches, either via direct connections or via OSPF.
On N1, N2 and N3, bring up the shutdown interfaces shown below.


N3(config-if-Gi1/0/5)# no shutdown
Step 2.15:
To verify proper restoration of normal OSPF routing in the network, on S1, issue the show ip
route command and ensure that you can see all twelve networks connecting all switches in
the network in the routing table. Also ensure that all seven switches loopback addresses are
present.

114
Lab 8: Virtual Router Redundancy Protocol (VRRP)

Lab Description:
This lab guides you through configuration and verification of VRRP and related failover mecha nisms.
There are 2 parts to the lab, including:
Configuration and verification of VRRP with Dell S-series switches forming the VRRP group,
performing VRRP Master and Backup gateway roles.
Configuration and verification of VRRP with Dell N-series switches forming the VRRP group,
performing VRRP Master and Backup gateway roles.
Purpose:
When to Use:
Equipment:

1. Create a topology where the VRRP Master switch, VRRP Backup Switch and
downstream switch (with no VRRP role) share a common subnet.
2. Create a VRRP group with two physical switches/gateways and a virtual gateway
sharing common IP and MAC addresses used to facilitate transparent failover in
the event of failure of an acting gateway.
3. Determine which of the two physical switches will initially perform the role of
the Master gateway by configuring a priority on the device.
4. Test failover of an acting Master gateway to the Backup gateway when the
original Master device fails.
5. Test failover of an acting Master gateway to the Backup gateway when the
interface connecting the original Master gateway to the simulated Internet (or
enterprise internetwork backbone) fails.
This lab includes configuration and verification of basic switch parameters that are
commonly used when configuring VRRP and related failover mechanisms.
For Exercise 1, two Dell Networking S-series switches (DNOS v9.7) and one Dell
Networking N-series switches (DNOS v6.2) are used. For Exercise 2, three Dell
Networking N-series switches are used.
115
Knowledge Review and Lab Note

VRRP groups with MASTER and BACKUP gateways will be
created. In the event of failure of the acting MASTER
gateway, the Backup gateway will take over the role as
MASTER.
This failover process happens without downstream hosts
being aware that a change in physical gateways has
occurred. This is because downstream hosts (represented by
the PC in the diagram to the right) are configured with the
address of a VIRTUAL gateway an address that does not
change when physical gateways change.
For this lab, the previously configured OSPF network will be
used to simulate connections to the global Internet or an
enterprise internet backbone.
116
INTERNET
MASTER
PHYSICAL
GATEWAY
BACKUP
PHYSICAL
GATEWAY
VIRTUAL
GATEWAY

Exercise 1: VRRP with S-series VRRP Group
Step 1.1:
Examine the generic topology diagram below to become familiar with the devices you will
configure in this step - the ones within the green rectangle, your S2, S3 and N1 switches. Your
S2 switch will be configured to be the VRRP MASTER gateway, and your S3 switch will be the
BACKUP gateway. All three switches will be members of a common IP subnet on the links
shown below in blue. Switch N1 represents the switch to which hosts would normally be
connected to - and reaching the Internet via the MASTER gateway.
S1 will simulate the global Internet or an enterprises internet. This simulation uses the OSPF
network you have already configured. Testing reachability to the Internet will be done by
pinging S1s loopback address (192.168.19.1).
INTERNET
FortyGigE 0/20
S1
FortyGigE 0/28
FortyGigE 0/60
MASTER
PHYSICAL
GATEWAY
FortyGigE 0/60
S2
S3
VIRTUAL
GATEWAY
Te 0/45
Te 1/1/1
Te 1/1/2
N1
Te 0/45
117
BACKUP
PHYSICAL
GATEWAY
Step 1.2:
Now that you are familiar the generic topology used in this lab, examine the detailed topology
to become familiar with specific addressing and VLAN assignment (for N1) you will use for this
exercise.
VRRP Topology Exercise 1

INTERNET
Lo0
192.168.19.1/32
S1
.1
.5
FortyGigE 0/60
FortyGigE 0/28
30
4/
1.
8.
16
2.
19
19
2.1
68
.1.
0/
30
FortyGigE 0/20
.2
MASTER
PHYSICAL
GATEWAY
Priority
150
.6
S2
S3
VIRTUAL
GATEWAY
192.168.101.111 /24
Te 0/45
192.168.101.1 /24
VLAN 111
Te 0/45
VLAN 111
Te 1/1/1
Te 1/1/2
N1
118
BACKUP
PHYSICAL
GATEWAY
Priority
100
192.168.101.2 /24
192.168.101.3 /24
FortyGigE 0/60
Step 1.3:
Examine the routing table on S2 and S3 to verify that S1s loopback address (192.168.19.1) is
present and learned via OSPF. This address will simulate connectivity to the Internet. We will
be pinging this address in this exercise to verify connectivity to the Internet. Ping the address
from S2 and S3.
If you cannot ping 192.168.19.1 from S2 and S3, troubleshoot the issue before you continue to
the next step.
Step 1.4:
Referring to the topology diagram, configure S2, S3 and N1 to be hosts on the same subnet.
NOTE THAT YOU WILL BE ADDING LINKS IN THIS LAB NOT PREVIOUSLY CONFIGURED AND
USED IN EARLIER LABS.
As done in earlier labs, addresses will be assigned to physical interfaces on the S-series
switches, and to the VLAN interface on N1. Refer, if necessary, to previous labs if a refresher is
needed on configuring switch interfaces.
Two physical interfaces will be assigned to one VLAN on N1 (this is different from what we
have configured in previous labs where we have had only one physical interface assigned to
each VLAN). An example configuration is provided showing this done, below.
Device Configuration Specifics

Device
S2
S3
N1
VLAN Interface
111
Physical Interface(s)
Te 0/45
Te 0/45
Te 1/1/1
Te 1/1/2
119
IP Address
192.168.101.1/24
192.168.101.2/24
192.168.101.3/24
Following is an EXAMPLE partial configuration on N1:
N1# show running-config

--- output abbreviated --interface vlan 111
ip address 192.168.101.3 255.255.255.0
exit
interface Te1/1/1
spanning-tree disable
switchport access vlan 111
exit
!
interface Te1/1/2
exit
!
Note that spanning tree has been disabled on N1s physical interfaces.
Step 1.5:
Verify connectivity on the links you have just configured by pinging the addresses you have
assigned to S2, S3 and N1.
Ping S2 from N1
Ping S3 from N1
Ping S3 from S2
Step 1.6:
Create VRRP group 1:

Configure S2 and S3 to be members of VRRP group 1. You will configure the interfaces
on S2 and S3 that connect S2, S3 and N1 in a common subnet (from the previous
step). For both S2 and S3 the interface is Te 0/45.
Configure S2 and S3 with the address of the VIRTUAL gateway.
Configure S2 to be the MASTER by setting a priority of 150 (S3 will have the default
value of 100, which does not need to be configured).
Use the virtual-address 192.168.101.111.
The configuration for S2 in Station 1 is shown here:

S2(conf-if-te-0/45)# vrrp-group 1
S2(conf-if-te-0/45-vrid-1)# virtual-address 192.168.101.111
S2(conf-if-te-0/45-vrid-1)# priority 150
120
Step 1.7:
Verify your configuration on S2 and S3 for Te 0/45.
S2(conf-if-te-0/45)# show config

!
ip address 192.168.101.1/24
!
vrrp-group 1
priority 150
virtual-address 192.168.101.111
no shutdown
Step 1.8:
Note that the priority

setting should be
configured ONLY on S2,
so there will be no
priority parameter
displayed for this output
on S3.
Issue the show vrrp command on S2.
S2# show vrrp

-----------------TenGigabitEthernet 0/45, IPv4 VRID: 1, Version: 2, Net: 192.168.101.1
VRF: 0 default
State: Master, Priority: 150, Master: 192.168.101.1 (local)
Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec
Adv rcvd: 6, Bad pkts rcvd: 0, Adv sent: 388, Gratuitous ARP sent: 1
Virtual MAC address:
00:00:5e:00:01:01
Virtual IP address:
192.168.101.111
Authentication: (none)
Note that S2 is the Master gateway, because it has a priority higher than S3s priority (which has
the default priority of 100). With this command, you can also verify the physical interface
address, the virtual IP address, and that they are in the same subnet.
Notice also that preemption is enabled by default (Preempt: TRUE). This means that if a
MASTER gateway fails and the BACKUP gateway takes over when the original MASTER
gateway comes back online, it will resume the role as MASTER.
121
Step 1.9:
S3# show vrrp

VRF: 0 default
State: Backup, Priority: 100, Master: 192.168.101.1
00:00:5e:00:01:01
Virtual IP address:
192.168.101.111
Note that S3 is the Backup gateway, because it has a priority less than S2s priority. Although
you did not configure a priority on S3, it has a priority of 100 because that is the default value.
Notice also that in addition to sharing a virtual IP address (which you had to configure), both
gateways also share a virtual MAC address (which you do not have to configure).
Step 1.10:
Issue the show vrrp brief command on S2 and S3. This command provides yet another way to
verify proper VRRP specifics.
S2# show vrrp brief

Interface Group Pri
Pre
State
Master addr
Virtual addr(s)
------------------------------------------------------------------------------------------------Te 0/45 IPv4 1 150
Y
Master
192.168.101.1 192.168.101.111
Step 1.11:
As mentioned, for this exercise, pinging the loopback address of switch S1 will simulate
connectivity to the Internet or an enterprises internetwork (common destinations that
gateways help us to reach). S1s loopback address is 192.168.19.1.
Because you currently have an operational OSPF network, you can ping 192.168.19.1.
However, you would be using OSPF links already configured on your switches.
In order to simulate N1 being able to reach the Internet via our VRRP Master gateway (S2)
using the newly configured subnet shared by S2, N1, and S3, we need to create an
environment that allows us to demonstrate using our VRRP gateway over this subnet to reach
192.168.19.1 (instead of OSPF connections on N1).
122

To temporarily disable OSPF functionality on N1s interfaces for this exercise, you will issue the
shutdown command on N1s OSPF interfaces. These interfaces are: Te 1/1/3, Te 1/1/4, Te
1/0/4, Te 1/0/5, and Te 1/0/7. So you do not have to shut each interface down separately, use
the interface range command to shut down multiple interfaces at the same time, as shown
below.

Step 1.12
Also shut down S2s FortyGigE 0/48 interface (the connection to S3). It is not needed for this
lab. This diagram does not indicate a physical connection between S2 and S3.
S2
S3
VIRTUAL
GATEWAY
Step 1.12:
On N1, create a default route (a static route to any destination) using the virtual address of
vrrp-group 1 as the default gateway address.
N1(config)# ip route 0.0.0.0 0.0.0.0 192.168.101.111

Step 1.13:
On N1, view the routing table. Verify that the Default Gateway is the address of your virtual
address for your VRRP group. Also notice the presence of the subnet that N1 shares with S2
and S3.
N1# show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S U - Unnumbered Peer, L - Leaked Route
Default Gateway is 192.168.101.111
S
*0.0.0.0/0 [1/0] via 192.168.101.111, Vl111
C
*192.168.19.4/32 [0/1] directly connected, Lo0
C
123
Step1.14:
On S2 and S3, issue the command redistribute connected to have S2 and S3 advertise the
VRRP group subnet beyond the gateway. Although no routing protocol is used within our
VRRP group, this will allow reachability to the simulated Internet for N1 beyond the gateway.
S2#conf
S2(conf-router_ospf-1)# redistribute connected
Be sure that you have completed this step on both S2 and S3!
Step 1.15:
From N1, verify that you can ping the simulated Internet address 192.168.19.1.
N1# ping 192.168.19.1

Reply
Reply
Reply
Reply
From 192.168.19.1: icmp_seq =

From 192.168.19.1: icmp_seq =
From 192.168.19.1: icmp_seq =
From 192.168.19.1: icmp_seq =
Step 1.16:
0. time=
1. time=
2. time=
3. time=
1296 usec.
814 usec.
795 usec.
827 usec.
From N1, use the traceroute command to verify that you are reaching the simulated Internet
via the Master Gateway. You should be reaching 192.168.19.1 via S2s Te 0/45 address.

1 192.168.101.1
<1 ms
<1 ms
<1 ms
-output truncated-
Step 1.17:
You will now cause S2 to fail by reloading it. Because preemption is enabled by default, you
will need to verify failover of the MASTER gateway role to S3 (Step 1.18) before S2 reloads.
Be sure to save the configuration on S2 first, before reloading it!
124
INTERNET
S2# copy running-config startupconfig

File with same name already exist.
Proceed to copy the file [confirm
yes/no]: y
S1
MASTER
PHYSICAL
GATEWAY
S2# reload
Proceed with reload [confirm
S3
BACKUP
PHYSICAL
GATEWAY
VIRTUAL
GATEWAY
yes/no]: y
N1
Step 1.18:
On N1, repeat the traceroute to 192.168.19.1. You should now see that you are reaching the
cloud via S3, which has taken over as the MASTER gateway. You should be reaching
192.168.19.1 via S3s Te 0/45 address.

1
192.168.101.2
<1 ms
- output truncated -
Step 1.19
<1 ms
<1 ms
S3# show vrrp

VRF: 0 default
State: Master, Priority: 100, Master: 192.168.101.2 (local)
00:00:5e:00:01:01
Virtual IP address:
192.168.101.111
You should now see that S3 has assumed the role as MASTER gateway.
125
Continue to view the output from S3 while S2 reloads. When S2 reloads, you will see a
message on S3 that it has reverted to the role of BACKUP gateway.
S3# 2d5h26m: %STKUNIT0-M:CP %VRRP-6-VRRP_BACKUP: IPv4 vrid-1 on Te 0/45 VRF

default entering BACKUP.
Step 1.20:
On S2, issue the command show vrrp to verify that it has resumed the role of MASTER
gateway following its completed reload.
Step 1.21:
You will now configure S2 to track its interface to the simulated Internet. Since the main
purpose for S2 to have the role of MASTER gateway is to allow N1 to reach the Internet, if S2s
connection to the Internet fails, we would like to see S3 take over as the MASTER gateway.
You will track S2s fortyGigE 0/60

interface. The priority cost 60 is used.
This will cause S2s priority to be
reduced by the value of 60 when S2
loses its link to the Internet.
This will leave S2 with a lower VRRP
priority value than S3 and will trigger an
election resulting in S3 assuming the
role of the MASTER gateway.
INTERNET
S1
fortyGigE 0/60
MASTER
PHYSICAL
GATEWAY
S2
S3
VIRTUAL
GATEWAY
N1
126
BACKUP
PHYSICAL
GATEWAY

The configuration and verification for interface tracking on S2 are shown here:
S2(conf-if-te-0/45-vrid-1)# track fortyGigE 0/60 priority-cost 60

S2(conf-if-te-0/45-vrid-1)# show config
!
vrrp-group 1
priority 150
track fortyGigE 0/60 priority-cost 60
virtual-address 192.168.101.111
Step 1.22:
Shut down S2s Internet connection.
S2(conf-if-fo-0/60)#00:37:39: %STKUNIT0-M:CP %IFMGR-5-ASTATE_DN: Changed interface
Admin state to down: Fo 0/60
00:37:40: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Fo
0/60
00:37:42: %STKUNIT0-M:CP %VRRP-6-VRRP_BACKUP: IPv4 vrid-1 on Te 0/45 VRF default
entering BACKUP.
Note from the output that as you shut down S2s connection to the Internet, it enters BACKUP
mode for the VRRP group.
Step 1.23:
Verify that S3 has assumed the role as MASTER gateway by issuing the show vrrp command
on S2 and/or S3.
Verify that N1 is using S3 as the gateway to reach the Internet by issuing a traceroute to
192.168.19.1.
With the remaining steps in Exercise 1, you will restore your network to the configuration
that existed prior to configuring and verifying VRRP with S-series switches forming the
VRRP group.
Step 1.24:
On S2, re-enable interface Fo 0/60 (the connection to S1).

Step 1.25:
On S2, re-enable Fo 0/48 (the connection to S3).

127
Step 1.26:
On both S2 and S3, remove the VRRP group and IP address configuration from the Te 0/45
interface, and shut down the interface.

S2(conf-if-te-0/45)# no vrrp-group 1
S2(conf-if-te-0/45)# no ip address
Step 1.27:
On N1, re-enable interfaces Te 1/1/3, Te 1/1/4, Te 1/0/4, Te 1/0/5, and Te 1/0/7.

Step 1.28:
On N1, delete VLAN 111
N1(config)# no vlan 111

Step 1.29:
On N1, remove the default route to the VRRP groups virtual address.
N1(config)# no ip route 0.0.0.0 0.0.0.0 192.168.101.111
128

Exercise 2: VRRP with N-series VRRP Group
Step 2.1:
Examine the generic topology diagram below to become familiar with the devices you will
configure in this step - the ones within the green rectangle, your N1, N2 and N4 switches. Your
N1 switch will be configured to be the VRRP MASTER gateway, and your N2 switch will be the
BACKUP gateway. All three switches will be members of a common IP subnet on the links
shown below in blue. Switch N4 represents the switch to which hosts would normally be
connected to - and reaching the Internet via the MASTER gateway.
S3 will simulate the global Internet or an enterprises internet. This simulation uses the OSPF
network you have already configured. Testing reachability to the Internet will be done by
pinging S3s loopback address (192.168.19.3).
INTERNET
TE 0/46
S3
TE 0/47
TE 1/1/4
MASTER
PHYSICAL
GATEWAY
Te 1/1/3
N1
N2
VIRTUAL
GATEWAY
Te 1/0/6
Gi 1/0/6
Gi 1/0/3
N4
Te 1/0/3
129
BACKUP
PHYSICAL
GATEWAY
Step 2.2:
Now that you are familiar the generic topology used in this lab, examine the detailed topology
to become familiar with specific addressing and VLAN assignment you will use for this
exercise.
VRRP Topology Exercise 2
INTERNET
Lo0
192.168.19.3/32
S3
Te 0/46
.17
Te 1/1/4
4 0
10 6/3
1
AN .1.
VL 68
1
2.
19
19 V
2. LA
16 N
8. 10
1. 5
20
/3
0
.21
Te 0/47
.22
.18
N1
N2
VIRTUAL
GATEWAY
192.168.121.111 /24
Te 1/0/6
192.168.121.1 /24
192.168.121.2 /24
1
12
AN
VL
192.168.121.3 /24
Gi 1/0/6
Gi 1/0/3
N4
130
BACKUP
PHYSICAL
GATEWAY
Priority
100
Te 1/0/3
VL
AN
12
1
MASTER
PHYSICAL
GATEWAY
Priority
150
Te 1/1/3
Step 2.3:
Examine the routing table on N1 and N2 to verify that S3s loopback address (192.168.19.3) is
present and learned via OSPF. This address will simulate connectivity to the Internet. We will
be pinging this address in this exercise to verify connectivity to the Internet. Ping 192.168.19.3
from N1 and N2.
If you cannot ping 192.168.19.3 from N1 and N2, troubleshoot the issue before you continue
to the next step.
Step 2.4:
Referring to the topology diagram and/or the following table, configure N1, N2 and N4 to be
hosts on the same subnet.
NOTE THAT YOU WILL ADDING LINKS IN THIS LAB NOT PREVIOUSLY CONFIGURED AND
USED IN EARLIER LABS.
As done in earlier labs, addresses will be assigned to the VLAN interface on N1, N2 & N4. Refer,
if necessary, to previous labs if a refresher is needed on configuring switch interfaces.
Two physical interfaces will be assigned to one VLAN on N4 (this is different from what we
have configured in previous labs where we have had only one physical interface assigned to
each VLAN). An example configuration is provided showing this done, below.
Device Configuration Specifics

Device
N1
N2
N4
VLAN Interface
121
121
121
Te 1/0/6
Te 1/0/3
Gi 1/0/3
Gi 1/0/6
IP Address
192.168.121.1/24
192.168.121.2/24
192.168.121.3/24
An EXAMPLE partial configuration on N4 is shown here:

ip address 192.168.121.3 255.255.255.0
exit
interface Gi1/0/3
exit
!
interface Gi1/0/6
exit
!
131
Note that spanning tree has been disabled on N4s physical interfaces.
Step 2.5:
Verify connectivity on the links you have just configured by pinging the addresses you have
assigned to N2, N4 and N1.
Ping N1 from N4
Ping N2 from N4
Ping N2 from N1
Step 2.6:
With the ip vrrp command, enable VRRP globally on N1 and N2 (the two switches that will be
in the VRRP group).
Example shown on N1:
N1(config)# ip vrrp
Step 2.7:
Create VRRP group 1:

Configure N1 and N2 to be members of VRRP group 1 with the command vrrp 1. You
will configure the VLAN interfaces on N1 and N2 that connect N1, N2 and N4 in a
common subnet (from the Step 2.4) with VLAN 121.
Configure N1 and N2 with the address of the VIRTUAL gateway.
Enable the VRRP group with the vrrp mode command.
Configure N1 to be the MASTER by setting a priority of 150 (N2 will have the default
value of 100, which does not need to be configured).
Use the virtual-address 192.168.121.111.
The configuration for N1 is shown here for the tasks listed above:
N1#configure
N1(config-if-vlan121)# vrrp 1
N1(config-if-vlan121)# vrrp 1 ip 192.168.121.111
N1(config-if-vlan121)# vrrp 1 mode
N1(config-if-vlan121)# vrrp 1 priority 150
132
Step 2.8:
Verify your configuration on N1 and N2.

vrrp 1
vrrp 1 mode
vrrp 1 ip 192.168.121.111
vrrp 1 priority 150
Step 2.9:
Note that the priority

setting should be
configured ONLY on N1,
so there will be no
priority parameter
displayed for this output
on N2.
Issue the show vrrp command on N1.
N1# show vrrp

Admin Mode..................................... Enable
Router Checksum Errors......................... 0
Router Version Errors.......................... 0
Router VRID Errors............................. 0
Vlan 121 - Group 1
Primary IP Address............................. 192.168.121.111
VMAC Address................................... 0000.5E00.0101
Authentication Type............................ None
Priority....................................... 150
Configured Priority............................ 150
Advertisement Interval (secs).................. 1
Accept Mode.................................... Disable
Pre-empt Mode.................................. Enable
Pre-empt delay................................. 0
Administrative Mode............................ Enable
State.......................................... Master
Timers Learn mode.............................. Disable
Description....................................
No interfaces are tracked for this vrid and interface combination
No routes are tracked for this vrid and interface combination
Note that VRRP is enabled administratively globally and also for VRRP group 1.
Note that N1 is the Master gateway, because it has a priority higher than N2s priority (which
has the default priority of 100). With this command, you can also verify the VLAN interface
associated with the VRRP group, the Primary IP Address (which is the Virtual Gateway Address
for the group, and the Virtual MAC address associated with the group.
133
Notice also that preemption is enabled by default. This means that if a MASTER gateway fails
and the BACKUP gateway takes over when the original MASTER gateway comes back online,
it will resume the role as MASTER.
Step 2.10:
Issue the show vrrp command on N2.
N2# show vrrp

Vlan 121 - Group 1
VMAC Address................................... 0000.5E00.0101
Priority....................................... 100
Pre-empt delay................................. 0
State.......................................... Backup
Description....................................
No interfaces are tracked for this vrid and interface combination
Note that N2 is the Backup gateway, because it has a priority less than N1s priority. Although
you did not configure a priority on N2, it has a priority of 100 because that is the default value.
Notice also that in addition to sharing a virtual IP address (which you had to configure), both
gateways also share a virtual MAC address (which you dont have to configure).
134
Step 2.11:
Issue the show vrrp brief command on N1 and N2. This command provides yet another way
to verify proper VRRP specifics.
N1# show vrrp brief

Interface
--------Vl121
Grp
--1
Prio
---150
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Master
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Backup
N2# show vrrp brief

Interface
--------Vl121
Grp
--1
Prio
---100
This command also allows you to verify the VLAN interface associated with the VRRP group,
the VRRP priority to determine the Master Gateway of the group, the groups virtual gateway
address, the mode (enabled), and the role of the switch (Master or Backup).
Step 2.12:
As mentioned, for this exercise, pinging the loopback address of switch S3 will simulate
connectivity to the Internet or an enterprises internetwork (common destinations that
gateways help us to reach). S3s loopback address is 192.168.19.3 (for all stations).
Because you currently have an operational OSPF network, you can ping 192.168.19.3.
However, you would be using OSPF links already configured on your switches.
In order to simulate N4 being able to reach the Internet via our VRRP Master gateway (N1)
using the newly configured subnet shared by N1, N2, and N4, we need to create an
environment that allows us to demonstrate using our VRRP gateway over this subnet to reach
192.168.19.3 (instead of OSPF connections to N1).
To temporarily disable OSPF functionality on N4s interfaces for this exercise, you will issue the
shutdown command on N4s Gi 1/0/4 and Gi 1/0/5 interfaces (the ones mapped to OSPFenabled VLANs 108 and 110).
You do not have to shut each interface down separately, use the interface range command to
shut down multiple interfaces at the same time, as shown below.
Note that there is NO spacing used when specifying the range of interfaces (gi1/0/4-5).
N4(config-if)# interface range gi1/0/4-5

135
Step 2.13:
Refer to steps 1.12 through 1.14 from Exercise 1.

Similar to what you did in Step 1.12 for N1, add a default route on N4, using the VRRP group
virtual address (192.168.121.111) as the default gateway.
Similar to what was done in Step 1.13, verify that the default gateway is present in N4s routing
table.
And, similar to what was done in Step 1.14, on N1 and N2, issue the command redistribute
connected under the global OSPF configuration.
Step 2.14:
From N4, verify that you can ping the simulated Internet address 192.168.19.3.
N4# ping 192.168.19.3

Reply
Reply
Reply
Reply
From 192.168.19.3: icmp_seq =

From 192.168.19.3: icmp_seq =
From 192.168.19.3: icmp_seq =
From 192.168.19.3: icmp_seq =
Step 2.15:
0. time=
1. time=
2. time=
3. time=
1274 usec.
837 usec.
772 usec.
776 usec.
From N4, using the traceroute command, verify that you are reaching the simulated Internet
via the Master Gateway. You should be reaching 192.168.19.3 via N1s VLAN 121 address.

1 192.168.121.1
-
<1 ms
<1 ms
<1 ms
output truncated -
Step 2.16:
You will now cause N1 to fail by reloading it. Because preemption is on by default, you will
need to verify failover of the MASTER gateway role to N2 (Step 2.11) before N1 reloads.
Be sure to save the configuration on N1 first, before reloading it!
136

N1# copy running-config startup-config
INTERNET
This operation may take few minutes.

Management interfaces will not be available
during this time.
S3
Te 1/1/4
Are you sure you want to save? (y/n) y
MASTER
PHYSICAL
GATEWAY
Configuration Saved!
N1
N2
BACKUP
PHYSICAL
GATEWAY
VIRTUAL
GATEWAY
N1# reload
Are you sure you want to reload the stack?
(y/n) y
Step 2.17:
N4
On N4, repeat the traceroute to 192.168.19.3. You should now see that you are reaching the
cloud via N2, which has taken over as the MASTER gateway. You should be reaching
192.168.19.3 via N2s VLAN 121 address.

1 192.168.121.2
-
<1 ms
<1 ms
<1 ms
output truncated -
Step 2.18:
Issue the show vrrp brief command on N2.

The EXAMPLE shown is from N2 in Station 1. The virtual gateway IP address will differ for other
stations.
N2# show vrrp brief

Interface
--------Vl121
Grp
--1
Prio
---100
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Master
You should now see that N2 has assumed the role as MASTER gateway. Because preemption is
enabled by default, when N1 reloads it will again assume the role of Master gateway. After N1
137
reloads, you can confirm this default behavior by again issuing the show vrrp brief command
on N2, and you will now see that its state (role) is that of the Backup gateway.
N2# show vrrp brief

Interface
--------Vl121
Grp
--1
Prio
---100
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Backup
Step 2.19:
On N1, issue the command show vrrp brief to verify that it has resumed the role of MASTER
gateway following its completed reload.
Step 2.20:
You will now configure N1 to track its interface to the simulated Internet. Since the main
purpose for N1 to have the role of MASTER gateway is to allow N4 to reach the Internet, if N1s
connection to the Internet fails, we would like to see N2 take over as the MASTER gateway.
Shown below is the configuration for tracking N1s VLAN 105 (its connection to the simulated
Internet / enterprise internetwork). The decrement value is 110. (Recall that with S-series, we
set the priority cost to 60 to accomplish the same thing.) This will cause N1s priority to be
reduced by the value of 110 when N1 loses its link to the Internet. This will leave N1 with a
lower VRRP priority value than N2 and will trigger an election resulting in N2 assuming the role
of the MASTER gateway.
The configuration and verification for interface tracking on N1 are shown here:
N1(config-if-vlan121)# vrrp 1 track interface vlan 105 decrement 110

N1#show running-config | include vrrp
ip vrrp
vrrp 1
vrrp 1 mode
vrrp 1 ip 192.168.121.111
vrrp 1 track interface Vl105 decrement 110
vrrp 1 priority 150
Issue the show vrrp command and verify that interface tracking has been configured and that
the Decrement Priority is 110.
138
N1# show vrrp

Vlan 121 - Group 1
VMAC Address................................... 0000.5E00.0101
Priority....................................... 150
Pre-empt delay................................. 0
State.......................................... Master
Description....................................
Track Interface................................ Vl105
Track Interface State.......................... Up
Track Interface Decrement Priority............. 110
Step 2.21:
Shut down N1s connection to the simulated Internet (S3s loopback address (192.168.19.3).
This is the physical interface mapped to VLAN 105 that we configured interface tracking for in
the previous step. That physical interface is Te 1/1/4 on N1.
139
INTERNET
S3
Te 1/1/4
MASTER
PHYSICAL
GATEWAY
N1(config-if-Te1/1/4)# shutdown
N1
N2
VIRTUAL
GATEWAY
N4
Step 2.22:
Verify that N2 has assumed the role as MASTER gateway by issuing the show vrrp brief
command on N1 and/or N2.
N1(config-if-Te1/1/4)# do show vrrp brief

Interface
--------Vl121
Grp
--1
Prio
---150
IP Address
-------------192.168.121.111
Mode
-----Enable
State
-----------Backup
Verify that N4 is using N2 as the gateway to reach the Internet by issuing a traceroute to
192.168.193.

1 192.168.121.2
-
<1 ms
<1 ms
<1 ms
output truncated -
140
BACKUP
PHYSICAL
GATEWAY

Step 2.23:
On N1, issue the command show vrrp to verify that N1 is now performing the Backup gateway
role. Notice also that the Track Interface State is Down (which triggered the new election
when N1s priority was decremented (reduced) by 110 when the tracked interface failed).
N1# show vrrp

Vlan 121 - Group 1
VMAC Address................................... 0000.5E00.0101
Priority....................................... 40
Pre-empt delay................................. 0
State.......................................... Backup
Description....................................
Track Interface................................ Vl105
Track Interface State.......................... Down
Track Interface Decrement Priority............. 110
With the remaining steps in Exercise 2, you will restore your network to the configuration
that existed prior to configuring and verifying VRRP with N-series switches forming the
VRRP group.
Step 2.24:
Re-enable N1s Te 1/1/4 interface.

If you issue the command show vrrp now on N1, you should see that it is now the Master
gateway once again and that the Track Interface State is now Up.
141
Step 2.25:
On N4, re-enable interfaces Gi 1/0/4 and Gi 1/0/5.
N4(config-if)# interface range gi1/0/4-5

Step 2.26:
On N1 and N2, globally disable VRRP.
N1(config)# no ip vrrp
Step 2.27:
On N1, N2 and N4, delete VLAN 121 (Station 1), VLAN 122 (Station 2), VLAN 123 (Station 3), or
VLAN 124 (Station 4).
N1(config)# no vlan 121
Note: Prior to the next lab, your instructor will load reset files onto your switches that
have only hostnames configured.

142
Lab 9: Border Gateway Protocol (BGP)

Lab Directions:
This lab guides the course participant through basic BGP configuration and verification of proper protocol
operations.
Purpose:
1. Configure IP Connectivity.
2. Configure OSPF as the interior gateway protocol to support iBGP within an
autonomous system (AS).
3. Configure iBGP for intra-area BGP operation.
4. Configure eBGP for inter-area BGP operation.
5. Redistribute routes into BGP
When to Use:
When deploying BGP within and between ASs.
Equipment:
Three Dell Networking S-series switches (DNOS v9.7).
143
Exercise 1: Configure and Verify IP Connectivity

Step 1.1:
exercise.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
.1
S1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
.2
.6
.25
S2
FortyGigE 0/60
FortyGigE 0/48
Router-id
192.168.19.2
Lo0 192.168.19.2/32
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
In this lab, we will use BGP for inter-AS connectivity and route advertisements. Switch S1 is in
AS 64510, and S2 and S3 are in AS 64530. External BGP (eBGP) will be used to allow S2 and S3
to peer with S1 in a remote AS. Within AS 64530, S2 and S3 will be internal BGP (iBGP) peers.
S2 and S3 will also be OSPF neighbors to allow for iBGP loopback-based peering.
Step 1.2:
Configure IP addresses on S1, S2 and S3. Refer to the topology diagram and the table below
for the correct addressing for the interfaces to be configured.
Device
S1
S1
S1
S2
S2
S2
S3
S3
S3
Interface
Loopback 0
FortyGigE 0/20
FortyGigE 0/28
Loopback 0
FortyGigE 0/48
FortyGigE 0/60
Loopback 0
FortyGigE 0/48
FortyGigE 0/60
IP Address
192.168.19.1/32
192.168.1.1/30
192.168.1.5/30
192.168.19.2/32
192.168.1.25/30
192.168.1.2/30
192.168.19.3/32
192.168.1.26/30
192.168.1.6/30
144
Step 1.3:
By examining the running configuration, on S1, S2 and S3, verify that the interfaces you have
configured have the correct IP addresses and that they are enabled (with the no shutdown
command). An example is shown here on S1:

!
ip address 192.168.1.1/30
no shutdown
!
ip address 192.168.1.5/30
no shutdown
S1# show running-config interface loopback 0
!
interface Loopback 0
ip address 192.168.19.1/32
no shutdown
Step 1.4:
Examine the routing table on S1, S2 and S3 to verify that the networks between switches and
loopback addresses appear as directly connected routes as a result of your address
configuration on the three switches. An example is shown here on S2:
S1# show ip route

Codes: C connected
-
output abbreviated-
Destination
Gateway
----------------C 192.168.1.0/30 Direct, Fo 0/20
C 192.168.1.4/30 Direct, Fo 0/28
C
192.168.19.1/32
Dist/Metric
----------0/0
0/0
via 127.0.0.1, Lo 0
0/0
145
Last Change
----------00:07:01
00:02:23
00:12:25
Step 1.5:
Test IP connectivity across the three links in your network. From S1 ping S2 (ping 192.168.1.2)
and S3 (ping 192.168.1.6). From S2 ping S3 (ping 192.168.1.26).
If you cannot successfully ping across these three links, do not continue until you have
resolved the issue that is preventing connectivity.
Lab Note
As will be demonstrated in this lab, configuring BGP is not particularly complicated. Often issues with BGP
are actually related to basic configuration parameters, such as IP connectivity. It is therefore important to
ensure that IP connectivity can be verified before configuring BGP.
146

Exercise 2: Configure and Verify OSPF in AS 64530
Step 2.1:
exercise. OSPF will be configured ONLY between S2 and S3, as indicated by the green line
between them in the diagram.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
S1
.1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
OSPF
.2
.6
.25
S2
Router-id
192.168.19.2
Lo0 192.168.19.2/32
FortyGigE 0/60
FortyGigE 0/48
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
Lab Note
The purpose for configuring OSPF between S2 and S3 in this lab is to allow for loopback-based peering
between the two devices. We will configure Internal BGP (iBGP) with loopback-based peering for
switches within AS 64530.
For External BGP, S2 and S3 will be peering with S1 which in a different AS. Therefore, since we will not
use an interior gateway protocol (OSPF) between ASs, for eBGP we will peer with physical addresses, not
with loopback addresses.
147
Step 2.2:
On S2 and S3, configure and verify functioning OSPF between these two switches (only). Refer
to previous labs where you have configured OSPF if you need a refresher on specific OSPF
configuration requirements.
OSPF configuration and verification for S2:

Changing router-id will bring down existing OSPF adjacency [y/n]: y
S2(conf-router_ospf-1)# do show running-config ospf
!
router ospf 1
router-id 192.168.19.2
network 192.168.19.2/32 area 0
network 192.168.1.24/30 area 0
OSPF configuration and verification for S3:

S3(conf-router_ospf-1)# do show running-config ospf
!
router ospf 1
router-id 192.168.19.3
network 192.168.19.3/32 area 0
network 192.168.1.24/30 area 0
148

Step 2.3:
Verify that S2 and S3 are OSPF neighbors with a FULL adjacency state. The example is shown
on S3:

Neighbor ID Pri
192.168.19.2 1
Step 2.4:
State
FULL/DR
Dead Time
00:00:37
Address
Interface
192.168.1.25 Fo 0/48
Area
0
Examine the routing table on S2 and S3 to verify that each switch has installed the other
switchs Loopback 0, learned via OSPF. The example is shown on S3:
S3# show ip route
-output abbreviatedCodes: C - connected, O OSPF
C
C
O
C
Destination
----------192.168.1.4/30
192.168.1.24/30
192.168.19.2/32
192.168.19.3/32
Gateway
----------------- ----------Direct, Fo 0/60
0/0 00:25:59
Direct, Fo 0/48
0/0 00:26:39
via 192.168.1.25, Fo 0/48
110/1 00:01:31
via 127.0.0.1, Lo 0
0/0 00:27:28
Lab Note
As will be demonstrated in this lab, configuring BGP is not particularly complicated. Often issues with
Internal BGP are actually related to OSPF configuration (or configuration of another IGP used to support
loopback-based connectivity for iBGP peering, such as IS-IS).
It is therefore important to ensure that OSPF is working properly before configuring iBGP in the step to
follow.
149
Exercise 3: Internal BGP (iBGP) Configuration and Verification

Step 3.1:
exercise. Internal BGP will be configured ONLY between S2 and S3, as indicated by the green
line between them in the diagram.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
.1
S1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
.2
.6
.25
S2
FortyGigE 0/48
Router-id
192.168.19.2
Lo0 192.168.19.2/32
Step 3.2:
FortyGigE 0/60
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
Configure S2 and S3 to become iBGP neighbors in AS 64530. The network command

specifies the network between S2 and S3. The neighbor command specifies the neighbors
Loopback 0 address. The remote-as command for iBGP actually specifies the local AS, since
both peers are in the same AS.
Internal BGP configuration for S2 to peer with S3:
S2(conf)# router bgp 64530

S2(conf-router_bgp)# network 192.168.1.24/30
S2(conf-router_bgp)# neighbor 192.168.19.3 remote-as 64530
S2(conf-router_bgp)# neighbor 192.168.19.3 update-source loopback 0
S2(conf-router_bgp)# neighbor 192.168.19.3 no shutdown
150

Internal BGP configuration for S3 to peer with S2:

S3(conf-router_bgp)# neighbor 192.168.19.2 update-source loopback 0
Step 3.3:
On S2 and S3, verify the configuration from the previous step.

Configuration on S2:
S2# show running-config bgp

!
router bgp 64530
network 192.168.1.24/30
neighbor 192.168.19.3 remote-as 64530
neighbor 192.168.19.3 update-source Loopback 0
neighbor 192.168.19.3 no shutdown
Configuration on S3:
S3# show running-config bgp

!
router bgp 64530
network 192.168.1.24/30
neighbor 192.168.19.2 remote-as 64530
neighbor 192.168.19.2 update-source Loopback 0
neighbor 192.168.19.2 no shutdown
151
Step 3.4:
On S2 and S3 issue the show ip bgp neighbors command. Observe the neighbor address and
confirm that it is correct. Notice also the AS number of the neighbor. Although it is listed as
remote AS, the neighbor is in the SAME AS, as indicated by the output internal link, following
the AS number. Confirm that the BGP state is ESTABLISHED.
Output on S2:
S2# show ip bgp neighbors

BGP neighbor is 192.168.19.3, remote AS 64530, internal link
BGP remote router ID 192.168.19.3
BGP state ESTABLISHED, in this state for 00:04:39
-output abbreviated-
Output on S3:
S3# show ip bgp neighbors

BGP neighbor is 192.168.19.2, remote AS 64530, internal link
- output abbreviated -
152

Exercise 4: External BGP (eBGP) Configuration and Verification
Step 4.1:
exercise. External BGP will be configured between S1 and S2, and between S1 and S3, as
indicated by the green lines shown in the diagram.
AS 64510
Router-id
192.168.19.1
Lo0 192.168.19.1/32
.1
S1
FortyGigE 0/28
.5
30
4/
1.
8.
16
2.
19
19
2.
16
8.
1.
0/
30
FortyGigE 0/20
eBGP
FortyGigE 0/60
eBGP
.2
.6
.25
S2
FortyGigE 0/48
Router-id
192.168.19.2
Lo0 192.168.19.2/32
Step 4.2:
FortyGigE 0/60
192.168.1.24/30
iBGP
.26
FortyGigE 0/48
OSPF Area 0
AS 64530
S3
Router-id
192.168.19.3
Lo0 192.168.19.3/32
Configure S2 and S3 as External BGP peers with S1. Note that now the remote-AS number will
in fact be different since S1 is in a different AS AS 64510. The network command specifies
the networks between S2 and S1 and between S3 and S1. The neighbor command specifies
the PHYSICAL addresses used for peering with S1.
EBGP Configuration for S2 to peer with S1:

153
EBGP Configuration for S3 to peer with S1:

Step 4.3:
Configure S1 as an External BGP peer with S2 and S3. Again, note that switches are peering
with PHYSICAL addresses for eBGP.
Since S2 and S3 have already been configured, notice that as you complete the eBGP
configuration on S1 to peer with S2 and S3, you will see the adjacency state changed to UP.

S1(conf-router_bgp)# 01:47:51: %STKUNIT0-M:CP %BGP-5-ADJCHANGE:
VRF default Neighbor 192.168.1.2 Up
S1(conf-router_bgp)# 01:48:29: %STKUNIT0-M:CP %BGP-5-ADJCHANGE:
VRF default Neighbor 192.168.1.6 Up
Step 4.4:
On all three switches, issue the command show ip bgp neighbors and observe the output.
Notice that S1 has two neighbors (S2 and S3) in other ASs, and therefore each neighbor will be
shown as an external link. S2 and S3 will both have one internal link (to each other) and one
external link (to S1). Again, be sure that the BGP state is ESTABLISHED.
154

S1 output to verify eBGP neighbors:
S1(conf-router_bgp)# do show ip bgp neighbors

BGP neighbor is 192.168.1.2, remote AS 64530, external link
- output truncated
BGP neighbor is 192.168.1.6, remote AS 64530, external link

-output truncated Step 4.5:
On all three switches, issue the show ip bpg summary command.

In the example below, the output on S2 shows S3 (192.168.19.3) as an Internal BGP neighbor,
with the same AS number as the local AS number. Notice that the peer address is S3s Loopback
0 address.
Likewise, the output shows S1 (192.168.1.1) as an External BGP neighbor, with a different AS
number than the local AS number. Notice that the peer address is S1s physical address on the
link between S2 and S1.
S2# show ip bgp summary

BGP router identifier 192.168.19.2, local AS number 64530
-output abbreviated
Neighbor
AS
192.168.1.1
64510
192.168.19.3
64530
155
Step 4.6:
On all three switches, issue the show ip route bgp command to see routes learned via BGP. In
all three cases, the network shown will be the one the switch is not directly connected to.
On S1, network 192.168.1.24/30 is learned via External BGP (B EX), advertised by S2 (192.168.1.2).
On S2, network 192.168.1.4/30 is learned via Internal BGP (B IN), advertised by S3 (192.168.19.3).
On S3, network 192.168.1.0/30 is learned via Internal BGP (B IN), advertised by S2 (192.168.19.2).
Step 4.7:
Device
S1
S2
S3
Refer to the table and configure the one static route indicated, and then redistribute the route
with the command redistribute static into BGP.
Static route to redistribute into BGP

144.254.31.0/24
144.254.32.0/24
144.254.33.0/24

S1(conf-router_bgp)# redistribute static
156
Step 4.8:
On all three switches, issue the show ip route bgp command. On each switch, you should see
the routes redistributed into BGP in the previous step, in addition to the destinations you saw in
the routing table in Step 4.6. You will not see the static route for the switch you are on advertised
via BGP due to the lower administrative distance for static routes compared with BGP learned
routes.
S1# show ip route bgp

Destination
Gateway
-----------
-------
B EX 144.254.32.0/24
via 192.168.1.2
B EX 144.254.33.0/24
via 192.168.1.6
B EX 192.168.1.24/30
via 192.168.1.2
Destination
Gateway
-----------
-------
B EX 144.254.31.0/24
via 192.168.1.1
B IN 144.254.33.0/24
via 192.168.19.3
B IN 192.168.1.4/30
via 192.168.19.3
Destination
Gateway
-----------
-------
B EX 144.254.31.0/24
via 192.168.1.5
B IN 144.254.32.0/24
via 192.168.19.2
B IN 192.168.1.0/30
via 192.168.19.2

157
Lab 10: IPv6 & OSPFv3

Lab Directions:
This lab guides you through configuration and verification of OSPFv3 on Dell Networking switches.
Configuration and verification of IPv6 addressing on both Dell S-series switches and Dell N-series
switches.
Configuration and verification of an OSPFv3 single-area network on both Dell S-series switches and
Dell N-series switches.
Purpose:

1. Configure IPv6 addresses on switches and a PC.
2. Verify IPv6 connectivity between switches, and between the PC and its
connected switch.
3. Configure OSPFv3 on switches.
4. Verify the operation of the OSPFv3 network using various commands to
examine the IPv6 routing table and OSPFv3 link state data base (LSDB).
When to Use:
This lab includes configuration and verification of basic switch parameters that are
commonly used to deploy an OSPFv3 network.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7) and one Dell Networking N-series
switch (DNOS v6.2)
158

Exercise 1: IPv6 Addressing Configuration and Verification
Step 1.1:
Examine the topology diagram below to become familiar with the devices and interfaces you
will configure in this step. Shown are the IPv6 networks connecting switches and the
addresses for the physical interfaces for S2 and S3, and for the VLAN interfaces for N1. Also
shown is the network and associated addressing for the link connecting N1 to PC1.
For example, the network between S2 and S3 is 2001:db8:face::/64, and the interface address
for S2s FortyGigE 0/48 interface for that network is 2001:db8:face::1/64.
IPv6 Topology
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
AN
L
V
VLAN 102
2001:db8:beef::/64
Te 1/1/3
S3
:db
01
0
2
2
2
N1
/64
e::
b
a
8:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
Step 1.2:
Enable IPv6 routing functionality with the ipv6 unicast-routing command on S2 and S3.
This is a global configuration setting.
Step 1.3:
Using the topology diagram and/or the table below for reference, assign IPv6 addresses to
physical interfaces on S2 and S3.
159
Note you DO NOT have to configure VLANs on the S-series side of the link connecting to
N-series switches.
Addressing for S2 and S3

Device
S2
FortyGigE 0/48
IPv6 Address
2001:db8:face::1/64
S2
S3
S3
Te 0/47
FortyGigE 0/48
Te 0/46
2001:db8:beef::1/64
2001:db8:face::2/64
2001:db8:babe::1/64
The configuration on S2 for Steps 1.2 and 1.3 is provided here as an example. You will need to
also configure S3.
S2(conf)# ipv6 unicast-routing

S2(conf)# 04:40:55: %STKUNIT0-M:CP %CLI-6-CLI_V6UCASTROUTE_ENABLE: IPv6 unicast
routing will be enabled in the system
S2(conf-if-fo-0/48)# ipv6 address 2001:db8:face::1/64
S2(conf-if-fo-0/48)# no shut
S2(conf-if-te-0/47)# ipv6 address 2001:db8:beef::1/64
S2(conf-if-te-0/47)# no shut
Step 1.4:
On N1, create VLAN 88 and assign N1s Te 1/0/1 interface to it.
Step 1.5:
Enable IPv6 routing functionality with the ipv6 unicast-routing command on N1.
This is a global configuration setting.
Step 1.6:
Using the topology diagram and/or the table below for reference, assign IPv6 addresses to
N1s VLAN interfaces.
160
Addressing for N1
Device
N1
N1
N1
VLAN Interface
102
105
88
Te 1/1/3
Te 1/1/4
Te 1/0/1
IPv6 Address
2001:db8:beef::2/64
2001:db8:babe::2/64
2001:DB8:cafe::1/64
The configuration on N1 for Steps 1.4 through 1.6 is provided here.
N1(config)# vlan 88
N1(config-if-Te1/0/1)# switchport access vlan 88
N1(config)# ipv6 unicast-routing
N1(config-if-vlan102)# ipv6 enable
N1(config-if-vlan102)# ipv6 address 2001:db8:beef::2/64
N1(config-if-vlan105)#
ipv6 enable
Do
show run
N1(config-if-vlan105)# ipv6 address 2001:db8:babe::2/64
N1(config-if-vlan105) #interface vlan 88
N1(config-if-vlan88)# ipv6 enable
N1(config-if-vlan88)# ipv6 address 2001:db8:cafe::1/64
Step 1.7:
Configure and verify the IPv6 address on PC1.

The configuration for PC1 is shown here:
hw_user1@PC1:~$ sudo ifconfig eth0 inet6 add 2001:db8:cafe::2/64

Verify that the configuration on PC1 displays the inet6 (ipv6) address you have configured. The
output of this command is abbreviated in the example shown here:
hw_user1@PC1:~$ ifconfig eth0

eth0
output abbreviated inet6 addr: 2001:db8:cafe::2/64 Scope:Global
161
Step 1.8:
Verify connectivity between switches on the links you have just configured by pinging the
addresses you have assigned to S2, S3, and N1.
Ping S3 from S2
Ping S2 from N1
Ping S3 from N1
Note the difference between pinging IPv6 addresses on S-series (with ping command) versus
pinging IPv6 addresses on N-series (with ping ipv6 command). Examples are shown below.
S2# ping 2001:db8:face::2

Sending 5, 100-byte ICMP Echos to 2001:db8:face::2, timeout is 2 seconds:
!!!!!
N1# ping ipv6 2001:db8:beef::1
Pinging 2001:db8:beef::1 with 0 bytes of data:
Send count=4, Receive count=4 from 2001:db8:beef::1
Average round trip time = 1.00 ms
Step 1.9:
From N1, verify connectivity between N1 and PC1 by pinging PC1s IPv6 address, as shown
here:
N1# ping ipv6 2001:db8:cafe::2

Pinging 2001:db8:cafe::2 with 0 bytes of data:
Send count=4, Receive count=4 from 2001:db8:cafe::2
Average round trip time = 1.00 ms
162

Step 1.10:
On N1, issue the show ipv6 route command to examine the IPv6 routing table.
N1# show ipv6 route

IPv6 Routing Table - 3 entries
Codes: C - connected
C
C
C
2001:db8:babe::/64 [0/0]
via ::, Vl105
2001:db8:beef::/64 [0/0]
via ::, Vl102
2001:db8:cafe::/64 [0/0]
via ::, Vl88
You should see the three active links over the three directly connected IPv6 networks (show in
green in the diagram below).
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
VL
ab
VLAN 102
2001:db8:beef::/64
Te 1/1/3
8
:db
01
20
2
2
N1
Step 1.11:
S3
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
On N1, Issue the show ip route command to examine the IPv4 routing table. This, combined
with Step 1.10 demonstrates the dual-stack (IPv4 and IPv6) protocols operational on the
switches.
You should see in your IPv4 routing table the five directly connected links configured in Lab 2.
You should also see your loopback address (192.168.19.4/32), also shown as a connected
network.
163
The diagram below shows these IPv4 networks for N1 in Station 1.
S2
.9
Te 0/46
.21
Te 0/47
5
10 /30
0
AN
VL 8.1.2
6
2.1
9
1
VLAN 102
192.168.1.8/30
.10
Te 1/1/3
.22
Te 1/1/4
Te 1/0/7
.29
Lo0
192.168.19.4/32
N1
.33
S3
.45
Te 1/0/4
VLAN 107
192.168.1.32/30
VLAN 106
192.168.1.28/30
Te 1/0/7
.30
N2
Te 1/0/5
19 VLAN
2.1
68 110
.1.
44
/30
.34 Gi 1/0/4
.46
Gi 1/0/5
N3
N4
164

Exercise 2: OSPFv3 Configuration and Verification
Step 2.1:
Examine the topology diagram showing the network you will create in this exercise. In addition
to the IPv6 routed protocol you configured in Exercise 1, you will now configure the OSPFv3
dynamic link-state routing protocol. This will allow each switch to have knowledge of how to
reach IPv6 networks not directly connected to the switch.
For example, although S2 is not directly connected to networks 2001:db8:babe::/64 and
2001:db8:cafe::/64, the OSPFv3 protocol will allow S2 to learn about and install these
networks in its IPv6 routing table and therefore be aware of these networks and the path to
reach them.
OSPFv3 Topology
OSPFv3 Area 0
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
VLAN 102
V
2001:db8:beef::/64
Te 1/1/3
b
1:d
0
20
2
2
N1
5
10
N
LA
4
::/6
e
ab
8:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
2001:DB8:cafe::/64
165
PC1
S3
Step 2.2:
On S2 and S3, enter router configuration mode for IPv6, specifying a process id of 1. Configure
S2 with a router ID of 192.168.19.2. Configure S3 with a router ID of 192.168.19.3. The
configuration for S2 is shown here:
S2(conf)# ipv6 router ospf 1

S2(conf-ipv6-router_ospf)# router-id 192.168.19.2
Changing router-id will bring down existing OSPFv3 adjacencies [y/n]: y
Step 2.3:
Referring to the topology diagram from Step 1.1, configure the physical interfaces on S2 and
S3 to participate in the OSPFv3 process 1 in area 0. The configuration for S2 is shown here:

S2(conf-if-fo-0/48)# ipv6 ospf 1 area 0
S2(conf-if-fo-0/48)# exit
S2(conf-if-te-0/47)# ipv6 ospf 1 area 0
Step 2.4:
On N1, enable OSPFv3 and assign a router-id of 192.168.19.4.
N1(config)# ipv6 router ospf

N1(config-router6)# enable
N1(config-router6)# router-id 192.168.19.4
Step 2.5:
Refer to the topology diagram from Step 1.1. On N1, configure VLAN interfaces 102 and 105 to
participate in the OSPFv3 process in area 0. The configuration for N1 is shown here:

N1(config-if-vlan102)# ipv6 ospf area 0
N1(config-if-vlan105)# ipv6 ospf area 0
166
Step 2.6:
From each switch, verify that OSPF adjacencies have been formed with the other two
switches. On both S-series and N-series, this is done using the show ipv6 ospf neighbor
command.
N1# show ipv6 ospf neighbor

Router ID
Priority
Intf
ID
----1054596
1054468
---------------- -------192.168.19.2
1
192.168.19.3
1
Interface
State
Dead
Time
---34
34
----------- ---------------Vl102
Full/BACKUP-DR
Vl105
Full/DR
S2# show ipv6 ospf neighbor

Neighbor ID Pri State
192.168.19.4 1
FULL/DR
192.168.19.3 1
FULL/DR
Dead Time
00:00:39
00:00:39
Interface ID Interface
947
Te 0/47
1054725
Fo 0/48
Dead Time
00:00:35
00:00:31
Interface ID Interface
948
Te 0/46
1054725
Fo 0/48
S3# show ipv6 ospf neighbor

Neighbor ID Pri State
192.168.19.4 1
FULL/BDR
192.168.19.2 1
FULL/BDR
BDR
DR
Router ID
192.168.19.2
S2
Te 0/47
Te 0/46
DR
5
10
AN
VL
2001:db8:beef::/64
Te 1/1/3
8
:db
01
20
2
2
DR
4
::/6
be
:ba
Te 1/1/4
BDR
N1
S3
VLAN 102
Router ID
192.168.19.3
2
2001:db8:face::/64
BDR
Router ID
192.168.19.4
FortyGigE 0/48
FortyGigE 0/48
1
Te 1/0/1
VLAN 88
2001:DB8:cafe::/64
167
PC1
Viewing the output above, focus on the State column. You should see a FULL neighbor state
between switches. Additionally, you will see the role the other switch is performing either
Designated Router (DR) or Backup Designated Router (BDR).
For now, the most important thing to note is that each switch has a FULL adjacency state
formed with each neighbor. It is possible that the DR/BDR roles will be different for the output
on your switches.
Lab Note
The configured Router ID (shown as Neighbor ID) appears to be an IPv4 address. Although in Lab 2, we did
configure our Router IDs to match the IPv4 loopback address of each switch, this is actually optional. The
Router ID should be expressed in a four-octet dotted decimal format. Many administrators configure the
Router ID to match loopback addresses. Others use a numbering scheme such as 1.1.1.1 for Router 1 and
2.2.2.2 for Router 2, for example.
Step 2.7:
Using the show ipv6 route command, view the IPv6 routing table on N1. When you viewed the
routing table on N1 in Step 1.10, you saw the three directly connected links (shown in green).
You should now see installed in the routing table the network not directly connected to N1 the network between S2 and S3 (shown in blue), learned by OSPF.
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
VL
ab
VLAN 102
2001:db8:beef::/64
Te 1/1/3
8
:db
01
20
2
2
N1
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
2001:DB8:cafe::/64
168
PC1
S3

This network between S2 and S3 can be seen installed in the routing table output on N1 below.
Notice that N1 has knowledge of network 2001:db8:face::/64 since it is advertised and learned
by OSPF (code O), and that it is reachable via both VLAN 102 (via S2) and VLAN 105 (via S3).
N1# show ipv6 route

IPv6 Routing Table - 4 entries
Codes: C - connected, S - static
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2
ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2
C
C
C
O
2001:db8:babe::/64 [0/0]
via ::, Vl105
2001:db8:beef::/64 [0/0]
via ::, Vl102
2001:db8:cafe::/64 [0/0]
via ::, Vl88
2001:db8:face::/64 [110/11]
via fe80::201:e8ff:fe8b:5d16, Vl102
via fe80::201:e8ff:fe8b:6574, Vl105
Step 2.8:
View the routing table on S2 to verify that OSPF-learned routes for non-directly-connected
networks are installed in the routing table.
S2# show ipv6 route

-output abbreviatedDestination Dist/Metric,
Gateway, Last Change
----------------------------------------------------O 2001:db8:babe::/64 [110/2]
via fe80::201:e8ff:fe8b:6574, Fo 0/48, 5d14h
C 2001:db8:beef::/64 [0/0]
Direct, Te 0/47, 5d16h
C 2001:db8:face::/64 [0/0]
Direct, Fo 0/48, 5d16h
L fe80::/10 [0/0]
Direct, Nu 0, 5d16h
We can see that S2 now has installed the network between N1 and S3 (2001:db8:babe::/64) in
its routing table and that this network has been learned via OSPF. S2s directly connected
networks are shown here in green and this network learned via OSPF is shown in blue.
169
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
b
VL
a
VLAN 102
2001:db8:beef::/64
Te 1/1/3
S3
8
:db
01
0
2
2
2
N1
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
One thing we do not see in S2s routing table, however, is knowledge of the network between
N1 and PC1.
To allow S2 to install network 2001:DB8:cafe::/64 as an OSPF-learned route, we will
redistribute this network into OSPF.
Step 2.9:
View the routing table on S2 to verify that OSPF-learned routes for non-directly-connected
networks are installed in the routing table.
N1(config)# ipv6 router ospf

N1(config-router6)# redistribute connected
170
Step 2.10:
Now view the routing table on S2 again to verify that network 2001:DB8:cafe::/64 has been
installed as an OSPF learned route.
S2#show ipv6 route

Codes: C - connected, L - local, S - static, R - RIP,
B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated,
Destination Dist/Metric,
Gateway, Last Change
-----------------------------------------------------------------------------------Step 2.x
O the
2001:db8:babe::/64
[110/2] command
Using
show ipv6 ospf database
via fe80::201:e8ff:fe8b:6574,
Fo 0/48,
5d15h
C 2001:db8:beef::/64 [0/0]
Direct, Te 0/47, 5d16h
O E2 2001:db8:cafe::/64 [110/20]
via fe80::21e:c9ff:fedd:ba7e,
Te 0/47,
00:04:21
C 2001:db8:face::/64 [0/0]
Direct, Fo 0/48, 5d16h
L fe80::/10 [0/0]
Direct, Nu 0, 5d16h
171
FortyGigE 0/48
FortyGigE 0/48
2
2001:db8:face::/64
S2
Te 0/47
1
Te 0/46
1
5
10
/64
AN
e::
b
VL
a
VLAN 102
2001:db8:beef::/64
Te 1/1/3
S3
8
:db
01
0
2
2
2
N1
:b
Te 1/1/4
1
Te 1/0/1
VLAN 88
PC1
2001:DB8:cafe::/64
Note that network 2001:DB8:cafe::/64 appears in S2s routing table as an external OSPF route.
This is because this network is not a native OSPF route. It is a non-native route that has been
injected/redistributed into OSPF. This is different from network 2001:db8:babe::/64, which is
learned as a native OSPF route.

172
Lab 11: Virtual Routing and Forwarding VRF-lite

Lab Directions:
This lab guides you through configuration and verification of VRF-lite on Dell Networking switches.
Configuration and verification of VRF-lite on Dell S-series switches.

Configuration and verification of VRF-lite on Dell N-series switches.
Purpose:

1. Configure VRF-lite on switches, allowing physical devices to be partitioned into
multiple Virtual Routers (VRs).
2. Demonstrate multi-tenancy solutions provided by VRF-lite deployment,
including creation of multiple VRF instances and the (optional) use of
overlapping addressing with multiple VRF instances.
3. Use OSPF to exchange routing information within VRF instances.
4. Validate VRF configuration and verify connectivity, multi-tenancy, and isolation
of VRF instances.
When to Use:
The tasks completed in this lab demonstrate processes to follow when the desire is to
deploy VRF multi-tenancy on Dell Networking switches. The two scenarios configured
in this lab achieve similar results with respect to control and data plane isolation for
each VRF instance. There are, however, differences with respect to scope and approach
to achieving these results with the two different exercises to demonstrate deployment
varieties and options, including the use of overlapping/duplicate addressing used with
different VRF instances.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7) are used for Exercise 1. Four Dell
Networking N-series switches (DNOS v6.2) and two S-series switches are used for
Exercise 2.
173
Exercise 1: Configuration and Verification of VRF-lite on S-series switches

Step 1.1:
Examine the diagram below to become familiar with the topology for this exercise. Shown are:
Switches to be configured (S2 and S3)
VRF instances (default, red, and blue)
VLANs mapped to each VRF instance
The port channel between switches
Addressing for the VLANs and multiple loopback interfaces
VRF-lite S-series Topology

VRF Blue
lo 1: 172.17.1.1/24
VLAN 200
100.1.1.1/24
VLAN 100
100.1.1.1/24
VLAN 20
10.1.1.1/24
VLAN 30
10.1.1.1/24
VLAN 10
10.1.1.1/24
S2
VRF Red
VLAN 300
100.1.1.1/24
VRF Default
lo 2: 192.168.1.1/24
lo 0: 172.16.1.1/24
Fo 0/48
Fo 0/52
PO 10
Fo 0/48
Fo 0/52
VRF Red
VRF Default
lo 0: 172.16.2.1/24
VLAN 100
100.1.1.2/24
VLAN 200
100.1.1.2/24
lo 2: 192.168.2.1/24
VLAN 10
10.1.1.2/24
VLAN 30
10.1.1.2/24
VLAN 20
10.1.1.2/24
S3
VRF Blue
lo 1: 172.17.2.1/24
174
VLAN 300
100.1.1.2/24
Lab Note
This exercise demonstrates multi-tenancy with VRF-lite with three tenants. Each color represents a different
tenant.
Each tenant has unique VLANs but all three use the same (overlapping) IP addresses on their respective
VLANs. This is possible since the three virtual routers associated with the three separate VRF instances do
not share routing information. OSPF is used to exchange routing information within VRFs only.
A single port-channel connection between S2 and S3 is used to carry traffic from all three tenants.
Step 1.2:
On both S2 and S3, create Port Channel 10 connecting the two switches. The example is
shown here on S2.
S2(conf)# interface range fortyGigE 0/48 , fortyGigE 0/52

S2(conf-if-range-fo-0/48,fo-0/52)# port-channel-protocol lacp
S2(conf-if-range-fo-0/48,fo-0/52-lacp)# port-channel 10 mode active
S2(conf-if-range-fo-0/48,fo-0/52-lacp)# no shutdown
Step 1.3:
On S2 and S3, load the VRF CAM profile with the feature vrf command, and create two VRF
instances, VRF red 1 and VRF blue 2. The example is shown here on S2.
S2(conf)# feature vrf

S2(conf)# ip vrf red 1
S2(conf-vrf)# exit
S2(conf)# ip vrf blue 2
Note that there are three VRF instances used in this exercise, but one is the default instance, so
it does not need to be created.
175
Step 1.4:
On S2 and S3, add loopback interfaces to VRF instances and assign IP addresses to them. The
table below shows the IP addresses and VRF instances associated with the different loopback
interfaces on each device.
Device
S2
Loopback Interface
Lo 0
IP Address
172.16.1.1/24
VRF Instance
red
S2
Lo 1
172.17.1.1/24
blue
S2
S3
S3
Lo 2
Lo 0
Lo 1
192.168.1.1/24
172.16.2.1/24
172.17.2.1/24
default
red
blue
S3
Lo 2
192.168.2.1/24
default
The example is shown here on S2.
S2(conf)# interface loopback 0

S2(conf-if-lo-0)# ip vrf forwarding red
S2(conf-if-lo-0)# ip address 172.16.1.1/24
S2(conf-if-lo-0)# exit
S2(conf-if-lo-1)# ip vrf forwarding blue
S2(conf-if-lo-1)# exit
Note: Interface loopback 2 on both switches is part of the default VRF instance, and therefore
does not require specifying a VRF instance.
Step 1.5:
On S2 and S3, place port-channel 10 in switchport mode. The example is shown here on S2.

Step 1.6:
On S2 and S3, create VLANs for the VRF instances and configure them to trunk over the portchannel. Refer to the table below to see the IP addresses and VRF instances to associate with
the VLANs on the two devices.
176

NOTE THE DUPLICATE ADDRESSES IN THE DIFFERENT VLANS.
Device
S2
VLAN
10
IP Address
10.1.1.1/24
VRF Instance
red
S2
S2
S2
S2
S2
S3
S3
100
20
200
30
300
10
100
100.1.1.1/24
10.1.1.1/24
100.1.1.1/24
10.1.1.1/24
100.1.1.1/24
10.1.1.2/24
100.1.1.2/24
red
blue
blue
default
default
red
red
S3
S3
20
200
10.1.1.2/24
100.1.1.2/24
blue
blue
S3
S3
30
300
10.1.1.2/24
100.1.1.2/24
default
default
The example shows the VLAN configuration on S2 for VLANs 10 and 100, which are part of
VRF RED.
For VLANs 30 and 300 on both devices, the ip vrf forwarding command is not necessary
because these VLANs are part of the default VRF instance.

S2(conf-if-vl-10)# ip vrf forwarding red
S2(conf-if-vl-10)# ip address 10.1.1.1/24
S2(conf-if-vl-10)# tagged port-channel 10
S2(conf-if-vl-10)# exit
S2(conf-if-vl-100)# ip vrf forwarding red
S2(conf-if-vl-100)# ip address 100.1.1.1/24
S2(conf-if-vl-100)# tagged port-channel 10
177
Step 1.7:
On S2 and S3, configure routing with OSPF using a single-area topology with area-id 0. Map
VRF instances to separate OSPF instances. The table below shows the OSPF process ID to
associate with each VRF instance for each device. Also shown are the Router IDs to use with
the different OSPF/VRF instances.
Device
S2
OSPF Process ID
1
VRF Instance
red
Router ID
100.1.1.10
S2
blue
100.1.1.20
S2
S3
S3
S3
3
1
2
3
default
red
blue
default
100.1.1.30
100.1.1.11
100.1.1.21
100.1.1.31
Use the network command to have VLAN and loopback interfaces included in the OSPF
process. Refer to Step 1.4 for loopback addressing and Step 1.6 for VLAN addressing. Recall
that this command indicates the subnet, and not the specific interface addresses. For example,
as seen in the example below, although the VLAN address on S2 for VLAN 10 is 10.1.1.1/24, the
network command specifies the subnet address of 10.1.1.0/24.
Note that the configuration of OSPF process 3 does not require specifying the VRF because
this process is used for the default VRF.
S2(conf)# router ospf 1 vrf red

S2(conf-router_ospf-1)# log-adjacency-changes
S2(conf-router_ospf-1)# exit
S2(conf)# router ospf 2 vrf blue
178

Step 1.8:
On S3, verify that OSPF adjacencies have been formed with S2 with the show ip ospf neighbor
command. This command will need to be issued separately for individual VRF instances. Focus
on having a FULL adjacency state with neighbor S2.
First, without specifying a VRF, the adjacency associated with the default VRF (only) is shown.

Neighbor ID
100.1.1.30
100.1.1.30
Pri
1
1
State
FULL/DR
FULL/DR
Dead Time
00:00:35
00:00:30
Address
10.1.1.1
100.1.1.1
Interface
Vl 30
Vl 300
Area
0
0
Interface
Vl 10
Vl 100
Area
0
0
Interface
Vl 20
Vl 200
Area
0
0
Next, view the adjacency state with neighbor S2 for VRF instance RED.
S3# show ip ospf vrf red neighbor

Neighbor ID
100.1.1.10
100.1.1.10
Pri
1
1
State
FULL/DR
FULL/DR
Dead Time Address

00:00:35
10.1.1.1
00:00:35
100.1.1.1
Now, view the adjacency state with neighbor S2 for VRF instance BLUE.
S3# show ip ospf vrf blue neighbor

Neighbor ID
100.1.1.20
100.1.1.20
Step 1.9:
Pri
1
1
State
FULL/DR
FULL/DR
Dead Time
00:00:38
00:00:31
Address
10.1.1.1
100.1.1.1
On S3, view the routing table for the Default, Red, and Blue VRF instances. Note that the VRF
routing tables have some overlapping subnet entries.
First view the routing table for the DEFAULT VRF instance.
S3# show ip route

Codes: C - connected, O - OSPF
--- output abbreviated ---Destination
----------Dell - Restricted - Confidential
C 10.1.1.0/24
C 100.1.1.0/24
Gateway
------Direct, Vl 30
Direct, Vl 300
179
Dist/Metric
----------0/0
0/0
Last Change
----------01:24:56
01:24:07
Here, you should see the loopback address of S2s Lo 2 interface (DEFAULT VRF) learned via
OSPF.
Next, view the routing table for the RED VRF instance.
S3# show ip route vrf red

----------C 10.1.1.0/24
C 100.1.1.0/24
O 172.16.1.1/32
C
Gateway
------Direct, Vl 10
Direct, Vl 100
via 10.1.1.1, Vl 10
via 100.1.1.1, Vl 100
Direct, Lo 0
172.16.2.0/24
Dist/Metric
----------- 0/0
0/0
110/1
Last Change
---------01:33:20
01:32:16
01:19:10
0/0
01:36:38
Here, you should see the loopback address of S2s Lo 0 interface (RED VRF) learned via OSPF.
Next, view the routing table for the BLUE VRF instance.
S3# show ip route vrf blue

----------C 10.1.1.0/24
C 100.1.1.0/24
O 172.17.1.1/32
C
172.17.2.0/24
Gateway
------Direct, Vl 20
Direct, Vl 200
via 10.1.1.1, Vl 20
via 100.1.1.1, Vl 200
Direct, Lo 1
Dist/Metric
----------0/0
0/0
110/1
Last Change
----------01:30:18
01:29:08
01:11:38
0/0
01:36:31
Here, you should see the loopback address of S2s Lo 1 interface (BLUE VRF) learned via OSPF.
180
Step 1.10:
On S3, issue the show ip interface brief vlan command to observe the overlapping IP
addresses on different VLANs on the switch.
S3# show ip interface brief vlan 10

Interface
IP-Address
Vlan 10
10.1.1.2
OK
YES
Method
Manual
Status
up
Protocol
up

Interface
IP-Address
Vlan 100
100.1.1.2
OK
YES
Method
Manual
Status
up
Protocol
up

Interface
IP-Address
Vlan 20
10.1.1.2
OK
YES
Method
Manual
Status
up
Protocol
up

Interface
IP-Address
Vlan 200
100.1.1.2
OK
YES
Method
Manual
Status
up
Protocol
up

Interface
IP-Address
Vlan 30
10.1.1.2
OK
YES
Method
Manual
Status
up
Protocol
up

Interface
IP-Address
Vlan 300
100.1.1.2
OK
YES
Method
Manual
Status
up
Protocol
up
Step 1.11:
On S3, test connectivity with the ping command for each VRF by pinging the three loopback
interfaces associated with the three different VRF instances on S2.
The normal ping command will work for the DEFAULT VRFs loopback address.
181
For VRF RED and VRF BLUE, specify the VRF, the IP address of the loopback address for the
VRF on S2, and the source IP loopback address on S3. An example is shown below.
S3# ping 192.168.1.1

!!!!!
S3# ping vrf red 172.16.1.1 source ip 172.16.2.1
Sending 5, 100-byte ICMP Echos to 172.16.1.1 from 172.16.2.1, timeout is 2 seconds:
!!!!!
S3# ping vrf blue 172.17.1.1 source ip 172.17.2.1

Sending 5, 100-byte ICMP Echos to 172.17.1.1 from 172.17.2.1, timeout is 2 seconds:
!!!!!
Notify the instructor you have completed Exercise 1.

A new configuration file will be loaded onto your switches
before you continue with Exercise 2.
182

Exercise 2: Configuration and Verification of VRF-lite on N-series switches
Step 2.1:
Examine the topology diagram to become familiar with the topology for this exercise.
VRF
brancha
Branch A
S2
VRF
branchb
Central
Office
.2
Branch B
S3
.2
Te 0/46
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
Te 1/1/4
.1
.1
N1
VLAN 20
192.168.20.0/24
VR1 VR2
.1
VR1 and VR3

share routing
information via
OSPF
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
VR2 and VR4

share routing
information via
OSPF
Te 1/0/8
.2
.2
N2
VLAN 11
192.168.11.0/24
.1
VR3 VR4
Te 1/0/5
Te 1/0/4
.1
VLAN 21
192.168.21.0/24
Gi 1/0/4
Gi 1/0/5
.2
.2
N3
N4
183
Step 2.2:
Please read the following exercise scenario description:

The lab scenario in this exercise involves two branch offices and a central office. There are two
switches for each branch office that require routes to each other but must remain isolated
from the other branch. Therefore, each VR pair will isolate the traffic for the branch to which it
is assigned.
The switches located at the central office are configured to use VRF-lite to create virtual
routers. Separate VRF instances provide the required isolation.
By partitioning a single switch into multiple virtual switches, a state of multi-tenancy is created
as separate routing tables are created for different VRF instances on single physical devices.
Unlike the use of overlapping addresses used in Exercise 1, separate addressing assignments
are used for the two VRF instances in this exercise
In this scenario, two layer-3 switches at the Central Office isolate traffic between Branch A and
Branch B. Four VRs (VR1, VR2, VR3, and VR4) are created across the two Central Office
switches, as shown in the topology diagram. VR1 and VR3 share routing information for
Branch A, which is isolated from VR2 and VR4; and, VR2 and VR4 share routing information for
Branch B, which is isolated from VR1 and VR3. OSPF is used to allow the VRs to exchange
routing information.
Step 2.3:
For this step and Step 2.4, you will be challenged to use the knowledge and skills you have
developed in previous labs and Exercise 1 of this lab. Provided are configuration output
snippets showing configuration parameters that should exist on the central office and branch
switches once you have configured them.
Refer to the following topology diagrams and configuration snippets to configure your
switches in accordance with the working solution they illustrate.
You should be able to determine from the configuration snippets provided if the command
should be entered as a global configuration command [N1(config)#] or under a more specific
configuration mode [for example, N1(config-if-Te1/0/7)#, N1(config-if-vlan10)#, N1(configvrf-brancha)#, N1(Config-router-vrf-brancha)#, etc.)
If you have any questions or do not fully understand what is expected, please ask your
instructor to clarify the expectations.
184
N1 Configuration for brancha

VRF instance
N1-Central Office Configuration

VRF
brancha
Branch A
S2
Central
Office
.2
vlan 10,12
VRF
branchb
Branch B
S3
.2
interface Te1/1/3
Te 0/46
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
Te 1/1/4
.1
.1
N1
ip vrf brancha
ip routing
VLAN 20
192.168.20.0/24
VR1 VR2
.1
VR1 and VR3

share routing
information via
OSPF
interface Te1/0/7
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
VR2 and VR4

share routing
information via
OSPF
Te 1/0/8
.2
.2
interface vlan 12
ip vrf forwarding brancha
ip address 192.168.12.1 /24
ip ospf area 0
N2
VLAN 11
192.168.11.0/24
.1
VR3 VR4
Te 1/0/5
Te 1/0/4
.1
VLAN 21
192.168.21.0/24
Gi 1/0/4
Gi 1/0/5
.2
N1 Configuration for branchb

VRF instance
.2
N3
N4
vlan 20,22
interface Te1/0/8
N1 Configuration for OSPF
interface Te1/1/4
ip routing
router ospf vrf brancha
router-id 192.168.0.253
network 192.168.0.0 0.0.0.255 area 0
redistribute connected
enable
ip vrf branchb
ip routing
interface vlan 20
ip vrf forwarding branchb
ip address 192.168.20.1 /24
ip ospf area 0
router ospf vrf branchb

router-id 192.168.0.252
network 192.168.0.0 0.0.0.255 area 0
enable
interface vlan 10
ip address 192.168.10.1 /24
ip ospf area 0
interface vlan 22
ip address 192.168.22.1 /24
ip ospf area 0
185
N2 Configuration for brancha

VRF instance
N2-Central Office Configuration

VRF
brancha
Branch A
S2
Central
Office
.2
vlan 11,12
VRF
branchb
Branch B
S3
.2
Te 0/46
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
.1
.1
N1
VLAN 20
192.168.20.0/24
ip vrf brancha
ip routing
VR1 VR2
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
VR2 and VR4

share routing
information via
OSPF
Te 1/0/8
.2
.2
N2
VLAN 11
192.168.11.0/24
VR3
.1
Te 1/0/5
interface Te1/0/7
Te 1/1/4
.1
VR1 and VR3

share routing
information via
OSPF
interface Te1/0/5
VR4
Te 1/0/4
.1
interface vlan 11
ip address 192.168.11.1 /24
ip ospf area 0
interface vlan 12
ip address 192.168.12.2 /24
ip ospf area 0
VLAN 21
192.168.21.0/24
Gi 1/0/4
Gi 1/0/5
.2
.2
N3
N4
N2 Configuration for branchb

VRF instance
vlan 21,22
interface Te1/0/4
N2 Configuration for OSPF

ip routing
interface Te1/0/8
router ospf vrf brancha

router-id 192.168.0.251
network 192.168.0.0 0.0.0.255 area 0
enable
ip vrf branchb
ip routing
interface vlan 21
ip address 192.168.21.1 /24
ip ospf area 0
router ospf vrf branchb

router-id 192.168.0.250
network 192.168.0.0 0.0.0.255 area 0
enable
interface vlan 22
ip address 192.168.22.2 /24
ip ospf area 0
186
Branch Offices Configuration

S2 Configuration for Branch A
S3 Configuration for Branch B

ip address 192.168.10.2/24
no shutdown

ip address 192.168.20.2/24
no shutdown
ip route 0.0.0.0/0 192.168.10.1
ip route 0.0.0.0/0 192.168.20.1
VRF
brancha
Branch A
S2
VRF
branchb
Central
Office
.2
Te 0/47
Te 1/1/3
VLAN 10
192.168.10.0/24
Branch B
S3
.2
Te 0/46
Te 1/1/4
.1
.1
N1
VLAN 20
192.168.20.0/24
VR1 VR2
.1
VR1 and VR3

share routing
information via
OSPF
.1
Te 1/0/7
Te 1/0/8
VLAN 12
192.168.12.0/24
VLAN 22
192.168.22.0/24
Te 1/0/7
VR2 and VR4

share routing
information via
OSPF
Te 1/0/8
.2
.2
N2
VLAN 11
192.168.11.0/24
.1
VR3
Te 1/0/5
VR4
.1
Te 1/0/4
VLAN 21
192.168.21.0/24
Gi 1/0/5
Gi 1/0/4
.2
.2
N3
N4
N3 Configuration for Branch A
N4 Configuration for Branch B

vlan 21
vlan 11
interface vlan 11
ip address 192.168.11.2 /24
interface vlan 21
ip address 192.168.21.2 /24
interface Gi 1/0/5
interface Gi 1/0/4
ip default-gateway 192.168.11.1
ip default-gateway 192.168.21.1
187
Step 2.4:
Although not included in the configuration snippets provided above (which focus on the
necessary configuration on switches to achieve VRF-lite functionality), recall from prior labs
that depending on the specific topology it is necessary on N-series to disable spanning tree
on certain interfaces to prevent port blocking in your routed environment.
As an example, shown below is a portion of the configuration on switch N4. Here, Gi 1/0/4 is
mapped to VLAN 21. Spanning tree is disabled on Gi 1/0/4, the physical interface (not on
interface VLAN 21).

----output abbreviated---interface vlan 21
ip address 192.168.21.2 255.255.255.0
interface Gi1/0/4
For the verification steps that follow, if your configuration appears correct but you do not see
the expected verification output for the commands issued, selectively disable spanning tree on
physical interfaces mapped to VLANs (N-series only) for the path being tested.
Step 2.5:
On N3, verify that you can successfully ping the default gateway address on N2 that you
configured in the previous step.
N3# ping 192.168.11.1

Reply
Reply
Reply
Reply
From 192.168.11.1: icmp_seq =

From 192.168.11.1: icmp_seq =
From 192.168.11.1: icmp_seq =
From 192.168.11.1: icmp_seq =
Step 2.6:
0. time=
1. time=
2. time=
3. time=
2131 usec.
1254 usec.
1216 usec.
1170 usec.
On N4, verify that you can ping the default gateway address on N2.
N4# ping 192.168.21.1

Reply
Reply
Reply
Reply
From 192.168.21.1: icmp_seq =

From 192.168.21.1: icmp_seq =
From 192.168.21.1: icmp_seq =
From 192.168.21.1: icmp_seq =
0. time=
1. time=
2. time=
3. time=
2145 usec.
1220 usec.
1227 usec.
1205 usec.
188
Step 2.7:
On N3, verify that you can successfully ping S2s Te 0/47 interface (connected to N1) via N2
and N1.
N3# ping 192.168.10.2

Reply
Reply
Reply
Reply
From 192.168.10.2: icmp_seq =

From 192.168.10.2: icmp_seq =
From 192.168.10.2: icmp_seq =
From 192.168.10.2: icmp_seq =
Step 2.8:
0. time=
1. time=
2. time=
3. time=
1357 usec.
904 usec.
4687 usec.
876 usec.
On N4, verify that you can successfully ping S3s Te 0/46 interface (connected to N1) via N2
and N1.
N4# ping 192.168.20.2

Reply
Reply
Reply
Reply
From 192.168.20.2: icmp_seq =

From 192.168.20.2: icmp_seq =
From 192.168.20.2: icmp_seq =
From 192.168.20.2: icmp_seq =
Step 2.9:
0. time=
1. time=
2. time=
3. time=
1332 usec.
898 usec.
997 usec.
917 usec.
On N3, using the traceroute command, verify that the path from N3 to S2 traverses N2s VLAN
11 address and N1s VLAN 12 address (brancha VRF instance).

1 192.168.11.1
2 192.168.12.1
3 0.0.0.0
<1 ms <1 ms
<1 ms <1 ms
*
*
*
<1 ms
<1 ms
189
Step 2.10:
On N4, using the traceroute command, verify that the path from N4 to S3 traverses N2s VLAN
21 address and N1s VLAN 22 address (branchb VRF instance).

1 192.168.21.1
2 192.168.22.1
3 0.0.0.0
Step 2.11:
<1 ms <1 ms
<1 ms <1 ms
*
*
*
<1 ms
<1 ms
On N1, examine the routing table for the brancha VRF instance.
N1# show ip route vrf brancha

Route Codes: O - OSPF Derived, C - Connected
--- output abbreviated--C
O
C

*192.168.11.0/24 [110/20] via 192.168.12.2, Vl12
You should be able to verify that you are directly connected to networks 192.168.10.0/24 and
192.168.12.0/24. You should also be able to verify that N1 has learned of network
192.168.11.0/24 (the network between N2 and N3) via OSPF.
Step 2.12:
On N1, examine the routing table for the branchb VRF instance.
N1# show ip route vrf branchb

Route Codes: O - OSPF Derived, C - Connected
--- output abbreviated--C
O
C

*192.168.21.0/24 [110/20] via 192.168.22.2, Vl22
You should be able to verify that you are directly connected to networks 192.168.20.0/24 and
192.168.22.0/24. You should also be able to verify that N1 has learned of network
192.168.21.0/24 (the network between N2 and N4) via OSPF.
190
Step 2.13:
On N1, verify that OSPF adjacencies have been formed with N2 for both VRF instances.
N1# show ip ospf neighbor vrf brancha

Router ID
Priority
---------------- -------192.168.0.251
1
IP Address
Interface
--------------- ----------192.168.12.2 Vl12
State
---------------Full/BACKUP-DR
Dead
Time
-----32
N1# show ip ospf neighbor vrf branchb

Router ID
Priority
---------------192.168.0.250
-------1
IP Address
Interface
--------------- ----------192.168.22.2
Vl22
State
---------------Full/BACKUP-DR
Dead
Time
-----36
In addition to seeing a FULL adjacency state, you should see the router-ids you configured in
Step 2.3 and N2s VLAN interface addresses associated with the two different VRF instances.
Ensure that the adjacency state is FULL.
Step 2.14:
On N1, issue the command show ip vrf interface.
N1# show ip vrf interface

VRF Name
-------------------brancha
brancha
branchb
branchb
Interface
---------Vl10
Vl12
Vl20
Vl22
State
----Up
Up
Up
Up
IP Address
--------------192.168.10.1
192.168.12.1
192.168.20.1
192.168.22.1
IP Mask
--------------255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
Method
------Manual
Manual
Manual
Manual
Referring to the topology diagram, you should see the VLAN interfaces connected to S2 and
S3 (the two branch office switches) and the corresponding VRF instance membership. You
should also see the two VLAN interfaces connected to the other central office switch (N2) and
their corresponding VRF instances.
Step 2.15:
(Optional) Complete Steps 2.9 through 2.12 on N2 for further verification.

191
Lab 12: Stacking Dell Networking Switches

Lab Directions:
This lab demonstrates basic stacking procedures on Dell Networking S-series and N-series switches.
Purpose:
1. Stacking with front panel user ports on S-series switches.
2. Stacking with front panel user ports on N-series switches.
When to Use:
When interconnecting switches to be managed as a single virtual switch through the

stack management unit.
Equipment:
Two Dell Networking S-series switches (DNOS v9.7) and two Dell Networking N-series
Lab Note
With the Dell Networking OS stacking feature, depending on the switch model, you can interconnect
multiple switch units with dedicated stacking ports or front end user ports. The stack is manageable as a
single switch through the stack management unit.
For this lab, both the S-series and N-series switches used will be stacked with front end user ports. In both
cases, two switches will be used. One will serve as the management (master) unit, and the other will be the
standby unit, able to assume the role of the management unit in the event of failure of the initial master
device.
Among the benefits of stacking, demonstrating the ability to manage multiple switches from one
management unit is the primary focus of this lab. Refer to Dell documentation for more detailed
information on stacking specific switch models in more complex scenarios where using additional
configuration options may be desired.
192

Exercise 1: S-series Stacking with Front Panel User Ports
Step 1.1:
View the topology diagram to become familiar with the devices and interfaces that will be used
for this exercise.
UNIT 0
MANAGEMENT
(MASTER)
DEVICE
S2
FortyGigE 0/48
FortyGigE 0/48
UNIT 1
STANDBY
DEVICE
Step 1.2:
S3
Verify that the Dell Networking OS version is the same on both switches. This is a requirment for
stacking.
S2# show version

Step 1.3:
On S2, issue the show system brief command and observe the output.
S2# show system brief

Stack MAC
Reload-Type
: 00:01:e8:d8:ed:6b
: normal-reload [Next boot : normal-reload]
-- Stack Info -Unit UnitType

Status
ReqTyp
CurTyp
Version
Ports
------------------------------------------------------------------------------0
Management
online
S4810
S4810
9.7(0.0)
64
1
Member
not present
2
Member
not present
-- output truncated --
193
Notice that the switch sees itself as the Management device in a stack of one unit with the
switch default settings. The default Unit number for the Management device is 0.
Issue the show system brief command on S3, and you will see similar output.
Step 1.4:
On S2, configure interface Fo 0/48 to support stacking. Interface Fo 0/48 corresponds with
stack-group 12. To actually change the port from normal Ethernet framing to support stacking,
the configuration must be saved (with the write memory command), and then the switch must
be reloaded (with the reload command).
S2(conf)# stack-unit 0 stack-group 12

S2(conf)#00:10:43: %STKUNIT0-M:CP %IFMGR-6-STACK_PORTS_ADDED:
Ports Fo 0/48 have been configured as stacking ports. Please save and reset stack-unit 0
for config to take effect
S2(conf)# exit
S2#00:11:35: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console
S2# write memory
S2# reload
Proceed with reload [confirm yes/no]:y
As you saw in the previous step, the default stack unit number is 0 on S-series switches. When
you stack multiple switches, each unit in the stack will have a unique stack number that is either
assigned by you or the Dell Networking OS. Because you will configure S2 and reload the system
before you configure S3, in this scenario S2 will retain the stack unit number 0 and S3 will be
assigned the stack unit number 1.
Wait for S2 to reload before you configure S3.
Step 1.5:
After you reload S2, allow about 30 seconds to begin this step. Complete the same process on
S3 that you did for S2 in the previous step. Once S3 has fully reloaded, you will notice that it has
now adopted the name of the management device (S2) and is in standby mode to assume
mastership if S2 fails.
S3 prompt changed to S2(standby).
S2(standby)>
194
Step 1.6:
Now that S2 has assumed the management role for the stack, all commands should be issued
on S2. Recall, that this is the primary benefit of stacking being able to manage multiple
switches as if they were one device, from the management unit.
On S2 (the management device), issue the show system stack-ports command and observe the
output.
S2> show system stack-ports

Topology: Daisy chain
Interface
Connection
Link Speed Admin

Link
(Gb/s)
Status
Status
------------------------------------------------------------0/48
1/48
40
up
up
1/48
0/48
40
up
up
Notice that the output displays the interfaces connecting the two switches in the stack. Both
lines of output actually indicate the same connection, but from the perspective of the two
different physical switches (there is actually only one link connecting the two switches).
Interface 0/48 (on the management device, Unit 0) is connected to interface 1/48 (on the
standby device, Unit 1). Notice that interface 0/48 on the standby device has been renamed to
interface 1/48, since the standby device is now Unit 1.
Step 1.7:
On S2 (the management device), issue the show system brief command and observe the output.
S2> show system brief

Stack MAC
Reload-Type
: 00:01:e8:d8:ed:6b
: normal-reload [Next boot : normal-reload]
-- Stack Info -Unit UnitType

Status
ReqTyp CurTyp
Version
Ports
-----------------------------------------------------------------------------0
Management
online
S4810 S4810
9.7(0.0)
64
1
Standby
online
S4810 S4810
9.7(0.0)
64
Verify that Unit 0 (S2) is the Management device and that Unit 1 (S3) is the Standby device for
the stack.
195
Step 1.8
On S2 (the management device), issue the show system stack-unit unit-id command for both
Unit 0 and Unit 1, and observe another way to verify unit roles and status.
S2> show system stack-unit 0

-- Unit 0 -Unit Type
Status
Next Boot
Required Type
Current Type
Master priority
: Management Unit
: online
: online
: S4810 - 52-port GE/TE/FG (SE)
:0
S2> show system stack-unit 1

-- Unit 1 -Unit Type
Status
Next Boot
Required Type
: Standby Unit
: online
: online
Current Type
196

Exercise 2: N4000 Series Stacking with Front Panel User Ports
Step 2.1:
View the topology diagram to become familiar with the devices and interfaces that will be used
for this exercise.
You will be stacking two N-4000 series switches, N1 and N2. The concept is the same as with
the previous exercise, but the procedure differs somewhat.
UNIT 0
MANAGEMENT
DEVICE
N1
Te 1/0/7
Te 1/0/7
UNIT 1
STANDBY
DEVICE
Step 2.2:
N2
On both N1 and N2, issue the show switch command and observe the output. Notice that the
default switch settings result in each device seeing itself as the Management switch in a stack
of one unit. Notice also that (different from S-series switches) the default switch ID number is 1.
N1> show switch
SW
--1
Management
Status
---------Mgmt Sw
Standby
Preconfig Plugged-in
Status
Model ID
Model ID
--------- ------------- ------------N4032F
N4032F
197
Switch
Status
-----OK
Code
Version
------6.2.1.6
N2> show switch
SW
--1
Step 2.3:
Management
Status
---------Mgmt Sw
Standby
Preconfig Plugged-in
Status
Model ID
Model ID
--------- ------------- ------------N4032F
N4032F
Switch
Status
-----OK
Code
Version
------6.2.1.6
On N1, view the additional options for the show switch command by appending a question
mark to the command.
N1> show switch ?

<cr>
|
<stack-member-number>
stack-ports
stack-standby
Step 2.4:
Press enter to execute the command.

Output filter options.
Enter switch ID in the range of 1 to 12.
Display summary stack-port information for all
interfaces.
Display the configured or automatically selected
standby unit number.
On both N1 and N2, issue the show switch 1 command and observe the results. On both
switches, before stacking, the stack-member-number is the default, 1. The examle is shown on
N1, but you should see similar output on N2.
N1> show switch 1

Switch................................................... 1
Management Status.......................... Management Switch
Switch Type........................................ 0xd8420002
Preconfigured Model Identifier...... N4032F
Plugged-in Model Identifier............ N4032F
Switch Status...................................... OK
Switch Description............................ Dell Networking N4032F
Detected Code Version.................... 6.2.1.6
Detected Code in Flash.................... 6.2.1.6
198
Step 2.5:
On both N1 and N2, issue the show switch stack-standby command. Since the switches are
not yet stacked, both switches have a Management role, so there is no Standby unit at this
time.
N1> show switch stack-standby

Standby unit: None
Step 2.6:
On N1 and N2, observe the status and mode of interface Te 1/0/7, the interface on each
switch that will be used to connect the switches for stacking. The show interfaces status
command and the show switch stack-ports command can be used to verify the current status
and later to observe the changes in the output once a stack has been created. Currently, the
interface is supporting normal Ethernet framing and is not yet configured to support stacking.
N1# show interfaces status

Port
Description
Link Flow M VLAN

State Ctrl
--------- -------- ------ ------- ---- ------ ----- -- ----------------------Te1/0/4
Full
1000
Auto Up On
A
1
Te1/0/5
Full
1000
Auto Up On
A
1
Te1/0/6
Full
1000
Auto Up On
A
1
Te1/0/7
Duplex
Speed
Neg
Full
10000
Off
Up
On
N1# show switch stack-ports

Configured Running
Link
Link
Admin
Interface
Stack Mode Stack Mode Status
Speed (Gb/s) Status
--------- ---------- ---------- ------------ ------------ -----------Te1/0/5
Ethernet
Ethernet
Link Up
1
Disabled
Te1/0/6
Ethernet
Ethernet
Link Up
1
Disabled
Te1/0/7
Step 2.7:
Ethernet
Ethernet
Link Up
10
On N1 only, configure Te 1/0/7 to support stacking, as shown.
N1# configure
N1(config)# stack
N1(config-stack)# stack-port tengigabitethernet 1/0/7 stack
199
Disabled
Step 2.8:
Although you have configured Te 1/0/7 to support stacking in the previous exercise, to actually
change the port from normal Ethernet framing to now support stacking, the configuration must
be saved (with the copy running-config startup-config command), and then the switch must
be reloaded (with the reload command), as shown.
N1# copy running-config startup-config

This operation may take few minutes.
Management interfaces will not be available during this time.
Are you sure you want to save? (y/n) y
Configuration Saved!
N1# reload
Are you sure you want to reload the stack? (y/n) y
Allow N1 to fully reboot before you continue.
Step 2.9:
After the swtich has fully reloaded, on N1, issue the show switch stack-ports command and
observe that now Te 1/0/7 is now configured for Stack Mode (it is no longer operating as a
normal Ethernet port).
N1# show switch stack-ports

Configured Running
Link
Link
Admin
Interface
Stack Mode Stack Mode Status
Speed (Gb/s) Status
--------- ---------- ---------- ------------ ------------ -----------Te1/0/5
Ethernet
Ethernet
Link Up
1
Disabled
Te1/0/6
Ethernet
Ethernet
Link Up
1
Disabled
Te1/0/7
Stack
Stack
Link Up
10
Enabled
Configurating an Ethernet port as a stacking port changes the default configuration of the port.
The port stacking configuration does not show in the running-config. To determine the stacking
configuration of a port, use the show switch stack-ports command.
200
Step 2.10:
On N2, configure Te 1/0/7 to support stacking.
N2# conf
N2(config)# stack
N2(config-stack)# stack-port tengigabitethernet 1/0/7 stack
N2(config-stack)# exit
Step 2.11:
On N2, change the default Unit number from 1 to 2 as shown. This will result in a message
indicating that a system reset is necessary to make the change. Answer y (yes) to initiate the
reboot.
N2(config)# switch 1 renumber 2

All the switches in the stack will be reset to perform manager unit renumbering
and the configuration of manager switch interfaces will be cleared.
Are you sure you want to renumber? (y/n) y
Allow the switch to fully reload before you continue.
Step 2.12:
Once N2 has fully reloaded, you should see the prompt displayed below, indicating that no
configuration is available on Unit 2. Recall that this is the primary advantage of stacking to be
able to manage multipe switches from the management device. Unit 1 (N1) is the management
(master) device, so entering commands on Unit 2 is not necessary (or allowed).
(Unit 1 - Waiting to select management unit)> ** press Enter here **

(Unit 2 - CLI unavailable - please connect to master on Unit 1)>
201
Step 2.13:
Now that you have successfully created a stack with the two switches, on N1, the
Management/Master switch, issue the show switch command and observe the output. You
should see that Unit 1 is the Management Switch and that Unit 2 is a Stack Member with a
Standby status.
N1> show switch

Management
Standby
Preconfig Plugged-in Switch
Code
SW
Status
Status
Model ID
Model ID
Status
Version
--- ---------- --------- ------------- ------------- ------------- ----------1
Mgmt Sw
N4032F
N4032F
OK
6.2.1.6
2
Stack Mbr
Oper Stby
N4032F
N4032F
OK
202
6.2.1.6

Dell Networking Installation and Configuration Course Lab Guide v1b PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Dell Networking Installation and Configuration Course Lab Guide v1b PDF

Загружено:

Авторское право:

Доступные форматы

Dell Networking

Installation and Configuration

DELL NETWORKING INSTALLATION AND CONFIGURATION

Dell Confidential and Proprietary

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Exercise 2: Configure and Verify OSPF in AS 64530 ............................................................ 147

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Lab 1: Lab Equipment Access

For lab equipment access during this course.

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Notify the instructor you have completed Lab 1.

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Lab 2: VLAN Configuration and Verification

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Exercise 1: Preliminary Configuration

N2(config)# interface range tengigabitethernet all

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

N4(config)# interface range gigabitethernet all

N2(config-if)# do show interfaces status

--------- --------------- -----Te1/0/1

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

N2# show running-config interface tengigabitethernet 1/0/4

N2# show vlan

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

N3(config-vlan12)# do show vlan

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

The example is shown on N3. Be sure to also configure N4.

N3(config)# interface gigabitethernet 1/0/1

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

N3(config-if-Gi1/0/2)# do show vlan

N3(config)# interface gigabitethernet 1/0/5

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

N4(config)# interface gigabitethernet 1/0/4

N2(config)# vlan 10,12

N2(config)# interface range tengigabitethernet 1/0/4-5

N3# show vlan

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

N2# show vlan

N3# show interfaces status gigabitethernet 1/0/1

Link Flow M VLAN

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Dell - Restricted - Confidential

DELL NETWORKING INSTALLATION AND CONFIGURATION

Dell - Restricted - Confidential