Alcatel-Lucent Interior Routing Protocols and High Availability Lab Guide
-
Upload
zurgani-alaa -
Category
Documents
-
view
219 -
download
3
description
Transcript of Alcatel-Lucent Interior Routing Protocols and High Availability Lab Guide
Alcatel-Lucent Interior Routing Protocols and High Availability Lab Guide Version 1-2
Software Version: 7750 SR OS 4.0
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
2
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Contents
Lab 1 Initial Lab Topology Configuration................................................7 1.1 — Physical connectivity ...........................................................................................7 1.2 — IP connectivity and IGP configuration...............................................................11
Lab 2 Configuring Static and Default Routes.........................................14 2.1 — Configure static routes on the core and edge routers .........................................14 2.2 — Configure static routes to other pods .................................................................16 2.3 — Configure floating static routes to another pod..................................................17
Lab 3 Configuring RIP..............................................................................19 3.1 — Create a policy and activate RIP ........................................................................19 3.2 — Additional RIP configuration.............................................................................21
Lab 4 Configuring OSPF in a Single Area ..............................................23 4.1 — Implement OSPF in a single area.......................................................................23 4.2 — Broadcast and point-to-point links .....................................................................25 4.3 — Router adjacency study ......................................................................................26
Lab 5 Configuring OSPF for Multiple Areas and Summarization ......28 5.1 — Implement OSPF for a multi-area topology.......................................................28 5.2 — Routes from non-OSPF areas.............................................................................30 5.3 — OSPF stub areas .................................................................................................31 5.4 — OSPF stub areas with no summaries..................................................................32 5.5 — OSPF NSSA.......................................................................................................33 5.6 (Optional) — Configure a virtual link to the edge router .......................................34
Lab 6 Configuring IS-IS for a Single Area..............................................36 6.1 — Activate IS-IS on your core and edge routers ....................................................36 6.2 — IS-IS adjacency study.........................................................................................38 6.3 — Configure IS-IS for multiple areas.....................................................................40 6.4 — Implement route summarization per area...........................................................42
Lab 7 Configuring Access Control Lists..................................................43 7.1 — Implement basic network filtering .....................................................................43 7.2 — Route redistribution............................................................................................45
Answers to Lab Questions....................................................................................48 Lab 1.2 ..........................................................................................................................48 Lab 2.3 ..........................................................................................................................48 Lab 3.2 ..........................................................................................................................48 Lab 4.1 ..........................................................................................................................48 Lab 4.2 ..........................................................................................................................49 Lab 4.3 ..........................................................................................................................49 Lab 5.1 ..........................................................................................................................49 Lab 5.2 ..........................................................................................................................49 Lab 5.3 ..........................................................................................................................49 Lab 5.4 ..........................................................................................................................49 Lab 5.5 ..........................................................................................................................49 Lab 5.6 ..........................................................................................................................50
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
4
Lab 6.1 ..........................................................................................................................50 Lab 6.2 ..........................................................................................................................50 Lab 6.4 ..........................................................................................................................50
Lab Solutions .........................................................................................................51 Lab 1.2 ..........................................................................................................................52 Lab 2.1 ..........................................................................................................................52 Lab 2.3 ..........................................................................................................................53 Lab 3.1 ..........................................................................................................................53 Lab 3.2 ..........................................................................................................................54 Lab 4.1 ..........................................................................................................................55 Lab 5.1 ..........................................................................................................................56 Lab 5.3 ..........................................................................................................................57 Lab 5.4 ..........................................................................................................................57 Lab 5.5 ..........................................................................................................................58 Lab 5.6 ..........................................................................................................................58 Lab 6.2 ..........................................................................................................................60 Lab 6.3 ..........................................................................................................................60 Lab 6.4 ..........................................................................................................................61 Lab 7.1 ..........................................................................................................................61
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
5
Figures
Figure 1-1: Physical connectivity ......................................................................................... 7 Figure 1-2: Internal view of one pod .................................................................................. 11 Figure 2-1: Pod physical connectivity ................................................................................ 14 Figure 2-2: Physical Connectivity ...................................................................................... 16 Figure 2-3: Physical connectivity ....................................................................................... 17 Figure 3-1: RIP routing topology........................................................................................ 19 Figure 4-1: OSPF single area.............................................................................................. 23 Figure 5-1: Multi-area OSPF .............................................................................................. 28 Figure 5-2: OSPF Virtual link............................................................................................. 34 Figure 6-1: IS-IS Single-area network................................................................................ 36 Figure 6-2: IS-IS multiple-area network............................................................................. 40 Figure 7-1: IS-IS multiple-area network............................................................................. 43 Figure 7-2: Route redistribution.......................................................................................... 45
Tables
Table 1-1: Router remote access addresses .......................................................................... 8 Table 1-2: Lab 1 commands ................................................................................................. 8 Table 1-3: Initial router parameters ...................................................................................... 9 Table 1-4: Router system IP addresses ................................................................................. 9 Table 1-5: Core IP addresses .............................................................................................. 10 Table 1-6: IP addressing and Port labels............................................................................. 12 Table 2-1: Lab 2 commands ............................................................................................... 15 Table 2-2: Pod connectivity ................................................................................................ 17 Table 3-1: Lab 3 commands ............................................................................................... 20 Table 4-1: Lab 4 commands ............................................................................................... 24 Table 5-1: Lab 5 commands ............................................................................................... 29 Table 6-1: Lab 6.1 commands list....................................................................................... 37 Table 6-2: Lab 6.2 commands ............................................................................................ 41 Table 7-1: Lab 7 commands ............................................................................................... 44 Table 8-1: Lab verification commands ............................................................................... 51
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
6
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
7
Lab 1 Initial Lab Topology Configuration
1.1 — Physical connectivity
Objective Verify the operation and physical connectivity of the routers, which are connected according to Figure 1-1. Develop an IP addressing plan for the lab topology.
Figure 1-1: Physical connectivity
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4 Edge-Pod3
Edge-Pod2
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
8
Table 1-1: Router remote access addresses
Pod number Router name Connect address
Pod 1 Core Core-Pod1
Edge Edge-Pod1
Pod 2 Core Core-Pod2
Edge Edge-Pod2
Pod 3 Core Core-Pod3
Edge Edge-Pod3
Pod 4 Core Core-Pod4
Edge Edge-Pod4
Syntax The commands required for this exercise are listed in Table 1-2. See Module 1, Basic Network Review, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options.
Table 1-2: Lab 1 commands
Lab 1 configuration commands
telnet
show configure
system name <name>
configure router interface <name> address <address>
configure router interface <name> loopback
configure router interface <name> port <port>
interface <name> interface-type point-to-point
admin save
Exercise 1. Together with your instructor and other class members, develop a consistent IP address plan for
the lab following the guidelines in Tables 1-3 to 1-5. 2. Connect to the routers in your pod using the addresses provided by your instructor. Fill in the
required fields for Table 1-1. The username and password for all devices is “admin”. If you are unable to connect to any of the routers, notify your instructor.
3. Verify that the router has no configuration. Note: If a prior configuration is on your router, you need to remove it before starting this lab. If you are unsure how to accomplish this, ask your instructor.
Verification 1. Determine if you can connect to your routers. 2. Ensure that the router has no residual configuration on it.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
9
Table 1-3: Initial router parameters
Parameter Value
Pod number 1, 2, 3, or 4 (circle your pod number)
System IP address Pod IP address/32 (see Table 1-4 for addresses)
Pod 1 IP addressing range 172.16.0.0/16
Pod 2 IP addressing range 172.17.0.0/16
Pod 3 IP addressing range 172.18.0.0/16
Pod 4 IP addressing range 172.19.0.0/16
Core IP addressing range 172.31.0.0/16 (see Table 1-5 for addresses)
Loopback interfaces of core router Pod IP address/24
Loopback interfaces of edge router Pod IP address/24
Table 1-4: Router system IP addresses
Pod component IP address
Pod 1 core system 172.16.1.1/32
Pod 1 edge system 172.16.254.1/32
Pod 2 core system 172.17.1.1/32
Pod 2 edge system 172.17.254.1/32
Pod 3 core system 172.18.1.1/32
Pod 3 edge system 172.18.254.1/32
Pod 4 core system 172.19.1.1/32
Pod 4 edge system 172.19.254.1/32
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
10
Table 1-5: Core IP addresses
Pod connection IP address
Pod 1 to Pod 2
Pod 1 to Pod 3
Pod 1 to Pod 4
Pod 2 to Pod 1
Pod 2 to Pod 3
Pod 2 to Pod 4
Pod 3 to Pod 1
Pod 3 to Pod 2
Pod 3 to Pod 4
Pod 4 to Pod 1
Pod 4 to Pod 2
Pod 4 to Pod 3
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
11
1.2 — IP connectivity and IGP configuration
Objective Configure the interfaces and IP addressing in your pod.
Figure 1-2: Internal view of one pod
Exercise Configure the routers in your assigned pod, using the address plan developed in Lab 1.1.
1. Name each router, if not already named with the naming convention shown in Figure 1-1. 2. Configure each pod router with a system interface and a minimum of two loopback interfaces. 3. Configure the Ethernet connection between pod routers. 4. Configure IP addresses on all internal interfaces and the Ethernet connections between pods. 5. Make sure that your IP subnetting is consistent.
Verification 1. Verify that all required interfaces are active and operational. 2. On the core router, ensure that you have configured the following interfaces with IP addressing:
• Three core interfaces with an IP address starting with 172.31.X.Y/24 • One system IP address from your pod IP address range
Loopback 1
Loopback 2
System interface
Edge router
Core router
System interface Loopback 1
Loopback 2
Ethernet
To router XX
To router XX
To router XX
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
12
• Two loopback IP addresses from your pod IP address range • One Ethernet IP address that connects to your edge router
3. On the edge router, ensure that you have configured the following interfaces with IP addressing: • One Ethernet IP address that connects to your core router • Two loopback IP addresses from your pod IP address range • One system IP address from your pod IP address range
4. You should be able to ping between the core and edge routers on the physical interface, directly connecting the two together, and between the core routers on the segments that interconnect them.
5. Complete Table 1-6 for your pod. Use this table in the subsequent labs: each interface should be associated with an IP address. This addressing will not vary in future labs, so you need to be familiar with it.
Table 1-6: IP addressing and labels
Router Interface IP address Mask Port number
Core System 255.255.255.255 System
Core Loopback 1 255.255.255.0 Loopback
Core Loopback 2 255.255.255.0 Loopback
Core Ethernet to edge 255.255.255.0
Core To pod: 255.255.255.0
Core To pod: 255.255.255.0
Core To pod: 255.255.255.0
Edge System 255.255.255.255 System
Edge Ethernet to core 255.255.255.0
Edge Loopback 1 255.255.255.0 Loopback
Edge Loopback 2 255.255.255.0 Loopback
Bonus Step If time permits, you may configure additional loopback interfaces on the routers in your pod. Use the next available subnets from your defined range. Questions 1. Which command is used to ensure all ports are active? ___________________________________ 2. Which command can be used to determine the naming convention for the interfaces? _______________________________________________________________________
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
13
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
14
Lab 2 Configuring Static and Default Routes
2.1 — Configure static routes on the core and edge routers
Objective Configure static routes between the core and edge routers. Verify connectivity.
Figure 2-1: Pod physical connectivity
Syntax The commands required for this exercise are listed in Table 2-1. See Module 2, Static Routing and Default Routes, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those from previous courses.
Loopback 1
Loopback 2
System interface
Edge router
Core router
System interface Loopback 1
Loopback 2
Ethernet
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
15
Table 2-1: Lab 2 commands
Lab 2 configuration commands list
telnet
show configure
configure router static-route <remote network /mask> next-hop <next-hop-address> {preference} <value>
configure port 1/1/X shutdown
configure port 1/1/X no shutdown
trace <ip address>
ping <ip address>
admin save
Exercise 1. Configure a default route from the edge router to the core router. 2. Configure an explicit static route from your pod’s core router to the loopback interfaces, and to the
system interface of your edge router. 4. Verify that the core router has the static routes in its routing table. 5. Verify that the edge router has the default route in its routing table.
Verification 1. Ping the core router’s system interface IP address from your edge router. 2. Ping the edge router’s system interface IP address from your core router. 3. Execute a show router route command to view the static routes in your routing table.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
16
2.2 — Configure static routes to other pods
Objective Configure static routes between the core routers to provide direct connectivity between pods. Each core router should have a total of three static routes.
Figure 2-2: Physical connectivity
Exercise Configure static routes between the core routers.
1. Configure summary static routes on your pod’s core router to the core routers of the other pods. 2. Verify that the core router has the static routes listed in its routing table.
Verification 1. From your core router, ping the system interfaces of all other core routers. 2. From your core router, ping the system interfaces of all other pods’ edge routers. 3. From your edge router, ping the system interfaces of all other pods’ edge routers. 4. Execute a show command on your routers to verify the static routes.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
17
2.3 — Configure floating static routes to another pod
Objective Configure floating static routes between the core routers to provide redundant connectivity between the pods, as listed in Table 2-1.
Figure 2-3: Physical connectivity
Table 2-2: Pod connectivity
Pod number: Via pod Remote pod
Pod 1 Core Pod 4 Pod 2 Core
Pod 2 Core Pod 4 Pod 1 Core
Pod 3 Core Pod 1 Pod 4 Core
Pod 4 Core Pod 1 Pod 3 Core
Exercise Configure floating static routes between the core routers.
1. Configure a floating static route from your pod’s core router to access a remote pod, as listed in Table 2-1. Each pod should have a single floating static route.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
18
2. Examine your configuration to ensure that the floating static route is configured.
Verification 1. From your core router, ping the system interfaces of the remote pod’s routers that your floating
static route has been configured for. 2. On your core router, type the show router static-route command and examine the current static
route entries. 3. From your core router, shut down the port to the remote pod that the floating static route has been
configured for. 4. On your core router, retype the show router static-route command and note the differences in the
static route entries. 5. Check your routing table to ensure that the floating static route has replaced the original static
route that you configured to the remote pod. 6. From your core router, ping the system interfaces of the remote pod’s routers that your floating
static route has been configured for. 7. Using the trace command, trace the path being taken to the remote pod. Map and verify the path
being taken. 8. Upon completion, reactivate the port that you shut down in step 3.
Questions
1. Which command was used to configure a static route to your remote peer?
2. How can a floating static route become active?
3. What is the default preference value for a static route?
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
19
Lab 3 Configuring RIP
3.1 — Create a policy and activate RIP
Objective Create a policy and active RIP to advertise the routes in your pod to the other pods.
Figure 3-1: RIP routing topology
Syntax The commands required for Lab 3 are listed in Table 3-1. See Module 3, Routing Information Protocol, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those in previous exercises.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
RIP
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
20
Table 3-1: Lab 3 commands
Lab 3 configuration commands
configure router policy-options
configure router policy-options begin
configure router policy-options policy-statement <name>
configure router policy-options policy-statement entry 10
configure router policy-options policy-statement entry 10 from protocol direct
configure router policy-options policy-statement entry action <accept | next-entry | next-policy | reject>
configure router policy-options commit
configure router rip
configure router rip export <policy-name>
configure router rip group <group-name>
configure router rip send <broadcast | multicast | none | version-1>
configure router group neighbor <ip-int-name>
configure router static-route <remote network /mask> next-hop <next-hop-address> {preference} <value>
admin save
Exercise Configure the router in your assigned pod, using the commands listed in Table 3-1.
1. On the core router, configure a RIP redistribution policy to allow all directly connected networks to be advertised.
2. On the edge router, configure a similar redistribution policy for all directly connected networks. 3. Remove the preexisting static and floating static routes from your routers. 4. Configure RIP to all neighbors.
Verification 1. Examine your configuration to ensure that the policy is correctly configured. 2. Verify the RIP networks that you are advertising to your neighbors by examining your
configuration. 3. On the edge router, ensure that you are receiving RIP updates from your core router. 4. On the core router, ensure that RIP updates are coming from your edge router and from your other
pod neighbors. 5. From your core router, ping the system interfaces of the remote pods. 6. From your edge router, ping the system interfaces of the remote pods. 7. Using the trace command, trace the path being taken to the remote pod. Map and verify the path
being taken. 8. Enter the show router rip and show router route commands to verify operation of RIP on your
routers. 9. How many routes are in your routing table?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
21
3.2 — Additional RIP configuration
Objective Modify RIP parameters on the core and edge routers.
Exercise 1. Examine the RIP configuration within your configuration.
2. Ensure multicast updates are sent instead of broadcast updates.
3. Modify the RIP update timer to 10 seconds.
4. Use the debug-trace command to verify that updates are being sent at approximately 10-second intervals.
5. Change the number of network entries per update packet to 255.
6. Implement RIP password authentication on the edge router but not the core router (use the password “Alcatel”). Check to see the status of the neighbors on both the edge and core.
7. Implement authentication on the core router.
8. Validate the RIP database and the routing table.
Verification 1. Verify the RIP networks that you are advertising to your neighbors by examining your
configuration. 2. On the edge router, ensure that you are receiving RIP updates from your core router. 3. On the core router, ensure that RIP updates are coming from your edge router and from your other
pod neighbors. 4. From your edge router, ping the system interfaces of the remote pods. 5. Use the debug-trace command to verify the interval for updates. 6. Verify the status of RIP neighbors when authentication is set on one neighbor but not the other.
Questions 1. When RIP is used, why must a policy be created? 2. What is the default version of RIP on the 7750 SR? 3. What is the update interval for RIP packets?
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
22
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
23
Lab 4 Configuring OSPF in a Single Area
4.1 — Implement OSPF in a single area
Objective Migrate from the current implementation to that of OSPF in a single area.
Figure 4-1: OSPF single area
Syntax The commands required for Lab 4 are listed in Table 4-1. See Module 5, Open Shortest Path First, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those in previous exercises.
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4 Edge-Pod3
Edge-Pod2
OSPF
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Area 0.0.0.0
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
24
Table 4-1: Lab 4 commands
Lab 4 configuration commands
configure router router-id <ip-address>
configure router ospf
configure router ospf area <area-id>
configure router ospf area interface <ip-int-name>
configure router ospf advertise-subnet
configure router no isis
show router ospf area <area-id> {detail}
show router ospf database
show router ospf interface
show router ospf status
show router ospf neighbor
admin save
Exercise 1. Configure OSPF on the core and edge routers in area 0.0.0.0.
2. Ensure that all interfaces are participating in the OSPF instance.
3. When you have confirmed that OSPF is running and converged, remove RIP from the router.
Verification 1. Verify your routing configuration by examining the OSPF tables on all routers.
2. Ensure that all networks propagate to peers just as they did prior to this lab.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the OSPF show commands to examine the databases for accuracy.
5. How many routes are in your routing table? Questions
1. What is another term for area 0.0.0.0?
2. Which command is used to confirm that OSPF is working correctly?
3. How is cost calculated on an interface by default?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
25
4.2 — Broadcast and point-to-point links
Objective Examine the differences between point-to-point links and broadcast networks in OSPF.
Exercise 1. Examine the LSDB and verify that it contains both type 1 and type 2 LSAs. How are they labeled
in the database?
2. On the edge router, determine which of the two routers is the DR and which is the BDR.
3. On the core router, determine which is the DR and which the BDR on at least two of your inter-pod links. Note this information.
4. Change all links on the core router except the link to the edge router, to point-to-point. Note the state of the adjacency on both the core and edge routers. Check the LSDB to see what type of LSAs it contains.
5. Check your routing table to verify that you have routes to all networks.
6. From the edge router, ping the system interface of the other three edges to verify connectivity.
Verification 1. Verify your routing configuration by examining the OSPF tables on all routers.
2. Ensure that all networks propagate to peers just as they did in the previous lab.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the OSPF show commands to examine the databases for accuracy.
5. How many routes are in your routing table? Questions
1. Which of the two routers in your pod is the DR?
2. Which state are the routers in if the link type does not match?
3. How are the type 1 and type 2 LSAs labeled in the database?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
26
4.3 — Router adjacency study
Objective Examine the packets exchanged as OSPF routers form an adjacency.
Exercise 1. Enable debug-trace to look at OSPF packets on the edge router.
2. Shut down OSPF on the edge router and start it again. Approximately how many packets are exchanged to establish the adjacency?
3. With debug-trace running, turn on authentication on the edge router and watch the packets that are exchanged. Use the password “Alcatel”. Note which packets are being exchanged when authentication fails.
4. Note the state that the edge and the core router are stuck in. Enable authentication on the core router to the edge and verify that the adjacency is formed. Enable authentication on your other interfaces.
5. Verify the routes in the routing table. Verify that you can ping the edge routers in the other pods.
6. Change the link from the edge to the core back to broadcast mode while running debug-trace. Watch to see which router is selected as the DR.
Verification 1. Verify that all the expected adjacencies are formed with authentication.
2. Verify that the expected routes are in the routing table.
3. Using ping, verify connectivity to the other edge routers from your edge router.
Questions
1. Approximately how many packets are required to establish the adjacency?
2. Which packets are being exchanged when authentication fails?
3. Which state are the routers in if the authentication password does not match?
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
27
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
28
Lab 5 Configuring OSPF for Multiple Areas and Summarization
5.1 — Implement OSPF for a multi-area topology
Objective Modify the current single-area OSPF to a multi-area topology.
Figure 5-1: Multi-area OSPF
Syntax The commands required for Lab 5 are listed in Table 5-1. See Module 5, Open Shortest Path First, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those in previous exercises.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
Area
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Area 0.0.0.1 Area 0.0.0.2
Area 0.0.0.3 Area 0.0.0.4
0.0.0.0
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
29
Table 5-1: Lab 5 commands
Lab 5 configuration commands
configure router router-id <ip-address>
configure router ospf
configure router ospf area <area-id>
configure router ospf area interface <ip-int-name>
configure router ospf advertise-subnet
area-range <ip-prefix/mask> {advertise | not-advertise}
show router ospf area <area-id> {detail}
show router ospf database
show router ospf interface
show router ospf status
show router ospf neighbor
admin save
Exercise 1. Examine the LSDB to see what types of LSAs it contains. How many are there?
2. Modify the current OSPF topology from a single area to a multi-area topology, as shown in Figure 5-1.
3. Verify the operation of OSPF.
4. Examine the LSDB to see what types of LSAs are there now. What new types of LSAs are in the database?
Verification: 1. Verify your routing policies by examining the OSPF tables on all routers.
2. Ensure that summary networks propagate to peer core routers, by having a Telnet session with a remote peer and checking its routing table.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the OSPF show commands to examine the databases for accuracy.
5. How many routes are in your routing table?
Questions 1. Which type of router connects more than one area together?
2. Which types of LSAs exist in a multi-area network that are not in a single area OSPF network?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
30
5.2 — Routes from non-OSPF areas
Objective Change the edge router to an ASBR and examine the LSAs that are exchanged throughout the network.
Exercise 1. Examine the LSDB to see what types of LSAs it contains.
2. Remove the loopback interfaces on the edge router from OSPF.
3. Configure the edge router as an ASBR, and create and apply an export policy to export the loopback networks to OSPF.
4. On the core router, verify that the routing table contains routes to your loopback networks.
5. Check the LSDB and note the types of LSAs it contains.
6. Verify the operation of OSPF.
Verification 1. Verify your route policies by examining the OSPF tables on all routers.
2. Verify connectivity by issuing the traceroute and ping commands.
3. Use the OSPF show commands to examine the databases for accuracy.
4. How many routes are in your routing table?
Questions 1. Which type of router connects to non-OSPF routing domains?
2. Which type of LSAs exist in an OSPF network connected to other routing domains that are not in an OSPF-only network?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
31
5.3 — OSPF stub areas
Objective Convert to an OSPF stub area and examine the differences in the routing table.
Exercise 1. Examine the LSDB to see what types of LSAs it contains, and verify the routes in the routing
table.
2. Remove the export policy from your edge router so it is no longer flooding Type 5 LSAs. Convert your area to a stub area.
3. Check the routing table and compare it to the previous version.
4. Examine the LSDB to see what LSAs are being filtered.
5. Verify reachability to the other pods in the network.
Verification 1. Verify connectivity by issuing the traceroute and ping commands.
2. Use the OSPF show commands to examine the databases for accuracy.
3. How many routes are in your routing table?
Questions 1. What changes occur when the network is converted to a stub area?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
32
5.4 — OSPF stub areas with no summaries
Objective Convert to an OSPF totally stubby area and summarize the pod’s networks at the core.
Exercise 1. Examine the LSDB to see what types of LSAs it contains, and verify the routes in the routing
table.
2. Implement summarization on your ABR to advertise your area as a single network entry to the other pods.
3. Verify reachability to the other pods in the network.
4. Examine the size and content of your routing table and LSDB.
5. Use the no summaries command to convert your area to a totally stubby area.
6. Check the routing table and compare it to the previous version.
7. Examine the LSDB to see what LSAs are being filtered.
Verification 1. Verify connectivity by issuing the traceroute and ping commands.
2. Use the OSPF show commands to examine the databases for accuracy.
3. How many routes are in your routing table?
Questions 1. What is the effect on the rest of the network of implementing summarization on your ABR? 2. What changes occur when the stub area is configured with no summaries?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
33
5.5 — OSPF NSSA
Objective Convert to an OSPF NSSA and examine the differences in the routing table.
Exercise 1. Examine the LSDB to see what types of LSAs it contains, and verify the routes in the routing
table.
2. Convert your area to an NSSA. Add a policy on your edge router to export your loopback networks and apply it to export these networks into OSPF.
3. Check the routing table and compare it to the previous version.
4. Examine the LSDB to see what LSAs are there.
5. Verify reachability to the other pods in the network.
6. Use the no summaries command to convert your area to a totally NSSA area. You need to explicitly tell the ABR to advertise a default route into the NSSA area.
7. Check the routing table and compare it to the previous version.
8. Examine the LSDB to see what LSAs are being filtered.
9. Verify reachability to the other pods in the network.
10. Examine the size and content of your routing table and LSDB.
Verification 1. Verify connectivity by issuing the traceroute and ping commands.
2. Use the OSPF show commands to examine the databases for accuracy.
3. How many routes are in your routing table?
Questions 1. What changes occur when the network is converted to an NSSA? 2. What is the effect of the no summaries command on the NSSA?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
34
5.6 (Optional) — Configure a virtual link to the edge router
Objective Create a virtual link to connect a remote OSPF area to the backbone area.
Figure 5-2: OSPF Virtual link
Exercise 1. Configure your loopback interfaces on the edge router to be in area 1.1.1.X, where X is your pod
number.
2. Remove the NSSA configuration.
3. Configure area 0.0.0.0 on the edge router so that the virtual link can operate correctly.
4. Identify the RID of each router (core and edge) by using the show router ospf neighbor command.
5. Implement a virtual link between your core and edge routers.
6. Ensure that network convergence occurs.
Verification 1. Verify your virtual link implementation by examining the OSPF tables on all routers.
Loopback 1
Loopback 2
System interface
Edge router
Core router
System interface Loopback 1
Loopback 2
Ethernet virtual link
Area 0.0.0.1
Area 1.1.1.X
Area 0.0.0.0
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
35
2. Ensure that the core and edge routers maintain OSPF convergence.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the OSPF show commands to examine the databases for accuracy.
Questions 1. Why are there so many more LSAs in the router databases after the virtual link is implemented?
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
36
Lab 6 Configuring IS-IS for a Single Area
6.1 — Activate IS-IS on your core and edge routers
Objective Configure IS-IS on all routers to be in a single area.
Figure 6-1: IS-IS Single-area network
Syntax The commands required for Lab 6 are listed in Table 6-1. See Module 6, Intermediate System-to-Intermediate System, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those in previous exercises.
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
IS-IS
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Area 49.0051
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
37
Table 6-1: Lab 6.1 commands list
Lab 6.1 configuration commands
configure router isis
configure router isis area-id <area-address>
configure router isis interface <ip-int-name>
configure router no rip
show router route
show router isis adjacency
show router isis routes
show router isis interface
show router isis status
admin save
Exercise 1. Configure IS-IS on the core and edge routers in area 49.0051.
2. Ensure all interfaces are participating in the IS-IS instance.
3. When you have confirmed that IS-IS is active and converged, shut down OSPF on the router.
Verification 1. Verify your route policies by examining the IS-IS tables on all routers.
2. Ensure that all networks propagate to peers just as they did prior to this lab.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the IS-IS show commands to examine the databases for accuracy.
5. How many routes are in your routing table?
Questions 1. IS-IS is what type of routing protocol? ______________________________
2. What is the default cost for each link in an IS-IS network? _______________
3. What does “area 49” denote in IS-IS? ________________________________
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
38
6.2 — IS-IS adjacency study
Objective Examine the packets exchanged as IS-IS routers form an adjacency.
Exercise 1. Enable debug-trace to look at IS-IS packets on the edge router.
2. Shut down IS-IS on the edge router and start it again. Note the packets exchanged to establish the adjacency.
3. With debug-trace running, turn on authentication on the edge router and watch the packets that are exchanged. Use the password “Alcatel”. Note which packets are being exchanged when authentication fails.
4. Note the state that the edge and the core router are stuck in. Enable authentication on the core router to the edge and verify that the adjacency is formed. Enable authentication on your other interfaces.
5. Verify the routes in the routing table. Verify that you can ping the edge routers in the other pods.
6. Change your link from the edge to the core to point-to-point mode while running debug-trace. Note which packets are being exchanged when the adjacency fails to form. See what state the edge and core routers are stuck in.
7. Change the other end of the link to point-to-point and note the packets that are exchanged as the adjacency forms.
Verification 1. Verify that all the expected adjacencies are formed with authentication.
2. Verify that the expected routes are in the routing table.
3. Using ping, verify connectivity to the other edge routers from your edge router.
Questions 1. Approximately how many packets are required to establish the adjacency?
2. Draw a time/sequence diagram that shows the packets exchanged to establish an
adjacency.
3. Which packets are being exchanged when authentication fails?
4. Which state are the routers stuck in if the authentication password does not match?
5. Which packets are being exchanged when the adjacency fails because the link types do not match?
6. Which state are the routers stuck in when the link types do not match?
7. Draw a time/sequence diagram that shows the packets exchanged to establish an
adjacency on a point-to-point link.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
39
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
40
6.3 — Configure IS-IS for multiple areas
Objective Optimize the IS-IS routing environment by creating areas for each pod.
Figure 6-2: IS-IS multiple-area network
Syntax The commands required for Lab 6.3 are listed in Table 6-2. See Module 6, Intermediate System to Intermediate System, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those in previous exercises.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
IS-IS
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Area 49.0001 Area 49.0002
Area 49.0003 Area 49.0004
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
41
Table 6-2: Lab 6.2 commands
Lab 6.2 configuration commands
configure router isis
shutdown
no isis
configure router isis area-id <area-address>
configure router isis level-capability <level-1 | level-2 | level-1/2>
configure router isis interface <ip-int-name>
configure router isis interface <ip-name> level-capability level-1
configure router isis summary-address <ip-prefix/mask | ip-prefix {netmask}> level <level>
show router isis adjacency
show router isis routes
show router isis interface
show router isis status
admin save
Exercise 1. Verify IS-IS operation in a single area.
2. Remove the current implementation of IS-IS.
3. Activate IS-IS in the correct area, as shown in Figure 6-2.
i. Implement only the required level of IS-IS, based on the type of router you are configuring (L1, L2, or L1/L2).
ii. Ensure that the links are only running the specific level of IS-IS required and not both L1 and L2 (unless that is required).
Verification 1. Verify your routing policies by examining the IS-IS tables on all routers.
2. Ensure that all networks propagate to peers just as they did prior to this lab.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the show router isis and show router route commands to verify the operation of IS-IS on your routers.
5. How many routes are in your routing table?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
42
6.4 — Implement route summarization per area
Objective Summarize the addresses being advertised from your pod as they are sent to the core routers in the other pods.
Exercise 1. Using the summary-address command, implement summarization on your core routers. 2. Ensure that this summary is only advertised using L2 updates, not L1 updates.
Verification 1. Verify your routing policies by examining the IS-IS tables on all routers.
2. Ensure that the summary networks propagate to the peer core routers.
3. Verify connectivity by issuing the traceroute and ping commands.
4. Use the IS-IS show commands to examine the databases for accuracy.
5. How many routes are in your core and edge routers? Why?
Questions 1. What is the default level that is set on a router?
2. Which level should a router that connects multiple areas be set to?
3. A router that connects to only those routers in its area should be set to which level? (L1,
L2, or L1/L2)?
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
43
Lab 7 Configuring Access Control Lists
7.1 — Implement basic network filtering
Objective Control access to your pod by limiting Telnet from other pods.
Figure 7-1: IS-IS multiple-area network
Syntax The commands required for Lab 7 are listed in Table 7-1. See Module 7, Filters and Policies, for more information. Each command may have additional possible parameters. Use the “?” character for help and to explore all command line options. Other commands may also be used, including those in previous exercises.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
IS-IS
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Area 49.0001 Area 49.0002
Area 49.0003 Area 49.0004
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
44
Table 7-1: Lab 7 commands
Lab 7 configuration commands
configure filter
configure filter ip-filter <number> create
description <name>
default-action <action>
entry 1 create
match src-ip <ip-add>
match protocol <ip protocol>
src-port range <range>
dest-port range <range>
action forward
configure router interface <ip-int-name>
ingress
filter ip <number>
Exercise 1. Ensure that your edge router can telnet to your core router.
2. Have an external pod attempt to telnet to your pod and ensure they can connect.
3. Create a filter to block all external pods from being able to telnet into any router in your pod.
4. Apply the filter to the appropriate interfaces.
Verification 1. Verify that the filter is applied to your router’s interfaces.
2. Verify, using show commands, that the filter is correctly configured.
3. Have an external pod attempt to telnet to your pod. Use the show commands to see if the filter is working.
4. Ensure that your routers can telnet to each other.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
45
7.2 — Route redistribution
Objective Configure multiple routing protocols in the network and then create a redistribution policy, applying it to those protocols to ensure that all networks are learned by all routers.
Figure 7-2: Route redistribution
As shown in Figure 7-2, you will create a separate OSPF area for each edge router and a portion of the core router. The core routers will be interconnected using IS-IS area ID 49.0000. When the core routers see both OSPF and IS-IS routes, you will create a policy to redistribute OSPF into IS-IS and IS-IS into OSFP.
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4
Edge-Pod3
Edge-Pod2
IS-IS
172.18.0.0/16
172.17.0.0/16172.16.0.0/16
172.19.0.0/16
Area 1 Area 2
Area 3 Area 4
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
46
Exercise 1. Remove the IS-IS routing protocol from the edge router. 2. Configure the edge router as an OSPF router. The area number is your pod number, and all interfaces
will be in that area. 3. Remove the current IS-IS area from the core router and enter the new IS-IS area. 4. Configure OSPF on the core router, using the same area number as the edge router. 5. Remove the interface that connects the core to the edge from the IS-IS routing protocol and enter it
into the OSPF routing protocol. 6. Ensure that the IS-IS routing process on the core router has an L1/L2 capability. To redistribute routes
from another routing protocol, IS-IS must have an L2 capability.
7. On the core router, enter into the OSPF routing process and configure the core as an ASBR. As previously discussed, the ASBR is the only OSPF router that can connect to another routing protocol.
NDxxx#>config>router>ospf# asbr ↵ This has prepared the network. 8. Examine the routing table of the core router and ensure that it has learned both OSPF and IS-IS routes. 9. Examine the status of the OSPF portion of the core router and ensure that it has been configured as an
ASBR. 10. Create a route policy, similar to the one created in the RIP lab, that will take routing information from
IS-IS to OSPF and allow OSPF to accept these routes and export them to the other OSPF routers. 11. Create a route policy that will take routing information from OSPF to IS-IS and allow IS-IS to accept
these routes and export them to the other IS-IS routers. 12. Examine the routing table of the edge router and you should see all the networks.
Verification 1. On the core router, verify that there are routes from IS-IS and OSPF in the routing table.
2. On the edge router, verify that all routes are in the routing table.
3. From the edge router, ping the other edge routers to verify connectivity across the network.
Notes
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
47
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
48
Answers to Lab Questions
Lab 1.2 Questions
1. Which command is used to ensure all ports are active? The show port command identifies any and all ports and their operational statuses.
2. Which command can be used to determine the naming convention for the interfaces? The show interface or the show config commands state this information.
Lab 2.3 Questions
1. Which command was used to configure a static route to your remote peer? The configure static route command accomplishes this task.
2. How can a floating static route become active? When the path of lower preference is removed from the routing table, the floating static route takes precedence.
3. What is the default preference value for a static route?
The default preference value for static routes is 5.
Lab 3.2 Questions
1. When RIP is used, why must a policy be created? The router requires the equivalent of a redistribution policy for RIP to advertise directly connected networks. Any route that is dynamically learned will be advertised; however, directly connected networks must be within a policy.
2. What is the default version of RIP on the 7750 SR?
The default version of RIP on the 7750 SR is RIPv2.
3. What is the update interval for RIP packets? The default RIP update interval is every 30 seconds. This can be modified on the router.
Lab 4.1 Questions
1. What is another term for area 0.0.0.0? The backbone area
2. Which command is used to confirm that OSPF is working correctly?
The show router ospf command provides enough information to validate if OSPF is working on the router.
3. How is cost calculated on an interface by default?
The default reference bandwidth is 100 000 000 kb/s over the bandwidth of the interface.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
49
Lab 4.2 Questions
1. Which of the two routers in your pod is the DR? 2. Which state are the routers in if the link type does not match?
3. How are the type 1 and type 2 LSAs labeled in the database?
Lab 4.3 Questions
1. Approximately how many packets are required to establish the adjacency? 2. Which packets are being exchanged when authentication fails?
3. Which state are the routers in if the authentication password does not match?
Lab 5.1 Questions
1. What type of router connects more than one area together? An ABR connects more than one area together.
2. Which types of LSAs exist in a multi-area network that are not in a single area OSPF network?
Lab 5.2 Questions
1. Which type of router connects to non-OSPF routing domains? 2. Which type of LSAs exist in an OSPF network connected to other routing domains that are not in
an OSPF-only network?
Lab 5.3 Question
1. What changes occur when the network is converted to a stub area?
Lab 5.4 Questions
1. What changes occur when the stub area is configured with no summaries?
2. What is the effect on the rest of the network of implementing summarization on your ABR?
Lab 5.5 Questions
1. What changes occur when the network is converted to an NSSA? 2. What is the effect of the now summaries command on the NSSA?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
50
Lab 5.6 Question
1. Why are there so many more LSAs in the router databases after the virtual link is implemented?
Lab 6.1 Questions
1. IS-IS is what type of routing protocol? IS-IS is a link-state routing protocol.
2. What is the default cost for each link in an IS-IS network? The default cost for each network segment is 10.
3. What does “area 49” denote in IS-IS?
Area 49 denotes that a locally administered area addressing scheme is in use, not one allocated by a government authority. This is the most common implementation in IS-IS.
Lab 6.2 Questions
1. Approximately how many packets are required to establish the adjacency? 2. Draw a time/sequence diagram that shows the packets exchanged to establish an adjacency.
3. Which packets are being exchanged when authentication fails?
4. Which state are the routers stick in if the authentication password does not match?
5. Which packets are being exchanged when the adjacency fails because the link types do not match?
6. Which state are the routers stuck in when the link types do not match?
7. Draw a time/sequence diagram that shows the packets exchanged to establish an adjacency on a
point-to-point link.
Lab 6.4
Questions 1. What is the default level that is set on a router?
The default level of a route is L1/L2.
2. Which level should a router that connects multiple areas be set to? A router that only connects between other areas should be set to L2.
3. A router that connects to only those routers in its area should be set to which level (L1, L2, or
L1/L2? A router that connects to only routers in its own area should be configured as an L1 router.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
51
Lab Solutions The configurations on the following pages are sample solutions for Pod 1. Other solutions are possible.
Verification commands: Use the commands in Table 8-1 for verification of the lab exercises. Use the subcommands for more detailed information. Other commands may also be used. Refer to your courseware for more information.
Table 8-1: Lab verification commands
Command Results
show config Shows the router configuration
show router route Shows the routing table
configure router# info Provides information about the configuration of your router
show router rip Provides information about the RIP environment
show router isis Provides information about the IS-IS process
show route ospf Provides information about the OSPF protocol attributes
show router vrrp Shows the VRRP process
show router vrrp instance interface XXX Provides VRRP information about a specific interface
show cflowd Provides information about the cflowd operation
show filter Shows the status of the filter you created
trace Traces the path being taken
ping Sends ICMP echo packets
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
52
Lab 1.2 Configure IP addressing and define the interfaces on your pod’s routers:
Core-Pod1>config>router# interface system address 172.16.1.1/32
Core-Pod1>config>router# interface C-E address 172.16.4.1/24
Core-Pod1>config>router# interface C-E port 1/1/3
Core-Pod1>config>router# interface C1-C2 address 172.31.1.1/24
Core-Pod1>config>router# interface C1-C2 port 1/1/2
Core-Pod1>config>router# interface C1-C3 address 172.31.2.1/24
Core-Pod1>config>router# interface C1-C3 port 1/1/1
Core-Pod1>config>router# interface C1-C4 address 172.31.3.1/24
Core-Pod1>config>router# interface C1-C4 port 1/1/4
Core-Pod1>config>router# interface CL-1 address 172.16.2.1/32
Core-Pod1>config>router# interface CL-2 address 172.16.3.1/32
Core-Pod1>config>router# interface CL-1 loop
Core-Pod1>config>router# interface CL-2 loop
Core-Pod1>config>router#
Edge-Pod1>config>router# interface system address 172.16.8.1/32
Edge-Pod1>config>router# interface E-C address 172.16.4.2/24
Edge-Pod1>config>router# interface E-C port 1/1/1
Edge-Pod1>config>router# interface EL-1 address 172.16.9.1/32
Edge-Pod1>config>router# interface EL-2 address 172.16.10.1/32
Edge-Pod1>config>router# interface EL-1 loop
Edge-Pod1>config>router# interface EL-2 loop
Edge-Pod1>config>router#
Lab 2.1 Configure a default static route on the edge router: Edge-Pod1# configure router static 0.0.0.0/0 next-hop 172.16.4.1
Configure static routes to all remote locations on the Core router:
Core-Pod1# configure router static-route 172.16.9.0/24 next-hop 172.16.4.2
Core-Pod1# configure router static-route 172.16.10.0/24 next-hop 172.16.4.2
Core-Pod1# configure router static-route 172.16.8.1/32 next-hop 172.16.4.2
Core-Pod1# configure router static-route 172.17.0.0/16 next-hop 172.31.1.2
Core-Pod1# configure router static-route 172.19.0.0/16 next-hop 172.31.3.2
Core-Pod1# configure router static-route 172.18.0.0/16 next-hop 172.31.2.2
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
53
Lab 2.3 Configure floating static routes and test them by shutting down the primary path. When completed, activate the primary path:
Core-Pod1# configure router static-route 172.17.0.0/16 next-hop 172.31.3.2 preference 100
The following commands are required for testing the floating static route:
Core-Pod1# configure port 1/1/2 shut
Core-Pod1# configure port 1/1/2 no shut
Lab 3.1 Configure the routers to run RIP: Core-Pod1# configure router policy-options
Core-Pod1>config>router>policy-options# begin
Core-Pod1>config>router>policy-options# policy-statement RIP
Core-Pod1>config>router>policy-options>policy-statement$ entry 10
Core-Pod1>config>router>policy-options>policy-statement>entry# from protocol direct
Core-Pod1>config>router>policy-options>policy-statement>entry# action accept
Core-Pod1>config>router>policy-options>policy-statement>entry>action# exit
Core-Pod1>config>router>policy-options>policy-statement>entry# exit
Core-Pod1>config>router>policy-options>policy-statement# exit
Core-Pod1>config>router>policy-options# commit
Edge-Pod1# configure router policy-options begin
Edge-Pod1# configure router policy-options policy-statement RIP
Edge-Pod1>config>router>policy-options>policy-statement$ entry 10
Edge-Pod1>config>router>policy-options>policy-statement>entry$ from protocol direct
Edge-Pod1>config>router>policy-options>policy-statement>entry# action accept
Edge-Pod1>config>router>policy-options>policy-statement>entry>action# exit
Edge-Pod1>config>router>policy-options>policy-statement>entry# exit
Edge-Pod1>config>router>policy-options>policy-statement# exit
Edge-Pod1# configure router policy-options commit
Edge-Pod1#
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
54
Activate RIP on the core and edge routers. Remove all static routes when RIP is active:
Edge-Pod1# configure router rip
Edge-Pod1>config>router>rip$ export "RIP"
Edge-Pod1>config>router>rip$ group "IGP"
Edge-Pod1>config>router>rip>group$ neighbor E1-C1
Edge-Pod1>config>router# no static-route 0.0.0.0/0 next-hop 172.16.4.1
Core-Pod1# configure router rip
Core-Pod1>config>router>rip$ export "RIP"
Core-Pod1>config>router>rip$ group "IGP"
Core-Pod1>config>router>rip>group$ neighbor C1-C2
Core-Pod1>config>router>rip>group$ neighbor C1-C3
Core-Pod1>config>router>rip>group$ neighbor C1-C4
Core-Pod1>config>router>rip>group$ neighbor C-E
Core-Pod1>config>router# no static-route 172.16.8.1/32 next-hop 172.16.4.2
Core-Pod1>config>router# no static-route 172.16.9.0/24 next-hop 172.16.4.2
Core-Pod1>config>router# no static-route 172.16.10.0/24 next-hop 172.16.4.2
Core-Pod1>config>router# no static-route 172.17.0.0/16 next-hop 172.31.1.2
Core-Pod1>config>router# no static-route 172.17.0.0/16 next-hop 172.31.3.2 preference 100
Core-Pod1>config>router# no static-route 172.18.0.0/16 next-hop 172.31.2.2
Core-Pod1>config>router# no static-route 172.19.0.0/16 next-hop 172.31.3.2
There should be a total of 34 routes in a fully configured Lab topology.
Lab 3.2 Configure RIPv2 on the core and edge routers: Core-Pod1# configure router rip group IGP
Core-Pod1>config>router>rip>group# send multicast
Core-Pod1>config>router>rip>group# message-size 255
Core-Pod1>config>router>rip>group# timers 20 90 60
Core-Pod1>config>router>rip>group# authentication-type password
Core-Pod1>config>router>rip>group# authentication-key Alcatel
Edge-Pod1# configure router rip group IGP
Edge-Pod1>config>router>rip>group# send multicast
Edge-Pod1>config>router>rip>group# message-size 255
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
55
Edge-Pod1>config>router>rip>group# timers 20 90 60
Edge-Pod1>config>router>rip>group# authentication-type password
Edge-Pod1>config>router>rip>group# authentication-key Alcatel
The core router, with all pods operating correctly, will have 34 routes in its routing table.
>config>router# interface CL-2 address 172.16.3.1/32
Lab 4.1 Configure OSPF on your pod routers, and disable IS-IS:
Configure OSPF Edge-Pod1>config>router# ospf
Edge-Pod1>config>router>ospf$ area 0.0.0.0
Edge-Pod1>config>router>ospf>area$ interface E1-C1
Edge-Pod1>config>router>ospf>area>if$ exit
Edge-Pod1>config>router>ospf>area# interface EL-1
Edge-Pod1>config>router>ospf>area>if$ exit
Edge-Pod1>config>router>ospf>area# interface EL-2
Edge-Pod1>config>router>ospf>area>if$ exit
Edge-Pod1>config>router>ospf>area# interface system
Edge-Pod1>config>router>ospf>area>if$ exit
Edge-Pod1>config>router>ospf>area#
Core-Pod1>config>router# ospf
Core-Pod1>config>router>ospf$ area 0.0.0.0
Core-Pod1>config>router>ospf>area$ interface C-E
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface C1-C2
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface C1-C3
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface C1-C4
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface CL-1
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface CL-2
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface system
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
56
Core-Pod1>config>router>ospf>area>if$
Disable IS-IS Core-Pod1# configure router
Core-Pod1>config>router# isis
Core-Pod1>config>router>isis# shut
Core-Pod1>config>router>isis# exit
Core-Pod1>config>router# no isis
Edge-Pod1# configure router
Edge-Pod1>config>router# isis
Edge-Pod1>config>router>isis# shut
Edge-Pod1>config>router>isis# exit
Edge-Pod1>config>router# no isis
When complete, all routers should see a total of 34 routes.
Lab 5.1 Change to an OSPF multiple-area topology, and implement summarization:
Modify the core router Core-Pod1>config>router# ospf
Core-Pod1>config>router>ospf# area 0.0.0.0
Core-Pod1>config>router>ospf>area# interface "C1-C2"
Core-Pod1>config>router>ospf>area>if# exit
Core-Pod1>config>router>ospf>area# interface "C1-C3"
Core-Pod1>config>router>ospf>area>if# exit
Core-Pod1>config>router>ospf>area# interface "C1-C4"
Core-Pod1>config>router>ospf>area>if# exit
Core-Pod1>config>router>ospf>area# exit
Core-Pod1>config>router>ospf# area 0.0.0.1
Core-Pod1>config>router>ospf>area$ interface "system"
Core-Pod1>config>router>ospf>area>if$ exit
Core-Pod1>config>router>ospf>area# interface "CL-1"
Core-Pod1>config>router>ospf>area>if# exit
Core-Pod1>config>router>ospf>area# interface "CL-2"
Core-Pod1>config>router>ospf>area>if# exit
Core-Pod1>config>router>ospf>area# interface "C-E"
Core-Pod1>config>router>ospf>area>if# exit
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
57
Modify the edge router Edge-Pod1>config>router# ospf
Edge-Pod1>config>router>ospf# area 0.0.0.1
Edge-Pod1>config>router>ospf>area$ interface "E1-C1"
Edge-Pod1>config>router>ospf>area>if$ exit
Edge-Pod1>config>router>ospf>area# interface "system"
Edge-Pod1>config>router>ospf>area>if# exit
Edge-Pod1>config>router>ospf>area# interface "EL-1"
Edge-Pod1>config>router>ospf>area>if# exit
Edge-Pod1>config>router>ospf>area# interface "EL-2"
Edge-Pod1>config>router>ospf>area>if# exit
Lab 5.3 Configure your area as a stub and then an enhanced stub configuration: Edge-Pod1# configure router ospf
Edge-Pod1>config>router>ospf# area 0.0.0.1
Edge-Pod1>config>router>ospf>area# stub
Edge-Pod1>config>router>ospf>area>stub#
Core-Pod1# configure router ospf
Core-Pod1>config>router>ospf# area 0.0.0.1
Core-Pod1>config>router>ospf>area# stub
Lab 5.4 Configure your area as a stub with no summaries and with network summarization:
Core-Pod1>config>router>ospf>area# stub no summaries
Core-Pod1>config>router>ospf>area# stub default-metric 5
Summarize the areas Core-Pod1# configure router ospf
Core-Pod1>config>router>ospf# area 0.0.0.0
Core-Pod1>config>router>ospf>area# area-range 172.31.0.0/16
Core-Pod1>config>router>ospf>area# exit
Core-Pod1>config>router>ospf# area 0.0.0.1
Core-Pod1>config>router>ospf>area# area-range 172.16.0.0/16
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
58
Lab 5.5 Change to an NSSA and subsequently to an enhanced NSSA configuration:
Edge-Pod1# configure router ospf
Edge-Pod1>config>router>ospf# area 0.0.0.1
Edge-Pod1>config>router>ospf>area# nssa
Edge-Pod1>config>router>ospf>area>nssa#
Core-Pod1>config>router# ospf
Core-Pod1>config>router>ospf# area 0.0.0.1
Core-Pod1>config>router>ospf>area# nssa
When complete, the core router should reflect 17 routes and the edge router should reflect 12 routes.
Core-Pod1>config>router>ospf>area# nssa no summaries
Core-Pod1>config>router>ospf>area# nssa originate-default-route
When complete, the core router should reflect 17 routes and the edge router should reflect 8 routes.
Lab 5.6 Remove NSSA and configure a virtual link:
Core-Pod1>config>router# ospf
Core-Pod1>config>router>ospf# area 0.0.0.1
Core-Pod1>config>router>ospf>area# no nssa
Core-Pod1>config>router>ospf>area# virtual-link 172.16.8.1 transit-area 0.0.0.1
Edge-Pod1# configure router ospf
Edge-Pod1>config>router>ospf# area 0.0.0.1
Edge-Pod1>config>router>ospf>area# no nssa
Edge-Pod1>config>router>ospf# area 1.1.1.1
Edge-Pod1>config>router>ospf>area# interface "EL-1"
Edge-Pod1>config>router>ospf>area>if# exit
Edge-Pod1>config>router>ospf>area# interface "EL-2"
Edge-Pod1>config>router>ospf>area>if# exit
Edge-Pod1>config>router>ospf# area 0.0.0.0
Edge-Pod1>config>router>ospf>area$ virtual-link 172.16.1.1 transit-area 0.0.0.1
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
59
Lab 6.1 Configure IS-IS for a single area:
Core-Pod1# configure router isis
Core-Pod1>config>router>isis$ area-id 49.0051
Core-Pod1>config>router>isis# interface C-E
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C1-C2
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C1-C3
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C1-C4
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface CL-1
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface CL-2
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# exit
Core-Pod1>config>router# rip
Core-Pod1>config>router>rip# shutdown
Core-Pod1>config>router>rip# exit
Core-Pod1>config>router# no rip
Edge-Pod1>config>router# isis
Edge-Pod1>config>router>isis$ area-id 49.0051
Edge-Pod1>config>router>isis$ interface E1-C1
Edge-Pod1>config>router>isis>if$ exit
Edge-Pod1>config>router>isis# interface EL-1
Edge-Pod1>config>router>isis>if# exit
Edge-Pod1>config>router>isis# interface EL-2
Edge-Pod1>config>router>isis>if# exit
Edge-Pod1>config>router>isis# interface system
Edge-Pod1>config>router>isis>if# exit
Core-Pod1>config>router# rip
Core-Pod1>config>router>rip# shutdown
Core-Pod1>config>router>rip# exit
Core-Pod1>config>router# no rip
With all pods operating correctly, there should be 34 routes on all routers.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
60
Lab 6.2 Implement authentication for IS-IS updates:
Core-Pod1>config>router>isis# authentication-type message-digest
Core-Pod1>config>router>isis# authentication-key Alcatel
Edge-Pod1>config>router>isis# authentication-type message-digest
Edge-Pod1>config>router>isis# authentication-key Alcatel
Lab 6.3 Migrate to a multiple-area IS-IS configuration:
Core-Pod1>config>router# isis
Core-Pod1>config>router>isis# shut
Core-Pod1>config>router>isis# exit
Core-Pod1>config>router# no isis
Core-Pod1# configure router isis
Core-Pod1>config>router>isis# area-id 40.0001
Core-Pod1>config>router>isis# interface system
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface CL-1
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface CL-2
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C-E
Core-Pod1>config>router>isis>if# level-capability level-1
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C1-C2
Core-Pod1>config>router>isis>if# level-capability level-2
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C1-C3
Core-Pod1>config>router>isis>if# level-capability level-2
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis# interface C1-C4
Core-Pod1>config>router>isis>if# level-capability level-2
Core-Pod1>config>router>isis>if# exit
Core-Pod1>config>router>isis#
Edge-Pod1>config>router# isis
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
61
Edge-Pod1>config>router>isis# shut
Edge-Pod1>config>router>isis# exit
Edge-Pod1>config>router# no isis
Edge-Pod1>config>router# isis
Edge-Pod1>config>router>isis$ area-id 49.0001
Edge-Pod1>config>router>isis$ level-capability level-1
Edge-Pod1>config>router>isis$ interface E1-C1
Edge-Pod1>config>router>isis>if$ exit
Edge-Pod1>config>router>isis# interface EL-1
Edge-Pod1>config>router>isis>if# exit
Edge-Pod1>config>router>isis# interface EL-2
Edge-Pod1>config>router>isis>if# exit
Edge-Pod1>config>router>isis# interface system
Edge-Pod1>config>router>isis>if# exit
Edge-Pod1>config>router>isis# interface E1-C1
Edge-Pod1>config>router>isis>if# level-capability level-1
Lab 6.4 Configure summary advertisements on the core router for your pod area: Core-Pod1>config>router>isis# summary-address 172.16.0.0/16 level-2
Core-Pod1>config>router>isis# exit
If correctly accomplished, there should be a total of 17 networks in your core router’s routing table and 8 networks in your edge router’s routing table.
Lab 7.1 Implement access control lists on your core and edge routers:
Core-Pod1# configure filter
Core-Pod1>config>filter# ip-filter 1 create
Core-Pod1>config>filter>ip-filter$ description telnet-block
Core-Pod1>config>filter>ip-filter$ default-action forward
Core-Pod1>config>filter>ip-filter$ entry 1 create
Core-Pod1>config>filter>ip-filter>entry$ match dst-ip 172.16.0.0/16
Core-Pod1>config>filter>ip-filter>entry$ match protocol tcp
Core-Pod1>config>filter>ip-filter>entry>match$ dst-port eq 23
Core-Pod1>config>filter>ip-filter>entry>match$ exit
Core-Pod1>config>filter>ip-filter>entry# action drop
Core-Pod1>config>filter>ip-filter>entry# ^z
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
62
Core-Pod1# configure router
Core-Pod1>config>router# interface C1-C2
Core-Pod1>config>router>if# ingress
Core-Pod1>config>router>if>ingress# filter ip 1
Core-Pod1>config>router>if>ingress# exit
Core-Pod1>config>router>if# exit
Core-Pod1>config>router# interface C1-C3
Core-Pod1>config>router>if# ingress filter ip 1
Core-Pod1>config>router>if# exit
Core-Pod1>config>router# interface C1-C4
Core-Pod1>config>router>if# ingress filter ip 1
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
63
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
64
http: / /www.alcatel-lucent.com
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute