Guia de Laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking

Advanced Enterprise Networking Technical Labs
Lab1: Layer 3 Switching

LAB1: LAYER 3 SWITCHING........................................................................................................... - 1 -
1.1 OVERVIEW .................................................................................................................................................................................... - 1 -
1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -
1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 3 -
1.4 EQUIPMENT .................................................................................................................................................................................. - 4 -
1.5 LAB PURPOSE ................................................................................................................................................................................ - 5 -
1.6 PROCEDURES ................................................................................................................................................................................ - 5 -
Mission1 Configure basic IP configuration on the Chassis Switches ...................................................................................... - 5 -
Mission2 Configure VLANs and OSPF on the Chassis Switches............................................................................................. - 6 -
Mission3 Configure Access Switches ....................................................................................................................................... - 9 -
Mission4 Configure VRRP ......................................................................................................................................................- 11 -
Mission5 Types of VLANs ...................................................................................................................................................... - 12 -
Mission6 Prep for Network Management .............................................................................................................................. - 13 -
1.1 Overview
In this lab exercise, you will:
Configure Layer 3 connectivity on all chassis and Access Switches
Understand the basic operation of Layer 3 and Comware
-1-
1.2 Networking Diagram
Figure 1-1
Figure 1-2
-2-
1.3 IP Addressing Scheme

Device
POD#1
Chassis #1
Chassis #2
58x0 #1
58x0 #2
PC 1
PC 2
IMC Server
POD#2
Chassis #1
Chassis #2
58x0 #1
58x0 #2
PC 1
PC 2
IMC Server
POD#3
Chassis #1
Chassis #2
58x0 #1
58x0 #2
PC 1
PC 2
IMC Server
Interface
IP Address
Loopback 0
Vlan 99
Vlan 31
Vlan 10
Vlan 11
Loopback 0
Vlan 99
Vlan 12
Vlan 10
Vlan 11
Vlan 10
Vlan 10
Plugged into VLAN x
Plugged into VLAN x
Plugged into VLAN 10
1.1.1.1/32
10.10.1.1/24
10.10.31.1/24
10.1.10.1/24
10.1.11.1/24
1.1.1.2/32
10.10.1.2/24
10.10.12.2/24
10.1.10.2/24
10.1.11.2/24
10.1.10.10/24
10.1.10.11/24
10.1.x.100/24 Gateway 10.1.x.254
10.1.x.101/24 Gateway 10.1.x.254
10.1.10.200
Loopback 0
Vlan 99
Vlan 12
Vlan 10
Vlan 11
Loopback 0
Vlan 99
Vlan 23
Vlan 10
Vlan 11
Vlan 10
Vlan 10
Plugged into VLAN x
Plugged into VLAN x
2.2.2.1/32
10.10.2.1/24
10.10.12.1/24
10.2.10.1/24
10.2.11.1/24
2.2.2.2/32
10.10.2.2/24
10.10.23.2/24
10.2.10.2/24
10.2.11.2/24
10.2.10.10/24
10.2.10.11/24
10.2.x.100/24 Gateway 10.2.x.254
10.2.x.101/24 Gateway 10.2.x.254
10.2.10.200
Loopback 0
Vlan 99
Vlan 23
Vlan 10
Vlan 11
Loopback 0
Vlan 99
Vlan 31
Vlan 10
Vlan 11
Vlan 10
Vlan 10
Plugged into VLAN x
Plugged into VLAN x
3.3.3.1/32
10.10.3.1/24
10.10.23.1/24
10.3.10.1/24
10.3.11.1/24
3.3.3.2/32
10.10.3.2/24
10.10.31.2/24
10.3.10.2/24
10.3.11.2/24
10.3.10.10/24
10.3.10.11/24
10.3.x.100/24 Gateway 10.3.x.254
10.3.x.101/24 Gateway 10.3.x.254
10.3.10.200
-3-
1.4 Equipment
Version
No.
Description
S750xE
5.20 E6605P01
At least 3 slot chassis
S9500E
5.20 R1230
At Least 5 Slot Chassis
S12508E
5.20 R1230

any MPLS capable
SD, EB or LEC Modules
3
module
Requirement is ability to
S5800/S5820x
5.20 R11109P01
2
build IRF 2 stack
Client
Client for test
Note that the cards and versions may not be exactly the same as your lab environment. When that is the case,
please adjust the parameters to fit your lab.
Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to
fulfill the labs.
-4-
1.5 Lab purpose

Configure Layer 3 switching, and related features, on the provided network.
1.6 Procedures
Mission1Configure basic IP configuration on the Chassis Switches
Step1Login to the Chassis switch through the serial port
Step2Ensure that all switches are running the same software version
[PODxx]display version
Step3Ensure that all switches have no active configurations
<H3C>system
[PODxx]reset saved-configuration
[PODxx]quit
<PODxx>reboot
<H3C>system
[H3C]sysname PODxxC1
(xx = POD: 00, 01, 02, 03 and C1 becomes C2 for Chassis #2)
Step4Configure telnet for this switch.
[PODxxC1]local-user admin
[PODxxC1]password simple admin
[PODxxC1]authorization-attribute level 3
[PODxxC1]service-type terminal telnet
[PODxxC1]quit
[PODxxC1]user-interface vty 0 4
[PODxxC1]authentication-mode scheme
[PODxxC1]quit
[PODxxC1]telnet server enable
Step5Save the configuration and set as the startup config on all swiches:
[PODxxC1]quit
<PODxxC1>save l3.cfg
<PODxxC1>startup saved-configuration l3.cfg
Repeat for Chassis #2
-5-
Mission2Configure VLANs and OSPF on the Chassis Switches

Step1login to the switch through the serial port
Step2Configure VLAN Interfaces for Chassis 1:
Configure Chassis #1 to Chassis #2 Connection VLAN 99 and IP Address
<H3C>system
[PODxxC1]vlan 99
[PODxxC1]port Ten-GigabitEthernet2/0/1
[PODxxC1-vlan102]quit
[PODxxC1]interface vlan-interface 99
[PODxxC1-Vlan-interface99]ip address 10.10.x.1 24
(where x is the POD number)
[PODxxC1-Vlan-interface99]quit
Configure Pod-to-Pod VLAN where:
- yy=12 for connection from Pod #1 to Pod #2
[PODxxC1]vlan yy
[PODxxC1]port GigabitEthernet3/0/1
[PODxxC1]interface vlan-interface yy
[PODxxC1-Vlan-interface12]ip address 10.10.yy.1 24
Create VLAN 10 and assign IP address
[PODxxC1]vlan 10
[PODxxC1-Vlan-interface100]ip address 10.x.10.1 24
[PODxxC1]vlan 11
Configure uplink ports from access switches to Chassis as trunk ports and allow local VLANs:
[PODxxC1]interface Ten-GigabitEthernet 2/0/2
[PODxxC1-GigabitEthernet1/0/24]port link-type trunk
[PODxxC1-GigabitEthernet1/0/24]port trunk permit vlan 10 11
[PODxxC1-GigabitEthernet1/0/24]quit
Step3Configure OSPF for Chassis 1:
[PODxxC1]interface loopback 0
[PODxxC1-LoopBack0]ip address x.x.x.1 32 (where x is the POD number)
[PODxxC1-LoopBack0]quit
Enable OSPF on Chassis #1
[PODxxC1]ospf
[PODxxC1-ospf-1]area 0
[PODxxC1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
[PODxxC1-ospf-1-area-0.0.0.0]network x.x.x.1 0.0.0.0
[PODxxC1-ospf-1-area-0.0.0.0]quit
-6-
[PODxxC1-ospf-1]opaque-capability enable
[PODxxC1-ospf-1]graceful-restart ietf
[PODxxC1-ospf-1]quit
Step4Save the configuration and set as the startup config on all switches
[PODxxC1]quit
Step5Configure VLAN Interfaces for Chassis #2
Configure Chassis #2 to Chassis #1 Connection VLAN 99 and IP Address
<PODxxC2>system
[PODxxC2]vlan 99
[PODxxC2]port Ten-GigabitEthernet2/0/1
[PODxxC2-Vlan-interface99]ip address 10.10.x.2 24
Configure Pod-to-Pod VLAN
[PODxxC2]vlan yy
[PODxxC2]port GigabitEthernet3/0/1
[PODxxC2-vlanyy]quit
[PODxxC2]interface vlan-interface yy
[PODxxC2-Vlan-interfaceyy]ip address 10.10.yy.2 24
[PODxxC2-Vlan-interfaceyy]quit
(Where yy is the Pod-to-Pod VLAN from the table/diagram above)

[PODxxC2]vlan 10
[PODxxC2]vlan 11
Configure uplink ports from access switches to Chassis as trunk ports and allow local VLANs:
[PODxxC2]interface Ten-GigabitEthernet 2/0/2
[PODxxC2-GigabitEthernet1/0/2]port link-type trunk
[PODxxC2-GigabitEthernet1/0/2]port trunk permit vlan 10 11
[PODxxC2-GigabitEthernet1/0/2]quit
Configure OSPF for switch Chassis Switch 2:

[PODxxC2]interface loopback 0
[PODxxC2-LoopBack0]ip address x.x.x.2 32 (where x is the POD number)
[PODxxC2-LoopBack0]quit
Enable OSPF on Chassis #2
[PODxxC2]ospf
[PODxxC2-ospf-1]area 0
[PODxxC2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
[PODxxC2-ospf-1-area-0.0.0.0]network x.x.x.2 0.0.0.0
-7-
[PODxxC2-ospf-1]opaque-capability enable
[PODxxC2-ospf-1]graceful-restart ietf
[PODxxC2-ospf-1]quit
[PODxxC2]quit
Before continuing with the lab, ensure that you have a fully operational OSPF environment. Verify the adjacencies
and routing tables and verify whether you are able to ping all the loopback addresses.
[PODxxC1]display ospf peer verbose
[PODxxC1]disp ip routing-table
-8-
Mission3Configure Access Switches

Step1Login to the Access switch #1 through the serial port
[PODxx]quit
<PODxx>reboot
<H3C>system
[H3C]sysname PODxxA1
(xx = POD: 00, 01, 02, 03 and A1 becomes A2 for Switch #2, etc)
[PODxxA1]local-user admin
[PODxxA1]password simple admin
[PODxxA1]authorization-attribute level 3
[PODxxA1]service-type terminal telnet
[PODxxA1]quit
[PODxxA1]user-interface vty 0 4
[PODxxA1]authentication-mode scheme
[PODxxA1]quit
[PODxxA1]telnet server enable
[PODxxA1]quit
<PODxxA1>save l3.cfg
<PODxxA1>startup saved-configuration l3.cfg
Step6Configure IP Address for Access Switches :

Configure Access #1 Switch IP Address for VLAN 10
[PODxxA1]vlan 10
[PODxxA1-vlan10]quit
[PODxxA1]interface vlan-interface 10
[PODxxA1-Vlan-interface10]ip address 10.x.10.10 24
[PODxxA1-Vlan-interface10]quit
Create VLAN 11
[PODxxC1]vlan 11
Step7Configure uplink ports from access switch #1 to Chassis as a trunk port and allow local VLANs:
[PODxxA1]interface Ten-GigabitEthernet 1/0/25 (Or 1/0/1 or the S5820x-28S)
[PODxxA1-GigabitEthernet1/0/25]port link-type trunk
[PODxxA1-GigabitEthernet1/0/25]port trunk permit vlan 10 11
[PODxxA1-GigabitEthernet1/0/25]quit
Configure link between Access switches and allow local VLANs
[PODxxA1]interface Ten-GigabitEthernet 1/0/28 (Or 1/0/24 on the S5820x-28S)
[PODxxA1-TenGigabitEthernet1/0/28]port link-type trunk
[PODxxA1-TenGigabitEthernet1/0/28]port trunk permit vlan 10 11
[PODxxA1-TenGigabitEthernet1/0/28]quit
-9-
Step8Place GigabitEthernet 1/0/1 on VLAN 10

[PODxxA1]interface GigabitEthernet 1/0/1
[PODxxA1-GigabitEthernet1/0/1]port access vlan 10
Step9Configure Default Gateway on Access Switch #1
[PODxxA1]ip route-static 0.0.0.0 0.0.0.0 10.x.10.254
[PODxxA1]quit
Step11Configure Access #2 Switch IP Address for VLAN 10

[PODxxA2]vlan 10
[PODxxA2]interface vlan-interface 10
[PODxxA2-Vlan-interface10]ip address 10.x.10.11 24
[PODxxA2-Vlan-interface10]quit
Create VLAN 11
[PODxxA2]vlan 11
Step12Configure uplink ports from access switch #2 to Chassis #2 as a trunk port and allow local VLANs:
[PODxxA2]interface Ten-GigabitEthernet 1/0/25 (Or 1/0/1 for the S5820x-28S)
[PODxxA2-GigabitEthernet1/0/25]port link-type trunk
[PODxxA2-GigabitEthernet1/0/25]port trunk permit vlan 10 11
Configure link between Access switches and allow local VLANs
[PODxxA2]interface Ten-GigabitEthernet 1/0/28 (Or 1/0/24 for the S5820x-28S)
[PODxxA2-TenGigabitEthernet1/0/28]port link-type trunk
[PODxxA2-TenGigabitEthernet1/0/28]port trunk permit vlan 10 11
[PODxxA2-TenGigabitEthernet1/0/28]quit
Step13Place GigabitEthernet 1/0/1 on VLAN 10
[PODxxA2]interface GigabitEthernet 1/0/1 (Or 1/0/25 for the S5820x-28S)
[PODxxA2-GigabitEthernet1/0/1]port access vlan 10
Step14Configure Default Gateway on Access Switch #2
[PODxxA2]ip route-static 0.0.0.0 0.0.0.0 10.x.10.254
[PODxxA2]quit
Connect switches as shown in the diagran and verify connectivity from each access switch port GigabitEthernet
1/0/1 to the VLAN 10 IP Address of each Chassis Switch.
- 10 -
Mission4Configure VRRP
Step1Configure VRRP between Chassis switches
On Chassis #1
[PODxxC1-Vlan-interface10]vrrp vrid 1 virtual-ip 10.x.10.254
[PODxxC1-Vlan-interface10]vrrp vrid 1 priority 110
On Chassis #2
[PODxxC2-Vlan-interface12]vrrp vrid 2 priority 110
Verify that you can ping the Virtual address created in the last step.
[PODxxC1]quit
- 11 -
Mission5Types of VLANs
Step1Use MAC-Based VLANs:
On your associated Access switch, associate the MAC address of Client 1 (xxxx-xxxx-xxxx) with VLAN 10 and
Client 2 (yyyy-yyyy-yyyy) with VLAN 11.
Step2Use ipconfig /all on your Windows Clients to determine your MAC address.
Step3Enable MAC-based VLANs on GigabitEthernet 1/0/2
[PODxxA1]mac-vlan mac-address xxxx-xxxx-xxxx vlan 10
[PODxxA1]mac-vlan mac-address yyyy-yyyy-yyyy vlan 11
[PODxxA1-GigabitEthernet1/0/2]port link-type hybrid
[PODxxA1-GigabitEthernet1/0/2]port hybrid vlan 10 11 untagged
[PODxxA1-GigabitEthernet1/0/2]mac-vlan enable
You should see that the client with the appropriate MAC Addresses are automatically assigned to the assigned
VLAN.
Step4Use IP Subnet-Based VLANs:
On your associated Access switch, associate subnets for VLAN 10 and 11
Enable IP Subnet based VLANs on GigabitEthernet 1/0/3
[PODxxA1]vlan 10
[PODxxA1]ip-subnet-vlan ip 10.x.10.0 255.255.255.0
[PODxxA1]quit
[PODxxA1]vlan 11
[PODxxA1]ip-subnet-vlan ip 10.x.11.0 255.255.255.0
[PODxxA1]quit
[PODxxA1-GigabitEthernet1/0/3]port link-type hybrid
[PODxxA1-GigabitEthernet1/0/3]port hybrid vlan 10 11 untagged
[PODxxA1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 10
[PODxxA1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 11
Configure your clients to be on one or the other VLAN subnets. You should see that the client(s) with the
appropriate IP subnet configured are automatically assigned to the assigned VLAN when plugged into that port.
- 12 -
Mission6Prep for Network Management

Step1Enable SNMP on each switch.
[PODxxC1]snmp-agent sys-info version v1 v2c
[PODxxC1]snmp-agent community read public
[PODxxC1]snmp-agent community write private
Step2Enable SNMP traps on the switch.
[PODxxC1]snmp-agent trap enable
[PODxxC1]snmp-agent target-host trap address udp-domain 10.x.10.200 upd-port 5000 params
securityname public
Step3Enable SNMP operation logging on the switch.
[PODxxC1]terminal monitor
[PODxxC1]terminal logging
[PODxxC1]info-center source snmp channel console log level informational
[PODxxC1]snmp-agent log get-operation
[PODxxC1]snmp-agent log set-operation
Step4Enable logging on the switch.
[PODxxC1]info-center enable
[PODxxC1]info-center loghost 10.x.10.200 channel loghost facility local4
[PODxxC1]info-center source default channel loghost debug state off log state off trap
state off
Step5Enable sflow on the switch.
[PODxxC1]sflow agent ip 10.x.10.yyy (IP Address of the switch)
[PODxxC1]sflow collector ip 10.x.10.200
[PODxxC1]interface GigabitEthernet1/0/1
[PODxxC1-Gig-Ethernet1/0/23]sflow enable inbound
[PODxxC1-Gig-Ethernet1/0/23]sflow enable outbound
[PODxxC1-Gig-Ethernet1/0/23]sflow sampling-rate 1000
Repeat for all switches in your pod.
- 13 -
Lab2: IRF
LAB2: IRF ............................................................................................................................................. - 1 -
1.1 OVERVIEW .................................................................................................................................................................................... - 1 -
1.4 EQUIPMENT .................................................................................................................................................................................. - 5 -
1.5 LAB PURPOSE ................................................................................................................................................................................ - 6 -
1.6 PROCEDURES ................................................................................................................................................................................ - 6 -
Mission1 Configure IRF on the S5800/S5820x ....................................................................................................................... - 6 -
Mission2 Configure IRF on the S12500/S9500E/S7500E....................................................................................................... - 8 -
Mission3 Verify IRF Operation .............................................................................................................................................. - 13 -
1.1 Overview
Configure IRF on a S12500/S9500E/S7500E and S5800/S5820x
Understand the operation of IRF
Before starting this lab please use the following commands

<switch>reset saved-reconfiguration
<switch>reboot
-1-
Figure 1-1
-2-
Figure 1-2
-3-
1.3 IP Addressing Scheme for IRF

Device
Interface
IP Address
Loopback 0
Vlan 10
Vlan 10
Plugged into VLAN x
Plugged into VLAN x
1.1.1.1/32
10.1.10.254/24
10.1.10.10/24
10.1.x.100/24 Gateway 10.1.x.254
10.1.x.101/24 Gateway 10.1.x.254
10.1.10.200
Loopback 0
Vlan 10
Vlan 10
Plugged into VLAN x
Plugged into VLAN x
2.2.2.1/32
10.2.10.254/24
10.2.10.10/24
10.2.x.100/24 Gateway 10.2.x.254
10.2.x.101/24 Gateway 10.2.x.254
10.2.10.200
Loopback 0
Vlan 10
Vlan 10
Plugged into VLAN x
Plugged into VLAN x
3.3.3.1/32
10.3.10.254/24
10.3.10.10/24
10.3.x.100/24 Gateway 10.3.x.254
10.3.x.101/24 Gateway 10.3.x.254
10.3.10.200
PODA
7500 Pair
7500 Pair
5800 Pair
PC 1
PC 2
IMC Server
PODB
7500 Pair
7500
5800 Pair
PC 1
PC 2
IMC Server
PODC
7500 Pair
7500 Pair
5800 Pair
PC 1
PC 2
IMC Server
-4-
1.4 Equipment
Version
No.
Description
S750xE
5.20 E6605P01
S9500E
5.20 R1230
S12508E
5.20 R1230

any MPLS capable
SD, EB or LEC Modules
3
module
S5800/S5820x
5.20 R11109P01
2
build IRF 2 stack
Client
Client for test
fulfill the labs.
-5-
1.5 Lab purpose

Establish full IRF redundancy.
1.6 Procedures
Mission1Configure IRF on the S5800/S5820x
Step1Login to the switch through the console port
Step2Ensure that both switches are running the same software version
[PODxyz]display version
Step3Reset the configuration of the switches.
<PODxyz>reset saved-configuration
<PODxyz>reboot
Step4Assign a unit number to each S5800. The unit number is based on the z designation of your switch1 or 2.
For unit 2:
[H3C]irf member 1 renumber 2 (x is current unit number)
Step5Save the configuration and reboot the switches
[H3C]quit
<H3C>save irf.cfg
<H3C>startup saved-configuration irf.cfg
<H3C>reboot
Step6Setting priority on Master S5800.
For unit 1:
[H3C]irf member 1 priority 32
Step7Shutdown the 10 Gbps port that will form the IRF (T1/0/25)
For Unit 1:
[H3C]int TenGigabitEthernet 1/0/25
[H3C-Ten-GigabitEthernet1/0/25]shutdown
For Unit 2:
Step8Assign the 10 Gbps port to an IRF port group
On Unit 1:
[H3C]irf-port 1/1
[H3C-irf-port]port group interface TenGigabitEthernet 1/0/25
-6-

[H3C-irf-port]quit
On Unit 2:
[H3C]irf-port 2/2
[H3C-irf-port]quit
Step9Connect the cables to the 2 5800
Step10Enable the 10 Gbps ports that will form the IRF (on both switches)
On unit 1:
[H3C-Ten-GigabitEthernet1/0/25]undo shutdown
On unit 2:
Step11Activate the IRF Port Configuration
[H3C]irf-port-configuration active
Step12Save the configuration
[PODxyz]quit
<PODxyz>save
Step13Connect the 2 cables into Tengig ports 25 and 26.
The secondary switch (unit 2) should now reboot automatically.
Step14The IRF stack should now be formed. Verify IRF operation
[H3C]display
[H3C]display
[H3C]display
[H3C]display
irf
irf configuration
irf topology
devices
Step15Rename the IRF Access-PODx, where x is your pod letter (A, B, C)

[H3C]sysname Access-PODx
Step16On the master, assign IP addresses to VLAN 10
[Access-PODx]vlan 10
[Access-PODx]quit
[Access-PODx]interface vlan 10
[Access-PODx -Vlan-interface1]ip address 10.xx.10.10 255.255.255.0
(xx = POD: 01 for PodA, 02 for PodB, 03 for PodC)
Step17On the master, create a dynamic aggregation interface
[Access-PODx]interface bridge-aggregation 1
[Access-PODx-bridge-agg-1]link-aggregation mode dynamic
-7-
Step18On the master, assign ports to the aggregation interfaces

[Access-PODx]interface gigabitethernet 1/0/11
[Access-PODx-bridge-agg-1]port link-aggregation group 1

Step19On the bridge aggregation, enable trunking and allow all VLANs on the aggregation interface.
[Access-PODx-bridge-agg-1]interface bridge-aggregation 1
[Access-PODx-bridge-agg-1]port link-type trunk
[Access-PODx-bridge-agg-1]port trunk permit vlan all
Step20On the master, configure the access ports VLAN membership on both Access switches (you can connect
your PC to this).
[Access-PODx]port access vlan 10
[Access-PODx]port access vlan 10
Step21Before continuing, verify that all partners5800 and 7500E switcheshave completed the IRF
configuration. If this has been accomplished, then, on the master 5800 switch, disable STP.
[Access-PODx]undo stp enable
[PODxyz]quit
<PODxyz>save
Mission2Configure IRF on the S12500/S9500E/S7500E

Step1Login into the switch through the console port
Step2Ensure that both switches are running the same software version
[H3C]display version
Step3Reset the configuration of the switches.
<H3C>reset saved-configuration
<H3C>reboot
Step4Set the 2 Chassis to operate in IRF mode. The chassis will be rebooted automatically.
]chassis convert mode irf
-8-
Step5Assign IRF priority 32 to Chassis 1 to make it the master

For unit 1:
[H3C]irf member 1 priority 32
Save the configuration under irf.cfg name. Youve to do it on both Master and Slave SRPUs.
[H3C]quit
<H3C>save irf.cfg
<H3C>save chassis1#slot1#flash:/irf.cfg
Step6Renumber chassis 2 as member 2. (It started as Member 1 in its own IRF)
For unit 2:
[H3C]irf member 1 renumber 2
Save the configuration under irf.cfg name. Youve to do it on both Master and Slave SRPUs.
[H3C]quit
<H3C>save irf.cfg
<H3C>save chassis1#slot1#flash:/irf.cfg
<H3C>reboot
Step7Shutdown the 10 Gbps ports that will form the IRF
For Unit 1:
[H3C]int Ten-GigabitEthernet 1/2/0/1
[H3C-Ten-GigabitEthernet1/2/0/1] shutdown
For Unit 2:
[H3C-Ten-GigabitEthernet1/2/0/1]shutdown
Step8Assign the 10 Gbps ports to an IRF port group

On Unit 1:
[H3C]irf-port 1/1
[H3C-irf-port]port group interface ten-gigabitethetnet 1/2/0/1
[H3C-irf-port]quit
On Unit 2:
[H3C]irf-port 2/2
[H3C-irf-port]quit
Step9Enable the 10 Gbps ports that will form the IRF
For Unit 1:
-9-
[H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown
For Unit 2:
Step10
Save the configuration
[H3C]quit
<H3C>save
Step11Cable the IRF ports of the two switches. You get a message on both chassis.
On chassis 1 (Master) a message mentions the IRF Merge but does not require a reboot
On the Chassis 2 (Slave) it should now request to reboot.
Step12Reboot the Slave switch
<H3C>reboot
Step13The IRF stack should now be formed. Verify IRF operation
[H3C]display irf
[H3C]display irf configuration
[H3C]display irf topology
Also try the followings:
[H3C]display device
[H3C]display version
Step14Rename the IRF Core-PODx, where x is your pod letter (A, B, C)
[H3C]sysname Core-PODx
Step15On the master, create Loopback 0 and assign IP address
[H3C]interface loopback 0
[Core-PODx-Vlan-interface1]ip address xx.xx.xx.1 32
(x = POD: PodA will use 1, PodB will use 2, and PodC will use 3)
- 10 -
Step16On the master, create VLAN 10 and assign IP addresses to the VLANs
[Core-PODx]vlan 10
[Core-PODx]quit
[Core-PODx]interface vlan 10
[Core-PODx-Vlan-interface1]ip address 10.xx.10.254 255.255.255.0
(x = POD: 1 for PodA, 2 for PodB, 3 for PodC)
Step17On the master, create a dynamic aggregation interface
[Core-PODx]interface bridge-aggregation 1
[Core-PODx-int-br-1]link-aggregation mode dynamic
Step18On the master, configure trunk ports and assign ports to the aggregation interfaces for the interfaces
connected between the 5800s and the 7500s.
[Core-PODx]interface gigabitethernet 1/3/0/11
[Core-PODx-int]port link-aggregation group 1
Step19On the master, set the brige aggregation as a VLAN trunk and enable MAD LACP.
[Core-PODx]interface bridge-aggregation 1
[Core-PODx-int-br-1]port link-type trunk
[Core-PODx-int-br-1]port trunk permit vlan all
[Core-PODx-int-br-1]mad enable
Step20On the master, set BFD MAD. First define a dedicated VLAN and assign 2 Gigabit interfaces to it
[H3C] vlan 3
[H3C-vlan3] port gigabitethernet 1/3/0/24
[H3C-vlan3] port gigabitethernet 2/3/0/24
[H3C-vlan3] quit
Step21Create VLAN-interface 3 and configure the MAD IP address for the interface.
[H3C] interface vlan-interface 3
[H3C-Vlan-interface3] mad bfd enable
[H3C-Vlan-interface3] mad ip add 10.x.3.1 24 member 1
[H3C-Vlan-interface3] mad ip add 10.x.3.2 24 member 2
[H3C-Vlan-interface3] quit
- 11 -
Step22C onfigure the access ports VLAN membership on both Core switches (you can connect your PC to this
port).
[Core-PODx]interface gigabitethernet 1/0/1
[Core-PODx]port access vlan 10
[Core-PODx]interface gigabitethernet 2/0/1
[Core-PODx]port access vlan 10

[Core-PODx]quit
<Core-PODx>save
- 12 -
Mission3Verify IRF Operation

Step1Connect a PC to each switch and assign a static IP address using the following table:
PC1 = 10.x.10.101/24 connected to 7500E master
PC2 = 10.x.10.102/24 connected to 7500E slave
PC3 = 10.x.10.103/24 connected to 5800 master
PC4 = 10.x.10.104/24 connected to 5800 slave
xx is the POD ID: (xx = POD: PodA is 01, PodB is 02, and PodC is 03)
Step2Verify connectivity through pingping each of the devices in your IRF grouping.
Or use Fping to be able to test ping at the millisecond level.
Copy the fping.exe to you c:/Windows folder.
fping can be used which can issue continuous pings with a very small time interval. This will allow a more precise
calculation of down time.
When the following command is issued for a continuous ping to host a.b.c.d with a time interval of 50 milliseconds
and a timeout of 50 milliseconds
C:\> fping 10.X.10.Y c t 50 w 50
Step3Start removing cables, one-at-a-time, ensuring that at least end to end connectivity is maintained):
- There should be no or minimal PING loss.
- Remove one IRF cable, notice if there are any changes in response.
- Remove the whole IRF link between your switch and the corresponding IRF switch (the master and the slave) and notice
what happens.
- Reconnect the IRF link. Is the IRF self healing?
- If not, what actions are required to restore IRF functionality?
Step4Trigger a switchover of the Master Main Board of IRF chassis
by issuing command <Chassis-PODxyz>slave switchover

or by removing the Main Board (MSU) that is set to Master
Check what board is master with
<Chassis-PODxyz>display irf
<Chassis-PODxyz>display device
Step5Trigger a switchover of the Master chassis in the IRF chassis
by issuing command <Chassis-PODxyz>reboot chassis X

or by powering off the Master Chassis
Step6Save the configuration on your switch

[Access-PODxyz]quit
<Access-PODxyz>save
This concludes the IRF lab.
- 13 -
Lab3: RRPP
LAB3: RRPP ......................................................................................................................................... - 1 -
1.1 OVERVIEW .................................................................................................................................................................................... - 1 -
1.4 EQUIPMENT .................................................................................................................................................................................. - 4 -
1.5 LAB PURPOSE ................................................................................................................................................................................ - 5 -
1.6 PROCEDURES ................................................................................................................................................................................ - 5 -
Mission1 Configure RRPP between all IRF chassis. ............................................................................................................... - 5 -
1.1 Overview
Configure RRPP
Understand the operation of RRPP
-1-

X= POD #
PODX_C1
PODX_C2
Master
Transit
Ten 2/0/1
P
S
Primary Ring Port

Secondary Ring Port
.1
Ten 2/0/2
VLANS_IP Subnets
VLAN 10 10.x.10.0/24
Ten 1/0/25 P
.2
P Ten 2/0/2
RRPP
Domain 1
Ring 1
S
S
Ten 1/0/25
.4
.3
PODX_A1
Ten 1/0/26
Transit
PODX_A2
Transit
Figure 1-1
1.3 IP Addressing Scheme

Before configuring devices in the RRPP lab, youll remove the IRF configuration.
Each switch will be an individual member of the Ring.
Each pod will create its own ring.
In order to test the RRPP fault tolerance and Rapid Recovery functionality with IP nodes, the PC connected to the
Ring must be in the same VLAN and in the same IP Subnet.
-2-
Device
Interface
IP Address
Chassis 1
Vlan 10
10.X.10.1/24
Chassis 2
Vlan 10
10.X.10.2/24
Access 1
Vlan 10
10.X.10.3/24
Access 2
Vlan 10
10.X.10.4/24
PC 1
10.X.10.101/24
PC 2
10.X.10.102/24
POD#X
-3-
1.4 Equipment
Version
No.
Description
S750xE
5.20 E6605P03
S5800/S5820x
5.20 R11109P01
build IRF 2 stack
Client
Client for test
fulfill the labs.
-4-
1.5 Lab purpose

Create a main RRPP ring between the Switches.
1.6 Procedures
Mission1Configure RRPP between chassis.
Step1Disconnect cables from previous lab
Step2login to the Chassis switch through the serial port or by Telnet
Step3Remove IRF and all configuration on the Chassis
<H3C>undo chassis convert mode
<H3C>reset saved-config
<H3C>reboot
Step4Reset configuration on the 5800 switches

<H3C>reset saved-config
<H3C>reboot
Step5Create the appropriate VLANs on all switches

<H3C>system-view
[PODxx]vlan 10
[PODxx-vlan10]quit
[PODxx]vlan 11
[PODxx-vlan11]quit
[PODxx]interface vlan 10
[PODxx-interface-vlan10]quit
[PODxx-interface-vlan11]quit
Step6Set ALL the ports that will form the RRPP ring as Trunk ports on ALL Switches
For example:
[PODxx]interface ten-gigabit-ethernet 2/0/X
[PODxx-Ten-GigabitEthernet1/3/0/3]port link-type trunk
[PODxx-Ten-GigabitEthernet1/3/0/3]port trunk permit vlan all
[PODxx-Ten-GigabitEthernet1/3/0/3]quit
Step7Disable STP on ALL the ports that will form the RRPP ring on ALL Switches
[PODxx]interface ten-gigabit-ethernet 2/0/X
[PODxx-Ten-GigabitEthernet1/3/0/3]link-delay 0 or 2
-5-
Note: Minimum Link-delay is 0 on 7500 and 2 on 5800

[PODxx-Ten-GigabitEthernet1/3/0/3]stp disable
[PODxx-Ten-GigabitEthernet1/3/0/3]quit
Step8Enable RRPP on ring 1, configure the protected VLAN (required)
[PODxx]rrpp domain 1
[PODxx-rrpp]control-vlan 4092
[PODxx-rrpp]protected-vlan reference-instance 0 to 31
[PODxx]quit
Set Chassis 1 as the RRPP Master node, and Chassis 2 as a transit node
Before configuring RRPP, do not connect the cables that form the RRPP ring yet. Note down the port numbers on the
network diagram that comes with this lab.
Configure chassis 1 as the Master Node in Ring 1
[PODxx-rrpp]ring 1 node-mode master primary-port ten-gigabit-ethernet 2/0/1
secondary-port ten-gigabit-ethernet 2/0/2 level 0
[PODxx-rrpp]ring 1 enable
[PODxx-rrpp]quit
[PODxx]rrpp enable
Configure Chassis 2 as the Transit Node in Ring 1
[PODxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 2/0/2
[PODxx-rrpp]ring 1 enable
[PODxx-rrpp]quit
[PODxx]rrpp enable
Step9Set Access Switches 1 and 2 as RRPP Transit nodes
Configure Access Switch 1 as the Transit Node in Ring 1

[Accessxx]rrpp domain 1
[Accessxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 1/0/25
[Accessxx-rrpp]ring 1 enable
[Accessxx-rrpp]quit
[Accessxx]rrpp enable
Configure Access Switch 2 as the Transit Node in Ring 1
[Accessxx]rrpp domain 1
[Accessxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 1/0/26
-6-

[Accessxx-rrpp]ring 1 enable
[Accessxx-rrpp]quit
[Accessxx]rrpp enable
Step10Connect the cables to the ports that will form the RRPP ring
Verify RRPP status on all switches
[PODxx]display rrpp brief
[PODxx]display rrpp verbose domain 1 ring 1
Verify connectivity through PING or fping utility on your PC (Copy fping.exe into C:/Windows folder)
C:\> fping 10.X.10.Y c t 50 w 50
Use the PCs that are connected throughout the Ring using the IP address space information at the beginning of this
document.
If connectivity is successful, remove one of the ring connections and verify whether there is loss of information.
Verify RRPP status on all switches after you disconnect a link
[PODxx]display rrpp brief
[PODxx]display rrpp verbose domain 1 ring 1

[PODxx]quit
<PODxx>save rrpp.cfg
<PODxx>save chassis1#slot1#flash:/rrpp.cfg
<PODxx>startup saved-configuration rrpp.cfg
This concludes the RRPP lab.
-7-
Lab 4: MCE
LAB 4: MCE ............................................................................................................................................. - 1 -
1.1 OVERVIEW ........................................................................................................................................ - 1 -
1.2 NETWORKING DIAGRAM ................................................................................................................... - 2 -
1.3 EQUIPMENT ....................................................................................................................................... - 4 -
1.4 LAB PURPOSE .................................................................................................................................... - 5 -
1.5 PROCEDURES..................................................................................................................................... - 5 -
Mission1 Configure IRF 2 on the S5500-EI (already focused in lab 1) ........................................ - 5 -
Mission2 Configure VPN instances 1 and 2 on MCE for customers............................................. - 6 -
1.1 Overview
Configure MCE on two S7500E
Understand the operation of MCE
Use BGP to exchange routes between Instances
-1-
Figure 1-1
-2-
IP Address Design
Device
Interface
IP Address
S7500E
Vlan interface 10
192.168.10.1/24
Vlan interface 20
192.168.20.1/24
S5500EI IRF
Vlan interface 10
192.168.10.10/24
PC1
VLAN 10
192.168.10.100/24
PC2
VLAN 10
192.168.10.101/24
S7500E
Vlan interface 10
192.168.10.2/24
Vlan interface 20
192.168.20.2/24
S5500EI IRF
Vlan interface 20
192.168.20.10/24
PC3
VLAN 20
192.168.20.100/24
PC4
VLAN 20
192.168.20.101/24
-3-
1.3 Equipment
Version
S750xE
S7500E Fabric
5.20.E6603P01
No.
Description
Switch Fabric
LSQ1GP24TXSD0, 16 x
Or any other module that
x, 8 x Combo, 2 x 10 G
SD module
provides access
connectivity
Or any other Comware 5
based switch.
S5500-28C-EI
CMW520-R2202 or later
4
build IRF 2 stack
H3C S5500-SI
If Access Switch is based

4
Loc.Conn.CX4 Cable
on S5500-EI
2-Port 10-Gigabit Local
If Access Switch is based

4
Connection Module
PC
on S5500-EI
Windows XP SP2
PC
Please connect the above devices as shown in figure 1-1.

Note that the cards and versions may not be exactly the same as your lab
environment. When that is the case, please adjust the parameters to fit your lab.
Use the lab hand outs to note down the appropriate port numbers and additional
information that you might need to fulfill the labs.
-4-
1.4 Lab purpose

Separate routing tables for customer A and customer B on the 7500E.
Configure OSPF between MCEs
PCs that exist in the different VLANs should be able to reach each other
1.5 Procedures
Mission1Configure IRF 2 on the S5500-EI (already done in lab 1)
Step1Configure 2 x IRF for the access connectivity
Step2Create VLANs and assign IP addresses to the VLANs
Stack 1:
[Access-PODxx]vlan 10
[Access-PODxx]interface vlan 10
[Access-PODxx -Vlan-interface10]ip address 192.168.10.10 24
Stack 2:
[Access-PODxx]interface vlan 20
[Access-PODxx -Vlan-interface10]ip address 192.168.20.10 24
Step3Create a dynamic aggregation interface

Stack1 and Stack 2:
[Access-PODxx]interface Bridge-Aggregation 1
[Access-PODxx]port link-type trunk
[Access-PODxx]port trunk permit vlan all
Step4Configure trunk ports and assign ports to the aggregation interfaces
Stack1 and Stack 2:
[Access-PODxx]interface gigabitethernet 1/0/1 (port number is example)
[Access-PODxx]port link-aggregation group 1
[Access-PODxx]interface gigabitethernet 1/0/2(port number is example)
[Access-PODxx]link-aggregation group 1
Step5Configure the access ports VLAN membership on Access stacks
Stack 1:
[Access-PODxx]interface gigabitethernet 1/0/10
-5-
Stack 2:
[Access-PODxx]interface gigabitethernet 1/0/10
Mission2Configure VPN instances 1 and 2 on MCE for customers

Step1Create the appropriate VLANs on both 7500E chassis
<H3C>system-view
[PODxx]sysname PODxx
[PODxx]vlan 10
[PODxx]vlan 20
Step2Configure Link Aggregation at the access switches to core conection

MCE 1
[PODxx]interface Bridge-Aggregation 1
[PODxx]port link-type trunk
[PODxx]port trunk permit vlan 10
MCE 2
[PODxx]interface Bridge-Aggregation 1
[PODxx]port trunk permit vlan 20
Step3Assign the VLANs to the ports between the MCEs and to the access switches
MCE1 [PODxx]interface gigabit-ethernet 1/0/1 (port number is example)
[PODxx]port link-aggregation group 1
[PODxx]interface gigabit-ethernet 1/0/2 (port number is example)

[PODxx]interface gigabit-ethernet 1/0/2 (port number is example)
Step4Assign the VLANs to the ports between the MCEs

[PODxx]port trunk permit vlan 10 to 20

[PODxx]port trunk permit vlan 10 to 20
-6-
Step5Configure VPN instances 10 and 20 on MCEs

MCE1 [PODxx]ip vpn-instance 10
[PODxx]route-distinguisher 10:1
[PODxx]ip vpn-instance 20
MCE2
Step6: Configure VLAN-interfaces 10 and 20 and bind them to VPN 10 and VPN 20
respectively
MCE1 [PODxx]interface vlan 10
[PODxx]ip binding vpn-instance
[PODxx]ip address 192.168.10.1
10
255.255.255.0
20
255.255.255.0
MCE2 [PODxx]interface vlan 10

10
255.255.255.0
20
255.255.255.0
-7-
Step7: Configure OSPF for VPN Instances

MCE1 [PODxx]ospf 10 vpn-instance 10
[PODxx]vpn-instance-capability simple
[PODxx]area 0.0.0.0
[PODxx]network 192.168.10.0 0.0.0.255
[PODxx]ospf 20 vpn-instance 20
[PODxx]area 0.0.0.0
[PODxx]network 192.168.20.0 0.0.0.255
MCE2 [PODxx]ospf 10 vpn-instance 10

[PODxx]area 0.0.0.0
[PODxx]network 192.168.10.0 0.0.0.255
[PODxx]ospf 20 vpn-instance 20
[PODxx]area 0.0.0.0
[PODxx]network 192.168.20.0 0.0.0.255
Step8: Configure routing for the edge devices

MCE1 and MCE 2[PODxx]bgp 65534
[PODxx]ipv4-family vpn-instance 10
[PODxx]import-route direct
[PODxx]import-route ospf 10
[PODxx]ipv4-family vpn-instance 20
[PODxx]import-route direct
[PODxx]import-route ospf 20
MCE1 and MCE2 [PODxx]ip vpn-instance

[PODxx]vpn-target 10:1
[PODxx]ip vpn-instance
10
export-extcommunity
20:1 import-extcommunity
20
export-extcommunity
10:1 import-extcommunity
Verify connectivity through PING

PCs in VPN10 should reach PCs in VPN 20.
Display the different routing tables for each VRF Instance on MCE
display ip routing table vpn-instance 10
display ip routing table vpn-instance 20
-8-
Step6Save the configuration on all devices

[PODxx]quit
<PODxx>save mce.cfg
<PODxx>startup saved-configuration mce.cfg
This concludes the MCE lab.
-9-
Lab5: MPLS L3VPNs and VPLS

LAB5: MPLS L3VPNS AND VPLS .................................................................................................... - 1 1.1 OVERVIEW .................................................................................................................................................................................... - 1 1.2 LAB PURPOSE ................................................................................................................................................................................ - 1 1.3 PROCEDURES ................................................................................................................................................................................ - 1 Mission1 Reset Saved Configurations ..................................................................................................................................... - 1 Mission2 Recable the Lab Topology ........................................................................................................................................ - 2 Mission3 Assign Basic Configuration: .................................................................................................................................... - 3 Mission4 Interior Gateway Protocol: ...................................................................................................................................... - 5 Mission5 MPLS Configuration ................................................................................................................................................ - 6 Mission6 Customer Connectivity ............................................................................................................................................. - 7 Pod A Customer Connectivity: .................................................................................................................................................. - 7 Pod B Customer Connectivity: .................................................................................................................................................. - 8 Pod C Customer Connectivity: .................................................................................................................................................. - 9 Mission7 Consider Methods of Distributing Customer Route Information ............................................................................- 11 Mission8 Consider Methods of Implementing BGP in the Provider Network ........................................................................- 11 Mission9 Configure BGP on the Provider Network: ............................................................................................................. - 14 Mission10 Share Customer Networks using BGP: ................................................................................................................ - 14 Mission11 Create MPLS Layer-3 VPNs Create VPN Instances and assign interfaces: ...................................................... - 14 Mission12 MPLS Layer-3 VPNs Static Routing: ................................................................................................................ - 16 Mission13 MPLS Layer-3 VPNs MBGP: ............................................................................................................................ - 17 Mission14 Configuration Examples: ..................................................................................................................................... - 21 Mission15 Configure VPLS.................................................................................................................................................... - 25 -
1.1 Overview
Understand the basic operation of MPLS, MPLS L3 VPNs, L2VPNs, and VPLS.
1.2 Lab purpose

1.3 Procedures
Mission1Reset Saved Configurations
This Lab will begin by resetting the saved configuration on your four Switches.
Step1Reset the Saved configuration of your Core Switch #1 and Core Switch #2 and reboot:
[PODxx]reboot
Step2Reset the Saved configuration of your Access Switch #1 and Access Switch #2 and reboot:
[PODxx]reboot
-1-
Mission2Recable the Lab Topology

Step1Recable the Lab Topology according to the diagram #1.
Pod A
G1/0/1
Access1
Pod B
G3/0/1
Core2
Core2
7506E
7506E
Access1
S5800
T2/0/1
T2/0/1
T2/0/1
T2/0/1
G1/0/1
G1/0/1
Core1
T2/0/2
T2/0/3
Core1
7506E
7506E
S5800
G1/0/1
G3/0/2
G3/0/2
S5800
Access2
G3/0/1
T2/0/2
T2/0/3
T2/0/3
T2/0/2
Core1
T2/0/1
Core2
T2/0/1
7506E
7506E
G3/0/1
G3/0/2
G1/0/1
G1/0/1
Access1
Access2
S5800
S5800
Pod C
Diagram # 1.
-2-
Access2
S5800
Mission3Assign Basic Configuration:

Step1Using diagram #2, note the three distinct roles your Switches will serve in this lab.
Core Switch #1 will serve as a Provider router: P router.
Core Switch # 2 will serve as a Provider Edge router: PE router
Both Access Switches will serve as Customer Edge routers, CE routers.
Step2Assign hostnames to your Switches according to this chart:

[PODxx]sysname CE-3x
enable telnet, tracert, superuser,
Hostnames
Core-Switch #1
Core-Switch #2
Access-Switch #1
Access-Switch #2
Pod A
P-1
PE-1
CE-1A
CE-1B
Pod B
P-2
PE-2
CE-2A
CE-2B
Pod C
P-3
PE-3
CE-3A
CE-3B
Step3Enable telnet, and traceroute on all four of your Switches:

[PODxx]sysname
Step4Confirm the cabling topology is correct and functional using LLDP protocol.
[PODxx]sysname
-3-
Step5Create six VLANs and assign interfaces to VLANs as shown in diagram #2. All of these ports should be
configured as access ports.
Pod A
VLAN 11
VLAN 101
VLAN 102
VLAN 161
VLAN 162
VLAN 163
G1/0/1
CE
Access-1
G3/0/1
VLAN 101
G3/0/2
Pod A
VLAN 102
G1/0/1
Pod B
VLAN 22
VLAN 201
VLAN 202
VLAN 161
VLAN 162
VLAN 163
G3/0/1
PE
PE
Core-2
Core-2
T2/0/1
CE
T2/0/1
VLAN 22
VLAN 11
T2/0/1
T2/0/1
VLAN 161
P
Core-1
T2/0/3
Pod B
CE
VLAN 162
Access-2
P
Core-1
VLAN 33
T2/0/1
PE
Core-2
Pod C
G3/0/2
G1/0/1
T2/0/2
T2/0/3
T2/0/1
CE
Access-1
Core-1
T2/0/3
VLAN 163
G1/0/1
VLAN 201
VLAN 202
T2/0/2
T2/0/2
Access-2
Pod C
VLAN 33
VLAN 301
VLAN 302
VLAN 161
VLAN 162
VLAN 163
G3/0/1
G3/0/2
VLAN 301
VLAN 302
G1/0/1
G1/0/1
CE
CE
Access-1
Access-2
Diagram # 2.
-4-
Loopback 0
Loopback 0
16.0.0.1
16.0.0.2
16.0.0.0 /8
CE-1A
int VLAN 201
int VLAN 101 int VLAN 101
PE1
16.1.1.2
int VLAN 102
PE2
OSPF
Area 0
/30
16.2.2.2
int VLAN 11
16.1.1.1
int VLAN 22
16.0.1.1 /30 16.0.1.2 /30
P1
int VLAN 102
int VLAN 161
Loopback 0
16.0.0.11
16.2.2.1
/30
16.0.3.2 /30
CE-2A
int VLAN 202
/30
int VLAN 11
Pod A
int VLAN 201
Pod B
int VLAN 22
P2
int VLAN 161
int VLAN 163
/30
int VLAN 202

int VLAN 162
16.0.2.1 /30
CE-1B
CE-2B
Loopback 0
16.0.0.22
16.0.2.2 /30
16.0.3.1 /30
int VLAN 162
int VLAN 163
P3
16.3.3.1
Loopback 0
/30
int VLAN 33
16.3.3.2
16.0.0.33
/30
int VLAN 33
PE3
Loopback 0
16.0.0.3
int VLAN 301

int VLAN 302
Pod C
int VLAN 301
int VLAN 302
CE-3B
CE-3A
Diagram # 3.
Step6On your Provider router (Core Switch #1) create three vlan interfaces and assign IP addresses to these
vlan interfaces as shown in diagram #3.
Step7On your Provider-Edge router (Core Switch #2) create three vlan interfaces and assign IP addresses to
these vlan interfaces as shown in diagram #3.
Step8On your Customer-Edge routers (Access Switch #1 and Access Switch #2) create one vlan interface on
each of these routers as shown in diagram # 3. IP addresses will be assigned to these interfaces later.
Mission4Interior Gateway Protocol:

Step1Create Loopback interface 0 on your Provider router and Provider-Edge router and assign an IP address
to this Loopback interface using diagram # 3. Use a /32 mask on this IP address.
Step2Configure the OSPF interior gateway routing protocol on both your Provider routers. Use Loopback 0 as
the router ID, and activate OSPF on all interfaces that have been assigned an IP address. All interfaces should
belong to OSPF area 0.
Step3Test your OSPF configuration by reviewing your routing tables. Your Provider-Edge router should be
able to ping the other two Provider-Edge routers in the classroom. Your Provider-Edge router should be able to
ping all three Provider routers.
-5-
Mission5MPLS Configuration
Configure MPLS on your Provider network.
Step1Configure MPLS on your Provider router and your Provider Edge router. Use the Label Distribution
Protocol, LDP, to share and learn MPLS labels from your directly connected neighbors. Choose your Loopback
0 interface as your LDP router-ID.
Step2Confirm that an LDP peer is established between your Provider router and your Provider-Edge router
Step3Confirm that an LDP peer is established between your Provider router and the other two Provider routers.
Step4Review your Label Information Base to ensure your Provider-Edge router has learned labels from your
Provider router.
Step5Ping from your Provider-Edge router to the Loopback 0 interface of another Provider-Edge router. This
ping should be successful. What label does your PE router push onto this ping? __________.
Step6When this ping is processed by your P router, your P router will replace this label with which label?
____________
Step7When this ping is processed by the next P router, what action will be taken by the next P router?
____________
Step8Ping from your Provider-Edge router to the Loopback 0 interface of the remaining (third) PE router. This
ping should be successful. Indentify the set of MPLS labels that are used for this Label Switching Path:
____________.
Loopback 0
Loopback 0
16.0.0.1
16.0.0.2
AS 100
PE1
PE2
LDP
LDP
LDP
P1
OSPF
Area 0
P2
LDP
LDP
P3
MPLS
LDP
Loopback 0
16.0.0.3
PE3
-6-
Mission6Customer Connectivity
Pod A Customer Connectivity:
Step1Your Access-Switches will serve as Customer Edge routers.
Step2Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2A.
Step3Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2B.
PE-2 vlan interface

CE vlan interface
CE-1A
201.1.1.2 /30
201.1.1.1 /30
CE-1B
202.1.1.2 /30
202.1.1.1 /30
Step4 Ensure that you can ping from your PE router to the CE-1A and CE-1B and vice versa.
201.1.1.0 /24
201.1.1.33 /27
0.0.0.0
CE-1A
201.1.1.2 /30
PE1
int VLAN 101
201.1.1.1 /30
201.1.1.65 /27
int VLAN 102
P1
202.1.1.2 /30
0.0.0.0
202.1.1.1 /30
202.1.1.33 /27
CE-1B
202.1.1.65 /27
202.1.1.0 /24
Diagram # 4 Pod A
Step5Create two Loopback interfaces on each Customer Edge router to serve as internal Customer networks.
If you prefer, use physical interfaces. Assign IP addresses to the two internal Customer networks as follows:
Customer LAN interface-1

CE-1A
201.1.1.33 /27
201.1.1.65 /27
-7-
CE-1B
202.1.1.33 /27
202.1.1.65 /27
Step6Can you ping these two new Loopback interfaces from your PE router? _______ Why not?
__________
Step7On your PE router, create a static route to the entire /24 IP address block of Customer A and a static route
to the /24 IP address block of Customer B.
Step8Ping from your PE router to both Loopback interfaces of both CE routers. These pings should be
successful.
Step9.Confirm that your CE routers can ping the directly connected interface of the PE router. Can your CE
routers ping the Loopback 0 interface of the PE router? __________ Why not? __________
Step10Configure a default route on both CE routers. Confirm that your CE routers can ping the Loopback 0
interface of the PE router. Confirm that your CE-A router can ping both Loopback interfaces of CE-B router (and
vice versa). These pings should be successful.
Pod B Customer Connectivity:

PE-2 vlan interface

CE vlan interface
CE-2A
201.2.2.2 /30
201.2.2.1 /30
CE-2B
202.2.2.2 /30
202.2.2.1 /30
Step14 Ensure that you can ping from your PE router to the CE-A and CE-B and vice versa.
201.2.2.0 /24
201.2.2.33 /27
0.0.0.0
CE-2A
201.2.2.2 /30
PE2
int VLAN 201
201.2.2.1 /30
201.2.2.65 /27
int VLAN 202
P2
202.2.2.2 /30
0.0.0.0
202.2.2.1 /30
202.2.2.33 /27
CE-2B
202.2.2.65 /27
202.2.2.0 /24
Diagram # 4 Pod B
CE-2A
CE-2B
-8-

201.2.2.33 /27
201.2.2.65 /27
202.2.2.33 /27
202.2.2.65 /27
__________
Step17On your PE router, create a static route to the entire /24 IP address block of Customer A and a static
route to the /24 IP address block of Customer B.
successful.
Pod C Customer Connectivity:

PE-3 vlan interface

CE vlan interface
CE-3A
201.3.3.2 /30
201.3.3.1 /30
CE-3B
202.3.3.2 /30
202.3.3.1 /30
Step4 Ensure that you can ping from your PE router to the CE-A and CE-B and vice versa.
201.3.3.0 /24
201.3.3.33 /27
0.0.0.0
CE-3A
201.3.3.2 /30
PE3
int VLAN 301
201.3.3.1 /30
201.3.3.65 /27
int VLAN 302
P3
202.3.3.2 /30
0.0.0.0
202.3.3.1 /30
202.3.3.33 /27
CE-3B
202.3.3.65 /27
202.3.3.0 /24
Diagram # 4 Pod C
-9-

CE-3A
201.3.3.33 /27
201.3.3.65 /27
CE-3B
202.3.3.33 /27
202.3.3.65 /27
__________
Step7On your PE router, create a static route to the entire /24 IP address block of Customer A and a static
router to the /24 IP address block of Customer B.
successful.
- 10 -
Mission7Consider Methods of Distributing Customer Route Information

Your PE router now has complete knowledge of both Customer sites, and your PE router can ping the internal
Loopback addresses of both Customer sites. However, the other PE routers in the classroom cannot ping your
customer sites. Why is this the case? ________ Do the other PE and P routers have a route to your two
Customer sites? ___________
Viewing this problem from a different perspective, your PE router cannot ping any other Customer site other than
the locally connected site. Most importantly, the Customer Sites cannot ping each other, for it is our primary
objective that the Customer site be able to ping each other.
To provide the desired end-to-end connectivity, your two Customer networks must be shared with the routers in
the Provider network. Lets consider several methods for sharing your two /24 Customer networks with the other
Method #1 Share routes with the Customer using OSPF and inject the Customer networking into OSPF.
OSPF is designed to function as an interior Gateway Protocol. Injecting Customer prefixes into the Providers
IGP will increase the instability of the Provider network. Method # 1 is a bad idea.
Method #2 Import the static routes for each Customer site into OSPF.
Importing routes into OSPF will produces External, type 5 LSAs which will flood thoughout the Autonomous
System. It is better to see these Customer networks as external LSAs than internal LSAs as would be the
case in Method # 1; however, it would be better to completely eliminate any external customer networks from
OSPF. OSPF, the Providers IGP, should include only internal Provider subnets and be free of external
routes from foreign networks over which the provider has little control. Method # 2 is better that Method # 1,
but still not a good idea.
Method #3 Use BGP, the Border Gateway Protocol, to desiminate the customer prefixes from one PE router to
all the other PE routers.
BGP is a much better routing protocol choice to carry external, customer routing information. In fact, BGP is
designed as an exterior routing protocol and can carry thousands of external networks. Method # 3 is the
best method to share the Customer prefixes from one site to the others.
Mission8Consider Methods of Implementing BGP in the Provider Network

Now that we have chosen BGP as the protocol to share the Customer prefixes and provide the desired
Customer site-to-site connectivity, lets consider various methods of implementing BGP in our Provider
network.
Method #1 Configure a Full-mesh of iBGP on all Provider routers.
BGP Design Method # 1 is shown in diagram # 5.
- 11 -
201.2.2.0 /24
201.1.1.0 /24
iBGP
CE-2A
CE-1A
PE1
AS 100
P1
P2
OSPF
Area 0
CE-1B
202.1.1.0 /24
PE2
iBGP
CE-2B
iBGP
P3
202.2.2.0 /24
PE3
202.3.3.0 /24
201.3.3.0 /24
CE-3B
CE-3A
Diagram # 5. BGP Design Method # 1 - iBGP Full-Mesh (also known as iBGP Full-Mess)
Method # 2 iBGP Full-Mesh with Route-Reflectors

Method # 1, a full-mesh of iBGP on all Provider Routers, will be complicated, difficult to support, and hard to
scale. BGP supports the use of Route Reflectors to simplify the iBGP toplogy. Method # 2 identifies the
three Provider routers as Route Reflectors with one client each. This topology is much simpler, and more
scalable than an iBGP full mesh. Method # 2 is shown in diagram # 6.
201.2.2.0 /24
201.1.1.0 /24
CE-2A
CE-1A
AS 100
PE1
PE2
iBGP
P1
P2
CE-2B
CE-1B
iBGP
202.1.1.0 /24
Route Reflectors
P3
202.2.2.0 /24
PE3
202.3.3.0 /24
201.3.3.0 /24
CE-3B
CE-3A
Diagram # 6.
BGP Design Method # 2 - iBGP Full-Mesh with Route Reflectors.
- 12 -
Method # 3 iBGP Removal from Core - Full-Mesh of PE Routers with MPLS

One of the benefits of using MPLS in the Provider Network is that iBGP can be removed from the core of the
Provider Network; BGP is only necessary on the PE routers. Removing iBGP from the Core of the Provider
network will free up resources on the core devices and further simplify the iBGP design.
Another advantage of this design is that the Customer devices will no longer have access to the Core of the
Provider network. Our objective is to provide Customer site-to-site connectivity. Customer access to the core of
the Provider network is not desired.
Since MPLS has already been configured in the Provider network, we can take advantage of this and choose
Method # 3 as our best method of sharing Customer routes across the provider network.
Method # 3, Full mesh of iBGP only on the PE routers, shown in diagram # 7, is our selected method of sharing
the customer prefixes from site to site and providing site to site connectivity for both customers. In the next steps,
we will proceed to configure BGP following BGP design method # 3.
201.2.2.0 /24
201.1.1.0 /24
iBGP
CE-2A
CE-1A
PE1
AS 100
P1
PE2
P2
OSPF
Area 0
CE-1B
CE-2B
MPLS
202.1.1.0 /24
iBGP
iBGP
P3
202.2.2.0 /24
PE3
202.3.3.0 /24
201.3.3.0 /24
CE-3B
CE-3A
Diagram # 7.
BGP Design Method # 3 - iBGP Full-Mesh of iBGP on the PE routers only using MPLS.
- 13 -
Mission9Configure BGP on the Provider Network:

Step1Configure an iBGP peer from your PE router to both of the other PE routers. Use Loopback interface 0
as your BGP router-ID.
Step2Use the Loopback interface 0 IP address as the source and destination of all three iBGP sessions.
Step3Confirm that both of your iBGP sessions are established. If not, confirm that you have a /32 OSPF route
in your routing table for both of the other PE routers Loopback 0 interface. You should be able to ping the
Loopback 0 interface of the PE routers from your PE router.
Mission10Share Customer Networks using BGP:

Step1Import your Static routes to Customer Site A and Customer Site B into BGP on your PE route.
Step2Confirm that the other PE routers see your two Customer networks in their BGP tables.
Step3Ensure that you have achieved site-to-site Customer connectivity for Customer-A by pinging from your
CE-A router to the Customer inside networks at the other two Customer A locations.
Step4Ensure that you have achieved site-to-site Customer connectivity for Customer-B by pinging from your
CE-B router to the Customer inside networks at the other two Customer B locations
Step5Trace from your Customer CE-A to the internal subnets of both of the other Customer A locations. This
trace should show five hops.
Step6Trace from your Customer CE-B to the internal subnets of both of the other Customer B locations. This
trace should show five hops.
Step7Confirm that you are label swapping by reviewing the routing table of the P routers. You should find no
customer networks in the routing tables of the P routers; yet, customer site-to-site traffic flows through the P
routers.
Mission11Create MPLS Layer-3 VPNs Create VPN Instances and assign interfaces:
A logical full-mesh of site-to-site connectivity has now been configured for all locations of Customer-A and Customer-B.
However, there is no separation between the Customer-A traffic and the Customer-B traffic. To prove this, ping from your
CE-A router to at least one CE-B router. This ping shows that traffic can flow from Customer-A to Customer-B. This
traffic flow from one Customer to another is not desired. Each Customer requires private connectivity between their three
sites only. To achieve this objective, you will configure two MPLS Layer 3 VPNs. More specifically, you will create the
Red VPN for Customer A and the Green VPN for Customer B.
- 14 -

VPN Instance
Red
Route Target
201.1.1.0 /24
201.2.2.0 /24
201.3.3.0 /24
201.3.3.0 /24
CE-3A
Red
PE
201.1.1.0 /24
201.2.2.0 /24
202.1.1.0 /24
202.2.2.0 /24
201.3.3.0 /24
202.3.3.0 /24
LDP
P
Green
202.1.1.0 /24
202.2.2.0 /24
202.3.3.0 /24
CE-3B
202.3.3.0 /24
MP-iBGP
VPN Instance
Green
Step1Before beginning this Mission, remove the static route to your Customer site prefix. This will will remove
theCustomer networks from the global instance of BGP and disconnect the customer sites. Connectivity will be
restored using MPLS Layer-3 VPNs.
=== Customer A ===
Step2Create a VPN instance for each Customer:
Customer
VPN Instance Name
Customer A
Customer B
Route Target
Red
Route Distinguisher
100:201
100:201
100:202
100:202
Green
.
Step3Display the VPN instance to confirm both the Route Target and the Router Distinguisher are properly set.
Step4Display the routing table for the Red VPN instance. This routing table should exist, but no routes will be
found in the table.
Step5Assign the vlan interface that connects to Customer-A to the Red VPN instance.
Step6Confirm that IP address 201.x.0.2 /30 is assigned to this interface. Some vendors remove the IP
address from an interface when the interface is assigned to a VPN instance.
Step7Again, review the Red VPN routing table. You should find one directly connected route in the Red
routing table.
Step8Connectivity between your Red Customer and your PE router has now been established. Test this
connectivity by pinging the PE router from your Red CE router. This ping should be successful.
Step9Test connectivity in the other direction by pinging from your PE router to the directly connected interface
of the Customer CE router. This ping should work. Be careful, you must ping from the Red VPN instance!
- 15 -
=== Customer B ===

Step10Create a VPN instance for your Customer on your PE router. The Customer Router will have no
knowledge of VPNs or MPLS.
Customer
VPN Instance Name
Customer A
Customer B
Route Target
Red
Route Distinguisher
100:201
100:201
100:202
100:202
Green
Step11Display the VPN instance to confirm both the Route Target and the Router Distinguisher are properly
set.
Step12. Display the routing table for the Green VPN instance. This routing table should exist, but no routes
will be found in the table.
Step13Assign the vlan interface that connects to Customer-B to the Green VPN instance.
Step14Confirm that IP address 202.x.0.2 /30 is assigned to this interface. Some vendors remove the IP
address from an interface when the interface is assigned to a VPN instance.
Step15Again, review the Green VPN routing table. You should find one directly connected route in the Green
routing table.
Step16Connectivity between your Green Customer and your PE router has now been established. Test this
connectivity by pinging the PE router from your Green CE router. This ping should be successful.
Step17Test connectivity in the other direction by pinging from your PE router to the directly connected interface
of the Customer CE router. This ping should work. Be careful, you must ping from the Green VPN instance!
Mission12MPLS Layer-3 VPNs Static Routing:

=== Customer A ===
Step1Your PE router can ping the directly connected interface of Customer A within the Red VPN instance, but
your PE router cannot ping the internal Customer networks because the PE router has no route to these
destinations.
Step2Create a static route to the block of IP addresses at your Red Customer site: 201.x.x.0 /24. Be sure to
place this static route in the Red VPN instance.
Step3Display the Red VPN routing table. You should find one directly connected route and one static route in
the Red routing table.
Step4Ping within the Red VPN from your PE router to the internal interfaces of your Red Customer router.
This ping should be successful.
Step5Can you ping the internal interfaces of any other Red CE router?. ______
Step6Can your CE router ping any other Red Customer site? _____
- 16 -
=== Customer B ===

Step7Your PE router can ping the directly connected interface of Customer B within the Green VPN instance,
but your PE router cannot ping the internal Customer networks because the PE router has no route to these
destinations.
Step8Create a static route to the block of IP addresses at your Green Customer site: 202.x.x.0 /24. Be sure to
place this static route in the Green VPN instance.
Step9Display the Green VPN routing table. You should find one directly connected route and one static route
in the Green routing table.
Step10Ping within the Green VPN from your PE router to the internal interfaces of your Green Customer router.
This ping should be successful.
Step11Can you ping the internal interfaces of any other Green CE router?. ______
Step12Can your CE router ping any other Green Customer site? _____
Mission13MPLS Layer-3 VPNs MBGP:

To provide site-to-site connectivity, the routes in your Red VPN routing table must be advertised to the other PE routers.
MPBGP will be used to distribute your VPN routes to the other PE routers, and the BGP extended community Route
Target will help to place these routes in the proper VPN routing table on the other PE routers.
201.1.1.0 /24
Loopback 0
Loopback 0
16.0.0.1
16.0.0.2
201.2.2.0 /24
MP-iBGP
CE-2A
CE-1A
PE1
AS 100
P1
PE2
P2
OSPF
Area 0
CE-1B
CE-2B
MPLS
202.1.1.0 /24
MP-iBGP
P3
MP-iBGP
Loopback 0
16.0.0.3
PE3
202.3.3.0 /24
201.3.3.0 /24
CE-3B
CE-3A
- 17 -
202.2.2.0 /24
=== Customer A ===

Step1Review your configuration of BGP. Notice that two BGP address families have been automatically
created.
Step2Create an address family within the BGP process for vpnv4 prefixes. Enable the sharing of vpnv4 prefixes
with both your iBGP peers, (the other PE routers).
Step3Share your Red VPN static route with the other PE routers as a vpnv4 route. To do this, import your
static route into the Red address family of BGP.
Step4Telnet to another PE router, and display its Red VPN routing table. Ensure your customer prefix is in the
routing table.
Step5Test Customer site-to-site connectivity by pinging from your CE-A router to an internal interface of both
the other CE-A routers.
Step6When your lab partner has completed this Mission, test the separation of the Red and Green Customer
networks by attempting to ping from your Red Customer site into any Green customer site. This ping should not
work since no route to the other customer network exists in the PE Red VPN instance.
201.1.1.0 /24
201.2.2.0 /24
CE-1A
CE-2A
CE-3A
=== Customer B ===
- 18 -
201.3.3.0 /24
Step7Review your configuration of BGP. Notice that two BGP address families have been automatically
created.
Step8Create an address family within the BGP process for vpnv4 prefixes. Enable the sharing of vpnv4 prefixes
with both your iBGP peers, (the other PE routers).
Step9Share your Green VPN static route with the other PE routers as a vpnv4 route. To do this, import your
static route into the Green address family of BGP.
Step10Telnet to another PE router, and display its Green VPN routing table. Ensure your customer prefix is in
the routing table.
Step11Test Customer site-to-site connectivity by pinging from your CE-B router to an internal interface of both
the other CE-B routers.
Step12When your lab partner has completed this Mission, test the separation of the Red and Green Customer
networks by attempting to ping from your Green Customer site into any Red customer site. This ping should not
work since no route to the other customer network exists in the PE Green VPN instance.
CE-2B
CE-1B
202.2.2.0 /24
202.1.1.0 /24
202.3.3.0 /24
CE-3B
CE-2B
201.1.1.0 /24
202.2.2.0 /24
201.2.2.0 /24
CE-1A
CE-2A
CE-1B
CE-3B
202.1.1.0 /24
202.3.3.0 /24
CE-3A
- 19 -
201.3.3.0 /24
- 20 -
Mission14Configuration Examples:
sysname PE-1
telnet server enable
#
#
user-interface vty 0 4
authentication-mode none
user privilege level 3
#
ip ttl-expires enable
ip unreachables enable
#
lldp enable
#
#### VLAN ####
vlan 11
decription to-P1
#
vlan 101
decription to-CE1A
#
vlan 102
decription to-CE1B
#### MPLS ####
mpls lsr-id 16.0.0.1

#
#
mpls
lsp-trigger all
#
mpls ldp
#
#### IP Interfaces MPLS Interfaces ####
interface LoopBack0
ip address 16.0.0.1 255.255.255.255
#
interface Vlan-interface11
Decription to P1
- 21 -
ip address 16.1.1.2 255.255.255.252

mpls
mpls ldp
#### IP vpn-instance ####
ip vpn-instance green
route-distinguisher 100:202
vpn-target 100:202 export-extcommunity
vpn-target 100:202 import-extcommunity
#
ip vpn-instance red
route-distinguisher 100:201
vpn-target 100:201 export-extcommunity
vpn-target 100:201 import-extcommunity
#
#### Interfaces VLAN to CE Binding to VPN Instance ####

#
ip binding vpn-instance red
ip address 201.1.1.2 255.255.255.252
#
ip binding vpn-instance green
ip address 202.1.1.2 255.255.255.252
#
interface GigabitEthernet3/0/1
port access vlan 101
#
interface GigabitEthernet3/0/2
port access vlan 102
#
interface Ten-GigabitEthernet2/0/1
port access vlan 11
#
#### MP-BGP config ####
#
bgp 100
undo synchronization
peer 16.0.0.2 as-number 100
peer 16.0.0.3 as-number 100
peer 16.0.0.2 next-hop-local
peer 16.0.0.2 connect-interface LoopBack0
peer 16.0.0.3 next-hop-local
- 22 -
peer 16.0.0.3 connect-interface LoopBack0

#
ipv4-family vpn-instance green
import-route static
#
ipv4-family vpn-instance red
import-route static
#
ipv4-family vpnv4
peer 16.0.0.2 enable
peer 16.0.0.3 enable
#
ospf 1
area 0.0.0.0
network 16.0.0.1 0.0.0.0
network 16.1.1.2 0.0.0.0
#
ip route-static vpn-instance green 202.1.1.0 255.255.255.0 202.1.1.1
ip route-static vpn-instance red 201.1.1.0 255.255.255.0 201.1.1.1
#
return
P1 CONFIG
#
sysname P1
#
telnet server enable
#
ip ttl-expires enable
ip unreachables enable
#
lldp enable
#
mpls lsr-id 16.0.0.11
#
vlan 11 to 13
#
mpls
lsp-trigger all
#
mpls ldp
#
interface LoopBack0
- 23 -
ip address 16.0.0.11 255.255.255.255

#
description to PE1
ip address 16.1.1.1 255.255.255.252
mpls
mpls ldp
#
description to P2
ip address 16.0.1.1 255.255.255.252
mpls
mpls ldp
#
description to P3
ip address 16.0.3.2 255.255.255.252
mpls
mpls ldp
#
description to PE1
port access vlan 11
#
description to P3
port access vlan 13
#
description to P2
port access vlan 12
#
#
ospf 1
area 0.0.0.0
network 16.0.0.0 0.255.255.255
#
user-interface vty 0 4
authentication-mode none
user privilege level 3
- 24 -
Mission15Configure VPLS
No IP Address
No IP Address
int VLAN 1
int VLAN 1
Access1
int VLAN 101
S5800
AS 100
PE1
int VLAN 102
P1
S5800
int VLAN 202
P2
int VLAN 1
Access1
int VLAN 201
PE2
int VLAN 1
MPLS
Access2
P3
Access2
S5800
S5800
PE3
int VLAN 301
No IP Address
int VLAN 302
int VLAN 1
int VLAN 1
Access2
Access1
S5800
S5800
No IP Address
No IP Address
int VLAN 1
int VLAN 1
int VLAN 101
CE-4A
PE1
PE2
MPLS
int VLAN 102
P1
CE-6A
int VLAN 201

int VLAN 202
P2
int VLAN 1
int VLAN 1
CE-5B
P3
CE-6B
PE3
int VLAN 301
No IP Address
int VLAN 302
int VLAN 1
int VLAN 1
CE-4B
CE-5A
- 25 -
Remote
LDP
172.16.44.1 /24
int VLAN 1
172.16.66.2 /24
int VLAN 1
int VLAN 101
CE-4A
VC-ID 66
PE1
PE2
int VLAN 202
int VLAN 102
MPLS
int VLAN 1
VC-ID 44
172.16.66.1 /24
CE-6B
CE-6A
int VLAN 201
int VLAN 1
VC-ID 55
Remote
LDP
Remote
LDP
172.16.55.2 /24
CE-5B
PE3
int VLAN 301
int VLAN 302
172.16.55.3 /24
172.16.44.3 /24
int VLAN 1
int VLAN 1
CE-4B
CE-5A
int VLAN 1
int VLAN 1
172.16.66.1 /24
172.16.66.2 /24
CE-6A
CE-6B
int VLAN 1
int VLAN 1
CE-5A
172.16.55.2 /24
172.16.55.3 /24
CE-5B
int VLAN 1
int VLAN 1
CE-4A
172.16.44.3 /24
172.16.44.1 /24
CE-4B
Step1: Configure Chassis #1 for L2VPN:

This config does not match the lab diagrams and will be replaced.
[PODxx]mpls l2vpn
Define remote peers for VPLS. (Only perform for Other Pods, not yourself.)
To Connect to Pod #1:
[PODxx]mpls ldp remote-peer 100
[PODxx-mpls-ldp-remote-100]remote-ip 1.1.1.1 (Pod #1 Loopback IP)
[PODxx-mpls-ldp-remote-100]quit
- 26 -

Configure VPLS Mappings on Chassis #1. Only Configure connections to your neighboring Pods, not yourself.
[PODxx]vsi VPLS_200 static
[PODxx-vsi-VPLS-200_1]pwsignal ldp
[PODxx-vsi-VPLS_200-ldp]vsi-id 200
[PODxx-vsi-VPLS_200-ldp]peer 1.1.1.1
[PODxx-vsi-VPLS_200-ldp]quit
[PODxx-vsi-VPLS_200]quit
(Pod
(Pod
(Pod
(Pod
1
2
3
4
Loopback
Loopback
Loopback
Loopback
IP)
IP)
IP)
IP)
[PODxx]vsi VPLS_201 auto

[PODxx-vsi-VPLS_201]pwsignal bgp
[PODxx-vsi-VPLS_201]route-distinguisher 100:1
[PODxx-vsi-VPLS_201-bgp]vpn-target 111:1
[PODxx-vsi-VPLS_201-bgp]site x range 10
[PODxx-vsi-VPLS_201-bgp]quit
Step3Bind VLAN and VPN services on Trunk port to Access Switches:
[PODxx]interface TenGigabitEthernet 2/0/2 (connection to access switch)
[PODxx-TenGigabitEthernet2/0/2]service-instance 200
[PODxx-TenGigabitEthernet2/0/2-srv200]encapsulation s-vid 200
[PODxx-TenGigabitEthernet2/0/2-srv200]xconnect vsi VPLS_200
[PODxx-TenGigabitEthernet2/0/2-srv200]quit
[PODxx-TenGigabitEthernet2/0/2]service-instance 201
[PODxx-TenGigabitEthernet2/0/2-srv201]encapsulation s-vid 201
[PODxx-TenGigabitEthernet2/0/2-srv201]xconnect vsi VPLS_201
[PODxx-TenGigabitEthernet2/0/2-srv201]quit
[PODxx-TenGigabitEthernet2/0/2]quit
Verify whether the VPLS connections are active. The examples below apply to POD 1, POD 2 and POD 3.
Loopback IP addresses (Peer Addresses) might be different.
On Chassis Switch #1:
[PODxx]display vpls connection
- 27 -
Total 4 connection(s),
connection(s): 4 up, 0 block, 0 down, 4 ldp, 0 bgp
VSI Name: VPLS_200
Signaling: ldp
VsiID
VsiType
PeerAddr
InLabel OutLabel LinkID VCState
200
vlan
2.2.2.2
1025
1025
up
200
vlan
3.3.3.3
1024
1024
up
200
vlan
4.4.4.4
1026
1026
up
VSI Name: VPLS_201
Signaling: ldp
VsiID
VsiType
PeerAddr
201
vlan
2.2.2.2
1027
1027
up
201
vlan
3.3.3.3
1026
1028
up
201
vlan
4.4.4.4
1029
1029
up
End to end layer 2 connectivity between PCs on VLAN 200 and PCs on VLAN 201 should be possible but not
between VLANs
This concludes the VPLS Lab
- 28 -
LAB 6: VPLS
LAB 6: VPLS ............................................................................................................................................ - 1 -
1.1 OVERVIEW ........................................................................................................................................ - 1 -
1.2 NETWORKING DIAGRAM ................................................................................................................... - 2 -
1.3 EQUIPMENT ....................................................................................................................................... - 4 -
1.4 LAB PURPOSE .................................................................................................................................... - 4 -
1.5 PROCEDURES..................................................................................................................................... - 5 -
Mission1 Configure basic IP configuration on the Customer Equipment devices ........................ - 5 -
Mission2 Configure OSPF on the S7500E .................................................................................... - 7 -
Mission3 Configure VPLS and VPLS bindings ........................................................................... - 11 -
Mission4 Configure BFD on the PE links ................................................................................... - 18 -
Mission5 Configure QoS ............................................................................................................. - 19 -
1.1 Overview
Configure VPLS on a S7500E and S5500-EI/S58x0.
Configure QinQ to distinguish edge connectivity.
Understand the basic operation of MPLS, VPLS, OSPF and BGP.
-1-
Figure 1-1
IP Address Design
-2-
Device
Interface
IP Address
S7500E (PE 1)
Vlan interface 1 (to PE 2)
172.1.1.x/24
172.1.3.x/24
Vlan interface 2 (VPN Instance)
10.1.1.2/24
10.2.1.2/24
172.1.1.x/24
172.1.2.x/24
172.1.2.x/24
172.1.3.x/24
10.3.1.2/24
10.4.1.2/24
S5500-EI (CE 1)
Vlan interface 1
10.1.1.x/24
S5500-EI (CE 2)
Vlan interface 1
10.1.1.x/24
S5500-EI (CE 3)
Vlan interface 1
10.1.1.x/24
PC1
CE 1 VLAN 2000
192.168.0.100/24
PC2
CE 2 VLAN 2000
192.168.0.101/24
PC3
CE 3 VLAN 2000
192.168.0.102/24
S7500E (PE 2)
S7500E (PE 3)
-3-
1.3 Equipment
Version
S750xE
S7500E Fabric
5.20.E6603P01
No.
Description
LSQ1TGX2SD0, 2 x 10
Or any other MPLS

3
G EB module
capable module
LSQ1GP24TXSD0, 16 x
Or any other module that
x, 8 x Combo, 2 x 10 G
SD module
provides access
connectivity
Or any other Comware 5
based switch.
S5500-28C-EI
CMW520-R2202 or later
3
build IRF 2 stack
PC
Windows XP SP2
PC
Please connect the above devices as shown in figure 1-1.

Note that the cards and versions may not be exactly the same as your lab environment.
When that is the case, please adjust the parameters to fit your lab.
Use the lab hand outs to note down the appropriate port numbers and additional
information that you might need to fulfill the labs.
1.4 Lab purpose

Configure VPLS Layer 3 VPN. This is a Point to Multipoint MPLS connection across a Layer
three network. CE 1, CE 2 and CE 3 should be able to communicate across the network after
this lab has finished.
-4-
1.5 Procedures
Mission1Configure basic IP configuration on the Customer Equipment devices
Step1login to the CE switch through the serial port
[Access-PODxx]reset saved-configuration
[Access-PODxx]quit
<Access-PODxx>reboot
<H3C>system
[H3C]sysname Access-PODxx (where xx is the POD number: 01, 02, 03, etc)

[Access-PODxx]telnet server enable
[Access-PODxx]user-interface vty 0
4[Access-PODxx-ui-vty-0-4]authentication-mode
none[Access-PODxx-ui-vty-0-4]user privilege level 3
[Access-PODxx-ui-vty-0-4]quit
Step4Configure VLAN interfaces on each CE:

Configure CE1:
[Access-PODxx]interface vlan-interface 1
[Access-PODxx-Vlan-interface1]ip address 10.1.1.x 24
[Access-PODxx-Vlan-interface1]quit
Configure CE2:
Configure CE3:
Step5Save the configuration on all switches
[Access-PODxx]quit
<Access-PODxx>save vpls.cfg
<Access-PODxx>startup saved-configuration vpls.cfg
-5-
-6-
Mission2Configure OSPF on the S7500E

Step1login to the switch through the serial port

[PODxx]quit
<PODxx>reboot
<H3C>system
[H3C]sysname PODxx

[PODxx]telnet server enable
[PODxx]user-interface vty 0 4[PODxx-ui-vty-0-4]authentication-mode
none[PODxx-ui-vty-0-4]user privilege level 3
[PODxx-ui-vty-0-4]quit
Step5Configure OSPF for switch PE 1:

[PODxx]interface loopback 0
[PODxx-LoopBack0]ip address x.x.x.9 32 (where x is the POD number)
[PODxx-LoopBack0]quit
[PODxx-Vlan-interface1]ip address 172.1.1.x 24 (x is POD number)
[PODxx-Vlan-interface1]quit
[PODxx]vlan 100
[PODxx-vlan100]port GigabitEthernet 1/0/2 (link to PE 3)
[PODxx-vlan100]quit
[PODxx-Vlan-interface100]ip address 172.1.3.x 24
[PODxx]ospf
[PODxx-ospf-1]import-route direct
[PODxx-ospf-1]area 0
[PODxx-ospf-1-area-0.0.0.0]network 172.1.1.0 0.0.0.255
[PODxx-ospf-1-area-0.0.0.0]network x.x.x.9 0.0.0.0
[PODxx-ospf-1-area-0.0.0.0]quit
[PODxx-ospf-1]opaque-capability enable
-7-
[PODxx-ospf-1]graceful-restart ietf
[PODxx-ospf-1]quit
-8-
Step6Configure OSPF for switch PE 2

[PODxx]vlan 10
[PODxx-vlan10]quit
[PODxx]ospf
[PODxx-ospf-1]quit
Step7Configure OSPF for switch PE 3:

[PODxx]vlan 10
[PODxx-vlan10]quit
[PODxx]vlan 100
[PODxx-vlan100]quit
-9-
[PODxx]ospf
[PODxx-ospf-1]quit
- 10 -
Before continuing with the lab, ensure that you have a fully operational OSPF
environment. Verify the adjacencies and routing tables and verify whether you are
able to ping all the loopback interfaces.
[PODxx]display ospf peer verbose
[PODxx]display ip routing-table
Step8Save the configuration on all switches

[PODxx]quit
<PODxx>save vpls.cfg
<PODxx>startup saved-configuration vpls.cfg
Mission3Configure VPLS and VPLS bindings

Step1Configure VPLS for switch PE 1:
[PODxx]mpls lsr-id x.x.x.9 (where x is the POD number)
[PODxx]mpls
[PODxx-mpls]quit
[PODxx]mpls l2vpn
[PODxx]mpls ldp
[PODxx-mpls-ldp]quit
[PODxx-mpls-ldp-remote-100]remote-ip x.x.x.9 (PE 3 Loopback IP)
[PODxx-Vlan-interface1]mpls
[PODxx-Vlan-interface1]mpls ldp
[PODxx-vsi-VPLS-2000_1]pwsignal ldp
[PODxx-vsi-VPLS_2000-ldp]peer x.x.x.9 (PE 2 Loopback IP)
- 11 -
Step2Bind in interface VLAN and VPN services VPLS neighbors

[PODxx]interface GigabitEthernet 1/0/5
[PODxx-GigabitEthernet1/0/5]description Terminating VPLS interface
[PODxx-GigabitEthernet1/0/5]port link-type hybrid
[PODxx-GigabitEthernet1/0/5]undo port hybrid vlan 1
[PODxx-GigabitEthernet1/0/5]service-instance 2000
[PODxx-GigabitEthernet1/0/5-srv2000]encapsulation s-vid 2000
[PODxx-GigabitEthernet1/0/5-srv2000]xconnect vsi VPLS_2000
[PODxx-GigabitEthernet1/0/5-srv2000]quit
[PODxx-GigabitEthernet1/0/5]quit

[PODxx]mpls
[PODxx-mpls]quit
[PODxx]mpls l2vpn
[PODxx]mpls ldp
[PODxx-vsi-VPLS_2000]pwsignal ldp
- 12 -
Step4Binding interface VLAN and VPN services VPLS neighbors


[PODxx]mpls
[PODxx-mpls]quit
[PODxx]mpls l2vpn
[PODxx]mpls ldp
- 13 -

[PODxx-vsi-VPLS_2000]pwsignal ldp
Step6Binding interface VLAN and VPN services VPLS neighbors

- 14 -
Verify whether the VPLS connections are active. The examples below apply to POD 1,
POD 2 and POD 3. Loopback IP addresses (Peer Addresses) might be different.
On PE 1:
VSI Name: VPLS_2000
Signaling: ldp
VsiID
VsiType
PeerAddr
2000
vlan
2.2.2.9
1025
1025
up
2000
vlan
3.3.3.9
1024
1026
up
On PE 2:
VSI Name: VPLS_2000
Signaling: ldp
VsiID
VsiType
PeerAddr
2000
vlan
1.1.1.9
1025
1025
up
2000
vlan
3.3.3.9
1024
1026
up
On PE 3:
VSI Name: VPLS_2000
Signaling: ldp
VsiID
VsiType
PeerAddr
2000
vlan
1.1.1.9
1025
1025
up
2000
vlan
2.2.2.9
1024
1026
up
- 15 -
Because the VPLS terminates using the S-VID 2000, on the edge switches the uplink
port has to be a tagged member of VLAN 2000 and the access ports have to be a
member of this VLAN as well to allow passing of traffic.
In order to have a fully transparent link between the VPLS end points, QinQ has to be
configured and a physical loopback has to be created to allow termination of the outer
VLAN which is the S-VID.
Step7Configuring the physical loopback and the Customer Edge interface on PE1
[PODxx-GigabitEthernet1/0/4]description Loopback from VPLS
[PODxx-GigabitEthernet1/0/4]port hybrid vlan 2000 tagged
[PODxx-GigabitEthernet1/0/3]description Connection to CE
[PODxx-GigabitEthernet1/0/3]port hybrid vlan 2000 untagged
[PODxx-GigabitEthernet1/0/3]qinq enable (this will remove the S-VID)
- 16 -
End to end connectivity between PC 1, PC2 and PC 3 should be possible.

In addition, this configuration will also allow passing of tagged packets from the CE,
so, if the uplink port of the switch is configured for tagging, the VLAN tags will be
passed using QinQ. This can be demonstrated by configuring the uplink ports of the
CE switches as trunk port and permit some tagged VLANs. In addition, configure
- 17 -
some access ports of the CE switch as access port for the configured VLANs and
verify whether communication across the VPLS is possible.
Mission4Configure BFD on the PE links

Step1Configure BFD for LDP on switch PE 1, PE 2 and PE 3:
[PODxx-mpls-ldp-remote-100]remote-ip bfd
[PODxx-mpls-ldp-remote-101]remote-ip bfd
- 18 -
Mission5Configure QoS
Traffic coming from CE 1, matching priority 6 will be dropped on ingress.
Step1 Configure QoS on switch PE 1, PE 2 and PE 3:
[PODxx]traffic classifier deny
[PODxx-classifier-deny]if-match service-dot1p 1
[PODxx-classifier-deny]quit
[PODxx]traffic behavior deny
[PODxx-behavior-deny]filter deny
[PODxx-behavior-deny]quit
[PODxx]qos policy deny
[PODxx-qospolicy-deny]classifier deny behavior deny
[PODxx-qospolicy-deny]quit
[PODxx]interface GigabitEthernet 1/0/5 (link to CE 1)
[PODxx-GigabitEthernet1/0/5]qos apply policy deny inbound
Configuration for high-priority traffic to provide weighted priority (Traffic from the
higher priorities will be given preference in queues), the weight is 1:2:3:4:5:6:7:8
[PODxx-GigabitEthernet1/0/1]qos wrr
[PODxx]interface Ten-GigabitEthernet1/0/2
[PODxx-GigabitEthernet1/0/2]qos wrr
[PODxx]display qos wrr interface GigabitEthernet 1/0/1
Interface: GigabitEthernet1/0/1
Output queue: Weighted round robin queue
Queue ID
Group
Weight
------------------------------------0
1
1
1
1
2
2
1
3
3
1
4
4
1
5
5
1
6
- 19 -
6
7
1
1
7
8
- 20 -
Configuration for high-priority traffic shaping peak, the highest peak is 512Mbps
Priority 7.
The other levels will be translated / mapped into the MPLS Labels and used for traffic
management and shaping over the core network, dot1p to mapping exp for the
default configuration.
[PODxx-GigabitEthernet1/0/1]qos gts queue 7 cir 512000
[PODxx-GigabitEthernet1/0/2]qos gts queue 7 cir 512000
Step2Save the configuration on all access switches

[Access-PODxx]quit
<Access-PODxx>save vpls.cfg
Step3Save the configuration on all core switches

[PODxx]quit
<PODxx>save vpls.cfg
This concludes the VPLS lab.
- 21 -

Guia de Laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Guia de Laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking

Uploaded by

Copyright:

Available Formats

Advanced Enterprise Networking Technical Labs

Lab1: Layer 3 Switching

Advanced Enterprise Networking Technical Labs

1.2 Networking Diagram

Advanced Enterprise Networking Technical Labs

1.3 IP Addressing Scheme

Advanced Enterprise Networking Technical Labs

At least 3 slot chassis

At Least 5 Slot Chassis

At Least 8 Slot Chassis

SD, EB or LEC Modules

Client for test

Advanced Enterprise Networking Technical Labs

1.5 Lab purpose

Repeat for Chassis #2

Advanced Enterprise Networking Technical Labs

Mission2Configure VLANs and OSPF on the Chassis Switches

Advanced Enterprise Networking Technical Labs

Create VLAN 10 and assign IP address

Configure OSPF for switch Chassis Switch 2:

Advanced Enterprise Networking Technical Labs

Advanced Enterprise Networking Technical Labs

Mission3Configure Access Switches

Step6Configure IP Address for Access Switches :

Advanced Enterprise Networking Technical Labs

Step8Place GigabitEthernet 1/0/1 on VLAN 10

Step11Configure Access #2 Switch IP Address for VLAN 10

Advanced Enterprise Networking Technical Labs

Advanced Enterprise Networking Technical Labs

Advanced Enterprise Networking Technical Labs

Mission6Prep for Network Management

Advanced Enterprise Networking Technical Labs

Configure IRF on a S12500/S9500E/S7500E and S5800/S5820x

Understand the operation of IRF

Before starting this lab please use the following commands

Advanced Enterprise Networking Technical Labs

1.2 Networking Diagram

Advanced Enterprise Networking Technical Labs

Advanced Enterprise Networking Technical Labs

1.3 IP Addressing Scheme for IRF

Advanced Enterprise Networking Technical Labs

At least 3 slot chassis

At Least 5 Slot Chassis

At Least 8 Slot Chassis

SD, EB or LEC Modules

Client for test

Advanced Enterprise Networking Technical Labs

1.5 Lab purpose

Advanced Enterprise Networking Technical Labs

[H3C-irf-port]port group interface TenGigabitEthernet 1/0/26

Step15Rename the IRF Access-PODx, where x is your pod letter (A, B, C)

Advanced Enterprise Networking Technical Labs

Step18On the master, assign ports to the aggregation interfaces

[Access-PODx]interface gigabitethernet 2/0/11

Mission2Configure IRF on the S12500/S9500E/S7500E

Advanced Enterprise Networking Technical Labs

Step5Assign IRF priority 32 to Chassis 1 to make it the master

Step8Assign the 10 Gbps ports to an IRF port group

Advanced Enterprise Networking Technical Labs

Save the configuration

Advanced Enterprise Networking Technical Labs

Advanced Enterprise Networking Technical Labs

Step23Save the configuration