MPLSLabGuide Viet

MPLS Lab Guide
Version 1.0
(MPLS - Multiprotocol Label Switching)

Author: D!ng V"n Ton
Ha Noi - 9/20/2008

Created by: D!ng V"n Ton CCNP, CCSP, MCSE, LPI level 1. http://www.vnexperts.net
2
M%c l%c

Outline: Lab guide MPLS bao gm nh"ng bi lab sau:

* Lab 2-1: Thi%t l'p mi tr#+ng ./nh tuy%n IGP c1a Service Provider
* Lab 3-1: Thi%t l'p mi tr#+ng m4ng li (core) MPLS
* Lab 5-1: C5u hnh MPLS VPN
* Lab 5-2: 6/nh tuy%n EIGRP gi"a router PE v router CE
* Lab 5-3: 6/nh tuy%n OSPF gi"a router PE v router CE
* Lab 5-4: 6/nh tuy%n BGP gi"a router PE v router CE
* Lab 6-1: VPNs overlapping
* Lab 6-2: H8p nh5t cc Service Provider
* Lab 6-3: Cc d/ch v9 VPN chung
* Lab 7-1: Tch cc Interface cho k%t n:i Internet
* Lab 7-2: Nhi;u Site truy c'p Internet
* Lab 7-3: K%t n:i Internet trong m<t MPLS VPN

3
I. Lab 2-1: Thi(t l*p mi tr,ng ./nh tuy(n IGP c1a Service Provider.

1. Ph4m vi ho4t .<ng c1a .:i t#8ng:
- Trong ph4m vi ho4t .<ng c1a bi lab ny, b4n s= dng nh"ng nhi>m v9 v nh"ng cu
l>nh c?n thi%t .@ tri@n khai IGP Service Provider v mi tr#+ng ./nh tuy%n. Sau khi hon
thnh bi lab ny, b4n s= c khA nBng thDc hi>n .#8c nh"ng cng vi>c sau:
- Ki@m tra s, . ./a chE IP, Data-link connection Identifier (DLCI), v tr4ng thi c1a cc
Interface c1a Service Provider.
- Enable IGP Service Provider v c5u hnh .ng ./a chE IP.

2. Quy #Gc tn router:
- P (Provider): Px1 v Px2 l cc router Core thu<c m4ng c1a nh cung c5p d/ch v9.
- PE (Provider Edge): PEx1 v PEx2 l cc router bin k%t n:i tI nh cung c5p d/ch v9 .%n
m4ng c1a khch hng.
- CE (Customer Edge): CEx1A v CEx2A, v CEx1B v CEx2B l cc router c1a khch hng.

3. S, . ./a chE IP c1a MPLS Lab:

- 6/a chE IP c1a cc router . .#8c thDc thi bJng cch sK d9ng bAng ./a chE IP L d#Gi. Ch
x chnh l chE s: c1a mMi m<t pod.

- BAng chi ti%t ./a chE IP c1a cc Router:
Parameter Value
CEx1A (S0/0.101) 150.x.x1.17/28
Cex1A (loopback0) 10.1.x1.49/32

4
Cex1A (E0/0) 10.1.x1.17/28

Cex2A (S0/0.101) 150.x.x2.17/28
Cex2A (loopback0) 10.1.x2.49/32
Cex2A (E0/0) 10.1.x2.17/28

Cex1B (S0/0.102) 150.x.x1.33/28
Cex1B (loopback0) 10.2.x1.49/32
Cex1B (E0/0) 10.2.x1.17/28

Cex2B (S0/0.102) 150.x.x2.33/28
Cex2b (loopback0) 10.2.x2.49/32
Cex2B (E0/0) 10.2.x2.17/28

Pex1 (S0/0.101) 150.x.x1.18/28
Pex1 (S0/0.102) 150.x.x1.34/28
Pex1 (loopback0) 192.168.x.17/32
Pex1 (S0/0.111) 192.168.x.49/28

Pex2 (S0/0.101) 150.x.x2.18/28
Pex2 (S0/0.102) 150.x.x2.34/28
Pex2 (loopback0) 192.168.x.33/32
Pex2 (S0/0.111) 192.168.x.65/28

Px1 (S0/0.111) 192.168.x.50/28
Px1 (S0/0.112) 192.168.x.113/28

Px2 (S0/0.111) 192.168.x.66/28
Px2 (S0/0.112) 192.168.x.114/28

4. Ti li>u c?n thi%t:
- Ti li>u c?n thi%t .@ hon thnh bi lab ny l: Cisco IOS documentation

5. Danh sch cu l>nh:
- BAng ny s= m tA nh"ng cu l>nh .#8c sK d9ng trong bi lab ny:
Command M tA
Network network-number [network-
mask]
No network network-number
6@ ./nh nghNa m<t danh sch c1a nh"ng m4ng
cho ti%n trnh xK l c1a EIGRP routing, sK d9ng
cu l>nh network cho vic c5u hnh router. 6@

5
[network-mask] xa bO m<t m4ng no ., dng tI kha no
tr#Gc cu l>nh network.
Router eigrp as-number
No router eigrp as-number
6@ c5u hnh giao thPc ./nh tuy%n EIGRP, sK
d9ng cu l>nh router eigrp L ch% .< global
configuration. 6@ shutdown EIGRP ho4t .<ng
trn router, sK d9ng tI kha no tr#Gc cu l>nh
ny.
Interface serial [slot/port] .
subinterface point-to-point
6@ ./nh nghNa m<t subinterface logical Point-
to-Point cho m<t interface v't l.
Encapsulation frame-relay Enable giao thPc Frame Relay trong ch% .< c5u
hnh interface.
Frame-relay interface-dlci dlci ChE ra gi tr/ DLCI s= lin k%t vGi k%t n:i point-
to-point c1a n.
Show frame-relay pvc 6@ hi>n th/ cc thng tin v tr4ng thi v; cc
PVC c1a cc Interface . c5u hnh Frame Relay
Show interface serial [slot/port] 6@ hi@n th/ thng tin v; m<t serial interface, sK
d9ng cu l>nh show interfaces serial L ch%
.< Privileged EXEC. N%u sK d9ng Frame Relay
Encapsution, th khi dng cu l>nh show
interface serial L ch% .< EXEC s= hi>n th/
nh"ng thng tin v; multicast DLCI, nh"ng
DLCI sK d9ng trn interface, v DLCI .#8c sK
d9ng cho Local Management Interface (LMI).
Show ip protocols 6@ hi>n th/ cc tham s: v tr4ng thi hi>n t4i
c1a giao thPc ./nh tuy%n . c5u hnh trn
router.
Show ip route 6@ hi>n th/ tr4ng thi hi>n t4i c1a bAng ./nh
tuy%n.

5. Task 1: C5u hnh cc ./a chE IP c1a cc interface Service Provider.
- Nhi>m v9 c1a b4n l c5u hnh ./a chE Layer 2 v Layer 3, .@ .Am bAo rJng c5u hnh .ng
cc interface c?n thi%t.
a. Cc b#Gc c?n lm:
- Hon thnh nh"ng b#Gc sau s= l cng vi>c chuQn b/ cho s, . k%t n:i MPLS logical v s,
. ./a chE IP. Workgroup 1 v 2 c1a mMi m<t pod s= c5u hnh cc router nJm trong nh"ng
group ny:
- Step 1: C5u hnh ./a chE IP v gi tr/ DLCI t#,ng Png cho mMi m<t Interface trn router
c1a Service Provider P, subinterface, v loopback.
PE, subinterface v loopback.

6
CE, subinterface v loopback
- Step 4: ThDc hi>n nh"ng th1 t9c .@ ki@m tra.

b. Ki@m tra.
B4n s= hon thnh cng vi>c ny khi b4n thu .#8c nh"ng k%t quA sau:
- Ping .%n cc ./a chE IP c1a cc router .@ ki@m tra sD ho4t .<ng c1a mMi m<t link
- Ping ./a chE IP c1a interface loopback c1a m<t router remote.

6. Task 2: C5u hnh Service Provider IGP.
- Cng vi>c ti%p theo b4n s= phAi thi%t l'p mi tr#+ng ./nh tuy%n IGP c1a Service Provider.
Cng vi>c ny s= bao gm vi>c enable giao thPc ./nh tuy%n EIGRP trn router
.
6.a: Cc b#Gc c?n hon thnh: Hon thnh nh"ng b#Gc sau cho workgroup 1 v 2 cho mMi
pod:
- Step 1: Trn mMi router CE, enable giao thPc ./nh tuy%n Rip version 2 (RIPv2). Disable
tnh nBng auto-summary c1a giao thPc ./nh tuy%n ny .i.
- Step 2: Trn mMi router P v PE, enable giao thPc ./nh tuy%n EIGRP, sK d9ng AS number
= 1, v chRc chRn rJng cc m4ng c1a Service provider . .#8c c5u hnh v .#8c quAng b
bLi giao thPc ./nh tuy%n EIGRP. Disable tnh nBng auto-summary c1a giao thPc ./nh tuy%n
ny.
- Step 3: ChRc chRn rJng cc workgroup khc cSng hon thnh nh"ng cng vi>c nh# trn.
- Step 4: Ti%n hnh ki@m tra.

6.b: Ki@m tra:
B4n s= hon thnh cng vi>c ki@m tra khi b4n thu .#8c nh"ng k%t quA sau:
- Trn mMi router P v PE, b4n s= ki@m tra giao thPc EIGRP . ho4t .<ng ch#a
- Trn mMi router P v PE, b4n s= ki@m tra EIGRP . .#8c enable trn t5t cA cc interface
serial c1a router ch#a.
- Trn mMi P v PE rouer, b4n ki@m tra interface loopback c1a t5t cA cc router P v PE .
.#8c hi@n th/ trong bAng ./nh tuy%n.
- Trn mMi router P v PE, b4n ki@m tra m4ng 192.168.x.0 c1a t5t cA cc router P v PE .
.#8c hi@n th/ trong bAng ./nh tuy%n ch#a.
- Trn mMi router PE, b4n ki@m tra m4ng 150.x.0.0 c1a t5t cA cc router P v PE . .#8c
hi@n th/ trong bAng ./nh tuy%n ch#a.

II. Lab 2-1 Answer Key: Thi(t l*p mi tr,ng ./nh tuy(n IGP c1a Service Provider
1. Task 2: C5u hnh Service Provider IGP
- C5u hnh nh"ng b#Gc sau trn router Pex1:
Pex1(config)# router eigrp 1

7
Pex1(config-router)# network 150.x.0.0 (ty chTn)
Pex1(config-router)# network 192.168.x.0
Pex1(config-router)# no auto-summary

Pex2(config-router)# network 150.x.0.0 (ty chTn)
Pex2(config-router)# network 192.168.x.0

- C5u hnh nh"ng b#Gc sau trn router Px1 :
Px1(config)# router eigrp 1
Px1(config-router)# network 192.168.x.0
Px1(config-router)# no auto-summary

- C5u hnh nh"ng b#Gc sau trn router Px2:
Px2(config)# router eigrp 1
Px2(config-router)# network 192.168.x.0
Px2(config-router)# no auto-summary

- C5u hnh nh"ng b#Gc sau trn t5t cA cc router CE:
Cex**(config)# router rip
Cex**(config-router)# network 10.0.0.0
Cex**(config-router)# network 150.x.0.0 (ty chTn)
Cex**(config-router)# no auto-summary

III. Thi(t l*p mi tr,ng m3ng li MPLS
1. Ph4m vi ho4t .<ng c1a bi lab:
Trong bi lab ny, b4n s= sK d9ng cc nhi>m v9 v cc cu l>nh c?n thi%t .@ tri@n khai
MPLS trn cc sAn phQm Cisco IOS. Sau khi hon thnh bi lab ny, b4n s= c th@ lRm .#8c
nh"ng n<i dung sau:
- Enable LDP trn cc router PE v P
- Disable sD quAng b c1a MPLS TTL
- C5u hnh cc .i;u ki>n quAng b nhn (label)

2. S, . v't l c1a bi lab
- Khi tri@n khai bi lab cc b4n c th@ dng s, . lab c1a hnh d#Gi .y.

8

- 6@ hon thnh bi lab ny cc b4n c?n tham khAo: Cisco IOS documentation.

4. Danh sch nh"ng cu l>nh c?n thi%t c1a bi lab ny
MPLS command
Cu l>nh M tA
Access-list access-list-number {
permit | deny } { type-code wild-
mask | address mask }
No Access-list access-list-number {
permit | deny } { type-code wild-
mask | address mask }

6@ c5u hnh danh sch nh"ng .i;u ki>n cho
m9c .ch lTc cc gi tin, khi m cc gi tin
t#,ng Png vGi m<t .i;u ki>n no .. 6@ xa bO
access-list . t4o, dng tI kha no L tr#Gc cu
l>nh.
Ip cef 6@ enable CEF trn RP card, sK d9ng cu l>nh
ip cef L ch% .< global configuration. 6@ disable
CEF, sK d9ng tI kha no tr#Gc cu l>nh ny.
Mpls ip
No mpls ip
6@ enable MPLS chuy@n ti%p cc gi tin Ipv4.
Mpls ip propagate-ttl
No mpls ip propagate-ttl [
forwarded | local ]
6@ .i;u khi@n tr#+ng TTL trong header MPLS
khi nhn l?n .?u tin .#8c gn vo m<t gi tin
IP, sK d9ng cu l>nh mpls ip propagate-ttl L
ch% .< global configuration. 6@ sK d9ng c: ./nh
gi tr/ TTL = 255 cho nhn .?u tin c1a gi tin
IP, th dng tI kha no tr#Gc cu l>nh ny.
Mpls label protocol {ldp | tdp | 6@ chE ra giao thPc phn ph:i nhn .#8c sK

9
both }
No mpls label protocol
d9ng trn ch% .< interface, sK d9ng cu l>nh
mpls label protocol L ch% .< interface
configuration. Dng tI kha no tr#Gc cu l>nh
ny .@ disable tnh nBng ..
Show mpls interface [interface]
[detail]
6@ hi@n th/ thng tin v; m<t hoUc nhi;u
interface . .#8c c5u hnh chuy@n m4ch nhn,
sK d9ng cu l>nh show mpls interfaces L ch%
.< privileged EXEC.
Show mpls ldp discovery 6@ hi@n th/ tr4ng thi c1a ti%n trnh xK l LDP
discovery, sK d9ng cu l>nh show mpls ldp
discovery L ch% .< privileged EXEC. Cu l>nh
ny s= .#a ra m<t danh sch c1a cc interface
.ang ch4y LDP discovery.
Show mpls ldp neighbor [address |
interface] [detail]
6@ hi@n th/ tr4ng thi c1a cc phin lm vi>c
c1a LDP, dng cu l>nh show mpls ldp
neighbor L ch% .< privileged EXEC.
Mpls ldp advertise-labels [for
prefix-access-list [ to peer- access-list
]]
no mpls ldp advertise-labels [for
prefix-access-list [ to peer- access-list
]]

6@ .i;u khi@n vi>c phn ph:i nhn bLi LDP, sK
d9ng cu l>nh mpls ldp advertise-labels L
ch% .< global configuration.

5. Task 1: Enable LDP trn cc router PE v P
- Cng vi>c ti%p theo l thi%t l'p MPLS vGi mi tr#+ng ./nh tuy%n c1a Service Provider.
Cng vi>c ny s= bao gm enable CEF v MPLS.

5a. Cc b#Gc c?n lm:
C?n hon thnh nh"ng b#Gc sau:
- Step 1: Trn Router PE c1a b4n, nh"ng cng vi>c sau s= c?n lm:
+ Enable CEF.
+ Enable LDP trn subinterface .ang k%t n:i trDc ti%p .%n router P c1a b4n.
- Step 2: Trn router P c1a b4n, nh"ng cng vi>c sau s= c?n thDc thi:
+ Enable CEF.
+ Enable LDP trn subinterface .ang k%t n:i trDc ti%p .%n router PE c1a b4n.
+ Enable LDP trn subinterface .ang k%t n:i trDc ti%p .%n router P c1a cc
workgroup khc.
- Step 3: Ki@m tra nh"ng workgroup khc xem . hon thnh nh"ng c5u hnh . ch#a.

10
5b. Ki@m tra:
B4n c th@ hon thnh cng vi>c ny khi b4n dnh .#8c nh"ng k%t quA sau:
- Trn mMi router c1a b4n, b4n ki@m tra nh"ng interface . c5u hnh LDP ch#a
Example:
P11# show mpls interface

- Trn mMi router c1a b4n, b4n ki@m tra tr4ng thi c1a interface xem . up ch#a v . thi%t
l'p m:i quan h> LDP neighbor ch#a.
Example:
Px1# show mpls ldp discovery

- Trn mMi router c1a b4n, ki@m tra LDP . .#8c chE ./nh m<t nhn cho mMi prefix trong
bAng ./nh tuy%n c1a n ch#a
Example:
Pex1# show ip route

Px1# show mpls ldp bindings

- Trn mMi router c1a b4n, ki@m tra LDP . nh'n m< nhn c1a nh"ng m4ng con v cc
interface loopback c1a router core ch#a.
Example:
Px1# show mpls ldp bindings
- Thi hnh traceroute tI router PE c1a b4n .%n ./a chE ip c1a interface loopback c1a router
PE c1a workgroup khc v ki@m tra k%t quA hi@n th/ vGi nh"ng nhn c lin quan.
Example:
Pex1# traceroute 192.168.x.33

6. Task 2: Disable TTL Propagation
- Trong ph?n ny, b4n s= disable MPLS TTL propagation v ki@m tra k%t quA. Workgroup 1
s= c5u hnh Pex1 v Px1. Workgroup 2 s= c5u hnh Pex2 v Px2.

6a. Nh"ng b#Gc c?n thi%t .@ hon thnh nhi>m v9 ny:
- Step1: Trn router PE c1a b4n, disable MPLS TTL propagation.
- Step2: Trn router P c1a b4n, disable MPLS TTL propagation.
- Step3: Ki@m tra cc workgroup khc . hon thnh nh"ng b#Gc trn ch#a.

6b. Ki@m tra:
B4n s= hon thnh cng vi>c ny khi b4n thu .#8c nh"ng k%t quA sau:

11
- B4n s= thDc thi l>nh traceroute tI router PE .%n ./a chE ip c1a interface loopback c1a
router PE nJm trn workgroup khc v so snh k%t quA ny vGi k%t quA thu .#8c trong l?n
tr#Gc:
Example:
Pex1# traceroute 192.168.x.33

7. Task 3: C5u hnh cc .i;u ki>n phn ph:i nhn.
- Trong ph?n ny, b4n s= sK d9ng nh"ng .i;u ki>n quAng b nhn .@ h4n ch% vi>c phn
ph:i nhn c lin quan .%n cc Interface nJm trn router Core
- Workgroup 1 s= c5u hnh Pex1 v Px1. Workgroup 2 s= c5u hnh Pex2 v Px2.

7a. Nh"ng b#Gc c?n lm:
- Step1: Trn router PE, hi@n th/ LSPs . .#8c xy dDng.
Example:
Pex1# show mpls for

- Step 2: Ch m<t LSP . .#8c xy dDng cho interface Wan .ang k%t n:i .%n router PE
v router P khc. LSP ny s= khng bao gi+ sK d9ng bLi v l#u l#8ng s= khng .#8c xc
./nh bnh th#+ng t4i .i@m ny.
- Step3: Trn cc router PE v P, c5u hnh cc .i;u ki>n phn ph:i nhn .@ cho php duy
nh5t phn ph:i cc nhn c lin quan .%n ./a chE IP loopback v cc interface c1a Core
cung c5p vi>c hM tr8 trDc ti%p .%n khch hng.
- Step 4: Ki@m tra cc workgroup khc . hon thnh ch#a.

7b. Ki@m tra.
- B4n s= hon thnh m9c ny khi b4n thu .#8c nh"ng k%t quA sau:
- Trn router PE, b4n s= hi@n th/ LSPs . .#8c xy dDng
Example:
PE11# show mpls f

- Trn router P, b4n s= dng cu l>nh sau .@ hi@n th/ LDP bindings
Example:
P11# show mpls ldp bind

8. Task 4: Xa bO cc .i;u ki>n phn ph:i nhn.
Trong ph?n ny, b4n s= xa bO nh"ng .i;u ki>n quAng b nhn v v'y s= khng h4n ch%
vi>c phn ph:i nhn c lin quan .%n cc Interface Wan trong Core.
- Workgroup 1 s= c5u hnh cc router Pex1 v Px1. Workgroup 2 s= c5u hnh cc router
Pex2 v Px2.

12
8a. Nh"ng th1 t9c c?n lm:
- Step 1: Xa bO cc .i;u ki>n phn ph:i nhn.
- Step 2: Ki@m tra cc workgroup khc.

8b. Ki@m tra.
B4n s= hon thnh vi>c ki@m khi thu .#8c nh"ng k%t quA sau:
- Trn router PE, b4n s= hi@n th/ LSP .ang xy dDng.
Example:
Pex1# show mpls for

IV. Lab 3-1 Answer key: Thi(t l*p mi tr,ng MPLS Core.
1. Task 1: Enable LDP trn cc router PE v P
Pex1(config)# ip cef
Pex1(config)# interface serial 0/0.111
Pex1(config-subif)# mpls label protocol ldp
Pex1(config-subif)# mpls ip
- C5u hnh nh"ng b#Gc sau trn router Pex2 :
Pex2(config)# ip cef
Pex2(config-subif)# mpls label protocol ldp
Pex2(config-subif)# mpls ip
Px1(config)# ip cef
Px1(config)# interface serial 0/0.111
Px1(config-subif)# mpls label protocol ldp
Px1(config-subif)# mpls ip
Px1(config)# interface serial0/0.112
Px2(config)# ip cef
Px2(config)# interface serial 0/0.111
Px2(config)# interface serial0/0.112

13
2. Task 2 : Disable TTL Propagation
- C5u hnh cc b#Gc sau trn router Pex1 v Pex2 :
Pex*(config)# no tag-switching ip propagate-ttl

- C5u hnh nh"ng b#Gc sau trn router Px1 v Px2:
Px*(config)# no tag-switching ip propagate-ttl

3. Task3: C5u hnh cc .i;u ki>n phn ph:i nhn
- C5u hnh cc b#Gc sau trn router Pex1:
Pex1(config)# no tag-switching advertise-tags
Pex1(config)# tag-switching advertise-tags for 90
Pex1(config)# access-list 90 permit 150.x.0.0 0.0.255.255
Pex1(config)# access-list 90 permit 192.168.x.16 0.0.0.15

Pex1(config)# no tag-switching advertise-tags
Pex1(config)# tag-switching advertise-tags for 90
Pex1(config)# access-list 90 permit 150.x.0.0 0.0.255.255

Px1(config)# no tag-switching advertise-tags
Px1(config)# tag-switching advertise-tags for 90
Px1(config)# access-list 90 permit 150.x.0.0.0 0.0.255.255
Px1(config)# access-list 90 permit 192.168.x.16 0.0.0.15

- C5u hnh cc b#Gc sau trn router Px2:
Px2(config)# no tag-switching advertise-tags
Px2(config)# tag-switching advertise-tags for 90
Px2(config)# access-list 90 permit 150.x.0.0.0 0.0.255.255

14

4. Task4 : Xa bO cc .i;u ki>n phn ph:i nhn.
- C5u hnh nh"ng b#Gc sau trn router Pex1 v router Pex2:
Pex*(config)# tag-switching advertise-tags
- C5u hnh nh"ng b#Gc sau trn router Px1 v Px2:
Px*(config)# tag-switching advertise-tags

V. Lab 5-1: C4u hnh MPLS VPN.
1. Ph4m vi v cc .:i t#8ng c1a bi lab:
- Cng ty c1a b4n .ang lm vi>c vGi m<t Service Provider. Pod c1a b4n c nhi>m v9 t4o hai
.#,ng VPN .@ hM tr8 cho hai khch hng mGi (Khch hng A v Khch hng B).
- Trong bi lab ny, b4n s= phAi t4o k%t n:i VPN cho khch hng c1a b4n. Sau khi hon
thnh, b4n s= c khA nBng hon thnh nh"ng cng vi>c sau:
+ C5u hnh MP-BGP .@ thi%t l'p ./nh tuy%n gi"a cc router PE trong workgroup c1a
b4n.
+ C5u hnh bAng VRF c?n thi%t .@ hM tr8 khch hng c1a b4n v thi%t l'p giao thPc
./nh tuy%n RIP cho khch hng c1a b4n sK d9ng VPN.

2. S, . logical c1a bi lab:
Hnh 1:

15
Hnh 2:

- 6@ hon thnh bi lab ny cc b4n s= c?n dng .%n ti li>u: Cisco IOS documentation.

4. Danh sch cu l>nh c?n thi%t cho bi lab:

Cu l>nh M tA
Address-family ipv4 vrf vrf-name ChTn m<t VRF instance c1a giao thPc ./nh
tuy%n
Address-family vpnv4 ChTn tham s: c5u hnh c1a ./a chE VPNv4
Ip vrf forwarding vrf-name Gn m<t Interface cho VRF
Ip vrf vrf-name T4o m<t bAng VRF
Neighbor ip-address active Active m<t route trao .Vi vGi cc ./a chE
family bn d#Gi c5u hnh c1a neighbor
Neighbor ip-address route-
reflector-client
6@ c5u hnh router nh# m<t BGP-speaking
neighbor hoUc perr group, sK d9ng cu l>nh
neighbor next-hop-self L ch% .< router
configuration. 6@ disable tnh nBng ny, sK
d9ng tI kha no tr#Gc cu l>nh ny.
Neighbor remote-as 6@ thm m<t danh m9c cho bAng BGP hoUc
MP-BGP neighbor, sK d9ng cu l>nh
neighbor remote-as L ch% .< router
configuration. 6@ xa bO danh m9c ny khOi

16
bAng, sK d9ng tI kha no L tr#Gc cu l>nh
ny.
Neighbor send-community 6@ chE ra cc thu<c tnh c1a cc community
s= .#8c gKi .%n m<t BGP neighbor, sK d9ng
cu l>nh neighbor send-community L ch%
.< router configuration. 6@ xa bO danh m9c
ny, sK d9ng tI kha no tr#Gc cu l>nh ny.
Neighbor update-source 6@ c .#8c Cisco IOS software cho php cc
phin c1a IBGP sK d9ng mTi Interface cho
vi>c k%t n:i TCP, sK d9ng cu l>nh neighbor
update-source L ch% .< router
configuration. 6@ ph9c hi l4i nh"ng g .
gn cho Interface trL v; nh"ng tham s: .
gn g?n nh5t, sK d9ng tI kha no tr#Gc cu
l>nh ny.
Ping vrf vrf-name host Ping m<t host thng qua VRF
Rd value Gn m<t RD cho m<t VRF
Redistribute bgp as-number metric
transparent
QuAng b cc route c1a BGP vo trong RIP
Router bgp as-number ChTn giao thPc ./nh tuy%n BGP .@ c5u hnh
Route-target import | export value Gn m<t RT cho m<t VRF
Show ip bgp neighbor Hi@n th/ nh"ng thng tin c1a cc BGP
neighbor
Show ip bgp vpnv4 vrf vrf-name Hi@n th/ cc route VPN Ipv4 lin k%t vGi VRF
Show ip route vrf vrf-name Hi@n th/ bAng ./nh tuy%n c1a mt VRF . chE
ra.
Show ip vrf detail Hi@n th/ chi ti%t nh"ng thng tin c1a VRF
telnet host /vrf vrf-name T4o m<t k%t n:i telnet .%n m<t router CE

5. Task 1 : C5u hnh Multiprotocol BGP
- Trong ph?n ny, b4n s= c5u hnh MP-BGP gi"a cc router PE trong m<t workgroup.
- Workgroup 1 s= c5u hnh MP-BGP trn router Pex1, v workgroup 2 s= c5u hnh cng
nhi>m v9 . trn router Pex2.

5a. Cc b#Gc c?n thi%t :
- Step1 : Active giao thPc ./nh tuy%n BGP trn router c1a b4n v gn chE s: AS l 65001.
Disable tnh nBng auto-summary.

- Step2 : Active cc phin lm vi>c c1a VPNv4 BGP gi"a cc router PE. Disable tnh nBng
auto-summary.

17
- Step 3: Ki@m tra trn cc workgoup khc.

5b. Ki@m tra
B4n s= hon thnh ph?n ny khi b4n thu .#8c nh"ng k%t quA sau:
- B4n s= hi@n th/ cc thng tin c1a BGP neighbor v chRc chRn rJng cc phin lm vi>c c1a
BGP . .#8c thi%t l'p gi"a hai router PE.
Example:
Pex1# show ip bgp sum

Pex2# show ip bgp sum

Pex1# show bgp neighbor

6. Task2: C5u hnh bAng Virtual Routing and Forwading (VRF).
Trong ph?n ny c1a bi lab, b4n s= phAi thi%t l'p cc k%t n:i VPN cho khch hng A v
khch hng B. Workgroup 1 s= thi%t l'p m<t k%t n:i VPN gi"a router Cex1A v Cex2A, v
workgroup2 s= thi%t l'p m<t k%t n:i VPN gi"a router Cex1B v router Cex2B. MMi
workgroup s= ch/u trch nhi>m cho vi>c c5u hnh vGi t5t cA cc router PE cho khch hng
c1a mnh.

6a. Cc b#Gc c?n lm:
- Step1: Thi%t k% m4ng VPN c1a b4n quy%t ./nh cc chE s: RD v RT.
- Step2: T4o cc VRF trn cc router PE v k%t h8p vGi cc interface PE-CE vo .ng cc
bAng VRF t#,ng Png.
- Step3: Khch hng c1a b4n .ang sK d9ng giao thPc ./nh tuy%n RIP, v v'y b4n c?n phAi
enable RIP cho VRF m b4n . t4o.
- Step4: C5u hnh quAng b RIP vo trong BGP vGi cu l>nh: address-family ipv4 vrf vrf-
name.
- Step 5: C5u hnh quAng b BGP vo trong RIP vGi cu l>nh: address-family ipv4 vrf
vrf-name.
- Step 6: C5u hnh Rip metric khi .#8c quAng b vo trong MP-BGP bJng cch sK d9ng cu
l>nh: redistribute bgp as-number metric transparent
- Step 7: 6Am bAo rJng RIP . .#8c enable trn t5t cA cc router CE. ChRc chRn rJng t5t
cA cc m4ng (bao gm cA loopback) s= .#8c active trong ti%n trnh xK l c1a RIP.

6b. Ki@m tra.
- B4n c?n ki@m tra l4i xem . c5u hnh .ng cc bAng VRF trn router ch#a bJng cu l>nh:
show ip vrf detail.

18
Example:
Pex1# show ip vrf detail

- Ki@m tra cc giao thPc ./nh tuy%n .ang ch4y trong VRF c1a b4n vGi cu l>nh: show ip
protocol vrf.
Example:
Pex1# show ip protocol vrf Customer_A
Pex1# show ip protocol vrf Customer_B

- Ki@m tra bAng ./nh tuy%n c1a mMi m<t VRF trn router PE vGi cu l>nh: show ip route
vrf.
Example:
Pex1# show ip route vrf Customer_A
Pex1# show ip route vrf Customer_B

- SK d9ng cu l>nh: show ip bgp vpnv4 vrf .@ hi@n th/ thng tin bAng ./nh tuy%n BGP k%t
h8p vGi m<t VRF.
Example:
Pex1# show ip bgp vpnv4 Customer_A

- Trn router CE, sK d9ng cu l>nh: show ip route .@ ki@m tra cc router .ang nh'n t5t cA
cc VPN route.
Example:
Cex1A# show ip route
Cex1A# traceroute 150.x.x2.17
Cex1A# ping 150.x.x2.17

- SK d9ng cu l>nh: show ip route trn router PE .@ ki@m tra cc route c1a khch hng c
xu5t hi>n trong bAng ./nh tuy%n khng.
Example:
Pex1# show ip route

- SK d9ng cu l>nh: ping v tracroute trn cc router PE .@ ki@m tra k%t n:i .%n cc
m4ng c1a khch hng.
Example:
Pex1# ping 150.x.x1.17
Pex1# ping 150.x.x1.33

- SK d9ng cu l>nh: ping vrf trn cc router PE .@ ki@m tra k%t n:i .%n cc m4ng c1a
khch hng.

19
Example:
Pex1# ping vrf Customer_A 150.x.x1.17
Pex1# ping vrf Customer_B 150.x.x1.33

VI. Lab 5-1 Answer key: C4u hnh MPLS VPN.

1. Task1: C5u hnh Multiprotocol BGP
Pex1(config)# router bgp 65001
Pex1(config-router)# neighbor 192.168.x.33 remote-as 65001
Pex1(config-router)# neighbor 192.168.x.33 update-source loopback 0
Pex1(config-router)# address-family vpnv4
Pex1(config-router-af)# neighbor 192.168.x.33 active
Pex1(config-router-af)# neighbor 192.168.x.33 next-hop-self
Pex1(config-router-af)# neighbor 192.168.x.33 send-community both
Pex1(config-router-af)# no auto-summary

Pex2(config-router)# neighbor 192.168.x.17 remote-as 65001
Pex2(config-router)# neighbor 192.168.x.17 update-source loopback 0
Pex2(config-router-af)# neighbor 192.168.x.17 active
Pex2(config-router-af)# neighbor 192.168.x.17 next-hop-self
Pex2(config-router-af)# neighbor 192.168.x.17 send-community both

2. Task 2: C5u hnh VRF (Virtual Routing and Forwading).
Pex1(config)# ip vrf Customer_A
Pex1(config-vrf)# rd x:10
Pex1(config-vrf)# route-target both x :10
Pex1(config)# ip vrf Customer_B
Pex1(config-vrf)# rd x:20
Pex1(config-vrf# route-target both x:20
Pex1(config)# interface serial0/0.101
Pex1(config-subif)# ip vrf forwarding Customer_A
Pex1(config-subif)# ip address 150.x.x1.18 255.255.255.240

20
Pex1(config-subif)# ip vrf forwarding Customer_B
Pex1(config)# router rip
Pex1(config-router) version 2
Pex1(config-router)# address-family ipv4 vrf Customer_A
Pex1(config-router)# network 150.x.0.0
Pex1(config-router-af)# redistribute bgp 65001 metric transparent
Pex1(config-router)# address-family ipv4 vrf Customer_B
Pex1(config-router-af) network 150.x.0.0
Pex1(config-router-af)# redistribute bgp 65001 metric transparent
Pex1(config-router-af)# redistribute rip
Pex1(config-router-af)# exit
Pex1(config-router-af)# redistribute rip

Pex2config)# ip vrf Customer_A
Pex2config-vrf)# rd x:10
Pex2config-vrf)# route-target both x :10
Pex2config)# ip vrf Customer_B
Pex2config-vrf)# rd x:20
Pex2config-vrf# route-target both x:20
Pex2config)# interface serial0/0.101
Pex2config-subif)# ip vrf forwarding Customer_A
Pex2config-subif)# ip address 150.x.x1.18 255.255.255.240
Pex2config)# interface serial 0/0.102
Pex2config-subif)# ip vrf forwarding Customer_B
Pex2config-subif)# ip address 150.x.x1.34 255.255.255.240
Pex2onfig)# router rip
Pex2config-router) version 2
Pex2config-router)# address-family ipv4 vrf Customer_A
Pex2config-router)# network 150.x.0.0
Pex2config-router-af)# no auto-summary

21
Pex2config-router-af)# redistribute bgp 65001 metric transparent
Pex2config-router)# address-family ipv4 vrf Customer_B
Pex2config-router-af) network 150.x.0.0
Pex2config-router-af)# redistribute bgp 65001 metric transparent
Pex2config)# router bgp 65001
Pex2config-router)# address-family ipv4 vrf Customer_A
Pex2config-router-af)# redistribute rip
Pex2config-router-af)# exit
Pex2config-router)# address-family ipv4 vrf Customer_B
Pex2config-router-af)# redistribute rip

VII Lab 5-2 : 5/nh tuy(n EIGRP gi7a cc router PE v router CE.

- M<t s: khch hng sK d9ng giao thPc ./nh tuy%n EIGRP nh# m<t giao thPc ./nh tuy%n bn
trong m4ng VPN ; .i khi, EIGRP .#8c dng .@ ./nh tuy%n chung vGi RIP hoUc BGP L nh"ng
site khc. Trong bi lab ny, th cc khch hng c1a Service Provider quy%t ./nh sK d9ng
giao thPc ./nh tuy%n EIGRP.
- Trong ph4m vi c1a bi lab ny, b4n s= tri@n khai EIGRP nh# m<t giao thPc ./nh tuy%n PE-
CE trong m4ng VPN c1a khch hng. Sau khi hon thnh bi lab ny, b4n s= c khA nBng
hon thnh nh"ng yu c?u sau :
+ Chuy@n .Vi cc site c1a khch hng .ang dng giao thPc ./nh tuy%n RIP thnh
giao thPc EIGRP v thi%t l'p VPN sK d9ng giao thPc ./nh tuy%n EIGRP. Nh"ng site cn l4i
vWn ch4y RIP nh# m<t giao thPc ./nh tuy%n IGP.

22
2. S, . logical c1a bi lab :

3. Ti li>u c?n thi%t
- 6@ hon thnh .#8c bi lab ny cc b4n c?n tham khAo thm ti li>u : Cisco IOS
document.

4. Danh sch cu l>nh c?n thi%t cho bi lab :
- BAng sau s= m tA cc cu l>nh c?n thi%t cho bi lab.

Cu l>nh M tA
Address-family ipv4 [multicast |
unicast | vrf vrf-name ]
Vo ch% .< c5u hnh ./a chE family v t4o
m<t VRF. VRF name (hoUc tag) s= phAi
t#,ng thch vGi VRF name . t4o trong
Step 3 c1a Task 2.
Network ip-address network-mask ChE ra m<t m4ng cho VRF. Cu l>nh
network .#8c sK d9ng .@ xc ./nh xem cc
interface no s= .#8c ./nh tuy%n trong
EIGRP. VRF s= phAi .#8c c5u hnh vGi m<t
dAi ./a chE . .#8c c5u hnh trong cu l>nh
network.
Redistribute protocol [process-id] {
level-1 | level-1-2 | level-2 } [ as-
number ] [ metric metric-value ] [
route-map map-name ] [ match {
ThDc hi>n quAng b BGP vo trong EIGRP.
ChE s: AS v metric c1a BGP s= .#8c c5u
hnh trong b#Gc ny. BGP s= phAi .#8c
quAng b vo trong EIGRP cho CE site .@

23
internal | external 1 | external 2 }] [
tag tag-value ] [ route-map map-tag ]
[subnets]
ch5p nh'n cc BGP routes c th@ mang
theo thng tin c1a EIGRP. M<t metric cSng
s= phAi .#8c chE ra cho BGP v cSng .#8c
c5u hnh trong b#Gc ny.
Router eigrp as-number Vo mode router configuration v t4o m<t
ti%n trnh xK l c1a EIGRP.
Show ip eigrp vrf vrf-name interfaces Hi@n th/ cc interface . .#8c c5u hnh ./nh
tuy%n trong EIGRP.
Show ip eigrp vrf vrf-name
neighbors
Hi@n th/ cc VRF neighbors khi cc
neighbors ho4t .<ng v khng ho4t .<ng.
Show ip eigrp vrf vrf-name topology Hi@n th/ cc danh m9c c1a VRF trong bAng
EIGRP topology.
Show ip vrf

5. Task 1: Enable EIGRP VPN
- Trong ph?n ny, khch hng c1a b4n . quy%t ./nh chuy@n .Vi duy nh5t hai site tI Rip
sang dng EIGRP. Workgroup 1 s= chuy@n .Vi Site A, Cex1A, tI Rip thnh EIGRP v thi%t
l'p m<t m4ng VPN. Workgroup 2 s= chuy@n .Vi Site B, Cex2B tI Rip thnh EIGRP v thi%t
l'p m<t m4ng VPN.
- MMi workgroup s= ch/u trch nhi>m c5u hnh cho t5t cA cc router PE c lin quan.

5a. Cc b#Gc c?n lm.
- Step 1: Disable RIP v c5u hnh EIGRP trn m<t trong hai router c1a site nJm pha khch
hng c1a b4n. Workgroup 1 s= c5u hnh Cex1A, v workgroup 2 s= c5u hnh Cex2B. B4n sK
d9ng x# nh# m<t chE s: c1a AS cho EIGRP. BLi v cA hai khch hng .ang k%t n:i trDc ti%p
thng qua cng m<t m4ng 150.x.0.0, v v'y b4n c?n phAi chE ra .ng cu l>nh trn EIGRP
t#,ng Png vGi cc interface.

- Step 2: Trn router PE, c5u hnh quAng b EIGRP vo trong BGP vGi cu l>nh: address-
family ipv4 vrf vrf-name. BLi v EIGRP metric ngun khng t#,ng thch vGi RIP metric
.ch, nn c5u hnh metric mUc ./nh l 1.

- Step3: Trn router PE, c5u hnh quAng b BGP vo trong EIGRP vGi cu l>nh address-
family ipv4 vrf vrf-name. Disable tnh nBng auto-summary c1a EIGRP.

5b. Ki@m tra.
- B4n s= phAi ki@m tra xem EIGRP . ho4t .<ng .ng trn cc interface ch#a.
Example:
Pex1# show ip eigrp interface

24

- B4n s= ki@m tra xem EIGRP adjacencies . .#8c thi%t l'p gi"a cc router CE v PE ch#a.
Example:
Pex1# show ip eigrp vrf Customer_A neighbor
Pex2# show ip eigrp vrf Customer_B neighbor

- Ki@m tra EIGRP topology database trn cc router CE.
Example:
Pex1# show ip eigrp vrf Customer_A topology
Pex2# show ip eigrp vrf Customer_B topology

- Ki@m tra k%t n:i VPN bJng cch sK d9ng cu l>nh Ping v Trace trn cc router CE v cc
cu l>nh Ping vrf v trace vrf trn cc router PE.
Example:
Cex1# ping 150.x.x2.33
Cex1A# ping 150.0.02.17
Cex1B# trace 150.x.x2.33
Cex1A# trace 150.x.x2.17
Pex1# ping vrf Customer_A 10.1.x2.49
Pex2# ping vrf Customer_A 10.1.x1.49
Pex1# trace vrf Customer_B 10.2.x2.49
Pex2# trace vrf Customer_A 10.1.x1.49

VIII Lab 5-2: Answer Key: 5/nh tuy(n EIGRP gi7a cc router PE v CE.

1. Task 1: Thi%t l'p EIGRP VPN.
- C5u hnh nh"ng b#Gc sau trn router Cex1A:
Cex1A(config)# no router rip
Cex1A(config)# router eigrp x
Cex1A(config-router)# network 10.0.0.0
Cex1A(config-router)# network 150.x.0.0
Cex1A(config-router)# no auto-summary

- C5u hnh nh"ng b#Gc sau trn router Cex2B:
Cex2B(config)# no router rip
Cex2B(config)# router eigrp x
Cex2B(config-router)# network 10.0.0.0
Cex2B(config-router)# network 150.x.0.0
Cex2B(config-router)# no auto-summary

25
Pex1(config-router)# no address-family ipv4 vrf Customer_A
Pex1(config-router-af)# autonomous-system x
Pex1(config-router-af)# network 150.x.x.x1 0.0.0.15
Pex1(config-router-af)# redistribute bgp 65001 metric 10000 100 255 1 1500
Pex1(config-router)# router bgp 65001
Pex1(config-router-af)# no redistribute rip
Pex1(config-router-af)# redistribute eigrp x metric 1

Pex2(config-router)# no address-family ipv4 vrf Customer_B
Pex2(config-router-af)# autonomous-system x
Pex2(config-router-af)# network 150.x.x.x1 0.0.0.15
Pex2(config-router-af)# redistribute bgp 65001 metric 10000 100 255 1 1500
Pex2(config-router)# router bgp 65001
Pex2(config-router-af)# no redistribute rip
Pex2(config-router-af)# redistribute eigrp x metric 1

IX- Lab 5-3 : 5/nh tuy(n OSPF gi7a cc router PE v CE.
- M<t s: khch hng quy%t ./nh sK d9ng OSPF nh# m<t giao thPc ./nh tuy%n trong m4ng
VPN, .i khi, n cn .#8c ch4y cng vGi RIP hoUc BGP L trn cc site khc. Trong ph?n
ny, b4n s= hon thnh vi>c tri@n khai giao thPc ./nh tuy%n OSPF trn cc router CE v PE.
Sau khi hon thnh bi lab ny, b4n c th@ hon thi>n .#8c nh"ng ph?n sau :
+ Chuy@n .Vi cc router nJm trn cc site c1a khch hng tI giao thPc ./nh tuy%n
Rip sang OSPF v thi%t l'p m4ng VPN sK d9ng OSPF.
+ Hon thnh sD di chuy@n c1a OSPF.

26
2. S, . logical c1a bi lab.

- 6@ hon thnh bi lab ny cc b4n c?n ti li>u sau : Cisco IOS documentation.

4. Danh sch cu l>nh c?n thi%t c1a bi lab:
- BAng sau s= m tA cc cu l>nh c?n thi%t .@ sK d9ng trong bi lab ny.

Cu l>nh M tA
Address-family ipv4 vrf vrf-name ChTn m<t instance c1a VRF cho m<t giao
thPc ./nh tuy%n
Default-information orginate always T4o m<t default route trong OSPF
Ip vrf forwarding vrf-name Gn m<t interface cho m<t VRF
Ip vrf vrf-name T4o m<t VRF table.
Ping vrf vrf-name host Ping m<t host .@ ki@m tra k%t n:i thng
qua VRF.
Redistribute bgp as-number subnets QuAng b cc route c1a BGP vo trong
OSPF.
Router bgp as-number C5u hnh giao thPc ./nh tuy%n BGP
Router ospf process vrf vrf-name KhLi t4o m<t ti%n trnh c1a OSPF vGi m<t
VRF.
Route-target import | export value Gn m<t RT cho m<t VRF.
Show ip bgp vpnv4 vrf vfr-name Hi@n th/ cc route c1a VPNv4 k%t h8p vGi
m<t VRF.

27
Show ip ospf database Hi@n th/ thng tin c1a OSPF database
Show ip route vrf vrf-name Hi@n th/ bAng ./nh tuy%n c1a m<t VRF.
Show ip vrf detail Hi@n th/ thng tin chi ti%t c1a VRF.
telnet host /vrf vrf-name T4o m<t k%t n:i .%n m<t CE router .ang
k%t n:i trDc ti%p vGi m<t VRF.

5. Task 1: C5u hnh OSPF nh# m<t giao thPc ./nh tuy%n PE-CE.
- Trong ph?n ny, khch hng c1a b4n quy%t ./nh sK d9ng OSPF nh# m<t giao thPc ./nh
tuy%n IGP. T5t cA cc site .ang ch4y giao thPc RIP v EIGRP .;u s= .#8c chuy@n sang
OSPF. Workgroup 1 s= chuy@n .Vi Customer A (Cex1A v Cex2A), v workgroup 2 s=
chuy@n .Vi Customer B (Cex1B v Cex2B) .@ thi%t l'p m<t m4ng VPN.
- MMi workgroup s= ch/u trch nhi>m c5u hnh cho t5t cA cc router PE c lin quan vGi cc
site c1a khch hng.

5a. Cc b#Gc c?n lm:
- Step1: Disable EIGRP v RIP v c5u hnh OSPF trn cc router CE. C5u hnh OSPF (sK
d9ng m<t OSPF process ID cho workgroup 1 l 1 v process id cho workgroup 2 vGi gi tr/
l 2) thng tin v; cc vng trong router CE s= c trong bAng bn d#Gi:

Area Interface (hoUc cc Interface)
Area 0 Wan Interface
Loopback 0
Area 1 E0/0

- Step 2: C5u hnh OSPF (sK d9ng m<t OSPF process ID cho workgroup 1 l 1 v process id
cho workgroup 2 vGi gi tr/ l 2) trong VRF trn cc router PE sK d9ng cu l>nh router
ospf vrf. SK d9ng OSPF Area 0 trn PE-CE link.

- Step 3: C5u hnh quAng b tI OSPF vo trong MP-BGP sK d9ng cu l>nh redistribute
ospf trong ch% .< c5u hnh VRF address family.

- Step 4: C5u hnh quAng b tI MP-BGP vo trong OSPF sK d9ng cu l>nh redistribute
bgp subnets trong ch% .< c5u hnh OSPF router configuration.

5b. Ki@m tra.
B4n s= hon thnh cng vi>c ki@m tra khi b4n thDc hi>n cc b#Gc sau:
- B4n c?n ki@m tra OSPF adjacency trn cc router Pex1 v Pex2 sK d9ng cu l>nh: show
ip ospf neighbor.
Example:
Pex1# show ip ospf neighbor

28
Pex2# show ip ospf neighbor

- Ki@m tra OSPF topology database trn cc router Cex1A v router Cex2B. B4n s= nhn
th5y tr4ng thi c1a cc k%t n:i.
Example:
Cex1# show ip ospf database

- Ki@m tra bAng ./nh tuy%n trn cc router Cex1A.
Example:

- Ki@m tra k%t n:i VPN bJng cch sK d9ng cu l>nh Ping v Trace trn cc router CE v
dng cu l>nh ping vrf v trace vrf trn cc router PE.
Example:
Cex1A# ping 10.1.x2.49
Pex1A# ping vrf Customer_B 10.2.x2.49
Pex1# trace vrf Customer_A 10.1.x2.49
Pex1# trace vrf Customer_B 10.2.x1.49

X. Lab 5-3 Answer Key: 5/nh tuy(n OSPF gi7a cc router PE v CE

1. Task 1: c5u hnh OSPF nh# m<t giao thPc ./nh tuy%n PE-Ce.
- C5u hnh cc b#Gc sau trn router Cex1A:
Cex1A(config)# no router eigrp x
Cex1A(config)# router ospf 1
Cex1A(config-router)# network 150.x.0.0 0.0.255.255 area 0
Cex1A(config-router)# network 10.1.x1.49 0.0.0.0 area 0

- C5u hnh nh"ng b#Gc sau trn router Cex1B :
Cex1B(config)# no router eigrp x
Cex1B(config)# router ospf 2
Cex1B(config-router)# network 150.x.0.0 0.0.255.255 area 0
Cex1B(config-router)# network 10.1.x1.49 0.0.0.0 area 0

Cex2A(config)# no router eigrp x

29

Cex2B(config)# no router eigrp x

Pex1(config)# no router rip
Pex1(config)# router ospf 2 vrf Customer_B
Pex1(config-router)# network 150.x.0.0 0.0.255.255 area 0
Pex1(config-router)# redistribute bgp 65001 subnets
Pex1(config-router)# exit
Pex1(config-router)# address-family ipv4 Customer_B
Pex1(config-router)# no redistribute rip
Pex1(config-router-af)# redistribute ospf 2
Pex1(config-router)# no address-family ipv4 vrf Customer_A
Pex1(config)# router ospf 1 vrf Customer_A
Pex1(config-router-af)# no redistribute eigrp x

Pex2(config)# no router rip
Pex2(config)# router ospf 2 vrf Customer_A
Pex2(config-router)# address-family ipv4 Customer_A

30
Pex2(config-router)# no redistribute rip
Pex2(config-router)# no address-family ipv4 vrf Customer_B
Pex2(config)# router ospf 2 vrf Customer_B
Pex2(config-router-af)# no redistribute eigrp x

XI- Lab 5-4: 5/nh tuy(n BGP gi7a cc router PE v CE.

- Khch hng c1a b4n quy%t ./nh mu:n c m<t .#+ng backup cho m9c .ch dD phng vGi
cc site. V v'y, c?n phAi sK d9ng giao thPc ./nh tuy%n BGP nh# m<t giao thPc ./nh tuy%n
gi"a CE-to-PE.
- Trong ph?n ny, b4n s= chuy@n .Vi giao thPc ./nh tuy%n hi>n .ang ch4y trn CE-to-PE
sang giao thPc BGP. Sau khi hon thnh nh"ng cng vi>c ny b4n s= c .#8c nh"ng k%t
quA sau :
+ Enable EBGP nh# m<t giao thPc ./nh tuy%n lin k%t CE-to-PE.
+ Enable m<t .#+ng dD phng
+ C5u hnh BGP .@ .i;u khi@n vi>c chTn .#+ng chnh v .#8c dD phng.

31
2. S, . logical c1a bi lab :

- 6@ hon thnh bi lab ny cc b4n c?n tham khAo thm : Cisco IOS documentation.

4. Danh sch cc cu l>nh cho bi lab.
- BAng sau s= m tA cc cu l>nh c?n thi%t .#8c sK d9ng trong bi lab ny.

32
Cu l>nh M tA
Address-family ipv4 vrf vrf-name ChTn m<t VRF Instance cho m<t giao thPc
./nh tuy%n
Ip vrf forwarding vrf-name Gn m<t interface cho m<t VRF
Ip vrf vrf-name T4o m<t VRF table.
Neighbor ip-address as-override 6@ c5u hnh m<t PE router .@ thay th% chE
s: AS c1a m<t site vGi AS c1a m<t nh
cung c5p, sK d9ng cu l>nh neighbor as-
override L ch% .< configuration router.
Neighbor ip-address route-map name
in | out
Gn thng tin route map cho BGP update
nh'n hoUc gKi tI m<t neighbor.
No neighbor ip-address shutdown Enable m<t BGP neighbor . b/ disable vGi
cu l>nh neighbor shutdown.
Ping vrf vrf-name host Ki@m tra k%t n:i vGi m<t host thng qua
VRF
Route-map name permit seq T4o m<t danh m9c trong m<t route map
Router bgp as-number Enable giao thPc ./nh tuy%n BGP trn
router
Route-target import | export value Gn m<t RT cho m<t VRF
Set metric value C5u hnh cc thu<c tnh c1a BGP MED
trong m<t route map.
Show ip bgp vpnv4 vrf vrf-name Hi@n th/ thng tin c1a cc .#+ng VPNv4
k%t h8p vGi m<t VRF.
Show ip route vrf vrf-name Hi@n th/ bAng ./nh tuy%n c1a m<t VRF
telnet host /vrf vrf-name T4o m<t k%t n:i telnet .%n m<t router CE

5. Task 1 : C5u hnh BGP nh# m<t giao thPc ./nh tuy%n PE-CE.
- Trong ph?n ny, b4n s= phAi c5u hnh BGP .@ ./nh tuy%n gi"a router PE v cc router
khch hng c1a b4n. OSPF s= l giao thPc ./nh tuy%n .#8c dng trong IGP .:i vGi cc
khch hng cn l4i. B4n s= thDc hi>n quAng b tI BGP vo trong OSPF v tI OSPF vo
trong BGP trn cc router c1a khch hng c1a b4n. B4n s= thi%t l'p m<t .#+ng VPN cho
Customer A v Customer B. Workgroup 1 s= chuy@n .Vi Customer A (Cex1A v Cex2A), v
workgroup 2 s= chuy@n .Vi customer B (Cex1B v Cex2B) .@ thi%t l'p m<t .#+ng VPN. MMi
workgroup s= ch/u trch nhi>m c5u hnh cho t5t cA cc router PE c lin quan.

5a. Cc b#Gc thDc hi>n :
- Step 1 : C5u hnh BGP trn cc router CE cho khch hng c1a b4n sK d9ng AS 650x1 cho
Customer A v AS 650x2 cho Customer B. Disable tnh nBng auto-summary c1a BGP.

33
- Step 2: Xa bO OSPF trn cc router PE lin quan v c5u hnh BGP neighbor vGi mMi
router CE v cc router PE.

- Step 3: BLi v cA hai site c1a khch hng c1a b4n cng chE s: AS, nn b4n c?n enable tnh
nBng AS-override trn cc router PE.

5b. Ki@m tra.
B4n s= hon thnh th1 t9c ki@m tra khi b4n c .#8c nh"ng k%t quA sau:
- B4n c?n ki@m tra k%t n:i BGP vGi cu l>nh: show ip bgp summary trn cc router CE.
Example:
Cex1A# show ip bgp summary

Cex1A# show ip bgp

Pex1# show ip bgp vpn all

6. Task 2: C5u hnh .#+ng dD phng PE-CE
- Trong ph?n ny, b4n s= phAi enable cc .#+ng dD phng trn cc router PE. Workgroup 1
s= thi%t l'p k%t n:i gi"a router Pex1 v router Cex2A, v workgroup 2 s= thi%t l'p k%t n:i
gi"a router Pex2 v router Cex1A. 6Am bAo rJng cc interface s= .#8c gn .ng VRF v
BGP c?n phAi .#8c actived

6a. Cc b#Gc c?n thDc hi>n
- Step 1: C5u hnh thm subinterface trn cc interface serial c1a router PE v router CE.

- Step 2: C5u hnh thm .#+ng dD phng vGi VRF thch h8p.

- Step 3: C5u hnh ./a chE IP v cc gi tr/ DLCI trn cc interface sK d9ng cc tham s:
trong bAng d#Gi .y:

Source
Router
IP address DLCI Destination
Router
IP Address DLCI
Cex2A 150.x.x1.49/28 113 Pex1 150.x.x1.50/28 113
Cex1B 150.x.x2.49/28 113 Pex2 150.x.x2.50/28 113

- Step 4: C5u hnh t4o m:i quan h> BGP neighbor gi"a router CE v router PE t#,ng Png.

6b. Ki@m tra
B4n s= hon thnh vi>c ki@m tra khi k%t quA thu .#8c nh# d#Gi .y:
- B4n c?n ki@m tra k%t n:i point-to-point trn subinterface mGi.

34
Example:
Cex1B# ping 150.x.x2.50
Pex2# ping vrf Customer_B 150.x.x2.49
Cex2# ping 150.x.x1.50
Pex1# ping vrf Customer_A 150.x.x1.49

- Ki@m tra k%t n:i BGP vGi cu l>nh show ip bgp summary trn cc router CE.
Example:
Cex2A# show ip bgp summary
Cex2A# show ip bgp
Pex1# show ip bgp vpn all

7. Task 3: ChTn .#+ng Primary v .#+ng Backup vGi BGP.
7a. Cc b#Gc c?n lm:
- Step 1: SK d9ng BGP tham chi%u c9c b< trn router CE .@ chTn .#+ng .%n router PE c9c
b< (thng qua MPLS core) nh# m<t .#+ng chnh v .#+ng .%n router PE remote nh# m<t
.#+ng dD phng.

- Step 2: C5u hnh MED trong thng tin c'p nh't ./nh tuy%n .%n tI router CE .@ chRc chRn
rJng cc router PE s= sK d9ng .#+ng chnh thng qua MPLS core tr#Gc khi c th@ sK d9ng
.#+ng dD phng.
7b. Ki@m tra.
B4n c th@ hon thnh ph?n ki@m tra ny khi b4n thu .#8c k%t quA tI nh"ng cu l>nh d#Gi
.y:
- B4n phAi sK d9ng cu l>nh: clear ip route hoUc clear ip bgp * trn router CE .@ quAng
b cc .#+ng .i vGi nh"ng tham s: mGi.
- B4n phAi ki@m tra .#+ng chnh (.#+ng k%t n:i .%n router PE local c1a b4n) .ang .#8c sK
d9ng. SK d9ng cu l>nh show ip bgp .@ ki@m tra v5n .; ny. V chRc chRn rJng cc
.#+ng .#8c nh'n tI .#+ng chnh s= lun .#8c chTn l .#+ng t:t nh5t.
Example:
Cex1# show ip bgp

- Ki@m tra cc tham s: ci .Ut c1a MED bJng cch sK d9ng cu l>nh show ip bgp vpnv4
vrf trn cc router PE. ChRc chRn rJng cc router PE s= chTn cc .#+ng tI .#+ng chnh nh#
m<t .#+ng t:t nh5t.
Example:
Pex2# show ip bgp vpnv4 all

- ThDc hi>n shut down .#+ng tI router PE local .%n router CE.

35
- Ki@m tra .#+ng dD phng (.#+ng .%n router PE local c1a b4n) .ang .#8c sK d9ng. SK
d9ng cu l>nh: show ip bgp .@ ki@m tra .i;u ny.
Example:
Cex1B# show ip bgp

- Enable l4i cc subinterface.
- Sau khi cc phin lm vi>c c1a BGP . .#8c thi%t l'p vGi router PE local, ki@m tra local
link .ang .#8c hi@n th/ nh# m<t preferred link. SK d9ng cu l>nh: show ip bgp .@ ki@m
tra.
Example:
Cex1B# show ip bgp

XII Lab 5-4 Answer Key: 5/nh tuy(n BGP gi7a cc router PE v CE

1. Task 1: C5u hnh BGP nh# m<t giao thPc ./nh tuy%n PE-CE.
Cex1A(config)# router bgp 650x1
Cex1A(config-router)# neighbor 150.x.x1.18 remote-as 65001
Cex1A(config-router)# redistribute ospf 1
Cex1A(config-router)# redistribute bgp 650x1 subnets

- C5u hnh cc b#Gc sau trn router Cex1B:
Cex1B(config)# router bgp 650x2
Cex1B(config-router)# neighbor 150.x.x1.34 remote-as 65001
Cex1B(config-router)# redistribute ospf 2
Cex1B(config-router)# redistribute bgp 650x2 subnets

Cex2A(config-router)# redistribute ospf 1
Cex2A(config-router)# redistribute bgp 650x1 subnets


36
Cex2B(config-router)# redistribute ospf 2
Cex2B(config-router)# redistribute bgp 650x2 subnets

- C5u hnh cc b#Gc sau trn router Pex1:
************workgroup 1*****************
Pex1(config-router-af)# no redistribute ospf 1
Pex1(config)# no router ospf 1 vrf Customer_A
Pex1(config-router-af)# neighbor 150.x.x1.17 remote-as 650x1
Pex1(config-router-af)# neighbor 150.x.x1.17 active
Pex1(config-router-af)# neighbor 150.x.x1.17 as-override

*****************workgroup 2 *********************
Pex1(config)# no router ospf 2 vrf Customer_B

**************** workgroup 1 *****************
Pex2(config)# no router ospf 1 vrf Customer_A

37
******************workgroup 2*********************
Pex2(config-router-af)# address-family ipv4 vrf Customer_B
Pex2(config)# no router ospf 2 vrf Customer_B
Pex2(config-router-af)# address-family ipv4 vrf Customer_B

2. Task 2: C5u hnh .#+ng dD phng PE-CE
Cex1B(config)# interface serial0/0.113 point-to-point
Cex1B(config-subif)# ip address 150.x.x2.49 255.255.255.240
Cex1B(config-subif)# frame-relay interface-dlci 113
Cex1B(config-fr-dlci)# no shutdown

Pex2(config)# interface serianl0/0.113 point-to-point
Pex2(config-subif)# ip vrf forwarding Customer_B
Pex2(config-subif)# frame-relay interface-dlci 113
Pex2(config-fr-dlci)# no shutdown
Pex2(config-rotuer-af)# neighbor 150.x.x2.49 active

Cex2A(config)# interface serial 0/0.113 point-to-point
Cex2A(config-subif)# ip addrress 150.x.x1.49 255.255.255.240
Cex2A(config-subif)# frame-relay interface-dlci 113
Cex2A(config-fr-dlci)# no shutdown

38

Pex1(config)# interface serial0/0.113 point-to-point
Pex1(config-subif)# ip vrf forwarding Customer_A
Pex1(config-fr-dlci)# no shutdown
Pex1(config-router)# address-family ipv4 Customer_A
Pex1(config-router-af)# neighbor 150.x.x1.49 activate

3. Task 3: ChTn .#+ng chnh v .#+ng dD phng vGi BGP.
Cex1B(config)# router-map setLP permit 10
Cex1B(config-route-map)# set local-preference 50
Cex1B(config-route-map)# route-map setMED permit 10
Cex1B(config-route-map)# set metric 200
Cex1B(config-route-map)# router bgp 650x2
Cex1B(config-router)# neighbor 150.x.x2.50 route-map setLP in
Cex1B(config-router)# neighbor 150.x.x2.50 route-map setMED out

Cex2A(config)# router-map setLP permit 10
Cex2A(config-route-map)# set local-preference 50
Cex2A(config-route-map)# route-map setMED permit 10
Cex2A(config-route-map)# set metric 200
Cex2A(config-route-map)# router bgp 650x1
Cex2A(config-router)# neighbor 150.x.x2.50 route-map setLP in
Cex2A(config-router)# neighbor 150.x.x2.50 route-map setMED out

XIII Lab 6-1: Overlapping VPNs.

1. Ph4m vi c1a bi lab:
- Khch hng .ang sK d9ng m4ng VPN c1a b4n mu:n c th@ trao .Vi d" li>u gi"a cc
Central Site. B4n quy%t ./nh tri@n khai yu c?u ny vGi m hnh Overlapping VPN.
- Trong bi lab ny, b4n s= thi%t l'p overlapping VPN .@ hM tr8 nh"ng yu c?u c?n thi%t c1a
khch hng. Sau khi hon thnh bi lab ny, b4n c th@ thu .#8c nh"ng k%t quA sau:
+ Thi%t k% m<t giAi php VPN.

39
+ Xa bO nh"ng VRF .ang tn t4i trn router Cex1A v Cex2B.
+ C5u hnh cc VRF mGi trn router Cex1A v router Cex2B.

2. S, . logical c1a bi lab

* Trong bi lab ny, b4n s= thDc hi>n thi%t l'p VPNs overlapping vGi nh"ng k%t n:i sau :
- Cc k%t n:i VPN .,n giAn :
+ Cex1A v Cex2A c th@ k%t n:i.
+ Cex1B v Cex2B c th@ k%t n:i.
+ Cex1A v Cex1B khng th@ k%t n:i.
+ Cex1B v Cex2A khng th@ k%t n:i.
- K%t n:i VPN overlapping (Customer_AB):
+ Cex1A v Cex2B c th@ k%t n:i.

3. Ti li>u c?n thi%t.
- Ti li>u c?n thi%t trong bi lab ny: Cisco IOS documentation.
4. Danh sch cu l>nh:
- Nh"ng cu l>nh thDc thi trong bi lab ny s= gi:ng nh# nh"ng bi lab tr#Gc.

5. Task 1: Thi%t k% giAi php VPN.

- Site Cex1A khng theer nJm trong cng m<t VRF vGi nh"ng site xA khc. T#,ng tD, site
Cex2B khng th@ nJm trong cng m<t VRF vGi cc site xB khc. V Cex1A v Cex2B cSng
khng th@ chia s= cng m<t VRF.

40

5a. Cc b#Gc c?n lm:
- Step 1: ChE ./nh cc RD mGi cho cc VRF .@ cc router Cex1A v router Cex2B k%t n:i
trDc ti%p.

- Step 2: M<t RT mGi c?n cho Customer_AB VPN.

5b. Ki@m tra.
B4n s= hon thnh ph?n ki@m tra khi b4n thu .#8c k%t quA tI nh"ng cu l>nh d#Gi .y:
- B4n s= phAi thi%t l'p .#8c cc RD v cc RT cho cc VRF mGi.

6. Task 2: Xa bO cc VRF .ang tn t4i trn Router Cex1A v Cex2B.
- Cex1A v Cex2B s= phAi .#8c chuy@n .%n mi tr#+ng ./nh tuy%n mGi. Cng vi>c ny r5t
dX thDc hi>n bLi chE c?n thay .Vi cc gi tr/ RD v RT c1a nh"ng VRF .ang tn t4i.
- cc Site Cex1A v Cex2B s= .#8c chuy@n .%n cc VRF mGi. T5t cA nh"ng tham chi%u .%n
nh"ng site ny s= phAi .#8c xa bO tI cc giao thPc ./nh tuy%n .ang tn t4i.
- Trong ph?n ny b4n s= thDc hi>n vi>c xa bO cc tham chi%u .%n cc router Cex1A v
Cex2B.

6a. Cc b#Gc c?n lm:
- Step 1: Xa bO m:i quan h> neighbor BGP gi"a router Cex1A v router Cex2B trn cc
router PE t#,ng Png.
- Step 2: Ki@m tra cc tham chi%u .%n router Cex1A v rouer Cex2B tI cc router PE t#,ng
Png, n%u c?n thi%t, th xa bO chng.

6b. Ki@m tra.
B4n c th@ hon thnh ph?n ki@m tra ny, khi b4n thu .#8c k%t quA tI nh"ng cu l>nh d#Gi
.y:
- Trn router PE, b4n thDc hi>n vi>c ki@m tra interface k%t n:i vGi router CE bJng cch sK
d9ng cu l>nh: show ip vrf interfaces.
Example:
Pex1# show ip vrf interface


- Ki@m tra m:i quan h> neighbor BGP . .#8c xa bO trn router PE vGi cu l>nh: show ip
bgp vpnv4 vrf summary. Ki@m tra tr4ng thi c1a router Cex1A v router Cex2B.
Example :
Pex1# show ip bgp vpnv4 vrf Customer_A summary

41
Pex2# show ip bgp vpnv4 vrf Customer_B summary

7. Task 3: C5u hnh cc VRF mGi cho router Cex1A v Cex2B.
7a. Cc b#Gc c?n thDc thi:
- Step 1: T4o cc VRF mGi cho cc router Cex1A v router Cex2B trn cc router PE vGi cu
l>nh: ip vrf.

- Step 2: Gn cc gi tr/ RD mGi cho cc VRF mGi vIa t4o vGi cu l>nh: rd

- Step 3: Gn .ng cc gi tr/ RT import v export cho cc VRF mGi vGi cu l>nh: route-
target

- Step 4: Thi%t l'p l4i ./nh tuy%n BGP gi"a cc router PE v cc router CE.

7b. Ki@m tra.
B4n s= hon thnh ph?n ki@m tra ny khi b4n thu .#8c nh"ng k%t quA tI nh"ng cu l>nh
d#Gi .y:
- Trn router PE, b4n c?n ki@m tra interface k%t n:i vGi CE router bJng cch sK d9ng cu
l>nh: show ip vrf interfaces.
Example:

- Ki@m tra cc neighbor BGP trn router PE vGi cu l>nh: show ip bgp vpnv4 summary.
Ki@m tra tr4ng thi c1a router Cex1A v router Cex2B.
Example :
Pex1A# show ip bgp vpnv4 vrf Customer_AB summary
Pex2# show ip bgp vpnv4 vrf Customer_AB summary

- Ki@m tra bAng ./nh tuy%n BGP cc VRF mGi bJng cch sK d9ng cu l>nh: show ip bgp
vpnv4 vrf. B4n s= nhn th5y cc .#+ng .i tI router Cex1A hoUc router Cex2B v cc .#+ng
.i tI cc VRF khc.
Example:
Pex1# show ip bgp vpnv4 Customer_AB
Pex2# show ip bgp vpnv4 vrf Customer_AB

- K%t n:i .%n router Cex1A v thDc thi cc cu l>nh ping v trace tests .%n ./a chE c1a
loopback c1a router Cex2B.
Example:

42
Cex1A# trace 10.2.x2.49

- K%t n:i .%n router Cex2A v ping .%n router Cex2B hoUc router Cex1B.
Example:

XIV Lab 6-1 Answer Key: Overlapping VPNs.

1. Task 1: Thi%t k% giAi php VPN.
- Khng c?n thi%t phAi c5u hnh task ny.

2. Task 2: Xa bO cc VRF .ang tn t4i trn router Cex1A v Cex2B.
Pex1(config-router-af)# no neighbor 150.x.x1.17
Pex1(config-vrf)# interface serial 0/0.101
Pex1(config-subif)# no ip vrf forwarding Customer_A

Pex2(config-router-af)# no neighbor 150.x.x2.33
Pex2(config-subif)# no ip vrf forwarding Customer_B

3. Task 3: T4o cc VRF mGi cho cc router Cex1A v Cex2B.
Pex1(config)# ip vrf Central_AB
Pex1(config-vrf)# rd x :11
Pex1(config-subif)# ip vrf forwarding Central_AB
Pex1(config-router-af)# address-family ipv4 vrf Central_AB

43

Pex2(config)# ip vrf Central_AB
Pex2(config-vrf)# rd x :21
Pex2(config-subif)# ip vrf forwarding Central_AB
Pex2(config-router-af)# address-family ipv4 vrf Central_AB

XV Lab 6-2: H9p nh4t cc Service Provider.

1. Cc b#Gc c?n thDc thi.
- Yu c?u .Ut ra l m<t s: Service Provider nhO quy%t ./nh h8p nh5t l4i thnh m<t. 6@
hon thnh .#8c yu c?u ny, th m<t Central P router (P1) mGi s= .#8c ci .Ut v c5u
hnh. K%t n:i Frame Relay s= .#8c cung c5p tI mMi router Px1 v Px2 local .%n router P1.
Trong tr#+ng h8p ny th Core Interior Gateway Protocol (IGP) s= thDc hi>n chuy@n .Vi tI
EIGRP sang dng Intermediate System-to-Intermediate System (IS-IS).
- Trong bi lab ny, b4n s= thDc hi>n h8p nh5t Service Provider nhO c1a b4n vGi m<t s: cc
Service Provider khc. Sau khi hon thnh bi lab ny b4n s= c .#8c nh"ng k%t quA sau:
+ Chuy@n .Vi Core IGP tI EIGRP sang IS-IS
+ Enable MPLS LDP k%t n:i vGi router Central P
+ Enable IBGP k%t n:i gi"a cc router PE.

- Workgroup 1 s= c5u hnh Pex1 v Pex1, v workgroup 2 s= c5u hnh Pex2 v Pex2. Router
P1 s= c?n phAi .#8c c5u hnh tr#Gc.

44

- Ti li>u c?n thi%t cho bi lab : Cisco IOS documentation.

4. Danh sch cu l>nh sK d9ng trong bi lab.
- BAng sau s= m tA cc cu l>nh .#8c sK d9ng trong bi lab.

Cu l>nh M tA
Router isis area-tag 6@ enable giao thPc ./nh tuy%n ISIS v chE
ra m<t ti%n trnh xK l c1a ISIS, sK d9ng
cu l>nh router isis trong ch% .< global
configuration. 6@ disable giao thPc ./nh
tuy%n ho4t .<ng trn router IS-IS, sK d9ng
tI kha no tr#Gc cu l>nh ny.
Net network-entity-title 6@ c5u hnh m<t IS-IS network entity title
(NET) cho m<t ti%n trnh xK l ./nh tuy%n
CLNS, sK d9ng cu l>nh net L ch% .< router
configuration. 6@ xa bO m<t NET, sK d9ng
Isis circuit-type { level-1 | level-1-2
| level -2 only }
6@ c5u hnh cc lo4i c1a adjacency, sK d9ng
cu l>nh isis circuit-type L ch% .<
interface configuration. 6@ khLi .<ng l4i
circuit type c1a Level 1 v Level 2, sK d9ng
Metric-style wide [transition ] [
level-1 | level-2 | level-1-2 ]
6@ c5u hnh m<t router ch4y IS-IS .#a ra
v ch5p nh'n duy nh5t cc lo4i new-style,
.< di, v cc gi tr/ (TLVs), sK d9ng cu
l>nh metric-style wide L ch% .< router
configuration. 6@ disable tnh nBng ny, sK
d9ng tI kha no tr#Gc cu l>nh ny.

45
5. Task 1: Enable k%t n:i vGi Router P central.
- Trong ph?n ny, b4n s= c nhi>m v9 enable Frame Relay lin k%t gi"a cc router P v
router P1, v sau . enable Label Distribution Protocol (LDP) cho cc k%t n:i gi"a cc
router.

5a. Cc b#Gc c?n lm.
- Step 1: C5u hnh ./a chE IP v cc gi tr/ DLCI trn cc interface sK d9ng cc tham s:
trong bAng d#Gi .y. Ch cc tham s: ny chE .#8c c5u hnh trn cc router P, khng
.#8c c5u hnh trn cc router PE.

Router Subinterface DLCI IP address
P11 S0/0.211 211 192.168.100.10/29
P12 S0/0.212 212 192.168.100.18/29
P21 S0/0.221 221 192.168.100.26/29
P22 S0/0.222 222 192.168.100.34/29

5b. Ki@m tra.
- Trn router P, b4n c th@ sK d9ng cu l>nh: show interface .@ ki@m tra xem cc
interface mGi . ho4t .<ng ch#a.

6. Task 2: Chuy@n Core sang sK d9ng IS-IS.
- BLi v cc giao thPc ./nh tuy%n thu<c lo4i link-state c khA nBng mL r<ng h,n giao thPc
./nh tuy%n thu<c lo4i distance vector, nn cc Service Provider quy%t ./nh chuy@n Core
sang sK d9ng IS-IS. Router P1 . thDc sD sYn sng .@ chuy@n .Vi. Workgroup c1a b4n s=
ch/u trch nhi>m cho vi>c chuy@n .Vi t5t cc router . .#8c gn cho b4n. Workgroup 1 s=
chuy@n .Vi hai router Pex1 v Px1. Workgroup 2 s= chuy@n .Vi router Pex2 v Px2.

6a. Cc b#Gc c?n thDc thi.
- Step 1: Disable EIGRP . .#8c c5u hnh trn cc router nJm trong Core IGP.
- Step 2: Enable IS-IS nh# m<t giao thPc ./nh tuy%n trong Core IGP sK d9ng cc tham s:
chi ti%t trong bAng sau:

Router ID NET Remarks
Pex1 Net 49.0001.0000.0000.01x1.00 Trong . x = chE s: c1a POD
Pex2 Net 49.0001.0000.0000.01x2.00
Px1 Net 49.0001.0000.0000.02x1.00
Px2 Net 49.0001.0000.0000.02x2.00

6b. Ki@m tra.

46
- B4n c th@ sK d9ng cu l>nh: show ip protocol .@ ki@m tra IS-IS . ho4t .<ng ch#a v
. .#8c enable .ng trn cc interface ch#a.
Example:
Pex1# show ip protocol
Px1# show ip protocol

- SK d9ng cu l>nh: show ip route v ki@m tra t5t cA cc .#+ng .i .ang gKi v nh'n.
Example:
Pex1# show ip route
Px1# show ip route

7. Task 3: Enable MPLS LDP k%t n:i vGi router P central
- Ph?n ny b4n s= phAi enable LDP k%t n:i gi"a cc router c1a b4n v router P1.

- Step 1: Enable LDP trn cc Subinterface m b4n . t4o trn router.

7b. Ki@m tra.
- Trn router P, b4n ki@m tra m:i quan h> LDP neighbor . .#8c thi%t l'p gi"a router P v
router P1 ch#a.
Example:
Px1# show mpls ldp neighbor

- Trn router PE, ki@m tra cc label . .#8c nh'n tI cc workgroup khc.
Example:
Pex1# show mpls forwarding

8. Task 4: Enable IBGP k%t n:i cho t5t cA cc router PE.
- Trong bi lab ny, b4n s= phAi thi%t l'p k%t n:i LDP cho t5t cA cc router P trong mi
tr#+ng m4ng c1a Service Provider mGi, nh#ng b4n ch#a c?n thi%t l'p k%t n:i BGP vo th+i
.i@m ny. By gi+, b4n c?n thi%t l'p k%t n:i Internal Border Gatewaly Protocol (IBGP) cho
cc router PE.
- C hai ph#,ng php b4n c th@ tri@n khai. 6?u tin l sK d9ng cu l>nh: bgp neighbor
.@ thm m<t m:i quan h> neighbor gi"a cc router. Ph#,ng php thP hai l tri@n khai cc
route phAn x4. 6@ hon thnh, th router P1 s= .#8c c5u hnh nh# m<t BGP route reflector.
Tuy nhin, .@ thu .#8c nh"ng #u .i@m c1a vi>c c5u hnh ny, th b4n s= c?n phAi xa bO
m:i quan h> neighbor gi"a hai router PE v c5u hnh chng nh# nh"ng client c1a router P1.
- Workgroup 1 s= c5u hnh Pex1, v workgroup 2 s= c5u hnh Pex2.

47
8a. Cc b#Gc c?n thDc hi>n.
- Step 1: Xa bO m:i quan h> neighbor gi"a router PE v remote router PE trong
workgroup c1a b4n.
- Step 2: C5u hnh router PE c1a b4n nh# m<t client c1a router P1.

8b. Ki@m tra.
- Trn cc router PE, b4n ki@m tra k%t n:i BGP .%n t5t cA cc workgroup khc vGi cu l>nh:
show ip bgp summary v cu l>nh: show ip bgp neighbor
Example:
Pex1# show ip bgp summary
Pe11# show ip bgp neighbor

- Ki@m tra bAng VRF BGP c1a cc khch hng c1a b4n trn cc router PE vGi cu l>nh:
show ip bgp vpnv4 vrf. B4n s= nhn th5y cc route BGP .%n tI cc router CE s= .#8c
chTn l nh"ng route t:t nh5t cc cc .ch.
Example:
Pex1# show ip bgp vpnv4 vrf Customer_A

- Ki@m tra bAng VRF cho cc khch hng c1a b4n trn cc router PE vGi cu l>nh: show ip
route vrf. B4n s= nhn th5y cc route .%n tI cc router CE s= .#8c lDa chTn.
Example:
Pex1# show ip route vrf Customer_A
Pex1# show ip route vrf Customer_B

XVI- Lab 6-2 Answer Key: H9p nh4t cc Service Provider.

1. Task 1: Enable k%t n:i vGi Router P central.
Px1(config)# interface serial0/0.2x1 point-to-point
Px1(config-subif)# ip address 192.168.100.** 255.255.255.248
Px1(config-subif)# frame-relay interface-dlci 2x1
Px1(config-fr-dlci)# no shutdown

Px2(config)# interface serial0/0.2x2 point-to-point
Px2(config-subif)# ip address 192.168.100.** 255.255.255.248
Px2(config-subif)# frame-relay interface-dlci 2x2
Px2(config-fr-dlci)# no shutdown

48
2. Task 2: Chuy@n Core sang sK d9ng IS-IS.
Pex1(config)# no router eigrp 1
Pex1(config)# router isis
Pex1(config-router)# net 49.0001.0000.0000.01x1.00
Pex1(config-router)# is level-2-only
Pex1(config-router)# metric-style wide
Pex1(config-router)# interface serial 0/0.111
Pex1(config-subif)# ip router isis
Pex1(config)# interface loopback 0

Pex2(config)# no router eigrp 1
Pex2(config)# router isis
Pex2(config-router)# net 49.0001.0000.0000.01x1.00
Pex2(config-router)# is level-2-only
Pex2(config-router)# metric-style wide
Pex2(config-router)# interface serial 0/0.111
Pex2(config)# interface loopback 0

Px1(config)# no router eigrp 1
Px1(config)# router isis
Px1(config-router)# net 49.0001.0000.0000.02x1.00
Px1(config-router)# is level-2-only
Px1(config-router)# metric-style wide
Px1(config-router)# interface serial0/0.111
Px1(config-subif)# ip router isis
Px1(config-subif)# interface serial 0/0.112
Px1(config-router)# interface serial 0/0.2x1
Px1(config)# interface loopback 0

Px2(config)# no router eigrp 1

49
Px2(config)# router isis
Px2(config-router)# net 49.0001.0000.0000.02x2.00
Px2(config-router)# is level-2-only
Px2(config-router)# metric-style wide
Px2(config-router)# interface serial0/0.111
Px2(config-subif)# interface serial 0/0.112
Px2(config-router)# interface serial 0/0.2x2
Px2(config)# interface loopback 0

3. Task 3. Enable MPLS LDP k%t n:i vGi router P central
Px1(config)# interface serial 0/0.2x1

Px2(config)# interface serial 0/0.2x2

4. Task 4 : Enable IBGP k%t n:i cho t5t cA cc router PE.
Pex1(config-router)# no neighbor 192.168.x.33 remote-as 65001
Pex1(config-router)# neighbor 192.168.100.129 remote-as 65001
Pex1(config-router)# neighbor 192.168.100.129 update-source loopback 0
Pex1(config-router-af)# neighbor 192.168.100.129 activate
Pex1(config-router-af)# neighbor 192.168.100.129 send-community both
Pex1(config-router-af)# neighbor 192.168.100.129 next-hop-self

Pex1(config-router)# no neighbor 192.168.x.17 remote-as 65001
Pex1(config-router)# neighbor 192.168.100.129 remote-as 65001
Pex1(config-router)# neighbor 192.168.100.129 update-source loopback 0

50
Pex1(config-router-af)# neighbor 192.168.100.129 activate
Pex1(config-router-af)# neighbor 192.168.100.129 send-community both
Pex1(config-router-af)# neighbor 192.168.100.129 next-hop-self

XVII Lab 6-3: Cc d/ch v% VPN chung.

- VGi m<t ki%n trc MPLS VPN mGi c th@ .#8c sK d9ng .@ tri@n khai m<t v5n .; mGi . l
v5n .; quAn l cc d/ch v9 c1a cc router CE. Cc NMS trung tm c th@ gim st v quAn
l t5t cA cc router CE thng qua k%t n:i VPN.
- NMS VPN s= cung c5p k%t n:i duy nh5t gi"a NMS v m<t ./a chE IP duy nh5t trn m<t
router CE v n .#8c sK d9ng cho m9c .ch quAn l.
- Trong bi lab ny, Service Provider c1a b4n . thi%t l'p m<t trung tm quAn l m4ng t'p
trung sK d9ng cng ngh> VPN gi"a cc interface loopback c1a cc router Ce v router NMS.
B4n s= thi%t l'p k%t n:i duy nh5t gi"a NMS v cc interface loopback trn router CE vGi
subnet mask l /32.

1. Ph4m vi ho4t .<ng c1a bi lab.
- Trong bi lab ny, b4n s= thi%t l'p m<t m4ng VPN quAn l gi"a cc interface loopback c1a
cc router CE v router NMS. Sau khi hon thnh bi lab ny, b4n s= c .#8c nh"ng k%t
quA sau:
+ Thi%t k% m<t m4ng VPN quAn l.
+ Thi%t l'p k%t n:i gi"a VRF quAn l v cc VRF khch hng bJng cch c5u hnh
.ng cc route .ch.


51
- 6@ hon thi>n bi lab ny cc b4n c th@ tham khAo thm ti li>u: Cisco IOS
documentation.

4. Danh sch cu l>nh sK d9ng trong bi lab.
- BAng sau s= m tA cc cu l>nh c?n thi%t .#8c sK d9ng trong bi lab ny:

Cu l>nh M tA
Export map name ChE ra m<t VRF export route map.
Ip prefix-list name permit address
mask ge len
T4i m<t danh sch IP prefix t#,ng Png
vGi t5t cA cc prefix .#8c chE ra trong
m<t dAi ./a chE vGi m<t subnet mask lGn
h,n hoUc bJng gi tr/ . chE ra.
Match ip address prefix-list list nh x4 m<t prefix trong m<t route map
vGi m<t danh sch IP prefix . .#8c chE
ra.
Route-map name permit seq T4o m<t danh m9c route map
Set extcommunity rt value additive Gn m<t RT vo m<t route t#,ng Png vGi
cu l>nh match

5. Task 1: Thi%t l'p k%t n:i gi"a NMS VRF v cc VRF khc.
- M4ng VPN quAn l l m<t d/ch v9 chung. V v'y, hai gi tr/ RT c?n cho m<t m4ng VPN:
server RT v client RT. Trn router PE hM tr8 NMS, m<t VRF cho m4ng VPN quAn l v c?n
m<t gi tr/ RD t#,ng Png: d#Gi .y s= l m<t s: thnh ph?n c5u hnh trn router NMS PE.
! Create the NMS VRF
!
Ip vrf NMS
Rd 101:500
Route-target export 101:500
Route-target import 101:500
Route-target import 101:501

- 6@ thi%t l'p k%t n:i gi"a NMS VRF v cc VRF khch hng, b4n s= phAi gn cc client RT
cho cc route h#Gng tGi ./a chE loopback c1a router CE khi ./a chE ny .#8c xu5t ra tI VRF
c1a khch hng. B4n cSng c?n phAi nh'p vo cc route h#Gng tGi router NMS vo trong t5t
cA cc VRF c1a khch hng.


52
- Step 1: T4o m<t danh sch ./a chE IP s= .#8c dng .@ nh x4 vGi cc ./a chE loopback c1a
router CE.
- Step 2: T4o m<t route map s= .#8c dng .@ nh x4 vGi cc ./a chE loopback c1a router
CE vGi danh sch prefix v gn cc gi tr/ client RT vo nh"ng route ..
- Step 3: 6#a cc route map vo nh"ng route .#8c xu5t ra tI cc VRF c1a khch hng vGi
cu l>nh: export route-map.
- Step 4: nh'p cc route NMS vo trong VRF c1a khch hng bJng cch chE ra .ng cc gi
tr/ nh'p RT.

5b. Ki@m tra.
- B4n c?n ki@m tra xem cc gi tr/ RT . .#8c gn .ng vo cc route h#Gng tGi ./a chE
loopback c1a router CE ch#a bJng cch sK d9ng cu l>nh: show ip bgp vpnv4 vrf name
prefix.
Example:
Pex1# show ip bgp vpnv4 vrf Customer_A 10.1.x1.49

- SK d9ng cu l>nh ping mL r<ng, ki@m tra xem b4n c th@ ping tI ./a chE loopback c1a
router CE .#8c quAn l .%n ./a chE loopback c1a router NMS CE hay khng (10.10.10.49).

- SK d9ng cu l>nh ping mL r<ng, ki@m tra xem b4n khng th@ ping tI ./a chE Ethernet c1a
router CE .#8c quAn l .%n ./a chE loopback c1a router NMS CE khng (10.10.10.49).

- Ki@m tra router CE c1a b4n .ang nhn th5y duy nh5t cc prefix vGi m4ng VPN c1a b4n.
Example:
Pex1# show ip bgp vpnv4 vrf Customer_A

XVIII Lab 6-3 Answer Key: Cc d/ch v% VPN chung.

1. Task 1: Thi%t l'p k%t n:i gi"a NMS VRF v cc VRF khc
- C5u hnh nh"ng b#Gc sau trn router Pex1 c1a Customer A:
Pex1(config-vrf)# export map NMS_Cus_A
Pex1(config-vrf)# route-target import 101:500
Pex1(config)# ip vrf A_Central
Pex1(config)# route-map NMS_Cus_A permit 10
Pex1(config-route-map)# match ip address access-list 10
Pex1(config-route-map)# set extcommunity rt 101:501 add
Pex1(config-route-map)# exit

53
Pex1(config)# access-list 10 permit host 10.1.x1.49

- C5u hnh nh"ng b#Gc sau trn router Pex2 c1a Customer A:
Pex2(config)# route-map NMS_Cus_A permit 10
Pex2(config-route-map)# match ip address 10

- C5u hnh nh"ng b#Gc sau trn router Pex1 c1a Customer B:
Pex1(config-vrf)# export map NMS_Cus_B
Pex1(config)# route-map NMS_Cus_B permit 10

- C5u hnh cc b#Gc sau trn router Pex2 c1a Customer B:
Pex2(config)# ip vrf B_Central
Pex2(config)# route-map NMS_Cus_B permit 10

54
XIX Tch cc interface cho k(t n:i Internet.

- Trong nhi;u tr#+ng h8p, cc khch hng c1a b4n mu:n gi" l4i m hnh truy c'p internet
theo ph#,ng php truy;n th:ng vGi m<t firewall gi"a m4ng VPN c1a khch hng v
Internet. 6@ .p Png .#8c yu c?u ny th b4n c th@ tri@n khai bJng cch sK d9ng m4ng
VPN chuyn d9ng v Interface vGi nh"ng subinterface trn lin k%t v't l PE-CE.

1. Ph4m vi c1a bi lab.
- Trong bi lab ny, b4n s= tri@n khai m<t giao di>n truy c'p internet ring bi>t. Sau khi
hon thnh bi lab, b4n s= thu .#8c nh"ng k%t quA sau:
+ Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet.
+ Thi%t l'p ./nh tuy%n gi"a khch hng v Internet.

- B4n s= c5u hnh thm cc lin k%t Ao gi"a cc router CE c1a Site trung tm (Cex1A v
Cex2B) v cc router PE khc. B4n s= phAi c5u hnh thm Static Routing gi"a cc router PE
v CE. Remote Site (Cex1B v Cex2A) s= truy c'p Internet sK d9ng k%t n:i MPLS VPN.

- 6@ hon thnh bi lab ny cc b4n c?n tham khAo thm ti li>u: Cisco IOS
documentation.

4. Danh sch cu l>nh dng cho bi lab.
- BAng d#Gi .y s= m tA cc cu l>nh c?n thi%t sK d9ng trong bi lab.

Cu l>nh M tA
Ip route prefix mask null 0 T4o m<t route tVng h8p trong bAng ./nh
tuy%n.

55
5. Task 1: Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet.
- Trong ph?n ny, b4n s= t4o thm m<t subinterface mGi .@ hM tr8 cho vi>c truy c'p
Internet trn router L Central Site.

- Step 1: T4o m<t subinterface mGi (s0/0.114) trn router central c1a khch hng sK d9ng
cc thng tin ./a chE bn d#Gi bAng sau:

Router ID IP Address DLCI
Cex1A 150.x.x1.66/28 114
Cex2B 150.x.x2.66/28 114

- Step 2: C5u hnh subinterface mGi . ho4t .<ng vGi giao thPc ./nh tuy%n Interior
Gateway Protocol (IGP) v chRc chRn rJng interface . L tr4ng thi Passive.

- Step 3: T4o m<t subinterface mGi (S0/0.114) trn cc router PE sK d9ng thng tin ./a chE
trong bAng d#Gi:

Pex1 150.x.x1.65/28 114
Pex2 150.x.x2.65/28 114

- Step 4: C5u hnh cc subinterface mGi ho4t .<ng vGi giao thPc ./nh tuy%n IGP v chRc
chRn rJng interface ny L tr4ng thi Passive.

5b. Ki@m tra.
- B4n c th@ sK d9ng cu l>nh show ip interface .@ ki@m tra tr4ng thi c1a cc interface
mGi.
Example:
Cex1A# show ip interface S0/0.114
Pex1# show ip interface S0/0.114

6. Task 2: Thi%t l'p ./nh tuy%n gi"a Site c1a Khch hng v Internet.
- VGi giAi php ny, Khch hng v Service Provider quy%t ./nh sK d9ng Static Routing .@
./nh tuy%n ra internet. Trong ph?n ny, b4n s= enable m<t Static Default Route trn router
CE .@ ./nh tuy%n ra Internet v m<t Static Route trn Router PE .@ chE ra dAi ./a chE c1a
khch hng.


56
- Step 1: Trn router PE .ang hM tr8 router CE c1a b4n, t4o m<t static route .@ chE ra dAi
./a chE c1a khch hng.
- Step 2: QuAng b cc route ny vo trong BGP.
- Step 3: Trn router CE, t4o m<t default route.
- Step 4: Static route ny s= .#8c sK d9ng bLi cA hai Site l Central v Remote.

6b. Ki@m tra.
- B4n c th@ ki@m tra static route trn router PE.
Example:
Pex1# show ip route
CE***# show ip route

- SK d9ng cu l>nh ping mL r<ng .@ ki@m tra k%t n:i m4ng c1a khch hng vGi Internet.
Example:
Cex1# ping
Protocol [ip]:
Target IP address: 201.202.26.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.x.x1.49
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose [none]:
Sweep range of size [n]:
Type escape sequence to abort.

XX lab 7-1 Answer Key: Tch cc interface cho k(t n:i Internet.

1. Task 1: Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet.
Cex1A(config)# interface serial 0/0.114 point-to-point
Cex1A(config-subif)# ip address 150.x.x1.66 255.255.255.240
Cex1A(config-subif)# frame-relay interface-dlci 114
Cex1A(config-subif)# router ospf 1

57
Cex1A(config-router)# passive-interface serial s0/0.114

Cex2B(config)# interface s0/0.114 point-to-point
Cex2B(config-subif)# ip address 150.x.x2.66 255.255.255.240
Cex2B(config-subif)# frame-relay interface-dlci 114
Cex2B(config-subif)# router ospf 2
Cex2B(config-router)# passive-interface s0/0.114

Pex1(config)# interface s0/0.114 point-to-point
Pex1(config-subif)# router isis
Pex1(config-router)# passive-interface s0/0.114

Pex2(config)# interface s0/0.114 point-to-point
Pex2(config-subif)# router isis
Pex2(config-router)# passive-interface s0/0.114

2. Task 2 : Thi%t l'p ./nh tuy%n gi"a Site c1a Khch hng v Internet.

- C5u hnh cc b#Gc sau trn router Pex1 :
Pex1(config)# ip route 10.1.x1.0 255.255.255.0 150.x.x1.66
Pex1(config-router)# redistribute static

- C5u hnh cc b#Gc sau trn router Pex2 :
Pex2(config-router)# redistribute static

58
- C5u hnh cc b#Gc sau trn router Cex1A :
Cex1A(config)# ip route 0.0.0.0 0.0.0.0 s0/0.114
Cex1A(config-router)# network 0.0.0.0

- C5u hnh cc b#Gc sau trn router Cex2B :
Cex2B(config)# ip route 0.0.0.0 0.0.0.0 s0/0.114
Cex2B(config-router)# network 0.0.0.0

XXI Lab 7- 2: Nhi<u Site truy c*p internet.
- 6@ t:i #u qu trnh ./nh tuy%n, nh cung c5p d/ch v9 s= tin chRc rJng khch hng c1a
mnh c th@ truy c'p Internet tI m<t site. BLi v nhi;u site cng truy c'p Internet, th giao
thPc ./nh tuy%n dng s= .#8c chuy@n .Vi tI Static sang giao thPc ./nh tuy%n BGP.
- Trong bi lab ny, b4n s= chuy@n .Vi cc khch hng .@ trDc ti%p truy c'p .%n cc giao
di>n c1a BGP. Sau khi hon thnh bi lab ny, b4n s= thu .#8c nh"ng k%t quA sau:
+ Thi%t l'p k%t n:i remote site CE-PE cho vi>c truy c'p Internet.
+ Thi%t l'p remote site ./nh tuy%n gi"a khch hng v Internet.

- B4n s= c5u hnh thm cc lin k%t virtual gi"a cc router (Cex1B v Cex2A) v cc router
PE c1a chng. B4n s= c5u hnh m<t phin lm vi>c c1a BGP global gi"a cc router PE v cc
router CE .@ trao .Vi cc .#+ng .i Internet gi"a nh cung c5p d/ch v9 v khch hng.

3. Ti li>u tham khAo.
- Ti li>u .@ tham khAo trong bi lab ny : Cisco IOS documentation.

4. Danh sch cu l>nh c?n thi%t cho bi lab.
- BAng d#Gi .y s= m tA cc cu l>nh c?n thi%t cho bi lab.

59

Cu l>nh M tA
Ip route prefix mask null 0 T4o m<t .#+ng .i tVng h8p trong bAng ./nh
tuy%n

5. Task 1 : Thi%t l'p k%t n:i CE-PE cho vi>c truy c'p Internet.
- Nh cung c5p d/ch v9 c1a b4n . thDc sD t4o m<t m4ng VPN .@ truy;n cc l#u l#8ng tI
Internet. B4n s= c?n phAi ra nh'p vo m4ng VPN ny.
5a. Cc b#Gc c?n thDc thi :
- Step 1 : T4o m<t subinterface (S0/0.115) trn cc router cn l4i c1a khch hng bJng
cch sK d9ng cc thng tin ./a chE bn d#Gi bAng sau:
Cex1B 150.x.x1.130/28 115
Cex2A 150.x.x2.130/28 115

- Step 2 : T4o m<t subinterface (S0/0.115) trn cc router PE sK d9ng nh"ng thng tin ./a
chE trong bAng d#Gi .y:
Pex1 150.x.x1.129/28 115
Pex2 150.x.x2.129/28 115

5b. Ki@m tra.
- B4n c th@ ki@m tra tr4ng thi c1a interface.
Example :
Cex1B# show ip interface s0/0.115

Pex1# show ip interface s0/0.115

6. Task 2: Thi%t l'p ./nh tuy%n gi"a m4ng c1a khch hng v Internet.
- Step 1: Trn cc router CE (Cex1A hoUc Cex2B), xa bO cc cu l>nh network v passive
interface c lin quan .%n Interface Wan tI m4ng c1a Khch hng.
- Step 2: Xa bO cu l>nh network tham chi%u .%n m4ng 0.0.0.0 tI BGP.
- Step 3: Xa bO static route 0.0.0.0.
- Step 4: Thm lin k%t c1a router PE nh# m<t BGP neighbor.
- Step 5: Trn router PE, thm cc lin k%t vGi router CE nh# m<t BGP neighbor.
- Step 6: Trn router CE (Cex2A hoUc Cex1B), thm cc lin k%t vGi router PE nh# m<t BGP
neighbor.
- Step 7: Trn router PE, thm cc lin k%t vGi router CE nh# m<t BGP neighbor.

60
6b. Ki@m tra.
- B4n c th@ ki@m tra tr4ng thi c1a cc BGP neighbor.
Example:
Pex1# show ip bgp summary
XXII Lab 7-2 Answer key: Nhi<u Site truy c*p Internet.
1. Task 1: Thi(t l*p k(t n:i CE-PE truy c*p Internet.
- C5u hnh nh"ng b#Gc sau trn router CE:
Cex**(config)# interface serial0/0.115 point-to-point
Cex**(config-subif)# ip address 150.x.x*.130 255.255.255.240
Cex**(config-subif)# frame-relay interface-dlci 115

- C5u hnh nh"ng b#Gc sau trn router PE :
Pex*(config)# interface serial0/0.115 point-to-point
Pex*(config-subif)# ip address 150.x.x*.129 255.255.255.240
Pex*(config-subif)# frame-relay interface-dlci 115

2. Task 2 : Thi(t l*p ./nh tuy(n gi7a m3ng c1a Khch hng v Internet.
2a. Customer A :
- C5u hnh cc b#Gc sau trn router Cex1A :
Cex1A(config-router)# no passive-interface serial0/0.114
Cex1A(config-router)# no network 150.x.0.0 0.0.255.255 area 0
Cex1A(config-router)# router bgp 650x1
Cex1A(config-router)# no network 0.0.0.0
Cex1A(config-router)# neighbor 150.x.x1.65 remote 65001
Cex1A(config-router)# no ip route 0.0.0.0 0.0.0.0 serial0/0.114

Pex1(config)# no ip route 10.1.x1.0 255.255.255.0 150.x.x1.66
Cex1A(config)# router bgp 65001
Cex1A(config-router)# neighbor 150.x.x1.66 remote 650x1

Cex2A(config-router)# neighbor 150.x.x2.129 remote 65001

- C5u hnh nh"ng b#Gc sau trn router Pex2.
Pex2(config-router)# neighbor 150.x.x2.130 remote 650x1

61
2b. Customer B.
Cex2B(config-router)# no passive-interface serial0/0.114
Cex2B(config-router)# no network 150.x.0.0 0.0.255.255 area 0
Cex2B(config-router)# router bgp 650x2
Cex2B(config-router)# no network 0.0.0.0
Cex2B(config-router)# neighbor 150.x.x2.65 remote 65001
Cex2B(config-router)# no ip route 0.0.0.0 0.0.0.0 s0/0.114

- C5u hnh cc b#Gc sau trn cc router Pex2:

Pex2(config-router)# neighbor 150.x.x1.129 remote 65001

- C5u hnh nh"ng b#Gc sau trn cc router Pex1:

XXII K(t n:i Internet trong m=t m3ng MPLS VPN
- Trong bi lab ny, b4n s= phAi chuy@n m4ng c1a khch hng tI m<t m4ng VPN c th@
truy c'p Internet. Sau khi hon thnh bi lab, b4n s= thu .#8c nh"ng k%t quA sau:
+ Thi%t l'p k%t n:i tI CE-PE trung tm c th@ truy c'p Internet.
+ Thi%t l'p k%t n:i tI CE-PE remote c th@ truy c'p Internet.

- Trong bi lab ny, b4n s= t4o m<t m4ng VPN c th@ truy;n d" li>u tI Internet, v sau .
b4n s= t4o m<t k%t n:i gi"a m4ng VPN v site c1a khch hng. MMi Workgroup s= ch/u trch
nhi>m thi hnh nh"ng nhi>m v9 c5u hnh trn cc router PE c1a mnh.
- Hnh bn d#Gi s= m tA s, . logical c1a bi lab.

62

- Ti li>u tham khAo .@ c th@ hon thnh bi lab ny t:t nh5t: Cisco IOS document.

4. Danh sch cu l>nh c?n thi%t cho bi lab.
- Cc cu l>nh trong bi lab ny s= sK d9ng l4i L nh"ng bAng danh sch cu l>nh c1a cc
ph?n tr#Gc.

5. Task 1: Thi%t l'p k%t n:i Central Site truy c'p Internet.
- Nh cung c5p d/ch v9 c1a b4n . thDc sD t4o m<t m4ng VPN .@ truy;n d" li>u tI
- Step 1: Trn router PE (Pex1 hoUc Pex2), t4o m<t bAng Internet VPN VRF mGi. Nh cung
c5p d/ch v9 . gn m<t gi tr/ c1a RT l 100:600 v m<t gi tr/ c1a RD l 100:600 cho t5t
cA cc VRF.
- Step 2: Gn interface (114) .ang hM tr8 bLi router CE c1a Central Site (Cex1A hoUc
Cex2B) vo trong m<t VRF.
- Step 3: Xa bO cu l>nh nighbor c1a router nJm trong Central Site tI Unicast address
family.
- Step 4: Thm cu l>nh neighbor c1a router nJm trong Central Site cho Internet VRF.

5b. Ki@m tra.
- B4n c th@ ki@m tra cc .#+ng .i Internet .#8c nh'n bLi cc router CE nJm trong Central
Site .%n cc router PE neighbor.
Example:

6. Task 2: Thi(t l*p k(t n:i c1a Remote Site cho vi>c truy c*p Internet.
- Nh cung c5p d/ch v9 c1a b4n . thDc sD t4o m<t m4ng VPN .@ truy;n d" li>u tI

63
- Step 1: Trn cc router PE (Pex1 hoUc Pex2) .ang hM tr8 cc router CE (Cex2A hoUc
Cex1B) nJm trong remote site c1a b4n, gn interface (115) vo trong m<t VRF.
- Step 2: Xa bO cu l>nh neighbor tI cc router nJm trong remote site L ch% .< global
address family.
- Step 3: Thm cu l>nh neighbor trn cc router nJm trong m4ng Remote site cho bAng
VRF Internet.

6b. Ki@m tra.
- B4n c th@ ki@m tra cc .#+ng .i Internet .#8c nh'n bLi cc router CE nJm trong Central
Site.
Example:

XXIII Lab 7-3 Answer Key: K(t n:i Inernet trong m3ng MPLS VPN.
1. Task 1: Thi%t l'p k%t n:i cho Central Site truy c'p Internet.
- C5u hnh cc b#Gc sau trn cc router PE:
Pex1(config)# ip vrf internet
Pex1(config-vrf)# route-target both 100:600
Pex1(config)# interface s0/0.114
Pex1(config-subif)# ip vrf forwarding Internet
Pex1(config-router)# no nighbor 150.x.x1.66 remote-as 650x1
Pex1(config-router)# address-family ipv4 vrf Internet
Pex1(config-router-af)# neighbor 150.x.x1.66 remote 650x1

Pex2(config)# ip vrf internet
Pex2(config-vrf)# route-target both 100:600
Pex2(config)# interface s0/0.114
Pex2(config-subif)# ip vrf forwarding Internet
Pex2(config-router)# no nighbor 150.x.x1.66 remote-as 650x1

2. Task 2: Thi%t l'p k%t n:i cho Remote Site CE-PE truy c'p Internet.
- C5u hnh nh"ng b#Gc sau trn cc router PE:

64
Pex1(config-vrf)# interface s0/0.115
Pex1(config-subif)# ip vrf forward Internet
Pex1(config-subif)# router bgp 65001
Pex1(config-router)# no neighbor 150.x.x1.130

Pex2(config-vrf)# interface s0/0.115
Pex2(config-subif)# ip vrf forward Internet
Pex2(config-subif)# router bgp 65001
Pex2(config-router)# no neighbor 150.x.x1.130

*****************************************
THE END

MPLSLabGuide Viet

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

MPLSLabGuide Viet

Hochgeladen von

Copyright:

Verfügbare Formate

MPLS Lab Guide

Das könnte Ihnen auch gefallen