IEWB-SP-V2 Lab5＠２周目

Strart, one of the SP candidates who passed SP lab by re-read.

you can't try the same unless you have strong confidence.

anyway congratz !!!

more detail is here.



Lab5
1.1 VLAN Assignments --- 1
1.2 Frame Relay PVCs --- 1
1.3 ATM PVCs --- 1
2.1 OSPF --- 1
2.2 OSPF ---1
2.3 EIGRP --- 1
2.4 RIP --- 1
3.1 BGP Peerings --- 1
3.2 MBGP Peerings --- 1
3.3 BGP Summarization --- 1
3.4 BGP IGP Redistribution --- 1
3.5 BGP Bestpath Selection --- 1
4.1 Label Distribution --- 1
4.2 Traffic Enginnering --- 2
4.3 Traffic Enginnering --- 2
4.4 Traffic Engineering --- 2
5.1 Carrier Supporting Carrier MPLS VPN --- 2
5.2 Carrier Supporting Carrier Label Exchange --- 2
5.3 PE-CE Routing --- 2
5.4 VPN Label Distribution --- 2
5.5 CSC Internet Access --- 2
5.6 CSC Internet Access --- 2
5.7 CSC Internet Access --- 3
6.1 Intra-AS Multicast --- 2
6.2 Intra-AS Multicast --- 2
6.3 MPLS VPN Multicast Support --- 3
6.4 Multicast Testing --- 2
7.1 Network Admission Control --- 1
7.2 Network Admission Control --- 1
7.3 Network Admission Control --- 1
7.4 Network Admission Control --- 1
7.5 Data Plane Transit Guarantees --- 2
8.1 Attack Mitigation --- 1
9.1 Telnet Security --- 1
10.1 MPLS Redundancy --- 1


【IEWB-SP-V2の進捗　15/50】
Lab01　★★☆☆☆　　　　　Lab02　★★☆☆☆
Lab03　★★☆☆☆　　　　　Lab04　★★☆☆☆
Lab05　★★☆☆☆　　　　　Lab06　★☆☆☆☆
Lab07　★☆☆☆☆　　　　　Lab08　★☆☆☆☆
Lab09　★☆☆☆☆　　　　　Lab10　★☆☆☆☆

IEWB-SP-V2 Lab4＠２周目

nothing new.

just do same work as lab3.

yes, of cause there r some tricky tips.

but, to understand those isn't beyond my capacity.

Lab4
1.1 VLAN Assignments --- 1
1.2 Trunking --- 1
1.3 Frame Relay PVCs --- 1
1.4 ATM PVCs --- 1
2.1 IS-IS --- 1
2.2 IS-IS --- 1
2.3 IS-IS ---1
2.4 IS-IS ---1
2.5 OSPF ---1
3.1 BGP Peerings --- 1
3.2 VPNv4 Peerings --- 1
4.1 Label Distribution --- 1
4.2 Label Distribution --- 1
4.3 Inter-AS Label Distribution --- 2
4.4 MPLS Traffic Engineering --- 2
4.5 MPLS Traffic Engineering --- 2
5.1 VRF-Lite --- 2
5.2 VRF-Lite Routing --- 2
5.3 MPLS VPNs --- 2
5.4 PE-CE Routing --- 2
5.5 PE-CE Routing --- 2
5.6 VPN Internet Access --- 2
5.7 VPN Internet Access --- 3
6.1 Intra-AS Multicast --- 2
6.2 Intra-AS Multicast --- 2
6.3 Inter-AS Multicast --- 2
6.4 Inter-AS Multicast --- 2
6.5 VPN Multicast --- 2
7.1 Traffic Shaping --- 1
7.2 Congestion Management --- 2
8.1 Bogon Filtering --- 1
8.2 DoS Prevention --- 1
9.1 Login Banners --- 1
9.2 Local Authentication --- 1
9.3 Local Authorization --- 1
10.1 Services --- 1


【IEWB-SP-V2の進捗　14/50】
Lab01　★★☆☆☆　　　　　Lab02　★★☆☆☆
Lab03　★★☆☆☆　　　　　Lab04　★★☆☆☆
Lab05　★☆☆☆☆　　　　　Lab06　★☆☆☆☆
Lab07　★☆☆☆☆　　　　　Lab08　★☆☆☆☆
Lab09　★☆☆☆☆　　　　　Lab10　★☆☆☆☆

IEWB-SP-V2 Lab3＠２周目

Lab1に引き続きLab2とLab3の色分け作業。

Lab2
1.1 VLAN Assignments --- 1
1.2 Frame Relay PVCs --- 1
1.3 Frame Relay PVCs --- 1
1.4 Network Redundancy --- 1
1.5 ATM PVCs --- 1
1.6 PPP over Ethernet --- 2
2.1 IS-IS --- 1
2.2 IS-IS --- 1
2.3 OSPF --- 1
2.4 OSPF --- 1
3.1 BGP Peerings
3.2 NLRI Advertisements --- 1
3.3 CIDR --- 1
3.4 VPNv4 Exchange --- 1
3.5 Congestion Management --- 1
4.1 Label Distribution --- 1
4.2 Label Filtering --- 2
4.3 Label Security --- 1
5.1 VRF --- 2
5.2 PE-CE Routing --- 2
5.3 VRF Internet Access --- 3
5.4 Management VPNs --- 2
6.1 PIM --- 2
6.2 Multicast Testing --- 2
6.3 Multicast Filtering --- 2
7.1 Traffic Limiting --- 2
7.2 Marking --- 2
7.3 Congestion Management --- 2
7.4 Congestion Avoidance --- 2
8.1 VRF Security --- 1
8.2 VRF Security --- 1
9.1 Syslog --- 1
9.2 NTP --- 1
9.3 SNMP --- 1
10.1 MPLS Prioritization --- 1
10.2 NetFlow --- 1


Lab3
1.1 VLAN Assignments --- 1
1.2 Trunking --- 1
1.3 Frame Relay PVCs --- 1
1.4 Frame Relay PVCs --- 1
1.5 Cell Mode MPLS --- 1
2.1 OSPF --- 1
2.2 OSPF Security --- 1
2.3 IS-IS --- 1
2.4 IS-IS Security --- 1
3.1 BGP Peerings --- 1
3.2 BGP Peerings --- 1
3.3 BGP Security --- 1
4.1 MPLS Label Distribution --- 1
4.2 MPLS Label Distribution --- 1
5.1 MPLS VPNs --- 2
5.2 PE-CE Routing --- 2
5.3 MPLS VPNs --- 2
5.4 Back-to-Back VRF --- 2
5.5 Central Services VPN --- 3
6.1 PIM --- 2
6.2 RP Assignment --- 2
6.3 PIM --- 2
6.4 Intra-AS Multicast VPN Support --- 2
6.5 Intra-AS Multicast VPN Support --- 2
6.6 Inter-AS Multicast --- 2
6.7Multicast Testing --- 2
7.1 Policing --- 1
7.2 Marking --- 2
7.3 Congestion Management --- 2
8.1 Route Tagging --- 3
8.2 RPF Verification --- 2
8.3 Filtering Testing --- 2
9.1 Remote Troubleshooting --- 1
9.2 Login Authentication --- 1
10.1 Inter-AS Filtering --- 2


【IEWB-SP-V2の進捗　13/50】
Lab01　★★☆☆☆　　　　　Lab02　★★☆☆☆
Lab03　★★☆☆☆　　　　　Lab04　★☆☆☆☆
Lab05　★☆☆☆☆　　　　　Lab06　★☆☆☆☆
Lab07　★☆☆☆☆　　　　　Lab08　★☆☆☆☆
Lab09　★☆☆☆☆　　　　　Lab10　★☆☆☆☆

２周目からはDynamipsの設定なども

時間節約のためＲＳの範囲はできるだけプレコンフィグ化してしまえ。

セキュリティセクションも設定しないことにする。

各設問に点数付けして各設問を色分けして対応する。

1 --- プレコンフィグあるいはやらない／もうやりたくない設問
2 --- とりあえず設定しないといけない設問
3 --- ＣＣＤやらシスコプレスやら総動員するような難しい設問

Lab1
1.1 VLAN Assignments --- 1
1.2 Ethernet Security --- 1
1.3 Frame Relay PVCs --- 1
1.4 Frame Relay PVCs --- 1
1.5 Frame Relay PVCs --- 1
1.6 Cell Mode MPLS --- 1
1.2 OSPF --- 1
2.2 OSPF --- 1
2.3 IGP Security --- 1
3.1 BGP Peering --- 1
3.2 BGP Peering --- 1
3.3 BGP Communities --- 1
3.4 BGP Bestpath Selection --- 1
4.1 Frame Mode Label Distribution --- 1
4.2 Cell Mode Label Distribution --- 1
4.3 MPLS Security --- 2
4.4 MPLS Traffic Engineering --- 2
5.1 VRF Configuration --- 2
5.2 PE-CE Routing --- 2
5.3 VPNv4 Exchange --- 2
5.4 Internet Access from MPLS VPNs --- 2
5.5 VRF Aware NAT --- 2
5.6 VRF Configuration --- 2
5.7 VRF Configuration --- 2
6.1 PIM --- 1
6.2 Multicast over MPLS VPNs --- 2
6.3 Multicast Testing --- 1
7.1 VPN QoS --- 2
7.2 Congestion Management --- 3
7.3 Prioritization --- 2
8.1 DoS Prevention --- 1
8.2 Spoof Prevention --- 1
9.1 Logging --- 2
9.2 NTP --- 1
10.1 Service Provider Transparency --- 2


【IEWB-SP-V2の進捗　11/50】
Lab01　★★☆☆☆　　　　　Lab02　★☆☆☆☆
Lab03　★☆☆☆☆　　　　　Lab04　★☆☆☆☆
Lab05　★☆☆☆☆　　　　　Lab06　★☆☆☆☆
Lab07　★☆☆☆☆　　　　　Lab08　★☆☆☆☆
Lab09　★☆☆☆☆　　　　　Lab10　★☆☆☆☆

Cell mode MPLSでのATM-SWの設定方法

IEWB-SP-V2を１周してみたが、どうやらCell mode MPLSの設定答えはあるが、肝心なATM-SWの設定がない。本番ではLS1010を操作する必要がないから答え部分以外は省いた感じですね。
でもこの設定が欠けているとフルラボでの検証はできないので、仕方ないので自分で作る必要がある。

細かいこと抜きにして次のようなトポロジで考える






設定に入る前にCell mode mpls over ATMに関してCisco Press様から次のようなことを言われているので、設定に当たっての基礎知識として知っておくとよい。

- In MPLS over ATM networks, routers are connected to ATM-based provider networks consisting of ATM switches that forward data base on virtual circuits (VCs) provisioned on the ATM switches.

- Cell mode MPLS uses the virtual path identifier/virtual channel identifier (VPI/VCI) fields in the ATM header as the label value.

- Aggregation of the number of virtual channels into a single pipe (virtual path) between sites that need a large number of VCs.

- ATM cell switching is done based on a table containing (port, VPI, VCI) tuplets for the input and output side of the VC.To see this table using "show atm vc" command.

OK, so let's start configuration.

■Configuration for PE routers(EX:PE1)
interface ATM1/0
 no ip address
 no atm ilmi-keepalive
!
interface ATM1/0.1 tag-switching
 ip address 1.1.1.1 255.255.255.0
 tag-switching ip
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0

■Configuration for ATM-SW
interface ATM1/0
 no ip address
 no atm ilmi-keepalive
!
interface ATM1/0.1 tag-switching
 ip address 1.1.1.2 255.255.255.0
 tag-switching ip
!
interface ATM2/0
 no ip address
 no atm ilmi-keepalive
!
interface ATM2/0.1 tag-switching
 ip address 2.2.2.2 255.255.255.0
 tag-switching ip
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.2 0.0.0.0 area 0
 network 2.2.2.2 0.0.0.0 area 0

■Verifications
PE1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     1/33        2.2.2.0/24        0          AT1/0.1    point2point

ATM-SW#show mpls atm-ldp bindings
 Destination: 2.2.2.0/24
    Tailend Router ATM1/0.1 1/33 Active, VCD=2, CoS=available
 Destination: 1.1.1.0/24
    Tailend Router ATM2/0.1 1/33 Active, VCD=2, CoS=available

ATM-SW#show mpls ldp neighbor
    Peer LDP Ident: 1.1.1.1:1; Local LDP Ident 1.1.1.2:1
        TCP connection: 1.1.1.1.646 - 1.1.1.2.20188
        State: Oper; Msgs sent/rcvd: 46/46; Downstream on demand
        Up time: 00:38:15
        LDP discovery sources:
          ATM1/0.1, Src IP addr: 1.1.1.1
    Peer LDP Ident: 2.2.2.1:1; Local LDP Ident 1.1.1.2:2
        TCP connection: 2.2.2.1.646 - 2.2.2.2.14837
        State: Oper; Msgs sent/rcvd: 46/47; Downstream on demand
        Up time: 00:37:59
        LDP discovery sources:
          ATM2/0.1, Src IP addr: 2.2.2.1

ATM-SW#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.1           0   FULL/  -        00:00:36    2.2.2.1         ATM2/0.1
1.1.1.1           0   FULL/  -        00:00:32    1.1.1.1         ATM1/0.1

PE1#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/41/60 ms


Now you can answer any questions about Cell-Mode MPLS perfectly !



【IEWB-SP-V2の進捗　10/50】
Lab01　★☆☆☆☆　　　　　Lab02　★☆☆☆☆
Lab03　★☆☆☆☆　　　　　Lab04　★☆☆☆☆
Lab05　★☆☆☆☆　　　　　Lab06　★☆☆☆☆
Lab07　★☆☆☆☆　　　　　Lab08　★☆☆☆☆
Lab09　★☆☆☆☆　　　　　Lab10　★☆☆☆☆