Enterprise Practice Lab 1

HQ

Catalyst Distribution/Access

1. Configure VTP with domain enterprise

2. Access layer switches should dynamically negotiate IEEE standard trunking
3. Access layer switches should not be configured with VLANs directly
4. Any endpoints connected to access layer switches should be put into forwarding mode
5. SW21 should be the root for all odd VLANs
6. SW22 should be the root for all even VLANs
7. Both switches should be secondary roots for each other
8. SW21 should be the primary egress point for odd VLANs
9. SW22 should be the primary egress point for even VLANs
10. Both switches should be backup egress points for each other

Nexus Distribution/Catalyst Access

1. Enable N9K1 and N9K2 to support Multi-Chassis Etherchannel, gateway redundancy with
industry standard protocol and SVI support
2. Eth1/1 on both switches should be in its own RIB and be pingable over 10.1.2.0/30
a. N9K1 should have 10.1.2.1/30
b. N9K2 should have 10.1.2.2/30
3. Eth1/2-3 should be configured to exchange information between the switches
4. Configure vPC domain 12
5. Both switches should appear as a single switch to SW11
6. Both switches should be able to route between themselves
7. N9K1 should be the primary device
8. Eth1/4 on both switches needs to support multiple VLANs and form a port-channel to SW11
9. SW11 G0/0-1 should be configured as trunk links and be treated as single logical port
10. Create VLAN 20 and 21 on all switches
11. Downstream interfaces on SW11 should be configured to support endpoints and begin
forwarding immediately

Data Center – Back-to-Back vPC

1. Enable N9K5 and N9K6 to support Multi-Chassis Etherchannel

2. Enable N9K3 and N9K4 to support Multi-Chassis Etherchannel, gateway redundancy with
industry standard protocol and SVI support
3. Eth1/1 on both switches should be in its own RIB and be pingable over 10.1.2.0/30
a. N9K3/5 should have 10.1.2.1/30
b. N9K4/6 should have 10.1.2.2/30
4. Eth1/2-3 should be configured to exchange information between the switches
5. Configure vPC domain 34 on N9K3 and N9K4
6. Configure vPC domain 56 on N9K5 and N9K6
7. Both switches should appear as a single switch to SW12
 8. N9K3 and N9K4 should be able to route between themselves
9. N9K3 should be the primary device
10. Eth1/4 and Eth1/5 on both switches needs to support multiple VLANs and form a port-channel
11. SW11 G0/0-1 should be configured as trunk links and be treated as single logical port
12. Create VLAN 20 and 21 on all switches
13. Downstream interfaces on SW11 should be configured to support endpoints and begin
forwarding immediately

Nexus Distribution/Catalyst Distribution and Routed Core

1. Enable EIGRP on Nexus switches

2. Configure all IP addressed interfaces for EIGRP
3. The loopback0 interface should be the router ID

WAN/Internet Edge

1. Enable OSPF on Nexus switch

2. Configure CSR15 and N9K7 interfaces facing SW26 and SW27 for OSPF
3. Configure OSPF to WAN and Internet edge devices

Redistribution

1. Redistribute OSPF and EIGRP mutually on CSR15 and N9K7

Internet Access

1. Configure FW37 to allow internet access for RFC 1918 traffic

OSPF ISP 1

1. Form OSPF area 0 between the devices in ISP 1

BGP ISP 1

1. Form iBGP peerings from CSR28, BGP Route Reflector, to the other ISP devices
2. Redistribute BGP into OSPF for route propagation
3. Form eBGP peerings to ISP 2 and ISP 3
4. Form eBGP peerings to customer devices

OSPF ISP 2

1. Setup OSPF area 0 between the devices in ISP 2

BGP ISP 2

1. Form a full mesh set of iBGP peerings between the loopbacks

2. Redistribute BGP into OSPF for route propagation
3. Advertise all connected interfaces into BGP
4. Form eBGP peerings to all customer devices
5. Form eBGP peerings to ISP 1 and ISP 3
OSPF ISP 3

1. Form OSPF area between the devices in ISP 3

BGP ISP 3

1. Global ASN is 3
2. Confederation ASN XRv19, XRv20 will use 1920
3. Confederation ASN CSR29, CSR30 will use 2930
4. Form confederation iBGP peerings between XRv19 and XRv20 as well as CSR29 and CSR30
5. Form confederation eBGP peerings between XRv19 and CSR29 as well as XRv20 and CSR30
6. Form eBGP peerings to ISP 1 and ISP 2
7. Form eBGP peerings to all customer devices

MPLS Service Provider

1. Setup OSPF area 0 between all the devices

2. Ensure the loopback 0 interface is advertised into OSPF
3. Enable LDP on all devices
4. Configure CSR46 and XRv55 as iBGP route reflectors
5. Form iBGP peerings from the iBGP RRs to the PE devices
6. Form eBGP peerings from the PE devices to the customer devices

Spoke Devices

1. CSR32
a. Configure a default route to XRv20
b. Create loopback 1
i. 10.32.1.0/24
c. Create loopback 2
i. 10.32.2.0/24
d. create loopback 3
i. 10.32.3.0/24
2. CSR33
a. Form eBGP peerings to ISP 2 and ISP 3
b. Create loopback 1
i. 10.32.1.0/24
c. Create loopback 2
i. 10.32.2.0/24
d. create loopback 3
i. 10.32.3.0/24
3. CSR35
a. Configure a default route to CSR30
b. Form an eBGP peering to CSR40
i. Advertise the local subnet via BGP
c. Form an eBGP peering to CSR45
d. Create loopback 1
 i. 10.32.1.0/24
e. Create loopback 2
i. 10.32.2.0/24
f. create loopback 3
i. 10.32.3.0/24
4. CSR36
a. Form eBGP peerings to ISP 2 and MPLS
i. Advertise the local subnet via BGP
ii. Ensure that the MPLS network doesn’t learn the public networks
b. Create loopback 1
i. 10.32.1.0/24
c. Create loopback 2
i. 10.32.2.0/24
d. create loopback 3
i. 10.32.3.0/24

DMVPN

1. Configure CSR31 as the hub

a. Use a crypto map name PHASE1
i. Use the weakest options
b. Use a pre-shared key name enterprise
c. Use a ipsec-transform-set name PHASE2
i. Use the weakest options
d. Use a ipsec-crypto profile name PROFILE
i. Map the transform set
e. Create a mGRE tunnel and map the crypto profile
f. Form EIGRP adjacencies to the spoke sites
g. Advertise local subnets over the tunnel
2. Configure CSR32, CSR33, CSR35 and CSR36 as the spokes
a. Use a crypto map name PHASE1
i. Use the weakest options
b. Use a pre-shared key name enterprise
c. Use a ipsec-transform-set name PHASE2
i. Use the weakest options
d. Use a ipsec-crypto profile name PROFILE
i. Map the transform set
e. Create a mGRE tunnel and map the crypto profile
f. Form EIGRP adjacencies to the spoke sites
g. Advertise local subnets over the tunnel

VXLAN at HQ, Colo1 and Colo2

1. Enable features needed for VXLAN to operates

a. NV overlay
b. Interface VLAN
 c. Vn-segment-based-vlan
d. Fabric forwarding
e. BGP
f. OSPF
2. Form OSPF adjacencies between the Spine and leaf switches
3. Form iBGP route reflector peerings from spine to leaf switches
4. Use vn-segment 1000 and the VLAN ID
a. VLAN 100 – 1000100
b. VLAN 101 – 1000101
5. Use the anycast MAC of 0001.0001.0001
6. Create VRF enterprise
7. Use VLAN 33 for L3 VNI
a. Use vn-segment 10033
8. Apply the VRF to the SVIs
9. Enable EVPN
10. Apply the VRF to Eth1/2 on the leaf switches
11. Form eBGP peerings to the Core routers
12. Advertise subnets into BGP