Scribd
Upload
72 views9 pages

Lab 10

This document provides instructions for configuring static routes on core switches to connect them to internet service providers (ISPs) and provide redundancy. The tasks include: 1. Configuring VLANs and IP addresses on core switches to connect them to ISPs using /30 subnets. 2. Adding static default routes on each core switch pointing to the next hop ISP, and confirming internet access works. 3. Creating a VLAN between the core switches to establish a redundant path, and configuring floating static routes between them with a lower administrative distance. 4. Inducing a routing loop by shutting down core switch interfaces to demonstrate traffic floating between switches when primary paths fail.

Uploaded by

malek
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
72 views9 pages

Lab 10

This document provides instructions for configuring static routes on core switches to connect them to internet service providers (ISPs) and provide redundancy. The tasks include: 1. Configuring VLANs and IP addresses on core switches to connect them to ISPs using /30 subnets. 2. Adding static default routes on each core switch pointing to the next hop ISP, and confirming internet access works. 3. Creating a VLAN between the core switches to establish a redundant path, and configuring floating static routes between them with a lower administrative distance. 4. Inducing a routing loop by shutting down core switch interfaces to demonstrate traffic floating between switches when primary paths fail.

Uploaded by

malek
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 9

===================================================================================

===========================
Lab 10: Static Routes
===================================================================================
===========================
Objectives
After completing this lab, you will be able to:
• Configure Core switches to Perimeter Firewall links using a /30 prefix
• Calculate and deploy Variable Length Subnet Mask (VLSM) prefixes
• Configure static routes
• Add a default route into the routing table for providing internet access
• Manipulate administrative distances in order to configure floating routes
• Validate proper load sharing and failover

=======================================================
Task 1: Add Links to ISPs
=======================================================

Objectives
In this task, you will prepare the network for future changes such as the addition
of internet connections by assigning the /30 segments you calculated on Lab 9.1
Task 3b to VLANs 791 and 792 on Core-1 and Core-2 respectively.
Steps

===================
Core-1 (via PC-1)
===================

1. Open the SSH session to Core-1. Login using cxfX/aruba123.

2. Create VLAN 791 and add the name TX-ISP-1.

Core-1# configure terminal


Core-1(config)# vlan 791
Core-1(config-vlan-1191)# name TX-ISP-1
Core-1(config-vlan-1191)# exit

3. Create interface VLAN 791 and map it to VRF TABLE-7.

Core-1(config)# interface vlan 791


Core-1(config-if-vlan)# vrf attach TABLE-7

4. Assign IP address 192.168.7.1/30.

Core-1(config-if-vlan)# ip address 192.168.7.1/30


Core-1(config-if-vlan)# exit

5. Move to port 1/1/46 and allow VLAN 791.

Core-1(config)# interface 1/1/46


Core-1(config-if)# vlan trunk allowed 791
Core-1(config-if)# exit

6. Confirm you can ping ISP1 (192.168.7.2).

Core-1(config)#do ping 192.168.7.2 vrf TABLE-7

===================
Core-2 (via PC-1)
===================
7. Open the SSH session to Core-2

8. Repeat steps 2 to 6 using VLAN 792, TX_ISP-2 as description and


192.168.X+100.2/30 as the IP address.

Core-2# configure terminal


Core-2(config)# vlan 792
Core-2(config-vlan-1192)# name TX_ISP-2
Core-2(config-vlan-1192)# exit
Core-2(config)# interface vlan 792
Core-2(config-if-vlan)# vrf attach TABLE-7
Core-2(config-if-vlan)#
Core-2(config-if-vlan)# ip address 192.168.X+100.2/30
Core-2(config-if-vlan)# exit
Core-2(config)# interface 1/1/46
Core-2(config-if)# vlan trunk allowed 792
Core-2(config-if)# exit
Core-2(config)# do ping 192.168.X+100.1 vrf TABLE-7

=======================================================
Task 2: Adding Static Routes
=======================================================

Core-1 (via PC-1)


1. Open the SSH session to Core-1.
2. Create a static default route (also known as 0’s prefix) pointing to ISP-1
(192.168.7.2) on TABLE-7.
Core-1# configure terminal
Core-1(config)# ip route 0.0.0.0/0 192.168.7.2 vrf TABLE-7

3. Use “show ip route static vrf” and validate the route is listed.
Core-1(config)# show ip route static vrf TABLE-7

4. Ping the 8.8.8.8 IP address. Ping should be successful.

Core-1(config)# do ping 8.8.8.8 datagram-size 32 vrf TABLE-7

PC-3
5. Access PC-3 and open a command prompt.
6. Ping the 8.8.8.8 IP address. ->not OK!

7. Attempt a traceroute to the same address.

===================
ISP1 (via PC-1)
===================
8. Using Putty, open an SSH session to ISP1.
9. Login using username: cxfX/aruba123.

10. Configure the missing static route: 10.7.0.0/16 via 192.168.7.1 on ISP1 VRF.

ISP1-ServerSwitch# configure terminal


ISP1-ServerSwitch(config)# ip route 10.7.0.0/16 192.168.7.1 vrf CXF_ISP1
ISP1-ServerSwitch(config)# end

11. Use the “show ip route” command for validating there is an entry in the routing
able for properly forwarding traffic to 10.7.11.0/24 and 10.7.12.0/24.

ISP1-ServerSwitch# show ip route 10.7.11.0 vrf CXF_ISP1

===================
PC-3
===================
13. Move back to PC-3.
14. Ping the 8.8.8.8 IP address, then run a traceroute.

===================
PC-1
===================

15. Open the SSH session to Core-2.

===================
Core-2 (via PC-1)
===================

16. Repeat steps 2 to 4 using 192.168.X+100.1 as your next hop.


Core-2# configure terminal
Core-2(config)# ip route 0.0.0.0/0 192.168.X+100.1 vrf TABLE-7
Core-2(config)#
Core-2(config)# show ip route static vrf TABLE-7

===================
PC-4
===================

17. Access PC-4 and open a command prompt.

18. Ping the 8.8.8.8 IP address. Ping should be successful

19. Run a traceroute to 8.8.8.8.

=======================================================
Task 3: Redundancy with Floating Routes
=======================================================

===================
Core-1 (via PC-1)
===================

1. Open a SSH session to Core-1.

2. Create VLAN 70 and name it CORE-1&2_TABLE-7.


NOTE: Replace the highlighted “X” for your student table number.

Core-1# configure terminal


Core-1(config)# vlan 70
Core-1(config-vlan-110)# name CORE-1&2_TABLE-7
Core-1(config-vlan-110)# exit

3. Allow VLAN 70 to LAG 10.

Core-1(config)# interface lag 10


Core-1(config-lag-if)# vlan trunk allow 70
Core-1(config-lag-if)# exit

4. Create interface VLAN 70 and map it to VRF TABLE-7, then assign it the
10.7.0.1/30 IP address.
Core-1(config)# interface vlan 70
Core-1(config-if-vlan)# vrf attach TABLE-7
Core-1(config-if-vlan)# ip address 10.7.0.1/30
Core-1(config-if-vlan)# exit

5. Create a static default route in VRF TABLE-7 pointing to 10.7.0.2 and assign it
a distance 10 (future Core-2 address in VLAN 70).
Core-1(config)# ip route 0.0.0.0/0 10.7.0.2 distance 10 vrf TABLE-7
Core-1(config)#
6. Show the static routes of VRF TABLE-7.
Core-1(config)# show ip route static vrf TABLE-7

===================
Core-2 (via PC-1)
===================

7. Open a SSH session to Core-2.

8. Repeat steps 2 to 6 assigning 10.7.0.2/30 to Core-2 and use 10.7.0.1 as the


route’s next hop.
Core-2# configure terminal
Core-2(config)# VLAN 70
Core-2(config-vlan-110)# name CORE-1&2_TABLE-7
Core-2(config-vlan-110)# exit
Core-2(config)# interface lag 10
Core-2(config-lag-if)# vlan trunk allow 70
Core-2(config-lag-if)# exit
Core-2(config)# interface vlan 70
Core-2(config-if-vlan)# vrf attach TABLE-7
Core-2(config-if-vlan)# ip address 10.7.0.2/30
Core-2(config-if-vlan)# exit

Core-2(config)# ip route 0.0.0.0/0 10.7.0.1 distance 10 vrf TABLE-7


Core-2(config)#
Core-2(config)# show ip route static vrf TABLE-7

===================
PC-3 and PC-4
===================

9. Access both PCs.

10. Run a continuous ping towards 8.8.8.8. Pings should be successful.

===================
Core-1 (via PC-1)
===================

11. Move back to Core-1.

12. Disable interface VLAN 791.

Core-1(config)# interface vlan 791


Core-1(config-if-vlan)# shutdown
Core-1(config-if-vlan)#
13. Display the VRF TABLE-7 routing table.

Core-1(config-if-vlan)# show ip route static vrf TABLE-7

14. Move to PC-3.


===================
PC-3
===================

15. Run a traceroute towards 8.8.8.8.

===================
PC-4
===================
16. Move to PC-4 then repeat step 15 (ping 8.8.8.8).

===================
Core-1 (via PC-1)
===================

17. Move back to Core-1.

18. Enable interface VLAN 791.

Core-1(config-if-vlan)# no shutdown
Core-1(config-if-vlan)# end

=======================================================
Task 4: Layer 3 Loop (optional).
=======================================================

Steps
Core-1 (via PC-1)
Aruba Training-Confidential
AOS-CX Switching Fundamentals
Rev. 20.21 352 Confidential – For Training Purposes Only
1. Open the SSH session to Core-1.
2. Disable interface VLAN 791.
Core-1# configure terminal
Core-1(config)# interface vlan 791
Core-1(config-if-vlan)# shutdown
Core-1(config-if-vlan)#
3. Display Core-1’s routing table.
Core-1(config-if-vlan)# show ip route static vrf TABLE-7
Displaying ipv4 routes selected for forwarding
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf TABLE-11
via 10.11.0.2, [10/0], static
Core-1(config-if-vlan)#
Who is the next-hop for the 0s route?

ANSWER: Core-2.
Core-2 (via PC-1)
4. Open the SSH session to Core-2.
5. Disable interface VLAN 792.
Core-2# configure terminal
Core-2(config)# interface vlan 792
Core-2(config-if-vlan)# shutdown
Core-2(config-if-vlan)#
6. Display Core-2’s routing table.
Aruba Training-Confidential
AOS-CX Switching Fundamentals
Rev. 20.21 353 Confidential – For Training Purposes Only
Core-2(config-if-vlan)# show ip route static vrf TABLE-7
Displaying ipv4 routes selected for forwarding
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf TABLE-11
via 10.11.0.1, [10/0], static
Core-2(config-if-vlan)#
Who is the next-hop for the 0s route?

ANSWER: Core-1.
PC-3
7. Open a console session to PC-3.
8. Run a ping to 8.8.8.8.
Figure 10-15: Ping unsuccessful
Aruba T

9. Run a traceroute to 8.8.8.8.

What are the next-hops shown in the output?

_______________________________________________________________________________
ANSWER: The output is showing Core-1 and Core-2 as the next-hops. The IP
addresses in the output are the ones configured on VLAN X11. The reason for
this is that at the time the packets die, the layer 3 switches return a time
exceeded ICMP echo message back to PC-3. PC-3 is aware of both switches
through interface VLAN X11.
_______________________________________________________________________________
Why does the output show traffic bouncing between the two Layer 3 devices?
_______________________________________________________________________________

ANSWER: Tracert works by increasing the TTL in a series of pings. When TTL
= 1 the first hop is Core-1 (PC-3’s gateway). When TTL = 2 the packet is sent to
Core-1 who in turn gives it to its next-hop (Core-2). Next when TTL = 3, PC-3
gives the packet to Core-1 who in turn gives it to Core-2 as expected, however
since Core-2 uses Core-1 as a its next-hop (since it lost its Internet connection
as well) the packet comes back to Core-2. As seen in the output, traffic keeps
bouncing between the two switches. This is a clear symptom of a Layer 3 loop,
see figure 10-17.
Microsoft Windows will keep sending packets increasing the TTL one at the time,
until it tries with TTL = 30, which is the last attempt it does. Other Operating
Systems may use different thresholds
_______________________________________________________________________________

10. Repeat the traceroute to 8.8.8.8.


Core-1 (via PC-1)
11. Move to Core-1.
12. Enable VLAN 791 and
Core-1(config-if-vlan)# no shutdown
Core-1(config-if-vlan)# end
PC-3
13. Move back to PC-3. You will see traffic forwarded properly after bouncing
between Core-1 and Core-2.

Core-2 (via PC-1)


1. Move to Core-2.
2. Enable VLAN 792 and
Core-2(config-if-vlan)# no shutdown
Core-2(config-if-vlan)# end

=======================================================
Task 5: Save Your Configurations
=======================================================

Objectives
You will now proceed to save your configuration.
Core-1 and Core-2 (via PC-1)

1. Save the current Cores’ configuration in the startup checkpoint.


Core-1# write memory
Configuration changes will take time to process, please be patient.

Core-2# write memory


Configuration changes will take time to process, please be patient.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
You have completed Lab 10!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

You might also like