*************************** Section 7 *************************** ==================== Lab 1 ==================== ++++++++++++++++++++ Fusion Router ++++++++++++++++++++ ----------------- Task 1 ----------------- Interface Gig 1/0/10 switchport trunk encapsulation dot1q switchport mode trunk no shut ! vlan 199 ! Interface vlan 199 ip address 192.168.100.1 255.255.255.0 no shut ++++++++++++++++++++ Border Switch ++++++++++++++++++++ ----------------- Task 1 ----------------- Interface Gig 1/0/1 switchport mode trunk no shut ! ip routing ! vlan 199 ! interface vlan 199 ip address 192.168.100.2 255.255.255.0 no shut ! ip route 0.0.0.0 0.0.0.0 192.168.100.1 ----------------- Task 2 ----------------- username kbits privilege 15 password Cisco@123 ! line vty 0 4 login local ! snmp-server community RO ro public snmp-server community RW rw private ==================== Lab 2 ==================== -------- Task 1 -------- Design -> Add Site -> Add Area Create a Site based on the following: Area name: Los Angeles Parent: Global Design -> Add Site -> Add Building Create a Building based on the following: Building name: HQ Parent: Los Angeles Address: 2640 Main Street, Irvine, California 92614, US -------- Task 2 -------- Design -> Network Settings -> Network -> Add Servers Add ISE & NTP Server Design -> Network Settings -> Network (At the Global Level) Add the following: ISE Type: Client/Endpoint Protocol: RADIUS The ISE Server that has been integrated DHCP IP Address: 10.10.101.230 DNS IP Address: 10.10.101.230 Domain Name: kbits.live NTP Server IP Address: 10.10.101.230 -------- Task 3 -------- Design -> Network Settings -> Network -> Device Credentials (At the Global Level) Configure the following Device Credentials under Global: CLI Credentials Name: FabricAdmin Username: kbits Password: Cisco@123 SNMPv2C – Read-Only Type: SNMP v2C Community Type: Read-only Name: RO Community: public SNMPv2C – Read-Write Type: SNMP v2C Community Type: Read-Write Name: RW Community: private -------- Task 4 -------- Design -> Network Settings -> Network -> IP Address Pools (At the Global Level) Configure the following IP Address Pools under Global: Name: LA-OVERLAY-POOL Type: Generic IP Address Space: (IPv4) Subnet: 172.16.0.0 Prefix-Length: 16 Name: LA-UNDERLAY-POOL Type: Generic IP Address Space: (IPv4) Subnet: 172.20.0.0 Prefix-Length: 16 ==================== Lab 3 ==================== -------- Task 1 -------- Tools -> Discovery -> Add Discovery Discover the Border Device using the following: Discovery Type: IP Address Range: 192.168.100.2 - 192.168.100.2 CLI Credentials: FabricAdmin SNMP v2C Read: RO SNMP v2C Read-Write: RW -> Once the discovery is done, assign the device to the Los Angeles/HQ Building Provision -> Devices -> Global -> Unassigned Devices -> Click the 9300CB device and assign it to Los Angeles/HQ -------- Task 2 -------- -> Configure a pool for HQ LAN Automation for the HQ Building using the following: Design -> Global -> Los Angeles -> HQ -> Network Settings -> IP Address Pools -> Reserve Name: LA-LAN-AUTOMATION-POOL Subnet: 172.20.0.0 Prefix-Length: 24 -> The HQ LAN Automation should be able to use the CLI Credentials & SNMP Community parameters created in the previous labs. Design -> Global -> Los Angeles -> HQ -> Network Settings -> Device Credentials Use the following: CLI Credentials: FabricAdmin SNMP v2c Read-only: RO SNMP v2c Read-Write: RW -> Use Static Routing to provide the Fusion Router with reachability to the LAN Automation Pool +++++++++++++++++++++++ Fusion Router +++++++++++++++++++++++ ip route 172.20.0.0 255.255.0.0 192.168.100.2 -------- Task 3 -------- Note: Make sure the 9300E1 & 9300E2 devices are at the initial configuration dialog screen: -> Configure LAN Automation to discover the 9300E1 & 9300E2 Switches using the following paramters: Provision -> Devices -> Global -> Los Angeles -> HQ -> Actions -> Provision -> LAN Automation Primary Site: Global/Los Angeles/HQ Primary Device: 9300CB Selected Ports of Primary Device: Gig1/0/2 & Gig1/0/3 Discoverd Device Site: Global/Los Angeles/HQ IP Pool: LA-LAN-AUTOMATION-POOL IS-IS Domain Password: Cisco@123 Multicast Routing: Enabled -> Once the devices are in "Completed State", Stop LAN Automation -------- Task 4 -------- -> Provision all the switches in the HQ Building: Provision -> Devices -> Global -> Los Angeles -> HQ -> Actions -> Provision -> Provision Devices ==================== Lab 4 ==================== -------- Task 1 -------- -> Configure a pool for End Users for the HQ Building using the following: Design -> Global -> Los Angeles -> HQ -> Network Settings -> IP Address Pools -> Reserve Name: IT-DATA-1 Subnet: 172.16.1.0 Prefix-Length: 24 Default Gateway: 172.16.1.254 DHCP Server: 10.10.101.230 Name: IT-DATA-2 Subnet: 172.16.2.0 Prefix-Length: 24 Default Gateway: 172.16.2.254 DHCP Server: 10.10.101.230 Name: SALES-DATA-1 Subnet: 172.16.3.0 Prefix-Length: 24 Default Gateway: 172.16.3.254 DHCP Server: 10.10.101.230 Name: SALES-DATA-2 Subnet: 172.16.4.0 Prefix-Length: 24 Default Gateway: 172.16.4.254 DHCP Server: 10.10.101.230 -> Configure a pool for L3 Handoff based on the following: Design -> Global -> Los Angeles -> HQ -> Network Settings -> IP Address Pools -> Reserve Name: L3-HANDOFF Subnet: 172.20.1.0 Prefix-Length: 24 -------- Task 2 -------- -> Configure Virtual Networks using the following: Policy -> Virtual Network -> Click "+" Name: SALES_VN Name: IT_VN -------- Task 3 -------- -> Configure the L3 Handoff Network for the HQ Fabric: Fabric -> Add Fabric or Transit/Peer Network -> Transit/Peer Network Name: L3HANDOFF Transit Type: IP-Based Protocol: BGP Type: AS-Plain AS #: 65001 -------- Task 4 -------- -> Create the HQ Fabric based on the following: Fabric -> Add Fabric or Transit/Peer Network -> Add Fabric Name: HQ_FABRIC VNs: INFRA, SALES_VN & IT_VN -------- Task 5 -------- -> Configure Host Onboarding based on the following: Fabric -> HQ_FABRIC -> HQ -> Host Onboarding Authentication Template Closed Authentication (Set it as the Default) Virtual Network – IT_VN IP Address Pool: IT-DATA-1 Authentication Policy: IT-DATA-1 Type: Data IP Address Pool: IT-DATA-2 Authentication Policy: IT-DATA-2 Type: Data Virtual Network – SALES_VN IP Address Pool: SALES-DATA-1 Authentication Policy: SALES-DATA-1 Type: Data IP Address Pool: SALES-DATA-2 Authentication Policy: SALES-DATA-2 Type: Data -------- Task 6 -------- -> Configure the Border/Control Node based on the following: Fabric -> HQ_FABRIC -> HQ -> Fabric Infrastructure -> 9300CB Device Role -> Control -> Border Border L3 Handoff Configuration Parameters: BGP AS Type: AS Plain Local AS: 65002 Configure the device to inject all external routes & default to all VNs L3 Handoff Pool: L3-HANDOFF External Interface: Gig 1/0/1 VNs: INFRA, SALES_VN & IT_VN -------- Task 7 -------- -> Configure the Edges Nodes based on the following: Fabric -> HQ_FABRIC -> HQ -> Fabric Infrastructure -> 9300E1 / 9300E2 Device Role -> Edge Node ==================== Lab 5 ==================== +++++++++++++++++++++ Fusion Router +++++++++++++++++++++ -------- Task 1 -------- router ospf 1 network 10.0.0.0 0.255.255.255 area 0 -------- Task 2 -------- vrf definition IT_VN rd 1:4100 address-family ipv4 import ipv4 unicast map GLOBAL route-target export 1:4100 route-target import 1:4100 ! vrf definition SALES_VN rd 1:4099 address-family ipv4 import ipv4 unicast map GLOBAL route-target export 1:4099 route-target import 1:4099 ! vlan 3001-3003 -------- Task 3 -------- interface Vlan3001 ip address 172.20.1.2 255.255.255.252 no shut ! interface Vlan3002 vrf forwarding IT_VN ip address 172.20.1.6 255.255.255.252 no shut ! interface Vlan3003 vrf forwarding SALES_VN ip address 172.20.1.10 255.255.255.252 no shut -------- Task 4 -------- router bgp 65001 neighbor 172.20.1.1 remote-as 65002 neighbor 172.20.1.1 update-source Vlan3001 ! address-family ipv4 network 10.10.101.0 mask 255.255.255.0 neighbor 172.20.1.1 activate neighbor 172.20.1.1 default-originate ! address-family ipv4 vrf IT_VN network 10.10.101.0 mask 255.255.255.0 neighbor 172.20.1.5 remote-as 65002 neighbor 172.20.1.5 update-source Vlan3002 neighbor 172.20.1.5 activate neighbor 172.20.1.5 default-originate ! address-family ipv4 vrf SALES_VN network 10.10.101.0 mask 255.255.255.0 neighbor 172.20.1.9 remote-as 65002 neighbor 172.20.1.9 update-source Vlan3003 neighbor 172.20.1.9 activate neighbor 172.20.1.9 default-originate -------- Task 5 -------- ip prefix-list PLIST1 seq 5 permit 172.16.0.0/16 le 32 ip prefix-list PLIST1 seq 10 permit 192.168.100.0/24 ip prefix-list PLIST1 seq 15 permit 192.168.101.0/24 ip prefix-list PLIST1 seq 20 permit 192.168.102.0/24 ip prefix-list PLIST1 seq 25 permit 192.168.103.0/24 ip prefix-list PLIST1 seq 30 permit 192.168.111.0/24 ip prefix-list PLIST1 seq 35 permit 192.168.112.0/24 ip prefix-list PLIST1 seq 40 permit 10.10.101.0/24 ! route-map GLOBAL permit 10 match ip address prefix-list PLIST1 ! vrf definition IT_VN address-family ipv4 import ipv4 unicast map GLOBAL ! vrf definition SALES_VN address-family ipv4 import ipv4 unicast map GLOBAL ! router bgp 65001 address-family ipv4 redistribute ospf 1 match internal external 1 external 2 -------- Task 6 -------- ip route 172.16.1.0 255.255.255.0 Vlan3002 ip route 172.16.2.0 255.255.255.0 Vlan3002 ip route 172.16.3.0 255.255.255.0 Vlan3003 ip route 172.16.4.0 255.255.255.0 Vlan3003 ! router ospf 1 redistribute static subnets -------- Task 7 -------- ip dhcp excluded-address 172.16.1.1 172.16.1.100 ip dhcp excluded-address 172.16.1.251 172.16.1.254 ip dhcp excluded-address 172.16.2.1 172.16.2.100 ip dhcp excluded-address 172.16.2.251 172.16.2.254 ip dhcp excluded-address 172.16.3.1 172.16.3.100 ip dhcp excluded-address 172.16.3.251 172.16.3.254 ip dhcp excluded-address 172.16.4.1 172.16.4.100 ip dhcp excluded-address 172.16.4.251 172.16.4.254 ! ip dhcp pool IT-DATA-1 network 172.16.1.0 255.255.255.0 default-router 172.16.1.254 ip dhcp pool IT-DATA-2 network 172.16.2.0 255.255.255.0 default-router 172.16.2.254 ip dhcp pool SALES-DATA-1 network 172.16.3.0 255.255.255.0 default-router 172.16.3.254 ip dhcp pool SALES-DATA-2 network 172.16.4.0 255.255.255.0 default-router 172.16.4.254 -------- Task 8 -------- +++++++++++++++++ vManage +++++++++++++++++ -> Configure a Feature Template for OMP to redistribute OSPF External routes into OMP Configuration -> Templates -> Feature Templates -> Add Template Name: VE-OMP-TEMP Description: VE-OMP-TEMP Advertise - IPv4 OSPF External : On Advertise - IPv6 Turn all the Services off -> Configure a Device Template to use the OMP Template created in the previous Task: Configuration -> Templates -> Device Templates -> VE-DEV-TEMP -> Edit OMP: VE-OMP-TEMP Click Update