Differences

This shows you the differences between two versions of the page.

--- cisco:labs:ios-xe:lab17 [2025/10/04 11:30] – Name
+++ cisco:labs:ios-xe:lab17 [2025/10/04 21:19] (current) – [Answer Section] Name
@@ Line 4: / Line 4: @@
   - Complete [[:cisco:labs:ios-xe:lab16|Lab 16: eBGP with OSPF underlay]]\\
-====Task Instructions:====
+====Task Instructions for r2 and r3:====
-  - Physical interfaces use a CIDR of /24.
+  - Configure an ACL to define which traffic to encrypt using the physical interfaces.
-  - Loopback interfaces use a CIDR of /32.
+  - Configure IKEv2 proposal.
-  - Use Loopback 0 as the router-id for OSPF and BGP.
+  - Configure IKEv2 policy.
-  - Configure r2 and r3 in OSPF Area 0.
+  - Configure IKEv2 keyring.
-  - Configure r1 and r2 in OSPF Area 1.
+  - Configure IKEv2 profile.
-  - Configure r3 and r4 in OSPF Area 2.
+  - Configure ipsec transform-set in tunnel mode.
-  - Verify OSPF database.
+  - Configure crypto ipsec-isakmp map.
-  - Verify all routers are able to ping each other.
+  - Configure the crypto map on the physical interface.
-  - Configure r1 in BGP AS 65000.
+  - Verify crypto ipsec sa (may need to ping neighbor first).
-  - Configure r4 in BGP AS 65001.
+  - Verify crypto IKEv2 sa.
-  - Configure r1 and r4 to form an eBGP neighborship.
+  - Verify crypto between r2 and r3 using Wirehsark (optional).
-  - Verify BGP neighborship is Established.
-{{:cisco:labs:ios-xe:lab_16_-_ebgp_with_ospf_underlay.png?500|}}
+{{:cisco:labs:ios-xe:lab_17_-_ebgp_with_ospf_underlay_and_ikev2_between_r2_and_r3.png?500|}}
 ====Answer Section====
 ===Task 1===
-r1
-<code>hostname r1
-!
-interface GigabitEthernet1
- no shutdown
- ip address 12.1.1.1 255.255.255.0</code>
 r2
-<code>hostname r2
+<code>ip access-list extended castle-acl
-!
+remark Permit statements equal traffic that shall be encrypted.
-interface GigabitEthernet1
+permit ip host 23.1.1.2 host 23.1.1.3</code>
- no shutdown
- ip address 12.1.1.2 255.255.255.0
-!
-interface GigabitEthernet2
- no shutdown
- ip address 23.1.1.2 255.255.255.0</code>
 r3
-<code>hostname r3
+<code>ip access-list extended castle-acl
-!
+remark Permit statements equal traffic that shall be encrypted.
-interface GigabitEthernet1
+permit ip host 23.1.1.3 host 23.1.1.2</code>
- no shutdown
- ip address 34.1.1.3 255.255.255.0
-!
-interface GigabitEthernet2
- no shutdown
- ip address 23.1.1.3 255.255.255.0</code>
-r4
-<code>hostname r4
-!
-interface GigabitEthernet1
- no shutdown
- ip address 34.1.1.4 255.255.255.0</code>
 ----
 ===Task 2===
-r1
-<code>interface Loopback0
- ip address 1.1.1.1 255.255.255.255</code>
 r2
-<code>interface Loopback0
+<code>crypto ikev2 proposal rook-proposal
- ip address 2.2.2.2 255.255.255.255</code>
+ encryption aes-cbc-256
+ integrity sha512
+ group 14</code>
 r3
-<code>interface Loopback0
+<code>crypto ikev2 proposal rook-proposal
- ip address 3.3.3.3 255.255.255.255</code>
+ encryption aes-cbc-256
-r4
+ integrity sha512
-<code>interface Loopback0
+ group 14</code>
- ip address 4.4.4.4 255.255.255.255</code>
+----
+===Task 3===
+r2
+<code>crypto ikev2 policy svpn-policy
+ proposal rook-proposal</code>
+r3
+<code>crypto ikev2 policy svpn-policy
+ proposal rook-proposal</code>
 ----
 ===Task 4===
 r2
-<code>router ospf 1
+<code>crypto ikev2 keyring lion-key
- router-id 2.2.2.2
+ peer peer-remote
- network 2.2.2.2 0.0.0.0 area 0
+  address 23.1.1.3
- network 23.1.1.2 0.0.0.0 area 0</code>
+  pre-shared-key cisco</code>
 r3
-<code>router ospf 1
+<code>crypto ikev2 keyring lion-key
- router-id 3.3.3.3
+ peer peer-remote
- network 3.3.3.3 0.0.0.0 area 0
+  address 23.1.1.2
- network 23.1.1.3 0.0.0.0 area 0</code>
+  pre-shared-key cisco</code>
 ----
 ===Task 5===
-r1
-<code>router ospf 1
- router-id 1.1.1.1
- network 1.1.1.1 0.0.0.0 area 1
- network 12.1.1.1 0.0.0.0 area 1</code>
 r2
-<code>router ospf 1
+<code>crypto ikev2 profile side-profile
- network 12.1.1.2 0.0.0.0 area 1</code>
+ match identity remote address 23.1.1.3 255.255.255.255
+ authentication remote pre-share
+ authentication local pre-share
+ keyring local lion-key</code>
+r3
+<code>crypto ikev2 profile side-profile
+ match identity remote address 23.1.1.2 255.255.255.255
+ authentication remote pre-share
+ authentication local pre-share
+ keyring local lion-key</code>
 ----
 ===Task 6===
+r2
+<code>crypto ipsec transform-set tset esp-aes esp-sha512-hmac
+ mode tunnel</code>
 r3
-<code>router ospf 1
+<code>crypto ipsec transform-set tset esp-aes esp-sha512-hmac
- network 34.1.1.3 0.0.0.0 area 2</code>
+ mode tunnel</code>
-r4
-<code>router ospf 1
- router-id 4.4.4.4
- network 4.4.4.4 0.0.0.0 area 2
- network 34.1.1.4 0.0.0.0 area 2</code>
 ----
 ===Task 7===
-r1
-<code>r1#show ip ospf database topology | b Summary
-                Summary Net Link States (Area 1)
-Link ID         ADV Router      Age         Seq#       Checksum
-.2.2.2         2.2.2.2         476         0x80000003 0x00F633
-.3.3.3         2.2.2.2         476         0x80000003 0x00D252
-.4.4.4         2.2.2.2         476         0x80000003 0x00AE71
-.1.1.0        2.2.2.2         717         0x80000007 0x00080D
-.1.1.0        2.2.2.2         476         0x80000007 0x008286</code>
 r2
-<code>r2#show ip ospf database topology | b Summary
+<code>crypto map svpn-map 10 ipsec-isakmp
-                Summary Net Link States (Area 0)
+ set peer 23.1.1.3
+ set transform-set tset
+ set pfs group14
+ set ikev2-profile side-profile
+ match address castle-acl</code>
+r3
+<code>crypto map svpn-map 10 ipsec-isakmp
+ set peer 23.1.1.2
+ set transform-set tset
+ set pfs group14
+ set ikev2-profile side-profile
+ match address castle-acl/code>
+----
+===Task 8===
+r2
+<code>interface GigabitEthernet2
+ crypto map svpn-map</code>
+r3
+<code>interface GigabitEthernet2
+ crypto map svpn-map</code>
+----
+===Task 9===
+r2
+<code>r2#show crypto ipsec sa
-Link ID         ADV Router      Age         Seq#       Checksum
+interface: GigabitEthernet2
-.1.1.1         2.2.2.2         755         0x80000003 0x002FFD
+    Crypto map tag: svpn-map, local addr 23.1.1.2
-.4.4.4         3.3.3.3         595         0x80000003 0x008696
-.1.1.0        2.2.2.2         755         0x80000003 0x009F84
-.1.1.0        3.3.3.3         595         0x80000005 0x005EA9
-                Router Link States (Area 1)
+   protected vrf: (none)
+   local  ident (addr/mask/prot/port): (23.1.1.2/255.255.255.255/0/0)
+   remote ident (addr/mask/prot/port): (23.1.1.3/255.255.255.255/0/0)
+   current_peer 23.1.1.3 port 500
+     PERMIT, flags={origin_is_acl,}
+    #pkts encaps: 8, #pkts encrypt: 8, #pkts digest: 8
+    #pkts decaps: 8, #pkts decrypt: 8, #pkts verify: 8
+    #pkts compressed: 0, #pkts decompressed: 0
+    #pkts not compressed: 0, #pkts compr. failed: 0
+    #pkts not decompressed: 0, #pkts decompress failed: 0
+    #send errors 0, #recv errors 0
-Link ID         ADV Router      Age         Seq#       Checksum Link count
+     local crypto endpt.: 23.1.1.2, remote crypto endpt.: 23.1.1.3
-.1.1.1         1.1.1.1         561         0x8000000E 0x00C326 2
+     plaintext mtu 1422, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet2
-.2.2.2         2.2.2.2         755         0x8000000D 0x007184 1
+     current outbound spi: 0xF48D2703(4102891267)
+     PFS (Y/N): N, DH group: none
-                Net Link States (Area 1)
+     inbound esp sas:
+      spi: 0xCDBEBD9A(3451829658)
+        transform: esp-aes esp-sha512-hmac ,
+        in use settings ={Tunnel, }
+        conn id: 2006, flow_id: CSR:6, sibling_flags FFFFFFFF80000048, crypto map: svpn-map
+         sa timing: remaining key lifetime (k/sec): (4607999/3594)
+        IV size: 16 bytes
+        replay detection support: Y
+        Status: ACTIVE(ACTIVE)
-Link ID         ADV Router      Age         Seq#       Checksum
+     inbound ah sas:
-.1.1.2        2.2.2.2         755         0x80000003 0x000E06
-                Summary Net Link States (Area 1)
+     inbound pcp sas:
-Link ID         ADV Router      Age         Seq#       Checksum
+     outbound esp sas:
-.2.2.2         2.2.2.2         514         0x80000003 0x00F633
+      spi: 0xF48D2703(4102891267)
-.3.3.3         2.2.2.2         514         0x80000003 0x00D252
+        transform: esp-aes esp-sha512-hmac ,
-.4.4.4         2.2.2.2         514         0x80000003 0x00AE71
+        in use settings ={Tunnel, }
-.1.1.0        2.2.2.2         755         0x80000007 0x00080D
+        conn id: 2005, flow_id: CSR:5, sibling_flags FFFFFFFF80000048, crypto map: svpn-map
-.1.1.0        2.2.2.2         514         0x80000007 0x008286</code>
+         sa timing: remaining key lifetime (k/sec): (4607999/3594)
+        IV size: 16 bytes
+        replay detection support: Y
+        Status: ACTIVE(ACTIVE)
+     outbound ah sas:
+     outbound pcp sas:</code>
 r3
-<code>r3#show ip ospf database topology | b Summary
+<code>r3#show crypto ipsec sa
-                Summary Net Link States (Area 0)
-Link ID         ADV Router      Age         Seq#       Checksum
+interface: GigabitEthernet2
-.1.1.1         2.2.2.2         756         0x80000003 0x002FFD
+    Crypto map tag: svpn-map, local addr 23.1.1.3
-.4.4.4         3.3.3.3         594         0x80000003 0x008696
-.1.1.0        2.2.2.2         756         0x80000003 0x009F84
-.1.1.0        3.3.3.3         594         0x80000005 0x005EA9
-                Router Link States (Area 2)
+   protected vrf: (none)
+   local  ident (addr/mask/prot/port): (23.1.1.3/255.255.255.255/0/0)
+   remote ident (addr/mask/prot/port): (23.1.1.2/255.255.255.255/0/0)
+   current_peer 23.1.1.2 port 500
+     PERMIT, flags={origin_is_acl,}
+    #pkts encaps: 8, #pkts encrypt: 8, #pkts digest: 8
+    #pkts decaps: 8, #pkts decrypt: 8, #pkts verify: 8
+    #pkts compressed: 0, #pkts decompressed: 0
+    #pkts not compressed: 0, #pkts compr. failed: 0
+    #pkts not decompressed: 0, #pkts decompress failed: 0
+    #send errors 0, #recv errors 0
-Link ID         ADV Router      Age         Seq#       Checksum Link count
+     local crypto endpt.: 23.1.1.3, remote crypto endpt.: 23.1.1.2
-.3.3.3         3.3.3.3         594         0x80000005 0x00E4E1 1
+     plaintext mtu 1422, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet2
-.4.4.4         4.4.4.4         338         0x80000006 0x006F2D 2
+     current outbound spi: 0xCDBEBD9A(3451829658)
+     PFS (Y/N): N, DH group: none
-                Net Link States (Area 2)
+     inbound esp sas:
+      spi: 0xF48D2703(4102891267)
+        transform: esp-aes esp-sha512-hmac ,
+        in use settings ={Tunnel, }
+        conn id: 2005, flow_id: CSR:5, sibling_flags FFFFFFFF80000048, crypto map: svpn-map
+         sa timing: remaining key lifetime (k/sec): (4607999/3508)
+        IV size: 16 bytes
+        replay detection support: Y
+        Status: ACTIVE(ACTIVE)
-Link ID         ADV Router      Age         Seq#       Checksum
+     inbound ah sas:
-.1.1.4        4.4.4.4         338         0x80000003 0x00479C
-                Summary Net Link States (Area 2)
+     inbound pcp sas:
-Link ID         ADV Router      Age         Seq#       Checksum
+     outbound esp sas:
-.1.1.1         3.3.3.3         594         0x80000003 0x001B0D
+      spi: 0xCDBEBD9A(3451829658)
-.2.2.2         3.3.3.3         594         0x80000003 0x00E242
+        transform: esp-aes esp-sha512-hmac ,
-.3.3.3         3.3.3.3         594         0x80000003 0x00AA77
+        in use settings ={Tunnel, }
-.1.1.0        3.3.3.3         594         0x80000003 0x008B93
+        conn id: 2006, flow_id: CSR:6, sibling_flags FFFFFFFF80000048, crypto map: svpn-map
-.1.1.0        3.3.3.3         594         0x80000003 0x00F123</code>
+         sa timing: remaining key lifetime (k/sec): (4607999/3508)
-r4
+        IV size: 16 bytes
-<code>r4#show ip ospf database topology | b Summary
+        replay detection support: Y
-                Summary Net Link States (Area 2)
+        Status: ACTIVE(ACTIVE)
-Link ID         ADV Router      Age         Seq#       Checksum
+     outbound ah sas:
-.1.1.1         3.3.3.3         595         0x80000003 0x001B0D
-.2.2.2         3.3.3.3         595         0x80000003 0x00E242
+     outbound pcp sas:</code>
-.3.3.3         3.3.3.3         595         0x80000003 0x00AA77
+* Notice the inbound and outbound esp sas are populated.
-.1.1.0        3.3.3.3         595         0x80000003 0x008B93
-.1.1.0        3.3.3.3         595         0x80000003 0x00F123</code>
 ----
-===Task 8===
+===Task 10===
-r1
-<code>r1#ping 1.1.1.1
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r1#ping 2.2.2.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
-r1#ping 3.3.3.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
-r1#ping 4.4.4.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
-r1#ping 12.1.1.1
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r1#ping 12.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r1#ping 23.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r1#ping 23.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r1#ping 34.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
-r1#ping 34.1.1.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms</code>
 r2
-<code>r2#ping 1.1.1.1
+<code>r2#show crypto ikev2 sa
-Type escape sequence to abort.
+ IPv4 Crypto IKEv2  SA
-Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
-!!!!!
+Tunnel-id Local                 Remote                fvrf/ivrf            Status
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
+         23.1.1.2/500          23.1.1.3/500          none/none            READY
-r2#ping 2.2.2.2
+      Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH Grp:14, Auth sign: PSK, Auth verify: PSK
-Type escape sequence to abort.
+      Life/Active Time: 86400/411 sec</code>
-Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
-r2#ping 3.3.3.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r2#ping 4.4.4.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
-r2#ping 12.1.1.1
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r2#ping 12.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r2#ping 23.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r2#ping 23.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r2#ping 34.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r2#ping 34.1.1.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms</code>
 r3
-<code>r3#ping 1.1.1.1
+<code>r3#show crypto ikev2 sa
-Type escape sequence to abort.
+ IPv4 Crypto IKEv2  SA
-Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
-!!!!!
+Tunnel-id Local                 Remote                fvrf/ivrf            Status
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
+         23.1.1.3/500          23.1.1.2/500          none/none            READY
-r3#ping 2.2.2.2
+      Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH Grp:14, Auth sign: PSK, Auth verify: PSK
-Type escape sequence to abort.
+      Life/Active Time: 86400/449 sec</code>
-Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r3#ping 3.3.3.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r3#ping 4.4.4.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r3#ping 12.1.1.1
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r3#ping 12.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r3#ping 23.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r3#ping 23.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r3#ping 34.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r3#ping 34.1.1.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms</code>
-r4
-<code>r4#ping 1.1.1.1
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
-r4#ping 2.2.2.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
-r4#ping 3.3.3.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r4#ping 4.4.4.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r4#ping 12.1.1.1
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
-r4#ping 12.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
-r4#ping 23.1.1.2
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.2, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
-r4#ping 23.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r4#ping 34.1.1.3
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.3, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
-r4#ping 34.1.1.4
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 34.1.1.4, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms</code>
-----
-===Task 9===
-r1
-<code>router bgp 65000
- bgp router-id 1.1.1.1</code>
-----
-===Task 10===
-r4
-<code>router bgp 65001
- bgp router-id 4.4.4.4</code>
 ----
 ===Task 11===
-r1
+{{:cisco:labs:ios-xe:lab_17_-_ss1.png?500|}}
-<code>router bgp 65000
+  * In a later lab, all transit traffic will be encrypted through a tunnel interface.
- neighbor 4.4.4.4 remote-as 65001
- neighbor 4.4.4.4 ebgp-multihop 3
- neighbor 4.4.4.4 update-source Loopback0</code>
-r4
-<code>router bgp 65001
- neighbor 1.1.1.1 remote-as 65000
- neighbor 1.1.1.1 ebgp-multihop 3
- neighbor 1.1.1.1 update-source Loopback0</code>
-----
-===Task 12===
-r1
-<code>r1#show ip bgp nei | i BGP neighbor is|BGP state
-BGP neighbor is 4.4.4.4,  remote AS 65001, external link
-  BGP state = Established, up for 01:11:12</code>
-r4
-<code>r4#show ip bgp nei | i BGP neighbor is|BGP state
-BGP neighbor is 1.1.1.1,  remote AS 65000, external link
-  BGP state = Established, up for 01:11:12</code>
 ----
 =====Backlinks=====
 [[:cisco|Cisco]]\\

Tim's Technology Gauntlet Wiki

User Tools

Site Tools

Differences

Page Tools