Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Example: Configuring Layer 2 and Layer 3 Network Services for the Midsize Enterprise Campus

This example details the configuration for BGP and OSPF routing, as well as multicast and DHCP relay for campus networks. This is based on a validated design architecture.

Requirements

Table 17 shows the hardware and software requirements for this example.Table 18 shows the scaling and performance targets used for this example.

Table 17: Hardware and Software Requirements

Hardware

Device Name

Software

MX240

cs-edge-r01, cs-edge-r02

13.2 R2.4

SRX650

cs-edge-fw-01, cs-edge-fw02

12.1 X44-D39.4

EX9214

cs-core-sw01, cs-core-sw02

13.2 R3.7

EX4550

cs-agg-01

12.3 R3.4

EX2200

cs-2200-ab5

12.3 R3.4

EX3300

cs-3300-ab4

12.3 R3.4

EX4200

cs-4200-ab1

12.3 R3.4

EX4300

cs-4300-ab2, cs-4300-ab3

13.2 X51-D21.1

Table 18: Node Features and Performance/Scalability

Node

Features

Performance/Scalability Target Value

Edge (MX240, SRX650)

MC-LAG, OSPF, BGP, IRB

3k IPv4

Core (EX9214 )

VLANs, MC-LAG, LAG, IGMP snooping, OSPF, PIM-SM, IGMP, DHCP relay, IRB

3k IPv4 routes

128k MAC table entries

16k ARP entries

Aggregation (EX4550)

VLANs, LAG, IGMP snooping, OSPF, PIM-SM, IGMP, DHCP relay, RVI

3k IPv4 routes

5 IGMP groups

Access (EX3300, EX4300, EX4200)

VLANs, LAG, 802.1X, IGMP snooping, DHCP snooping, ARP inspection, IP source guard

55k MAC table entries

13k 8021.x users

5 IGMP groups

The configuration details that follow assume that:

  • All physical cabling necessary has been completed.
  • All basic logical interfaces have been configured.
  • All devices have loopback interfaces configured.

Overview

This configuration example details advanced Layer 2 and Layer 3 connectivity that has been validated to support a modern enterprise campus. The campus is designed to scale and facilitate connectivity for an assortment of wired devices to the network.

Topology

The midsize enterprise campus design is comprised of separate modules: edge, core, access, and aggregation. After the Layer 3 interfaces have been configured, the dynamic routing protocols can then be provisioned. BGP is used at the edge, and OSPF is used inside the campus network. Figure 12 shows the routing topology used.

Figure 12: Routing Topology Diagram

Routing Topology Diagram

Configuration

To configure Layer 2 and Layer 3 network services for the midsize enterprise campus, perform these tasks:

Configuring Layer 3 Interfaces for the Midsize Enterprise Campus

Step-by-Step Procedure

To configure Layer 3 interfaces for the midsize enterprise campus, follow these steps:

  1. Configure bridge-domains on edge devices.

    This configuration was used for cs-edge-r01 and cs-edge-r02.

    [edit]user@host# set bridge-domains bd1 domain-type bridgeuser@host# set bridge-domains bd1 vlan-id 601user@host# set bridge-domains bd1 interface ae1.0user@host# set bridge-domains bd1 interface ae3.0user@host# set bridge-domains bd1 interface ae4.0user@host# set bridge-domains bd1 routing-interface irb.601user@host# set bridge-domains bd1 bridge-options interface ae4.0 static-mac 3c:8a:b0:cf:1f:f0

    In this example, the SRX cluster sends traffic to either cs-edge-r01 or cs-edge-r02 using the IRB 601 MAC address for routing the packet. (The IRB 601 MAC address on cs-edge-r01 is different than the IRB 601 MAC address on cs-edge-r02.) The reth1 interface on the SRX cluster is a single LAG. The LAG address hashing results in a packet destined to the cs-edge-r01 MAC address being sent to cs-edge-r02. In an MC-LAG configuration, MAC address learning does not occur on the ICL link. As a result, cs-edge-r02 floods the packet on VLAN 601.

    To avoid flooding on VLAN 601, we specified the MAC address for cs-edge-r01 in the static-macoption on cs-edge-r02 and vice versa. Now when a packet destined to cs-edge-r01 arrives at cs-edge-r02, cs-edge-r02 sends the packet to cs-edge-r01 using the static MAC address configured.

  2. Configure IRB interfaces on edge devices for dynamic routing.

    This configuration was used for cs-edge-r01 and cs-edge-r02.

    [edit]user@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 arp 172.16.33.11 l2-interface ae0.1user@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 arp 172.16.33.11 mac 3c:8a:b0:cf:1f:f0user@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 arp 172.16.33.11 publishuser@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 vrrp-group 1 virtual-address 172.16.33.9user@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 vrrp-group 1 priority 250user@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 vrrp-group 1 preemptuser@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 vrrp-group 1 accept-datauser@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 vrrp-group 1 authentication-type md5user@host# set interfaces irb unit 601 family inet address 172.16.33.10/29 vrrp-group 1 authentication-key "$9$nDoy9tOhSeX7V1R7VwYZG69A"
  3. Configure VLAN interfaces on the core.

    This configuration was used for cs-core-sw01 and cs-core-sw02.

    [edit]user@host# set vlans Firewall-trust vlan-id 600user@host# set vlans Firewall-trust l3-interface irb.600user@host# set vlans Firewall-trust domain-type bridgeuser@host# set vlans Firewall-trust switch-options interface ae29.0 static-mac 28:8a:1c:e3:f7:f0

    Note: The static-macoption on firewall-trust VLAN 600 prevents traffic arriving from the SRX cluster from flooding the VLAN.

    The SRX cluster sends traffic to both core switches using the IRB 600 MAC address for routing the packet. The IRB 600 MAC address is different on cs-core-sw1 from cs-core-sw2. Because the reth0 interface on the chassis cluster is a single LAG, the reth0 LAG address hashing results in a packet destined to the cs-core-sw1 MAC address being sent to cs-core-sw2. In an MC-LAG configuration, MAC address learning does not occur on the ICL link. As a result, cs-core-sw2 floods the packet on VLAN 600.

    To avoid flooding on VLAN 600, we specifed the MAC address for cs-core-sw1 in the static-macoption on cs-core-sw2 and the MAC address for cs-core-sw2 on cs-core-sw1 and vice versa. Now when a packet that was destined to cs-core-sw1 arrives at cs-core-sw2, cs-core-sw2 sends the packet to cs-core-sw1 using the static MAC address.

  4. Configure IRB interfaces on the core for dynamic routing.

    This configuration was used for cs-core-sw01 and cs-core-sw02.

    [edit]user@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 arp 172.16.33.2 l2-interface ae29.0user@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 arp 172.16.33.2 mac 28:8a:1c:e5:3b:f0user@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 vrrp-group 1 virtual-address 172.16.33.1user@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 vrrp-group 1 priority 125user@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 vrrp-group 1 preemptuser@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 vrrp-group 1 accept-datauser@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 vrrp-group 1 authentication-type md5user@host# set interfaces irb unit 600 family inet address 172.16.33.3/29 vrrp-group 1 authentication-key "$9$9FCMt0IylMNdsEcds24DjCtu"
  5. On the core devices, create client VLANs that map to the access.
    [edit]user@host# set vlans eng1_data_wired vlan-id 60user@host# set vlans eng1_data_wired domain-type bridge

    This example configuration is shown for one client VLAN. Configure this for all relevant client VLANs in your campus.

  6. Create the IRB interface in the VLAN.
    [edit]user@host# set interfaces irb unit 60 family inet address 10.32.0.3/20 arp 10.32.0.2 l2-interface ae29.0user@host# set interfaces irb unit 60 family inet address 10.32.0.3/20 arp 10.32.0.2 mac 28:8a:1c:e5:3b:f0
  7. Configure the IRB routing interface for client VLANs.
    [edit]user@host# set vlans eng1_data_wired l3-interface irb.60
  8. Add voice VLAN ports to access switches where needed.
    • On access devices that are EX4200, EX3300, and EX2200 switches the configuration is as follows:
      [edit]user@host# set ethernet-switching-options voip interface ge-0/0/42.0 vlan eng1_voice_wireduser@host# set ethernet-switching-options voip interface ge-0/0/42.0 forwarding-class voice
    • On access devices that are EX4300 switches the configuration is as follows:
      [edit]user@host# set switch-options voip interface ge-0/0/42.0 vlan eng1_voice_wired user@host# set switch-options voip interface ge-0/0/42.0 forwarding-class voice

Configuring DHCP Relay in Midsize Enterprise Campus

Step-by-Step Procedure

DHCP relay is set up in order to properly support DHCP clients downstream.

To configure DHCP relay:

  1. Configure DHCP relay in the aggregation.
    [edit]root@cs-agg-01# set forwarding-options helpers bootp server 172.16.4.102root@cs-agg-01# set forwarding-options helpers bootp interface vlan.202root@cs-agg-01# set forwarding-options helpers bootp interface ge-0/0/21root@cs-agg-01# set forwarding-options helpers bootp interface vlan.10
  2. Configure DHCP relay in the core.

    root@core-sw-01# set forwarding-options dhcp-relay forward-snooped-clients all-interfacesroot@core-sw-01# set forwarding-options dhcp-relay overrides allow-snooped-clientsroot@core-sw-01# set forwarding-options dhcp-relay server-group dhcp-srv 172.16.4.102root@core-sw-01# set forwarding-options dhcp-relay active-server-group dhcp-srvroot@core-sw-01# set forwarding-options dhcp-relay route-suppression destinationroot@core-sw-01# set forwarding-options dhcp-relay group all interface ge-2/0/4.0root@core-sw-01# set forwarding-options dhcp-relay group all interface irb.10

    The same configuration is placed on core-sw-02.

    Note: Configure dhcp-relay group all interface on all IRB interfaces in the core on both devices.

Configuring Multicast on Core Devices

Step-by-Step Procedure

To enabled multicast in the campus, multicast must be configured on the core, aggregation, and access.

To configure multicast on core devices:

  1. Enable tunnel services on campus core device core-sw01.
    [edit]user@cs-core-sw01# set chassis fpc 0 pic 0 tunnel-services bandwidth 10guser@cs-core-sw01# set chassis fpc 1 pic 0 tunnel-services bandwidth 10g
  2. Configure core device core-sw01 as the primary rendezvous point (RP).
    [edit]user@cs-core-sw01# set protocols pim rp bootstrap-priority 200 user@cs-core-sw01# set protocols pim rp local address 172.16.32.5

    Note: A higher number priority setting indicates the devices as the primary RP in the bootstrap configuration.

  3. Configure PIM on all Layer 3 and IRB interfaces on core-sw01.
    [edit]user@cs-core-sw01# set protocols pim interface irb.10 hello-interval 2 user@cs-core-sw01# set protocols pim interface lo0.0user@cs-core-sw01# set protocols pim interface xe-0/1/0.0 hello-interval 2user@cs-core-sw01# set protocols pim interface ae10.0 hello-interval 2user@cs-core-sw01# set protocols pim interface ae0.0 hello-interval 2
  4. Configure IGMP on core-sw-01.

    Configure IGMP query settings.

    [edit]user@cs-core-sw01# set protocols igmp query-interval 3user@cs-core-sw01# set protocols igmp query-response-interval 2

    Configure IGMP snooping on all VLAN interfaces.

    [edit]user@cs-core-sw01# set protocols igmp-snooping vlan eng1_data_wired interface ae29.0 multicast-router-interface user@cs-core-sw01# set multicast-snooping-options multichassis-lag-replicate-state

    Enable IGMP on IRB interfaces.

    [edit]user@cs-core-sw01# set protocols igmp interface irb.10

    Note: At the global level, IGMP join and leave messages are replicated from the active link to the standby link of an MC-LAG interface, which enables faster recovery of membership information after failover. This command synchronizes multicast state across MC-LAG neighbors when bridge domains are configured.

  5. Enable tunnel services on campus core device core-sw02.

    [edit]user@cs-core-sw02# set chassis fpc 0 pic 0 tunnel-services bandwidth 10guser@cs-core-sw02# set chassis fpc 1 pic 0 tunnel-services bandwidth 10g
  6. Configure core device core-sw02 as the secondary RP.
    [edit]user@cs-core-sw02# set protocols pim rp bootstrap-priority 100user@cs-core-sw02# set protocols pim rp local address 172.16.32.6

    Note: A lower priority setting indicates this devices is the secondary RP in the bootstrap configuration.

  7. Configure PIM on all Layer 3 and IRB interfaces on core-sw02.
    [edit]user@cs-core-sw02# set protocols pim interface irb.10 hello-interval 2user@cs-core-sw02# set protocols pim interface lo0.0user@cs-core-sw02# set protocols pim interface xe-0/1/0.0 hello-interval 2user@cs-core-sw02# set protocols pim interface ge-2/1/3.0user@cs-core-sw02# set protocols pim interface ae0.0 hello-interval 2
  8. Configure IGMP on core-sw-02.

    Configure IGMP query settings.

    [edit]user@cs-core-sw02# set protocols igmp query-interval 3user@cs-core-sw02# set protocols igmp query-response-interval 2

    Enable IGMP on all VLAN interfaces.

    [edit]user@cs-core-sw02# set protocols igmp-snooping vlan eng1_data_wired interface ae29.0 multicast-router-interface

    Enable IGMP on IRB interfaces.

    [edit]user@cs-core-sw02# set protocols igmp interface irb.10

Configuring Multicast on Aggregation and Access Devices

Step-by-Step Procedure

To enable multicast in the campus, multicast must be configured on the core, aggregation, and access.

To configure multicast on the aggregation and access devices (cs-agg-01, cs-4200-ab1, cs-4300-ab2, cs-4300-ab3, cs-3300-ab4, and cs-2200-ab5):

  1. Enable PIM.
    [edit]user@host# set protocols pim traceoptions file pim.loguser@host# set protocols pim traceoptions flag alluser@host# set protocols pim interface vlan.11user@host# set protocols pim interface xe-0/0/0.0 hello-interval 2user@host# set protocols pim interface xe-1/0/0.0 hello-interval 2
  2. Enable IGMP on all relevant VLANs connected to multicast clients.

    The following example is for one RVI:

    [edit]user@host# set protocols igmp interface vlan.10

    Note: Enable IGMP on all RVIs.

  3. Enable IGMP snooping on all VLAN interfaces.
    [edit]user@host# set protocols igmp-snooping vlan all

Configuring BGP Routing

Step-by-Step Procedure

The edge layer of the campus is defined where the ISP handoff occurs. Here, open standard EBGP is configured with two different ISP connections for ISP1 and ISP2, which are connected to cs-edge-r01 and cs-edge-r02, respectively. In this example, cs-edge-r01 and cs-edge-r02 peer to each other using IBGP with an export policy to enable next-hop self. The BGP local preference has been configured to prefer the ISP1 gateway connected to cs-edge-r01.

Client device Internet access is provided using source NAT on the edge firewall and forwarded to the edge routers for Internet access to service provider networks. Remote access users connecting from the Internet will use the public IP address of the VPN gateway, so the appliance hosting the gateway IP subnet is advertised to the Internet using the export policy from the edge routers. To support redundancy, each edge router is advertising the same prefix into the Internet.

To configure BGP routing:

  1. Configure cs-edge-r01 interface to connect to ISP1.
    [edit]user@cs-edge-r01# set interfaces ge-1/1/5 hold-time up 46000user@cs-edge-r01# set interfaces ge-1/1/5 hold-time down 100user@cs-edge-r01# set interfaces ge-1/1/5 unit 0 family inet address 192.168.168.5/30

    Note: The hold-time setting has been tuned on this interface to get better convergence. If this is not added, higher convergence might be observed because this interface could be waiting to receive traffic while the underlying MC-LAG has not yet converged.

  2. Configure BGP on cs-edge-r01.
    [edit]user@cs-edge-r01# set routing-options autonomous-system 64514 user@cs-edge-r01# set protocols bgp group ebgp-edge-r1 type externaluser@cs-edge-r01# set protocols bgp group ebgp-edge-r1 export exp-pub-net #Export 10.92.84.0/24 network for SA access to internetuser@cs-edge-r01# set protocols bgp group ebgp-edge-r1 peer-as 64512user@cs-edge-r01# set protocols bgp group ebgp-edge-r1 neighbor 192.168.168.6
  3. Configure IBGP peering on cs-edge-r01 to cs-edge-r02.
    [edit]user@cs-edge-r01# set protocols bgp group ibgp type internaluser@cs-edge-r01# set protocols bgp group ibgp local-preference 150user@cs-edge-r01# set protocols bgp group ibgp local-address 172.16.32.53user@cs-edge-r01# set protocols bgp group ibgp peer-as 64514user@cs-edge-r01# set protocols bgp group ibgp bfd-liveness-detection minimum-interval 300user@cs-edge-r01# set protocols bgp group ibgp neighbor 172.16.32.54
  4. Configure next-hop self.
    [edit]user@cs-edge-r01# set protocols bgp group ibgp export next-hop-self
  5. Configure the routing policy on cs-edge-r01 for remote access.
    [edit]user@cs-edge-r01# set policy-options policy-statement exp-pub-net from protocol ospfuser@cs-edge-r01# set policy-options policy-statement exp-pub-net from route-filter 10.92.84.0/24 exact acceptuser@cs-edge-r01# set policy-options policy-statement exp-pub-net then accept
  6. Configure the next-hop self policy.
    [edit]user@cs-edge-r01# set policy-options policy-statement next-hop-self term next-hop then next-hop self
  7. Configure BGP on cs-edge-r02.
    [edit]user@cs-edge-r02# set routing-options autonomous-system 64514 user@cs-edge-r02# set protocols bgp group ebgp-edge-r2 type externaluser@cs-edge-r02# set protocols bgp group ebgp-edge-r2 export exp-pub-netuser@cs-edge-r02# set protocols bgp group ebgp-edge-r2 peer-as 64513user@cs-edge-r02# set protocols bgp group ebgp-edge-r2 neighbor 192.168.168.10
  8. Configure IBGP peering on cs-edge-r02 to cs-edge-r01.
    [edit]user@cs-edge-r02# set protocols bgp group ibgp type internaluser@cs-edge-r02# set protocols bgp group ibgp local-address 172.16.32.54user@cs-edge-r02# set protocols bgp group ibgp export next-hop-selfuser@cs-edge-r02# set protocols bgp group ibgp peer-as 64514user@cs-edge-r02# set protocols bgp group ibgp bfd-liveness-detection minimum-interval 300user@cs-edge-r02# set protocols bgp group ibgp neighbor 172.16.32.53
  9. Configure the remote access policy on cs-edge-r02.
    [edit]user@cs-edge-r02# set policy-options policy-statement exp-pub-net from protocol ospfuser@cs-edge-r02# user@cs-edge-r02# set policy-options policy-statement exp-pub-net from route-filter 10.92.84.0/24 exact acceptuser@cs-edge-r02# set policy-options policy-statement exp-pub-net then accept
  10. Configure the next-hop self policy on cs-edge-r02.
    [edit]user@cs-edge-r02# set policy-options policy-statement next-hop-self term next-hop then next-hop self

Configuring OSPF Routing for the Midsize Enterprise Campus

Step-by-Step Procedure

This solution uses OSPF as the IGP protocol because of the widespread familiarity of the protocol.

Key configuration parameters:

  • Two OSPF areas (area 0 and area 1) are configured to localize the failure with the area boundary.
  • Edge routers and firewalls are configured with MC-LAG and IRB (Layer 3) interfaces in area 1 .
  • The link between core devices is in area 0.
  • The link between core devices, aggregation device, and WAN are in area 0.
  • Each core switch and edge router is to be configured with an OSPF priority of 255 and 254 to strictly enforce that the core and edge devices always become the designated router and backup designated router for that bridge domain.
  • All IRBs and VRRP addresses are advertised into OSPF as passive so that sessions do not get established.
  • Conditional-based default aggregate routes from edge routers are redistributed towards the core and other devices to connect to the Internet.
  • LFA is configured on all OSPF links to improve convergence.

To configure OSPF routing:

  1. Enable LFA on OSPF links.

    The following command should be configured on all devices that will participate in OSPF.

    [edit]user@host# set protocols ospf area 0.0.0.1 interface irb.600 node-link-protection

    The IRB participating in OSPF should also be set to LFA.

  2. Configure per-packet load balancing to allow the Packet Forward Engine to retain the LFA backup next hops.
    [edit]user@host# set policy-options policy-statement pplb then load-balance per-packetuser@host# set policy-options policy-statement pplb then accept
  3. Configure OSPF on edge devices, cs-edge-r01 and cs-edge-r02.
    [edit]user@host# set protocols ospf export ospf-default user@host# set protocols ospf reference-bandwidth 1000g user@host# set protocols ospf area 0.0.0.1 interface ae0.0 node-link-protectionuser@host# set protocols ospf area 0.0.0.1 interface ae0.0 priority 254
  4. Enable the BFD protection IRB routing interface on cs-edge-r01 and cs-edge-r02.
    [edit]user@host# set protocols ospf area 0.0.0.1 interface ae0.0 node-link-protectionuser@host# set protocols ospf area 0.0.0.1 interface ae0.0 priority 254user@host# set protocols ospf area 0.0.0.1 interface ae0.0 authentication md5 200 key "$9$E6OSlM7-waZj8XZjHqQzhSre8XNdb2oJ"user@host# set protocols ospf area 0.0.0.1 interface ae0.0 bfd-liveness-detection minimum-interval 300user@host# set protocols ospf area 0.0.0.1 interface ae0.0 bfd-liveness-detection detection-time threshold 2000user@host# set protocols ospf area 0.0.0.1 interface lo0.0user@host# set protocols ospf area 0.0.0.1 interface irb.601 node-link-protectionuser@host# set protocols ospf area 0.0.0.1 interface irb.601 priority 254user@host# set protocols ospf area 0.0.0.1 interface irb.601 authentication md5 200 key "$9$tPnx01hevLVwgSrwgoJHkp0BISrKM87db"user@host# set protocols ospf area 0.0.0.1 interface irb.601 bfd-liveness-detection minimum-interval 2400
  5. Configure the condition policy for the OSPF default route based on the BGP route on cs-edge-r01 and cs-edge-r02.
    [edit]user@host# set policy-options policy-statement ospf-default from protocol aggregateuser@host# set policy-options policy-statement ospf-default from route-filter 0.0.0.0/0 exactuser@host# set policy-options policy-statement ospf-default then external type 1user@host# user@host# set policy-options policy-statement ospf-default then acceptuser@host# set policy-options policy-statement filter-contributors term 1 from neighbor 192.168.168.6user@host# set policy-options policy-statement filter-contributors term 1 from next-hop 192.168.168.6user@host# set policy-options policy-statement filter-contributors term 1 then acceptuser@host# set policy-options policy-statement filter-contributors term 2 then rejectuser@host# set policy-options policy-statement pplb then load-balance per-packetuser@host# set policy-options policy-statement pplb then acceptuser@host# set routing-options generate route 0.0.0.0/0 policy filter-contributorsuser@host# set routing-options forwarding-table export pplb
  6. Configure OSPF on the edge firewall devices.
    [edit]user@host-fw# set protocols ospf export pub-networkuser@host-fw# set protocols ospf reference-bandwidth 1000guser@host-fw# set protocols ospf area 0.0.0.1 interface reth0.0 node-link-protectionuser@host-fw# set protocols ospf area 0.0.0.1 interface reth0.0 priority 255user@host-fw# set protocols ospf area 0.0.0.1 interface reth0.0 authentication md5 200 key "$9$69OnCpBcyKxNbIENbs2GU/CtuIESreWX7"user@host-fw# set protocols ospf area 0.0.0.1 interface reth0.0 bfd-liveness-detection minimum-interval 2400user@host-fw# set protocols ospf area 0.0.0.1 interface reth1.0 node-link-protectionuser@host-fw# set protocols ospf area 0.0.0.1 interface reth1.0 authentication md5 200 key "$9$qPT3ApBSrv69rvWLVb.P5Q69tuORcy"user@host-fw# set protocols ospf area 0.0.0.1 interface reth1.0 bfd-liveness-detection minimum-interval 2400
  7. Export the subnet used for source NAT to the edge firewall.
    [edit]user@host-fw# set policy-options policy-statement pub-network term 1 from protocol staticuser@host-fw# set policy-options policy-statement pub-network term 1 from route-filter 10.92.84.0/24 exact acceptuser@host-fw# set policy-options policy-statement pub-network term 1 to neighbor 172.16.33.10user@host-fw# set policy-options policy-statement pub-network term 1 to neighbor 172.16.33.11user@host-fw# set policy-options policy-statement pub-network term 1 then accept user@host-fw# set routing-options static route 10.92.84.0/24 receive
  8. Configure OSPF on the aggregation device.
    [edit]user@agg# set protocols ospf reference-bandwidth 1000guser@agg# set protocols ospf area 0.0.0.0 interface vlan.13 passiveuser@agg# set protocols ospf area 0.0.0.0 interface vlan.20 passive ## configure on all RVI’s##user@agg# set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 node-link-protectionuser@agg# user@agg# set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 priority 255user@agg# set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 authentication md5 100 key "$9$IEXhyKX7V4aUM8aUjH5TRhS"user@agg# set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 bfd-liveness-detection minimum-interval 300user@agg# set protocols ospf area 0.0.0.0 interface xe-1/0/0.0 node-link-protectionuser@agg# set protocols ospf area 0.0.0.0 interface xe-1/0/0.0 priority 255user@agg# set protocols ospf area 0.0.0.0 interface xe-1/0/0.0 authentication md5 100 key "$9$ZcDHmz39O1hfT1hSr8LGDi"user@agg# set protocols ospf area 0.0.0.0 interface xe-1/0/0.0 bfd-liveness-detection minimum-interval 300

Verification

Confirm that the configuration is working properly.

Verifying BGP Routing on Edge Devices

Purpose

Verify that BGP routing is configured properly and running on the edge devices.

Action

  • Check the BGP summary table on edge devices.
    root@cs-edge-r01# run show bgp summary
    Groups: 2 Peers: 2 Down peers: 0 Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending inet.0                        1          1          0          0          0          0 Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 172.16.32.34          64514      47618      47618       0       0     2w0d23h 0/0/0/0              0/0/0/0 192.168.168.6         64512      48034      48222       0       1  1d 1:47:05 1/1/1/0              0/0/0/0 
    root@cs-edge-r02# run show bgp summary
    Groups: 2 Peers: 2 Down peers: 0
    Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
    inet.0
                           2          1          0          0          0          0
    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    172.16.32.33          64514      47621      47622       0       0     2w0d23h 1/1/1/0              0/0/0/0
    192.168.168.10        64513      48580      48190       0       0     2w0d23h 0/1/1/0              0/0/0/0
    
    
  • Verify the routing table on cs-edge-r01. Check that the ISP1 route advertisement is received in the route table. Check that the ISP1 route is advertised as well.
    root@cs-edge-r01# run show route receive-protocol bgp 192.168.168.6
    inet.0: 165 destinations, 165 routes (165 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 172.16.32.49/32         192.168.168.6                           64512 64515 I
    
    
    root@cs-edge-r01# run show route advertising-protocol bgp 192.168.168.6
    inet.0: 165 destinations, 165 routes (165 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 10.92.84.0/24           Self                 0                  I 
    
  • Verify the routing table on cs-edge-r02. Check that the ISP2 route advertisement received is in the route table. Check that the ISP2 route is advertised as well.
    root@cs-edge-r02# run show route receive-protocol bgp 192.168.168.10
    inet.0: 165 destinations, 167 routes (165 active, 0 holddown, 1 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
      172.16.32.49/32         192.168.168.10                          64513 64515 I
    
    root@cs-edge-r02# run show route advertising-protocol bgp 192.168.168.10
    inet.0: 165 destinations, 167 routes (165 active, 0 holddown, 1 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 10.92.84.0/24           Self                 0                  I
    * 172.16.32.49/32         Self                                    64512 64515 I
    

Meaning

Confirm that dynamic routing protocols are running and that static and dynamic routes are properly learned and advertised.

Verifying OSPF Routing

Purpose

Verify that OSPF routing and LFA has been properly configured on devices.

Action

  • Verify that all OSPF sessions are up.
    root@cs-core-sw01# run show ospf neighbor
    Address          Interface              State     ID               Pri  Dead
    172.16.32.10     ae0.0                  Full      2.2.2.2          128    38
    172.16.32.58     ae10.0                 Full      172.16.32.97     255    30
    172.16.32.14     xe-0/1/0.0             Full      8.8.8.8          255    38
    172.16.32.22     xe-0/1/2.0             Full      9.9.9.9          255    30
    172.16.33.4      irb.600                Full      3.3.3.3          255    32
    172.16.33.2      irb.600                Full      2.2.2.2          255    32
    
    root@cs-core-sw02# run show ospf neighbor
    Address          Interface              State     ID               Pri  Dead
    172.16.32.9      ae0.0                  Full      1.1.1.1          128    31
    172.16.32.62     ae10.0                 Full      172.16.32.97     255    35
    172.16.32.18     xe-0/1/0.0             Full      8.8.8.8          255    36
    172.16.32.26     xe-0/1/2.0             Full      9.9.9.9          255    34
    172.16.33.4      irb.600                Full      3.3.3.3          255    33
    172.16.33.3      irb.600                Full      1.1.1.1          255    37
    
    root@cs-agg-01# run show ospf neighbor
    Address          Interface              State     ID               Pri  Dead
    172.16.32.13     xe-0/0/0.0             Full      1.1.1.1          255    38
    172.16.32.17     xe-1/0/0.0             Full      2.2.2.2          255    35
    
    root@cs-edge-fw01-node0# run show ospf neighbor
    Address          Interface              State     ID               Pri  Dead
    172.16.33.2      reth0.0                Full      2.2.2.2          255    39
    172.16.33.3      reth0.0                Full      1.1.1.1          255    32
    172.16.33.10     reth1.0                Full      4.4.4.4          254    38
    172.16.33.11     reth1.0                Full      5.5.5.5          254    37
    
    root@cs-edge-r01# run show ospf neighbor
    Address          Interface              State     ID               Pri  Dead
    172.16.32.42     ae0.0                  Full      5.5.5.5          254    39
    172.16.32.54     ge-1/1/4.0             Full      5.5.5.5          128    34
    172.16.33.12     irb.601                Full      3.3.3.3          128    39
    172.16.33.11     irb.601                Full      5.5.5.5          254    35
    
    root@cs-edge-r02# run show ospf neighbor
    Address          Interface              State     ID               Pri  Dead
    172.16.32.41     ae0.0                  Full      4.4.4.4          254    38
    172.16.32.53     ge-1/1/4.0             Full      4.4.4.4          128    38
    172.16.33.12     irb.601                Full      3.3.3.3          128    38
    172.16.33.10     irb.601                Full      4.4.4.4          254    35
    
  • Verify the OSPF conditional-based default route advertisement into OSPF.
    root@cs-core-sw01# run show route 0.0.0.0
    inet.0: 1012 destinations, 1012 routes (1012 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[OSPF/150] 04:41:12, metric 1500, tag 0
                        > to 172.16.33.4 via irb.600
    
    root@cs-edge-fw01-node0# run show route 0.0.0.0
    inet.0: 167 destinations, 168 routes (167 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[OSPF/150] 11:36:45, metric 500, tag 0
                        > to 172.16.33.10 via reth1.0
    
    
    root@cs-edge-r01# run show route 0.0.0.0
    inet.0: 165 destinations, 165 routes (165 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[Aggregate/130] 2w1d 00:34:35
                        > to 192.168.168.6 via ge-1/1/5.0
    
  • Verify the OSPF LFA routes.
    root@cs-core-sw01# run show ospf backup coverage
    Topology default coverage:
    
    Node Coverage:
    
    Area             Covered  Total  Percent
                       Nodes  Nodes  Covered
    0.0.0.0                3      4   75.00%
    0.0.0.1                0      4    0.00%
    
    Route Coverage:
    
    Path Type  Covered   Total  Percent
                Routes  Routes  Covered
    Intra           71     150   47.33%
    Inter            0       0  100.00%
    Ext1             0       1    0.00%
    Ext2             0       1    0.00%
    All             71     152   46.71%
    
    root@cs-agg-01# run show ospf backup coverage
    Topology default coverage:
    
    Node Coverage:
    
    Area             Covered  Total  Percent
                       Nodes  Nodes  Covered
    0.0.0.0                4      4  100.00%
    
    Route Coverage:
    
    Path Type  Covered   Total  Percent
                Routes  Routes  Covered
    Intra           99     142   69.72%
    Inter            8       8  100.00%
    Ext1             1       1  100.00%
    Ext2             1       1  100.00%
    All            109     152   71.71%
    

Meaning

Confirm the OSPF is configured properly and advertising routes from IBGP. LFA is enabled and working properly.

Verifying DHCP Relay

Purpose

Verify that DHCP relay has been properly configured and enabled on devices.

Action

  • Verify DHCP relay information on aggregation device.
    root@cs-agg-01# run show helper statistics
     BOOTP:
      Received packets: 4435
      Forwarded packets: 4435
      Dropped packets: 0
        Due to no interface in DHCP Relay database: 0
        Due to no matching routing instance: 0
        Due to an error during packet read: 0
        Due to an error during packet send: 0
        Due to invalid server address: 0
        Due to no valid local address: 0
        Due to no route to server/client: 0
    
  • Verify DHCP relay on the core devices.
    root@cs-core-sw01# run show dhcp relay binding summary
    1862 clients, (0 init, 1855 bound, 0 selecting, 0 requesting, 0 renewing, 7 rebinding, 0 releasing)
    
    root@cs-core-sw01# run show dhcp relay binding | match ae3.0
    10.32.0.57        2981        00:10:94:00:04:47  670489      BOUND      ae3.0
    10.16.0.53        2982        00:10:94:00:04:48  670489      BOUND      ae3.0
    10.17.0.52        2983        00:10:94:00:04:49  670489      BOUND      ae3.0
    10.32.0.55        2980        00:10:94:00:64:01  670489      BOUND      ae3.0
    10.32.17.23       2995        00:22:22:00:04:0b  670592      BOUND      ae3.0
    10.32.17.20       2997        00:22:22:00:04:0c  670592      BOUND      ae3.0
    10.32.17.19       2996        00:22:22:00:04:0d  670592      BOUND      ae3.0
    10.32.17.14       2999        00:22:22:00:04:0e  670592      BOUND      ae3.0
    
    

Meaning

Confirm that DHCP relay is configured properly and has been enabled.

Verifying Multicast in the Midsize Enterprise Campus

Purpose

Verify that multicast has been properly configured on devices.

Action

  • Verify multicast routing on the aggregation device.
    root@cs-agg-01# run show multicast route
    Instance: master Family: INET
    
    Group: 230.1.1.1
        Source: 172.16.34.10/32
        Upstream interface: xe-0/0/0.0
        Downstream interface list:
            vlan.20 vlan.30 vlan.50 vlan.60
    
    Group: 230.1.1.2
        Source: 172.16.34.10/32
        Upstream interface: xe-0/0/0.0
        Downstream interface list:
            vlan.20 vlan.30 vlan.50 vlan.60
    
    Group: 230.1.1.3
        Source: 172.16.34.10/32
        Upstream interface: xe-0/0/0.0
        Downstream interface list:
            vlan.20 vlan.30 vlan.50 vlan.60
    
    Group: 230.1.1.4
        Source: 172.16.34.10/32
        Upstream interface: xe-0/0/0.0
        Downstream interface list:
            vlan.20 vlan.30 vlan.50 vlan.60
    
    Group: 230.1.1.5
        Source: 172.16.34.10/32
        Upstream interface: xe-0/0/0.0
        Downstream interface list:
            vlan.20 vlan.30 vlan.50 vlan.60
    
    Instance: master Family: INET6
    
    
  • Verify PIM neighbors and PIM interfaces on the aggregation device.
    root@cs-agg-01# run show pim neighbors
    B = Bidirectional Capable, G = Generation Identifier
    H = Hello Option Holdtime, L = Hello Option LAN Prune Delay,
    P = Hello Option DR Priority, T = Tracking Bit
    
    Instance: PIM.master
    Interface           IP V Mode        Option       Uptime Neighbor addr
    xe-0/0/0.0           4 2             HPLGT   1d 07:03:44 172.16.32.13
    xe-1/0/0.0           4 2             HPLGT   3d 09:02:54 172.16.32.17
    
    root@cs-agg-01# run show pim interfaces
    Stat = Status, V = Version, NbrCnt = Neighbor Count,
    S = Sparse, D = Dense, B = Bidirectional,
    DR = Designated Router, P2P = Point-to-point link,
    Active = Bidirectional is active, NotCap = Not Bidirectional Capable
    
    Name               Stat Mode IP V State        NbrCnt JoinCnt(sg/*g) DR address
    pime.32769         Up   S     4 2 P2P,NotCap        0 0/0
    pime.32770         Up   S     4 2 P2P,NotCap        0 0/0
    vlan.10            Up   S     4 2 DR,NotCap         0 0/0            10.48.0.1
    vlan.100           Up   S     4 2 DR,NotCap         0 0/0            10.68.0.1
    vlan.101           Up   S     4 2 DR,NotCap         0 0/0            10.68.16.1
    vlan.102           Up   S     4 2 DR,NotCap         0 0/0            10.68.32.1
    vlan.103           Up   S     4 2 DR,NotCap         0 0/0            10.68.48.1
    vlan.11            Up   S     4 2 DR,NotCap         0 0/0            10.48.16.1
    vlan.12            Up   S     4 2 DR,NotCap         0 0/0            10.48.32.1
    vlan.13            Up   S     4 2 DR,NotCap         0 0/0            10.48.48.1
    vlan.20            Up   S     4 2 DR,NotCap         0 0/0            10.49.0.1
    vlan.202           Up   S     4 2 DR,NotCap         0 0/0            172.16.144.1
    vlan.21            Up   S     4 2 DR,NotCap         0 0/0            10.49.4.1
    vlan.22            Up   S     4 2 DR,NotCap         0 0/0            10.49.8.1
    vlan.23            Up   S     4 2 DR,NotCap         0 0/0            10.49.12.1
    vlan.30            Up   S     4 2 DR,NotCap         0 0/0            10.49.64.1
    vlan.31            Up   S     4 2 DR,NotCap         0 0/0            10.49.68.1
    vlan.32            Up   S     4 2 DR,NotCap         0 0/0            10.49.72.1
    vlan.33            Up   S     4 2 DR,NotCap         0 0/0            10.49.76.1
    vlan.40            Up   S     4 2 DR,NotCap         0 0/0            10.49.128.1
    vlan.41            Up   S     4 2 DR,NotCap         0 0/0            10.49.132.1
    vlan.42            Up   S     4 2 DR,NotCap         0 0/0            10.49.136.1
    vlan.43            Up   S     4 2 DR,NotCap         0 0/0            10.49.140.1
    vlan.50            Up   S     4 2 DR,NotCap         0 0/0            10.50.0.1
    vlan.51            Up   S     4 2 DR,NotCap         0 0/0            10.50.16.1
    vlan.52            Up   S     4 2 DR,NotCap         0 0/0            10.50.32.1
    vlan.53            Up   S     4 2 DR,NotCap         0 0/0            10.50.48.1
    vlan.60            Up   S     4 2 DR,NotCap         0 0/0            10.64.0.1
    vlan.61            Up   S     4 2 DR,NotCap         0 0/0            10.64.16.1
    vlan.62            Up   S     4 2 DR,NotCap         0 0/0            10.64.32.1
    vlan.63            Up   S     4 2 DR,NotCap         0 0/0            10.64.48.1
    vlan.70            Up   S     4 2 DR,NotCap         0 0/0            10.65.0.1
    vlan.71            Up   S     4 2 DR,NotCap         0 0/0            10.65.16.1
    vlan.72            Up   S     4 2 DR,NotCap         0 0/0            10.65.32.1
    vlan.73            Up   S     4 2 DR,NotCap         0 0/0            10.65.48.1
    vlan.80            Up   S     4 2 DR,NotCap         0 0/0            10.66.0.1
    vlan.81            Up   S     4 2 DR,NotCap         0 0/0            10.66.16.1
    vlan.82            Up   S     4 2 DR,NotCap         0 0/0            10.66.32.1
    vlan.83            Up   S     4 2 DR,NotCap         0 0/0            10.66.48.1
    vlan.90            Up   S     4 2 DR,NotCap         0 0/0            10.67.0.1
    vlan.91            Up   S     4 2 DR,NotCap         0 0/0            10.67.16.1
    vlan.92            Up   S     4 2 DR,NotCap         0 0/0            10.67.32.1
    vlan.93            Up   S     4 2 DR,NotCap         0 0/0            10.67.48.1
    xe-0/0/0.0         Up   S     4 2 DR,NotCap         1 0/5            172.16.32.14
    xe-1/0/0.0         Up   S     4 2 DR,NotCap         1 0/0            172.16.32.18
    
  • Verify PIM rendezvous points on the aggregation device.
    root@cs-agg-01# run show pim rps
    Instance: PIM.master
    
    address-family INET
    RP address      Type        Mode   Holdtime Timeout Groups Group prefixes
    172.16.32.5     bootstrap   sparse      150     131      5 224.0.0.0/4
    172.16.32.6     bootstrap   sparse      150     131      0 224.0.0.0/4
    
    address-family INET6
    
  • Verify IGMP interfaces and IGMP snooping on the aggregation device.
    root@cs-agg-01# run show igmp interface
    Interface: vlan.10
        Querier: 10.48.0.1
        State:         Up Timeout:    None Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: vlan.11
        Querier: 10.48.16.1
        State:         Up Timeout:    None Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: vlan.12
        Querier: 10.48.32.1
        State:         Up Timeout:    None Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: vlan.13
        Querier: 10.48.48.1
        State:         Up Timeout:    None Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: vlan.20
        Querier: 10.49.0.1
        State:         Up Timeout:    None Version:  2 Groups:      5
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    
    root@cs-agg-01# run show igmp-snooping membership
     VLAN: Radius-vlan
    VLAN: default
    VLAN: eng1_data_wired
        230.1.1.1      *
            Interfaces: ae4.0, ae5.0
        230.1.1.2      *
            Interfaces: ae4.0, ae5.0
        230.1.1.3      *
            Interfaces: ae4.0, ae5.0
        230.1.1.4      *
            Interfaces: ae4.0, ae5.0
        230.1.1.5      *
            Interfaces: ae4.0, ae5.0
    VLAN: eng1_data_wireless
    VLAN: eng1_voice_wired
    VLAN: eng1_voice_wireless
    :
    :
    :
    VLAN: exec_voice_wireless
    VLAN: finance_data_wired
        230.1.1.1      *
            Interfaces: ae4.0
        230.1.1.2      *
            Interfaces: ae4.0
        230.1.1.3      *
            Interfaces: ae4.0
        230.1.1.4      *
            Interfaces: ae4.0
        230.1.1.5      *
            Interfaces: ae4.0
    VLAN: finance_data_wireless
    VLAN: finance_voice_wired
    VLAN: finance_voice_wireless
    VLAN: guest
    VLAN: guest_cap
    VLAN: legal_data_wired
        230.1.1.1      *
            Interfaces: ae4.0
        230.1.1.2      *
            Interfaces: ae4.0
        230.1.1.3      *
            Interfaces: ae4.0
        230.1.1.4      *
            Interfaces: ae4.0
        230.1.1.5      *
            Interfaces: ae4.0
    VLAN: legal_data_wireless
    VLAN: legal_voice_wired
    VLAN: legal_voice_wireless
    VLAN: marketing_data_wired
        230.1.1.1      *
            Interfaces: ae5.0
        230.1.1.2      *
            Interfaces: ae5.0
        230.1.1.3      *
            Interfaces: ae5.0
        230.1.1.4      *
            Interfaces: ae5.0
        230.1.1.5      *
            Interfaces: ae5.0
    VLAN: remediation
    
  • Verify multicast routing on the core devices.
    root@cs-core-sw01# run show multicast route
    Instance: master Family: INET
    
    Group: 230.1.1.1
        Source: 172.16.34.10/32
        Upstream interface: ae10.0
        Downstream interface list:
            irb.10 irb.20 irb.30 irb.50 irb.60 xe-0/1/0.0
    
    Group: 230.1.1.2
        Source: 172.16.34.10/32
        Upstream interface: ae10.0
        Downstream interface list:
            irb.10 irb.20 irb.30 irb.50 irb.60 xe-0/1/0.0
    
    Group: 230.1.1.3
        Source: 172.16.34.10/32
        Upstream interface: ae10.0
        Downstream interface list:
            irb.10 irb.20 irb.30 irb.50 irb.60 xe-0/1/0.0
    
    Group: 230.1.1.4
        Source: 172.16.34.10/32
        Upstream interface: ae10.0
        Downstream interface list:
            irb.10 irb.20 irb.30 irb.50 irb.60 xe-0/1/0.0
    
    Group: 230.1.1.5
        Source: 172.16.34.10/32
        Upstream interface: ae10.0
        Downstream interface list:
            irb.10 irb.20 irb.30 irb.50 irb.60 xe-0/1/0.0
    
    Instance: master Family: INET6
    
  • Verify PIM neighbors, PIM interfaces, and PIM joins on the core devices.
    root@cs-core-sw01# run show pim neighbors
    B = Bidirectional Capable, G = Generation Identifier
    H = Hello Option Holdtime, L = Hello Option LAN Prune Delay,
    P = Hello Option DR Priority, T = Tracking Bit
    
    Instance: PIM.master
    Interface           IP V Mode        Option       Uptime Neighbor addr
    ae0.0                4 2             HPLGT   1d 07:05:55 172.16.32.10
    ae10.0               4 2             HPLGT   1d 07:05:55 172.16.32.58
    irb.10               4 2             HPLGT   1d 07:05:55 10.16.0.2
    irb.100              4 2             HPLGT   1d 07:05:55 10.36.0.2
    irb.101              4 2             HPLGT   1d 07:05:55 10.36.16.2
    irb.102              4 2             HPLGT   1d 07:05:55 10.36.32.2
    irb.103              4 2             HPLGT   1d 07:05:55 10.36.48.2
    irb.11               4 2             HPLGT   1d 07:05:55 10.16.16.2
    irb.12               4 2             HPLGT   1d 07:05:55 10.16.32.2
    irb.13               4 2             HPLGT   1d 07:05:55 10.16.48.2
    irb.20               4 2             HPLGT   1d 07:05:55 10.17.0.2
    irb.201              4 2             HPLGT   1d 07:05:55 172.16.128.2
    irb.21               4 2             HPLGT   1d 07:05:55 10.17.4.2
    irb.22               4 2             HPLGT   1d 07:05:55 10.17.8.2
    irb.23               4 2             HPLGT   1d 07:05:55 10.17.12.2
    irb.30               4 2             HPLGT   1d 07:05:55 10.17.64.2
    irb.31               4 2             HPLGT   1d 07:05:55 10.17.68.2
    irb.32               4 2             HPLGT   1d 07:05:55 10.17.72.2
    irb.33               4 2             HPLGT   1d 07:05:55 10.17.76.2
    irb.40               4 2             HPLGT   1d 07:05:55 10.17.128.2
    irb.41               4 2             HPLGT   1d 07:05:55 10.17.132.2
    irb.42               4 2             HPLGT   1d 07:05:55 10.17.136.2
    irb.43               4 2             HPLGT   1d 07:05:55 10.17.140.2
    irb.50               4 2             HPLGT   1d 07:05:55 10.18.0.2
    irb.51               4 2             HPLGT   1d 07:05:55 10.18.16.2
    irb.52               4 2             HPLGT   1d 07:05:55 10.18.32.2
    irb.53               4 2             HPLGT   1d 07:05:55 10.18.48.2
    irb.60               4 2             HPLGT   1d 07:05:55 10.32.0.2
    irb.61               4 2             HPLGT   1d 07:05:55 10.32.16.2
    irb.62               4 2             HPLGT   1d 07:05:55 10.32.32.2
    irb.63               4 2             HPLGT   1d 07:05:55 10.32.48.2
    irb.70               4 2             HPLGT   1d 07:05:55 10.33.0.2
    irb.71               4 2             HPLGT   1d 07:05:55 10.33.16.2
    irb.72               4 2             HPLGT   1d 07:05:55 10.33.32.2
    irb.73               4 2             HPLGT   1d 07:05:55 10.33.48.2
    irb.80               4 2             HPLGT   1d 07:05:55 10.34.0.2
    irb.81               4 2             HPLGT   1d 07:05:55 10.34.16.2
    irb.82               4 2             HPLGT   1d 07:05:55 10.34.32.2
    irb.83               4 2             HPLGT   1d 07:05:55 10.34.48.2
    irb.90               4 2             HPLGT   1d 07:05:55 10.35.0.2
    irb.91               4 2             HPLGT   1d 07:05:55 10.35.16.2
    irb.92               4 2             HPLGT   1d 07:05:55 10.35.32.2
    irb.93               4 2             HPLGT   1d 07:05:55 10.35.48.2
    xe-0/1/0.0           4 2             HPLGT   1d 07:05:55 172.16.32.14
                                                     
    root@cs-core-sw01# run show pim interfaces
    Stat = Status, V = Version, NbrCnt = Neighbor Count,
    S = Sparse, D = Dense, B = Bidirectional,
    DR = Designated Router, P2P = Point-to-point link,
    Active = Bidirectional is active, NotCap = Not Bidirectional Capable
    
    Name               Stat Mode IP V State        NbrCnt JoinCnt(sg/*g) DR address
    ae0.0              Up   S     4 2 NotDR,NotCap        1 0/0            172.16.32.10
    ae10.0             Up   S     4 2 NotDR,NotCap        1 0/0            172.16.32.58
    irb.10             Up   S     4 2 DR,NotCap           1 0/0            10.16.0.3
    irb.100            Up   S     4 2 DR,NotCap           1 0/0            10.36.0.3
    irb.101            Up   S     4 2 DR,NotCap           1 0/0            10.36.16.3
    irb.102            Up   S     4 2 DR,NotCap           1 0/0            10.36.32.3
    irb.103            Up   S     4 2 DR,NotCap           1 0/0            10.36.48.3
    irb.11             Up   S     4 2 DR,NotCap           1 0/0            10.16.16.3
    irb.12             Up   S     4 2 DR,NotCap           1 0/0            10.16.32.3
    irb.13             Up   S     4 2 DR,NotCap           1 0/0            10.16.48.3
    irb.20             Up   S     4 2 DR,NotCap           1 0/0            10.17.0.3
    irb.201            Up   S     4 2 DR,NotCap           1 0/0            172.16.128.3
    irb.21             Up   S     4 2 DR,NotCap           1 0/0            10.17.4.3
    irb.22             Up   S     4 2 DR,NotCap           1 0/0            10.17.8.3
    irb.23             Up   S     4 2 DR,NotCap           1 0/0            10.17.12.3
    irb.30             Up   S     4 2 DR,NotCap           1 0/0            10.17.64.3
    irb.31             Up   S     4 2 DR,NotCap           1 0/0            10.17.68.3
    irb.32             Up   S     4 2 DR,NotCap           1 0/0            10.17.72.3
    irb.33             Up   S     4 2 DR,NotCap           1 0/0            10.17.76.3
    irb.40             Up   S     4 2 DR,NotCap           1 0/0            10.17.128.3
    irb.41             Up   S     4 2 DR,NotCap           1 0/0            10.17.132.3
    irb.42             Up   S     4 2 DR,NotCap           1 0/0            10.17.136.3
    irb.43             Up   S     4 2 DR,NotCap           1 0/0            10.17.140.3
    irb.50             Up   S     4 2 DR,NotCap           1 0/0            10.18.0.3
    irb.51             Up   S     4 2 DR,NotCap           1 0/0            10.18.16.3
    irb.52             Up   S     4 2 DR,NotCap           1 0/0            10.18.32.3
    irb.53             Up   S     4 2 DR,NotCap           1 0/0            10.18.48.3
    irb.60             Up   S     4 2 DR,NotCap           1 0/0            10.32.0.3
    irb.61             Up   S     4 2 DR,NotCap           1 0/0            10.32.16.3
    irb.62             Up   S     4 2 DR,NotCap           1 0/0            10.32.32.3
    irb.63             Up   S     4 2 DR,NotCap           1 0/0            10.32.48.3
    irb.70             Up   S     4 2 DR,NotCap           1 0/0            10.33.0.3
    irb.71             Up   S     4 2 DR,NotCap           1 0/0            10.33.16.3
    irb.72             Up   S     4 2 DR,NotCap           1 0/0            10.33.32.3
    irb.73             Up   S     4 2 DR,NotCap           1 0/0            10.33.48.3
    irb.80             Up   S     4 2 DR,NotCap           1 0/0            10.34.0.3
    irb.81             Up   S     4 2 DR,NotCap           1 0/0            10.34.16.3
    irb.82             Up   S     4 2 DR,NotCap           1 0/0            10.34.32.3
    irb.83             Up   S     4 2 DR,NotCap           1 0/0            10.34.48.3
    irb.90             Up   S     4 2 DR,NotCap           1 0/0            10.35.0.3
    irb.91             Up   S     4 2 DR,NotCap           1 0/0            10.35.16.3
    irb.92             Up   S     4 2 DR,NotCap           1 0/0            10.35.32.3
    irb.93             Up   S     4 2 DR,NotCap           1 0/0            10.35.48.3
    lo0.0              Up   S     4 2 DR,NotCap           0 0/0            172.16.32.5
    pd-0/0/0.32769     Up   S     4 2   P2P,NotCap        0 0/0
    pe-1/0/0.32770     Up   S     4 2   P2P,NotCap        0 0/0
    xe-0/1/0.0         Up   S     4 2 NotDR,NotCap        1 0/0            172.16.32.14
    
    root@cs-core-sw01# run show pim join
     Instance: PIM.master Family: INET
    R = Rendezvous Point Tree, S = Sparse, W = Wildcard
    
    Group: 230.1.1.1
        Source: *
        RP: 172.16.32.5
        Flags: sparse,rptree,wildcard
        Upstream interface: Local
    
    Group: 230.1.1.1
        Source: 172.16.34.10
        Flags: sparse,spt
        Upstream interface: ae10.0
    
    Group: 230.1.1.2
        Source: *
        RP: 172.16.32.5
        Flags: sparse,rptree,wildcard
        Upstream interface: Local
    
    Group: 230.1.1.2
        Source: 172.16.34.10
        Flags: sparse,spt
        Upstream interface: ae10.0
    
    Group: 230.1.1.3
        Source: *
        RP: 172.16.32.5
        Flags: sparse,rptree,wildcard
        Upstream interface: Local
    
    Group: 230.1.1.3
        Source: 172.16.34.10
        Flags: sparse,spt
        Upstream interface: ae10.0
    
    Group: 230.1.1.4
        Source: *
        RP: 172.16.32.5
        Flags: sparse,rptree,wildcard
        Upstream interface: Local
    
    Group: 230.1.1.4
        Source: 172.16.34.10
        Flags: sparse,spt
        Upstream interface: ae10.0
    
    Group: 230.1.1.5
        Source: *
        RP: 172.16.32.5
        Flags: sparse,rptree,wildcard
        Upstream interface: Local
    
    Group: 230.1.1.5
        Source: 172.16.34.10
        Flags: sparse,spt
        Upstream interface: ae10.0
    
    Instance: PIM.master Family: INET6
    R = Rendezvous Point Tree, S = Sparse, W = Wildcard
    
  • Verify PIM rendezvous points on the core devices.
    root@cs-core-sw01# run show pim rps
    Instance: PIM.master
    
    address-family INET
    RP address      Type        Mode   Holdtime Timeout Groups Group prefixes
    172.16.32.5     bootstrap   sparse      150    None      5 224.0.0.0/4
    172.16.32.6     bootstrap   sparse      150      98      0 224.0.0.0/4
    172.16.32.5     static      sparse      150    None      5 224.0.0.0/4
    
    address-family INET6
    
  • Verify IGMP interfaces, IGMP groups, and IGMP snooping on the core devices.
    root@cs-core-sw01# run show igmp interface
    Interface: irb.52
        Querier: 10.18.32.2
        State:         Up Timeout:       4 Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: xe-0/1/0.0
        Querier: 172.16.32.13
        State:         Up Timeout:    None Version:  2 Groups:      5
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: irb.70
        Querier: 10.33.0.2
        State:         Up Timeout:       5 Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: irb.82
        Querier: 10.34.32.2
        State:         Up Timeout:       5 Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    Interface: irb.11
        Querier: 10.16.16.2
        State:         Up Timeout:       6 Version:  2 Groups:      0
        Immediate leave: Off
        Promiscuous mode: Off
        Passive: Off
    
    root@cs-core-sw01# run show igmp group
    Interface: ae0.0, Groups: 5
        Group: 224.0.0.2
            Source: 0.0.0.0
            Last reported by: 172.16.32.10
            Timeout:       7 Type: Dynamic
        Group: 224.0.0.5
            Source: 0.0.0.0
            Last reported by: 172.16.32.10
            Timeout:       6 Type: Dynamic
        Group: 224.0.0.6
            Source: 0.0.0.0
            Last reported by: 172.16.32.10
            Timeout:       7 Type: Dynamic
        Group: 224.0.0.13
            Source: 0.0.0.0
            Last reported by: 172.16.32.10
            Timeout:       6 Type: Dynamic
        Group: 224.0.0.22
            Source: 0.0.0.0
            Last reported by: 172.16.32.10
            Timeout:       5 Type: Dynamic
    Interface: irb.20, Groups: 5
        Group: 230.1.1.1
            Source: 0.0.0.0
            Last reported by: 10.17.0.51
            Timeout:       3 Type: Dynamic
        Group: 230.1.1.2
            Source: 0.0.0.0
            Last reported by: 10.17.0.52
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.3
            Source: 0.0.0.0
            Last reported by: 10.17.0.52
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.4
            Source: 0.0.0.0
            Last reported by: 10.17.0.51
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.5
            Source: 0.0.0.0
            Last reported by: 10.17.0.51
            Timeout:       7 Type: Dynamic
    Interface: irb.10, Groups: 5
        Group: 230.1.1.1
            Source: 0.0.0.0
            Last reported by: 10.16.0.53
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.2
            Source: 0.0.0.0
            Last reported by: 10.16.0.51
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.3
            Source: 0.0.0.0
            Last reported by: 10.16.0.53
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.4
            Source: 0.0.0.0
            Last reported by: 10.16.0.53
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.5
            Source: 0.0.0.0
            Last reported by: 10.16.0.51
            Timeout:       7 Type: Dynamic
    Interface: irb.60, Groups: 5
        Group: 230.1.1.1
            Source: 0.0.0.0
            Last reported by: 10.32.0.53
            Timeout:       6 Type: Dynamic
        Group: 230.1.1.2
            Source: 0.0.0.0
            Last reported by: 10.32.0.52
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.3
            Source: 0.0.0.0
            Last reported by: 10.32.0.57
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.4
            Source: 0.0.0.0
            Last reported by: 10.32.0.57
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.5
            Source: 0.0.0.0
            Last reported by: 10.32.0.56
            Timeout:       7 Type: Dynamic
    Interface: irb.50, Groups: 5
        Group: 230.1.1.1
            Source: 0.0.0.0
            Last reported by: 10.18.0.51
            Timeout:       6 Type: Dynamic
        Group: 230.1.1.2
            Source: 0.0.0.0
            Last reported by: 10.18.0.52
            Timeout:       5 Type: Dynamic
        Group: 230.1.1.3
            Source: 0.0.0.0
            Last reported by: 10.18.0.52
            Timeout:       5 Type: Dynamic
        Group: 230.1.1.4
            Source: 0.0.0.0
            Last reported by: 10.18.0.51
            Timeout:       6 Type: Dynamic
        Group: 230.1.1.5
            Source: 0.0.0.0
            Last reported by: 10.18.0.51
            Timeout:       5 Type: Dynamic
    Interface: xe-0/1/0.0, Groups: 5
        Group: 224.0.0.2
            Source: 0.0.0.0
            Last reported by: 172.16.32.14
            Timeout:       6 Type: Dynamic
        Group: 224.0.0.5
            Source: 0.0.0.0
            Last reported by: 172.16.32.14
            Timeout:       7 Type: Dynamic
        Group: 224.0.0.6
            Source: 0.0.0.0
            Last reported by: 172.16.32.14
            Timeout:       5 Type: Dynamic
        Group: 224.0.0.13
            Source: 0.0.0.0
            Last reported by: 172.16.32.14
            Timeout:       6 Type: Dynamic
        Group: 224.0.0.22
            Source: 0.0.0.0
            Last reported by: 172.16.32.14
            Timeout:       5 Type: Dynamic
    Interface: irb.30, Groups: 5
        Group: 230.1.1.1
            Source: 0.0.0.0
            Last reported by: 10.17.64.51
            Timeout:       4 Type: Dynamic
        Group: 230.1.1.2
            Source: 0.0.0.0
            Last reported by: 10.17.64.51
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.3
            Source: 0.0.0.0
            Last reported by: 10.17.64.51
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.4
            Source: 0.0.0.0
            Last reported by: 10.17.64.51
            Timeout:       7 Type: Dynamic
        Group: 230.1.1.5
            Source: 0.0.0.0
            Last reported by: 10.17.64.51
            Timeout:       7 Type: Dynamic
    Interface: ae10.0, Groups: 5
        Group: 224.0.0.2
            Source: 0.0.0.0
            Last reported by: 172.16.32.58
            Timeout:       5 Type: Dynamic
        Group: 224.0.0.5
            Source: 0.0.0.0
            Last reported by: 172.16.32.58
            Timeout:       5 Type: Dynamic
        Group: 224.0.0.6
            Source: 0.0.0.0
            Last reported by: 172.16.32.58
            Timeout:       6 Type: Dynamic
        Group: 224.0.0.13
            Source: 0.0.0.0
            Last reported by: 172.16.32.58
            Timeout:       6 Type: Dynamic
        Group: 224.0.0.22
            Source: 0.0.0.0
            Last reported by: 172.16.32.58
            Timeout:       6 Type: Dynamic
    Interface: local, Groups: 6
        Group: 224.0.0.2
            Source: 0.0.0.0
            Last reported by: Local
            Timeout:       0 Type: Dynamic
        Group: 224.0.0.5
            Source: 0.0.0.0
            Last reported by: Local
            Timeout:       0 Type: Dynamic
        Group: 224.0.0.6
            Source: 0.0.0.0
            Last reported by: Local
            Timeout:       0 Type: Dynamic
        Group: 224.0.0.13
            Source: 0.0.0.0
            Last reported by: Local
            Timeout:       0 Type: Dynamic
        Group: 224.0.0.18
            Source: 0.0.0.0
            Last reported by: Local
            Timeout:       0 Type: Dynamic
        Group: 224.0.0.22
            Source: 0.0.0.0
            Last reported by: Local
            Timeout:       0 Type: Dynamic
    
    root@cs-core-sw01# run show igmp snooping membership
    Instance: default-switch
    
    Vlan: eng1_data_wired
    
    Learning-Domain: default
    Interface: ae1.0, Groups: 5
        Group: 230.1.1.1
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.54
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.2
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.51
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.3
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.53
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.4
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.54
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.5
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.52
            Group timeout:     259 Type: Dynamic
    Interface: ae2.0, Groups: 0
    Interface: ae3.0, Groups: 5
        Group: 230.1.1.1
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.55
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.2
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.55
            Group timeout:     258 Type: Dynamic
        Group: 230.1.1.3
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.55
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.4
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.55
            Group timeout:     259 Type: Dynamic
        Group: 230.1.1.5
            Group mode: Exclude
            Source: 0.0.0.0
            Last reported by: 10.32.0.55
            Group timeout:     259 Type: Dynamic
    Interface: ae7.0, Groups: 0
    Interface: ae13.0, Groups: 0
    

Meaning

Confirm that multicast has been properly configured and is now enabled on all devices.

Related Documentation

Modified: 2016-11-08