Saturday 24 November 2018

What is Policy Based Routing (PBR)? How to configure PBR routing?


Policy based routing is use to path manipulation. It is used for implementing policy that causes the packet to take a different direction. Policy based routing allows source based routing. Routing table is destination base.





In short: PBR is a technique used to make routing decisions based on policies implemented by the network administrator.

Here’s the list of some Advantages of policy based routing:-
  • Different users can reach the destination from different direction
  • Load sharing
  • PBR will be implemented on the incoming direction of the source in interface
  • If the packet is match in the route map and it is permit it will be send according to the policy
  • If the packet is match in the route map and route map deny packet will be forwarded according to normal routing table



Lets configure policy based routing.

Topology:-

Goal:-


  • configure the topology as per our diagram
  • configure EIGRP 100 all the routers, advertise all the interfaces as per the topology make sure the rechibility between all the routers.
  • configure the bandwidth on serial 3/3 to 1000kbps and serial 3/0 remain the default bandwidth 1544 kbps.
  • configure Policy Based Routing  on router 2 according to our given conditions 
  1. traffic sourced from 13.0.0.0/24, 13.0.1.0/24  should be forwarded on serial 3/0 interface
  2. traffic sourced from 13.0.2.0/24, 13.0.3.0/24 should be forwarded on serial 3/3 interface
  3. all the remaining traffic should use the default routing path 

Friday 23 November 2018

What is Distribution-List ? How to configure?


Distribution lists

A distribution-list is used to control routing update either coming to your router or leaving from the router. Distribution-lists work on a variety of different IOS routing protocols like EIGRP, RIP, and OSPF. Distribution-list is one of the easiest ways to control routing updates, you can permit or deny routes using access-list or prefix-list or route map. Distribution-list can be applied to transmitted, received, or redistribute routing updates.

Each interface and routing process, Cisco IOS permits the following:

  • One incoming global distribute list
  • One outgoing global distribute list
  • One incoming interface distribute list
  • One outgoing interface distribute list
  • One outgoing redistribution distribute list


configuration:



Topology 




Goal:


  • configure topology as per our diagram and configure EIGRP 100
  • advertise all the interfaces in EIGRP 
  • configure router 3 deny 13.0.0.0/24 and 13.0.1.0/24 networks from being advertised to router 2 using distribution lists.



R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.1         YES manual up                    up
Loopback0              11.0.0.1        YES manual up                    up
Loopback1              11.0.1.1        YES manual up                    up
Loopback2              11.0.2.1        YES manual up                    up
Loopback3              11.0.3.1        YES manual up                    up


R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/0                     1.1.1.2         YES manual up                    up
Serial3/1                      2.2.2.1         YES manual up                    up
Loopback0              12.0.0.1        YES manual up                    up
Loopback1              12.0.1.1        YES manual up                    up
Loopback2              12.0.2.1        YES manual up                    up
Loopback3              12.0.3.1        YES manual up                    up

R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/1                    2.2.2.2         YES manual up                    up
Loopback0              13.0.0.1        YES manual up                    up
Loopback1              13.0.1.1        YES manual up                    up
Loopback2              13.0.2.1        YES manual up                    up
Loopback3              13.0.3.1        YES manual up                    up

R1(config)#router eigrp 100
R1(config-router)#network 1.0.0.0
R1(config-router)#network 10.0.0.0
R1(config-router)#network 11.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#end

R2(config)#router eigrp 100
R2(config-router)#network 1.0.0.0
R2(config-router)#network 2.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#network 12.0.0.0
R2(config-router)#no auto-summary

 R3(config)#router eigrp 100
R3(config-router)#network 2.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#network 13.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#end

R1#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     2.0.0.0/8 [90/2681856] via 1.1.1.2, 00:35:31, Serial3/0
      12.0.0.0/24 is subnetted, 4 subnets
D        12.0.0.0 [90/2297856] via 1.1.1.2, 00:49:36, Serial3/0
D        12.0.1.0 [90/2297856] via 1.1.1.2, 00:49:36, Serial3/0
D        12.0.2.0 [90/2297856] via 1.1.1.2, 00:49:36, Serial3/0
D        12.0.3.0 [90/2297856] via 1.1.1.2, 00:49:36, Serial3/0
      13.0.0.0/24 is subnetted, 4 subnets
D        13.0.0.0 [90/2809856] via 1.1.1.2, 00:35:31, Serial3/0
D        13.0.1.0 [90/2809856] via 1.1.1.2, 00:35:31, Serial3/0
D        13.0.2.0 [90/2809856] via 1.1.1.2, 00:35:31, Serial3/0
D        13.0.3.0 [90/2809856] via 1.1.1.2, 00:35:31, Serial3/0
D     20.0.0.0/8 [90/2172416] via 1.1.1.2, 00:49:42, Serial3/0
D     30.0.0.0/8 [90/2684416] via 1.1.1.2, 00:35:31, Serial3/0

R2#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 1.1.1.1, 00:39:25, Serial3/0
      11.0.0.0/24 is subnetted, 4 subnets
D        11.0.0.0 [90/2297856] via 1.1.1.1, 00:39:25, Serial3/0
D        11.0.1.0 [90/2297856] via 1.1.1.1, 00:39:25, Serial3/0
D        11.0.2.0 [90/2297856] via 1.1.1.1, 00:39:25, Serial3/0
D        11.0.3.0 [90/2297856] via 1.1.1.1, 00:39:25, Serial3/0
      13.0.0.0/24 is subnetted, 4 subnets
D        13.0.0.0 [90/2297856] via 2.2.2.2, 00:36:01, Serial3/1
D        13.0.1.0 [90/2297856] via 2.2.2.2, 00:36:01, Serial3/1
D        13.0.2.0 [90/2297856] via 2.2.2.2, 00:36:01, Serial3/1
D        13.0.3.0 [90/2297856] via 2.2.2.2, 00:36:01, Serial3/1
D     30.0.0.0/8 [90/2172416] via 2.2.2.2, 00:36:01, Serial3/1

R3#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     1.0.0.0/8 [90/2681856] via 2.2.2.1, 00:36:22, Serial3/1
D     10.0.0.0/8 [90/2684416] via 2.2.2.1, 00:36:22, Serial3/1
      11.0.0.0/24 is subnetted, 4 subnets
D        11.0.0.0 [90/2809856] via 2.2.2.1, 00:36:22, Serial3/1
D        11.0.1.0 [90/2809856] via 2.2.2.1, 00:36:22, Serial3/1
D        11.0.2.0 [90/2809856] via 2.2.2.1, 00:36:22, Serial3/1
D        11.0.3.0 [90/2809856] via 2.2.2.1, 00:36:22, Serial3/1
      12.0.0.0/24 is subnetted, 4 subnets
D        12.0.0.0 [90/2297856] via 2.2.2.1, 00:36:22, Serial3/1
D        12.0.1.0 [90/2297856] via 2.2.2.1, 00:36:22, Serial3/1
D        12.0.2.0 [90/2297856] via 2.2.2.1, 00:36:22, Serial3/1
D        12.0.3.0 [90/2297856] via 2.2.2.1, 00:36:22, Serial3/1
D     20.0.0.0/8 [90/2172416] via 2.2.2.1, 00:36:22, Serial3/1


R3(config)#access-list 10 deny 13.0.0.0 0.0.0.255
R3(config)#access-list 10 deny 13.0.1.0 0.0.0.255
R3(config)#access-list 10 permit any

R3(config)#router eigrp 100
R3(config-router)#distribute-list 10 out serial 3/1

R2#sh ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 1.1.1.1, 00:00:12, Serial3/0
      11.0.0.0/24 is subnetted, 4 subnets
D        11.0.0.0 [90/2297856] via 1.1.1.1, 00:00:12, Serial3/0
D        11.0.1.0 [90/2297856] via 1.1.1.1, 00:00:12, Serial3/0
D        11.0.2.0 [90/2297856] via 1.1.1.1, 00:00:12, Serial3/0
D        11.0.3.0 [90/2297856] via 1.1.1.1, 00:00:12, Serial3/0
      13.0.0.0/24 is subnetted, 2 subnets
D        13.0.2.0 [90/2297856] via 2.2.2.2, 00:00:12, Serial3/1
D        13.0.3.0 [90/2297856] via 2.2.2.2, 00:00:12, Serial3/1
D     30.0.0.0/8 [90/2172416] via 2.2.2.2, 00:00:12, Serial3/1
from the above output you can see there is no 13.0.0.1 and 13.0.1.1 route coming from router 3.

R3#show ip protocols
*** IP Routing is NSF aware ***

Routing Protocol is "eigrp 100"
  Outgoing update filter list for all interfaces is not set
    Serial3/1 filtered by 10 (per-user), default is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP-IPv4 Protocol for AS(100)
    Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
    NSF-aware route hold timer is 240
    Router-ID: 30.1.1.1
    Topology : 0 (base)
      Active Timer: 3 min
      Distance: internal 90 external 170
      Maximum path: 4
      Maximum hop count 100
      Maximum metric variance 1

  Automatic Summarization: disabled
  Maximum path: 4
  Routing for Networks:
    2.0.0.0
    13.0.0.0
    30.0.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    2.2.2.1               90      00:07:04
  Distance: internal 90 external 170



                                                                                                                                                                  

 


 


Instagram

Facebook


Twitter



LINKEDIN








Tuesday 13 November 2018

Route filtering passive interface RIPv2


Route filtering passive interface

Cisco IOS provides several ways to control updates traffic. Passive interface, distribute list, prefix list route maps. In this section we take look at passive interface in RIPv2, EIGRP, and OSPF.
Passive interface command is used in al routing protocol to disable sending updates out from a specific interface. However the command behavior varies from one protocol to another.

Passive interface in RIPv2

In RIP passive interface command disable sending multicast updates via a specific interface. Allow listening to incoming updates from other RIPv2 speaking routers.

lets see the configure:

Topology:






Goal:
configure the topology as per the diagram
configure RIPv2 and advertise interfaces as per our topology
configure router 3 interface serial 3/1 as passive interface


R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                     1.1.1.1         YES manual up                    up


R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/0                     1.1.1.2         YES manual up                    up
Serial3/1                     2.1.1.1         YES manual up                    up


R3#   show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/1                    2.1.1.2         YES manual up                    up
Loopback0              13.0.0.1        YES manual up                    up
Loopback1              13.0.1.1        YES manual up                    up
Loopback2              13.0.2.1        YES manual up                    up
Loopback3              13.0.3.1        YES manual up                    up

R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 1.0.0.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#end

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 20.0.0.0
R2(config-router)#network 1.0.0.0
R2(config-router)#network 2.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#end

R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 13.0.0.0
R3(config-router)#network 2.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#end

R1#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

R     2.0.0.0/8 [120/1] via 1.1.1.2, 00:00:02, Serial3/0
          13.0.0.0/24 is subnetted, 4 subnets
R        13.0.0.0 [120/2] via 1.1.1.2, 00:00:02, Serial3/0
R        13.0.1.0 [120/2] via 1.1.1.2, 00:00:02, Serial3/0
R        13.0.2.0 [120/2] via 1.1.1.2, 00:00:02, Serial3/0
R        13.0.3.0 [120/2] via 1.1.1.2, 00:00:02, Serial3/0
R     20.0.0.0/8 [120/1] via 1.1.1.2, 00:00:02, Serial3/0
R     30.0.0.0/8 [120/2] via 1.1.1.2, 00:00:02, Serial3/0

R2#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

R     10.0.0.0/8 [120/1] via 1.1.1.1, 00:00:25, Serial3/0
      13.0.0.0/24 is subnetted, 4 subnets
R        13.0.0.0 [120/1] via 2.1.1.2, 00:00:17, Serial3/1
R        13.0.1.0 [120/1] via 2.1.1.2, 00:00:17, Serial3/1
R        13.0.2.0 [120/1] via 2.1.1.2, 00:00:17, Serial3/1
R        13.0.3.0 [120/1] via 2.1.1.2, 00:00:17, Serial3/1
R     30.0.0.0/8 [120/1] via 2.1.1.2, 00:00:17, Serial3/1

R3#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

R     1.0.0.0/8 [120/1] via 2.1.1.1, 00:00:25, Serial3/1
R     10.0.0.0/8 [120/2] via 2.1.1.1, 00:00:25, Serial3/1
R     20.0.0.0/8 [120/1] via 2.1.1.1, 00:00:25, Serial3/1

R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#passive-interface serial 3/1
R3#clear ip route *

R3#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

R     1.0.0.0/8 [120/1] via 2.1.1.1, 00:00:23, Serial3/1
R     10.0.0.0/8 [120/2] via 2.1.1.1, 00:00:23, Serial3/1
R     20.0.0.0/8 [120/1] via 2.1.1.1, 00:00:23, Serial3/1

R2#clear ip route *

R2#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set


R     10.0.0.0/8 [120/1] via 1.1.1.1, 00:00:07, Serial3/0

(from the above output we can see aìfter configuring serial 3/1 as passive interface  router 3 stops sending RIP updates on router 2. but router 3 still getting update from router 2). 

Sunday 11 November 2018

Routing Protocol Authentication (RIP, and OSPF)




Routing Protocol Authentication (OSPF, and RIPv2)

A router authenticates the source of each routing update packet that it receives. Many routings' protocols support authentication like OSPF, EIGRP, ISIS, BGP, and RIPv2.

Cisco routers support different approaches to authentication route advertisements received from a neighboring router:

Plain text authentication

Hashing authentication (using MD5)


Simple password authentication:

The router sends packets and keys (if a routing protocol doesn’t support multiple keys, the key number associated with a routing update is 0). The neighboring router checks whether the key matches its key. The outing update is rejected if the keys do not match. The only routing protocols that plan text authentication are RIPv2, OSPF, and ISIS.

MD5 authentication

Configure a key (password) and key ID, router generates a message digest or hash of the key, key ID, and message. The message digest is sent with the packet key is not sent. The neighboring router receives the update and runs a hashing algorithm on the routing update with the local key, the results in a hash digest. If the hash digit matches, the router accepts the packet, if it does not the update is rejected. This process is more secure than plain text authentication. IS-IS, OSPF, RIPv2 and EIGRP use MD5.

Let’s see the configuration:


Topology:



Goal:

  • configure the topology and interface as per the diagram
  • configure RIPv2 on both the routers and advertise the interface as per the topology
  • make sure both the routers exchange the routes only after successful authentication.



R1#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        10.1.1.1        YES manual up                    up

Serial3/0                    1.1.1.1         YES manual up                    up


R2#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        20.1.1.1        YES manual up                    up

Serial3/0                    1.1.1.2         YES manual up                    up





 R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 1.0.0.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#end

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 1.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#end




 R1#show ip route rip

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set


R     20.0.0.0/8 [120/1] via 1.1.1.2, 00:00:07, Serial3/0

R2#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

R     10.0.0.0/8 [120/1] via 1.1.1.1, 00:00:21, Serial3/0



  
configuring authentication:

R1(config)#key chain anyname1

R1(config)#key chain anyname1
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string internetworks
R1(config)#interface serial 3/0
R1(config-if)#ip rip authentication md
R1(config-if)#ip rip authentication key-chain anyname1

R2(config)#key chain anyname2
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string internetworks
R2(config-keychain-key)#end
R2(config)#interface serial 3/0
R2(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip authentication key-chain anyname2



R1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.1/32 is directly connected, Serial3/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.1.1.1/32 is directly connected, FastEthernet0/0
R     20.0.0.0/8 [120/1] via 1.1.1.2, 00:00:26, Serial3/0



R2#clear ip route *

R2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.2/32 is directly connected, Serial3/0
R     10.0.0.0/8 [120/1] via 1.1.1.1, 00:00:09, Serial3/0
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.0.0.0/8 is directly connected, FastEthernet0/0
L        20.1.1.1/32 is directly connected, FastEthernet0/0



R1#show key chain

Key-chain anyname1:
    key 1 -- text "internetworks"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

R2#show key chain
Key-chain anyname2:
    key 1 -- text "internetworks"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

OSPF Authentication

there are two types of  authentication in OSPf

1.Simple
2.Cryptographic (MD5/ SHA)



All OSPF packet will be authenticated when you enable any formation of authentication in OSPF.

Before we start  BGP configuration check out some important  of BGP CCIE exam topics.


Here are the lists of all OSPF labs and theories CCNA to CCIE.









let see the configuration:-


Topology:-


GOAL:

  • Configure the topology as per our diagram
  • configure OSPF in area 0 and advertise all the interfaces
  • configure router 1 and router 2 to exchange routes after establishing successful authentication by using clear text  



R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                   1.1.1.1         YES manual up                    down
Loopback0              11.0.0.1        YES manual up                    up
Loopback1              11.0.1.1        YES manual up                    up
Loopback2              11.0.2.1        YES manual up                    up
Loopback3              11.0.3.1        YES manual up                    up

R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/0                   1.1.1.2         YES manual up                    up
Loopback0              12.0.0.1        YES manual up                    up
Loopback1              12.0.1.1        YES manual up                    up
Loopback2              12.0.2.1        YES manual up                    up
Loopback3              12.0.3.1        YES manual up                    up


R1(config)#router ospf 10
R1(config-router)#router-id 11.11.11.11
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 11.0.0.0 0.0.0.255 area 0

R2(config)#router ospf 10
R2(config-router)#router-id 12.12.12.12
R2(config-router)#network 12.0.0.0 0.0.0.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config-router)#network 1.0.0.0 0.255.255.255 area 0


R1(config)#interface serial 3/0
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key internet


*Dec  5 12:09:31.047: %OSPF-5-ADJCHG: Process 10, Nbr 12.12.12.12 on Serial3/0 from FULL to DOWN, Neighbor Down: Dead timer expired

R2(config)#interface serial 3/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key internet

(ip ospf authentication command you can enable plaintext authentication on the
interface level.)


*Dec  5 12:16:37.095: %OSPF-5-ADJCHG: Process 10, Nbr 11.11.11.11 on Serial3/0 from LOADING to FULL, Loading Done

R1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

12.12.12.12       0   FULL/  -        00:00:39    1.1.1.2         Serial3/0

R2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
11.11.11.11       0   FULL/  -        00:00:39    1.1.1.1         Serial3/0

(When we have lots of interfaces do not want to enable OSPF authentication for
each and every interface. we can also enable area-wide authentication by using the area
authentication command). 


let's see: -

R1(config)#router ospf 10
R1(config-router)#area 0 authentication
R1(config-router)#end

*Dec  5 12:27:32.931: OSPF-10 EVENT: Area config: 'area 0 authentication '

R2(config)#router ospf 10
R2(config-router)#area 0 authentication

R1#show ip ospf interface serial 3/0
Serial3/0 is up, line protocol is up
  Internet Address 1.1.1.1/8, Area 0, Attached via Network Statement
  Process ID 10, Router ID 11.11.11.11, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 12.12.12.12
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled



R2#show ip ospf interface serial 3/0
Serial3/0 is up, line protocol is up
  Internet Address 1.1.1.2/8, Area 0, Attached via Network Statement
  Process ID 10, Router ID 12.12.12.12, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 11.11.11.11
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

Saturday 10 November 2018

What is OSPF STUB, totally stubby, NSSA, Totally NSSA and (configuration)?




OSPF STUBS

OSPF stubs allow the OSPF routers in an area to use default routes for forwarding packets to Area Border Routers (ABRs), rather than more specific routes. OSPF stubs reduce memory consumption and CPU processing time on the routers inside the area because the routers in that area can have fewer LSAs in their LSDBs.

If you configure a stub area it will block all type 5 external LSAs (E1 and E2 routes).  All the prefixes you redistributed into OSPF from another routing protocol are not welcome in the stub area. Default routes are advertised into stub areas by the ABR. All OSPF routers in the stub area must be configured as stubs.

In short: the OSPF stub allows the routers in an area to use the default route for forwarding packets to ABR rather than more specific routes.

OSPF has special area types called stub areas:

  • Stub
  • Totally Stubby
  • Not-So-Stubby Area (NSSA)
  • Totally Not So Stubby Area (Totally NSSA)


Stub Area Rules:
  1. In the OSPF Stub area, there should not be an ASBR.
  2. The OSPF Stub area should not be Area 0.
  3. No virtual link must be passing through that area.
  4. All routers in that area must be configured as stub routers.

A stub area is an isolated area that does not receive External LSA. Routers in Stub areas do not receive type 4 and type 5 LSAs it is replaced by a default route to an external autonomous system advertised by the area border router (ABR) Stub areas can have type 1, 2, and 3 OSPF LSAs.
  
 Totally stubby area External LSAs are stopped (E1 and E2) and summary LSAs are stopped (OIA routes). Replaced by a default route to other areas advertised by the ABR. Totally stubs is reducing the routing table to a minimum. This is a Cisco proprietary feature.


NSSA breaks stub area rules. NSSA area creates a special type of link-state advertisement (LSA) known as type 7, type 7 LSAs is only exist in the NSSA area. An NSSA autonomous system boundary router (ASBR) generates this LSA and an NSSA area border router (ABR) translates it into a type 5 LSA, ABR sends default routes into NSSA instead of external routes from other ASBR.

Totally NSSAs are similar to totally stubby areas, with the exception that the routers that are internal to the totally NSSAs need to have no knowledge of subnets outside of the area (with the exception of the routes injected by the NSSA ASBR)
Stub configuration:


Topology:


GOAL:
  • configure the topology and advertise the interfaces as per diagram.
  • configure ospf as per the diagram and redistribute RIP routes in to OSPF on R4.
  • configure area 10 to stop LSA 5 and LSA 4.
  • make sure that the area 10 routers still able to reach the external routes.


R1#show ip interface brief

Interface              IP-Address      OK? Method Status              Protocol
FastEthernet0/0      10.1.1.1        YES manual up                     up
Serial3/0                   1.1.1.1         YES manual up                    up
Loopback0              11.0.0.1        YES manual up                    up
Loopback1              11.0.1.1        YES manual up                    up
Loopback2              11.0.2.1        YES manual up                    up
Loopback3              11.0.3.1        YES manual up                    up




R2#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0     20.1.1.1        YES manual up                    up
Serial3/0                  1.1.1.2         YES manual up                    up
Serial3/1                  2.1.1.1         YES manual up                    up
Loopback0             12.0.0.1        YES manual up                    up
Loopback1             12.0.1.1        YES manual up                    up
Loopback2             12.0.2.1        YES manual up                    up
Loopback3             12.0.3.1        YES manual up                    up




R3#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0       30.1.1.1        YES manual up                    up
Serial3/1                   2.1.1.2         YES manual up                    up
Serial3/2                   3.1.1.1         YES manual up                    up
Loopback0              13.0.0.1        YES manual up                    up
Loopback1              13.0.1.1        YES manual up                    up
Loopback2              13.0.2.1        YES manual up                    up
Loopback3              13.0.3.1        YES manual up                    up




R4#show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/2                    3.1.1.2         YES manual up                    up
Loopback0              14.0.0.1        YES manual up                    up
Loopback1              14.0.1.1        YES manual up                    up
Loopback2              14.0.2.1        YES manual up                    up
Loopback3              14.0.3.1        YES manual up                    up


R1(config)#router ospf 1
R1(config-router)# network 11.0.0.0 0.255.255.255 area 10
R1(config-router)#network 1.0.0.0 0.255.255.255 area 10
R1(config-router)#network 10.0.0.0 0.255.255.255 area 10


R2(config)#router ospf 1
R2(config-router)#network 1.0.0.0 0.255.255.255 area 10
R2(config-router)#network 2.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#network 12.0.0.0 0.255.255.255 area 0
R2(config-router)#end


R3(config)#router ospf 1
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#network 13.0.0.0 0.255.255.255 area 0
R3(config-router)#network 2.0.0.0 0.255.255.255 area 0
R3(config-router)#network 3.0.0.0 0.255.255.255 area 20

R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#network 14.0.0.0
R4(config-router)#no auto-summary
R4(config-router)#end

R4(config)#router ospf 1
R4(config-router)#network 3.0.0.0 0.255.255.255 area 20
R4(config-router)#network 40.0.0.0 0.255.255.255 area 20
R4(config-router)#redistribute rip subnets
R4(config-router)#end

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O IA  2.0.0.0/8 [110/128] via 1.1.1.2, 00:06:24, Serial3/0
O IA  3.0.0.0/8 [110/192] via 1.1.1.2, 00:06:24, Serial3/0
      12.0.0.0/32 is subnetted, 4 subnets
O IA     12.0.0.1 [110/65] via 1.1.1.2, 00:02:08, Serial3/0
O IA     12.0.1.1 [110/65] via 1.1.1.2, 00:02:08, Serial3/0
O IA     12.0.2.1 [110/65] via 1.1.1.2, 00:02:08, Serial3/0
O IA     12.0.3.1 [110/65] via 1.1.1.2, 00:02:08, Serial3/0
      13.0.0.0/32 is subnetted, 4 subnets
O IA     13.0.0.1 [110/129] via 1.1.1.2, 00:00:28, Serial3/0
O IA     13.0.1.1 [110/129] via 1.1.1.2, 00:00:28, Serial3/0
O IA     13.0.2.1 [110/129] via 1.1.1.2, 00:00:28, Serial3/0
O IA     13.0.3.1 [110/129] via 1.1.1.2, 00:00:28, Serial3/0
      14.0.0.0/24 is subnetted, 4 subnets
O E2     14.0.0.0 [110/20] via 1.1.1.2, 00:04:59, Serial3/0
O E2     14.0.1.0 [110/20] via 1.1.1.2, 00:04:59, Serial3/0
O E2     14.0.2.0 [110/20] via 1.1.1.2, 00:04:59, Serial3/0
O E2     14.0.3.0 [110/20] via 1.1.1.2, 00:04:59, Serial3/0
O IA  20.0.0.0/8 [110/65] via 1.1.1.2, 00:06:24, Serial3/0
O IA  30.0.0.0/8 [110/129] via 1.1.1.2, 00:06:24, Serial3/0

R2#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O IA  3.0.0.0/8 [110/128] via 2.1.1.2, 00:07:04, Serial3/1
O     10.0.0.0/8 [110/65] via 1.1.1.1, 00:06:54, Serial3/0
      11.0.0.0/32 is subnetted, 4 subnets
O        11.0.0.1 [110/65] via 1.1.1.1, 00:03:54, Serial3/0
O        11.0.1.1 [110/65] via 1.1.1.1, 00:03:54, Serial3/0
O        11.0.2.1 [110/65] via 1.1.1.1, 00:03:54, Serial3/0
O        11.0.3.1 [110/65] via 1.1.1.1, 00:03:54, Serial3/0
      13.0.0.0/32 is subnetted, 4 subnets
O        13.0.0.1 [110/65] via 2.1.1.2, 00:01:04, Serial3/1
O        13.0.1.1 [110/65] via 2.1.1.2, 00:01:04, Serial3/1
O        13.0.2.1 [110/65] via 2.1.1.2, 00:01:04, Serial3/1
O        13.0.3.1 [110/65] via 2.1.1.2, 00:01:04, Serial3/1
      14.0.0.0/24 is subnetted, 4 subnets
O E2     14.0.0.0 [110/20] via 2.1.1.2, 00:05:34, Serial3/1
O E2     14.0.1.0 [110/20] via 2.1.1.2, 00:05:34, Serial3/1
O E2     14.0.2.0 [110/20] via 2.1.1.2, 00:05:34, Serial3/1
O E2     14.0.3.0 [110/20] via 2.1.1.2, 00:05:34, Serial3/1
O     30.0.0.0/8 [110/65] via 2.1.1.2, 00:07:04, Serial3/1

R2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
13.0.3.1          0   FULL/  -        00:00:39    2.1.1.2         Serial3/1
11.0.3.1          0   FULL/  -        00:00:37    1.1.1.1         Serial3/0

R1#traceroute 14.0.0.1
Type escape sequence to abort.
Tracing the route to 14.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 1.1.1.2 36 msec 36 msec 32 msec
  2 2.1.1.2 124 msec 128 msec 144 msec
  3 3.1.1.2 132 msec 92 msec 108 msec

we configure area 10 as stub, ensure that no external routes enter in to area 10.


R1(config)#router ospf 1

R1(config-router)#area 10 stub


R2(config)#router ospf 1

R2(config-router)#area 10 stub

R2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
13.0.3.1          0   FULL/  -        00:00:31    2.1.1.2         Serial3/1
11.0.3.1          0   FULL/  -        00:00:34    1.1.1.1         Serial3/0

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 1.1.1.2 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/65] via 1.1.1.2, 00:02:22, Serial3/0
O IA  2.0.0.0/8 [110/128] via 1.1.1.2, 00:02:22, Serial3/0
O IA  3.0.0.0/8 [110/192] via 1.1.1.2, 00:02:22, Serial3/0
      12.0.0.0/32 is subnetted, 4 subnets
O IA     12.0.0.1 [110/65] via 1.1.1.2, 00:02:22, Serial3/0
O IA     12.0.1.1 [110/65] via 1.1.1.2, 00:02:22, Serial3/0
O IA     12.0.2.1 [110/65] via 1.1.1.2, 00:02:22, Serial3/0
O IA     12.0.3.1 [110/65] via 1.1.1.2, 00:02:22, Serial3/0
      13.0.0.0/32 is subnetted, 4 subnets
O IA     13.0.0.1 [110/129] via 1.1.1.2, 00:02:22, Serial3/0
O IA     13.0.1.1 [110/129] via 1.1.1.2, 00:02:22, Serial3/0
O IA     13.0.2.1 [110/129] via 1.1.1.2, 00:02:22, Serial3/0
O IA     13.0.3.1 [110/129] via 1.1.1.2, 00:02:22, Serial3/0
O IA  20.0.0.0/8 [110/65] via 1.1.1.2, 00:02:22, Serial3/0
O IA  30.0.0.0/8 [110/129] via 1.1.1.2, 00:02:22, Serial3/0

R1#ping 14.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 14.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/90/100 ms


(comment me if you want the configuration of nssa, totally nssa. free of cost)
CLICK HERE TO GET NSSA and TOTALLY NSSA














 


 


Instagram

Facebook


Twitter



LINKEDIN








What is Virtual Router Redundancy Protocol (VRRP)? How to configure Virtual Router Redundancy Protocol (VRRP)?

 Virtual Router Redundancy Protocol (VRRP) is a gateway redundancy networking protocol used to create a virtual gateway similar to HSRP . VR...