Thursday 6 June 2019

Network Address Translation (NAT)


Network address translation

NAT is the method of translation of private IP address into public IP address. In order to communicate with internet we must have registered public IP address.


Address translation was originally developed to solve two problems:
  1. To handle a shortage of IPv4 addresses
  2.  Hide network addressing schemes.

Private address range

There are certain addresses in each class of IP address that are reserved for private networks. These addresses are called private addresses.

Class A    10.0.0.0             TO 10.255.255.255
Class B    172.16.0.0         TO 172.31.255.255
Class C    192.168.0.0       TO 192.168.255.255


Types of NAT :-

Static NAT
Dynamic NAT
Port address Translation (PAT)


Static NAT- one to one mapping done manually for every private IP need on registered IP address (one to one)

Dynamic NAT- one to one mapping done automatically For every private IP needs one registered IP address (one to one)

Port address translation ( Dynamic NAT Overload )- Allows thousands of users connect to the internet using only one real global IP address. Maps many to one by suing different ports. PAT is the real reasons we are haven’t run out of valid IP address on the internet.

 


 


Instagram

Facebook


Twitter



LINKEDIN








Thursday 4 April 2019

Route filtering passive interface OSPF

Passive interface


Cisco IOS provides several ways to control updates traffic. Passive interface, distribute list, prefix list route maps. In this section we take look at passive interface in RIPv2, EIGRP, and OSPF.

Passive interface command is used in all routing protocol to disable sending updates out from a specific interface. However the command behavior varies from one protocol to another.

Passive interface in OSPF

In OSPF passive-interface, work just like it does with EIGRP. OSPF do not send any hello messages on passive interface its means no neighborship but still advertises about the connected subnet if matched with an OSPF network command.

lets see the configure:


Topology:


Goal:



  • configure the topology as per the diagram 
  • configure ospf and advertise the network
  • configure interface serial 4/1 passive interface 



R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial4/0                    1.1.1.1         YES manual up                    up

R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial4/0                    1.1.1.2         YES manual up                    up
Serial4/1                    2.1.1.1         YES manual up                    up


R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial4/1                    2.1.1.2         YES manual up                    up
Loopback0              13.0.0.1        YES manual up                    up
Loopback1              13.0.1.1        YES manual up                    up
Loopback2              13.0.2.1        YES manual up                    up
Loopback3              13.0.3.1        YES manual up                    up
Loopback4              13.0.4.1        YES manual up                    up


R1(config)#router ospf 1
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#exit

*Apr  4 14:25:00.243: %OSPF-5-ADJCHG: Process 1, Nbr 20.1.1.1 on Serial4/0 from LOADING to FULL, Loading Done

R2(config)#router ospf 1
R2(config-router)#network 1.0.0.0 0.255.255.255 area 0

*Apr  4 14:25:00.403: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial4/0 from LOADING to FULL, Loading Done

R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#network 2.0.0.0 0.255.255.255 area 0
R2(config-router)#exit

*Apr  4 14:27:09.607: %OSPF-5-ADJCHG: Process 1, Nbr 13.0.4.1 on Serial4/1 from LOADING to FULL, Loading Done


R3(config)#router ospf 1
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#network 13.0.0.0 255.0.0.0 area 0
R3(config-router)#network 2.0.0.0 0.255.255.255 area 0
R3(config-router)#exit

*Apr  4 14:27:09.567: %OSPF-5-ADJCHG: Process 1, Nbr 20.1.1.1 on Serial4/1 from LOADING to FULL, Loading Done

router 2 facing router 1 established connection  

router 2 facing router 3 established connection


  
lets see the routing table

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     2.0.0.0/8 [110/128] via 1.1.1.2, 00:07:57, Serial4/0
      13.0.0.0/32 is subnetted, 5 subnets
O        13.0.0.1 [110/129] via 1.1.1.2, 00:07:57, Serial4/0
O        13.0.1.1 [110/129] via 1.1.1.2, 00:07:57, Serial4/0
O        13.0.2.1 [110/129] via 1.1.1.2, 00:07:57, Serial4/0
O        13.0.3.1 [110/129] via 1.1.1.2, 00:07:57, Serial4/0
O        13.0.4.1 [110/129] via 1.1.1.2, 00:07:57, Serial4/0
O     20.0.0.0/8 [110/65] via 1.1.1.2, 00:07:57, Serial4/0
O     30.0.0.0/8 [110/129] via 1.1.1.2, 00:07:57, Serial4/0



R2#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     10.0.0.0/8 [110/65] via 1.1.1.1, 00:11:44, Serial4/0
      13.0.0.0/32 is subnetted, 5 subnets
O        13.0.0.1 [110/65] via 2.1.1.2, 00:19:36, Serial4/1
O        13.0.1.1 [110/65] via 2.1.1.2, 00:19:36, Serial4/1
O        13.0.2.1 [110/65] via 2.1.1.2, 00:19:36, Serial4/1
O        13.0.3.1 [110/65] via 2.1.1.2, 00:19:36, Serial4/1
O        13.0.4.1 [110/65] via 2.1.1.2, 00:19:36, Serial4/1
O     30.0.0.0/8 [110/65] via 2.1.1.2, 00:19:36, Serial4/1


(configure passive interface serial 4/1 on router 2 facing router 3)

R2(config)#router ospf 1
R2(config-router)#passive-interface serial 4/1

*Apr  4 14:48:54.387: %OSPF-5-ADJCHG: Process 1, Nbr 13.0.4.1 on Serial4/1 from FULL to DOWN, Neighbor Down: Interface down or detached

R2(config-router)#end


R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     2.0.0.0/8 [110/128] via 1.1.1.2, 00:13:49, Serial4/0
O     20.0.0.0/8 [110/65] via 1.1.1.2, 00:13:49, Serial4/0

R2#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

O     10.0.0.0/8 [110/65] via 1.1.1.1, 00:17:28, Serial4/0

router 3 2.1.1.2 is sending hello messages but router 2 2.1.1.1 is not responding 



 


 


Instagram

Facebook


Twitter



LINKEDIN








Friday 22 March 2019

BGP Authentication


A router authenticates the source of each routing update packet that it receives. Many routing protocols support authentication like OSPF, EIGRP, ISIS, BGP, and RIPv2.



Border gateway protocol (BGP) support authentication mechanism using message digest 5 (MD5) algorithms. When authentication I enabled, any TCP segment belonging to BGP exchange between the peers is verified and accepted only if authentication is successful. If the authentication fails, the BGP neighbor relationship goes down (not be established).








lets see the configuration:-

Topology :

Goal:
  • configure the topology as per the diagram 
  • configure basic iBGP 
  • configure MD5 authentication use password internetworks


R1#show ip interface brief
Interface                   IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
FastEthernet1/0        unassigned      YES unset  administratively down down
GigabitEthernet2/0  unassigned      YES unset  administratively down down
Serial3/0                     1.1.1.1         YES manual up                    up


R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                         up
FastEthernet1/0        unassigned      YES unset  administratively down down
GigabitEthernet2/0    unassigned      YES unset  administratively down down
Serial3/0                      1.1.1.2         YES manual up                      up



R1(config)#router bgp 65011
R1(config-router)#neighbor 1.1.1.2 remote-as 65011
R1(config-router)#network 10.0.0.0
R1(config-router)#network 1.0.0.0
R1(config-router)#no synchronization
R1(config-router)#exit



R2(config)#router  bgp 65011
R2(config-router)#neighbor 1.1.1.1 remote-as 65011

*Mar 22 13:44:19.255: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up


R2(config-router)#network 1.0.0.0
R2(config-router)#network 10.0.0.0
R2(config-router)#no synchronization
R2(config-router)#exit


R1# show ip bgp
BGP table version is 3, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 * i 1.0.0.0          1.1.1.2                  0    100      0 i
 *>                   0.0.0.0                  0         32768 i
 *>  10.0.0.0         0.0.0.0                  0         32768 i

R1#show ip bgp summary
BGP router identifier 10.1.1.1, local AS number 65011
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/1 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.2         4        65011      10      10        3    0    0 00:04:49        1



R2#show ip bgp
BGP table version is 4, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found


     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.0.0.0          0.0.0.0                  0         32768 i
 * i                  1.1.1.1                  0    100      0 i
 *>i 10.0.0.0         1.1.1.1                  0    100      0 i

R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 4, main routing table version 4
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        65011      11      10        4    0    0 00:05:18        2






R1(config)#router bgp 65011
R1(config-router)#neighbor 1.1.1.2 password internetworks
R1(config-router)#neighbor 1.1.1.2 version 4
R1(config-router)#end

R1#

*Mar 22 13:54:42.691: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(179) to 1.1.1.1(47927) tableid - 0

*Mar 22 13:54:42.695: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(179) to 1.1.1.1(47927) tableid - 0

*Mar 22 13:54:43.351: %TCP-6-BADAUTH: No MD5 digest from 1.1.1.2(32235) to 1.1.1.1(179) tableid - 0


R2#show ip bgp
BGP table version is 2, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.0.0.0          0.0.0.0                  0         32768 i

R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 2, main routing table version 2
1 network entries using 144 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 360 total bytes of memory
BGP activity 3/2 prefixes, 4/3 paths, scan interval 60 secs


Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1           4              65011       0       0        1    0    0 00:02:46                       Active



R2(config)#router bgp 65011
R2(config-router)#neighbor 1.1.1.1 password internetworks
R2(config-router)#neighbor 1.1.1.1 version 4

*Mar 22 13:57:36.931: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

R2(config-router)#end


R2#show ip bgp
BGP table version is 3, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found


     Network          Next Hop            Metric LocPrf Weight Path
 * i 1.0.0.0          1.1.1.1                  0    100      0 i
 *>                   0.0.0.0                  0         32768 i
 *>i 10.0.0.0         1.1.1.1                  0    100      0 i

R2#show ip bgp summary
BGP router identifier 20.1.1.1, local AS number 65011
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 800 total bytes of memory
BGP activity 4/2 prefixes, 6/3 paths, scan interval 60 secs


Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        65011       5       5        3    0    0 00:00:44        2



 


 


Instagram

Facebook


Twitter



LINKEDIN








Routing Protocol Authentication (OSPF)



 Routing Protocol Authentication (OSPF)


A router authenticates the source of each routing update packet that it receives. Many routing protocols support authentication like OSPF, EIGRP, ISIS, BGP, and RIPv2.

Cisco routers support of different approaches to authentication route advertisements received from a neighboring router:

  •  Simple text authentication
  • Hashing authentication (using MD5)



 Simple password authentication:

Router sends packets and key (if a routing protocol doesn’t support multiple keys, the key number associated with a routing update is 0). Neighboring router check whether key matches its key. The outing update is rejected if the keys do not match. The only routing protocols the plan text authentication are RIPv2, OSPF, and ISIS.

MD5 authentication


Configure a key (password) and key ID, router generate a message digest or hash of the key, key ID and message. Message digest is send with packet key is not sent. The neighboring router receives the update and run a hashing algorithm on the routing update with local key, the results in a hash digest. If hash digit matches, the router accept the packet, if it not the update is rejected. This process is more secure than a plain text authentication. IS-IS, OSPF, RIPv2 and EIGRP use MD5.


OSPF Authentication


Types of authentication in OSPF

Type 0 – NULL
Type 1- simple password authentication
Type 2 – cryptographic (SHA/MD5) authentication
OSPF Authentication can be enabled  on OSPF process level (area) or Link level.


All OSPF packet will be authenticated when you enable any formation of authentication in OSPF.

Before we start  BGP configuration check out some important  of BGP CCIE exam topics.


Here are the lists of all OSPF labs and theories CCNA to CCIE.












Let’s see the configuration:



Topology:-



GOAL:
  • Configure the topology as per our diagram
  • configure OSPF in area 0 and advertise all the interfaces
  • configure router 1 and router 2 to exchange routes after establishing successful authentication by using clear text  




R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                   1.1.1.1         YES manual up                    down
Loopback0              11.0.0.1        YES manual up                    up
Loopback1              11.0.1.1        YES manual up                    up
Loopback2              11.0.2.1        YES manual up                    up
Loopback3              11.0.3.1        YES manual up                    up


R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/0                   1.1.1.2         YES manual up                    up
Loopback0              12.0.0.1        YES manual up                    up
Loopback1              12.0.1.1        YES manual up                    up
Loopback2              12.0.2.1        YES manual up                    up
Loopback3              12.0.3.1        YES manual up                    up



R1(config)#router ospf 10
R1(config-router)#router-id 11.11.11.11
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 11.0.0.0 0.0.0.255 area 0

R2(config)#router ospf 10
R2(config-router)#router-id 12.12.12.12
R2(config-router)#network 12.0.0.0 0.0.0.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config-router)#network 1.0.0.0 0.255.255.255 area 0


R1(config)#interface serial 3/0
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key internet


*Dec  5 12:09:31.047: %OSPF-5-ADJCHG: Process 10, Nbr 12.12.12.12 on Serial3/0 from FULL to DOWN, Neighbor Down: Dead timer expired

R2(config)#interface serial 3/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key internet


(ip ospf authentication command you can enable plaintext authentication on the
interface level.)



*Dec  5 12:16:37.095: %OSPF-5-ADJCHG: Process 10, Nbr 11.11.11.11 on Serial3/0 from LOADING to FULL, Loading Done

R1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

12.12.12.12       0   FULL/  -        00:00:39    1.1.1.2         Serial3/0

R2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
11.11.11.11       0   FULL/  -        00:00:39    1.1.1.1         Serial3/0



(when we have  lots of interfaces do not want to enable OSPF authentication for
each  and every interfaces. we can also enable area-wide authentication by using  area
authentication command). 



lets see:-

R1(config)#router ospf 10
R1(config-router)#area 0 authentication
R1(config-router)#end


*Dec  5 12:27:32.931: OSPF-10 EVENT: Area config: 'area 0 authentication '

R2(config)#router ospf 10
R2(config-router)#area 0 authentication

R1#show ip ospf interface serial 3/0
Serial3/0 is up, line protocol is up
  Internet Address 1.1.1.1/8, Area 0, Attached via Network Statement
  Process ID 10, Router ID 11.11.11.11, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 12.12.12.12
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled





R2#show ip ospf interface serial 3/0
Serial3/0 is up, line protocol is up
  Internet Address 1.1.1.2/8, Area 0, Attached via Network Statement
  Process ID 10, Router ID 12.12.12.12, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 11.11.11.11
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled



MD5 in OSPF:-




MD5 authentication we need different commands. First of all we use ip ospf message-digest key
name md5 to specify the key num and the password. name and key number is not matter we can choose whatever name but it must be the same on both sites. To enable OSPF authentication we need
to type  ip ospf authentication message-digest.

 Topology:

 



GOAL:
  • we are continuing our previous topology
  • erase the simple authentication configuration
  • and configure MD5 





R1(config)#router ospf 11
R1(config-router)#router-id 11.11.11.11
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#network 11.0.0.0 0.0.0.255 area 0

R2(config)#router ospf 12
R2(config-router)#router-id 12.12.12.12
R2(config-router)#network 1.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config-router)#network 12.0.0.0 0.0.0.255 area 0




R1(config)# router ospf 11
R1(config-router)#  area 0 authentication message-digest
R1(config-router)#  exit


R1(config)#  interface serial 3/0
R1(config-if)#  ip ospf message-digest-key 1 md5 internet


R2(config)# router ospf 11
R2(config-router)#  area 0 authentication message-digest
R2(config-router)#  exit

R2(config)#  interface serial 3/0
R2(config-if)#  ip ospf message-digest-key 1 md5 internet



R1#show ip ospf interface serial 3/0
Serial3/0 is up, line protocol is up
  Internet Address 1.1.1.1/8, Area 0, Attached via Network Statement
  Process ID 11, Router ID 11.11.11.11, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:01
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 12.12.12.12
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1




R2#show ip ospf interface serial 3/0
Serial3/0 is up, line protocol is up
  Internet Address 1.1.1.2/8, Area 0, Attached via Network Statement
  Process ID 11, Router ID 12.12.12.12, Network Type POINT_TO_POINT, Cost: 64
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           64        no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 2/2, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 11.11.11.11
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1





 


 


Instagram

Facebook


Twitter



LINKEDIN








What is Virtual Router Redundancy Protocol (VRRP)? How to configure Virtual Router Redundancy Protocol (VRRP)?

 Virtual Router Redundancy Protocol (VRRP) is a gateway redundancy networking protocol used to create a virtual gateway similar to HSRP . VR...