Internetworks offers a comprehensive collection of articles and tutorials on computer networks, covering basic to advanced concepts such as data link layer, network layer, network security, and more. It’s a great starting point for beginners and a useful reference for advanced learners. A+ N+ CCNA CCNP CCIE
by Edgar C Francis
We have already learned what route reflector is and why we
use route reflector (RR), if you do not know then Click. In this section, we will see the configuration of two RR servers and will learn about deep RR
behavior.
A route reflector is a BGP router that is allowed to ignore
the IBGP loop avoidance rule, such as is allowed to advertise updates received
from an IBGP peer to another IBGP peer under specific conditions.
If a router receives
an IBGP route with the originate-id attribute set to its own router-ID, the
route is discarded.
If a route reflector (RR) receives a route with a
cluster-list attribute containing its cluster-ID, the route is discarded.
In our case we have two RR servers and it will establish a neighbor with other servers and clients.
Before we start BGP configuration check out some important of BGP CCIE exam topics.
Default route
we already discuss advertising the default route in IP ROUTING . in this section we see the configuration of the default route in EIGRP, RIP, and OSPF.
lets the configuration:-
Topology:
GOAL:
Configure the topology as per our diagram.
assign IP address as per the topology.
we have two methods of advertising default route
default-network ****
redistribution static
in this scenario we use redistribution method
configure static route on router 1 toward router
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up
Serial3/0 1.1.1.1 YES manual up up
Loopback0 11.0.0.1 YES manual up up
Loopback1 11.0.1.1 YES manual up up
Loopback2 11.0.2.1 YES manual up up
Loopback3 11.0.3.1 YES manual up up
Loopback4 11.0.4.1 YES manual up up
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 20.1.1.1 YES manual up up
Serial3/0 1.1.1.2 YES manual up up
Serial3/1 2.2.2.1 YES manual up up
Serial3/2 3.3.3.1 YES manual up up
R3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 30.1.1.1 YES manual up up
Serial3/1 2.2.2.2 YES manual up up
R4#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 40.1.1.1 YES manual up up
Serial3/2 3.3.3.2 YES manual up up
R1(config)#ip route 2.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 3.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 20.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 30.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 40.0.0.0 255.0.0.0 1.1.1.2
R2(config)#router eigrp 111
R2(config-router)#network 2.0.0.0
*Jan 18 14:26:59.043: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 2.2.2.2 (Serial3/1) is up: new adjacency
R2(config-router)#network 3.0.0.0
*Jan 18 14:27:03.347: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 3.3.3.2 (Serial3/2) is up: new adjacency
R2(config-router)#network 20.0.0.0
R2(config-router)#redistribute static
R2(config-router)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1
R3(config)#router eigrp 111
R3(config-router)#network 2.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#exit
*Jan 18 14:06:12.027: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 2.2.2.1 (Serial3/1) is up: new adjacency
R4(config)#router eigrp 111
R4(config-router)#network 3.0.0.0
R4(config-router)#network 40.0.0.0
*Jan 18 14:06:46.355: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 3.3.3.1 (Serial3/2) is up: new adjacency
R4#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 3.3.3.1 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/2681856] via 3.3.3.1, 00:01:47, Serial3/2
D 2.0.0.0/8 [90/2681856] via 3.3.3.1, 00:02:46, Serial3/2
D 20.0.0.0/8 [90/2172416] via 3.3.3.1, 00:02:42, Serial3/2
D 30.0.0.0/8 [90/2684416] via 3.3.3.1, 00:02:46, Serial3/2
R4#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/60/76 ms
R4#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/56/116 ms
R4#ping 11.0.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/64/76 ms
R4#ping 11.0.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/56/80 ms
R3#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 2.2.2.1 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/2681856] via 2.2.2.1, 00:02:47, Serial3/1
D 3.0.0.0/8 [90/2681856] via 2.2.2.1, 00:03:46, Serial3/1
D 20.0.0.0/8 [90/2172416] via 2.2.2.1, 00:03:42, Serial3/1
D 40.0.0.0/8 [90/2684416] via 2.2.2.1, 00:03:46, Serial3/1
R3#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/49/76 ms
R3#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/35/40 ms
R3#ping 11.0.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/45/60 ms
R3#ping 11.0.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/40/52 ms
R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 1.1.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 1.1.1.1
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.0.0/8 is directly connected, Serial3/0
L 1.1.1.2/32 is directly connected, Serial3/0
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.0.0.0/8 is directly connected, Serial3/1
L 2.2.2.1/32 is directly connected, Serial3/1
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 3.0.0.0/8 is directly connected, Serial3/2
L 3.3.3.1/32 is directly connected, Serial3/2
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.0.0.0/8 is directly connected, FastEthernet0/0
L 20.1.1.1/32 is directly connected, FastEthernet0/0
D 30.0.0.0/8 [90/2172416] via 2.2.2.2, 00:05:00, Serial3/1
D 40.0.0.0/8 [90/2172416] via 3.3.3.2, 00:04:56, Serial3/2
R2#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/43/72 ms
R2#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/52 ms
R2#ping 11.0.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/24/32 ms
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.0.0/8 is directly connected, Serial3/0
L 1.1.1.1/32 is directly connected, Serial3/0
S 2.0.0.0/8 [1/0] via 1.1.1.2
S 3.0.0.0/8 [1/0] via 1.1.1.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/8 is directly connected, FastEthernet0/0
L 10.1.1.1/32 is directly connected, FastEthernet0/0
11.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 11.0.0.0/24 is directly connected, Loopback0
L 11.0.0.1/32 is directly connected, Loopback0
C 11.0.1.0/24 is directly connected, Loopback1
L 11.0.1.1/32 is directly connected, Loopback1
C 11.0.2.0/24 is directly connected, Loopback2
L 11.0.2.1/32 is directly connected, Loopback2
C 11.0.3.0/24 is directly connected, Loopback3
L 11.0.3.1/32 is directly connected, Loopback3
C 11.0.4.0/24 is directly connected, Loopback4
L 11.0.4.1/32 is directly connected, Loopback4
S 20.0.0.0/8 [1/0] via 1.1.1.2
S 30.0.0.0/8 [1/0] via 1.1.1.2
S 40.0.0.0/8 [1/0] via 1.1.1.2
R1#ping 20.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/34/40 ms
R1#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/51/80 ms
R1#ping 40.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/63/76 ms
lets see the configuration of default route in RIPv2 but in this section we will see different method by using command.
Topology:
GOAL:
delete the previous topology by using no ip routing command.
advertise default route by using command not by redistribution just like previous scenario.
R1(config)#no ip routing
R1(config)#ip routing
R2(config)#no ip routing
R2(config)#ip routing
R3(config)#no ip routing
R3(config)#ip routing
R4(config)#no ip routing
R4(config)#ip routing
R1(config)#ip route 2.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 3.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 20.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 30.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 40.0.0.0 255.0.0.0 1.1.1.2
R2(config)#router rip
R2(config-router)#ver 2
R2(config-router)#network 2.0.0.0
R2(config-router)#network 3.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#exit
R3(config)#router rip
R3(config-router)#ver 2
R3(config-router)#network 2.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#exit
R4(config)#router rip
R4(config-router)#ver 2
R4(config-router)#network 3.0.0.0
R4(config-router)#network 40.0.0.0
R4(config-router)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#default-information originate
R2(config-router)#end
R4#sh ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 3.3.3.1 to network 0.0.0.0
R* 0.0.0.0/0 [120/1] via 3.3.3.1, 00:00:10, Serial3/2
R 2.0.0.0/8 [120/1] via 3.3.3.1, 00:00:10, Serial3/2
R 20.0.0.0/8 [120/1] via 3.3.3.1, 00:00:10, Serial3/2
R 30.0.0.0/8 [120/2] via 3.3.3.1, 00:00:10, Serial3/2
R4#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/66/96 ms
R4#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/45/52 ms
R4#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/68 ms
R3#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 2.2.2.1 to network 0.0.0.0
R* 0.0.0.0/0 [120/1] via 2.2.2.1, 00:00:17, Serial3/1
R 3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:17, Serial3/1
R 20.0.0.0/8 [120/1] via 2.2.2.1, 00:00:17, Serial3/1
R 40.0.0.0/8 [120/2] via 2.2.2.1, 00:00:17, Serial3/1
R3#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/50/80 ms
R3#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/68/76 ms
R3#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/43/60 ms
R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 1.1.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 1.1.1.1
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.0.0/8 is directly connected, Serial3/0
L 1.1.1.2/32 is directly connected, Serial3/0
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.0.0.0/8 is directly connected, Serial3/1
L 2.2.2.1/32 is directly connected, Serial3/1
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 3.0.0.0/8 is directly connected, Serial3/2
L 3.3.3.1/32 is directly connected, Serial3/2
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.0.0.0/8 is directly connected, FastEthernet0/0
L 20.1.1.1/32 is directly connected, FastEthernet0/0
R 30.0.0.0/8 [120/1] via 2.2.2.2, 00:00:22, Serial3/1
R 40.0.0.0/8 [120/1] via 3.3.3.2, 00:00:14, Serial3/2
R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 1.1.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 1.1.1.1
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.0.0/8 is directly connected, Serial3/0
L 1.1.1.2/32 is directly connected, Serial3/0
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.0.0.0/8 is directly connected, Serial3/1
L 2.2.2.1/32 is directly connected, Serial3/1
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 3.0.0.0/8 is directly connected, Serial3/2
L 3.3.3.1/32 is directly connected, Serial3/2
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.0.0.0/8 is directly connected, FastEthernet0/0
L 20.1.1.1/32 is directly connected, FastEthernet0/0
R 30.0.0.0/8 [120/1] via 2.2.2.2, 00:00:22, Serial3/1
R 40.0.0.0/8 [120/1] via 3.3.3.2, 00:00:14, Serial3/2
R2#
R2#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/40 ms
R2#ping 40.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/36 ms
R2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/56 ms
R2#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/22/44 ms
R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.0.0/8 is directly connected, Serial3/0
L 1.1.1.1/32 is directly connected, Serial3/0
S 2.0.0.0/8 [1/0] via 1.1.1.2
S 3.0.0.0/8 [1/0] via 1.1.1.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/8 is directly connected, FastEthernet0/0
L 10.1.1.1/32 is directly connected, FastEthernet0/0
11.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 11.0.0.0/24 is directly connected, Loopback0
L 11.0.0.1/32 is directly connected, Loopback0
C 11.0.1.0/24 is directly connected, Loopback1
L 11.0.1.1/32 is directly connected, Loopback1
C 11.0.2.0/24 is directly connected, Loopback2
L 11.0.2.1/32 is directly connected, Loopback2
C 11.0.3.0/24 is directly connected, Loopback3
L 11.0.3.1/32 is directly connected, Loopback3
C 11.0.4.0/24 is directly connected, Loopback4
L 11.0.4.1/32 is directly connected, Loopback4
S 20.0.0.0/8 [1/0] via 1.1.1.2
S 30.0.0.0/8 [1/0] via 1.1.1.2
S 40.0.0.0/8 [1/0] via 1.1.1.2
R1#ping 20.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/52 ms
R1#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/88/136 ms
R1#ping 40.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/72 ms
The root guard prevents the wrong switch from becoming the
spanning tree root. If a root guard port receives a superior BPDU that might
cause it to become a root port, the port is put into a “root-inconsistent” state
and does not pass traffic through it. If the port stops receiving these BPDUs,
it automatically re-enables itself.
In short- Root Guard is similar to the BPDU Guard. The root guard feature prevents a designating port from becoming a root port.
let's see the configuration: -
Topology:
Goal:
configure the topology as per the diagram.
assign the IP addresses to their respective ports
configure trunking between switches
configure switch-4 root bridge for VLAN 1
configure KALI machine to act as a switch and become the ROOT bridge for VLAN 1
make sure the attacker will not become a ROOT bridge
to prevent this attack configure Root Guard
we want to switch 4 to not accept superior BPDU\ and make it root-inconsistent to that port.
Spanning-tree BPDU Guard is one of the features that help
you protect your spanning-tree topology.
BPDU Guard prevents loops if another switch is attached to a
Portfast port. When BPDU Guard is enabled on an interface, it is put into an
error-disable state basically shut down, if a BPDU is received on the interface.
It can be enabled at either global configuration mode or at interface mode.
If any BDU is received on a port where BPDU Guard is enabled,
that port immediately is put into the err-disable state and it must be either
manually reenable or automatically recover through the error disable timeout
function.
By default, BPDU Guard is disabled on all switch ports. You must
use BPDU Guard on all switch ports where spanning-tree Portfast is enabled.
in this section, we are going to check BPDU Guard in two different way
let's see the configuration:-
configure the topology as per the diagram
configure portfast default
configure BPDU Guard
make sure switch 3 gig 1/0/3 does not become root in our network.
Switch#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0003.E47B.8B03
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0003.E47B.8B03
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec