Wednesday, 23 January 2019

BGP route reflector (RR) configuration of two RR servers?


We have already learned what route reflector is and why we use route reflector (RR), if you do not know then Click. In this section, we will see the configuration of two RR servers and will learn about deep RR behavior.











A route reflector is a BGP router that is allowed to ignore the IBGP loop avoidance rule, such as is allowed to advertise updates received from an IBGP peer to another IBGP peer under specific conditions. 
  • If a router receives an IBGP route with the originate-id attribute set to its own router-ID, the route is discarded.
  • If a route reflector (RR) receives a route with a cluster-list attribute containing its cluster-ID, the route is discarded.

In our case we have two RR servers and it will establish a neighbor with other servers and clients.
Let see the configuration:-


Topology:

CCIE

GOAL:
  • Configure the topology as er the diagram and assign the IP address.
  • Configure EIGRP to provide the reachability between BGP speakers (peer)
  • configure router 2 - 4 RR server and router 1 - 3 client.  


R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/0                     1.1.1.1         YES manual up                    up
Serial3/3                     4.1.1.2         YES manual up                    up
Loopback0               11.0.0.1        YES manual up                    up


R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.2         YES manual up                    up
Serial3/1                    2.1.1.1         YES manual up                    up
Loopback0              12.0.0.1        YES manual up                    up


R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/1                    2.1.1.2         YES manual up                    up
Serial3/2                   3.1.1.1         YES manual up                    up
Loopback0              13.0.0.1        YES manual up                    up



R4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/2                    3.1.1.2         YES manual up                    up
Serial3/3                   4.1.1.1         YES manual up                    up
Loopback0              14.0.0.1        YES manual up                    up


R1(config)#router eigrp 10
R1(config-router)#network 1.0.0.0
R1(config-router)#network 10.0.0.0
R1(config-router)#network 4.0.0.0
R1(config-router)#network 11.0.0.0
R1(config-router)#auto-summary
R1(config-router)#exit

R2(config)#router eigrp 10
R2(config-router)#network 1.0.0.0
R2(config-router)#network 2.0.0.0
R2(config-router)#network 12.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#auto-summary
R2(config-router)#exit


R3(config)#router eigrp 10
R3(config-router)#network 2.0.0.0
R3(config-router)#network 3.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#network 13.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#exit

R4(config)#router eigrp 10
R4(config-router)#network 3.0.0.0
R4(config-router)#network 4.0.0.0
R4(config-router)#network 40.0.0.0
R4(config-router)#network 14.0.0.0
R4(config-router)#no auto-summary
R4(config-router)#exit

R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   4.1.1.1                 Se3/3                    14 00:27:43   54   324  0  12
0   1.1.1.2                 Se3/0                    14 00:30:36   48   288  0  24

R2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   2.1.1.2                 Se3/1                    14 00:29:24   60   360  0  18
0   1.1.1.1                 Se3/0                    12 00:31:07   56   336  0  19



R3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   3.1.1.2                 Se3/2                    13 00:28:44   64   384  0  11
0   2.1.1.1                 Se3/1                    10 00:29:46   58   348  0  25
R3#

R4#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
1   4.1.1.2                 Se3/3                    11 00:28:53   53   318  0  20
0   3.1.1.1                 Se3/2                    10 00:29:01   45   270  0  19

R1(config)#router  bgp 100
R1(config-router)#neighbor 12.0.0.1 remote-as 100
R1(config-router)#neighbor 12.0.0.1 update-source loopback 0

R1(config-router)# neighbor 14.0.0.1 remote-as 100
R1(config-router)# neighbor 14.0.0.1 update-source loopback 0

R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#no synchronization
R1(config-router)#exit

R2(config)#router bgp 100

R2(config-router)#neighbor 11.0.0.1 remote-as 100
R2(config-router)#neighbor 11.0.0.1 update-source loopback 0
R2(config-router)#neighbor 11.0.0.1 route-reflector-client

*Jan 23 13:47:51.839: %BGP-5-ADJCHANGE: neighbor 11.0.0.1 Down RR client config change
*Jan 23 13:47:51.843: %BGP_SESSION-5-ADJCHANGE: neighbor 11.0.0.1 IPv4 Unicast topology base removed from session  RR client config change

*Jan 23 13:47:52.999: %BGP-5-ADJCHANGE: neighbor 11.0.0.1 Up

R2(config-router)#neighbor 13.0.0.1 remote-as 100
R2(config-router)#neighbor 13.0.0.1 update-source loopback 0
R2(config-router)#neighbor 11.0.0.1 route-reflector-client

R2(config-router)#neighbor 14.0.0.1 remote-as 100
R2(config-router)#neighbor 14.0.0.1 update-source loopback 0
R2(config-router)#neighbor 14.0.0.1 route-reflector-client

R2(config-router)#network 20.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#no synchronization
R2(config-router)#end


R3(config)#router bgp 100
R3(config-router)#neighbor 12.0.0.1 remote-as 100
R3(config-router)#neighbor 12.0.0.1 update-source loopback 0

*Jan 23 13:50:42.831: %BGP-5-ADJCHANGE: neighbor 12.0.0.1 Up

R3(config-router)#neighbor 14.0.0.1 remote-as 100
R3(config-router)#neighbor 14.0.0.1 update-source loopback 0

R3(config-router)#network 30.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#no synchronization
R3(config-router)#end


R4(config)#router bgp 100

R4(config-router)#neighbor 11.0.0.1 remote-as 100
R4(config-router)#neighbor 11.0.0.1 update-source loopback 0
R4(config-router)#neighbor 11.0.0.1 route-reflector-client

R4(config-router)#neighbor 12.0.0.1 remote-as 100
R4(config-router)#neighbor 12.0.0.1 update-source loopback 0
R4(config-router)#neighbor 12.0.0.1 route-reflector-client

R4(config-router)#neighbor 13.0.0.1 remote-as 100
R4(config-router)#neighbor 13.0.0.1 update-source loopback 0
R4(config-router)#neighbor 13.0.0.1 route-reflector-client

R4(config-router)#network 40.0.0.0
R4(config-router)#no synchronization
R4(config-router)#no auto-summary
R4(config-router)#end


R2#show ip bgp summary | begin net
3 network entries using 432 bytes of memory
4 path entries using 320 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP rrinfo entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1048 total bytes of memory
BGP activity 3/0 prefixes, 5/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
11.0.0.1        4          100      25      26        4    0    0 00:19:31        0
13.0.0.1        4          100      22      23        4    0    0 00:16:41        1
14.0.0.1        4          100      15      12        4    0    0 00:04:00        2


R4#show ip bgp summary | begin network
3 network entries using 432 bytes of memory
4 path entries using 320 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP rrinfo entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1048 total bytes of memory
BGP activity 3/0 prefixes, 7/3 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
11.0.0.1        4          100      13      19       11    0    0 00:07:48        0
12.0.0.1        4          100      15      18       11    0    0 00:06:46        2
13.0.0.1        4          100      13      16       11    0    0 00:06:16        1

R2#show ip bgp 30.1.1.1
BGP routing table entry for 30.0.0.0/8, version 3
Paths: (2 available, best #2, table default, RIB-failure(17))
  Advertised to update-groups:
     2
  Refresh Epoch 2
  Local, (Received from a RR-client)
    13.0.0.1 (metric 2297856) from 14.0.0.1 (14.0.0.1)
      Origin IGP, metric 0, localpref 100, valid, internal
      Originator: 13.0.0.1, Cluster list: 14.0.0.1
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 1
  Local
    13.0.0.1 (metric 2297856) from 13.0.0.1 (13.0.0.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      rx pathid: 0, tx pathid: 0x0


R4#show ip bgp 20.1.1.1
BGP routing table entry for 20.0.0.0/8, version 7
Paths: (1 available, best #1, table default, RIB-failure(17))
  Advertised to update-groups:
     2
  Refresh Epoch 2
  Local, (Received from a RR-client)
    12.0.0.1 (metric 2809856) from 12.0.0.1 (12.0.0.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      rx pathid: 0, tx pathid: 0x0

(from the above output reveal the fact that prefixe 20.1.1.1/8 were recieved from a route reflector client)

R1#show ip bgp 30.1.1.1
BGP routing table entry for 30.0.0.0/8, version 3
Paths: (2 available, best #2, table default, RIB-failure(17))
  Not advertised to any peer
  Refresh Epoch 1
  Local
    13.0.0.1 (metric 2809856) from 14.0.0.1 (14.0.0.1)
      Origin IGP, metric 0, localpref 100, valid, internal
      Originator: 13.0.0.1, Cluster list: 14.0.0.1
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 1
  Local
    13.0.0.1 (metric 2809856) from 12.0.0.1 (12.0.0.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Originator: 13.0.0.1, Cluster list: 12.0.0.1
      rx pathid: 0, tx pathid: 0x0

(from the above output reveals the originator-ID  and the cluster- list  of prefix 30.1.1.1/8 )

 


 


Instagram

Facebook


Twitter



LINKEDIN








Friday, 18 January 2019

How to configure Default route EIGRP, RIP, and OSPF?

Default route
we already discuss advertising the default route in IP ROUTING . in this section we see the configuration of the default route in EIGRP, RIP, and OSPF.




lets the configuration:-

Topology:

GOAL:


  • Configure the topology as per our diagram. 
  • assign IP address as per the topology.
  • we have two methods of advertising default route 
  1. default-network ****
  2. redistribution static
  • in this scenario we use redistribution method 
  • configure static route on router 1 toward router 



R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial3/0                   1.1.1.1         YES manual up                    up
Loopback0              11.0.0.1        YES manual up                    up
Loopback1              11.0.1.1        YES manual up                    up
Loopback2              11.0.2.1        YES manual up                    up
Loopback3              11.0.3.1        YES manual up                    up
Loopback4              11.0.4.1        YES manual up                    up

R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial3/0                    1.1.1.2         YES manual up                    up
Serial3/1                    2.2.2.1         YES manual up                    up
Serial3/2                    3.3.3.1         YES manual up                    up



R3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        30.1.1.1        YES manual up                    up
Serial3/1                    2.2.2.2         YES manual up                    up


R4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        40.1.1.1        YES manual up                    up
Serial3/2                     3.3.3.2         YES manual up                    up


R1(config)#ip route 2.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 3.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 20.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 30.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 40.0.0.0 255.0.0.0 1.1.1.2

R2(config)#router eigrp 111
R2(config-router)#network 2.0.0.0

*Jan 18 14:26:59.043: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 2.2.2.2 (Serial3/1) is up: new adjacency
R2(config-router)#network 3.0.0.0

*Jan 18 14:27:03.347: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 3.3.3.2 (Serial3/2) is up: new adjacency

R2(config-router)#network 20.0.0.0
R2(config-router)#redistribute static
R2(config-router)#exit

R2(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1


R3(config)#router eigrp 111
R3(config-router)#network 2.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#exit

*Jan 18 14:06:12.027: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 2.2.2.1 (Serial3/1) is up: new adjacency

R4(config)#router eigrp 111
R4(config-router)#network 3.0.0.0
R4(config-router)#network 40.0.0.0

*Jan 18 14:06:46.355: %DUAL-5-NBRCHANGE: EIGRP-IPv4 111: Neighbor 3.3.3.1 (Serial3/2) is up: new adjacency

R4#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 3.3.3.1 to network 0.0.0.0

D*EX  0.0.0.0/0 [170/2681856] via 3.3.3.1, 00:01:47, Serial3/2
D     2.0.0.0/8 [90/2681856] via 3.3.3.1, 00:02:46, Serial3/2
D     20.0.0.0/8 [90/2172416] via 3.3.3.1, 00:02:42, Serial3/2
D     30.0.0.0/8 [90/2684416] via 3.3.3.1, 00:02:46, Serial3/2

R4#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/60/76 ms
R4#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/56/116 ms
R4#ping 11.0.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/64/76 ms
R4#ping 11.0.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/56/80 ms

R3#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 2.2.2.1 to network 0.0.0.0

D*EX  0.0.0.0/0 [170/2681856] via 2.2.2.1, 00:02:47, Serial3/1
D     3.0.0.0/8 [90/2681856] via 2.2.2.1, 00:03:46, Serial3/1
D     20.0.0.0/8 [90/2172416] via 2.2.2.1, 00:03:42, Serial3/1
D     40.0.0.0/8 [90/2684416] via 2.2.2.1, 00:03:46, Serial3/1

R3#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/49/76 ms
R3#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/35/40 ms
R3#ping 11.0.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/45/60 ms
R3#ping 11.0.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/40/52 ms

R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 1.1.1.1
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.2/32 is directly connected, Serial3/0
      2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        2.0.0.0/8 is directly connected, Serial3/1
L        2.2.2.1/32 is directly connected, Serial3/1
      3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        3.0.0.0/8 is directly connected, Serial3/2
L        3.3.3.1/32 is directly connected, Serial3/2
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.0.0.0/8 is directly connected, FastEthernet0/0
L        20.1.1.1/32 is directly connected, FastEthernet0/0
D     30.0.0.0/8 [90/2172416] via 2.2.2.2, 00:05:00, Serial3/1
D     40.0.0.0/8 [90/2172416] via 3.3.3.2, 00:04:56, Serial3/2

R2#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/43/72 ms
R2#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/52 ms
R2#ping 11.0.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/24/32 ms

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.1/32 is directly connected, Serial3/0
S     2.0.0.0/8 [1/0] via 1.1.1.2
S     3.0.0.0/8 [1/0] via 1.1.1.2
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.1.1.1/32 is directly connected, FastEthernet0/0
      11.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C        11.0.0.0/24 is directly connected, Loopback0
L        11.0.0.1/32 is directly connected, Loopback0
C        11.0.1.0/24 is directly connected, Loopback1
L        11.0.1.1/32 is directly connected, Loopback1
C        11.0.2.0/24 is directly connected, Loopback2
L        11.0.2.1/32 is directly connected, Loopback2
C        11.0.3.0/24 is directly connected, Loopback3
L        11.0.3.1/32 is directly connected, Loopback3
C        11.0.4.0/24 is directly connected, Loopback4
L        11.0.4.1/32 is directly connected, Loopback4
S     20.0.0.0/8 [1/0] via 1.1.1.2
S     30.0.0.0/8 [1/0] via 1.1.1.2
S     40.0.0.0/8 [1/0] via 1.1.1.2

R1#ping 20.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/34/40 ms
R1#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/51/80 ms
R1#ping 40.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/63/76 ms

lets see the configuration of  default route in RIPv2 but in this section we will see different method by using command.





Topology:





























GOAL:
  • delete the previous topology by using no ip routing command.
  • advertise default route by using command not by redistribution just like previous scenario.
R1(config)#no ip routing
R1(config)#ip routing

R2(config)#no ip routing
R2(config)#ip routing

R3(config)#no ip routing
R3(config)#ip routing

R4(config)#no ip routing
R4(config)#ip routing



R1(config)#ip route 2.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 3.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 20.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 30.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 40.0.0.0 255.0.0.0 1.1.1.2

R2(config)#router rip
R2(config-router)#ver 2
R2(config-router)#network 2.0.0.0
R2(config-router)#network 3.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#exit

R3(config)#router rip
R3(config-router)#ver 2
R3(config-router)#network 2.0.0.0
R3(config-router)#network 30.0.0.0
R3(config-router)#exit

R4(config)#router rip
R4(config-router)#ver 2
R4(config-router)#network 3.0.0.0
R4(config-router)#network 40.0.0.0
R4(config-router)#exit

R2(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#default-information originate
R2(config-router)#end

R4#sh ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 3.3.3.1 to network 0.0.0.0

R*    0.0.0.0/0 [120/1] via 3.3.3.1, 00:00:10, Serial3/2
R     2.0.0.0/8 [120/1] via 3.3.3.1, 00:00:10, Serial3/2
R     20.0.0.0/8 [120/1] via 3.3.3.1, 00:00:10, Serial3/2
R     30.0.0.0/8 [120/2] via 3.3.3.1, 00:00:10, Serial3/2
R4#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/66/96 ms
R4#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/45/52 ms
R4#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/68 ms

R3#show ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 2.2.2.1 to network 0.0.0.0

R*    0.0.0.0/0 [120/1] via 2.2.2.1, 00:00:17, Serial3/1
R     3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:17, Serial3/1
R     20.0.0.0/8 [120/1] via 2.2.2.1, 00:00:17, Serial3/1
R     40.0.0.0/8 [120/2] via 2.2.2.1, 00:00:17, Serial3/1
R3#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/50/80 ms
R3#ping 11.0.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/68/76 ms
R3#ping 11.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/43/60 ms

R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 1.1.1.1
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.2/32 is directly connected, Serial3/0
      2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        2.0.0.0/8 is directly connected, Serial3/1
L        2.2.2.1/32 is directly connected, Serial3/1
      3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        3.0.0.0/8 is directly connected, Serial3/2
L        3.3.3.1/32 is directly connected, Serial3/2
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.0.0.0/8 is directly connected, FastEthernet0/0
L        20.1.1.1/32 is directly connected, FastEthernet0/0
R     30.0.0.0/8 [120/1] via 2.2.2.2, 00:00:22, Serial3/1
R     40.0.0.0/8 [120/1] via 3.3.3.2, 00:00:14, Serial3/2

R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 1.1.1.1
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.2/32 is directly connected, Serial3/0
      2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        2.0.0.0/8 is directly connected, Serial3/1
L        2.2.2.1/32 is directly connected, Serial3/1
      3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        3.0.0.0/8 is directly connected, Serial3/2
L        3.3.3.1/32 is directly connected, Serial3/2
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.0.0.0/8 is directly connected, FastEthernet0/0
L        20.1.1.1/32 is directly connected, FastEthernet0/0
R     30.0.0.0/8 [120/1] via 2.2.2.2, 00:00:22, Serial3/1
R     40.0.0.0/8 [120/1] via 3.3.3.2, 00:00:14, Serial3/2
R2#
R2#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/40 ms
R2#ping 40.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/36 ms
R2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/56 ms
R2#ping 11.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/22/44 ms

R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.0.0.0/8 is directly connected, Serial3/0
L        1.1.1.1/32 is directly connected, Serial3/0
S     2.0.0.0/8 [1/0] via 1.1.1.2
S     3.0.0.0/8 [1/0] via 1.1.1.2
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.1.1.1/32 is directly connected, FastEthernet0/0
      11.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C        11.0.0.0/24 is directly connected, Loopback0
L        11.0.0.1/32 is directly connected, Loopback0
C        11.0.1.0/24 is directly connected, Loopback1
L        11.0.1.1/32 is directly connected, Loopback1
C        11.0.2.0/24 is directly connected, Loopback2
L        11.0.2.1/32 is directly connected, Loopback2
C        11.0.3.0/24 is directly connected, Loopback3
L        11.0.3.1/32 is directly connected, Loopback3
C        11.0.4.0/24 is directly connected, Loopback4
L        11.0.4.1/32 is directly connected, Loopback4
S     20.0.0.0/8 [1/0] via 1.1.1.2
S     30.0.0.0/8 [1/0] via 1.1.1.2
S     40.0.0.0/8 [1/0] via 1.1.1.2
R1#ping 20.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/52 ms
R1#ping 30.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/88/136 ms
R1#ping 40.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/72 ms


Tuesday, 15 January 2019

What is Root guard and how to prevent Root guard attack?


The root guard prevents the wrong switch from becoming the spanning tree root. If a root guard port receives a superior BPDU that might cause it to become a root port, the port is put into a “root-inconsistent” state and does not pass traffic through it. If the port stops receiving these BPDUs, it automatically re-enables itself.






In short- Root Guard is similar to the BPDU Guard. The root guard feature prevents a designating port from becoming a root port.

let's see the configuration: -
Topology:








 Goal:
  • configure the topology as per the diagram.
  • assign the IP addresses to their respective ports
  • configure trunking between switches
  • configure switch-4 root bridge for VLAN 1
  • configure KALI machine to act as a switch and become the ROOT bridge for VLAN 1
  • make sure the attacker will not become a ROOT bridge 
  • to prevent this attack configure Root Guard 
  • we want to switch 4 to not accept superior BPDU\ and make it root-inconsistent to that port.

Friday, 11 January 2019

What is Spanning-tree BPDU Guard and how to Configure BPDU guard?

Spanning-tree BPDU Guard is one of the features that help you protect your spanning-tree topology. 
BPDU Guard prevents loops if another switch is attached to a Portfast port. When BPDU Guard is enabled on an interface, it is put into an error-disable state basically shut down, if a BPDU is received on the interface. It can be enabled at either global configuration mode or at interface mode.






If any BDU is received on a port where BPDU Guard is enabled, that port immediately is put into the err-disable state and it must be either manually reenable or automatically recover through the error disable timeout function.


By default, BPDU Guard is disabled on all switch ports. You must use BPDU Guard on all switch ports where spanning-tree Portfast is enabled.


in this section, we are going to check BPDU Guard in two different way 


let's see the configuration:-





  1. configure the topology as per the diagram 
  2. configure portfast default 
  3. configure BPDU Guard 
  4. make sure switch 3 gig 1/0/3 does not become root in our network.
 


Switch#show spanning-tree vlan 1

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 0003.E47B.8B03

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0003.E47B.8B03

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20


Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/0/1 Desg FWD 4 128.1 P2p

Gi1/0/2 Desg FWD 4 128.2 P2p



Switch(config)#spanning-tree portfast default


Switch(config)#spanning-tree portfast bpduguard default







 







( now our switch is configured with BPDU Guard, let's configure switch 3 and send superior BPDU to switch 2 (the root bridge) 

Switch(config)#spanning-tree vlan 1 priority 0



as we can see our root bridge (switch 2) put switch 3 in the err-disable state.

let see another configuration :



Topology:
Goal:
  • configure the topology as per the diagram.
  • configure the link between the switches.
  • configure switch 2 fa 0/1 as L3 port in order to test STP BPDU guard.
  • configure BPDU guard and Portfast on switch 1.


SW-2(config)#interface fastEthernet 0/1
SW-2(config-if)#no switchport
SW-2(config-if)#ip address 192.168.1.1 255.255.255.0
SW-2(config-if)#exit

SW-1(config)#vlan 10
SW-1(config-vlan)#name sales

SW-1(config-vlan)#exit


SW-1(config)#interface fastEthernet 0/1
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 10
SW-1(config-if)#spanning-tree portfast
SW-1(config-if)#spanning-tree bpduguard enable
SW-1(config-if)#exit

(we are going to change the SW-1 fa0/1 interface L2 to verify BPDU guard)




%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port. 






 


 


Instagram

Facebook


Twitter



LINKEDIN








What is uplinkfast?

  Spanning tree UplinkFast is a Cisco-specific enhancement to the Spanning Tree Protocol (STP). It's designed to improve the convergenc...