CCDA Notes – Best Practices

Do you agree with the checklist and best practices mentioned below? Do you know any that should be added to these lists. Let me know and I’ll get them added if they are pertinent.

Network Health Checklist
1) Ethernet segments should not have a sustained utilization of 40% or higher.
2) All Ethernet segments should be switched. No shared segments(hub-based).
3) No WAN links should feature a sustained utilization of 70% or higher.
4) WAN response times should be generally less than 100ms.
5) LAN response times should be around 2ms.
6) No segments have more than one CRC error per MB of data.
7) Segments should be no more than 20% multicast/broadcast traffic.
8) Device CPU utilization should not exceed 75% over 5 minute intervals.
9) Output queue drops should not exceed 100 in an hour.
10) Input queue drops should not exceed 50 in an hour.
11) Buffer misses should not exceed 25 in an hour.
12) Ignored packets should not exceed 10 in an hour.

Access Layer Best Practices
1) QoS for performance.
2) Redundancy for availability.
3) Limit VLANs to a single closet.
4) RPVST+ instead of STP or PVST+.
5) DTP set to desirable/desirable. ** I do not agree with this one **
6) VTP transparent mode.
7) Disable trunk mode on access ports.
8) Routing in the access layer.
9) Portfast on edge ports.

Distribution Layer Best Practices
1) Aggregate bandwidth together into EtherChannels.
2) QoS.
3) Security mechanisms.
4) FHRP protocols.
5) Routing.
6) Address summarization.
7) Triangles and not squares for redundancy in and between layers.

Core Layer Best Practices
1) Redundant triangle designs between switches.
2) Fast switching at Layer 2. No routing if possible.
3) Multilayer switches.

CCDA Notes – PPDIOO

This starts my foray into the CCDA. I will try to keep the CCDA notes blog posts to a specific topic per post. If you see any mistakes, missed subject matter, or just wish to berate my note taking skills then feel free to leave a comment.

PPDIOO
Prepare
Plan
Design
Implement
Operate
Optimize

Prepare
1) Business objectives. Identify technologies and develop a strategy.
2) Identify customer requirements.
    a) Speak with all managers.
    b) Follow these steps:
     Step 1. Identify network applications and services.
     Step 2. Define organizational goals.
     Step 3. Define organizational constraints.
     Step 4. Define technical goals.
     Step 5. Define technical constraints.

Plan
1) Characterize and asses the network to develop a project plan.
2) Information gathering.
    Step 1. Identify and gather all existing documentation.
    Step 2. Audit the network.
    Step 3. Perform traffic analysis.
3) Information to gather:
    a) Device list
    b) Hardware models
    c) Software versions
    d) Configs
    e) Auditing tools output
    f) Interface speeds
    g) Link, cpu, and memory utilization
    h) WAN technologies

Design
1) Top Down Approach
    a) Start with apps and work your way down to the network infrastructure.
    b) Accurately incorporates the business drivers.
    c) Disadvantage is that it is time-consuming.
2) Bottom Up Approach
    a) Based on previous experience.
    b) Allows for quick solutions.
    c) Might make for inappropriate solutions.
    d) Often misses the organizational goals.
3) Pilots and prototypes
    a) Prototype – A subset of a full network. These networks are generally isolated from production network.
    b) Pilot – A live location for testing on the actual network. Allows the discovery of any real issues.
4) A design document generally includes:
    a) Introduction
    b) Design requirements
    c) Existing network infrastructure
    d) Design
    e) PoC
    f) Implementation plan
    g) Appendices

Implement
1) Follow the project plan and design document.
2) Each step should include:
    a) Description
    b) Implementation guidelines
    c) Estimated time to complete
    d) Rollback steps
    e) Reference information

Operate
1) Network management
2) Network monitoring
3) Routine maintenance
4) Upgrades
5) Performance management
6) Network fault detection and correction

Optimize
1) Be proactive instead of reactive
2) This may lead back to the Prepare phase and start the process all over.

Quick Update

Have not posted in a while so wanted to give a quick update. I am about to finish up my “CCNP memory refresh”. I am half way through my final book and should finish it off in the next week or so.

The last book I am reading is Network Warrior Second Edition. This book is really good. I had read the first edition and forgot how much I like Gary Donahue’s writing style which is informative and funny at just the right times.

My big plans after completing this refresh are lining up perfectly. The CCDA books will be coming out during the month of June, just in time for me to start up my CCDA/DP path. Plans are to have it done by end of year and then 2012 will be my start up that big mountain know as the CCIE. I do plan to try, notice the word try there, to blog more on the topics I go over for the CCDA/DP studies so stay tuned for some boring posts on design and such.

See ya around!

OSPF Common Topics Lab Config #3

We will be going over the last configuration tasks on the list in this post. The first set of tasks can be found here and the second set can be found here.

Tasks
* R5-R7 OSPF area 1 is a totally stubby area.
* Mutually redistribute routes between OSPF area 5 and RIP on R9.
* R9 and R14 will use RIP version 2.
* Manually assign router IDs to all OSPF routers and use the format 0.0.0.x where x=Router#.
* All other links will be their default OSPF network type.
* Summarize networks at ABRs and ASBRs when possible.
* Summarized routes should be prevented from being redistributed back into source areas.
* Network addresses displayed on network diagram near a router are loopbacks. The loopback interfaces used for OSPF should be set to a OSPF network type of point-to-point.

Task 22
Area 1 is going to be a totally-stubby area so we can configure that on all routers that are participating in that area. For us that is only R5 and R7.

R5(config)#router ospf 1
R5(config-router)#area 1 stub no-summary

R7(config)#router ospf 1
R7(config-router)#area 1 stub no-summary

Lets verify that everything is correct.

R5#show ip ospf | beg Area 1
    Area 1
        Number of interfaces in this area is 1
        It is a stub area, no summary LSA in this area
          generates stub default route with cost 1
        Area has no authentication
        SPF algorithm last executed 00:06:25.856 ago
        SPF algorithm executed 8 times
        Area ranges are
           192.168.7.0/28 Active(65) Advertise
        Number of LSA 3. Checksum Sum 0x012C47
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

R7#show ip ospf | beg Area 1
    Area 1
        Number of interfaces in this area is 5
        It is a stub area
        Area has no authentication
        SPF algorithm last executed 00:07:42.936 ago
        SPF algorithm executed 5 times
        Area ranges are
        Number of LSA 3. Checksum Sum 0x012C47
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

As you can see there is a difference in the show commands in the description of what type of stub area it is. The ABR is really the only one that needs the full area 1 stub no-summary config command. I personally like to put it on all routers in that area so that it is a reminder that the area is totally-stubby and not just a plain stub area.

Task 23 & 24
Here on R9 we are going to redistribute the RIP and OSPF routes into each other. We will also configure R9 and R14 to use RIPv2.

R9(config)#router ospf 1
R9(config-router)#redistribute rip metric 10 subnets
R9(config-router)#router rip
R9(config-router)#version 2
R9(config-router)#redistribute ospf 1 metric 3

R14(config)#router rip
R14(config-router)#version 2

You can verify the redistribution by looking at the route tables on R14 and R3 or by checking the OSPF and RIP databases on R9.

Task 25
This is a simple one. I am just going to display the configuration for a few of the routers. You should be able to figure out what the rest are.

R1(config)#router ospf 1
R1(config-router)#router-id 0.0.0.1

R5(config)#router ospf 1
R5(config-router)#router-id 0.0.0.5

R10(config)#router ospf 1
R10(config-router)#router-id 0.0.0.10

Now we should make sure the setting took. We can do this with the show command displayed below.

R10#show ip ospf | inc ID
 Routing Process "ospf 1" with ID 0.0.0.10

Task 26
Really no work to do here. If we have not configured anything on a link or an interface then it of course is going to be at its default OSPF network type.

Task 27
I summarized networks at the nearest ABR/ASBR whenever possible. I will give three examples of the summarizations.

R4(config)#router ospf 1
R4(config-router)#area 2 range 192.168.6.0 255.255.255.240
R4(config-router)#summary-address 4.4.4.0 255.255.255.240

R9(config)#router ospf 1
R9(config-router)#summary-address 10.8.0.0 255.248.0.0

Use the summary-address config command when summarizing at an ASBR and use the area # range config command when summarizing at an ABR.

Task 28
For grins and giggles I did the below configuration to get rid of the summarized route that was being advertised back into area 50 by R4. This of course does not scale well. :)

R11(config)#access-list 1 permit 4.4.4.0 0.0.0.15
R11(config)#route-map NO_SUMMARY_4 deny 10
R11(config-route-map)#match ip address 1
R11(config-route-map)#route-map NO_SUMMARY_4 permit 20
R11(config-route-map)#router ospf 50
R11(config-router)#distribute-list route-map NO_SUMMARY_4 in

Task 29
This last one is a simple one. On all the loopback interfaces in the OSPF areas you will use the ip ospf network point-to-point config command. This is only to make the routes produced by the loopbacks to appear the correct prefix length instead of a /32.

That’s it. Sometime soon I will be posting up a EIGRP lab that is similar to this one. If you want to get a headstart on it you can check out this post over at networking-forum.com.

OSPF Common Topics Lab Config #2

This is part 2 of the OSPF lab configuration. We will configure tasks 11-21 on the task list from the original OSPF lab post and those tasks are listed below. If you want to look at the configuration of tasks 1-10 then take a look over here. As mentioned in the first config blog, you will need to setup some of the basic OSPF stuff like network statements yourself because it is not covered in the tasks unless it is to demonstrate something that is out of the norm.

Tasks
* R3 OSPF process number will be different than all other routers OSPF process numbers to demonstrate that OSPF process number is unimportant in peering establishment.
* R3-R9 OSPF area 5 is a NSSA with a default route advertised back into it
* R4-R11 will be using a GREoIPSEC tunnel for all traffic including routing protocols.
* R4-R6 OSPF area 2 is a stub area.
* R4 will have all OSPF network statements use a 4 octet area identifier(i.e. network 2.2.2.1 0.0.0.0 area 0.0.0.50).
* R4-R11 OSPF area 50 will be a different OSPF process so in that R4 becomes an ASBR between the OSPF process for area 50 and the other OSPF process that area 2 and area 0 are in.
* R4 will use a different OSPF router-ID for each OSPF process. This is to demonstrate that there can be multiple router-IDs on one router.
* Mutually redistribute routes between OSPF area 50 process and OSPF area 0/area 2 process on R4.
* Routes redistributed from OSPF area 50 process into OSPF area0/area 2 process will be made external type 1 OSPF routes.
* Mutually redistribute routes between EIGRP and OSPF at R5 and R12.
* Prevent any redistribution loops that might be caused with mutual redistribution at R5 and R12.

Task 11
This step is pretty easy. It is more of a demonstration than anything else. The point of the task is just to show that you can have a different process number on a router than all other routers and the OSPF neighbor adjacency will still come up.

R3#show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.0.1         200   FULL/DR         00:00:34    172.16.123.1    FastEthernet1/0
0.0.0.2         100   FULL/BDR        00:00:34    172.16.123.2    FastEthernet1/0
0.0.0.9           0   FULL/  -        00:01:46    172.16.39.1     Serial0/0

R3#show ip ospf | inc Process
 Routing Process "ospf 10000" with ID 0.0.0.3

R1#show ip ospf | inc Process
 Routing Process "ospf 1" with ID 0.0.0.1

R2#show ip ospf | inc Process        
 Routing Process "ospf 1" with ID 0.0.0.2

R9#show ip ospf | inc Process
 Routing Process "ospf 1" with ID 0.0.0.9

The first show command is to display which routers are neighbors of R3 and whether or not the adjacency has been established. The second show command tells that R3 is using a process number of 10000 and the rest of the show commands display that all other routers are using process number 1.

Task 12
Area 5 is to be setup as a Not-So-Stubby Area. We will need to make sure that all routers in area 5 have the setting to make them a NSSA-type router in that area for it to work correctly. We also want to send a default route back into area 5.

R3(config)#router ospf 10000
R3(config-router)#area 5 nssa default-information-originate

R9(config)#router ospf 1
R9(config-router)#area 5 nssa

You will notice there is a difference between the two configurations. The default-information-originate is to be used only on the border router. Let us verify the settings.

R3#show ip ospf | beg Area 5
    Area 5
        Number of interfaces in this area is 1
        It is a NSSA area
        Perform type-7/type-5 LSA translation
        generates NSSA default route with cost 1
        Area has no authentication
        SPF algorithm last executed 01:25:18.112 ago
        SPF algorithm executed 9 times
        Area ranges are
           192.168.9.0/28 Active(65) Advertise 
        Number of LSA 17. Checksum Sum 0x08B868
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

Yep, the area is set to NSSA.

Task 13
This task wants us to setup a GRE over IPSec tunnel for all traffic, including routing protocols, that go on the link between R4 and R11. To my knowledge, this was my first time configuring one of these so I jumbled it together. It “appears” to work. :)

R4(config)#crypto isakmp policy 1
R4(config-isakmp)#authentication pre-share
R4(config-isakmp)#crypto isakmp key C1sc0 address 2.2.2.254
R4(config)#crypto ipsec transform-set CRYPT_SET esp-aes 256 esp-sha-hmac 
R4(cfg-crypto-trans)#mode transport
R4(cfg-crypto-trans)#crypto map GRE_ENCRYPT 10 ipsec-isakmp
R4(config-crypto-map)#set peer 2.2.2.254
R4(config-crypto-map)#set transform-set CRYPT_SET
R4(config-crypto-map)#match address GRE_ENCRYPT
R4(config-crypto-map)#ip access-list extended GRE_ENCRYPT
R4(config-ext-nacl)#permit gre host 2.2.2.1 host 2.2.2.254
R4(config-ext-nacl)#interface Tunnel0
R4(config-if)#bandwidth 100000
R4(config-if)#ip address 1.1.1.0 255.255.255.254
R4(config-if)#tunnel source Serial0/2
R4(config-if)#tunnel destination 2.2.2.254
R4(config-if)#crypto map GRE_ENCRYPT

R11(config)#crypto isakmp policy 1
R11(config-isakmp)#authentication pre-share
R11(config-isakmp)#crypto isakmp key C1sc0 address 2.2.2.1
R11(config)#crypto ipsec transform-set CRYPT_SET esp-aes 256 esp-sha-hmac 
R11(cfg-crypto-trans)#mode transport
R11(cfg-crypto-trans)#crypto map GRE_ENCRYPT 10 ipsec-isakmp
R11(config-crypto-map)#set peer 2.2.2.1
R11(config-crypto-map)#set transform-set CRYPT_SET
R11(config-crypto-map)#match address GRE_ENCRYPT
R11(config-crypto-map)#ip access-list extended GRE_ENCRYPT
R11(config-ext-nacl)#permit gre host 2.2.2.254 host 2.2.2.1
R11(config-ext-nacl)#interface Tunnel0
R11(config-if)#bandwidth 100000
R11(config-if)#ip address 1.1.1.1 255.255.255.254
R11(config-if)#tunnel source Serial0/0
R11(config-if)#tunnel destination 2.2.2.254
R11(config-if)#crypto map GRE_ENCRYPT

First we setup our basic IPSec settings, then create a tunnel interface that uses the default GRE mode, and finally implement the IPSec settings onto the tunnel to create a GREoIPSec tunnel. Rinse and repeat on the other side. Lets verify it is being used.

R11#show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.50.4          0   FULL/  -        00:00:37    1.1.1.0         Tunnel0

R4#show ip ospf neigh | inc Tu
0.0.50.11         0   FULL/  -        00:00:38    1.1.1.1         Tunnel0

R11#show ip route | beg ^$

Gateway of last resort is not set

     1.0.0.0/31 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Tunnel0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Serial0/0
     4.0.0.0/30 is subnetted, 4 subnets
C       4.4.4.4 is directly connected, Loopback1
C       4.4.4.0 is directly connected, Loopback0
C       4.4.4.12 is directly connected, Loopback3
C       4.4.4.8 is directly connected, Loopback2
     192.168.9.0/28 is subnetted, 1 subnets
O E2    192.168.9.0 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
     192.168.10.0/28 is subnetted, 1 subnets
O E2    192.168.10.0 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
     6.0.0.0/31 is subnetted, 2 subnets
O E2    6.6.6.2 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
O E2    6.6.6.0 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
     172.16.0.0/16 is variably subnetted, 10 subnets, 3 masks
O E2    172.16.57.0/31 [110/10] via 1.1.1.0, 01:16:22, Tunnel0
O E2    172.16.46.0/31 [110/10] via 1.1.1.0, 01:19:23, Tunnel0
O E2    172.16.39.1/32 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
O E2    172.16.39.0/32 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.28.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.14.0/31 [110/10] via 1.1.1.0, 01:18:45, Tunnel0
O E2    172.16.15.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.123.0/24 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.112.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.80.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
..... Rest of output snipped .....

Adjacency is established over the tunnel. All routes on R11 are going over the tunnel except for 2.2.2.0/24.

Task 14
Area 2 is going to be a standard OSPF stub area. The same applies for this as did the NSSA in that all routers in the area must be set the same for the stub-type area to function correctly.

R4(config)#router ospf 1
R4(config-router)#area 2 stub

R6(config)#router ospf 1
R6(config-router)#area 2 stub

You can use the same show command as mentioned in task 12 to verify the configuration.

Task 15
Another simple one. We are just displaying that you can use the 4 octet area identifier in the network statement and it will still work with an adjacent router that is only using a decimal digit for the area #.

R4(config)#router ospf 1
R4(config-router)#network 172.16.14.1 0.0.0.0 area 0.0.0.0
R4(config-router)#network 172.16.46.0 0.0.0.0 area 0.0.0.2
R4(config-router)#router ospf 50
R4(config-router)#network 1.1.1.0 0.0.0.0 area 0.0.0.50
R4(config-router)#do show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.50.11         0   FULL/  -        00:00:39    1.1.1.1         Tunnel0
0.0.0.1           0   FULL/  -        00:01:44    172.16.14.0     Serial0/0
0.0.0.6           0   FULL/  -        00:00:36    172.16.46.1     Serial0/1

As you can see the neighbors are still up even though using a different format for the area number in the network statement.

Task 16 & 17
Task 16 is just to prove that you can have more than one OSPF process on a router. We have an OPSF process number 1 and OSPF process number 50 on R4. Task 17 is to show that you can have more than one router ID on a single router. Router ID 0.0.0.4 is being used for R4′s OSPF process 1 and router ID 0.0.50.4 is being used under OSPF process 50.

R4#show run | beg router
router ospf 1
 router-id 0.0.0.4
 log-adjacency-changes
 area 2 stub
 area 2 range 192.168.6.0 255.255.255.240
 summary-address 4.4.4.0 255.255.255.240
 redistribute ospf 50 metric 10 subnets
 network 172.16.14.1 0.0.0.0 area 0.0.0.0
 network 172.16.46.0 0.0.0.0 area 0.0.0.2
!
router ospf 50
 router-id 0.0.50.4
 log-adjacency-changes
 summary-address 192.168.6.0 255.255.255.240
 redistribute ospf 1 metric 10 subnets
 network 1.1.1.0 0.0.0.0 area 0.0.0.50
!
R4#show ip ospf | inc Process  
 Routing Process "ospf 50" with ID 0.0.50.4
 Routing Process "ospf 1" with ID 0.0.0.4

Task 18 & 19
In this task we are redistributing routes between the two OSPF processes on R4. Routes from process 50 into process 1 are to be metric type E1 and routes from process 1 into process 50 are to be the default metric type of E2.

R4(config)#router ospf 1
R4(config-router)#redistribute ospf 50 metric 10 subnets metric-type 1
R4(config-router)#router ospf 50
R4(config-router)#redistribute ospf 1 metric 10 subnets

Lets verify that the routes from process 50 into process 1 are showing as E1 routes. We will take a look on R12.

R12#show ip route | inc E1         
       E1 - OSPF external type 1, E2 - OSPF external type 2
O E1    1.1.1.0 [110/138] via 172.16.112.0, 00:10:55, Serial0/0
O E1    4.4.4.0 [110/138] via 172.16.112.0, 00:10:55, Serial0/0

Looks good. Now we verify that the redistribution is working into process 50.

R11#show ip route | inc E2
       E1 - OSPF external type 1, E2 - OSPF external type 2
O E2    192.168.9.0 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    192.168.10.0 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    6.6.6.2 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    6.6.6.0 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.57.0/31 [110/10] via 1.1.1.0, 02:23:19, Tunnel0
O E2    172.16.46.0/31 [110/10] via 1.1.1.0, 02:26:20, Tunnel0
O E2    172.16.39.1/32 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.39.0/32 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.28.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.14.0/31 [110/10] via 1.1.1.0, 02:25:39, Tunnel0
O E2    172.16.15.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.123.0/24 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.112.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.80.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    9.9.9.0 [110/10] via 1.1.1.0, 02:24:24, Tunnel0
O E2    10.8.0.0/13 [110/10] via 1.1.1.0, 02:24:24, Tunnel0
O E2    10.255.252.0/22 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    192.168.6.0 [110/10] via 1.1.1.0, 02:26:20, Tunnel0
O E2    192.168.7.0 [110/10] via 1.1.1.0, 02:23:19, Tunnel0

Yep, they are there.

Task 20 & 21
Here we are going to mutually redistribute between EIGRP and OSPF but the catch is that there are two routers doing the redistribution so there are redistribution loop issues that will have to be dealt with. I had to look this up as it had been a long time since I had configured something like this. This is pretty much a plagiarism from one of the bazillion Cisco Press books I have.

R5(config)#route-map EIGRP_TO_OSPF deny 10
R5(config-route-map)#match tag 110
R5(config-route-map)#route-map EIGRP_TO_OSPF permit 20
R5(config-route-map)#set tag 90
R5(config-route-map)#route-map OSPF_TO_EIGRP deny 10
R5(config-route-map)#match tag 90
R5(config-route-map)#route-map OSPF_TO_EIGRP permit 20
R5(config-route-map)#set tag 110
R5(config-route-map)#router eigrp 1
R5(config-router)#redistribute ospf 1 metric 100000 100 255 1 1500 route-map OSPF_TO_EIGRP
R5(config-router)#router ospf 1
R5(config-router)redistribute eigrp 1 metric 10 subnets route-map EIGRP_TO_OSPF

The route-map is basically denying any route that originally was tagged when it was first redistributed into the other routing protocol(to prevent loops) and if it does not have a tag that matches the deny statement then it is going to allow the route to be redistributed and the tag added to it. The redistribution commands under each route process call the route-map.