Quick Update

Have not posted in a while so wanted to give a quick update. I am about to finish up my “CCNP memory refresh”. I am half way through my final book and should finish it off in the next week or so.

The last book I am reading is Network Warrior Second Edition. This book is really good. I had read the first edition and forgot how much I like Gary Donahue’s writing style which is informative and funny at just the right times.

My big plans after completing this refresh are lining up perfectly. The CCDA books will be coming out during the month of June, just in time for me to start up my CCDA/DP path. Plans are to have it done by end of year and then 2012 will be my start up that big mountain know as the CCIE. I do plan to try, notice the word try there, to blog more on the topics I go over for the CCDA/DP studies so stay tuned for some boring posts on design and such.

See ya around!

Advertisements

OSPF Common Topics Lab Config #3

We will be going over the last configuration tasks on the list in this post. The first set of tasks can be found here and the second set can be found here.

Tasks
* R5-R7 OSPF area 1 is a totally stubby area.
* Mutually redistribute routes between OSPF area 5 and RIP on R9.
* R9 and R14 will use RIP version 2.
* Manually assign router IDs to all OSPF routers and use the format 0.0.0.x where x=Router#.
* All other links will be their default OSPF network type.
* Summarize networks at ABRs and ASBRs when possible.
* Summarized routes should be prevented from being redistributed back into source areas.
* Network addresses displayed on network diagram near a router are loopbacks. The loopback interfaces used for OSPF should be set to a OSPF network type of point-to-point.

Task 22
Area 1 is going to be a totally-stubby area so we can configure that on all routers that are participating in that area. For us that is only R5 and R7.

R5(config)#router ospf 1
R5(config-router)#area 1 stub no-summary

R7(config)#router ospf 1
R7(config-router)#area 1 stub no-summary

Lets verify that everything is correct.

R5#show ip ospf | beg Area 1
    Area 1
        Number of interfaces in this area is 1
        It is a stub area, no summary LSA in this area
          generates stub default route with cost 1
        Area has no authentication
        SPF algorithm last executed 00:06:25.856 ago
        SPF algorithm executed 8 times
        Area ranges are
           192.168.7.0/28 Active(65) Advertise
        Number of LSA 3. Checksum Sum 0x012C47
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

R7#show ip ospf | beg Area 1
    Area 1
        Number of interfaces in this area is 5
        It is a stub area
        Area has no authentication
        SPF algorithm last executed 00:07:42.936 ago
        SPF algorithm executed 5 times
        Area ranges are
        Number of LSA 3. Checksum Sum 0x012C47
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

As you can see there is a difference in the show commands in the description of what type of stub area it is. The ABR is really the only one that needs the full area 1 stub no-summary config command. I personally like to put it on all routers in that area so that it is a reminder that the area is totally-stubby and not just a plain stub area.

Task 23 & 24
Here on R9 we are going to redistribute the RIP and OSPF routes into each other. We will also configure R9 and R14 to use RIPv2.

R9(config)#router ospf 1
R9(config-router)#redistribute rip metric 10 subnets
R9(config-router)#router rip
R9(config-router)#version 2
R9(config-router)#redistribute ospf 1 metric 3

R14(config)#router rip
R14(config-router)#version 2

You can verify the redistribution by looking at the route tables on R14 and R3 or by checking the OSPF and RIP databases on R9.

Task 25
This is a simple one. I am just going to display the configuration for a few of the routers. You should be able to figure out what the rest are.

R1(config)#router ospf 1
R1(config-router)#router-id 0.0.0.1

R5(config)#router ospf 1
R5(config-router)#router-id 0.0.0.5

R10(config)#router ospf 1
R10(config-router)#router-id 0.0.0.10

Now we should make sure the setting took. We can do this with the show command displayed below.

R10#show ip ospf | inc ID
 Routing Process "ospf 1" with ID 0.0.0.10

Task 26
Really no work to do here. If we have not configured anything on a link or an interface then it of course is going to be at its default OSPF network type.

Task 27
I summarized networks at the nearest ABR/ASBR whenever possible. I will give three examples of the summarizations.

R4(config)#router ospf 1
R4(config-router)#area 2 range 192.168.6.0 255.255.255.240
R4(config-router)#summary-address 4.4.4.0 255.255.255.240

R9(config)#router ospf 1
R9(config-router)#summary-address 10.8.0.0 255.248.0.0

Use the summary-address config command when summarizing at an ASBR and use the area # range config command when summarizing at an ABR.

Task 28
For grins and giggles I did the below configuration to get rid of the summarized route that was being advertised back into area 50 by R4. This of course does not scale well. 🙂

R11(config)#access-list 1 permit 4.4.4.0 0.0.0.15
R11(config)#route-map NO_SUMMARY_4 deny 10
R11(config-route-map)#match ip address 1
R11(config-route-map)#route-map NO_SUMMARY_4 permit 20
R11(config-route-map)#router ospf 50
R11(config-router)#distribute-list route-map NO_SUMMARY_4 in

Task 29
This last one is a simple one. On all the loopback interfaces in the OSPF areas you will use the ip ospf network point-to-point config command. This is only to make the routes produced by the loopbacks to appear the correct prefix length instead of a /32.

That’s it. Sometime soon I will be posting up a EIGRP lab that is similar to this one. If you want to get a headstart on it you can check out this post over at networking-forum.com.


OSPF Common Topics Lab Config #2

This is part 2 of the OSPF lab configuration. We will configure tasks 11-21 on the task list from the original OSPF lab post and those tasks are listed below. If you want to look at the configuration of tasks 1-10 then take a look over here. As mentioned in the first config blog, you will need to setup some of the basic OSPF stuff like network statements yourself because it is not covered in the tasks unless it is to demonstrate something that is out of the norm.

Tasks
* R3 OSPF process number will be different than all other routers OSPF process numbers to demonstrate that OSPF process number is unimportant in peering establishment.
* R3-R9 OSPF area 5 is a NSSA with a default route advertised back into it
* R4-R11 will be using a GREoIPSEC tunnel for all traffic including routing protocols.
* R4-R6 OSPF area 2 is a stub area.
* R4 will have all OSPF network statements use a 4 octet area identifier(i.e. network 2.2.2.1 0.0.0.0 area 0.0.0.50).
* R4-R11 OSPF area 50 will be a different OSPF process so in that R4 becomes an ASBR between the OSPF process for area 50 and the other OSPF process that area 2 and area 0 are in.
* R4 will use a different OSPF router-ID for each OSPF process. This is to demonstrate that there can be multiple router-IDs on one router.
* Mutually redistribute routes between OSPF area 50 process and OSPF area 0/area 2 process on R4.
* Routes redistributed from OSPF area 50 process into OSPF area0/area 2 process will be made external type 1 OSPF routes.
* Mutually redistribute routes between EIGRP and OSPF at R5 and R12.
* Prevent any redistribution loops that might be caused with mutual redistribution at R5 and R12.

Task 11
This step is pretty easy. It is more of a demonstration than anything else. The point of the task is just to show that you can have a different process number on a router than all other routers and the OSPF neighbor adjacency will still come up.

R3#show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.0.1         200   FULL/DR         00:00:34    172.16.123.1    FastEthernet1/0
0.0.0.2         100   FULL/BDR        00:00:34    172.16.123.2    FastEthernet1/0
0.0.0.9           0   FULL/  -        00:01:46    172.16.39.1     Serial0/0

R3#show ip ospf | inc Process
 Routing Process "ospf 10000" with ID 0.0.0.3

R1#show ip ospf | inc Process
 Routing Process "ospf 1" with ID 0.0.0.1

R2#show ip ospf | inc Process        
 Routing Process "ospf 1" with ID 0.0.0.2

R9#show ip ospf | inc Process
 Routing Process "ospf 1" with ID 0.0.0.9

The first show command is to display which routers are neighbors of R3 and whether or not the adjacency has been established. The second show command tells that R3 is using a process number of 10000 and the rest of the show commands display that all other routers are using process number 1.

Task 12
Area 5 is to be setup as a Not-So-Stubby Area. We will need to make sure that all routers in area 5 have the setting to make them a NSSA-type router in that area for it to work correctly. We also want to send a default route back into area 5.

R3(config)#router ospf 10000
R3(config-router)#area 5 nssa default-information-originate

R9(config)#router ospf 1
R9(config-router)#area 5 nssa

You will notice there is a difference between the two configurations. The default-information-originate is to be used only on the border router. Let us verify the settings.

R3#show ip ospf | beg Area 5
    Area 5
        Number of interfaces in this area is 1
        It is a NSSA area
        Perform type-7/type-5 LSA translation
        generates NSSA default route with cost 1
        Area has no authentication
        SPF algorithm last executed 01:25:18.112 ago
        SPF algorithm executed 9 times
        Area ranges are
           192.168.9.0/28 Active(65) Advertise 
        Number of LSA 17. Checksum Sum 0x08B868
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

Yep, the area is set to NSSA.

Task 13
This task wants us to setup a GRE over IPSec tunnel for all traffic, including routing protocols, that go on the link between R4 and R11. To my knowledge, this was my first time configuring one of these so I jumbled it together. It “appears” to work. 🙂

R4(config)#crypto isakmp policy 1
R4(config-isakmp)#authentication pre-share
R4(config-isakmp)#crypto isakmp key C1sc0 address 2.2.2.254
R4(config)#crypto ipsec transform-set CRYPT_SET esp-aes 256 esp-sha-hmac 
R4(cfg-crypto-trans)#mode transport
R4(cfg-crypto-trans)#crypto map GRE_ENCRYPT 10 ipsec-isakmp
R4(config-crypto-map)#set peer 2.2.2.254
R4(config-crypto-map)#set transform-set CRYPT_SET
R4(config-crypto-map)#match address GRE_ENCRYPT
R4(config-crypto-map)#ip access-list extended GRE_ENCRYPT
R4(config-ext-nacl)#permit gre host 2.2.2.1 host 2.2.2.254
R4(config-ext-nacl)#interface Tunnel0
R4(config-if)#bandwidth 100000
R4(config-if)#ip address 1.1.1.0 255.255.255.254
R4(config-if)#tunnel source Serial0/2
R4(config-if)#tunnel destination 2.2.2.254
R4(config-if)#crypto map GRE_ENCRYPT

R11(config)#crypto isakmp policy 1
R11(config-isakmp)#authentication pre-share
R11(config-isakmp)#crypto isakmp key C1sc0 address 2.2.2.1
R11(config)#crypto ipsec transform-set CRYPT_SET esp-aes 256 esp-sha-hmac 
R11(cfg-crypto-trans)#mode transport
R11(cfg-crypto-trans)#crypto map GRE_ENCRYPT 10 ipsec-isakmp
R11(config-crypto-map)#set peer 2.2.2.1
R11(config-crypto-map)#set transform-set CRYPT_SET
R11(config-crypto-map)#match address GRE_ENCRYPT
R11(config-crypto-map)#ip access-list extended GRE_ENCRYPT
R11(config-ext-nacl)#permit gre host 2.2.2.254 host 2.2.2.1
R11(config-ext-nacl)#interface Tunnel0
R11(config-if)#bandwidth 100000
R11(config-if)#ip address 1.1.1.1 255.255.255.254
R11(config-if)#tunnel source Serial0/0
R11(config-if)#tunnel destination 2.2.2.254
R11(config-if)#crypto map GRE_ENCRYPT

First we setup our basic IPSec settings, then create a tunnel interface that uses the default GRE mode, and finally implement the IPSec settings onto the tunnel to create a GREoIPSec tunnel. Rinse and repeat on the other side. Lets verify it is being used.

R11#show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.50.4          0   FULL/  -        00:00:37    1.1.1.0         Tunnel0

R4#show ip ospf neigh | inc Tu
0.0.50.11         0   FULL/  -        00:00:38    1.1.1.1         Tunnel0

R11#show ip route | beg ^$

Gateway of last resort is not set

     1.0.0.0/31 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Tunnel0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Serial0/0
     4.0.0.0/30 is subnetted, 4 subnets
C       4.4.4.4 is directly connected, Loopback1
C       4.4.4.0 is directly connected, Loopback0
C       4.4.4.12 is directly connected, Loopback3
C       4.4.4.8 is directly connected, Loopback2
     192.168.9.0/28 is subnetted, 1 subnets
O E2    192.168.9.0 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
     192.168.10.0/28 is subnetted, 1 subnets
O E2    192.168.10.0 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
     6.0.0.0/31 is subnetted, 2 subnets
O E2    6.6.6.2 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
O E2    6.6.6.0 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
     172.16.0.0/16 is variably subnetted, 10 subnets, 3 masks
O E2    172.16.57.0/31 [110/10] via 1.1.1.0, 01:16:22, Tunnel0
O E2    172.16.46.0/31 [110/10] via 1.1.1.0, 01:19:23, Tunnel0
O E2    172.16.39.1/32 [110/10] via 1.1.1.0, 01:17:37, Tunnel0
O E2    172.16.39.0/32 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.28.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.14.0/31 [110/10] via 1.1.1.0, 01:18:45, Tunnel0
O E2    172.16.15.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.123.0/24 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.112.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
O E2    172.16.80.0/31 [110/10] via 1.1.1.0, 01:17:40, Tunnel0
..... Rest of output snipped .....

Adjacency is established over the tunnel. All routes on R11 are going over the tunnel except for 2.2.2.0/24.

Task 14
Area 2 is going to be a standard OSPF stub area. The same applies for this as did the NSSA in that all routers in the area must be set the same for the stub-type area to function correctly.

R4(config)#router ospf 1
R4(config-router)#area 2 stub

R6(config)#router ospf 1
R6(config-router)#area 2 stub

You can use the same show command as mentioned in task 12 to verify the configuration.

Task 15
Another simple one. We are just displaying that you can use the 4 octet area identifier in the network statement and it will still work with an adjacent router that is only using a decimal digit for the area #.

R4(config)#router ospf 1
R4(config-router)#network 172.16.14.1 0.0.0.0 area 0.0.0.0
R4(config-router)#network 172.16.46.0 0.0.0.0 area 0.0.0.2
R4(config-router)#router ospf 50
R4(config-router)#network 1.1.1.0 0.0.0.0 area 0.0.0.50
R4(config-router)#do show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.50.11         0   FULL/  -        00:00:39    1.1.1.1         Tunnel0
0.0.0.1           0   FULL/  -        00:01:44    172.16.14.0     Serial0/0
0.0.0.6           0   FULL/  -        00:00:36    172.16.46.1     Serial0/1

As you can see the neighbors are still up even though using a different format for the area number in the network statement.

Task 16 & 17
Task 16 is just to prove that you can have more than one OSPF process on a router. We have an OPSF process number 1 and OSPF process number 50 on R4. Task 17 is to show that you can have more than one router ID on a single router. Router ID 0.0.0.4 is being used for R4’s OSPF process 1 and router ID 0.0.50.4 is being used under OSPF process 50.

R4#show run | beg router
router ospf 1
 router-id 0.0.0.4
 log-adjacency-changes
 area 2 stub
 area 2 range 192.168.6.0 255.255.255.240
 summary-address 4.4.4.0 255.255.255.240
 redistribute ospf 50 metric 10 subnets
 network 172.16.14.1 0.0.0.0 area 0.0.0.0
 network 172.16.46.0 0.0.0.0 area 0.0.0.2
!
router ospf 50
 router-id 0.0.50.4
 log-adjacency-changes
 summary-address 192.168.6.0 255.255.255.240
 redistribute ospf 1 metric 10 subnets
 network 1.1.1.0 0.0.0.0 area 0.0.0.50
!
R4#show ip ospf | inc Process  
 Routing Process "ospf 50" with ID 0.0.50.4
 Routing Process "ospf 1" with ID 0.0.0.4

Task 18 & 19
In this task we are redistributing routes between the two OSPF processes on R4. Routes from process 50 into process 1 are to be metric type E1 and routes from process 1 into process 50 are to be the default metric type of E2.

R4(config)#router ospf 1
R4(config-router)#redistribute ospf 50 metric 10 subnets metric-type 1
R4(config-router)#router ospf 50
R4(config-router)#redistribute ospf 1 metric 10 subnets

Lets verify that the routes from process 50 into process 1 are showing as E1 routes. We will take a look on R12.

R12#show ip route | inc E1         
       E1 - OSPF external type 1, E2 - OSPF external type 2
O E1    1.1.1.0 [110/138] via 172.16.112.0, 00:10:55, Serial0/0
O E1    4.4.4.0 [110/138] via 172.16.112.0, 00:10:55, Serial0/0

Looks good. Now we verify that the redistribution is working into process 50.

R11#show ip route | inc E2
       E1 - OSPF external type 1, E2 - OSPF external type 2
O E2    192.168.9.0 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    192.168.10.0 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    6.6.6.2 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    6.6.6.0 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.57.0/31 [110/10] via 1.1.1.0, 02:23:19, Tunnel0
O E2    172.16.46.0/31 [110/10] via 1.1.1.0, 02:26:20, Tunnel0
O E2    172.16.39.1/32 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.39.0/32 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.28.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.14.0/31 [110/10] via 1.1.1.0, 02:25:39, Tunnel0
O E2    172.16.15.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.123.0/24 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.112.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    172.16.80.0/31 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    9.9.9.0 [110/10] via 1.1.1.0, 02:24:24, Tunnel0
O E2    10.8.0.0/13 [110/10] via 1.1.1.0, 02:24:24, Tunnel0
O E2    10.255.252.0/22 [110/10] via 1.1.1.0, 02:24:34, Tunnel0
O E2    192.168.6.0 [110/10] via 1.1.1.0, 02:26:20, Tunnel0
O E2    192.168.7.0 [110/10] via 1.1.1.0, 02:23:19, Tunnel0

Yep, they are there.

Task 20 & 21
Here we are going to mutually redistribute between EIGRP and OSPF but the catch is that there are two routers doing the redistribution so there are redistribution loop issues that will have to be dealt with. I had to look this up as it had been a long time since I had configured something like this. This is pretty much a plagiarism from one of the bazillion Cisco Press books I have.

R5(config)#route-map EIGRP_TO_OSPF deny 10
R5(config-route-map)#match tag 110
R5(config-route-map)#route-map EIGRP_TO_OSPF permit 20
R5(config-route-map)#set tag 90
R5(config-route-map)#route-map OSPF_TO_EIGRP deny 10
R5(config-route-map)#match tag 90
R5(config-route-map)#route-map OSPF_TO_EIGRP permit 20
R5(config-route-map)#set tag 110
R5(config-route-map)#router eigrp 1
R5(config-router)#redistribute ospf 1 metric 100000 100 255 1 1500 route-map OSPF_TO_EIGRP
R5(config-router)#router ospf 1
R5(config-router)redistribute eigrp 1 metric 10 subnets route-map EIGRP_TO_OSPF

The route-map is basically denying any route that originally was tagged when it was first redistributed into the other routing protocol(to prevent loops) and if it does not have a tag that matches the deny statement then it is going to allow the route to be redistributed and the tag added to it. The redistribution commands under each route process call the route-map.


OSPF Common Topics Lab Config #1

We will be configuring the first 10 tasks in the lab that was pasted up a few days back. These tasks are listed below for reference. I will be showing information only about the tasks listed. Initial configuration of the OSPF routing processes and network statements are not covered so you will have to take care of that yourself.

Tasks
* Make R1 the DR and R2 the BDR for the 172.16.123.0/24 network.
* R1-R2-R3 will be using their default OSPF network type of broadcast.
* R1-R4 link is frame-relay and the OSPF network type is point-to-multipoint.
* R1-R4 link is using MD5 authentication for peering.
* R1-R5 link is frame-relay and the OSPF network type is the default of non-broadcast.
* R1-R5 link is using simple authentication for peering.
* R1-R12 link is using its default OSPF network area type of point-to-point.
* R1, R2, R3, R4, R5, and R12 are all in OSPF area 0.
* R2-R8 will serve as a virtual link for OSPF area 4.
* R3-R9 link is using frame-relay and OSPF network type is point-to-multipoint non-broadcast.

Task 1

Network 172.16.123.0/24 is an Ethernet segment connecting R1, R2, and R3. This is what in OSPF terms is called a multiaccess network. Ethernet interfaces participating in OSPF have a default network type of broadcast so this means a Designated Router(DR) and Backup Designated Router(BDR) are going to be elected. We want R1 to always be elected the DR and R2 to be elected as BDR which will leave R3 to be a DROTHER. We can make R1 always elected the DR by giving it a higher priority value on its FastEthernet interface than R2 and R3. We then do the same thing for R2. We will leave R3 at the default priority value of 1.

R1(config)#interface fa1/0
R1(config-if)#ip ospf priority 200
R2(config)#interface fa1/0
R2(config-if)#ip ospf priority 100

R1 and R2 will not become DR and BDR now just because you have put in this configuration. If there is a currently elected DR and BDR then you will have to cause a new election and the easiest thing to do in a lab is of course reboot the R1, R2, and R3 routers. So that is done and now we can take a look to see if our settings worked out like we wanted.

R1#show ip ospf interface fa1/0 | inc Desig
  Designated Router (ID) 0.0.0.1, Interface address 172.16.123.1
  Backup Designated router (ID) 0.0.0.2, Interface address 172.16.123.2
    Adjacent with neighbor 0.0.0.2  (Backup Designated Router)

The output shows R1, router ID 0.0.0.1, is the DR and R2, router ID 0.0.0.2, is the BDR. There is another command that you can use to seem some of this info as well but will not show anything for the current router you are on.

R1#show ip ospf neigh
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.0.2         100   FULL/BDR        00:00:32    172.16.123.2    FastEthernet1/0
0.0.0.3           1   FULL/DROTHER    00:00:32    172.16.123.3    FastEthernet1/0

The neighbor command allows us to see that R3, router id 0.0.0.3, is a DROTHER.

Task 2

Nothing to configure here as the default network type for the 172.16.123.0/24 network is broadcast. Lets verify this of course.

R1#show ip ospf interface fa1/0 | inc Type
  Process ID 1, Router ID 0.0.0.1, Network Type BROADCAST, Cost: 1
R2#show ip ospf interface fa1/0 | inc Type
  Process ID 1, Router ID 0.0.0.2, Network Type BROADCAST, Cost: 1
R3#show ip ospf interface fa1/0 | inc Type
  Process ID 10000, Router ID 0.0.0.3, Network Type BROADCAST, Cost: 1

Looks good to me.

Task 3
In this task we will configure the R1-R4 link to use frame-relay and configure the OSPF network type to point-to-multipoint.

R1(config)#interface Serial0/0                          
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay map ip 172.16.14.0 104
R1(config-if)#frame-relay map ip 172.16.14.1 104 broadcast
R1(config-if)#ip ospf network point-to-multipoint
R4(config)#interface Serial0/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#frame-relay map ip 172.16.14.0 401 broadcast
R4(config-if)#frame-relay map ip 172.16.14.1 401
R4(config-if)#ip ospf network point-to-multipoint

Lets verify on R4 that the configuration took.

R4#show ip ospf interface s0/0 | inc Type
  Process ID 1, Router ID 0.0.0.4, Network Type POINT_TO_MULTIPOINT, Cost: 64

Yep, point-to-multipoint as we configured it.

Task 4
We are going to setup MD5 authentication for the OSPF session between R1 and R4 in this task.

R1(config)#interface Serial0/0
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 C1sc0
R4(config)#interface Serial0/0
R4(config-if)#ip ospf authentication message-digest
R4(config-if)#ip ospf message-digest-key 1 md5 C1sc0

Now we need to check that it is truly using MD5 encryption on the link. Lets look at a show command and a debug command that can do this for us.

R4#show ip ospf interface s0/0 | beg Message
  Message digest authentication enabled
    Youngest key id is 1
R4#debug ip ospf packet 
OSPF packet debugging is on
*Mar  1 00:58:10.455: OSPF: rcv. v:2 t:1 l:48 rid:0.0.0.1
      aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x3C7ED1CF from Serial0/0

The show command displays that MD authentication is enabled. The debug command shows that the OSPF packet received from rid:0.0.0.1(R1) is using aut:2 which is authentication type 2 so that is MD5. It also shows which key it is using in the keyid:1 value.

Task 5
This task is almost the same as task 3 except we will not be changing the network type. Frame-relay has a default OSPF network type of non-broadcast. In a non-broadcast network we are going to have to manually setup the neighbors.

R1(config)#interface Serial0/1
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay map ip 172.16.15.0 105
R1(config-if)#frame-relay map ip 172.16.15.1 105
R1(config-if)#router ospf 1
R1(config-router)#neighbor 172.16.15.1
R5(config)#interface Serial0/0
R5(config-if)#encapsulation frame-relay
R5(config-if)#frame-relay map ip 172.16.15.0 501
R5(config-if)#frame-relay map ip 172.16.15.1 501
R5(config-if)#router ospf 1
R5(config-router)#neighbor 172.16.15.0

Now we verify that the interface is using a non-broadcast network type and that the adjacencies are up.

R5#show ip ospf interface s0/0 | inc Type
  Process ID 1, Router ID 0.0.0.5, Network Type NON_BROADCAST, Cost: 64
R1#show ip ospf neigh s0/1
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.0.5           1   FULL/DR         00:01:59    172.16.15.1     Serial0/1
R5#show ip ospf neigh s0/0
Neighbor ID     Pri   State           Dead Time   Address         Interface
0.0.0.1           1   FULL/BDR        00:01:55    172.16.15.0     Serial0/0

Task 6
On the R1-R5 link we are going to use simple authentication. This passes the authentication key in plain-text so it is not exactly secure by any means.

R1(config)#interface Serial0/1
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key C1sc0
R5(config)#interface Serial0/0
R5(config-if)#ip ospf authentication
R5(config-if)#ip ospf authentication-key C1sc0

We will look at the same show and debug commands we used previously when configuring MD5 authentication.

R1#show ip ospf interface s0/1 | inc auth
  Simple password authentication enabled
R5#debug ip ospf packet
OSPF packet debugging is on
*Mar  1 01:35:51.851: OSPF: rcv. v:2 t:1 l:48 rid:0.0.0.1
      aid:0.0.0.0 chk:750F aut:1 auk: from Serial0/0

The show command displays the correct information for this interface and the debug command shows aut:1 which is simple authentication.

Task 7
Another simple one. We are just verifying that the R1-R12 link serial interfaces are using their default point-to-point OSPF network type.

R1#show ip ospf interface s0/2 | inc Type
  Process ID 1, Router ID 0.0.0.1, Network Type POINT_TO_POINT, Cost: 64
R12#show ip ospf interface s0/0 | inc Type
  Process ID 1, Router ID 0.0.0.12, Network Type POINT_TO_POINT, Cost: 64

Simple enough.

Task 8
So we want to check that all the specified routers are in area 0. Any single router in an area is supposed to have the same link-state database as all the other routers in that area. Lets take a look at the database on R12 and see what we can see.

R12#show ip ospf database

            OSPF Router with ID (0.0.0.12) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
0.0.0.1         0.0.0.1         878         0x8000000E 0x004885 6
0.0.0.2         0.0.0.2         397         0x80000006 0x007310 2
0.0.0.3         0.0.0.3         403         0x80000007 0x00EEC0 1
0.0.0.4         0.0.0.4         437         0x80000008 0x00C376 2
0.0.0.5         0.0.0.5         354         0x80000007 0x00D373 1
0.0.0.8         0.0.0.8         3     (DNA) 0x80000002 0x00B84B 1
0.0.0.12        0.0.0.12        407         0x80000005 0x00AE7C 2

....... rest of output removed .......

Type 1 LSAs, router LSAs, are used by a router to advertise its identity and all its links inside of an area. The database should therefore contain all the routers in an area and according to this show command it does include the ones listed on the task as well as R8. R8 is part of a virtual-link that we will be discussing in the next task.

Task 9
We are going to configure a virtual-link between R2 and R8 so that R4 can appear to be connected to the backbone area 0 even though it really is not.

R2(config)#router ospf 1
R2(config-router)#area 3 virtual-link 0.0.0.8
R8(config)#router ospf 1
R8(config-router)#area 3 virtual-link 0.0.0.2

Notice that you are using the router ID of the opposite site of the virtual-link and not and interface IP address. Now we verify that the link is up and working.

R2#show ip ospf virtual-links 
Virtual Link OSPF_VL0 to router 0.0.0.8 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 3, via interface Serial0/0, Cost of using 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:03
    Adjacency State FULL (Hello suppressed)
    Index 1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

Task 10
Another frame-relay config and this time we will be using the OSPF network type of point-to-multipoint nonbroadcast. As before, because this is nonbroadcast we will need to manually configure the neighbors.

R3(config)#interface Serial0/0
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay map ip 172.16.39.0 309
R3(config-if)#frame-relay map ip 172.16.39.1 309
R3(config-if)#ip ospf network point-to-multipoint non-broadcast
R3(config-if)#router ospf 10000
R3(config-router)#neighbor 172.16.39.1
R9(config)#interface Serial0/0
R9(config-if)#encapsulation frame-relay
R9(config-if)#frame-relay map ip 172.16.39.0 903
R9(config-if)#frame-relay map ip 172.16.39.1 903
R9(config-if)#ip ospf network point-to-multipoint non-broadcast
R9(config-if)#router ospf 1
R9(config-router)#neighbor 172.16.39.0

You can use the same show commands as mentioned previously to verify anything.

We will cover the next 11 config tasks in post #2 and then the final config tasks in post #3.


Routing Challenge @ Networking-forum.com

Steve over at Networking-Forum.com is holding a cool contest. Click here to check it out.


OSPF Common Topics Lab

I got to thinking one day how nice it would be to have a dynamips lab I could turn up real quick to validate information or test out theories seen in posts from one of the best networking forums ever. I finally got around to getting it all together. I ended up creating a task-based list for all the stuff I had configured on it so if other people wanted to use it as a study/fun lab. In this post I am just posting up the diagram, dynamips .net file, and the initial router configs. Over the next few days I will be going through a portion of the tasks and show how I configured each task. Enjoy.

Tasks
————————————-
* Make R1 the DR and R2 the BDR for the 172.16.123.0/24 network.
* R1-R2-R3 will be using their default OSPF network type of broadcast.
* R1-R4 link is frame-relay and the OSPF network type is point-to-multipoint.
* R1-R4 link is using MD5 authentication for peering.
* R1-R5 link is frame-relay and the OSPF network type is the default of non-broadcast.
* R1-R5 link is using simple authentication for peering.
* R1-R12 link is using its default OSPF network area type of point-to-point.
* R1, R2, R3, R4, R5, and R12 are all in OSPF area 0.
* R2-R8 will serve as a virtual link for OSPF area 4.
* R3-R9 link is using frame-relay and OSPF network type is point-to-multipoint nonbroadcast.
* R3 OSPF process number will be different than all other routers OSPF process numbers to demonstrate that OSPF process number is unimportant in peering establishment.
* R3-R9 OSPF area 5 is a NSSA with a default route advertised back into it
* R4-R11 will be using a GREoIPSEC tunnel for all traffic including routing protocols.
* R4-R6 OSPF area 2 is a stub area.
* R4 will have all OSPF network statements use a 4 octet area identifier(i.e. network 2.2.2.1 0.0.0.0 area 0.0.0.50).
* R4-R11 OSPF area 50 will be a different OSPF process so in that R4 becomes an ASBR between the OSPF process for area 50 and the other OSPF process that area 2 and area 0 are in.
* R4 will use a different OSPF router-ID for each OSPF process. This is to demonstrate that there can be multiple router-IDs on one router.
* Mutually redistribute routes between OSPF area 50 process and OSPF area 0/area 2 process on R4.
* Routes redistributed from OSPF area 50 process into OSPF area0/area 2 process will be made external type 1 OSPF routes.
* Mutually redistribute routes between EIGRP and OSPF at R5 and R12.
* Prevent any redistribution loops that might be caused with mutual redistribution at R5 and R12.
* R5-R7 OSPF area 1 is a totally stubby area.
* Mutually redistribute routes between OSPF area 5 and RIP on R9.
* R9 and R14 will use RIP version 2.
* Manually assign router IDs to all OSPF routers and use the format 0.0.0.x where x=Router#.
* All other links will be their default OSPF network type.
* Summarize networks at ABRs and ASBRs when possible.
* Summarized routes should be prevented from being redistributed back into source areas.
* Network addresses displayed on network diagram near a router are loopbacks. The loopback interfaces used for OSPF should be set to a OSPF network type of point-to-point.

Dynamips .net file (replace .doc extension with .net when saving): ospf.net

Initial router configs (replace .doc extension with .zip when saving): init-config.zip


Dynamips Computer Built and Switches Bought

Building the lab is moving along real well with a few speed bumps I will explain below. The two 3560 switches were shipped out today and hopefully will be here by end of next week. The final price for both switches was a little under $1300. That price could have been about $50 less if I had seen that one of the sellers charges tax on their auction items. The seller is not even in my same state in the US. I have no idea why he is charging tax but even with the tax the final price was less than the buy now options on Ebay so I am not really too worried about it. I just want my switches!!

All the computer parts arrived on Wednesday and Thursday of this week for the dynamips computer. I was about 5 minutes into the build when I noticed that the motherboard was not aligning correctly with the back plates. Took me a second to figure out that I mistakenly ordered a micro ATX case. No wonder it was so cheap. Uh, duh! The simplest things you forget when you buy retail boxes for the last 6 years. Luckily there is a CompUSA within 10 or so miles so that problem only delayed the build completion by about an hour.

The Sun quad NICs were the largest of my problems after the computer was built. The cards are recognized by Ubuntu 10.10 but the naming of the interfaces was off and the MAC addresses of all four NICs on a single PCI card were the same. After some searching around I followed the solution provided here mostly and limped along with my Linux noobness and finally got it to work. Basically I commented out the network card entries in the /etc/udev/rules.d/70-persistent-net.rules file, then with lspci I obtained the PCI IDs of each card and interface and manually assigned the eth* interface names, and finally in the /etc/network/interfaces file I assigned the MAC addresses to each of the interfaces.

I did a couple simple labs today to test the interfaces and trunking. I tested to make sure each of the twelve interfaces worked with no problem by grabbing a switch, creating 12 VLANs and SVIs, and assigned IPs to both ends and pinged back and forth with no problems. The second test was a simple ROAS and also worked with no problems. I have four 3550s sitting at the house now so I might see what kind of trouble I can get in this weekend and emulate the INE rack and mess around.