< Free Open Study > |
Lab 24: OSPF Multiple Area Routing, Authentication, Path Manipulation, Default Routing ”Part IILab WalkthroughConfigure the Frame Relay switch and attach the four routers in a back-to-back manner to the Frame switch. Use V.35 cables or CSU/DSUs with crossover cables to connect the routers. Create the three LANs by the use of switches or hubs/MAUs, as illustrated in Figure 12-14. When the physical connections are complete, assign IP addresses to all LAN and WAN interfaces, as depicted in Chapter 5. Example 12-33 lists the Frame Relay configurations, to this point, on all routers involved. Example 12-33 Frame Relay Configurationshostname dental_ho ! <<<text omitted>>> ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type cisco ! interface Serial0.1 multipoint ip address 172.16.1.5 255.255.255.0 frame-relay map ip 172.16.1.6 121 broadcast frame-relay map ip 172.16.1.1 111 broadcast ! interface Serial0.2 point-to-point ip address 172.16.2.5 255.255.255.252 frame-relay interface-dlci 150 ! ________________________________________________________________ hostname crowns ! <<<text omitted>>> ! interface Serial0 ip address 172.16.1.6 255.255.255.0 no ip directed-broadcast encapsulation frame-relay no ip mroute-cache frame-relay map ip 172.16.1.5 102 broadcast frame-relay map ip 172.16.1.1 102 broadcast frame-relay lmi-type cisco ! ________________________________________________________________ hostname root_canals ! interface Serial0 ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay no ip mroute-cache frame-relay map ip 172.16.1.5 110 broadcast frame-relay map ip 172.16.1.6 110 broadcast ! ________________________________________________________________ hostname fillings ! <<<text omitted>>> ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type cisco ! interface Serial0.1 point-to-point ip address 172.16.2.6 255.255.255.252 frame-relay interface-dlci 151 ! After the LAN and WAN interfaces are configured and basic IP connectivity is established, you can begin to configure OSPF. Recalling the detailed process to configure OSPF, you have the following:
Step 1 involves area design. In this model, we put the LAN network between crowns, root_canal and pain_center in OSPF Area 200. Area 200 also will have Type 2 authentication. The fillings router will be in an NSSA area. The multipoint Frame Relay network and the LAN network of dental_ho will reside in Area 0. The dental_ho router should be DR for the Frame Relay multipoint network because it is the only router with a PVC directly to the crowns and root_canal routers. Step 2 involves setting RIDs on the routers that have Cisco IOS Software prior to Release 12.0. To accomplish this, use loopback interfaces on those routers. Figure 12-15 shows the diagram with the router IDs and areas that we have assigned. Figure 12-15. Dr. Stai's Dental Network with RIDs
Step 3 is where the real configuration begins. On all the routers, enable OSPF in AS 2002 with the command router ospf 2002. On routers that have Cisco IOS Software Release 12.0, use the router command router-id ip_address to assign the static RIDs to the routers. At Step 4, you configure which interfaces will participate in OSPF routing and what areas they will reside in. On the dental_ho router, the E0 interface will be in Area 0, along with the s0.1 multipoint interface. The s0.2 interface will be in Area 10. Example 12-34 lists the OSPF configuration, to this point, of the router dental_ho. Example 12-34 Preliminary OSPF Configuration of dental_horouter ospf 2002 router-id 192.168.200.200 network 128.10.1.5 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 network 172.16.2.5 0.0.0.0 area 10 ! Recall from previous sections that a wildcard mask of 0.0.0.0 means match every octet of the address. In this OSPF configuration, you are telling the router to put only a single interface into an area. The preliminary OSPF configurations on the crowns, root_canals, and pain_center routers will resemble each other. The routers that have an S0 interface will be in Area 0, while the LAN interfaces will reside in Area 200. The preliminary OSPF configuration for the crowns router is represented in Example 12-35. Example 12-35 Preliminary OSPF Configuration of the crowns Routerrouter ospf 2002 router-id 192.168.200.6 network 172.16.1.6 0.0.0.0 area 0 network 172.16.10.6 0.0.0.0 area 200 ! The fillings router will have both interfaces in Area 10. Because this router will not need any additional neighbor support, you can skip Step 5 for this router and configure the area as an NSSA area. Example 12-36 lists the OSPF configuration of the fillings router. Example 12-36 Preliminary OSPF Configuration of the fillings Routerrouter ospf 2002 router-id 192.168.200.3 area 10 nssa network 172.16.2.6 0.0.0.0 area 10 network 172.16.3.3 0.0.0.0 area 10 ! Step 5 requires you to configure the additional neighbor support needed for OSPF to form an adjacency over the Frame Relay multipoint network. For the adjacency to form properly, set the priority of the dental_ho router to be 255 and the priority of the crowns and root_ canals to 0. You also will add neighbor statements to the routers. Example 12-37 lists the configuration of the crowns and dental_ho routers. Example 12-37 OSPF Configuration of the crowns and dental_ho Router! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type cisco ! interface Serial0.1 multipoint ip address 172.16.1.5 255.255.255.0 ip ospf priority 255 frame-relay map ip 172.16.1.6 121 broadcast frame-relay map ip 172.16.1.1 111 broadcast ! interface Serial0.2 point-to-point ip address 172.16.2.5 255.255.255.252 frame-relay interface-dlci 150 ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown ! router ospf 2002 router-id 192.168.200.200 area 10 network 128.10.1.5 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 network 172.16.2.5 0.0.0.0 area 10 neighbor 172.16.1.1 neighbor 172.16.1.6 ! Step 6 of the configuration involves only the dental_ho and fillings router. This step requires you to configure Area 10 as an NSSA area. To configure the area as an NSSA area, simply append that NSSA argument into the area statements. Both routers dental_ho and fillings will need NSSA areas configured. Example 12-38 lists the OSPF configuration of the fillings router. Example 12-38 OSPF NSSA Configuration on fillings! router ospf 2002 router-id 192.168.200.3 area 10 nssa network 172.16.2.6 0.0.0.0 area 10 network 172.16.3.3 0.0.0.0 area 10 ! At this point, OSPF is fully operational, and you have IP connectivity to every router in the network. To verify this, we can examine the neighbors and the route table, and you can perform standard ping tests. To verify the NSSA area, use the show ip ospf command. Example 12-39 lists the output of the show ip ospf neighbor and show ip ospf commands on the dental_ho router. Example 12-39 Verify OSPF Operation and NSSA Configurationdental_ho# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.200.1 0 FULL/DROTHER 00:01:42 172.16.1.1 Serial0.1 192.168.200.6 0 FULL/DROTHER 00:01:44 172.16.1.6 Serial0.1 192.168.200.3 1 FULL/ - 00:00:38 172.16.2.6 Serial0.2 dental_ho# dental_ho# show ip ospf Routing Process "ospf 2002" with ID 192.168.200.200 Supports only single TOS(TOS0) routes <<<text omitted>>> Area 10 Number of interfaces in this area is 1 It is a NSSA area Perform type-7/type-5 LSA translation generates NSSA default route with cost 1 Area has no authentication SPF algorithm executed 11 times Area ranges are Number of LSA 6. Checksum Sum 0x30908 Number of opaque link LSA 0. Checksum Sum 0x0 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 dental_ho# The final step in the model calls for you to configure three things: a default route, authentication, and path selection. First, to configure a default route, you need to flag or mark a network as a default and then propagate it within the OSPF domain. To flag a route as a default network without using a static route, use the global command default-network 128.10.1.0. To propagate the network, use the OSPF command default-information originate always. Remember, for a router to forward packets to a default route, all routers also need the global command ip classless enabled. A default route will not automatically get flooded into a NSSA area. For the NSSA area to receive a default route, the argument default-information-originate must be appended to the area 10 nssa router statement. Example 12-40 lists the configuration of dental_ho, highlighting the default routing commands. Example 12-40 Configuration of dental_horouter ospf 2002 router-id 192.168.200.200 area 10 nssa default-information-originate network 128.10.1.5 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 network 172.16.2.5 0.0.0.0 area 10 neighbor 172.16.1.1 neighbor 172.16.1.6 default-information originate always ! ip classless ip default-network 128.10.0.0 To verify that the default route is being propagated, list the route table of any router, excluding dental_ho router. Look for a gateway of last resort to be set and a route marked by an *, indicating that it is the candidate default. Example 12-41 lists the route table of the router fillings. Notice that the route is advertised to an NSSA area as an OSPF NSSA external Type 2 route. Example 12-41 Route Table of fillingsfillings# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 172.16.2.5 to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks O IA 172.16.10.0/28 [110/138] via 172.16.2.5, 00:09:18, Serial0.1 C 172.16.2.4/30 is directly connected, Serial0.1 O IA 172.16.1.0/24 [110/128] via 172.16.2.5, 00:09:18, Serial0.1 C 172.16.3.0/24 is directly connected, TokenRing0 128.10.0.0/24 is subnetted, 1 subnets O IA 128.10.1.0 [110/74] via 172.16.2.5, 00:09:18, Serial0.1 O*N2 0.0.0.0/0 [110/1] via 172.16.2.5, 00:09:18, Serial0.1 fillings# Next, you need to configure Type 2 or MD5 authentication on Area 200. You will need to enable authentication on the OSPF area statement and on the interface. Use cisco as the MD5 password. Example 12-42 lists the configuration needed for authentication on the pain_center router. The configuration must be identical on all the routers in Area 200. Example 12-42 MD5 Authentication on the Router pain_centerinterface Ethernet0 ip address 172.16.10.8 255.255.255.240 ip ospf message-digest-key 1 md5 cisco ! <<<text omitted>>> ! router ospf 2002 network 172.16.10.8 0.0.0.0 area 200 area 200 authentication message-digest As you enable authentication throughout Area 200, routes and neighbors will start to age out and disappear. This is one obvious way to tell you that authentication is starting to work. Performing the show ip ospf command also lists the area as being authenticated. When all the routers have authentication enabled, neighbors and routes will start to reappear. The final portion of the lab, excluding the optional part, involves influencing packets from the pain_center router. Traffic from this router should always take a primary path through the root_canals router. A quick view of the route table on pain_center shows two paths to the other portions of the network. One path goes through the root_canals router, and one goes through the crowns router, such as in Example 12-43. Example 12-43 Route Table of pain_center pain_center# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is 172.16.10.1 to network 0.0.0.0 128.10.0.0/24 is subnetted, 1 subnets O IA 128.10.1.0 [110/84] via 172.16.10.1, 00:14:03, Ethernet0 [110/84] via 172.16.10.6, 00:14:03, Ethernet0 C 192.168.200.0/24 is directly connected, Loopback0 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks C 172.16.10.0/28 is directly connected, Ethernet0 O IA 172.16.2.4/30 [110/138] via 172.16.10.1, 00:14:03, Ethernet0 [110/138] via 172.16.10.6, 00:14:03, Ethernet0 O IA 172.16.1.0/24 [110/74] via 172.16.10.1, 00:14:03, Ethernet0 [110/74] via 172.16.10.6, 00:14:03, Ethernet0 O IA 172.16.3.0/24 [110/144] via 172.16.10.1, 00:14:04, Ethernet0 [110/144] via 172.16.10.6, 00:14:04, Ethernet0 O*E2 0.0.0.0/0 [110/1] via 172.16.10.1, 00:14:04, Ethernet0 [110/1] via 172.16.10.6, 00:14:04, Ethernet0 pain_center# OSPF will load-balance over these routes, but instead you want to use only one route. If the primary route becomes available, OSPF will use the backup route through the crowns router. To influence the forwarding decisions of the router, you can use the bandwidth command to change the cost of the link or you can directly change the cost with the interface command ip ospf cost. You could influence the forwarding decision in this model in many ways. The method that you will use here is to simply set the OSPF cost of the s0 interface of the root_canals router to 15. Example 12-44 shows the route table, followed by a trace performed on the pain_center after the change has been made to the root_canals router. Notice that only one primary path, through 172.16.10.1, shows up in the route table. Example 12-44 Route Table of pain_center Routerpain_center# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is 172.16.10.1 to network 0.0.0.0 128.10.0.0/24 is subnetted, 1 subnets O IA 128.10.1.0 [110/35] via 172.16.10.1, 00:00:17, Ethernet0 C 192.168.200.0/24 is directly connected, Loopback0 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks C 172.16.10.0/28 is directly connected, Ethernet0 O IA 172.16.2.4/30 [110/89] via 172.16.10.1, 00:00:17, Ethernet0 O IA 172.16.1.0/24 [110/25] via 172.16.10.1, 00:00:17, Ethernet0 O IA 172.16.3.0/24 [110/95] via 172.16.10.1, 00:00:17, Ethernet0 O*E2 0.0.0.0/0 [110/1] via 172.16.10.1, 00:00:17, Ethernet0 pain_center# trace 128.10.1.5 Type escape sequence to abort. Tracing the route to 128.10.1.5 1 172.16.10.1 0 msec 0 msec 0 msec 2 172.16.1.5 16 msec 24 msec * pain_center# The optional portion of the lab instructs you to propagate the default route only if the network 128.10.1.0/24 is in the route table. If the network 128.10.1.0 is not available, the router dental_ho should not propagate the default route to the rest of the OSPF domain. To accomplish this, you need to configure what is called a conditional default route . To configure a conditional default route (refer to Example 12-45), call a route map on the default-information originate command. This route map, in turn , matches a prefix list that corresponds to the network 128.10.1.0. Example 12-45 Conditional Default Route Configuration! router ospf 2002 router-id 192.168.200.200 area 10 nssa default-information-originate network 128.10.1.5 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 network 172.16.2.5 0.0.0.0 area 10 neighbor 172.16.1.6 neighbor 172.16.1.1 default-information originate always route-map condition calls route map "condition" ! ip classless ip default-network 128.10.0.0 no ip http server ! ! ip prefix-list cond seq 5 permit 128.10.1.0/24 match route 128.10.1.0/24 route-map condition permit 10 match ip address prefix-list cond call prefix-list called "cond" ! When the Ethernet interface is shut down, the dental_ho router no longer advertises the default route. Because the NSSA default route is controlled differently, you cannot call a route map and control default routing to the NSSA area. Future Cisco IOS Software releases might provide for this. Example 12-46 lists the relevant portions of the routers in the lab. Example 12-46 Router Configurations Used in This Labhostname dental_ho ! interface Ethernet0 ip address 128.10.1.5 255.255.255.0 ! interface Serial0.1 multipoint ip address 172.16.1.5 255.255.255.0 ip ospf priority 255 frame-relay map ip 172.16.1.6 121 broadcast frame-relay map ip 172.16.1.1 111 broadcast ! interface Serial0.2 point-to-point ip address 172.16.2.5 255.255.255.252 frame-relay interface-dlci 150 ! <<<text omitted>>> ! router ospf 2002 router-id 192.168.200.200 area 10 nssa default-information-originate network 128.10.1.5 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 network 172.16.2.5 0.0.0.0 area 10 neighbor 172.16.1.6 neighbor 172.16.1.1 default-information originate always route-map condition ! ip classless ip default-network 128.10.0.0 no ip http server ! ip prefix-list cond seq 5 permit 128.10.1.0/24 route-map condition permit 10 match ip address prefix-list cond ! ! ________________________________________________________________________ hostname crowns ! interface Ethernet0 ip address 172.16.10.6 255.255.255.240 no ip directed-broadcast ip ospf message-digest-key 1 md5 cisco ! interface Serial0 ip address 172.16.1.6 255.255.255.0 no ip directed-broadcast encapsulation frame-relay ip ospf priority 0 no ip mroute-cache frame-relay map ip 172.16.1.5 102 broadcast frame-relay map ip 172.16.1.1 102 broadcast frame-relay lmi-type cisco ! router ospf 2002 router-id 192.168.200.6 area 200 authentication message-digest network 172.16.1.6 0.0.0.0 area 0 network 172.16.10.6 0.0.0.0 area 200 ! ip classless ! ! ________________________________________________________________________ hostname root_canals ! interface Loopback0 ip address 192.168.200.1 255.255.255.0 ! <<<text omitted>>> ! interface Ethernet2 ip address 172.16.10.1 255.255.255.240 ip ospf message-digest-key 1 md5 cisco media-type 10BaseT ! ! interface Serial0 ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay ip ospf cost 15 ip ospf priority 0 no ip mroute-cache frame-relay map ip 172.16.1.5 110 broadcast frame-relay map ip 172.16.1.6 110 broadcast ! <<<text omitted>>> ! router ospf 2002 network 172.16.1.1 0.0.0.0 area 0 network 172.16.10.1 0.0.0.0 area 200 area 200 authentication message-digest ! ip classless ! ! ________________________________________________________________________ hostname pain_center ! interface Loopback0 ip address 192.168.200.8 255.255.255.0 ! interface Ethernet0 ip address 172.16.10.8 255.255.255.240 ip ospf message-digest-key 1 md5 cisco ! <<<text omitted>>> ! router ospf 2002 network 172.16.10.8 0.0.0.0 area 200 area 200 authentication message-digest ! ip classless ! ! ________________________________________________________________________ hostname fillings ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type cisco ! interface Serial0.1 point-to-point ip address 172.16.2.6 255.255.255.252 frame-relay interface-dlci 151 ! interface TokenRing0 ip address 172.16.3.3 255.255.255.0 ring-speed 16 ! router ospf 2002 router-id 192.168.200.3 area 10 nssa network 172.16.2.6 0.0.0.0 area 10 network 172.16.3.3 0.0.0.0 area 10 ! ip classless |
< Free Open Study > |