Data Link Switching Plus (DLSw)

 <  Free Open Study  >  

Lab 24: OSPF Multiple Area Routing, Authentication, Path Manipulation, Default Routing ”Part II

Lab Walkthrough

Configure the Frame Relay switch and attach the four routers in a back-to-back manner to the Frame switch. Use V.35 cables or CSU/DSUs with crossover cables to connect the routers. Create the three LANs by the use of switches or hubs/MAUs, as illustrated in Figure 12-14.

When the physical connections are complete, assign IP addresses to all LAN and WAN interfaces, as depicted in Chapter 5. Example 12-33 lists the Frame Relay configurations, to this point, on all routers involved.

Example 12-33 Frame Relay Configurations
  hostname dental_ho   !   <<<text omitted>>>   !   interface Serial0   no ip address   encapsulation frame-relay   frame-relay lmi-type cisco   !   interface Serial0.1 multipoint   ip address 172.16.1.5 255.255.255.0   frame-relay map ip 172.16.1.6 121 broadcast   frame-relay map ip 172.16.1.1 111 broadcast   !   interface Serial0.2 point-to-point   ip address 172.16.2.5 255.255.255.252   frame-relay interface-dlci 150   !  ________________________________________________________________  hostname crowns   !   <<<text omitted>>>   !   interface Serial0   ip address 172.16.1.6 255.255.255.0   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache   frame-relay map ip 172.16.1.5 102 broadcast   frame-relay map ip 172.16.1.1 102 broadcast   frame-relay lmi-type cisco   !  ________________________________________________________________  hostname root_canals   !   interface Serial0   ip address 172.16.1.1 255.255.255.0   encapsulation frame-relay   no ip mroute-cache   frame-relay map ip 172.16.1.5 110 broadcast   frame-relay map ip 172.16.1.6 110 broadcast   !  ________________________________________________________________  hostname fillings   !   <<<text omitted>>>   !   interface Serial0   no ip address   encapsulation frame-relay   frame-relay lmi-type cisco   !   interface Serial0.1 point-to-point   ip address 172.16.2.6 255.255.255.252   frame-relay interface-dlci 151   !  

After the LAN and WAN interfaces are configured and basic IP connectivity is established, you can begin to configure OSPF. Recalling the detailed process to configure OSPF, you have the following:

Step 1. Perform area design and DR/BDR designation.

Step 2. Assign RIDs with the use of loopback on routers running Cisco IOS Software Release 12.0 or earlier.

Step 3. Enable OSPF, and assign RIDs on routers running Cisco IOS Software Release 12.0 or later.

Step 4. Configure OSPF interfaces.

Step 5. Configure additional neighbor support, if required.

Step 6. Configure OSPF area types.

Step 7. Configure other OSPF parameters, such as authentication.

Step 1 involves area design. In this model, we put the LAN network between crowns, root_canal and pain_center in OSPF Area 200. Area 200 also will have Type 2 authentication. The fillings router will be in an NSSA area. The multipoint Frame Relay network and the LAN network of dental_ho will reside in Area 0. The dental_ho router should be DR for the Frame Relay multipoint network because it is the only router with a PVC directly to the crowns and root_canal routers.

Step 2 involves setting RIDs on the routers that have Cisco IOS Software prior to Release 12.0. To accomplish this, use loopback interfaces on those routers. Figure 12-15 shows the diagram with the router IDs and areas that we have assigned.

Figure 12-15. Dr. Stai's Dental Network with RIDs

graphics/12fig15.gif

Step 3 is where the real configuration begins. On all the routers, enable OSPF in AS 2002 with the command router ospf 2002. On routers that have Cisco IOS Software Release 12.0, use the router command router-id ip_address to assign the static RIDs to the routers.

At Step 4, you configure which interfaces will participate in OSPF routing and what areas they will reside in. On the dental_ho router, the E0 interface will be in Area 0, along with the s0.1 multipoint interface. The s0.2 interface will be in Area 10. Example 12-34 lists the OSPF configuration, to this point, of the router dental_ho.

Example 12-34 Preliminary OSPF Configuration of dental_ho
  router ospf 2002   router-id 192.168.200.200   network 128.10.1.5 0.0.0.0 area 0   network 172.16.1.5 0.0.0.0 area 0   network 172.16.2.5 0.0.0.0 area 10   !  

Recall from previous sections that a wildcard mask of 0.0.0.0 means match every octet of the address. In this OSPF configuration, you are telling the router to put only a single interface into an area.

The preliminary OSPF configurations on the crowns, root_canals, and pain_center routers will resemble each other. The routers that have an S0 interface will be in Area 0, while the LAN interfaces will reside in Area 200. The preliminary OSPF configuration for the crowns router is represented in Example 12-35.

Example 12-35 Preliminary OSPF Configuration of the crowns Router
  router ospf 2002   router-id 192.168.200.6   network 172.16.1.6 0.0.0.0 area 0   network 172.16.10.6 0.0.0.0 area 200   !  

The fillings router will have both interfaces in Area 10. Because this router will not need any additional neighbor support, you can skip Step 5 for this router and configure the area as an NSSA area. Example 12-36 lists the OSPF configuration of the fillings router.

Example 12-36 Preliminary OSPF Configuration of the fillings Router
  router ospf 2002   router-id 192.168.200.3   area 10 nssa   network 172.16.2.6 0.0.0.0 area 10   network 172.16.3.3 0.0.0.0 area 10   !  

Step 5 requires you to configure the additional neighbor support needed for OSPF to form an adjacency over the Frame Relay multipoint network. For the adjacency to form properly, set the priority of the dental_ho router to be 255 and the priority of the crowns and root_ canals to 0. You also will add neighbor statements to the routers. Example 12-37 lists the configuration of the crowns and dental_ho routers.

Example 12-37 OSPF Configuration of the crowns and dental_ho Router
  !   interface Serial0   no ip address   encapsulation frame-relay   frame-relay lmi-type cisco   !   interface Serial0.1 multipoint   ip address 172.16.1.5 255.255.255.0   ip ospf priority 255   frame-relay map ip 172.16.1.6 121 broadcast   frame-relay map ip 172.16.1.1 111 broadcast   !   interface Serial0.2 point-to-point   ip address 172.16.2.5 255.255.255.252   frame-relay interface-dlci 150   !   interface Serial1   no ip address   shutdown   !   interface BRI0   no ip address   shutdown   !   router ospf 2002   router-id 192.168.200.200   area 10   network 128.10.1.5 0.0.0.0 area 0   network 172.16.1.5 0.0.0.0 area 0   network 172.16.2.5 0.0.0.0 area 10   neighbor 172.16.1.1   neighbor 172.16.1.6   !  

Step 6 of the configuration involves only the dental_ho and fillings router. This step requires you to configure Area 10 as an NSSA area. To configure the area as an NSSA area, simply append that NSSA argument into the area statements. Both routers dental_ho and fillings will need NSSA areas configured. Example 12-38 lists the OSPF configuration of the fillings router.

Example 12-38 OSPF NSSA Configuration on fillings
  !   router ospf 2002   router-id 192.168.200.3   area 10 nssa   network 172.16.2.6 0.0.0.0 area 10   network 172.16.3.3 0.0.0.0 area 10   !  

At this point, OSPF is fully operational, and you have IP connectivity to every router in the network. To verify this, we can examine the neighbors and the route table, and you can perform standard ping tests. To verify the NSSA area, use the show ip ospf command. Example 12-39 lists the output of the show ip ospf neighbor and show ip ospf commands on the dental_ho router.

Example 12-39 Verify OSPF Operation and NSSA Configuration
 dental_ho#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface 192.168.200.1     0   FULL/DROTHER    00:01:42    172.16.1.1      Serial0.1 192.168.200.6     0   FULL/DROTHER    00:01:44    172.16.1.6      Serial0.1 192.168.200.3     1   FULL/  -        00:00:38    172.16.2.6      Serial0.2 dental_ho# dental_ho#  show ip ospf  Routing Process "ospf 2002" with ID 192.168.200.200  Supports only single TOS(TOS0) routes <<<text omitted>>>     Area 10         Number of interfaces in this area is 1         It is a NSSA area         Perform type-7/type-5 LSA translation         generates NSSA default route with cost 1         Area has no authentication         SPF algorithm executed 11 times         Area ranges are         Number of LSA 6. Checksum Sum 0x30908         Number of opaque link LSA 0. Checksum Sum 0x0         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0         Flood list length 0 dental_ho# 

The final step in the model calls for you to configure three things: a default route, authentication, and path selection. First, to configure a default route, you need to flag or mark a network as a default and then propagate it within the OSPF domain. To flag a route as a default network without using a static route, use the global command default-network 128.10.1.0. To propagate the network, use the OSPF command default-information originate always. Remember, for a router to forward packets to a default route, all routers also need the global command ip classless enabled. A default route will not automatically get flooded into a NSSA area. For the NSSA area to receive a default route, the argument default-information-originate must be appended to the area 10 nssa router statement. Example 12-40 lists the configuration of dental_ho, highlighting the default routing commands.

Example 12-40 Configuration of dental_ho
  router ospf 2002   router-id 192.168.200.200    area 10 nssa default-information-originate    network 128.10.1.5 0.0.0.0 area 0   network 172.16.1.5 0.0.0.0 area 0   network 172.16.2.5 0.0.0.0 area 10   neighbor 172.16.1.1   neighbor 172.16.1.6    default-information originate always    !    ip classless     ip default-network 128.10.0.0   

To verify that the default route is being propagated, list the route table of any router, excluding dental_ho router. Look for a gateway of last resort to be set and a route marked by an *, indicating that it is the candidate default. Example 12-41 lists the route table of the router fillings. Notice that the route is advertised to an NSSA area as an OSPF NSSA external Type 2 route.

Example 12-41 Route Table of fillings
 fillings#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default, U - per-user static route, o - ODR        P - periodic downloaded static route  Gateway of last resort is 172.16.2.5 to network 0.0.0.0  172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks O IA    172.16.10.0/28 [110/138] via 172.16.2.5, 00:09:18, Serial0.1 C       172.16.2.4/30 is directly connected, Serial0.1 O IA    172.16.1.0/24 [110/128] via 172.16.2.5, 00:09:18, Serial0.1 C       172.16.3.0/24 is directly connected, TokenRing0      128.10.0.0/24 is subnetted, 1 subnets O IA    128.10.1.0 [110/74] via 172.16.2.5, 00:09:18, Serial0.1  O*N2 0.0.0.0/0 [110/1] via 172.16.2.5, 00:09:18, Serial0.1  fillings# 

Next, you need to configure Type 2 or MD5 authentication on Area 200. You will need to enable authentication on the OSPF area statement and on the interface. Use cisco as the MD5 password. Example 12-42 lists the configuration needed for authentication on the pain_center router. The configuration must be identical on all the routers in Area 200.

Example 12-42 MD5 Authentication on the Router pain_center
  interface Ethernet0   ip address 172.16.10.8 255.255.255.240   ip ospf message-digest-key 1 md5 cisco   !   <<<text omitted>>>   !   router ospf 2002   network 172.16.10.8 0.0.0.0 area 200   area 200 authentication message-digest  

As you enable authentication throughout Area 200, routes and neighbors will start to age out and disappear. This is one obvious way to tell you that authentication is starting to work. Performing the show ip ospf command also lists the area as being authenticated. When all the routers have authentication enabled, neighbors and routes will start to reappear.

The final portion of the lab, excluding the optional part, involves influencing packets from the pain_center router. Traffic from this router should always take a primary path through the root_canals router. A quick view of the route table on pain_center shows two paths to the other portions of the network. One path goes through the root_canals router, and one goes through the crowns router, such as in Example 12-43.

Example 12-43 Route Table of pain_center
 pain_center#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is 172.16.10.1 to network 0.0.0.0      128.10.0.0/24 is subnetted, 1 subnets O IA    128.10.1.0 [110/84] via 172.16.10.1, 00:14:03, Ethernet0                    [110/84] via 172.16.10.6, 00:14:03, Ethernet0 C    192.168.200.0/24 is directly connected, Loopback0      172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks C       172.16.10.0/28 is directly connected, Ethernet0 O IA    172.16.2.4/30 [110/138] via 172.16.10.1, 00:14:03, Ethernet0                       [110/138] via 172.16.10.6, 00:14:03, Ethernet0 O IA    172.16.1.0/24 [110/74] via 172.16.10.1, 00:14:03, Ethernet0                       [110/74] via 172.16.10.6, 00:14:03, Ethernet0 O IA    172.16.3.0/24 [110/144] via 172.16.10.1, 00:14:04, Ethernet0                       [110/144] via 172.16.10.6, 00:14:04, Ethernet0 O*E2 0.0.0.0/0 [110/1] via 172.16.10.1, 00:14:04, Ethernet0                [110/1] via 172.16.10.6, 00:14:04, Ethernet0 pain_center# 

OSPF will load-balance over these routes, but instead you want to use only one route. If the primary route becomes available, OSPF will use the backup route through the crowns router. To influence the forwarding decisions of the router, you can use the bandwidth command to change the cost of the link or you can directly change the cost with the interface command ip ospf cost. You could influence the forwarding decision in this model in many ways. The method that you will use here is to simply set the OSPF cost of the s0 interface of the root_canals router to 15. Example 12-44 shows the route table, followed by a trace performed on the pain_center after the change has been made to the root_canals router. Notice that only one primary path, through 172.16.10.1, shows up in the route table.

Example 12-44 Route Table of pain_center Router
 pain_center#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default        U - per-user static route, o - ODR Gateway of last resort is 172.16.10.1 to network 0.0.0.0      128.10.0.0/24 is subnetted, 1 subnets O IA    128.10.1.0 [110/35] via 172.16.10.1, 00:00:17, Ethernet0 C    192.168.200.0/24 is directly connected, Loopback0      172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks C       172.16.10.0/28 is directly connected, Ethernet0 O IA    172.16.2.4/30 [110/89] via 172.16.10.1, 00:00:17, Ethernet0 O IA    172.16.1.0/24 [110/25] via 172.16.10.1, 00:00:17, Ethernet0 O IA    172.16.3.0/24 [110/95] via 172.16.10.1, 00:00:17, Ethernet0 O*E2 0.0.0.0/0 [110/1] via 172.16.10.1, 00:00:17, Ethernet0 pain_center#  trace  128.10.1.5  Type escape sequence to abort. Tracing the route to 128.10.1.5   1 172.16.10.1 0 msec 0 msec 0 msec   2 172.16.1.5 16 msec 24 msec * pain_center# 

The optional portion of the lab instructs you to propagate the default route only if the network 128.10.1.0/24 is in the route table. If the network 128.10.1.0 is not available, the router dental_ho should not propagate the default route to the rest of the OSPF domain. To accomplish this, you need to configure what is called a conditional default route . To configure a conditional default route (refer to Example 12-45), call a route map on the default-information originate command. This route map, in turn , matches a prefix list that corresponds to the network 128.10.1.0.

Example 12-45 Conditional Default Route Configuration
  !   router ospf 2002   router-id 192.168.200.200   area 10 nssa default-information-originate   network 128.10.1.5 0.0.0.0 area 0   network 172.16.1.5 0.0.0.0 area 0   network 172.16.2.5 0.0.0.0 area 10   neighbor 172.16.1.6   neighbor 172.16.1.1    default-information originate always route-map condition  graphics/u2192.gif calls route map   "condition"   !   ip classless   ip default-network 128.10.0.0   no ip http server   !   !    ip prefix-list cond seq 5 permit 128.10.1.0/24  graphics/u2192.gif match route 128.10.1.0/24    route-map condition permit 10     match ip address prefix-list cond  graphics/u2192.gif call prefix-list called "cond"   !  

When the Ethernet interface is shut down, the dental_ho router no longer advertises the default route. Because the NSSA default route is controlled differently, you cannot call a route map and control default routing to the NSSA area. Future Cisco IOS Software releases might provide for this.

Example 12-46 lists the relevant portions of the routers in the lab.

Example 12-46 Router Configurations Used in This Lab
  hostname dental_ho   !   interface Ethernet0   ip address 128.10.1.5 255.255.255.0   !   interface Serial0.1 multipoint   ip address 172.16.1.5 255.255.255.0   ip ospf priority 255   frame-relay map ip 172.16.1.6 121 broadcast   frame-relay map ip 172.16.1.1 111 broadcast   !   interface Serial0.2 point-to-point   ip address 172.16.2.5 255.255.255.252   frame-relay interface-dlci 150   !   <<<text omitted>>>   !   router ospf 2002   router-id 192.168.200.200   area 10 nssa default-information-originate   network 128.10.1.5 0.0.0.0 area 0   network 172.16.1.5 0.0.0.0 area 0   network 172.16.2.5 0.0.0.0 area 10   neighbor 172.16.1.6   neighbor 172.16.1.1   default-information originate always route-map condition   !   ip classless   ip default-network 128.10.0.0   no ip http server   !   ip prefix-list cond seq 5 permit 128.10.1.0/24   route-map condition permit 10   match ip address prefix-list cond   !   !  ________________________________________________________________________  hostname crowns   !   interface Ethernet0   ip address 172.16.10.6 255.255.255.240   no ip directed-broadcast   ip ospf message-digest-key 1 md5 cisco   !   interface Serial0   ip address 172.16.1.6 255.255.255.0   no ip directed-broadcast   encapsulation frame-relay   ip ospf priority 0   no ip mroute-cache   frame-relay map ip 172.16.1.5 102 broadcast   frame-relay map ip 172.16.1.1 102 broadcast   frame-relay lmi-type cisco   !   router ospf 2002   router-id 192.168.200.6   area 200 authentication message-digest   network 172.16.1.6 0.0.0.0 area 0   network 172.16.10.6 0.0.0.0 area 200   !   ip classless   !   !  ________________________________________________________________________  hostname root_canals   !   interface Loopback0   ip address 192.168.200.1 255.255.255.0   !   <<<text omitted>>>   !   interface Ethernet2   ip address 172.16.10.1 255.255.255.240   ip ospf message-digest-key 1 md5 cisco   media-type 10BaseT   ! !   interface Serial0   ip address 172.16.1.1 255.255.255.0   encapsulation frame-relay   ip ospf cost 15   ip ospf priority 0   no ip mroute-cache   frame-relay map ip 172.16.1.5 110 broadcast   frame-relay map ip 172.16.1.6 110 broadcast   !   <<<text omitted>>>   !   router ospf 2002   network 172.16.1.1 0.0.0.0 area 0   network 172.16.10.1 0.0.0.0 area 200   area 200 authentication message-digest   !   ip classless   !   !  ________________________________________________________________________  hostname pain_center   !   interface Loopback0   ip address 192.168.200.8 255.255.255.0   !   interface Ethernet0   ip address 172.16.10.8 255.255.255.240   ip ospf message-digest-key 1 md5 cisco   !   <<<text omitted>>>   !   router ospf 2002   network 172.16.10.8 0.0.0.0 area 200   area 200 authentication message-digest   !   ip classless   !   !  ________________________________________________________________________  hostname fillings   !   interface Serial0   no ip address   encapsulation frame-relay   frame-relay lmi-type cisco   !   interface Serial0.1 point-to-point   ip address 172.16.2.6 255.255.255.252   frame-relay interface-dlci 151   !   interface TokenRing0   ip address 172.16.3.3 255.255.255.0   ring-speed 16   !   router ospf 2002   router-id 192.168.200.3   area 10 nssa   network 172.16.2.6 0.0.0.0 area 10   network 172.16.3.3 0.0.0.0 area 10   !   ip classless  
 <  Free Open Study  >  


CCIE Practical Studies, Volume I
CCIE Practical Studies, Volume I
ISBN: 1587200023
EAN: 2147483647
Year: 2001
Pages: 283
Authors: Karl Solie

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net