Section 2: IP IGP Protocols (28 Points)

Previous page
Table of content
Next page

Configure the IP routing as in Figure 2-13, redistribute protocols to ensure full IP visibility between routers. Advertise all router networks within the appropriate routing protocol.

Section 2.1: EIGRP (8 Points)

  • Configure EIGRP AS20 and AS30 as shown in Figure 2-13.

  • Ensure that any router running EIGRP has its loopback interface advertised within EIGRP.

You should configure EIGRP AS30 on R1-R2-R3 and EIGRP AS20 on R6 and R8. You could just enable EIGRP with a network 10.0.0.0 statement everywhere, but as you can see in Figure 2-13, R6 and R1 do not have all their network 10 interfaces included into EIGRP. You will need to configure an inverse mask for the networks you require advertised and included in EIGRP on these routers. This is more preferable than removing the network with a distribute list later; in fact, you will find that you are not permitted to use any distribute lists in the redistribution section. Do not forget to disable auto summarization on all your routers as a matter of good practice. If you have configured this correctly as shown in Example 2-11 through Example 2-15, you have scored 2 points.

Example 2-11. R1 Initial EIGRP Configuration
 router eigrp 30  passive-interface Loopback0  network 10.1.1.0 0.0.0.15  network 10.80.80.0 0.0.0.255  network 10.90.90.0 0.0.0.15  no auto-summary

Example 2-12. R2 Initial EIGRP Configuration
 router eigrp 30  network 10.90.90.0 0.0.0.15  network 172.16.0.0  no auto-summary

NOTE

You could have configured the network statement on R2 covering the entire classfull 10.0.0.0/8 network.


Example 2-13. R3 Initial EIGRP Configuration
 router eigrp 30  network 172.16.0.0  no auto-summary

Example 2-14. R6 Initial EIGRP Configuration
 router eigrp 20  network 10.6.6.0 0.0.0.7  network 10.80.80.0 0.0.0.255  no auto-summary

Example 2-15. R8 Initial EIGRP Configuration
 router eigrp 20  network 10.8.8.8 0.0.0.0  network 10.80.80.0 0.0.0.255  no auto-summary

NOTE

You could have configured the network statement on R8 covering the entire classfull 10.0.0.0/8 network.


  • Inject at 10/8 summary route into EIGRP AS30 from R1.

Add the EIGRP summary statement for network 10/8 on R1 S0/0 as shown in Example 2-16. If you have configured this correctly, you have scored 1 point.

Example 2-16. R1 EIGRP Summary 10/8 Configuration
 interface Serial0/0  ip address 10.90.90.2 255.255.255.240  ip summary-address eigrp 30 10.0.0.0 255.0.0.0

  • Make R1 generate a default route into EIGRP AS30 without using static/default routes.

You are not permitted to configure a default route so no statics can be redistributed. Hopefully, the previous question may have prompted you to once again use a summary route. You will find by configuring a summary route to 0/0 on R1 S0/0 that a default route will be propagated into EIGRP AS30. If you have configured this correctly as shown in Example 2-17 with the resulting 0/0 route on R2, you have scored 2 points.

Example 2-17. R1 EIGRP Summary 0/0 Configuration and R2 Route Output
 interface Serial0/0  ip address 10.90.90.2 255.255.255.240  ip summary-address eigrp 30 0.0.0.0 0.0.0.0 R2#sh ip route C    172.16.0.0/16 is directly connected, FastEthernet0/0      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks D       10.0.0.0/8 [90/2172416] via 10.90.90.2, 00:16:43, Serial0/0 C       10.90.90.0/28 is directly connected, Serial0/0 D*   0.0.0.0/0 [90/2172416] via 10.90.90.2, 00:16:43, Serial0/0

  • Ensure that no host routes are propagated throughout the network at this point of the lab.

You will find that R8 interface Lo0 has a /32 mask and, hence, will be advertised as a host route. You will need to perform further EIGRP summarization to expand the network range. You can expand the range using a sensible mask of your choice. If you have configured this correctly as shown in Example 2-18, you have scored 1 point.

Example 2-18. R8 EIGRP Summary Lo0 Configuration
 interface FastEthernet0/0  ip address 10.80.80.3 255.255.255.0  ip summary-address eigrp 20 10.8.8.0 255.255.255.240

  • Encrypt all EIGRP routing updates using a method that will be difficult to detect the password.

This is not a difficult question, but it is one of those that will eat into your time so ensure you accurately configure your routers; otherwise, you will end up wasting time troubleshooting your own errors. You will need to configure MD5 authentication, which is in fact the only type available across all your EIGRP enabled interfaces as shown in Example 2-19 through Example 2-23. Bear in mind that even on networks with no neighbors at this point in time, you should still have the authentication statement. The obvious exception to this rule is loopback interfaces. If you have configured this correctly, you have scored 2 points.

NOTE

Consider creating a text file for repetitive configuration such as this and pasting to your routers to save time.


Example 2-19. R1 EIGRP Authentication Configuration
 key chain EIGRP-MD5  key 1   key-string anna ! interface FastEthernet0/0 ip authentication mode eigrp 30 md5 ip authentication key-chain eigrp 30 EIGRP-MD5 ! interface Serial0/0 ip authentication mode eigrp 30 md5  ip authentication key-chain eigrp 30 EIGRP-MD5

Example 2-20. R2 EIGRP Authentication Configuration
 key chain EIGRP-MD5  key 1   key-string anna ! interface FastEthernet0/0 ip authentication mode eigrp 30 md5 ip authentication key-chain eigrp 30 EIGRP-MD5 ! interface Serial0/0 ip authentication mode eigrp 30 md5  ip authentication key-chain eigrp 30 EIGRP-MD5

Example 2-21. R3 EIGRP Authentication Configuration
 key chain EIGRP-MD5  key 1   key-string anna ! interface FastEthernet0/0 ip authentication mode eigrp 30 md5 ip authentication key-chain eigrp 30 EIGRP-MD5

Example 2-22. R6 EIGRP Authentication Configuration
 key chain EIGRP-MD5  key 1   key-string anna ! interface FastEthernet0/0  ip authentication mode eigrp 20 md5  ip authentication key-chain eigrp 20 EIGRP-MD5

Example 2-23. R8 EIGRP Authentication Configuration
 key chain EIGRP-MD5  key 1   key-string anna ! interface FastEthernet0/0  ip authentication mode eigrp 20 md5  ip authentication key-chain eigrp 20 EIGRP-MD5

Section 2.2: OSPF (13 Points)

  • Configure OSPF as shown in Figure 2-13 with the process on each router as 30.

  • Ensure that OSPF-only routers have their loopback interfaces advertised in the same area as that of the Ethernet interface.

You will need to configure OSPF on R1, R4, R6, and R5 ensuring that the OSPF-only routers (R4 and R5) have their loopbacks advertised within their Ethernet assigned areas. R1 and R6 should have had their loopbacks advertised earlier within EIGRP. You will also need to configure a virtual link between R6 and R5 to extend area 0 out to R5 area 3 through area 4. Pay attention to your router IDs as you will add further loopback interfaces to your configuration, which will change the router ID, unless you manually configure your ID within OSPF as shown in the solution examples. If you have configured this correctly as shown in Example 2-24 through Example 2-27, you have scored 2 points.

Example 2-24. R1 Initial OSPF Configuration
 router ospf 30  network 10.10.10.0 0.0.0.15 area 0  network 10.100.100.0 0.0.0.15 area 0

Example 2-25. R4 Initial OSPF Configuration
 router ospf 30  network 10.4.4.0 0.0.0.7 area 2  network 10.10.10.0 0.0.0.15 area 0  network 10.40.40.0 0.0.0.15 area 2  network 10.100.100.0 0.0.0.15 area 0  network 10.100.101.0 0.0.0.15 area 0

Example 2-26. R5 Initial OSPF Configuration
 router ospf 30  area 4 virtual-link 10.6.6.6 network 10.5.5.4 0.0.0.3 area 3  network 10.50.50.0 0.0.0.7 area 3  network 10.99.99.0 0.0.0.7 area 4  router-id 10.5.5.5

Example 2-27. R6 Initial OSPF Configuration
 router ospf 30  area 4 virtual-link 10.5.5.5 network 10.99.99.0 0.0.0.7 area 4  network 10.100.101.0 0.0.0.15 area 0  router-id 10.6.6.6

  • Do not use the interface command ip ospf network over the ATM network.

The earlier ATM question ensured that the ATM network would be treated as NBMA. Even if you did configure an OSPF network type, you would still require broadcast capability, which you do not have, over the ATM to multicast OSPF between routers. The question calls for you to statically define a remote neighbor, which will then enable the routers to unicast OSPF to each other and form an adjacency. If you have configured neighbor 10.99.99.1 and neighbor 10.99.99.2 on R5 and R6, respectively, you have scored 1 point.

NOTE

The neighbor relationship will still form if only one neighbor statement is configured on either R5 or R6. If you have configured only one statement, this is still acceptable for a full score.


  • Add a loopback address of 10.200.200.1/29 onto R5 and ensure that this network is seen and reachable via the entire network. Do not add this network into existing R5 OSPF areas, redistribute as a connected network, or add further routing protocols on R5. Do not add any static routes pointing to R5 on any other routers. You may policy route in your solution.

As you can not advertise the network from R5 and your network requires visibility of it, you must advertise it from another router. The problem lies in that you cannot use a static route and redistribute this. The only way to achieve this is to configure a similar network on R6 and add it into either EIGRP or OSPF. You can then summarize this network out to the original mask of that configured on R5 to ensure the entire network learns about the network that is actually configured on R5 but through R6. The next step is to ensure that when traffic destined for the network on R5 reaches R6 it is forced onward to R5 instead of terminating at R6. You will need to policy route to achieve this. Your policy routing should ensure that any traffic destined to 10.200.200.1 is forwarded to R5 and it will need to be placed on R6 Fast Ethernet and virtual-template interfaces where traffic would ingress for this destination from your entire network. If you have configured this correctly as shown in Example 2-28 and Example 2-29, which also shows the resulting ping verification from R1, you have scored 5 points.

Example 2-28. R5 Loopback Configuration
 interface Loopback1  ip address 10.200.200.1 255.255.255.248

Example 2-29. R6 Loopback Configuration, Policy Routing, and Ping Test from R1
 interface Loopback1  ip address 10.200.200.5 255.255.255.252  ip ospf network point-to-point ! interface FastEthernet0/0 ip policy route-map 10.200.200.1-to-R5 ! interface Virtual-Template1 ip policy route-map 10.200.200.1-to-R5 ! router ospf 30  area 4 range 10.200.200.0 255.255.255.248  network 10.200.200.4 0.0.0.3 area 4 ! ip local policy route-map 10.200.200.1-to-R5 ! access-list 100 permit ip any host 10.200.200.1 ! route-map 10.200.200.1-to-R5 permit 10  match ip address 100  set ip next-hop 10.99.99.2 R5#debug ip icmp ICMP packet debugging is on R1#ping 10.200.200.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.200.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R5# 00:45:46: ICMP: echo reply sent, src 10.200.200.1, dst 10.100.100.1 00:45:46: ICMP: echo reply sent, src 10.200.200.1, dst 10.100.100.1 00:45:46: ICMP: echo reply sent, src 10.200.200.1, dst 10.100.100.1 00:45:46: ICMP: echo reply sent, src 10.200.200.1, dst 10.100.100.1 00:45:46: ICMP: echo reply sent, src 10.200.200.1, dst 10.100.100.1

NOTE

R6 uses the command ip ospf network point-to-point under interface Loopack0 to ensure the network is not advertised as a host route to the OSPF domain.


  • Ensure the only types of LSA propagated within OSPF area 2 are type 1, 2, and 3.

You should recall that an OSPF stub area with the key word no-summary will restrict the LSA types to 1 and 2 with the default route being advertised automatically with an LSA type 3. R4 OSPF process should be configured with area 2 stub no-summary. If you have configured this correctly, you have scored 2 points.

  • Encrypt all OSPF routing updates using a method that will be difficult to detect the password.

This is another time-consuming question that will require OSPF updates to be authenticated on a per-interface basis using MD5 encryption. Remember to also add authentication to your virtual link. If you have configured this correctly as in Example 2-30 through Example 2-33, you have scored 2 points.

Example 2-30. R1 OSPF Authentication Configuration
 interface BRI0/0 ip ospf message-digest-key 1 md5 james ! interface Virtual-Template1 ip ospf message-digest-key 1 md5 james ! router ospf 30 area 0 authentication message-digest

Example 2-31. R4 OSPF Authentication Configuration
 interface FastEthernet0/0  ip ospf message-digest-key 1 md5 james ! interface BRI0/0 ip ospf message-digest-key 1 md5 james ! interface Virtual-Template1  ip ospf message-digest-key 1 md5 james ! interface Virtual-Template2  ip ospf message-digest-key 1 md5 james ! router ospf 30  log-adjacency-changes  area 0 authentication message-digest  area 2 authentication message-digest

Example 2-32. R5 OSPF Authentication Configuration
 interface FastEthernet0/0  ip ospf message-digest-key 1 md5 james ! interface ATM3/0  ip address 10.99.99.2 255.255.255.248  ip ospf message-digest-key 1 md5 james ! router ospf 30  log-adjacency-changes  area 0 authentication message-digest  area 3 authentication message-digest  area 4 authentication message-digest  area 4 virtual-link 10.6.6.6 message-digest-key 1 md5 james

Example 2-33. R6 OSPF Authentication Configuration
 interface ATM1/0  ip ospf message-digest-key 1 md5 james ! interface Virtual-Template1  ip ospf message-digest-key 1 md5 james ! router ospf 30  area 0 authentication message-digest  area 4 authentication message-digest area 4 virtual-link 10.5.5.5 message-digest-key 1 md5 james

  • Ensure that no host routes are propagated throughout the network at this point of the lab.

You will need to configure your loopback interfaces on R4, R5, and R6, which are advertised within OSPF with ip ospf-network point-to-point statements to ensure they are advertised with the correct mask as opposed to /32 host routes to your network. You will also need to configure your Virtual-Template interfaces on R1 and R4 with the command no peer neighbor-route to remove the /32 host routes that are added to the routing table when the PPP links becomes active. These would then be propagated into your OSPF domain. If you have configured this correctly, you have scored 1 point.

Section 2.3: Redistribution (7 Points)

  • Redistribute EIGRP AS30 into OSPF, allow all routes found in AS30 into OSPF except for the 0/0 route, and do not use any distribute lists.

You are not being requested to perform mutual redistribution here so you simply redistribute EIGRP into OSPF on R1. The default route will not be propagated by default as R1 would require the default-information originate command to achieve this. You need to remember that OSPF by default redistributes classfull networks so you will need the keyword subnets in your configuration along with your specified default metric. If you have configured this correctly as shown in Example 2-34, you have scored 2 points.

Example 2-34. R1 EIGRP AS30 Initial Redistribution Configuration
 router ospf 30  redistribute eigrp 30 subnets  default-metric 4000

  • Redistribute only the EIGRP AS30 routes into EIGRP AS20; once again do not use any distribute lists and do not selectively redistribute by matching external OSPF routes to achieve this.

Usually, you would selectively redistribute routes based on a distribute list or use a route matching the EIGRP routes from OSPF, which would appear as External routes; as you cannot do this, you must attach an identification to the EIGRP AS20 routes as they ingress the OSPF network. By tagging the EIGRP routes on R1 as they are redistributed into OSPF, you will be able to use a route map on R6 and match all the tagged routes searching for the value you entered on R1. You can then allow the tagged routes to be redistributed into EIGRP AS30. Example 2-35 shows how to tag the EIGRP AS30 routes on R1; Example 2-36 shows how the tagged routes are redistributed into EIGRP AS30 on R6 with the resulting topology shown with the redistributed tagged routes. If you have configured this correctly, you have scored 4 points.

Example 2-35. R1 EIGRP AS30 Redistribution with Tagging Configuration
 router ospf 30  redistribute eigrp 30 subnets tag 7942

Example 2-36. R6 EIGRP AS30 Redistribution with Tagging Configuration and Confirmation
 router eigrp 20  redistribute ospf 30 route-map ospf-7942-eigrp20  default-metric 1000 10 255 1 1500 ! route-map ospf-7942-eigrp20 permit 10  match tag 7942 R1#sh ip ospf database self-originate             OSPF Router with ID (10.1.1.1) (Process ID 30)                 Router Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum Link count 10.1.1.1        10.1.1.1        243         0x80000005 0x002FD9 3                 Type-5 AS External Link States Link ID         ADV Router      Age         Seq#       Checksum Tag 10.0.0.0        10.1.1.1        227         0x80000002 0x007651 7942 10.1.1.0        10.1.1.1        227         0x80000002 0x0005CF 7942 10.80.80.0      10.1.1.1        227         0x80000002 0x003FE7 7942 10.90.90.0      10.1.1.1        227         0x80000002 0x00FD24 7942 172.16.0.0      10.1.1.1        227         0x80000002 0x0073A1 7942 R6#sh ip eigrp topology IP-EIGRP Topology Table for AS(20)/ID(10.6.6.6) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,        r - reply Status, s - sia Status P 10.0.0.0/8, 1 successors, FD is 2562560, tag is 7942          via Redistributed (2562560/0) P 10.1.1.0/28, 1 successors, FD is 2562560, tag is 7942          via Redistributed (2562560/0) P 10.90.90.0/28, 1 successors, FD is 2562560, tag is 7942          via Redistributed (2562560/0) P 10.8.8.0/28, 1 successors, FD is 156160          via 10.80.80.3 (156160/128256), FastEthernet0/0 P 10.80.80.0/24, 1 successors, FD is 28160          via Connected, FastEthernet0/0 P 10.6.6.0/29, 1 successors, FD is 128256          via Connected, Loopback0 P 172.16.0.0/16, 1 successors, FD is 2562560, tag is 7942          via Redistributed (2562560/0)

NOTE

R6 does not show network 10.80.80.0/24 as a tagged network learnt from OSPF via EIGRP AS30 because this is a connected interface.


  • Redistribute EIGRP AS20 into OSPF.

Simply redistribute the EIGRP AS20 routes into OSPF on R6; this will ensure that the OSPF network learns about the networks advertised by R8. EIGRP AS20 does not require any tagging as R1 is not performing mutual redistribution. R1 will learn EIGRP AS20 routes via OSPF; R2 and R3 have a network 10/8 summary to R1 so they will have reach capability of EIGRP AS20 through R1. Remember to use the subnets keyword and default-metric as before or add the associated metrics to the redistribute statement. If you have configured this correctly as in Example 2-37, you have scored 1 point.

Example 2-37. R6 EIGRP AS20 Redistribution Configuration
 router ospf 30  redistribute eigrp 20 subnets  default-metric 4000



Previous page
Table of content
Next page
CCIE Routing and Switching Practice Labs
CCIE Routing and Switching Practice Labs
ISBN: 1587051478
EAN: 2147483647
Year: 2006
Pages: 268
Authors: Martin J. Duggan, Maurilio P. Gorito
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Agile Project Management: Creating Innovative Products (2nd Edition)
Certified Ethical Hacker Exam Prep
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
GDI+ Programming with C#
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy