CCNP 300-101 Route (OSPF)

VPN

Check isakmp policy

R1# show crypto isakmp policy

Enable isakmp

R1(config)#crypto isakmp enable

Create a policy with pre-shared key

R1(config)# crypto isakmp policy 100
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# encryption 3des
R1(config-isakmp)# hash md5
R1(config-isakmp)# lifetime 86400
R1(config)# crypto isakmp key 6 CCNP address 10.1.1.252
R1(config)# crypto ipsec transform-set CCNP_LAB ah-md5-hmac
R1(cfg-crypto-trans)# mode tunnel
R1(config)# crypto ipsec security-association lifetime seconds 900

Show ISAKMP Security Associations

R# show crypto isakmp sa

CRYPTO ACL (Remember to input mirror setting on R2)

R1(config)# access-list 103 permit ip host 10.1.1.250 host 10.1.1.252

CRYPTO MAP

R1(config)# crypto map CCNP_MAP 100 ipsec-isakmp
R1(config-crypto-map)# match address 103
R1(config-crypto-map)# set peer 10.1.1.252
R1(config-crypto-map)# set transform-set CCNP_LAB

R1(config)# int gi1/0/27
R1(config-if)# crypto map CCNP_MAP

Troubleshooting

R1# debug crypto ipsec
R1# show crypto map
R1# show crypto isakmp sa
R1# show crypto ipsec sa

 

Frame Relay

show frame-relay map
show frame-relay pvc

OSPF (LSA types)

  • Type 1. Directed connected links
  • Type 2. DR involved
  • Type 3. Includes prefixes from other areas (inter-area). Generated by ABR
  • Type 4.
    ASBR Summary. Generated by an ABR bordering an area containing an ASBR.
    (ABR flooding received ASBR bit set Typ1 LSA as Type 4)The ABR (R3) converts the ASBR (R4) type 1 router LSA into a type 4 ASBR summary LSA

    Generated by an ABR
    Describes an ASBR
    Flooded to all normal areas

  • Type 5. External LSA. Generated by an ASBR. Describes the external prefix and the gateway to reach it. Flooded to all normal areas.

OSPF (ASBR)

  • Autonomous System Boundary Router
  • Redistributes from another IGP into OSPF

OSPF

debug ip ospf hello
HR(config)#router ospf 1
HR(config-router)#network 10.10.10.0 0.0.0.255 area 0
SW250(config-router)#network 10.10.10.0 0.0.0.255 area 0

HR#show ip ospf database router
HR#show ip ospf database summary

OSPF (normal area 0) LSA 1, 2, 3, 4 & 5

R1(config)#router ospf 1
R1(config-router)#network 10.0.12.1 0.0.0.0 area 0

R2(config)#int lo0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config)#router ospf 1
R2(config-router)#network 10.0.12.0 0.0.0.3 area 0

OSPF (normal area 23)

R1(config-router)#network 10.0.23.2 0.0.0.0 area 23

R2(config)#int lo0
R2(config-if)# ip address 3.3.3.3 255.255.255.255
R2(config)#router ospf 1
R2(config-router)#network 10.0.23.3 0.0.0.0 area 23

R2#show ip ospf database router
R2#show ip ospf database summary

OSPF (stub) Type3 LSA

R1(config)#router ospf 1
R1(config-router)#network 10.0.27.1 0.0.0.0 area 27
R1(config-router)#area 27 stub

R2(config)#int lo0
R2(config-if)#ip address 7.7.7.7 255.255.255.255
R2(config)#router ospf 7
R2(config-router)#network 10.10.27.2 0.0.0.0 area 27
R2(config-router)#area 27 stub

R2#show ip ospf database
R2#show ip route
### Check for O*IA default gateway
### Check for O IA routes

OSPF (Totally Stubby Areas) Only Type 1,2 & 3

R1(config)#router ospf 1
R1(config-router)#network 10.0.18.1 0.0.0.0 area 18
R1(config-router)#area 18 stub no-summary

R2(config)#int lo0
R2(config-if)#ip address 8.8.8.8 255.255.255.255
R2(config)#router ospf 1
R2(config-router)#router-id 8.8.8.8
R2(config-router)#network 8.0.0.0 0.255.255.255 area 18
R2(config-router)#network 10.0.18.2 0.0.0.0 area 18
R2(config-router)#area 18 stub no-summary

R2#show ip ospf database

OSPF (NSSA, Not-so-stubby Area) Use unicast

R1(config)#router ospf 1
R1(config-router)#network 10.0.34.3 0.0.0.0 area 34
R1(config-router)#area 34 nssa

R2(config)#router ospf 1
R2(config-router)#network 10.0.34.4 0.0.0.0 area 34
R2(config-router)#area 34 nssa
R2(config-router)#neighbor 10.0.34.3

R2#show ip ospf interface
R2#show ip ospf neighbor
R2#show ip ospf database

OSPF (Virtual Links)

### Must be configured on both ABRs
### The transit area cannot be a stub area

R1(config-router)# area 23 virtual-link 2.2.2.2

R2(config-router)# area 23 virtual-link 3.3.3.3

OSPF (R1 always DR) Designated Router election

R1(config)#int s2/0.304
R1(config-subif)#ip ospf priority 255

R2(config)#int s2/0
R2(config-if)#ip ospf priority 0
R2#show ip ospf neighbor
R2#clear ip ospf process
### As booting sequence matter, confirm DR again after restarting both routers.

OSPF (authentication)

R1(config)#router ospf 1
R1(config-router)#area 0 authentication message-digest
R1(config)#int s2/0.102
R1(config-subif)#ip ospf message-digest-key 1 md5 !PassWordHere!
### verify area 0 authentication by
show ip ospf

R1(config-subif)#ip ospf authentication message-digest
### verify interface authentication mode
show ip ospf int s2/0.102
R2(config)#router ospf 1
R2(config-router)#area 0 authentication message-digest
R2#int s2/0.201
R2(config-subif)#ip ospf message-digest-key 1 md5 !PassWordHere!
R2(config-subif)#ip ospf authentication message-digest

### Give authentication to virtual-link
R2(config-router)#area 23 virtual-link 3.3.3.3 message-digest-key 1 md5 !PassWordHere!
### Give authentication to virtual-link
R3(config-router)#area 23 virtual-link 2.2.2.2 message-digest-key 1 md5 !PassWordHere!
R3(config-router)#area 0 authentication message-digest

OSPF (route summarization)

  • Summarization must occur on ABR or ASBR
R8(config)#int lo1
R8(config-if)#ip address 8.0.0.1 255.255.255.255
R8(config-if)#int lo2
R8(config-if)#ip address 8.0.0.2 255.255.255.255 
R8(config-if)#int lo3
R8(config-if)#ip address 8.0.0.3 255.255.255.255
R8(config-if)#int lo4
R8(config-if)#ip address 8.0.0.4 255.255.255.255

R1(config)#router ospf 1
R1(config-router)#area 18 range 8.0.0.0 255.0.0.0

OSPF (route summarization)

Networks:
23.1.2.128/29
23.1.2.136/30
23.1.2.140/30
23.1.2.144/30
23.1.2.148/30

Last Octet Focus: (find common bits)
x.x.x.128 1000 0000
x.x.x.136 1000 1000
x.x.x.140 1000 1100
x.x.x.144 1001 0000
x.x.x.148 1001 0100

Summary: 23.1.2.128/27 covering 23.1.2.128 - 159 (usable: 129-158)

 

OSPF (route redistribution)

Customer request:

Configure loopbacks on R1 as follows:

Loopback1 1.1.0.1/24
Loopback2 1.2.0.1/24
Loopback3 1.3.0.1/16
Loopback4 1.4.0.1/16

Redistribute subnets of all connected interfaces into OSPF

R1(config)#router ospf 1
R1(config-router)#redistributes connected subnets

### verify on R2
R2#show ip route ospf

 

OSPF (Redistributing RIP into OSPF)

Customer Request:

On R1, redistribute RIP learned subnets into OSPF as E1 routes

R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets metric-type 1
### verify on R1
R1#show ip ospf 1

### verify on R2
R2#show ip route

 

OSPF (Route Maps and IP Prefix Lists)

Route Map Referencing an IP Prefix List

Rx(config)#route-map RM1 permit 10
Rx(config-route-map)#match ip address prefix-list PL1
Rx(config-route-map)#set metric-type type-1

Rx(config)#ip prefix-list PL1 seq 10 permit 10.0.0.0/8
Rx(config)#ip prefix-list PL1 seq 20 deny 172.16.0.0/16

Route map “Permit” = advertise and apply set caluses
Route map “Deny” = do not advertise

IP prefix list “Permit” = match
IP prefix list “Deny” = do not match

Customer Request:

Redistribute all current and future prefixes matching 203.0.113.x/32 into OSPF as type E1
Your configuration must not affect any other prefixes

R1#show ip route 203.0.113.0
R1#show ip route connected 
R1(config)#router ospf 1
R1(config-router)#no redistribute connected
R1(config-router)#redistribute connected subnets metric-type 1
### cannot do this because it will affect all other routes

R1(config)#ip prefix-list ISP1 seq 10 permit 203.0.113.0/24 ge 32 le 32
R1(config)#route-map CONN->OSPF permit
R1(config-route-map)#match ip address prefix-list ISP1
R1(config-route-map)#set metric-type type-1

R1(config)#router ospf 1
R1(config-router)#redistribute connected route-map CONN->OSPF

### Verify on R2
R2#show ip route ospf


### Fix missing E2 routes (due to implicit deny)
R1#show run | sec route-map
R1(config)#router ospf 1
R1(config-router)#route-map CONN->OSPF 20
R1(config-route-map)#do show route-map

 

OSPF (Summarizing External Routes)

Customer Request:

Summarize all of R1’s loopback addresses as a 1.0.0.0/8 summary route.

R1(config)#router ospf 1
R1(config-router)#summary-address 1.0.0.0 255.0.0.0

 

OSPF (Injecting Default Routes)

Customer Request:

On R4, inject a default route into OSPF using ISP1’s 198.51.100.2 address as the next hop

R4(config)#ip route 0.0.0.0 0.0.0.0 198.51.100.2
R4#show ip route static
R4(config)#router ospf 1

### debug 
R4#debug ip ospf lsa-generation

R4(config-router)#area 34 nssa default-information-originate 


show ip ospf border-routers

Customer Request:

Use a single command on R1 to inject a default route into OSPF

R1(config)#router ospf 1
R1(config-router)#default-information originate always

 

OSPF (summary)

  • OSPF routes have an AD of 110
  • Every OSPF router has a unique RID
  • OSPF uses IP protocol 89 (not TCP or UDP)
  • Hello messages every 10 sec (point to point link or broadcast)
  • Hello messages every 30 sec (NBMA)
  • Dead timer is 4x Hello interval (e.g. 40 sec)
  • On multi-access network, OSPF routers elect a DR
  • Virtual links allow areas not bordering area 0 to connect to area 0 through a transit area
  • Authentication can be done per area or per interface
  • OSPF can summarize inter-area routes at ABR and external routes at an ASBR
  • E1 routes are always preferred over E2 routes, regardless of cost
  • OSPFv2 for IPv4
  • OSPFv3 for IPV6
  • Each router in an area has an identical copy of the LSDB
  • 5 area types (Normal, Stub, totally stubby, NSSA and totally NSSA)
  • On multi-access network, OSPF routers elect a DR which is influenced by interface priority
  • Priority of 0 will never become a DR (designated router)
  • Virtual links allow areas not bordering area 0 to connect to area 0 through transit area
  • Transit area cannot be stub. Transit area must be normal area
  • OSPF being a link state protocol, cannot summarize at random points along the network
  • OSPF can only summarize inter-area routes at an ABR
  • OSPF can only summarize external routes at an ASBR
  • Redistributing routes makes a router an ASBR

Redistributing Connected Routes
All connected subnets will be advertised as external routes

(config)#router ospf 1
(config-router)#redistribute connected subnets

Redistributing RIP-learned Routes (All RIP-learned subnets will be advertised as E1 routes)

(config)#router ospf 1
(config-router)# redistribute rip subnets metric-type 1

Configuring an IP Prefix List and Route Map
Any connected /32 prefix starting with 203.0.113.x will be advertised as an E1 route

(config)#ip prefix-list ISP1 seq 10 permit 203.0.113.0/24 ge 32 le 32
(config)#route-map CONN->OSPF permit
(config-route-map)#match ip address prefix-list ISP1
(config-route-map)#set metric-type type-1

Configuring an Access list and Route Map

(config)#access-list 100 permit ip 203.0.113.0 0.0.0.255 host 255.255.255.255
(config)#route-map CONN->OSPF permit
(config-route-map)#match ip address 100
(config-route-map)#set metric-type type-1

Overcoming the Implicit Deny in a Redistribution Route Map

(config)#route-map CONN->OSPF 20
(config)#router ospf 1
(config-router)#redistribute connected route-map CONN->OSPF

Injecting a Default Route into a NSSA (Advertises the static default route as a type 7 LSA)
ABR converts type 7 LSA to type 5

(config)#ip route 0.0.0.0 0.0.0.0 198.51.100.2
(config)#router ospf 1
(config-router)#area 34 nssa default-information-originate

Injecting a Default Route into a Normal Area
(Advertises a default route as an external type 5 LSA without a static default route in the IP routing table)

(config)#router ospf 1
(config-router)#default-information originate always

 

OSPF (troubleshooting commands)

HR#show ip ospf neighbor
HR#show ip ospf interface brief
HR#show ip ospf
HR#show run | sec router
HR#show ip protocols
HR#show ip route
HR#show ip ospf route
HR#show ip ospf virtual-links

#Advertise all network
HR(config-router)#network 0.0.0.0 255.255.255.255 area 0

# Prevents a router interface from participating in DR election
HR(config-if)#ip ospf priority 0

#Statically configure neighboring OSPF router in Non-broadcast network
HR(config-router)#neighbor x.x.x.x

OSPF v3 (IPv6)

Unicast routing must be enabled

ipv6 unicast-routing

OSPF v3. Similarities between v2 & v3

  1. RID is in IPv4 format
  2. Virtual links are created using the RID
  3. Timers, network types and neighbor states

OSPF v3

  1. Type 1 & 2 LSAs do not carry prefix information
  2. TWO New LSA types (Type 8 & 9)
  3. Type 8 advertises IPv6 link-local addresses
  4. Type 9 Intra-area Prefix LSA (No longer carried by type 1 router & type 2 network LSAs)
  5. Type 3 & 4 LSAs are renamed (more accurately describes type 3 & 4 in IPv6)
    Type 3 summary LSA -> inter-area prefix LSA
    Type 4 ASBR summary LSA -> inter-area router LSA
  6. No network command or wildcard masks
  7. OSPFv3 multicast Addresses (OSPFv2 IPv4 224.0.0.5 & 224.0.0.6)
    FF02::5 All OSPF routers
    FF02::6 All designated routers
  8. OSPFv3 does not provide authentication. Uses IPv6 IPsec instead

Enabling OSPF v3

Customer Request:

Configure the OSPFv3 backbone area on the interfaces.
Between R1 & R2
Between R1 & R4
Configure OSPFv3 standard area 23 between R2 & R3

R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router ospf 1
R1(config-rtr)#do show cdp neighbor
R1(config-rtr)#int fa0/1
R1(config-if)#ipv6 ospf 1 area 0
% OSPFv3: IPV6 is not enabled on this interface
R1(config-if)#ipv6 address autoconfig
R1(config-if)#ipv6 ospf 1 area 0
R2(config)#ipv6 unicast-routing
R2(config-if)#ipv6 address autoconfig
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#ipv6 router ospf 1
R4(config)#ipv6 unicast-routing
R4(config)#int fa0/1
R4(config-if)#ipv6 address autoconfig
R4(config-if)#ipv6 ospf 1 area 34

OSPF v3 (Frame Relay & Network type)

Customer Request:

Configure OSPFv3 area 34 as an NSSA between R3 & R4
Do not use the neighbor command

R3#show cdp neighbors
R3(config)#int fa0/0
R3(config-if)#ipv6 address autoconfig
R3(config-if)#ipv6 ospf 1 area 34
R3(config-rtr)#area 34 nssa
R4(config)#ipv6 router ospf 1
R4(config-rtr)#area 34 nssa
R4(config)#int fa0/0
R4(config-if)#ipv6 ospf 1 area 34
### Verify Network Type and create frame relay map
R4#show ipv6 ospf int fa0/0
R4(config)#int fa0/0
R4(config-if)#frame map ipv6 FE80::IPv6ADDR:OF:R3 403 broadcast
R4(config-if)#ipv6 ospf network broadcast

### Do the same for the other end
R3(config-if)#frame map ipv6 FE80::IPv6ADDR:OF:R4 304 broadcast
R3(config-if)#ipv6 ospf network broadcast

 

OSPF v3 (IPv6 Route Redistribution)

Customer Request:

Configure R4’s loopback0 interface with the address 2001:db8::4/128
Redistribute loopback0’s IPv6 address into OSPFv3 area 34

R4(config)#int loopback 0
R4(config-if)#ipv6 address 2001:db8::4/128
R4(config-if)#ipv6 router ospf 1
R4(config-rtr)#redistribute connected

OSPF v3 (IPv6 Summary)

  1. Both OSPFv2 & v3 use the IPv4 format for RID (must be manually configured if not set)
  2. Instead of using network command, OSPFv3 is enabled explicitly on each interface
  3. IPv6 router ospf global command is optional for enabling the OSPFv3 process
  4. Type 3 & 4 are renamed but functions are the same
  5. ABR with the highest RID translates between type 7 & 5 LSAs
  6. No more authentication
  7. OSPF v3 utilizes IPsec for authentication
  8. Type 8 (Link LSA)
  9. Type 9 (Intra-area prefix LSA)
  10. Commands for summarization are almost identical to OSPF v2

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top