Ccnplabguide 130323152251 Phpapp01 PDF

www.ccieuniversity.
com
Configuring Basic EIGRP Lab ............................................................................................................ 3

Configuring Default-network for EIGRP Lab .................................................................................... 6
Manually Summarizing EIGRP Routes Lab ..................................................................................... 11
Configuring EIGRP Unequal Cost Paths Lab ................................................................................... 15
Configuring EIGRP Authentication Lab .......................................................................................... 18
Understand EIGRP Query Lab ........................................................................................................ 20
Configuring Basic Multi Area OSPF and Area Summary Lab ......................................................... 28
Configuring OSPF in NBMA Lab ..................................................................................................... 32
Configuring OSPF Authentication Lab ........................................................................................... 37
Configuring OSPF External Summary Lab ...................................................................................... 43
Configuring OSPF Default Route With Metric Lab ......................................................................... 46
Configuring OSPF Stub Area Lab .................................................................................................... 49
Configuring OSPF Totally Stub Area Lab ........................................................................................ 53
Configuring OSPF NSSA Area and NSSA Totally Stub Lab .............................................................. 56
Configuring OSPF Virtual-Link between normal area and backbone area Lab ............................. 62
Configuring OSPF Virtual-Link between 2 backbone areas Lab .................................................... 65
Understand OSPF Routing Between Inter Area Lab ...................................................................... 68
Configuring Basic IS-IS Lab ............................................................................................................. 70
Configuring IS-IS Multi Area and Summary Route Lab .................................................................. 74
Migrate IS-IS Area Lab ................................................................................................................... 78
Redistributing into RIP and OSPF Lab ............................................................................................ 81
Redistributing Between EIGRP and IS-IS Lab ................................................................................. 83
Redistribution Using Administrative Distance Lab ........................................................................ 87
Filtering Routing Updates with a Distribute List Lab ..................................................................... 89
Filtering Routing Updates with a Route Map Lab ......................................................................... 91
Using Route Tag Filtering Routing Updates Lab ............................................................................ 93
Policy-based route Lab .................................................................................................................. 96
Configuring Basic BGP Lab ............................................................................................................. 99
Configuring BGP Using Loopback Addresses Lab ........................................................................ 101
Understand BGP Auto-Summary Lab .......................................................................................... 103
Configuring BGP Summarization Lab ........................................................................................... 106
Understand BGP Split Horizon Rule Lab ...................................................................................... 108
www.ccieuniversity.com
Understand BGP Synchronization Rule Lab ................................................................................. 111

BGP Neighbor Authentication Lab............................................................................................... 114
Configuring BGP Local Preference Lab ........................................................................................ 117
Using Route Maps to Configuring BGP Local Preference Lab ..................................................... 121
Configuring BGP Multi-Exit Discriminator Lab............................................................................. 124
Configuring BGP Weight Lab ....................................................................................................... 128
Affects the BGP Routing By Path Prepend Lab ............................................................................ 131
Configuring BGP Routes Reflector Lab ........................................................................................ 134
Configuring BGP Confederation Lab ............................................................................................ 135
Using Route Tag to Store BGP AS-Path Lab ................................................................................. 139
Using Distribute-list to Filtering BGP Routing Lab ....................................................................... 143
Using Route-Map to Filtering BGP Routing Lab .......................................................................... 145
Using Prefix-List to Filtering BGP Routing Lab ............................................................................. 146
Configuring 802.1x Port-Based Authentication Lab .................................................................... 150
Routing Between VLANs and VTP Protocol Lab .......................................................................... 154
Configuring L2 & L3 EtherChannel with PAGP Lab ...................................................................... 163
Configuring L2 & L3 EtherChannel with LACP Lab ....................................................................... 169
Configuring Layer 3 Redundancy with HSRP Lab ......................................................................... 172
Configuring Layer 3 Redundancy with VRRP Lab......................................................................... 179
Configuring Basic EIGRP Lab
Topology
Lab Purpose:
1Master EIGRP basic configuration.
2Master EIGRP wild card bits configuration.
3Master EIGRP auto summary feature, and learn how to disable auto summary.
4Master EIGRP manually summary.
Lab Steps:
1Config IP address for each router.

2EIGRP AS number should be 50.
3Enable EIGRP for the 3 routers.
R1#configure terminal
R1(config-if)#router eigrp 50
R1(config-router)#network 172.16.0.0
4Check the EIGRP neighbour relationship on R2.
R2#show ip eigrp 50 neighbors
IP-EIGRP neighbors for process 50

H Address
Interface
Hold Uptime SRTT RTO Q Seq
(sec)
(ms) Cnt Num
1 172.16.1.6
Se1/1
13 00:00:37 436 2616 0 2
0 172.16.1.1
Se1/0
13 00:02:34 736 4416 0 4
TIPS: H stands for neighbor sequence number, address is the neighbor address, Interface is the local
interface which connect with neighbor.
5Check the routing table on R2.

R2#show ip route
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C
172.16.1.4/30 is directly connected, Serial1/1
D
172.16.0.0/16 is a summary, 00:06:33, Null0
C
D 192.168.4.0/24 [90/2297856] via 172.16.1.6, 00:04:39, Serial1/1
D 10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:06:34, Serial1/0
C 131.131.0.0/16 is directly connected, Loopback0
D 192.168.0.0/24 [90/2297856] via 172.16.1.6, 00:04:39, Serial1/1
D 192.168.1.0/24 [90/2297856] via 172.16.1.6, 00:04:39, Serial1/1
D 192.168.2.0/24 [90/2297856] via 172.16.1.6, 00:04:39, Serial1/1
D 192.168.3.0/24 [90/2297856] via 172.16.1.6, 00:04:39, Serial1/1
6 Check EIGRP routing table on R2.

R2#show ip route eigrp
D
172.16.0.0/16 is a summary, 00:10:09, Null0
D 192.168.4.0/24 [90/2297856] via 172.16.1.6, 00:08:14, Serial1/1
D 10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:10:10, Serial1/0
D 192.168.0.0/24 [90/2297856] via 172.16.1.6, 00:08:14, Serial1/1
D 192.168.1.0/24 [90/2297856] via 172.16.1.6, 00:08:14, Serial1/1
D 192.168.2.0/24 [90/2297856] via 172.16.1.6, 00:08:14, Serial1/1
D 192.168.3.0/24 [90/2297856] via 172.16.1.6, 00:08:14, Serial1/1
7There is a summary route 10.0.0.0/8 via 172.16.1.1 on R2 by auto summary feature,

we could use "no auto-summary" command to disable it.
R1(config)
R1(config)#router eigrp 50
R1(config-router)#no auto-summary
R1(config-router)#exit
Then check the eigrp route on R2 again.

D
172.16.0.0/16 is a summary, 00:07:26, Null0
D 192.168.4.0/24 [90/2297856] via 172.16.1.6, 00:05:09, Serial1/1
10.0.0.0/24 is subnetted, 4 subnets
D
D
D
D
D
D
D
D
10.1.3.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0

10.1.2.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0
10.1.1.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0
10.1.4.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0
192.168.0.0/24 [90/2297856] via 172.16.1.6, 00:05:09, Serial1/1
192.168.1.0/24 [90/2297856] via 172.16.1.6, 00:05:09, Serial1/1
192.168.2.0/24 [90/2297856] via 172.16.1.6, 00:05:09, Serial1/1
192.168.3.0/24 [90/2297856] via 172.16.1.6, 00:05:09, Serial1/1
8Manually summarize network 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24

192.168.3.0/24 to 1 item on R3.
R3(config)#interface serail 1/0
R3(config-if)#ip summary eigrp 50 192.168.0.0 255.255.252.0
R3(config-if)#exit
9Check routing table on R2 again.
D
10.1.1.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0
D
10.1.4.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0
D 192.168.0.0/22 [90/2297856] via 172.16.1.6, 00:05:09, Serial1/1
10Use wild card bits on R2's EIGRP configuration.

R2(config)#no router eigrp 50
R2(config-router)#network 172.16.1.0 0.0.0.3
11This time there is only R1 in R2's neighbor table.
R2#show ip eigrp neighbors
H Address
Interface
Hold Uptime SRTT RTO Q Seq
(sec)
(ms)
Cnt Num
0 172.16.1.1
Se1/0
12 00:04:57 1510 5000 0 5
12Check EIGRP routing table on R1.
D
172.16.0.0/16 is a summary, 00:02:55, Null0

D
10.0.0.0/8 is a summary, 00:02:55, Null0
D 131.131.0.0/16 [90/2297856] via 172.16.1.2, 00:00:06, Serial1/1
By www.ccieuniversity.com
Configuring Default-network for EIGRP Lab

Topology
Lab Purpose:
1Learn to use "ip default-network" command instead of " ip route 0.0.0.0 0.0.0.0 " in
EIGRP network.
Lab Steps:
1Finish the basic ip address configuration on all the routers.

2Let's suppose R3 is the external router, so there is no EIGRP relationship between R2
and R3. What we need is a default route to the internal network on R3.
R3(config)#
R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
R3(config)#
3Enable EIGRP 50 on the internal routers.
4Check EIGRP neighbor relationship on R2.
R2#show ip eigrp neighbors

H Address
1 172.16.1.6
0 172.16.1.1
Interface
(sec)
Et1/2
Et1/0
Hold Uptime SRTT RTO Q Seq Type

(ms)
Cnt Num
11 00:00:54 1 3000 0 2
12 00:00:54 1 3000 0 2
5Add a default route on R2 to reach the external network.

R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.2
R2(config)#
R2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/43/92 ms
R2#
6R1 and R5 do not have route to external network, so they can not access external
network.
R1#show ip route
Gateway of last resort is not set
D
C

172.16.1.4 [90/284160] via 172.16.1.2, 00:06:40, FastEthernet0/1
172.16.1.0 is directly connected, FastEthernet0/1
R1#
R1#ping 192.168.1.1
.....
Success rate is 0 percent (0/5)
R1#
R5#show ip route
C
D

172.16.1.4 is directly connected, Ethernet1/1
172.16.1.0 [90/307200] via 172.16.1.5, 00:12:15, Ethernet1/1
R5#
R5#ping 192.168.1.1
.....
R5#
7One solution is to add a default route with the next hop R2 on both R1 and R5 .
R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2
R1(config)#exit
R1#show ip route
Gateway of last resort is 172.16.1.2 to network 0.0.0.0

D
C
S* 0.0.0.0/0 [1/0] via 172.16.1.2
R1#
R1#ping 192.168.1.1
!!!!!
R1#
R5(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5
R5(config)#exit
R5#
R5#show ip route

D
172.16.1.0 [90/307200] via 172.16.1.5, 00:13:57, Ethernet1/1
S* 0.0.0.0/0 [1/0] via 172.16.1.5
R5#
R5#ping 192.168.1.1
!!!!!
R5#
8Another solution is to let R2 announce the external route to R1 and R5, this solution
is better for large internal network, as it gets less configuration work.
9So let's delete the default route on R1 and R5 first.
R1(config)#no ip route 0.0.0.0 0.0.0.0 172.16.1.2
R1(config)#exit
R1#
R1#show ip route
D
C

R1#
R1#ping 192.168.1.1
.....
R1#
R5(config)#no ip route 0.0.0.0 0.0.0.0 172.16.1.5
R5(config)#exit
R5#
R5#show ip route
C
D

172.16.1.0 [90/307200] via 172.16.1.5, 00:19:42, Ethernet1/1
R5#
R5#ping 192.168.1.1
.....
R5#
10Then let's R2 announce the external network 192.168.10.0 to R1 and R5.
R2(config)#ip default-network 192.168.10.0
R2(config)#exit
R2#show ip route

* 192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
D* 192.168.10.0/24 is a summary, 00:00:53, Null0
C
192.168.10.0/30 is directly connected, Ethernet1/1
C
D
172.16.0.0/16 is a summary, 00:22:22, Null0
C
S* 0.0.0.0/0 [1/0] via 192.168.10.2
R2#
11Check the routing table of R1 and R5 again, to make sure they have the external
route.
R1#show ip route

D* 192.168.10.0/24 [90/284160] via 172.16.1.2, 00:02:03, FastEthernet0/1
D
C
R1#
R1#ping 192.168.1.1
!!!!!
R1#
R5#show ip route

D* 192.168.10.0/24 [90/307200] via 172.16.1.5, 00:04:15, Ethernet1/1
C
D
172.16.1.0 [90/307200] via 172.16.1.5, 00:04:19, Ethernet1/1
R5#
R5#ping 192.168.1.1
!!!!!
Manually Summarizing EIGRP Routes Lab

Topology
Lab Purpose:
1Understand the weakness of EIGRP auto summarization.
2Master EIGRP manually summary configuration.
Lab Steps:
1Finish basic ip configuration.

2Enable EIGRP on all the routers, do not disable auto summary.
3Ping on R2 to R1's 10.1.X.0/24 network and R4's 10.1.X.0/24 network, you will find
to R1 is good, but to R4 fails.
R2#ping 10.1.1.1
!!!!!
R2#ping 10.1.16.1
U.U.U
R2#
R2#ping 10.1.17.1
U.U.U
4Check the routing table of R2.

R2#show ip route
D
C
C
D
D
D
D
D

172.16.1.8 [90/307200] via 172.16.1.6, 00:06:25, Ethernet1/1
10.0.0.0/8 [90/409600] via 172.16.1.1, 00:06:09, Ethernet1/0
192.168.0.0/24 [90/409600] via 172.16.1.6, 00:06:25, Ethernet1/1
192.168.1.0/24 [90/409600] via 172.16.1.6, 00:06:25, Ethernet1/1
192.168.2.0/24 [90/409600] via 172.16.1.6, 00:06:25, Ethernet1/1
192.168.3.0/24 [90/409600] via 172.16.1.6, 00:06:25, Ethernet1/1
5Check the EIGRP topology database of R2.

R2#show ip eigrp topology all-links
IP-EIGRP Topology Table for AS(50)/ID(172.16.1.5)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 10.0.0.0/8, 1 successors, FD is 409600, serno 3
via 172.16.1.1 (409600/128256), Ethernet1/0
via 172.16.1.6 (435200/409600), Ethernet1/1
via 172.16.1.6 (409600/128256), Ethernet1/1

via 172.16.1.6 (409600/128256), Ethernet1/1
via 172.16.1.6 (409600/128256), Ethernet1/1
via 172.16.1.6 (409600/128256), Ethernet1/1
via 172.16.1.6 (307200/281600), Ethernet1/1
via Connected, Ethernet1/1
via Connected, Ethernet1/0
6The specific 10.1.X.0/24 networks on both R1 and R4 were automatically summarize

to 10.0.0.0/8 before R2 receives. So R2 has two next hop to network 10.0.0.0/8,
according to the topology database R1's (172.16.1.1) FD 409600 is better than R3's
(172.16.1.6) FD 435200, then R2 will choose R1 172.16.1.1 as the next hop in the routing
table, so ping traffic to the networks behind R4 will not going to R4.
7To solve this issue, we need to use manual summary instead of auto summary.
R1(config)#
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip summary-address eigrp 50 10.1.0.0 255.255.252.0
R1(config-if)#exit
R1(config)#exit
R4(config)#
R4(config-if)#exit
R4(config)#exit

R2#show ip route
D
C
C
D
D
D
D

172.16.1.8 [90/307200] via 172.16.1.6, 00:21:08, Ethernet1/1
10.1.0.0 [90/409600] via 172.16.1.1, 00:03:13, Ethernet1/0
10.1.16.0 [90/435200] via 172.16.1.6, 00:01:02, Ethernet1/1
192.168.0.0/24 [90/409600] via 172.16.1.6, 00:21:08, Ethernet1/1
192.168.1.0/24 [90/409600] via 172.16.1.6, 00:21:08, Ethernet1/1
D
D
192.168.2.0/24 [90/409600] via 172.16.1.6, 00:21:08, Ethernet1/1

192.168.3.0/24 [90/409600] via 172.16.1.6, 00:21:08, Ethernet1/1
9Ping the networks behind R1 and R4 again.

R2#ping 10.1.0.1
!!!!!
R2#ping 10.1.1.1
!!!!!
R2#ping 10.1.16.1
!!!!!
R2#ping 10.1.17.1
!!!!!
10To decrease the size of routing table, we could manually summarize the networks
from 192.168.0.0/24 to 192.168.3.0/24 behind R3.
R3(config)#
R3(config)#interface ethernet 1/1
R3(config-if)#exit
R3(config)#
R3(config)#inter ethernet 1/0
R3(config-if)#exit
R3(config)#
11Check the routing table of R2 and R4.

R4#show ip route
C
D

D
D
C
C
C
D
C
D

10.1.0.0/22 [90/437760] via 172.16.1.9, 00:02:23, FastEthernet0/0
10.1.19.0/24 is directly connected, Loopback0
10.1.16.0/22 is a summary, 00:03:33, Null0
R2#show ip route
D
C
C
D
D
D

172.16.1.8 [90/307200] via 172.16.1.6, 00:02:54, Ethernet1/1
10.1.0.0 [90/409600] via 172.16.1.1, 00:16:13, Ethernet1/0
10.1.16.0 [90/435200] via 172.16.1.6, 00:02:54, Ethernet1/1
192.168.0.0/22 [90/409600] via 172.16.1.6, 00:02:54, Ethernet1/1
12Ping the networks behind R3 from R2 and R4.

R2#ping 192.168.0.1
!!!!!
R4#ping 192.168.1.1
!!!!!
Configuring EIGRP Unequal Cost Paths Lab

Topology
Lab Purpose:
1Master EIGRP unequal cost load balance.
2Master EIGRP metric modifying.
3Master EIGRP ADFDFCSuccessorFS principal.
Lab Steps:

2Enable EIGRP 50 on the 3 routers.
R1#show ip route
C
D
C
D

172.16.1.0 is directly connected, Serial1/1
4We can see there is only one way to network 192.168.1.0/24, to increase the
capability of transmission, we need to use all the usable links.
5If we want to use 172.16.1.2 as a unequal cost path, then we should make sure it is
the FS of network 192.168.1.0/24.
6Check the EIGRP 50 topology database we found that 172.16.1.2 is not in the
192.168.1.0/24 list, not a FS.
R1#show ip eigrp 50 topology
P 192.168.1.0/24, 1 successors, FD is 156160

via 172.16.1.10 (156160/128256), FastEthernet0/0
P 172.16.1.8/30, 1 successors, FD is 28160
via Connected, FastEthernet0/0
7Check the full EIGRP topology table we found that 172.16.1.2 could be the next hop
of network 192.168.1.0/24, just not in use by the restriction of algorithm.
R1#show ip eigrp 50 topology all-links

via 172.16.1.2 (2809856/2297856), Serial1/1
8According to the FS formula.

AD of secondary-best route < FD of best route(Successor) = Feasible Successor
We could do the math.
Distance from R2 to network 192.168.1.0/24 should less than 156160, then 172.16.1.2
would be the FS.
9Let's change the EIGRP metrics of R2 to make it work as a FS of R1.
R2(config)#interface serial 1/1
R2(config-if)#bandwidth 10000000
R2(config-if)#delay 10
R2(config)#exit
10Check the topology table of R1, we see 130816 is less than 15160.
R1#show ip eigrp topology all-links

via 172.16.1.2 (2300416/130816), Serial1/1
11This time we could enable unequal cost load balance, and give the right variance
value.
According to the variance formula.
FD of FS route < FD of best route(Successor) * Varince
So the math is
2300416 < 156160 * x
x14.73
12Let test 14 as the variance number.
R1(config-router)#variance 14
R1(config)#exit
R1#clear ip router *
R1#show ip route
C
D 192.168.1.0/24 [90/156160] via 172.16.1.10, 00:00:00, FastEthernet0/0
Seems 14 is not enough.

13Let's change it to 15.
R1(config-router)#variance 15
R1(config)#exit
R1#clear ip router *
R1#show ip route
C
D 192.168.1.0/24 [90/156160] via 172.16.1.10, 00:00:01, FastEthernet0/0
[90/2300416] via 172.16.1.2, 00:00:01, Serial1/1
This time both 172.16.1.10 and 172.16.1.2 are the next hop for network 192.168.1.0/24.
Configuring EIGRP Authentication Lab

Topology
Lab Purpose:
1Master EIGRP authentication principal.
2Master EIGRP authentication configuration.
Lab Steps:

3Check the routing tables of R1 and R2.
R1#show ip route

172.16.0.0/16 is a summary, 00:00:37, Null0
C
D
10.0.0.0/8 is a summary, 00:00:37, Null0
D 192.168.1.0/24 [90/2297856] via 172.16.1.10, 00:00:09, Serial1/1
C
D
R1#
R2#show ip route

C
D
172.16.0.0/16 is a summary, 00:00:53, Null0
D 10.0.0.0/8 [90/2297856] via 172.16.1.9, 00:00:51, Serial1/0
R2#
4Config EIGRP authentication on R1.

R1(config)#key chain edurainbow
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#
R1(config-if)#ip authentication key-chain eigrp 50 edurainbow
R1(config-if)#ip authentication mode eigrp 50 md5
R1(config-if)#end
R1(config)#
5"Use clear ip route *" command to speed up converge.

6Then check the routing table of R1 and R2 again.
R1#show ip route
C
D
172.16.0.0/16 is a summary, 00:00:16, Null0
C
D
10.0.0.0/8 is a summary, 00:00:16, Null0
R1#
R2#show ip route
C
D
172.16.0.0/16 is a summary, 00:02:53, Null0
C
R2#
This time the neighbor is down and EIGRP routes are missing.
*Mar 14 15:35:27.343: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial1/0) is up:
new adjacency
*Mar 14 15:35:29.767: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial1/0) is down:
Auth failure
7 Check the neighbor table of R2 we found no item there.

8Config EIGRP authentication on R2.

R2#
R2(config)#key chain edurainbow
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string cisco
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#
R2(config-if)#ip authentication key-chain eigrp 50 edurainbow
R2(config-if)#ip authentication mode eigrp 50 md5
R2(config-if)#exit
R2(config)#exit
R2(config)#
9Then we found neighbor is up again.

*Mar 14 15:46:04.071: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 50: Neighbor 172.16.1.9 (Serial1/0) is up:
new adjacency
H
Address
Interface
Hold Uptime
SRTT
RTO Q Seq
(sec)
(ms)
Cnt Num
0
172.16.1.9
Se1/0
11 00:01:17
28
200 0 8
10Check the routing table of R1 and R2 we found the RIGRP routes are back.
R1#show ip route
C
D
172.16.0.0/16 is a summary, 00:08:41, Null0
C
D
10.0.0.0/8 is a summary, 00:08:42, Null0
D
192.168.1.0/24 [90/2297856] via 172.16.1.10, 00:02:54, Serial1/1
R1#
R2#show ip route
C
D
172.16.0.0/16 is a summary, 00:08:28, Null0
D
10.0.0.0/8 [90/2297856] via 172.16.1.9, 00:03:44, Serial1/0
C
Understand EIGRP Query Lab

Topology
Lab Purpose:
1Understand EIGRP route update mechanism.
2Master EIGRP debug command.
3Master stub configuration.

Lab Steps:

3Check EIGRP routing table of R1 R2 R3.
D
172.16.1.4/30 [90/2681856] via 172.16.1.2, 00:01:20, Serial1/1
D
172.16.0.0/16 is a summary, 00:01:00, Null0
D
10.0.0.0/8 is a summary, 00:00:59, Null0
R1#
D 10.0.0.0/8 [90/2297856] via 172.16.1.1, 00:01:16, Serial1/0
D 192.168.1.0/24 [90/2172416] via 172.16.1.1, 00:01:21, Serial1/0
[90/2172416] via 172.16.1.6, 00:01:21, Serial1/1
R2#
R3#sh ip route eigrp
D
172.16.0.0/16 is a summary, 00:01:30, Null0
D
172.16.1.0/30 [90/2681856] via 172.16.1.5, 00:01:36, Serial1/0
D
R3#
4Debug EIGRP on R2 to track update.
R2#debug eigrp fsm
EIGRP FSM Events/Actions debugging is on
R2#debug eigrp packets query

EIGRP Packets debugging is on
(QUERY)
5Shutdown loopback0 on R1 to simulate a network issue.
R1(config)#interface loopback 0
R1(config-if)#shutdown
6Check debug information on R2.
*Mar 15 22:03:26.087: EIGRP: Received QUERY on Serial1/0 nbr 172.16.1.1
*Mar 15 22:03:26.091:
AS 50, Flags 0x0, Seq 127/192 idbQ 0/0 iidbQ
un/rely 0/0 peerQ un/rely 0/0
*Mar 15 22:03:26.095: DUAL: rcvquery: 10.1.1.0/24 via 172.16.1.1 metric
4294967295/4294967295, RD is 2297856
*Mar 15 22:03:26.095: DUAL: Find FS for dest 10.1.1.0/24. FD is 2297856,
RD is 2297856
*Mar 15 22:03:26.099: DUAL:
172.16.1.1 metric 4294967295/4294967295
*Mar 15 22:03:26.099: DUAL:
172.16.1.6 metric 2300416/156160 found
Dmin is 2300416
*Mar 15 22:03:26.099: DUAL: send REPLY(R1/n1) about 10.1.1.0/24 to
172.16.1.1
*Mar 15 22:03:26.099: DUAL: RT installed 10.1.1.0/24 via 172.16.1.6
*Mar 15 22:03:26.099: DUAL: Send update about 10.1.1.0/24. Reason:
metric chg
*Mar 15 22:03:26.099: DUAL: Send update about 10.1.1.0/24. Reason: new
if
*Mar 15 22:03:26.151:
4294967295/4294967295, RD is 2300416
RD is 2300416
*Mar 15 22:03:26.159: DUAL:
172.16.1.6 metric 4294967295/4294967295
*Mar 15 22:03:26.159: DUAL:
172.16.1.1 metric 4294967295/4294967295
not found Dmin is 4294967295
*Mar 15 22:03:26.159: DUAL: Peer total/stub 2/0 template/full-stub 2/0
*Mar 15 22:03:26.159: DUAL: Dest 10.1.1.0/24 entering active state.
*Mar 15 22:03:26.159: DUAL: Set reply-status table. Count is 2.
*Mar 15 22:03:26.159: DUAL: Not doing split horizon
*Mar 15 22:03:26.159: DUAL: Going from state 1 to state 3
*Mar 15 22:03:26.171: EIGRP: Enqueueing QUERY on Serial1/1 iidbQ un/rely
0/1 serno 148-148
*Mar 15 22:03:26.175: EIGRP: Enqueueing QUERY on Serial1/1 nbr

172.16.1.6 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 148-148
*Mar 15 22:03:26.179: EIGRP: Sending QUERY on Serial1/1 nbr 172.16.1.6
*Mar 15 22:03:26.179:
un/rely 0/0 peerQ un/rely 0/1 serno 148-148
0/1 serno 148-148
*Mar 15 22:03:26.207:
*Mar 15 22:03:26.215: DUAL: rcvreply: 10.1.1.0/24 via 172.16.1.6 metric
4294967295/4294967295
*Mar 15 22:03:26.219: DUAL: reply count is 2
*Mar 15 22:03:26.219: DUAL: Clearing handle 1, count now 1
4294967295/4294967295
*Mar 15 22:03:26.271: DUAL: Freeing reply status table
*Mar 15 22:03:26.271: DUAL: Find FS for dest 10.1.1.0/24. FD is
4294967295, RD is 4294967295 found
According to the debug output there are 4 query packets and 4 respond packets, thing if
there are hundreds of routers the query will be huge. We could use manually summarize
and stub feature to restrict the query scope.
7Manually summary on R1 and R3.
R1(config-if)#no shutdown
8Check routing table of R2 and R3 again to make sure they have learned the summary
route.
172.16.0.0/16 [90/2684416] via 172.16.1.1, 00:15:27, Serial1/0

D
10.1.1.0 [90/2297856] via 172.16.1.1, 00:00:27, Serial1/0
D
192.168.1.0/24 [90/2172416] via 172.16.1.1, 00:15:09, Serial1/0
[90/2172416] via 172.16.1.6, 00:15:09, Serial1/1
R2#ping 10.1.1.1
!!!!!
R2#
R3>show ip route eigrp
D
172.16.0.0/16 is a summary, 00:15:43, Null0
D
172.16.1.0/30 [90/2172416] via 192.168.1.1, 00:15:43,
FastEthernet0/0
D
R3>
R3>ping 10.1.1.1
!!!!!
R3>
9Shutdown loopback0 on R1 again to check the debug message on R2.
*Mar 15 22:11:17.871:
*Mar 15 22:11:17.875: DUAL: dest(10.1.1.0/24) not active
4294967295/4294967295, RD is 4294967295
172.16.1.1
4294967295/4294967295, RD is 2297856

RD is 2297856
*Mar 15 22:11:17.883: DUAL:
172.16.1.1 metric 4294967295/4294967295
*Mar 15 22:11:17.887: DUAL:
172.16.1.6 metric 2300416/156160 found
Dmin is 2300416
172.16.1.1
metric chg
if
*Mar 15 22:11:17.903:
*Mar 15 22:11:17.907: DUAL: dest(10.1.1.0/24) not active
4294967295/4294967295, RD is 4294967295
172.16.1.6
*Mar 15 22:11:17.951: DUAL: Removing dest 10.1.1.0/24, nexthop
172.16.1.1
*Mar 15 22:11:17.955: DUAL: Removing dest 10.0.0.0/8, nexthop 172.16.1.1
*Mar 15 22:11:18.015: DUAL: Removing dest 10.1.1.0/24, nexthop
172.16.1.6
*Mar 15 22:11:18.015: DUAL: No routes. Flushing dest 10.1.1.0/24
*Mar 15 22:11:18.023:
4294967295/4294967295, RD is 2300416
RD is 2300416
*Mar 15 22:11:18.031: DUAL:
172.16.1.6 metric 4294967295/4294967295
*Mar 15 22:11:18.039: DUAL: Doing split horizon on Serial1/1

0/1 serno 161-161
0/1 serno 161-161
*Mar 15 22:11:18.063:
*Mar 15 22:11:18.119: DUAL: dest(10.0.0.0/8) active
4294967295/4294967295
*Mar 15 22:11:18.123: DUAL: Freeing reply status table
*Mar 15 22:11:18.123: DUAL: Find FS for dest 10.0.0.0/8. FD is
4294967295, RD is 4294967295 found
172.16.1.6
*Mar 15 22:11:18.171: DUAL: No routes. Flushing dest 10.0.0.0/8
Obviously query packets for network 10.1.1.0/24 decrease to 2 this time.
10To deeply solve the issue, we enable EIGRP stub feature on R2 to stop query
packets for network 10.1.1.0/24.
R2(config-router)#eigrp stub
11Check the neighbor table on R1 to see the stub feature.
R1#show ip eigrp neighbors detail
H
Address
Interface
Hold Uptime
Seq
(sec)
Num
SRTT
(ms)
RTO
Q
Cnt
0
172.16.1.2
Se1/1
12 00:01:01
220
Version 12.3/1.2, Retrans: 0, Retries: 0
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Suppressing queries
1
192.168.1.2
Fa0/0
14 01:09:11
159
Version 12.3/1.2, Retrans: 1, Retries: 0
216
1296
75
450
12Shutdown loopback0 of R1 again to see the debug output of R2.

*Mar 15 22:22:31.371: DUAL: rcvupdate: 10.0.0.0/8 via 172.16.1.1 metric
4294967295/4294967295
RD is 2297856
*Mar 15 22:22:31.375: DUAL:
172.16.1.1 metric 4294967295/4294967295
*Mar 15 22:22:31.375: DUAL:
172.16.1.6 metric 2300416/156160 found
Dmin is 2300416
metric chg
if
*Mar 15 22:22:31.587: DUAL: rcvupdate: 10.0.0.0/8 via 172.16.1.6 metric
4294967295/4294967295
RD is 2300416
*Mar 15 22:22:31.591: DUAL:
172.16.1.6 metric 4294967295/4294967295
*Mar 15 22:22:31.595: DUAL: Not doing split horizon
0/1 serno 169-169
0/1 serno 169-169

*Mar 15 22:22:31.623:
*Mar 15 22:22:31.627:
*Mar 15 22:22:31.711: DUAL: dest(10.0.0.0/8) active
4294967295/4294967295
This time R2 will not receive any query packet for network 10.1.1.0/24
Configuring Basic Multi Area OSPF and Area Summary Lab

Topology
Lab Purpose:
1Master OSPF multi area configuration.
2Distinguish routes from different areas.
3Master OSPF route summary configuration.
4Master OSPF basic configuration.
Lab Steps:

2Enable OSPF 1 on R1, assign interfaces to the relevant area according to the
topology.
R1(config)#router ospf 1
R1(config-router)#network 10.1.2.0 0.0.0.255 area 1
3Enable OSPF 1 on R2, assign interfaces to relevant area according to the topology.
R2(config)#exit
4Refer to R1 and R2, finish the OSPF configuration on R3 and R4.
5Check OSPF neighbor relationship on R2.
R2#show ip ospf neighbor
Neighbor ID Pri State
Dead Time Address
Interface
192.168.1.9
1 FULL/ 00:00:39 192.168.1.6 Serial1/1
10.1.2.1
1 FULL/ 00:00:37 192.168.1.1 Serial1/0
6Check the routing table of R1 to see OSPF route from different areas.
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

O IA 172.16.1.1 [110/193] via 192.168.1.2, 00:02:23, Serial1/1
O IA 172.16.2.1 [110/193] via 192.168.1.2, 00:02:23, Serial1/1
C
10.1.2.0 is directly connected, Loopback1
C
O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:02:58, Serial1/1
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:05:06, Serial1/1
7Check OSPF link state database of R1.

R1#show ip ospf database
OSPF Router with ID (10.1.2.1) (Process ID 1)
Router Link States (Area 1)
Link ID
ADV Router Age
Seq#
Checksum Link count
10.1.2.1
10.1.2.1
492
0x80000004 0x00C83F 4
192.168.1.5 192.168.1.5 486
0x80000003 0x002BB5 2
Summary Net Link States (Area 1)

Link ID
ADV Router Age
172.16.1.1 192.168.1.5 315
172.16.2.1 192.168.1.5 315
192.168.1.4 192.168.1.5 479
192.168.1.8 192.168.1.5 350
Seq#
Checksum
0x80000001 0x00CCC0
0x80000001 0x00C1CA
0x80000001 0x00E33E
0x80000001 0x003E9F
8Use ping to test the connectivity on R1.

R1#ping 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 216/240/288
ms
R1#
9Check the routing table and OSPF link state database on R4.
R4#show ip route
C
C
O IA 10.1.2.0 [110/193] via 192.168.1.9, 00:15:14, Serial1/0
O IA 10.1.1.0 [110/193] via 192.168.1.9, 00:15:14, Serial1/0
C
O IA 192.168.1.0 [110/192] via 192.168.1.9, 00:15:14, Serial1/0
O IA 192.168.1.4 [110/128] via 192.168.1.9, 00:15:14, Serial1/0
R4#
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.2.1 172.16.2.1 1223
0x80000004 0x00B871 4
192.168.1.9 192.168.1.9 1224
0x80000002 0x00EA2E 2
Link ID
ADV Router Age
Seq#
Checksum
10.1.1.0
192.168.1.9 2
0x80000001 0x00B586
10.1.2.0
192.168.1.9 2
0x80000001 0x00AA90
192.168.1.0 192.168.1.9 1265
0x80000001 0x00766B
192.168.1.4
192.168.1.9
1265
0x80000001 0x00CB52
As you see all the area 1 specific routes are in the routing table of R4, we could do
something to make it smaller.
10Config OSPF area summary on R2.
R2(config-router)#area 1 range 10.1.0.0 255.255.0.0
R2(config)#exit
11Check the routing table and OSPF database on R4 again.
R4#show ip route
C
C
O IA 10.1.0.0 [110/193] via 192.168.1.9, 00:00:32, Serial1/0
C
O IA 192.168.1.0 [110/192] via 192.168.1.9, 00:18:36, Serial1/0
O IA 192.168.1.4 [110/128] via 192.168.1.9, 00:18:36, Serial1/0
R4#
Link ID
ADV Router Age
172.16.2.1 172.16.2.1 6
192.168.1.9 192.168.1.9 13
Seq#
Checksum Link count
0x80000005 0x00B672 4
0x80000004 0x00E630 2

Link ID
ADV Router Age
Seq#
Checksum
10.1.0.0
192.168.1.9 29
0x80000001 0x00C07C
192.168.1.0 192.168.1.9 1325
0x80000001 0x00766B
192.168.1.4 192.168.1.9 1325
0x80000001 0x00CB52
Configuring OSPF in NBMA Lab
Topology
Lab Purpose:
1Master OSPF in NBMA network configuration.
2Master OSPF interface network type configuration.
3Master OSPF interface priority configuration.
Lab Steps:
2Enable OSPF on all routers and use default network type.
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#ip ospf network point-to-point
R1(config-if)#exit
R1(config)#
R1(config-if)#ip add 192.168.1.1 255.255.255.0

R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp

R1(config-if)#frame-relay map ip 192.168.1.2 102 broadcast

R1(config-if)#exit
R1(config)#
R1(config)#
R2(config-if)#exit
R2(config)#

R2(config-if)#exit
R2(config)#
R2(config)#
R3(config-if)#exit
R3(config)#
R3(config-if)#exit
R3(config)#
R3(config)#
3Check the OSPF neighbor table on R1 we can see no neighbor is up.
4Check Serial 1/2 OSPF information on R1.
R1#show ip ospf interface serial 1/2
Serial1/2 is up, line protocol is up
Internet Address 192.168.1.1/24, Area 0
Process ID 1, Router ID 172.16.1.1, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 172.16.1.1, Interface address 192.168.1.1
No backup designated router on this network

Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:15
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
5According to the above information we could see the default OSPF network type for
NBMA is NON_BROADCAST, So OSPF will not send out its hello packet which based on
multi-cast.
6One solution is to manually assign OSPF neighbor.
R1(config-router)#neighbor 192.168.1.2
7Then we can see the neighbors are up.
*Jun 18 15:36:16.743: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.4.1 on Serial1/2 from
LOADING to FULL, Loading Done
*Jun 18 15:36:16.747: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.3.1 on Serial1/2 from
LOADING to FULL, Loading Don
8Check the OSPF neighbor table on R1.
Neighbor ID
172.16.3.1
172.16.4.1
Pri State
Dead Time Address
Interface
1 FULL/DROTHER 00:01:31 192.168.1.2 Serial1/2
1 FULL/DR
00:01:57 192.168.1.3 Serial1/2
9Beside manually allocate, we could also change the OSPF network type to build the
neighbor relationship. Let's first remove the manually allocate configuration, then
change the OSPF network type to broadcast.
R1(config-router)#no neighbor 192.168.1.2

R1(config-if)#ip ospf network broadcast
R1(config-if)#exit
R2(config-if)#exit
R3(config-if)#exit
10Check serial 1/2 OSPF information on R1.
R1#show ip ospf interface serial 1/2
Serial1/2 is up, line protocol is up
Internet Address 192.168.1.1/24, Area 0
Process ID 1, Router ID 172.16.1.1, Network Type BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Network type is BROADCAST now.

11Check OSPF neighbor table on R1 R2 R3.
Neighbor ID
172.16.3.1
172.16.4.1
R1#
Pri State
Dead Time Address
Interface
1 FULL/DR
00:00:33 192.168.1.3 Serial1/2

Neighbor ID
172.16.1.1
R2#
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:30 192.168.1.1 Serial1/2

Neighbor ID
172.16.1.1
R3#
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:39 192.168.1.1 Serial1/2
12Look at the above OSPF neighbor table we can see:

R1 considers 172.16.4.1(R3) as DR, 172.16.3.1(R2) as DROTHER, itself as BDR.
R2 considers 172.16.1.1(R1) as BDR, itself as DR.
R3 considers 172.16.1.1(R1) as BDR, itself as DR.
As the frame-relay network is not full mesh, it has only two PVC one is between R1 and
R2, the other is between R1 and R3, to make sure everyone will receive LSU (LAS
update), R1 should be the DR.
13Change interface OSPF priority to 0 on R2 and R3, so neither R2 nor R3 will
participate in DR/BDR selection.
R2(config-if)#ip ospf priority 0
R2(config-if)#exit
R2(config)#
R3(config-if)#ip ospf priority 0
R3(config-if)#exit
14Check OSPF neighbor table on R1 R2 R3, we can see R1 is always the DR.
Neighbor ID
172.16.3.1
172.16.4.1
R1#
Pri State
Dead Time Address
Interface

Neighbor ID
172.16.1.1
R2#
Pri State
1 FULL/DR
Dead Time Address

Interface
00:00:31 192.168.1.1 Serial1/2

Neighbor ID
172.16.1.1
Pri State
1 FULL/DR
Dead Time Address

Interface
00:00:38 192.168.1.1 Serial1/2
15We could also change the OSPF network type to P2P, then there will be no DR/BDR
selection.
OSPF network type diagram.
Configuring OSPF Authentication Lab

Topology
Lab Purpose:
1Master OSPF interface and area authentication configuration.
Lab Steps:
1Master OSPF in NBMA network configuration.
2Finish OSPF basic configuration.
3 Check the routing table of R1 and R2
R1#show ip route
O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:02, Serial1/1
O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:02, Serial1/1
C
C
O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:12, Serial1/1
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:05:47, Serial1/1
R2#show ip route
O IA 172.16.1.0 [110/129] via 192.168.1.6, 00:09:16, Serial1/1
O IA 172.16.2.0 [110/129] via 192.168.1.6, 00:09:16, Serial1/1
O
10.1.2.0 [110/65] via 192.168.1.1, 00:14:00, Serial1/0
O
10.1.1.0 [110/65] via 192.168.1.1, 00:14:00, Serial1/0
O IA 192.168.1.8 [110/128] via 192.168.1.6, 00:09:26, Serial1/1
C
4Enable OSPF interface simple password authentication on R1.

R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key www.ccieuniversity.com
R1(config-if)#exit
5Enable OSPF debug on R1.
R1#Debug ip ospf adj
00:30:33: OSPF: 192.168.1.5 address 192.168.1.2 on Serial1/1 is dead
00:30:33: OSPF: 192.168.1.5 address 192.168.1.2 on Serial1/1 is dead, state DOWN
00:30:33: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from FULL to
DOWN, Neighbor Down: Dead timer expired
00:30:35: OSPF: Rcv pkt from 192.168.1.2, Serial1/1 : Mismatch Authentication type.
Input packet specified type 0, we use type 1
00:54:45: OSPF: Rcv pkt from 192.168.1.2, Serial1/1 : Mismatch Authentication Key Clear Text
6Enable OSPF interface simple password authentication on R2.
R2(config)#interface s1/1
R2(config-if)#ip ospf authentication
R2(config-if)#exit
R2(config)#exit
7Check the debug output again on R1.
00:54:55: OSPF: 2 Way Communication to 192.168.1.5 on Serial1/1, state 2WAY
00:54:55: OSPF: Send DBD to 192.168.1.5 on Serial1/1 seq 0x2154 opt 0x42 flag 0x7 len
32
00:54:55: OSPF: Rcv DBD from 192.168.1.5 on Serial1/1 seq 0x182 opt 0x42 flag 0x7 len
32 mtu 1500 state EXSTART
00:54:55: OSPF: NBR Negotiation Done. We are the SLAVE
152
152 mtu 1500 state EXCHANGE
32
00:54:55: OSPF: Database request to 192.168.1.5
00:54:55: OSPF: sent LS REQ packet to 192.168.1.2, length 60
32 mtu 1500 state EXCHANGE
00:54:55: OSPF: Exchange Done with 192.168.1.5 on Serial1/1

00:54:55: OSPF: Send DBD to 192.168.1.5 on Serial1/1 seq 0x184 opt 0x42 flag
R1#0x0 len 32
00:54:55: OSPF: Synchronized with 192.168.1.5 on Serial1/1, state FULL
00:54:55: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.5 on Serial1/1 from LOADING to
FULL, Loading Done
00:54:56: OSPF: Build router LSA for area 1, router ID 10.1.2.1, seq 0x8000000C
R1#show ip route
O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:53, Serial1/1
O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:53, Serial1/1
C
C
O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:53, Serial1/1
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:01:53, Serial1/1
8Remove OSPF interface simple password authentication and enable interface MD5
authentication on R1 and R2.
R1(config-if)#no ip ospf authentication
R1(config-if)#no ip ospf authentication-key www.ccieuniversity.com
R1(config-if)#exit
R1(config)#exit
R2(config-if)#no ip ospf authentication
R2(config-if)#exit
R2(config)#exit
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 www.ccieuniversity.com
R1(config-if)#exit
R1(config)#
R2(config-if)#ip ospf authentication message-digest

R2(config-if)#exit
R2(config)#
R1#show ip route
O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:00:05, Serial1/1
O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:00:05, Serial1/1
C
C
O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:00:05, Serial1/1
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:00:05, Serial1/1
10Remove OSPF interface MD5 authentication and enable OSPF area simple
password authentication on R1 and R2.
R1(config-if)#no ip ospf authentication message-digest
R1(config-if)#no ip ospf message-digest-key 1 md5 www.ccieuniversity.com
R1(config-if)#exit
R1(config)#
R2(config-if)#no ip ospf authentication message-digest
R2(config-if)#no ip ospf message-digest-key 1 md5 www.ccieuniversity.com
R2(config-if)#exit
R1(config-router)#area 1 authentication
R1(config-if)#exit
R1(config)#exit
R2(config-router)#area 1 authentication
R2(config-if)#exit
R1#show ip route
O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:19, Serial1/1
O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:19, Serial1/1
C
C
O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:19, Serial1/1
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:01:19, Serial1/1
12Remove OSPF area simple password authentication and enable OSPF area MD5
authentication on R1 and R2.
R1(config-router)#no area 1 authentication
R1(config-if)#exit
R1(config)#exit
R2(config-router)#no area 1 authentication
R2(config-if)#exit
R1(config-router)#area 1 authentication message-digest

R1(config-if)#exit
R1(config)#
R2(config-router)#area 1 authentication message-digest
R2(config-if)#exit
R2(config)#
R1#show ip route
O IA 172.16.1.0 [110/193] via 192.168.1.2, 00:01:19, Serial1/1
O IA 172.16.2.0 [110/193] via 192.168.1.2, 00:01:19, Serial1/1
C
C
O IA 192.168.1.8 [110/192] via 192.168.1.2, 00:01:19, Serial1/1
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:01:19, Serial1/1
Configuring OSPF External Summary Lab

Topology
Lab Purpose:
1Master OSPF external route summary configuration.
Lab Steps:
1Finish basic IP configuration, and routing configuration.
2Make R3 as the ASBR.
R3(config)#exit
R3(config)#router rip
3check the routing table on R1 and R2.
R1#show ip route
C
C
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:03:50, Serial1/1
4Enable redistribution on R3.
R3(config-router)#redistribute rip metric 200 subnets
R3(config-router)#redistribute ospf 1 metric 10
R3(config)#
5Check the routing table on R1 again.
R1#show ip route
O E1 172.16.1.0 [110/328] via 192.168.1.2, 00:04:22, Serial1/1
O E1 172.16.2.0 [110/328] via 192.168.1.2, 00:04:22, Serial1/1
O E1 172.16.3.0 [110/328] via 192.168.1.2, 00:04:22, Serial1/1
C
C
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:16:54, Serial1/1
6Check OSPF link state database on R1.
Link ID
ADV Router Age
Seq#
Checksum Link count
10.1.2.1
10.1.2.1
1413
0x80000009 0x0003FD 4
192.168.1.5 192.168.1.5 1413
0x80000006 0x0025B8 2
Link ID
ADV Router Age
Seq#
Checksum
192.168.1.4 192.168.1.5 1437
0x80000001 0x00E33E
Summary ASB Link States (Area 1)
Link ID
ADV Router Age
Seq#
Checksum
192.168.1.6 192.168.1.5 1061
0x80000001 0x00D348
Type-5 AS External Link States
Link ID
ADV Router Age
Seq#
Checksum Tag
172.16.1.0 192.168.1.6 3603
0x80000003 0x00CF35 0
172.16.2.0 192.168.1.6 3603
0x80000003 0x00C43F 0
172.16.3.0
192.168.1.6
3603
0x80000003 0x00B949 0
7In order to decrease the routing table on R1, we could enable OSPF external
summary on R3.
R3(config-router)#summary-address 172.16.0.0 255.255.0.0
R3(config)#exit
8Check the routing table on R1 again.
R1#show ip route
O E1 172.16.0.0/16 [110/328] via 192.168.1.2, 00:01:29, Serial1/1
C
C
C
O IA 192.168.1.4 [110/128] via 192.168.1.2, 00:24:56, Serial1/1
Configuring OSPF Default Route With Metric Lab

Topology
Lab Purpose:
1Learn how to use metrics to control OSPF default route selection.
Lab Steps:
1Finish basic IP configuration, and routing configuration.
2Finish frame-relay configuration on R1 and R4.
R1(config)#exit
R4(config)#exit
3Check routing table on R2, and try to ping the below RIP network.
R2#show ip route
C
C
R2#
R2#ping 10.1.1.1

.....
4To make sure the whole network is reachable, enable redistribution on R1 and R3.
R1(config)#
R1(config-router)# default-information originate always
R1(config)#exit
R3(config)#
R3(config-router)# default-information originate always
R3(config)#exit
5Check the routing table on R2 again and try to ping the below RIP network.
R2#show ip route
O E2 10.0.0.0/8 [110/20] via 192.168.1.1, 00:01:19, Serial1/0
C
C
O*E2 0.0.0.0/0 [110/1] via 192.168.1.6, 00:01:19, Serial1/1
[110/1] via 192.168.1.1, 00:01:19, Serial1/0
R2#
R2#ping 172.16.1.1
!!!!!
6If we would like to make R3 as the major next-hop, R1 as the backup next-hop, then
we could change the OSPF default route metric.
R1(config-router)#default-information originate always metric 100
R3(config-router)#default-information originate always metric 50
7Check the routing table of R2, we can see R3 is the next-hop now.
R2#show ip route
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
O E2 10.0.0.0/8 [110/20] via 192.168.1.1, 00:08:05, Serial1/0
C
C
O*E2 0.0.0.0/0 [110/50] via 192.168.1.6, 00:00:32, Serial1/1
Configuring OSPF Stub Area Lab

Topology
Lab Purpose:
1Master OSPF stub area configuration.
Lab Steps:
1Finish basic IP configuration.
2Finish basic OSPF and RIP configuration.
3Enable redistribution between OSPF and RIP on R3.
R3(config-router)#redistribute rip subnets metric 200
R3(config)#
R3(config)#exit
4Check routing table on R1.
R1#show ip route
C
O IA 172.16.255.4/30 [110/128] via 172.16.255.2, 00:07:32, Serial1/1
O IA 172.16.255.8/30 [110/192] via 172.16.255.2, 00:06:57, Serial1/1
C
O IA 172.16.2.0/24 [110/193] via 172.16.255.2, 00:06:05, Serial1/1

O E2 10.0.0.0/8 [110/200] via 172.16.255.2, 00:02:01, Serial1/1
O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:02:01, Serial1/1
R1#
R1#ping 10.1.1.1
!!!!!
R1#
5Check OSPF link state database on R1.
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.1.1 172.16.1.1 682
0x80000003 0x003BE1 3
172.16.255.5 172.16.255.5 677
0x80000003 0x0035B1 2
Link ID
ADV Router Age
Seq#
Checksum
172.16.2.0 172.16.255.5 581
0x80000001 0x004CEE
172.16.255.4 172.16.255.5 668
0x80000001 0x009BE1
172.16.255.8 172.16.255.5 633
0x80000001 0x00F543
Link ID
ADV Router Age
Seq#
Checksum
192.168.1.1 172.16.255.5 342
0x80000001 0x008648
Link ID
ADV Router Age
Seq#
Checksum Tag
10.0.0.0
192.168.1.1 348
0x80000001 0x005B1B 0
192.168.1.0 192.168.1.1 348
0x80000001 0x0021F4 0
6According to the above output we can see external routes are in the routing table of
R1, if we would like to use a default route instead of the specific external routes, we
could set stub area.
R1(config-router)#area 1 stub
R1(config)#exit
R2(config)#
7Check OSPF link state database again.
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.1.1 172.16.1.1 155
0x80000005 0x0055C7 3
172.16.255.5 172.16.255.5 155
0x80000005 0x004F97 2
Link ID
ADV Router Age
Seq#
Checksum
0.0.0.0
172.16.255.5 168
0x80000001 0x00017B
172.16.2.0 172.16.255.5 168
0x80000002 0x0068D3
172.16.255.4 172.16.255.5 168
0x80000002 0x00B7C6
172.16.255.8 172.16.255.5 168
0x80000002 0x001228
Type 4 and type 5 LSA is not in the database of R1.
8Check the routing table of R1 we can see there is a default route instead the
previous external routes.
R1#show ip route
C
O IA 172.16.255.4/30 [110/128] via 172.16.255.2, 00:04:19, Serial1/1
O IA 172.16.255.8/30 [110/192] via 172.16.255.2, 00:04:19, Serial1/1
C
O IA 172.16.2.0/24 [110/193] via 172.16.255.2, 00:04:19, Serial1/1
O*IA 0.0.0.0/0 [110/65] via 172.16.255.2, 00:04:19, Serial1/1
9Ping to test the connectivity.
R1#ping 10.1.1.1
!!!!!
Configuring OSPF Totally Stub Area Lab

Topology
Lab Purpose:
1Master OSPF totally stub area configuration.
Lab Steps:
3Enable redistribution between OSPF and RIP on R3.
R3(config-router)#redistribute rip subnets metric 200
R3(config)#
R3(config)#exit
4First Set area 1 as ospf stub area.

5Check OSPF routing table and OSPF links state database.
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.1.1 172.16.1.1 155
0x80000005 0x0055C7 3
172.16.255.5 172.16.255.5 155
0x80000005 0x004F97 2
Link ID
ADV Router Age
Seq#
Checksum
0.0.0.0
172.16.255.5 168
0x80000001 0x00017B
172.16.2.0 172.16.255.5 168
0x80000002 0x0068D3
172.16.255.4 172.16.255.5 168
0x80000002 0x00B7C6
172.16.255.8 172.16.255.5 168
0x80000002 0x001228
Type 4 and 5 LSA have gone.
R1#show ip route
C
O IA 172.16.255.4/30 [110/128] via 172.16.255.2, 00:04:19, Serial1/1
O IA 172.16.255.8/30 [110/192] via 172.16.255.2, 00:04:19, Serial1/1
C
O IA 172.16.2.0/24 [110/193] via 172.16.255.2, 00:04:19, Serial1/1
O*IA 0.0.0.0/0 [110/65] via 172.16.255.2, 00:04:19, Serial1/1
6We can see there is a default route instead of external routes, we can still decrease
the size of routing table.
R2(config-router)#area 1 stub no-summary
R2(config)#exit
R1(config)#exit

R1#show ip route
C
C
O*IA 0.0.0.0/0 [110/65] via 172.16.255.2, 00:34:32, Serial1/1
We can see the default route instead of all the external and inter-area routes.
8Check the OSPF link state database of R1, we can see there are only type 1 LSA and
type 3 for default route link LSA.
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.1.1 172.16.1.1 387
0x80000006 0x0053C8 3
172.16.255.5 172.16.255.5 412
0x80000006 0x004D98 2
Link ID
0.0.0.0

ADV Router Age
Seq#
Checksum
172.16.255.5 295
0x80000003 0x00FC7D
9Ping to test.
R1#ping 10.1.1.1
.!!!!
Configuring OSPF NSSA Area and NSSA Totally Stub Lab
Topology
Lab Purpose:
1Master NSSA area and NSSA totally stub area configuration.
Lab Steps:
3Enable redistribution on R2 and R5.
R2(config)#
R2(config)#exit
R5(config)#
R5(config)#exit
4Check OSPF routing table and link state database on R3.

Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.255.1 172.16.255.1 534
0x80000005 0x008564 2
172.16.255.5 172.16.255.5 679
0x80000004 0x007390 4
172.16.255.9 172.16.255.9 672
0x80000003 0x00A42F 2
Link ID
ADV Router Age
Seq#
Checksum
172.16.255.8 172.16.255.9 662
0x80000001 0x005B1A
Link ID
ADV Router Age
Seq#
Checksum
192.168.1.1 172.16.255.9 98
0x80000001 0x006E5C
Link ID
ADV Router Age
Seq#
Checksum Tag
131.131.1.0 172.16.255.1 513
0x80000001 0x007BAA 0
131.131.2.0 172.16.255.1 513
0x80000001 0x0070B4 0
192.168.1.0 192.168.1.1 94
0x80000002 0x001FF5 0
192.168.2.0 192.168.1.1 94
0x80000002 0x0014FF 0
R3#
R3#show ip route
C
C
O IA 172.16.255.8 [110/128] via 172.16.255.6, 00:07:46, Serial1/1
O E2 131.131.1.0 [110/200] via 172.16.255.1, 00:00:30, Serial1/0
O E2 131.131.2.0 [110/200] via 172.16.255.1, 00:00:30, Serial1/0
O E2 192.168.1.0/24 [110/200] via 172.16.255.6, 00:00:30, Serial1/1
O E2 192.168.2.0/24 [110/200] via 172.16.255.6, 00:00:30, Serial1/1
4As area1 connects to an external network, so we could not set area1 to a pure stub
area.
5Set area1 to NSSA stub area on R4.

R4(config-router)#area 1 nssa default-information-originate
R4(config)#
R3(config-router)#area 1 nssa
R3(config)#exit
R2(config-router)#area 1 nssa
R2(config)#exit
8Check OSPF routing table and link state database on R3 again.
R3#show ip route
C
C
O IA 172.16.255.8 [110/128] via 172.16.255.6, 00:01:10, Serial1/1
O N2 131.131.1.0 [110/200] via 172.16.255.1, 00:01:10, Serial1/0
O N2 131.131.2.0 [110/200] via 172.16.255.1, 00:01:10, Serial1/0
O*N2 0.0.0.0/0 [110/1] via 172.16.255.6, 00:01:10, Serial1/1
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.255.1 172.16.255.1 314
0x80000007 0x0027BA 2
172.16.255.5 172.16.255.5 314
0x80000008 0x0011E8 4
172.16.255.9 172.16.255.9 450
0x80000005 0x004C7D 2

Link ID
ADV Router Age
Seq#
Checksum
172.16.255.8 172.16.255.9 850
0x80000002 0x00FE6F
Type-7 AS External Link States (Area 1)
Link ID
ADV Router Age
Seq#
Checksum Tag
0.0.0.0
172.16.255.9 850
0x80000001 0x00C464 0
131.131.1.0 172.16.255.1 318
0x80000001 0x00213D 0
131.131.2.0 172.16.255.1 318
0x80000001 0x001647 0
9Check routing table on R1 and R2.
R2#show ip route
C
O
172.16.255.4 [110/128] via 172.16.255.2, 00:07:26, Serial1/1
O IA 172.16.255.8 [110/192] via 172.16.255.2, 00:07:26, Serial1/1
R
131.131.1.0 [120/1] via 131.131.2.2, 00:00:06, Serial1/0
C
O*N2 0.0.0.0/0 [110/1] via 172.16.255.2, 00:07:26, Serial1/1
R1#show ip route
R 172.16.0.0/16 [120/10] via 131.131.2.1, 00:00:28, Serial1/1
C
C
R* 0.0.0.0/0 [120/10] via 131.131.2.1, 00:00:28, Serial1/1
10Ping test on R1.
R1#ping 192.168.2.1
!!!!!
11To deeply decrease the routing table in area1, we need to set area1 to Totally NSSA
area.
12Only one command need to add on ABR router (R4) to change NSSA to totally NSSA.
R4(config-router)#area 1 nssa no-summary
13Check OSPF routing table and link state database on R3 again.
R3#show ip route
O N2 131.131.1.0 [110/200] via 172.16.255.1, 00:20:24, Serial1/0
O N2 131.131.2.0 [110/200] via 172.16.255.1, 00:20:24, Serial1/0
O*IA 0.0.0.0/0 [110/65] via 172.16.255.6, 00:02:10, Serial1/1
C
C

Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.255.1 172.16.255.1 1504
0x80000007 0x0027BA 2
172.16.255.5 172.16.255.5 1504
0x80000008 0x0011E8 4
172.16.255.9 172.16.255.9 1640
0x80000005 0x004C7D 2
Link ID
0.0.0.0

ADV Router Age
Seq#
Checksum
172.16.255.9 396
0x80000001 0x0070FF
Type-7 AS External Link States (Area 1)

Link ID
ADV Router Age
Seq#
Checksum Tag
0.0.0.0
172.16.255.9 66
0x80000002 0x00C265 0
131.131.1.0 172.16.255.1 1508
0x80000001 0x00213D 0
131.131.2.0 172.16.255.1 1508
0x80000001 0x001647 0
14Check routing table on R1 and R2 and do the ping test.
R2#show ip route

C
O
172.16.255.4 [110/128] via 172.16.255.2, 00:23:09, Serial1/1
R
131.131.1.0 [120/1] via 131.131.2.2, 00:00:17, Serial1/0
C
O*IA 0.0.0.0/0 [110/129] via 172.16.255.2, 00:04:46, Serial1/1
R2#
R1#show ip route
R 172.16.0.0/16 [120/10] via 131.131.2.1, 00:00:13, Serial1/1
C
C
R* 0.0.0.0/0 [120/10] via 131.131.2.1, 00:00:13, Serial1/1
R1#ping 192.168.2.1
!!!!!
15Finally we can see the type 7 LSA has been changed to type 5 LAS.
Link ID
ADV Router Age
Seq#
Checksum Link count
172.16.255.9 172.16.255.9 338
0x80000004 0x005DC2 2
192.168.1.1 192.168.1.1 767
0x80000004 0x002753 2
Link ID
ADV Router Age
Seq#
Checksum
172.16.255.0 172.16.255.9 81
0x80000002 0x002C10
172.16.255.4 172.16.255.9 1337
0x80000002 0x0081F6
Link ID

ADV Router Age
Seq#
Checksum Tag
131.131.1.0 172.16.255.9
131.131.2.0 172.16.255.9
192.168.1.0 192.168.1.1
192.168.2.0 192.168.1.1
1761
1761
767
767
0x80000001 0x0085DA 0
0x80000001 0x007AE4 0
0x80000003 0x001DF6 0
0x80000003 0x001201 0
Configuring OSPF Virtual-Link between normal area and backbone

area Lab
Topology
Lab Purpose:
1Master OSPF Virtual-Link between normal area and backbone area configuration.
Lab Steps:
2Finish basic OSPF configuration on R1 R2 R3 R4.
R1(config)#exit
R2(config)#exit
R3(config)#exit
R4(config)#exit
3Check the neighbor table on R1 and R2.
Dead Time Address
Interface
172.16.255.5 1 FULL/ 00:00:38 172.16.255.2 Serial1/1
172.16.255.9 1 FULL/ 172.16.1.1
1 FULL/ -
Dead Time Address

Interface
00:00:37 172.16.255.6 Serial1/1
00:00:30 172.16.255.1 Serial1/0

R1#show ip route
C
C
Above information tells us R1 could not learn route from area 0, area1, area2, as area3
is not directly connected with area0.
5To solve this issue, we could establish a virtual-link between R2 and R3.
R2(config-router)#area 2 virtual-link 172.16.255.9 (RID of R3)
R2(config)#exit
R3(config-router)#area 2 virtual-link 172.16.255.5 (RID of R2)
R3(config)#exit
8Check OSPF neighbor table on R2.
Neighbor ID
172.16.255.9
172.16.255.9
172.16.1.1
Pri State
0 FULL/ 1 FULL/ 1 FULL/ -
Dead Time Address

172.16.255.6
00:00:30 172.16.255.6
00:00:33 172.16.255.1
Interface
OSPF_VL0
Serial1/1
Serial1/0

R1#show ip route
C
O IA 172.16.255.4/30 [110/128] via 172.16.255.2, 00:08:40, Serial1/1
O IA 172.16.255.8/30 [110/192] via 172.16.255.2, 00:06:20, Serial1/1
O IA 172.16.16.1/32 [110/193] via 172.16.255.2, 00:06:20, Serial1/1
C
10Ping test on R1.
R1#ping 172.16.16.1
!!!!!
Configuring OSPF Virtual-Link between 2 backbone areas Lab
Topology
Lab Purpose:
1Master OSPF Virtual-Link between 2 backbone areas configuration.
Lab Steps:
2Finish basic OSPF configuration on R1 R2 R3 R4.
R1(config)#exit
R2(config)#exit
R3(config)#exit

R4(config)#exit
R1#show ip route
C
O IA 172.16.255.4/30 [110/128] via 172.16.255.2, 00:02:11, Serial1/1
C
R2#show ip route
C
C
O
172.16.1.1/32 [110/65] via 172.16.255.1, 00:05:10, Serial1/0
R3#show ip route
C
C
O IA 172.16.16.1/32 [110/65] via 172.16.255.10, 00:05:16, Serial1/1
R4#show ip route
O IA 172.16.255.4/30 [110/128] via 172.16.255.9, 00:19:32, Serial1/0
C
C
7From the above output we can see none of the 4 routers can learn routes from area
0 of the other side, as area 0 is split by area 2.
8We can set a virtual-link between R2 and R3 to combine two area 0 together.
R2(config-router)#area 2 virtual-link 172.16.255.9
R2(config)#exit
R2#
R3(config-router)#area 2 virtual-link 172.16.255.5
R3(config)#exit
R3#
9Check routing table on R1 we can see the whole network routes are in the routing
table.
R1#show ip route
C
O IA 172.16.255.4/30 [110/128] via 172.16.255.2, 00:01:08, Serial1/1
O
172.16.255.8/30 [110/192] via 172.16.255.2, 00:01:08, Serial1/1
O IA 172.16.16.1/32 [110/193] via 172.16.255.2, 00:01:08, Serial1/1
C
10Ping test on R1.
R1#ping 172.16.16.1
!!!!!
R1#
R1#
R1#ping 172.16.255.9
!!!!!
Understand OSPF Routing Between Inter Area Lab

Topology
Lab Purpose:
1Master OSPF inter-area path selection.
Lab Steps:
1Finish basic IP configuration and OSPF configuration.
2Make sure R1 and R4 could establish OSPF relationship through Frame-relay
network.
3Set OSPF link cost according to the topology.

R3(config-if)#ip ospf cost 2
R3(config-if)#exit
R3(config-if)#ip ospf cost 5
R3(config-if)#exit
4From R3 to 192.168.1.0/24 there are 4 path.
No.
Path
COST
1#
R3 ------> R2 ------> R1 ------> Destination
13
2#
R3 ------> R2 ------> R4 ------> R1 ------> Destination
3#
R3 ------> R4 ------> R1 ------> Destination
4#
R3 ------> R4 ------> R2 ------> R1 ------> Destination
18
The lowest cost is 7 of path 2# R3 ------> R2 ------> R4 ------> R1 ------> Destination

R3#traceroute 192.168.1.1
Tracing the route to 192.168.1.1
1 172.16.255.5 52 msec 96 msec 96 msec
2 172.16.255.1 144 msec * 168 msec
5From the above information we can see packet from R3 to network 192.168.1.0/24
chooses the path R3 ------> R2 ------> R1 ------> Destination with the cost of 13, which is
not the lowest cost path. Why ?
R3 will choose R2 as the next hop because link cost between R2 and R3 is lower, when
R2 is going to choose its next hop, R2 find out the packet is from a normal area 1 to
another normal area 2 it must across backbone area 0 first, So R2 will prefer a directly
connected backbone area router R1 to a same area router R4 as its next hop.
Configuring Basic IS-IS Lab
Topology
Lab Purpose:
1Master basic IS-IS configuration.
2Understanding L1 type route.
3Master how to change the router type.
Lab Steps:
2Enable IS-IS on R1 R2 R3.
R1(config)#router isis cisco
R1(config-router)#net 49.0001.ca00.0bbc.0000.00
R1(config)#
R1(config-if)#ip router isis cisco
R1(config-if)#exit
R1(config-if)#exit
R1(config)#
R2(config-if)#exit
R2(config-if)#exit
R2(config)#exit
R3(config-if)#exit
R3(config-if)#exit
R3(config)#exit
R1#show ip route
C
i L1 172.16.255.4/30 [115/20] via 172.16.255.2, Serial1/1
i L1 172.16.16.0/24 [115/30] via 172.16.255.2, Serial1/1
C
R1#
4Ping test on R1.
R1#ping 172.16.16.1
!!!!!
5Check IS-IS neighbor table on R2.
R2#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R3
L1L2 Se1/1 172.16.255.6 UP 27
00
R1
L1L2 Se1/0 172.16.255.1 UP 28
00
R2#
R2#show clns neighbors
System Id Interface SNPA
State Holdtime Type Protocol
R3
Se1/1
*HDLC*
Up 25
L1L2 IS-IS
R1
Se1/0
*HDLC*
Up 29
L1L2 IS-IS
R2#
6Check host name and system ID on R1.
R1#show isis hostname
Level System ID Dynamic Hostname (cisco)
1 CA01.0BBC.0000 R2
* CA00.0BBC.0000 R1
1 CA02.0BBC.0000 R3
R1#
7Check IS-IS link state database.
R1#show isis database
IS-IS Level-1 Link State Database:
LSPID
LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
01CA.000B.BC00.00-00 0x00000001 0x6107
0 (1083)
0/0/0
R1.00-00
* 0x00000005 0xDC1C
897
0/0/0
R2.00-00
0x00000005 0x21A8
787
0/0/0
R3.00-00
0x00000004 0xE2F0
717
0/0/0
LSPID
01CA.000B.BC00.00-00 0x00000001 0x6107
0 (1083)
0/0/0
R1.00-00
* 0x00000007 0xD846
947
0/0/0
R2.00-00
0x00000007 0xF207
802
0/0/0
R3.00-00
0x00000005 0x7796
756
0/0/0
R1#
8Check IS-IS link state database detail.
R1#show isis database detail
LSPID
R1.00-00
* 0x00000008 0xD61F
924
0/0/0
Area Address: 49.0001
NLPID:
0xCC
Hostname: R1
IP Address: 172.16.1.1
Metric: 10
IP 172.16.255.0 255.255.255.252
Metric: 10
IP 172.16.1.0 255.255.255.0
Metric: 10
IS R2.00
R2.00-00
0x00000008 0x1BAB
897
0/0/0
NLPID:
0xCC
Hostname: R2
IP Address: 172.16.255.5
R3.00-00
0x00000008 0x7199
754
NLPID:
0xCC
Hostname: R3
IP Address: 172.16.16.1
Metric: 10
IS R2.00
Metric: 20
IP 172.16.255.0 255.255.255.252
Metric: 10
IP 172.16.255.4 255.255.255.252
Metric: 10
IP 172.16.16.0 255.255.255.0
Metric: 30
IP 172.16.1.0 255.255.255.0
0/0/0
9Change the routers to IS-IS L1 type.

R1(config-router)#is-type level-1
R1(config)#exit
R2(config)#exit
10Change IS-IS link state database to see the change.
LSPID
R1.00-00
* 0x0000000A 0xD025
829
0/0/0
R2.00-00
0x0000000B 0x13B2
835
0/0/0
R3.00-00
0x00000009 0xD6F9
834
0/0/0
Configuring IS-IS Multi Area and Summary Route Lab
Topology
Lab Purpose:
1Master basic IS-IS configuration.
2Understanding L1/L2 type route.
3Master IS-IS area summary configuration.
Lab Steps:
2Enable IS-IS on all routers.
R1(config)#interface Loopback0
R1(config-if)#isis circuit-type level-1
R1(config-if)#exit
R1(config)#
R1(config-if)#exit
R1(config)#
R1(config)#interface Serial1/1
R1(config-if)#isis circuit-type level-2-only
R1(config-if)#exit
R1(config)#
R1(config-if)#net 49.0001.ca00.0bbc.0000.00
R1(config-if)#exit
R1(config)#
R2(config-if)#exit
R2(config)#
R2(config-if)#exit
R2(config)#
R2(config-if)#exit
R2(config)#
R3(config-if)#exit
R3(config)#
R3(config-if)#interface Serial1/1
R3(config-if)#exit
R3(config)#
R3(config-if)#router isis cisco
R3(config-if)#exit
R3(config)#
R4(config-if)#exit
R4(config)#
R4(config-if)#exit
R4(config)#
R4(config)#exit
R4(config)#
R5(config-if)#exit
R5(config)#
R5(config-if)#interface Loopback1
R5(config-if)#exit
R5(config)#
R5(config-if)#exit
R5(config)#
R5(config-if)#is-type level-1
R5(config-if)#exit
R5(config)#
4Check IS-IS neighbor table on R2 R3 R4.

System Id
Type Interface IP Address
R3
L1L2 Se1/1
172.16.255.6
R1
L2
Se1/0
172.16.255.1
R2#
State Holdtime Circuit Id

UP
29
01
UP
23
00

System Id
R2
L1L2 Se1/0
172.16.255.5
R4
L2
Se1/1
172.16.255.10
R3#

UP
25
01
UP
27
00

System Id
R3
L2
Se1/0
172.16.255.9
R5
L1
Se1/1
172.16.255.14
R4#

UP
23
00
UP
22
00
5Check routing table and IS-IS link state database on R1 and R5.
R1#show ip route
i
i
C
i
i
i
C
C

172.16.128.0/24 [115/50] via 172.16.255.2, Serial1/1
172.16.129.0/24 [115/50] via 172.16.255.2, Serial1/1
L2
172.16.255.4/30 [115/20] via 172.16.255.2, Serial1/1
L2
172.16.255.8/30 [115/30] via 172.16.255.2, Serial1/1
L2
172.16.255.12/30 [115/40] via 172.16.255.2, Serial1/1
L2
L2

LSPID
LSP Seq Num
R1.00-00
* 0x0000000B
LSPID
LSP Seq Num
* 0x0000000E
R1.00-00
R2.00-00
0x00000013
0x0000000F
R3.00-00
R4.00-00
0x00000011
R1#
LSP Checksum
0xD33B
LSP Holdtime
679
ATT/P/OL
1/0/0
LSP Checksum
0xCC4D
0xA297
0x65C8
0x4B41
LSP Holdtime
736
427
1097
818
ATT/P/OL
0/0/0
0/0/0
0/0/0
0/0/0
R5#show ip route
C
C
C
i*L1 0.0.0.0/0 [115/10] via 172.16.255.13, Serial1/0
LSPID
LSP Seq Num LSP Checksum
R4.00-00
0x0000000C
0x7BA1
R5.00-00
* 0x0000000D
0xF411
R5#
LSP Holdtime
770
649
ATT/P/OL
1/0/0
0/0/0
6Ping test on R1.

R1#ping 172.16.129.1
!!!!!

R4#show ip route
i
i
i
i
C
C
i
i

172.16.128.0/24 [115/20] via 172.16.255.14, Serial1/1
172.16.129.0/24 [115/20] via 172.16.255.14, Serial1/1
172.16.255.0/30 [115/30] via 172.16.255.9, Serial1/0
172.16.255.4/30 [115/20] via 172.16.255.9, Serial1/0
L2
172.16.1.0/24 [115/40] via 172.16.255.9, Serial1/0
L2
172.16.2.0/24 [115/40] via 172.16.255.9, Serial1/0
L1
L1
L2
L2
8Config IS-IS summary on R1.

R1(config-router)#summary-address 172.16.0.0 255.255.128.0

R1(config)#exit

R4#show ip route
i
i
i
i
C
C
i

172.16.128.0/24 [115/20] via 172.16.255.14, Serial1/1
172.16.129.0/24 [115/20] via 172.16.255.14, Serial1/1
172.16.255.0/30 [115/30] via 172.16.255.9, Serial1/0
172.16.255.4/30 [115/20] via 172.16.255.9, Serial1/0
L2
172.16.0.0/17 [115/40] via 172.16.255.9, Serial1/0
L1
L1
L2
L2
10Check the summary route through ping test.

R4#ping 172.16.1.1
!!!!!
Migrate IS-IS Area Lab

Topology
Lab Purpose:
1Understanding IS-IS area migrate principal.
2Master IS-IS area migrate configuration.
Lab Steps:
2Enable IS-IS on all routers.
R1#show ip route
172.16.255.4/30 [115/20] via 172.16.255.2, Serial1/1
[115/20] via 172.16.255.9, FastEthernet0/0
C
172.16.255.8/30 is directly connected, FastEthernet0/0
i L1
172.16.1.0/24 [115/20] via 172.16.255.2, Serial1/1
i L1
172.16.2.0/24 [115/20] via 172.16.255.2, Serial1/1
C
i L1
4Check link state database on R1.

LSPID
LSP Seq Num LSP Checksum LSP Holdtime
R1.00-00
* 0x00000008
0x8D3B
1116
NLPID:
0xCC
Hostname: R1
IP Address:
172.16.255.1
Metric: 10
IP 172.16.255.8 255.255.255.252
Metric: 10
IP 172.16.255.0 255.255.255.252
Metric: 10
IS R3.01
Metric: 10
IS R2.00
5Migrate IS-IS area to 10.abc7

R1(config-router)#net 10.abc7.ca00.0bbc.0000.00
R1(config)#exit
R1(config)#
R2(config)#exit
R2(config)#
ATT/P/OL
0/0/0
R3(config)#exit
R3(config)#
6Check link state database on R1 again.

LSPID
R1.00-00
* 0x00000009
0xAF8D
991
Area Address: 10.abc7
NLPID:
0xCC
Hostname: R1
IP Address:
172.16.255.1
Metric: 10
IP 172.16.255.8 255.255.255.252
IP 172.16.255.0 255.255.255.252
Metric: 10
Metric: 10
IS R3.01
Metric: 10
IS R2.00
ATT/P/OL
0/0/0
7Check CLNS neighbor table on R1.

R1#show clns is-neighbors detail
System Id
Interface
State Type Priority
R3
Fa0/0
Up
L1
64
Area Address(es): 49.0001 10.abc7
IP Address(es): 172.16.255.9*
Uptime: 00:08:06
NSF capable
R2
Se1/1
Up
L1
0
Area Address(es): 49.0001 10.abc7
IP Address(es): 172.16.255.2*
Uptime: 00:08:18
NSF capable
Circuit Id
R3.01
Format
Phase V
01
Phase V
8Delete the old area network.

R1(config-router)#no net 49.0001.ca00.0bbc.0000.00
R1(config)#
R2(config)#
R3(config)#
R1#show ip route
172.16.255.4/30 [115/20] via 172.16.255.2, Serial1/1
[115/20] via 172.16.255.9, FastEthernet0/0
C
i L1
172.16.1.0/24 [115/20] via 172.16.255.2, Serial1/1
i L1
172.16.2.0/24 [115/20] via 172.16.255.2, Serial1/1
C
i L1
10Check link state database on R1.

LSPID
* 0x0000000F
0xEC9B
1065
R1.00-00
Area Address: 10.abc7
NLPID:
0xCC
Hostname: R1
IP Address:
172.16.255.1
Metric: 10
IP 172.16.255.8 255.255.255.252
Metric: 10
IP 172.16.255.0 255.255.255.252
Metric: 10
IS R2.00
Metric: 10
IS R3.01
ATT/P/OL
0/0/0
Redistributing into RIP and OSPF Lab

Topology
Lab Purpose:
1Master RIP and OSPF redistribute configuration.
2Understanding OSPF type E1 E2 routes
Lab Steps:
2Enable OSPF and RIP on the according routers.
3Check routing tables on R1 R2 R3.
R1#show ip route
C
C
C

R2#show ip route
C
O
O
C
R
R

172.16.1.0/24 [110/65] via 172.16.255.1, 00:02:47, Serial1/0
172.16.2.0/24 [110/65] via 172.16.255.1, 00:02:47, Serial1/0
192.168.1.0/24 [120/1] via 192.168.255.1, 00:00:10, Serial1/1
192.168.2.0/24 [120/1] via 192.168.255.1, 00:00:10, Serial1/1
R3#show ip route
C
C
C

4According to the above output only R2 has learned the whole network routes.
5Make sure R1 and R3 can also learn the whole network routes, we need to
redistribute on R2.

R1#show ip route
C
C

O E2
192.168.255.0 [110/200] via 172.16.255.2, 00:02:47, Serial1/1
O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:02:53, Serial1/1
O E2 192.168.2.0/24 [110/200] via 172.16.255.2, 00:02:53, Serial1/1
R3#show ip route
R
172.16.0.0/16 [120/10] via 192.168.255.2, 00:00:24, Serial1/0
C
C
C
7Ping test on R1 and R3.

R1#ping 192.168.1.1
!!!!!
R3#ping 172.16.1.1
!!!!!
Redistributing Between EIGRP and IS-IS Lab

Topology
Lab Purpose:
1Master EIGRP and IS-IS redistribute configuration.
Lab Steps:
2Enable IS-IS and EIGRP on the relevant routers.
3Check routing table on R1 R2 R3.
R1#show ip route
C
C
C
R1#
R2#show ip route
C
i L1 172.16.1.0/24 [115/20] via 172.16.255.1, Serial1/0
i L1 172.16.2.0/24 [115/20] via 172.16.255.1, Serial1/0
C
D 192.168.1.0/24 [90/2297856] via 192.168.255.1, 00:00:04, Serial1/1
D 192.168.2.0/24 [90/2297856] via 192.168.255.1, 00:00:04, Serial1/1
R2#
R3#show ip route
C 192.168.255.0/24 is directly connected, Serial1/0
R3#
*Mar 29 10:39:29.171: %SYS-5-CONFIG_I: Configured from console by console
4According to the above output only R2 has learned the whole network routes.
5Make sure R1 and R3 can also learn the whole network routes, we need to
redistribute on R2.

R2(config-router)#redistribute eigrp 100 metric 20 level-2
R2(config)#
R2(config)#redistribute isis cisco level-1-2 metric 100000 10 255 1 1500
R2(config)#
6Check routing table on R1 R2 R3.
R1#show ip route
i L2 192.168.255.0 [115/30] via 172.16.255.2, Serial1/1
i L2 192.168.1.0/24 [115/30] via 172.16.255.2, Serial1/1
i L2 192.168.2.0/24 [115/30] via 172.16.255.2, Serial1/1
C
C
C
R3#show ip route
D EX 172.16.1.0 [170/2172416] via 192.168.255.2, 00:08:48, Serial1/0
D EX 172.16.2.0 [170/2172416] via 192.168.255.2, 00:08:48, Serial1/0
7Ping test on R1 and R3.
R3#ping 172.16.1.1
!!!!!
R1#ping 192.168.1.1

.....
R3#show ip route
D EX 172.16.1.0 [170/2172416] via 192.168.255.2, 00:23:06, Serial1/0
D EX 172.16.2.0 [170/2172416] via 192.168.255.2, 00:23:06, Serial1/0
C 192.168.2.0/24 is directly connected, Loopbac
172.16.255.0/30 is missing in the routing table, as IS-IS would not announce directly
connected network when doing redistribution.
9Redistribute connected in EIGRP on R2.
R2(config-router)#redistribute connected metric 100000 10 255 1 1500
R3#show ip route
D EX 172.16.255.0/30 [170/2172416] via 192.168.255.2, 00:00:06, Serial1/0
D EX 172.16.1.0/24 [170/2172416] via 192.168.255.2, 00:26:56, Serial1/0
D EX 172.16.2.0/24 [170/2172416] via 192.168.255.2, 00:26:56, Serial1/0
11Ping test on R1.
R1#ping 192.168.1.1
!!!!!
Redistribution Using Administrative Distance Lab

Topology
Lab Purpose:
1Modify Administrative Distance to solve suboptimal routing during multi-point
redistribution.
Lab Steps:
2Enable RIP and OSPF on the relevant routers.
R2#show ip route
C
O
172.16.255.4 [110/128] via 172.16.255.2, 00:01:44, Serial1/1
O
172.16.255.8 [110/192] via 172.16.255.2, 00:01:44, Serial1/1
R 10.0.0.0/8 [120/1] via 192.168.1.1, 00:00:21, Serial1/0
O E2 192.168.2.0/24 [110/200] via 172.16.255.2, 00:01:44, Serial1/1
R5#show ip route
O
172.16.255.0 [110/192] via 172.16.255.9, 00:02:08, Serial1/0
O
172.16.255.4 [110/128] via 172.16.255.9, 00:02:08, Serial1/0
C
O E2 10.0.0.0/8 [110/200] via 172.16.255.9, 00:02:08, Serial1/0
O E2 192.168.1.0/24 [110/200] via 172.16.255.9, 00:02:08, Serial1/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
4Based on the above information we can see traffic from R5 to network 10.0.0.0/8 is
following the path R4-->R3-->R2-->R1-->10.0.0.0/8. It's not the best path, because R5
things OSPF have a better Administrative Distance 110 than RIP network which is 120.
5To solve this issue we need to change RIP Administrative Distance for the specific
network 10.0.0.0/8 on R5.
R5(config)#access-list 1 permit 10.0.0.0 0.255.255.255
R5(config-router)#distance 80 192.168.2.1 0.0.0.0 1
R5(config)#exit
6Check routing table on R5 again we can see the route is optimal now.
R5#show ip route
O
172.16.255.0 [110/192] via 172.16.255.9, 00:00:02, Serial1/0
O
172.16.255.4 [110/128] via 172.16.255.9, 00:00:02, Serial1/0
C
R 10.0.0.0/8 [80/1] via 192.168.2.1, 00:00:02, FastEthernet0/0
O E2 192.168.1.0/24 [110/200] via 172.16.255.9, 00:00:02, Serial1/0
C 192.168.2.0/24 is directly connected, FastEthernet
Filtering Routing Updates with a Distribute List Lab
Topology
Lab Purpose:
1Master route distribute-list filtering configuration.
Lab Steps:
2Enable OSPF and RIPV2 on relevant routers, and disable RIPV2 auto summary.
3Redistribute between RIP and OSPF on R2.
R1#show ip route
C
C
C
C
C
O
O
O
O
O
E2
E2
E2
E2
E2

192.168.255.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
192.168.0.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
192.168.1.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
192.168.2.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
192.168.3.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
R3#show ip route
R
R
R
R

172.16.255.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
172.16.0.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
172.16.1.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
172.16.2.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
R
C
C
C
C
C
172.16.3.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0

5According to the topology config OSPF route filtering configuration on R2.

R2(config)#access-list 1 deny 172.16.0.0 0.0.0.255
R2(config)#access-list 1 permit any
R2(config-router)#distribute-list 1 out ospf 1
R2(config)#

R3#show ip route
R
R
R
C
C
C
C
C
172.16.255.0 [120/10] via 192.168.255.2, 00:00:02, Serial1/0

172.16.2.0 [120/10] via 192.168.255.2, 00:00:02, Serial1/0
172.16.3.0 [120/10] via 192.168.255.2, 00:00:02, Serial1/0
7According to the topology config RIP route filtering configuration on R2.

R2(config-router)#distribute-list 2 out rip

R1#show ip route
C
C
C
C
C
O E2 192.168.255.0/24 [110/200] via 172.16.255.2, 00:19:20, Serial1/1
O E2 192.168.0.0/24 [110/200] via 172.16.255.2, 00:19:20, Serial1/1
O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:19:20, Serial1/1
Filtering Routing Updates with a Route Map Lab
Topology
Lab Purpose:
1Master basic Route-map filtering configuration.
Lab Steps:
2Enable OSPF and RIPV2 on relevant routers, and disable RIPV2 auto summary.
3Redistribute between RIP and OSPF on R2.
R1#show ip route
C
C
C
C
C
O E2 192.168.255.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
O E2 192.168.0.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
O E2 192.168.2.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
O E2 192.168.3.0/24 [110/200] via 172.16.255.2, 00:00:15, Serial1/1
R3#show ip route
R
172.16.255.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
R
172.16.0.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
R
172.16.1.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
R
172.16.2.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
R
172.16.3.0 [120/10] via 192.168.255.2, 00:00:01, Serial1/0
5According to the topology config route-map based OSPF route filtering configuration
on R2.
R2(config)#
R2(config)#route-map ospf_to_rip permit 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#exit
R2(config-router)#redistribute ospf 1 metric 10 route-map ospf_to_rip
R2(config)#exit
R3#show ip route
R
R
R
C
C
C
C
C

172.16.255.0 [120/10] via 192.168.255.2, 00:00:05, Serial1/0
172.16.2.0 [120/10] via 192.168.255.2, 00:00:05, Serial1/0
172.16.3.0 [120/10] via 192.168.255.2, 00:00:05, Serial1/0
7According to the topology config route-map based RIP route filtering configuration
on R2.
R2(config)#
R2(config)#route-map rip_to_ospf deny 10
R2(config)#route-map rip_to_ospf permit 20
R2(config)#
R2(config-router)#redistribute rip metric 200 subnets route-map rip_to_ospf
R2(config)#exit
R1#show ip route
C
C
C
C
C
O E2 192.168.255.0/24 [110/200] via 172.16.255.2, 00:19:20, Serial1/1
O E2 192.168.0.0/24 [110/200] via 172.16.255.2, 00:19:20, Serial1/1
O E2 192.168.1.0/24 [110/200] via 172.16.255.2, 00:19:20, Serial1/1
Using Route Tag Filtering Routing Updates Lab

Topology
Lab Purpose:
1Master route tag filtering configuration.
Lab Steps:
2Config redistribution on R2 and R3.
R2(config-router)#redistribute eigrp 10 subnets

R2(config)#
R2(config-router)#redistribute ospf 1 metric 100000 100 255 1 1500
R2(config)#exit
R3(config-router)#redistribute rip subnets

R3(config)#
R3(config)#

R4#show ip route

R
R
R
R
R
R
10.1.1.0 [120/10] via 172.16.1.1, 00:00:00, Serial1/0

10.1.1.4 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
192.168.0.0/24 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
192.168.1.0/24 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
192.168.2.0/24 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
192.168.3.0/24 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
4According to the topology, network 192.168.0.0/24 and 192.168.2.0/24 are not allowed to be
learn by R4, we could use route tag plus route-map to filter the routes.
5Config route tag on R2.

R2(config)#
R2(config)#route-map set_tag permit 10
R2(config-route-map)#set tag 1
R2(config)#
R2(config)#route-map set_tag permit 20
R2(config)#
R2(config-router)#redistribute eigrp 10 subnets route-map set_tag
R2(config)#exit
6Config route-map on R3 to filter the routes.

R3(config)#route-map match_tag deny 10
R3(config-route-map)#match tag 1
R3(config)#
R3(config)#route-map match_tag permit 20
R3(config)#
R3(config-router)#redistribute ospf 1 metric 10 route-map match_tag
R3(config)#exit

R4#show ip route
C
R
R
R

10.1.1.0 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
10.1.1.4 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
192.168.1.0/24 [120/10] via 172.16.1.1, 00:00:00, Serial1/0
R 192.168.3.0/24 [120/10] via 172.16.1.1, 00:00:00, Serial1/0

We can see 192.168.0.0/24 and 192.168.2.0/24 have gone.
Policy-based route Lab

Topology
Lab Purpose:
1Master policy-based route configuration.
Lab Steps:
2Config R1 and R2 to work as PC.
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
R2(config-if)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
3Frame-relay configuration.

R3(config-if)#exit
R4(config-if)#exit
4Enable RIPV2 on R3 R4 R5 R6 and disable auto summary.

R3#show ip route
172.16.1.0 [120/1] via 10.1.1.2, 00:00:01, Serial1/2
172.16.2.0 [120/1] via 10.1.1.3, 00:00:14, Serial1/2
130.130.1.0 [120/2] via 10.1.1.2, 00:00:01, Serial1/2
[120/2] via 10.1.1.3, 00:00:14, Serial1/2
R
R
C
R
C
6Disable CEF on R3.

R3(config)#no ip cef
7Track network 130.130.1.0/24 on R1.

1 192.168.1.1 52 msec 96 msec 48 msec
2 10.1.1.2 216 msec
10.1.1.3 240 msec
10.1.1.2 120 msec
3 172.16.2.1 264 msec
172.16.1.2 216 msec *

1
*
192.168.1.1 96 msec 72 msec
2 10.1.1.2 192 msec
10.1.1.3 120 msec

10.1.1.2 144 msec
3 172.16.2.1 264 msec
172.16.1.2 216 msec *
9According to the topology config policy-based route on R3.

R3(config)#access-list 10 permit host 192.168.1.10
R3(config)#access-list 20 permit host 192.168.1.20
R3(config)#
R3(config)#route-map pbd permit 10
R3(config-route-map)#
R3(config-route-map)#set ip next-hop 10.1.1.2
R3(config)#
R3(config-route-map)#set ip next-hop 10.1.1.3
R3(config)#
10Assign policy to interface.

R3(config-if)#ip policy route-map pbd
R3(config-if)#
11Track network 130.130.1.0/24 on R1 and R2 again.

1 192.168.1.1 132 msec 72 msec 72 msec
2 10.1.1.2 168 msec 144 msec 144 msec
3 172.16.1.2 168 msec * 312 msec
1 192.168.1.1 48 msec 68 msec 72 msec
2 10.1.1.3 144 msec 192 msec 144 msec
3 172.16.2.1 216 msec * 216 msec
Configuring Basic BGP Lab
Topology
Lab Purpose:
1Master BGP basic configuration.
Lab Steps:
2Enable BGP on R1 R2 R3.
R1(config)#router bgp 64512
R1(config-router)#neighbor 172.16.255.2 remote-as 64512
R1(config-router)#
R1(config-router)#network 172.16.255.0 mask 255.255.255.252
R1(config)#
R2(config-router)#
R2(config)#exit
R3(config-router)#
R3(config)#
3Check BGP neighbor relationship on R1.
R1#show ip bgp neighbors
BGP neighbor is 172.16.255.2, remote AS 64512, internal link
BGP version 4, remote router ID 172.16.255.2
BGP state = Established, up for 00:29:25
Last read 00:00:24, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent
Rcvd
Opens:
1
1
Notifications:
0
0
Updates:
1
4
Keepalives:
32
32
Route Refresh:
0
0
Total:
34
37
Default minimum time between advertisement runs is 5 seconds
4Check BGP summary information on R2.

R2#show ip bgp summary
BGP router identifier 172.16.255.2, local AS number 64512
BGP table version is 19, main routing table version 19
10 network entries using 1010 bytes of memory
11 path entries using 528 bytes of memory
3 BGP path attribute entries using 180 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1742 total bytes of memory
BGP activity 14/4 prefixes, 16/5 paths, scan interval 60 secs
Neighbor
V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.255.2 4 64513 47 49
19 0 0 00:10:15
5
172.16.255.1 4 64512 42 45
19 0 0 00:37:53
4

R1#show ip route
C
C
C
C
C
B
B
B
B
B

10.1.255.0 [200/0] via 172.16.255.2, 00:48:22
192.168.0.0/24 [200/0] via 10.1.255.2, 00:22:27
192.168.1.0/24 [200/0] via 10.1.255.2, 00:22:27
192.168.2.0/24 [200/0] via 10.1.255.2, 00:22:27
192.168.3.0/24 [200/0] via 10.1.255.2, 00:22:27
Configuring BGP Using Loopback Addresses Lab

Topology
Lab Purpose:
1Master loopback based BGP neighbor configuration.
2Understanding why use loopback to establish BGP neighbor.
Lab Steps:
2Enable RIPV2 in AS 64512
R1(config-router)#version 2
R2(config-router)#version 2
3Build iBGP neighbor between R1 and R2.

R1(config-router)#neighbor 172.16.16.1 update-source loopback 0

R1#sh ip bgp summary
Neighbor
V
AS MsgRcvd MsgSent
172.16.16.1
4 64512
5
5
TblVer
6
InQ OutQ Up/Down State/PfxRcd

0
0 00:00:20
2
5Build EBGP neighbor between R2 and R3.

R2(config-router)#neighbor 192.168.0.1 ebgp-multihop 2
R2(config)#ip route 192.168.0.1 255.255.255.255 10.1.255.2
R3(config-router)#neighbor 172.16.16.1 ebgp-multihop 2
R3(config-router)#

R3(config)#ip route 172.16.16.1 255.255.255.255 10.1.255.1

R2#show ip bgp
Neighbor
172.16.0.1
192.168.0.1
summary
V
AS MsgRcvd MsgSent
4 64512
19
20
4 64513
5
6
TblVer
9
9

0
0 00:14:11
2
0
0 00:00:10
3
Understand BGP Auto-Summary Lab

Topology
Lab Purpose:
1Understanding BGP auto summary feature.
Lab Steps:
2Build BGP neighbor according to the topology.
3Check BGP neighbor state on R2.
R2#sh ip bgp summary
Neighbor
10.1.255.2 4 64513
5
5
1 0 0 00:01:01
0
172.16.255.1 4 64512
5
5
1 0 0 00:01:46
0
4Check BGP protocol feature on R1.
R1#show ip protocols
Routing Protocol is "bgp 64512"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address
FiltIn FiltOut DistIn DistOut Weight RouteMap
172.16.255.2
Maximum path: 1
Routing Information Sources:
Gateway
Distance Last Update
Distance: external 20 internal 200 local 200
R1#
5Announce network 172.16.0.0 on R1.
6Check routing table on R2 we can see 172.16.0.0 /16 is not in the routing table.
R2#show ip route
C
C
C
7Make sure network 172.16.0.0/16 is in R1's routing table before announced by BGP.
8Let's enable BGP auto summary to see what happens.
R1(config-router)#auto-summary
R1(config)#exit
9Check routing table on R2 again, we can see 172.16.0.0/16 is here now.
R2#show ip route
C
C
B
172.16.0.0/16 [200/0] via 172.16.255.1, 00:01:23
C
R2#
Neighbor
10.1.255.2 4 64513 19 20
2 0 0 00:15:27
0
172.16.255.1 4 64512 21 20
2 0 0 00:16:11
1
R3#show ip route
B 172.16.0.0/16 [20/0] via 10.1.255.1, 00:02:26
C
Tips: BGP auto summary feature will summarize the sub-networks and announce the
summary route to their neighbors, regardless whether it's the main class network
border or not.
Configuring BGP Summarization Lab
Topology
Lab Purpose:
1Master Null0 interface static route summary configuration.
2Master aggregate summary configuration.
Lab Steps:
2Enable BGP according to the topology.
R3#show ip route
B
B
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:03:15
172.16.0.0/24 [20/0] via 10.1.255.1, 00:02:45
172.16.1.0/24 [20/0] via 10.1.255.1, 00:02:45
172.16.2.0/24 [20/0] via 10.1.255.1, 00:02:45
172.16.3.0/24 [20/0] via 10.1.255.1, 00:02:45
4Announce summary route based on a null 0 static route.

R1(config)#ip route 172.16.0.0 255.255.252.0 null 0
R1(config)#
Tips:172.16.0.0/22 must in ip routing table before BGP announcement.
R3#show ip route

172.16.255.0/30 [20/0] via 10.1.255.1, 00:07:18
172.16.0.0/24 [20/0] via 10.1.255.1, 00:06:48
172.16.0.0/22 [20/0] via 10.1.255.1, 00:00:01
172.16.1.0/24 [20/0] via 10.1.255.1, 00:06:48
172.16.2.0/24 [20/0] via 10.1.255.1, 00:06:48
172.16.3.0/24 [20/0] via 10.1.255.1, 00:06:48
C
B
B
B
B
B
B
6The specific 172.16.0.0-172.16.3.0/24 routes are still in the routing table, we could
remove them from BGP announcement.
R1(config-router)#no network 172.16.0.0 mask 255.255.255.0
R1(config)#
R3#show ip route
B
172.16.255.0/30 [20/0] via 10.1.255.1, 00:23:36
B
172.16.0.0/22 [20/0] via 10.1.255.1, 00:16:20
C
This time only 172.16.0.0/22 left.
8Ping test the summary route.
R3#ping 172.16.1.1
!!!!!
9The above null0 summary method is simple to implement, but other BGP peer
would never know who is the summary source, so we could use BGP aggregate feature
to solve this issue.
10Restore the summary configuration on R1.

11Implement aggregation on R1.
R1(config-router)#aggregate-address 172.16.0.0 255.255.252.0 summary-only
R1(config-router)#
R3#show ip route
B
172.16.255.0/30 [20/0] via 10.1.255.1, 00:18:08
B
172.16.0.0/22 [20/0] via 10.1.255.1, 00:02:00
C
13Check the summary route 1
R3#show ip bgp 172.16.0.0
BGP routing table entry for 172.16.0.0/22, version 32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
64512, (aggregated by 64512 172.16.0.1)
10.1.255.1 from 10.1.255.1 (172.16.255.1)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
14Ping test the summary route.
R3#ping 172.16.0.1
!!!!!
Understand BGP Split Horizon Rule Lab

Topology
Lab Purpose:
1Understanding BGP split horizon principal
Lab Steps:
2Enable BGP on all routers, do not establish IBGP relationship between R2 and R4 first.

3Check routing tables on R2 and R4.
R2#show ip route
10.1.255.8 [200/0] via 10.1.255.6, 00:06:24
B
130.130.1.0 [20/0] via 10.1.255.1, 00:07:20
C
C
B
R4#show ip route
10.1.255.4 [200/0] via 10.1.255.9, 00:06:20
B
150.150.1.0 [20/0] via 10.1.255.14, 00:06:20
B
C
C
4According to the BGP split horizon feature: routes learn from an IBGP Peer would
never announce to another IBGP peer, So R2 can not learn routes from R3 which
announced by R4, R2 can not learn routes from R3 which announced by R2 either.
5To solve the above issue, we need to build IBGP relationship between R2 and R4.
R2(config)#exit
R4(config)#exit
6Check routing table on R2 and R4 again, we can see all we need are there.
R2#show ip route
C
C
B
10.1.255.12 [200/0] via 10.1.255.10, 00:05:51
B
10.1.255.8 [200/0] via 10.1.255.6, 00:06:03
B
130.130.1.0 [20/0] via 10.1.255.1, 00:06:03
B
150.150.1.0 [200/0] via 10.1.255.14, 00:05:39
R2#
R4#show ip route
B
10.1.255.4 [200/0] via 10.1.255.5, 00:00:06
B
10.1.255.0 [200/0] via 10.1.255.5, 00:00:06
C
C
B
130.130.1.0 [20/0] via 10.1.255.1, 00:05:03
B
150.150.1.0 [20/0] via 10.1.255.14, 00:16:40
Understand BGP Synchronization Rule Lab

Topology
Lab Purpose:
1Understanding BGP synchronization principal
Lab Steps:
2Config full mesh BGP on all routers, enable BGP synchronization.
R1(config)#router bgp 64512 synchronization
R1(config-router)#synchronization

R1#show ip route
B
C
B
B
C

10.1.255.4 [20/0] via 10.1.255.2, 00:21:11
10.1.255.12 [20/0] via 10.1.255.2, 00:03:37
10.1.255.8 [20/0] via 10.1.255.2, 00:12:37
R5#show ip route
B
10.1.255.4 [20/0] via 10.1.255.13, 00:21:11
C
B
10.1.255.0 [20/0] via 10.1.255.13, 00:03:37
B
10.1.255.8 [20/0] via 10.1.255.13, 00:12:37
C
We can see network 150.150.0.0/24 is not in R1's routing table, network 130.130.0.0/24
is not in R5's routing table, this is the feature of BGP synchronization.
4To solve the above issue, we need to redistribute the two networks 130.130.0.0/24
and 150.150.0.0/24 in to IGP on AS edge routers, so they could be announced to EBGP
peers.
R2(config-router)#redistribute bgp 64513 metric 200 subnets
R4(config-router)#redistribute bgp 64513 metric 200 subnets

R1#show ip route
B
10.1.255.4 [20/0] via 10.1.255.2, 00:25:11
C
B
10.1.255.12 [20/0] via 10.1.255.2, 00:07:37
B
10.1.255.8 [20/0] via 10.1.255.2, 00:16:37
C
B
150.150.1.0 [20/0] via 10.1.255.2, 00:01:36
This time 150.150.0.0/24 is in the table, same as on R4.

BGP Neighbor Authentication Lab

Topology
Lab Purpose:
1Master MD5 based BGP peer authentication.
Lab Steps:
2Enable BGP on R1 and R2.
R1#show ip route
C
C
B

192.168.1.0/24 [20/0] via 10.1.255.2, 00:32:23
R2#show ip route
B
C
C

172.16.1.0 [20/0] via 10.1.255.1, 00:33:19
4Enable BGP authentication on R1.

R1(config-router)#neighbor 10.1.255.2 password cisco123
5We'll get the below output soon.

*Jun 9 15:48:03.323: %TCP-6-BADAUTH: No
MD5
MD5
MD5
MD5
digest
digest
digest
digest
from 10.1.255.2(44020) to 10.1.255.1(179)

from 10.1.255.2(44020) to 10.1.255.1(179)
from 10.1.255.2(44020) to 10.1.255.1(179)
from 10.1.255.2(44020) to 10.1.255.1(179)
6Check routing table and BGP routing table on R1 and R2, we can see all the route
from BGP peer has gone.
R1#show ip route

C
R1#
R1#show ip bgp
BGP table version is 4, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
*> 172.16.1.0/24
Next Hop
0.0.0.0
Metric LocPrf Weight Path

0
32768 i
R2#show ip route
C
C
R2#
R2#show ip bgp
Network
*> 192.168.1.0
Next Hop
0.0.0.0

0
32768 i
7Check BGP summary information on R2, we can see neighbor state changed to active.

Neighbor
10.1.255.1
V
AS MsgRcvd MsgSent
4 64512
43
42
TblVer
0

0
0 00:04:00 Active
8Enable BGP authentication on R2.

R2(config-router)#neighbor 10.1.255.1 password cisco123
9BGP neighbor up again on both side.

*Jun 9 15:54:47.559: %TCP-6-BADAUTH: No MD5 digest from 10.1.255.2(16055) to 10.1.255.1(179)
*Jun 9 15:56:51.859: %BGP-5-ADJCHANGE: neighbor 10.1.255.2 Up
10Check BGP summary information on R1, we can see there is already 1 prefix
received.
2 network entries using 202 bytes of memory
2 path entries using 96 bytes of memory
2 BGP path attribute entries using 120 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
Neighbor
10.1.255.2
V
AS MsgRcvd MsgSent
4 64513
45
49
TblVer InQ OutQ Up/Down State/PfxRcd

5
0
0 00:01:33
1
11Check routing table on R1 and R2, we can see the BGP route is back.
R1#show ip route
C
C
B

192.168.1.0/24 [20/0] via 10.1.255.2, 00:03:28
R2#show ip route
B
C
C

172.16.1.0 [20/0] via 10.1.255.1, 00:04:26
Configuring BGP Local Preference Lab

Topology
Lab Purpose:
1Master BGP local preference basic configuration.
Lab Steps:
2Enable BGP on all routers.
R3#show ip route
B
172.16.1.0 [20/0] via 192.168.1.1, 00:01:06
C
B
C
B

130.130.1.0 [20/0] via 192.168.1.1, 00:01:06
192.168.2.0/24 [200/0] via 10.1.1.2, 00:00:11

R4#show ip route
B
C
B
B
C

172.16.1.0 [20/0] via 192.168.2.2, 00:02:18
130.130.1.0 [20/0] via 192.168.2.2, 00:02:18
192.168.1.0/24 [200/0] via 10.1.1.1, 00:02:18
5According to the above information R3 choose the low speed link R2 as the next hop
to network 130.130.1.0/24, in order to choose the high speed link as next hop, we can
use local preference feature.
6Check BGP routing table on R3.
R3#show ip bgp
Network
Next Hop
* i10.1.1.0/24 10.1.1.2
0 100 0 i
*>
0.0.0.0
0
32768 i
* i130.130.1.0/24 192.168.2.2
0 100 0 64512 i
*>
192.168.1.1
0 64512 i
* i172.16.1.0/24 192.168.2.2
0 100 0 64512 i
*>
192.168.1.1
0
0 64512 i
*> 192.168.1.0 0.0.0.0
0
32768 i
*
192.168.1.1
0
0 64512 i
*>i192.168.2.0 10.1.1.2
0 100 0 i
192.168.1.1
0 64512 i

R4#show ip bgp
Network
Next Hop
* i10.1.1.0/24 10.1.1.1
0 100 0 i
*>
0.0.0.0
0
32768 i
* i130.130.1.0/24 192.168.1.1
0 100 0 64512 i
*>
192.168.2.2
0
0 64512 i
* i172.16.1.0/24 192.168.1.1
0 100 0 64512 i
*>
192.168.2.2
0
0 64512 i
*>i192.168.1.0 10.1.1.1
0 100 0 i
*
192.168.2.2
0 64512 i
*> 192.168.2.0 0.0.0.0
0
32768 i
*
192.168.2.2
0
0 64512 i
8If BGP routes from R4 have a higher local preference than R2, then R3 will prefer R4
as next hop.
9Change default local preference to 200 on R4.
R4(config-router)#bgp default local-preference 200
R4(config)#
R3#show ip bgp
Network
Next Hop
* i10.1.1.0/24 10.1.1.2
0 200 0 i
*>
0.0.0.0
0
32768 i
*>i130.130.1.0/24 192.168.2.2
0 200 0 64512 i
*
192.168.1.1
*>i172.16.1.0/24 192.168.2.2
*
192.168.1.1
0
* i192.168.1.0 192.168.2.2
*>
0.0.0.0
0
*
192.168.1.1
0
*>i192.168.2.0 10.1.1.2
*
192.168.1.1
0 64512 i
0 200 0 64512 i
0 64512 i
0 200 0 64512 i
32768 i
0 64512 i
0 200 0 i
0 64512 i
11Check routing table on R3 again, we can see this time R1 is the next hop for
network 130.130.1.0/24.
R3#show ip route
B
C
B
C
B

172.16.1.0 [200/0] via 192.168.2.2, 00:06:41
130.130.1.0 [200/0] via 192.168.2.2, 00:06:41
192.168.2.0/24 [200/0] via 10.1.1.2, 00:26:51
12Next hop attribute will not change between IBGP peers, unless we force them to
change.
R4(config-router)#neighbor 10.1.1.1 next-hop-self
13Check routing table on R3, we can see R4 is the next hop for network
130.130.1.0/24 now.
R3#show ip route
B
C
B
C
B

172.16.1.0 [200/0] via 10.1.1.2, 00:01:32
130.130.1.0 [200/0] via 10.1.1.2, 00:01:32
192.168.2.0/24 [200/0] via 10.1.1.2, 00:32:58
1 10.1.1.2 92 msec 72 msec 72 msec
2 192.168.2.2 212 msec * 120 msec
15Ping test on R3.
R3#ping 130.130.1.1
!!!!!
Using Route Maps to Configuring BGP Local Preference Lab

Topology
Lab Purpose:
1Master route-map basic configuration.
2Use route-map to set local preference, to make R3 choose R4 as the next hop of
network 130.130.1.0/24, and R2 as the next hop of network 150.150.1.0/24.
Lab Steps:
R3#show ip route
172.16.1.0 [20/0] via 192.168.1.1, 00:04:30
C
B
130.130.1.0 [20/0] via 192.168.1.1, 00:04:30
B 192.168.2.0/24 [200/0] via 10.1.1.2, 00:06:07
B
150.150.1.0 [20/0] via 192.168.1.1, 00:04:30
We can see the default next hop for both network 130.130.1.0/24 and 150.150.1.0/24 is
R2 192.168.1.1
B
4To match the requirement we only need to change the next hop for network
130.130.1.0/24 to R4 10.1.1.2. This time we can not just change default local preference,
it must match the specific prefix 130.130.1.0/24.
R4(config)#
R4(config)#route-map set_lp permit 10
R4(config-route-map)#set local-preference 200
R4(config)#
R4(config)#route-map set_lp permit 20
R4(config)#
R4(config-router)#neighbor 192.168.2.2 route-map set_lp in
R4(config)#exit
R4#clear ip bgp * soft in
5Check BGP routing table on R3, we can see the next hop for network 130.130.1.0/24
is R1 192.168.2.2, very close now, just need to make R4 10.1.1.2 as the direct next hop.
R3#show ip bgp
Network
Next Hop
* 130.130.1.0/24 192.168.1.1
0 64512 i
*>i
192.168.2.2
0 200 0 64512 i
* i150.150.1.0/24 192.168.2.2
0 100 0 64512 i
*>
192.168.1.1
0
0 64512 i
6Modify BGP next hop attribute on R4.

7Check BGP routing table on R3 again, this time R4 10.1.1.2 is the next hop for
network 130.130.1.0/24.
R3#show ip bgp
Network
Next Hop
* 130.130.1.0/24 192.168.1.1
0 64512 i
*>i
10.1.1.2
0 200 0 64512 i
* i150.150.1.0/24 10.1.1.2
0 100 0 64512 i
*>
192.168.1.1
0
0 64512 i
8Check the routing table on R3 we can see the same thing.

R3#show ip route
B
C
B
C
B
B

172.16.1.0 [20/0] via 192.168.1.1, 00:54:00
130.130.1.0 [200/0] via 10.1.1.2, 00:02:46
192.168.2.0/24 [200/0] via 10.1.1.2, 00:55:37
150.150.1.0 [20/0] via 192.168.1.1, 00:54:00
9Track network 130.130.1.0/24 and 150.150.1.0/24 on R3.

1 10.1.1.2 16 msec 48 msec 80 msec
2 192.168.2.2 96 msec * 80 msec
R3#
1 192.168.1.1 40 msec * 24 msec
Configuring BGP Multi-Exit Discriminator Lab

Topology
Lab Purpose:
1Understanding BGP MED attribute principal, and how does it affects AS inbound
traffic.
2Use route-map to set MED, to make R3 choose R4 as the next hop of network
130.130.1.0/24, and R2 as the next hop of network 150.150.1.0/24.
Lab Steps:
R3#show ip route
172.16.1.0 [20/0] via 192.168.1.1, 00:08:58
C
B
130.130.1.0 [20/0] via 192.168.1.1, 00:08:58
B 192.168.2.0/24 [200/0] via 10.1.1.2, 00:08:58
B
150.150.1.0 [20/0] via 192.168.1.1, 00:08:58
We can see the default next hop for both network 130.130.1.0/24 and 150.150.1.0/24 is
R2 192.168.1.1
B
4To match the requirement we only need to change the next hop for network
130.130.1.0/24 to R4 10.1.1.2.
5Check BGP routing table to see the default MED on R3 and R4.
R3#show ip bgp
Network
Next Hop
*> 130.130.1.0/24 192.168.1.1

0 64512 i
*i
192.168.2.2
0 100 0 64512 i
*> 150.150.1.0/24 192.168.1.1
0
0 64512 i
*i
192.168.2.2
0 100 0 64512 i
R4#show ip bgp
Network
Next Hop
* i130.130.1.0/24 192.168.1.1
0 100 0 64512 i
*>
192.168.2.2
0
0 64512 i
* i150.150.1.0/24 192.168.1.1
0 100 0 64512 i
*>
192.168.2.2
0 64512 i
6For MED the lower the better, so we could set MED for network 130.130.1.0/24
higher than default value on R2.
R2(config)#
R2(config)#route-map set_med permit 10
R2(config-route-map)#set metric 100
R2(config)#
R2(config)#route-map set_med permit 20
R2(config)#
R2(config-router)#neighbor 192.168.1.2 route-map set_med out
R2(config)#
R2#clear ip bgp * soft out
7Check BGP routing table to see the default MED on R3, we can see the next hop for
network 130.130.1.0/24 is R1 192.168.2.2, very close now, just need to make R4
10.1.1.2 as the direct next hop.
R3#show ip bgp
Network
Next Hop
* 130.130.1.0/24 192.168.1.1
100
0 64512 i
*>i
192.168.2.2
0
100 0 64512 i
*> 150.150.1.0/24 192.168.1.1
0
0 64512 i
*i
192.168.2.2
0
100 0 64512 i
R3#
8Modify BGP next hop attribute on R4.
R4(config)#exit
9Check routing table and BGP routing table on R3, we can see they are match the
requirement now.
R3#show ip bgp
Network
Next Hop
* 130.130.1.0/24 192.168.1.1
100
0 64512 i
*>i
10.1.1.2
0 100 0 64512 i
*> 150.150.1.0/24 192.168.1.1
0
0 64512 i
*i
10.1.1.2
0 100 0 64512 i
R3#
R3#show ip route
B
C
B
C
B
B

172.16.1.0 [20/0] via 192.168.1.1, 00:48:49
130.130.1.0 [200/0] via 10.1.1.2, 00:03:50
192.168.2.0/24 [200/0] via 10.1.1.2, 00:48:49
150.150.1.0 [20/0] via 192.168.1.1, 00:48:49

1 10.1.1.2 32 msec 64 msec 80 msec
2 192.168.2.2 128 msec * 84 msec
Configuring BGP Weight Lab
Topology
Lab Purpose:
1Master the basic configuration of BGP WIGHT attribute.
Lab Steps:
2Enable BGP on all routers and use BGP WIGHT attribute to make sure R1 will choose
AS 64515 R4 192.168.4.1 as next hop for network 150.150.1.0/24
R1#show ip route
C
C
B
B
B
192.168.4.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
150.150.0.0/24
150.150.1.0
is directly connected, FastEthernet0/0

is directly connected, Serial1/1
[20/0] via 192.168.1.2, 00:16:39
[20/0] via 192.168.4.1, 00:16:25
is subnetted, 1 subnets
[20/0] via 192.168.1.2, 00:16:39

R1#show ip bgp
Network
* 150.150.1.0/24
*>
* 192.168.1.0
*>
* 192.168.2.0
Next Hop
192.168.4.1
192.168.1.2
192.168.1.2
0.0.0.0
192.168.4.1
Metric LocPrf Weight

0
0
0
0
0
32768
0
Path
64515
64513
64513
i
64515
64514 i
64514 i
i
64514 i
*>
*> 192.168.3.0
*
* 192.168.4.0
*>
192.168.1.2
192.168.4.1
192.168.1.2
192.168.4.1
0.0.0.0
0
0
0
0
0
0
0
0
32768
64513
64515
64513
64515
i
i
i
64514 i
i
5Check BGP neighbor table on R1.

R1#show ip bgp neighbors
BGP neighbor is 192.168.1.2, remote AS 64513, external link
BGP neighbor is 192.168.4.1, remote AS 64515, external link

6according to the above output information we can see the next hop for network
150.150.1.0/24 is AS 64513 R2 192.168.1.2 right now.
7Use BGP WIGHT attribute to switch it to AS 64515 R4 192.168.4.1 on R1.
R1(config-router)#neighbor 192.168.4.1 weight 100
R1(config-router)#neighbor 192.168.1.2 weight 50
R1#clear ip bgp * soft
8Check BGP routing table and routing table on R1.

R1#show ip bgp
Network
*> 150.150.1.0/24
*
* 192.168.1.0
*>
*> 192.168.2.0
*
*> 192.168.3.0
*
* 192.168.4.0
*>
R1#
Next Hop
192.168.4.1
192.168.1.2
192.168.1.2
0.0.0.0
192.168.4.1
192.168.1.2
192.168.4.1
192.168.1.2
192.168.4.1
0.0.0.0

100
50
0
50
0
32768
100
0
50
0
100
50
0
100
0
32768
Path
64515
64513
64513
i
64515
64513
64515
64513
64515
i
64514 i
64514 i
i
64514 i
i
i
64514 i
i
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

E1 - OSPF external type 1, E2 - OSPF external type 2
C
C
B
B
B
192.168.4.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
150.150.0.0/24
150.150.1.0

[20/0] via 192.168.4.1, 00:01:01
[20/0] via 192.168.4.1, 03:12:01
[20/0] via 192.168.4.1, 00:01:01
9According to the above output information, R1 is now using R4 192.168.4.1 as the

next hop for all the networks, what we want is just for network 150.150.1.0/24.
10remove the default weight configuration, and use route-map to match the specific
network 150.150.1.0/24.
R1(config-router)#no neighbor 192.168.1.2 weight 50
R1(config-router)#no neighbor 192.168.4.1 weight 100
R1(config)#
R1(config)#
R1(config)#route-map set_weight permit 10
R1(config-route-map)#set weight 100
R1(config)#
R1(config)#
R1(config)#route-map set_weight permit 20
R1(config)#
R1(config-router)#neighbor 192.168.4.1 route-map set_weight in
R1(config)#exit
R1#clear ip bgp * soft

R1#show ip route
C
C
B
B
B
192.168.4.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
150.150.0.0/24
150.150.1.0

[20/0] via 192.168.1.2, 00:03:45
[20/0] via 192.168.4.1, 00:03:45
[20/0] via 192.168.4.1, 00:00:00

R1#show ip bgp
*>
*
*
*>
*
*>
*>
*
*
*>
Network
150.150.1.0/24
192.168.1.0
192.168.2.0
192.168.3.0
192.168.4.0
Next Hop
192.168.4.1
192.168.1.2
192.168.1.2
0.0.0.0
192.168.4.1
192.168.1.2
192.168.4.1
192.168.1.2
192.168.4.1
0.0.0.0

100
0
0
0
0
32768
0
0
0
0
0
0
0
0
0
32768
Path
64515
64513
64513
i
64515
64513
64515
64513
64515
i
64514 i
64514 i
i
64514 i
i
i
64514 i
i
13Ping test and trace test on R1.

R1#ping 150.150.1.1
!!!!!
R1#
1 192.168.4.1 16 msec 60 msec 64 msec
2 192.168.3.1 [AS 64515] 144 msec * 32 msec
Affects the BGP Routing By Path Prepend Lab

Topology
Lab Purpose:
1Master BGP AS Path prepend configuration.
Lab Steps:
2Enable BGP on all routers and use BGP AS Path prepend attribute to make sure R1
will choose R4 192.168.4.1 as next hop for network 150.150.1.0/24
R1#show ip bgp
Origin codes: i - IGP, e - EGP, ? incomplete
*
*>
*
*
*>
*
*>
*>
*
*
*
*>
Network
150.150.1.0/24
192.168.1.0
192.168.2.0
192.168.3.0
192.168.4.0
Next Hop
192.168.4.1
192.168.1.2
192.168.4.1
192.168.1.2
0.0.0.0
192.168.4.1
192.168.1.2
192.168.4.1
192.168.1.2
192.168.4.1
192.168.1.2
0.0.0.0

0
0
0
0
0
0
32768
0
0
0
0
0
0
0
0
0
0
32768

R1#show ip route
C
Path
64515
64513
64515
64513
i
64515
64513
64515
64513
64515
64513
i
64514 i
64514 i
64514 64513 i
i
64514 i
i
i
64514 i
i
64514 64515 i
C
B
B
B
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
150.150.0.0/24
150.150.1.0

[20/0] via 192.168.1.2, 00:01:20
[20/0] via 192.168.4.1, 00:01:20
[20/0] via 192.168.1.2, 00:01:20
5The default next hop for network 150.150.1.0/24 on R1 is 192.168.1.2, use AS

prepend to switch it to 192.168.4.1
6Set AS prepend on R3 for network 150.150.1.0/24, to make the AS path which going
trough R2 longer than before.
R3(config)#
R3(config)#route-map set_prepend permit 10
R3(config-route-map)#set as-path prepend 64514 64514
R3(config)#
R3(config)#route-map set_prepend permit 20
R3(config)#
R3(config-router)#neighbor 192.168.2.1 route-map set_prepend out
R3(config)#exit

R1#show ip bgp
*>
*
*
*>
*
*>
*>
*
*
*>
Network
150.150.1.0/24
192.168.1.0
192.168.2.0
192.168.3.0
192.168.4.0
Next Hop
192.168.4.1
192.168.1.2
192.168.1.2
0.0.0.0
192.168.4.1
192.168.1.2
192.168.4.1
192.168.1.2
192.168.4.1
0.0.0.0

0
0
0
0
0
32768
0
0
0
0
0
0
0
0
0
32768

R1#show ip route
C
C
B
B
B
192.168.4.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
150.150.0.0/24
150.150.1.0

[20/0] via 192.168.1.2, 00:12:54
[20/0] via 192.168.4.1, 00:12:54
[20/0] via 192.168.4.1, 00:09:42
Path
64515
64513
64513
i
64515
64513
64515
64513
64515
i
64514 i
64514 64514 64514 i
i
64514 i
i
i
64514 i
i
Configuring BGP Routes Reflector Lab

Topology
Lab Purpose: Master BGP route reflector configuration.

Lab Steps:
3Check BGP routing table on R1 R2 R3.
R2#show ip bgp
Network
Next Hop
*> 199.9.9.0
0.0.0.0
0
32768 i
r>i200.100.50.0 172.24.1.17
0 100 0 i
R3#show ip bgp
Network
Next Hop
r>i199.9.9.0
172.24.1.18

0 100 0 i
R1#show ip bgp
Network
Next Hop
r>i200.100.50.0
192.168.1.6
0 100
0i
R1#show ip route
R 200.100.50.0/24 [120/1] via 192.168.1.6, 00:00:11, Serial0/0
R 172.24.0.0/16 [120/1] via 192.168.1.6, 00:00:11, Serial0/0
C
As it's not a full mesh, so R1 can not learn BGP route from R2 because of the BGP
split horizon attribute.
4Enable route reflector on R3 to solve this issue.
R3(config-router)#neighbor 192.168.1.5 route-reflector-client
R3(config-router)#neighbir 172.24.1.18 route-reflector-client
R1#show ip bgp
Network
Next Hop
*>i199.9.9.0
172.24.1.18
0 100 0 i
*>i200.100.50.0 192.168.1.6
0 100 0 i
R1#show ip route
B 199.9.9.0/24 [200/0] via 172.24.1.18, 00:00:52
B 200.100.50.0/24 [200/0] via 192.168.1.6, 00:01:48
R 172.24.0.0/16 [120/1] via 192.168.1.6, 00:00:14, Serial0/0
C
Now R1 could learn BGP route from R2.
Configuring BGP Confederation Lab

Topology
Lab Purpose: Master BGP route reflector configuration.

Lab Steps:
2Enable BGP on all routers, set BGP confederation AS according to the topology.
R3(config-router)#bgp confederation identifier 3000
R3(config-router)#bgp confederation peers 65502
R4(config-router)#bgp confederation peers 65501 65504

R4(config-router)#no synchronization
R5(config-router)#bgp confederation peers 65503 65504

3Check BGP routing table on R1 and R2 we can see the confederation AS have been
hidden from outside AS.
R1#show ip bgp
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Network
Next Hop
* 10.1.1.0/30
10.1.1.2
*>
0.0.0.0
*> 10.1.1.4/30
10.1.1.2
*> 10.1.1.8/30
10.1.1.2
*> 10.1.1.12/30
10.1.1.2
*> 10.1.1.16/30
10.1.1.2
*> 10.1.1.20/30
10.1.1.2
*> 10.1.1.24/30
10.1.1.2
*> 10.1.1.28/30
10.1.1.2
*> 172.16.1.0/24
10.1.1.2
*> 172.16.2.0/24
10.1.1.2
*> 192.168.1.0
0.0.0.0
*> 192.168.2.0
10.1.1.2

0
0
3000 i
0
32768
i
0
0
3000 i
0
3000 i
0
3000 i
0
3000 i
0
3000 i
0
3000 i
0
3000 i
0
0
3000 i
0
3000 i
0
32768
i
0 3000 2000 i
R2#show ip bgp
Network
Next Hop
*> 10.1.1.0/30
10.1.1.17
*> 10.1.1.4/30
10.1.1.17
*> 10.1.1.8/30
10.1.1.17
*> 10.1.1.12/30
10.1.1.17
* 10.1.1.16/30
10.1.1.17
*>
0.0.0.0
*> 10.1.1.20/30
10.1.1.17
*> 10.1.1.24/30
10.1.1.17
*> 10.1.1.28/30
10.1.1.17
*> 172.16.1.0/24
10.1.1.17
*> 172.16.2.0/24
10.1.1.17

0 3000 i
0 3000 i
0 3000 i
0
0 3000 i
0
0 3000 i
0
32768 i
0 3000 i
0 3000 i
0 3000 i
0 3000 i
0
0 3000 i
*> 192.168.1.0
*> 192.168.2.0
10.1.1.17
0.0.0.0
0 3000 1000 i
32768 i
4Check BGP routing table on R3 for the specific prefix 10.1.1.4/30

R3#show ip bgp 10.1.1.4/30
Network
Next Hop
*> 10.1.1.4/30
172.16.1.5
0 (65502 65503)i
We can see the confederation AS are in curves.
Using Route Tag to Store BGP AS-Path Lab

Topology
Lab Purpose:
1Solve AS-PATH attribute missing issue during BGP and IGP redistribution.
2Master route tag store and restore BGP AS-PATH attribute configuration.
Lab Steps:
2Config OSPF between R2 and R3.

R2(config)#exit
R3(config)#exit
3Check OSPF neighbor relationship between R2 and R3.
Dead Time Address
Interface
192.168.2.1
1 FULL/BDR
00:00:32 172.16.1.2 FastEthernet0/0
R2#
4Establish BGP relationship between R1 R2, R3 R4. No BGP relationship between R2
R3.
R2(config)#exit
R3(config)#exit
5Confirm BGP relationship on R2 and R3.
Neighbor
192.168.1.1 4 64512
8
8
3
0
0
00:03:37
2

Neighbor
192.168.2.2 4 64514
6
6
2 0
0
00:01:46
1
6Check routing table on R4, we can see no routes have been learn.
R4#show ip route
7Config redistribution between BGP and OSPF on R2 R3.
R2(config-router)#redistribute bgp 64513 subnets
R2(config)#
R2(config-router)#redistribute ospf 1 match external internal
R2(config-router)#
R3(config-router)#redistribute ospf 1 match internal external
R3(config)#
R3(config-router)#redistribute bgp 64513 subnets
R3(config)#exit
8Check routing table again on R4, we can see routes are there.
R4#show ip route

B
172.16.1.0 [20/0] via 192.168.2.1, 00:03:18
B
130.130.1.0 [20/1] via 192.168.2.1, 00:03:18
B 192.168.1.0/24 [20/1] via 192.168.2.1, 00:03:18

9Check BGP routing table on R4, we can see routes are there but some BGP attributes
are missing. Such as item 130.130.1.0/24 from AS 64512, the AS-PATH of this item
should be 64521 65513, but in the BGP table it only appears AS 64513, the BGP origin
attribute is also incomplete.
R4#show ip bgp
Network
Next Hop
*> 130.130.1.0/24 192.168.2.1
1
0 64513 ?
*> 172.16.1.0/24 192.168.2.1
0
0 64513 ?
*> 192.168.1.0 192.168.2.1
1
0 64513 ?
* 192.168.2.0 192.168.2.1
0
0 64513 i
*>
0.0.0.0
0
32768 i
10As OSPF can not recognize BGP AS-PATH attribute from redistribution, so there is
BGP AS-PATH attribute missing issue. To solve this problem, route tag should be
introduced. We use route tag to store BGP attribute before redistribution from BGP to
OSPF on R2, and restore it by redistribution from OSPF to BGP on R3.
11Store AS-PATH attribute in route tag on R2.
R2(config)#route-map SET_TAG permit 10
R2(config-route-map)#set automatic-tag
R2(config)#
R2(config-router)#table-map SET_TAG
12Restore AS-PATH attribute from route tag on R3.
R3(config)#route-map GET_TAG permit 10
R3(config-route-map)#set as-path tag
R3(config-route-map)#set origin igp
R3(config-router)#redistribute ospf 1 match external internal route-map GET_TAG
13Check BGP routing table on R4, we can see the AS-PATH for item 130.130.1.0/24 is
complete now, and originate from IGP.
R4#show ip bgp
Network
Next Hop
*> 130.130.1.0/24 192.168.2.1
1
0 64513 64512 i
*> 172.16.1.0/24 192.168.2.1
0
0 64513 i
*> 192.168.1.0 192.168.2.1
1
0 64513 i
* 192.168.2.0 192.168.2.1
0
0 64513 i
*>
0.0.0.0
0
32768 i
R4#
14Ping test on R4.
R4#ping 130.130.1.1
!!!!!
Using Distribute-list to Filtering BGP Routing Lab

Topology
Lab Purpose:
1Master BGP route filtering by distribute-list configuration.
Lab Steps:
R3#show ip route
B
B
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:01:43
172.16.0.0/24 [20/0] via 10.1.255.1, 00:01:43
172.16.1.0/24 [20/0] via 10.1.255.1, 00:01:43
172.16.2.0/24 [20/0] via 10.1.255.1, 00:01:43
172.16.3.0/24 [20/0] via 10.1.255.1, 00:01:43
4Config BGP route filtering on R2.

R2(config)#
R2(config-router)#neighbor 10.1.255.2 distribute-list 1 out
R2(config-router)#end
R3#show ip route
B
172.16.255.0/30 [20/0] via 10.1.255.1, 00:06:14
B
172.16.2.0/24 [20/0] via 10.1.255.1, 00:06:14
B
172.16.3.0/24 [20/0] via 10.1.255.1, 00:06:14
C
We can see network 172.16.0.0 and 172.16.1.0 have gone.
Using Route-Map to Filtering BGP Routing Lab
Topology
Lab Purpose:
1Master route-map based BGP route filtering configuration.
Lab Steps:
R3#show ip route
B
B
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:12:39
172.16.0.0/24 [20/0] via 10.1.255.1, 00:00:01
172.16.1.0/24 [20/0] via 10.1.255.1, 00:00:01
172.16.2.0/24 [20/0] via 10.1.255.1, 00:12:39
172.16.3.0/24 [20/0] via 10.1.255.1, 00:12:39
4Config route-map based BGP route filtering.

R2(config)#
R2(config)#route-map bgpfilter permit 10
R2(config)#
R2(config-router)#neighbor 10.1.255.2 route-map bgpfilter out
R2(config)#exit
R2#
5Check routing table on R3 again, we can see network 172.16.0.0/24 and

172.16.1.0/24 have been filtered.
R3#show ip route
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:19:57
172.16.2.0/24 [20/0] via 10.1.255.1, 00:19:57
172.16.3.0/24 [20/0] via 10.1.255.1, 00:19:57
Using Prefix-List to Filtering BGP Routing Lab

Topology
Lab Purpose:
1Master Prefix-List based BGP route filtering.
2Use Prefix-List to filter BGP route based on mask length.
Lab Steps:
R3#show ip route
B
172.16.255.0/30 [20/0] via 10.1.255.1, 00:02:56
B
172.16.4.0/28 [20/0] via 10.1.255.1, 00:00:04
B
B
B
B
172.16.0.0/24 [20/0] via 10.1.255.1, 00:01:21

172.16.1.0/25 [20/0] via 10.1.255.1, 00:00:04
172.16.2.0/26 [20/0] via 10.1.255.1, 00:00:04
172.16.3.0/27 [20/0] via 10.1.255.1, 00:00:04
B
10.1.255.0/30 [20/0] via 10.1.255.1, 00:02:56
C
4Scenario 1: R2 should not announce BGP routes 172.16.0.0/24 and 172.16.1.0/25 to
R3.
5Config prefix-list based BGP route filtering on R2.
R2(config)#ip prefix-list bgpfilter seq 5 deny 172.16.0.0/24
R2(config)#ip prefix-list bgpfilter seq 10 deny 172.16.1.0/25
R2(config)#ip prefix-list bgpfilter seq 15 permit 0.0.0.0/0 le 32
R2(config)#
R2(config-router)#neighbor 10.1.255.2 prefix-list bgpfilter out
R3#show ip route
B
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:00:16
172.16.4.0/28 [20/0] via 10.1.255.1, 00:00:16
172.16.2.0/26 [20/0] via 10.1.255.1, 00:00:16
172.16.3.0/27 [20/0] via 10.1.255.1, 00:00:16
7Scenario 2: R2 should only announce BGP routes 172.16.3.0/27 and 172.16.255.0/30

to R3.
R2(config)#ip prefix-list bgpfilter seq 5 permit 172.16.3.0/27
R2(config)#
R2(config)#
R3#show ip route
B
172.16.255.0/30 [20/0] via 10.1.255.1, 00:06:15
B
172.16.3.0/27 [20/0] via 10.1.255.1, 00:06:15
C
R3#
10Scenario 3: R2 should only announce network 172.16.0.0/22 which mask 26 bit,
and network 172.16.255.0/30 by BGP.
R2(config)#ip prefix-list bgpfilter seq 5 permit 172.16.0.0/22 ge 26
R2(config)#
R2(config)#
R3#show ip route
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:11:25
172.16.2.0/26 [20/0] via 10.1.255.1, 00:01:16
172.16.3.0/27 [20/0] via 10.1.255.1, 00:11:25
13Scenario 4: R2 should only announce network 172.16.0.0/22 which mask 25 bit,

and network 172.16.255.0/30 by BGP.
R2(config)#ip prefix-list bgpfilter seq 5 permit 172.16.0.0/22 le 25

R2(config)#
R2(config)#exit
R2(config)#
R3#show ip route
B
B
B
C

172.16.255.0/30 [20/0] via 10.1.255.1, 00:15:00
172.16.0.0/24 [20/0] via 10.1.255.1, 00:01:10
172.16.1.0/25 [20/0] via 10.1.255.1, 00:01:10
15Scenario 5: R2 should only announce network 172.16.0.0/22 which 25 bit mask

26 bit, and network 172.16.255.0/30 by BGP.
R2(config)#ip prefix-list bgpfilter permit 172.16.0.0/22 ge 25 le 26
R2(config)#ip prefix-list bgpfilter permit 172.16.255.0/30
R2(config)#
R2(config-router)#end
R3#show ip route
172.16.255.0/30 [20/0] via 10.1.255.1, 00:19:42
172.16.1.0/25 [20/0] via 10.1.255.1, 00:05:53
172.16.2.0/26 [20/0] via 10.1.255.1, 00:01:21
C
B
B
B
Configuring 802.1x Port-Based Authentication Lab

Topology
Lab Purpose:
1Master interface based 802.1x authentication configuration.
2Master Cisco Radius server configuration.
Lab Steps:
1Add AAA client by click "Network Configuration" on ACS server, key:
cisco authentication protocol: Radius(IETF)
4Setup IETF attribute by clicking "Interface Configuration", choose

"RADIUS (IETF)", choose the following 3 attribute then submit.
[064] Tunnel-Type
[065] Tunnel-Medium-Type
[081] Tunnel-Private-Group-ID
5Create a user for 802.1x authentication. Click <User Configuration>,
enter username: CCIE University1, click Add/Edit, enter password:
www.ccieuniversity.com assign this user to Group 1 then click Submit.
6Setup Group attribute by clicking "Group Configuration", choose

"Group 1", clickEdit Settings. Set the following 3 attribute as
below.
[064]Tunnel-Type, Tag 1 Value VLAN,
[065]Tunnel-Medium-Type, Tag1 Value 802,
[081]Tunnel-Private-Group-ID Tag 1 Value 10
Click Submit + Restart
7Create another username: CCIE University2 assign it to Group 2.

Meanwhile set Group 2 attribute as below.
[064]Tunnel-Type, Tag 1 Value VLAN
[065]Tunnel-Medium-Type, Tag1 Value 802
[081]Tunnel-Private-Group-ID Tag 1 Value 20
8Config ACS server, click "System Configurateion", click "Global
Authentication Setup", remove LEAP "Allow LEAP (For Aironet only)"
option, then click Submit + Restart.
9Setup vlan interface 1 on switch to communicate with ACS server.
Switch(config)#
Switch(config)#interface vlan 1
Switch(config-if)#ip address 202.195.30.158 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#
10Create vlans on switch.
Switch(config)#vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#exit
11Config AAA on switch, and enable 802.1x.
Switch(config)#aaa new-model
Switch(config)#radius-server host 202.195.30.159 key cisco
Switch(config)#radius-server vsa send
Switch(config)#aaa authentication login default none
Switch(config)#aaa authentication dot1x default group radius
Switch(config)#aaa authorization network default group radius
Switch(config)#dot1x system-auth-control
12Interface configuration for 802.1x.
Switch(config)#interface range fastEthernet 0/1 - 20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#spanning-tree portfast
Switch(config-if-range)#dot1x port-control auto
Switch(config-if-range)#exit
13Check vlan table on switch.
Switch#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- -----------------------------1
default
active
Fa0/1, Fa0/2, Fa0/3,
Fa0/4
Fa0/5, Fa0/6, Fa0/7,
Fa0/8
Fa0/9, Fa0/10, Fa0/11,
Fa0/12
Fa0/13, Fa0/14, Fa0/15,
Fa0/16
Fa0/17, Fa0/18, Fa0/19,
Fa0/20
Fa0/21, Fa0/22, Fa0/23,
Fa0/24
Gi0/1, Gi0/2
10
VLAN0010
active
20
VLAN0010
active
14Enable IEEE 802.1x authentication on PC network adapter, and set EAP type to
MD5 query.
15Connect PC1 and PC2 to switch, then there will be a popup 802.1x authentication
table, enter the username and password we have.
16When the authentication succeed, check vlan table again, we can see Fa0/1 and
Fa0/2 have been assigned to VLAN 10 and VLAN20 automatically.
Switch#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- -----------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5,
Fa0/6,
Fa0/7, Fa0/8, Fa0/9,
Fa0/10,
Fa0/11, Fa0/12, Fa0/13,

Fa0/14,
Fa0/15, Fa0/16, Fa0/17,
Fa0/18,
Fa0/19, Fa0/20, Fa0/21,
Fa0/22,
Fa0/23, Fa0/24, Gi0/1,
Gi0/2
10
VLAN0010
20
VLAN0020
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default
active
Fa0/1
active
Fa0/2
act/unsup
act/unsup
act/unsup
act/unsup
Routing Between VLANs and VTP Protocol Lab

Topology
Lab Purpose:
1Master VTP configuration.

2Master routing between vlans and sub-interface configuration.
Lab Steps:
1PCS configuration as follows.
PC1(config)#no ip routing
PC1(config)#
PC1(config)#ip default-network 192.168.1.1
PC1(config)#
PC1(config)#interface fastEthernet 0/0
PC1(config-if)#ip address 192.168.1.10 255.255.255.0
PC1(config-if)#no shutdown
PC1(config-if)#exit
PC1(config)#
PC2(config)#
PC2(config)#
PC2(config-if)#exit
PC2(config)#
PC3(config)#
PC3(config)#
PC3(config-if)#exit
PC3(config-if)#
2Trunk configuration on SW1 and SW2.
SW1(config)#interface fastEthernet 1/1
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#exit

SW2(config-if)#exit
3Check trunk interface on SW2.
SW2#show interfaces trunk
Port
Fa1/2
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Port
Fa1/2
Vlans allowed on trunk

1-1005
Port
Fa1/2
Vlans allowed and active in management domain

1
Port
Fa1/2
Vlans in spanning tree forwarding state and not pruned

1
4Check VTP state before doing VTP configuration.

SW2#show vtp status
VTP Version
: 2
Configuration Revision
: 0
Maximum VLANs supported locally : 256
Number of existing VLANs
: 5
VTP Operating Mode
: Server
VTP Domain Name
:
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5
0x70
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
5Enable VTP on SW1 and SW2.
SW1(config)#vtp password www.ccieuniversity.com
Setting device VLAN database password to www.ccieuniversity.com
SW1(config)#vtp domain www.ccieuniversity.com
Changing VTP domain name from cisco to www.ccieuniversity.com
SW1(config)#vtp pruning
Pruning switched on
SW1(config)#vtp mode SERVER
Setting device to VTP server mode.
SW2(config)#vtp password www.ccieuniversity.com
Setting device VLAN database password to www.ccieuniversity.com
SW2(config)#vtp domain www.ccieuniversity.com
Changing VTP domain name from cisco to www.ccieuniversity.com
SW2(config)#vtp pruning
Pruning switched on
SW2(config)#vtp mode client
Setting device to VTP client mode.
6Check VTP state on SW2.

SW2#show vtp status
VTP Version
: 2
: 1
: 10
VTP Operating Mode
: Client
VTP Domain Name
: www.ccieuniversity.com
VTP Pruning Mode
: Enabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0x71 0x62 0x0B 0xD1 0xED 0xFD 0x7D
0xAC
7Create vlans on SW1.
SW1(config)#
SW1(config)#vlan 10
SW1(config-vlan)#name ccieuniversity10
SW1(config-vlan)#exit
SW1(config)#
SW1(config)#vlan 20
SW1(config-vlan)#name ccieuniversity20
SW1(config-vlan)#exit
8Check vlan table on SW1.
SW1#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- -----------------------------1
default
active
Fa1/0, Fa1/2, Fa1/3,
Fa1/4
Fa1/5, Fa1/6, Fa1/7,
Fa1/8
Fa1/9, Fa1/10, Fa1/11,
Fa1/12
Fa1/13, Fa1/14, Fa1/15
10
ccieuniversity10
active
20
ccieuniversity20
active
1002 fddi-default
active
active
active
active
1005 trnet-default
VLAN Type
Trans2
---- ---------1
enet
1003
10
enet
0
20
enet
0
1002 fddi
1003
1003 tr
1002
1004 fdnet
0
1005 trnet
0
SAID
MTU
Parent RingNo BridgeNo Stp
BrdgMode Trans1
---------- ----- ------ ------ -------- ---- -------- -----100001
1500
1002
100010
1500
100020
1500
101002
1500 -
101003
1500
1005
srb
101004
1500
ibm
101005
1500
ibm
9 VTP
SW1#show vtp status
VTP Version
: 2
: 2
: 7
VTP Operating Mode
: Server
VTP Domain Name
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0xF3 0x1C 0x33 0x46 0xEA 0x14 0xBB
0x9F
Local updater ID is 0.0.0.0 (no valid interface found)
10Check VTP state on SW2.
SW2#show vtp status
VTP Version
: 2
: 2
: 7
VTP Operating Mode
: Client
VTP Domain Name
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
MD5 digest
: 0xF3 0x1C 0x33 0x46 0xEA 0x14 0xBB
0x9F
11Check vlan table on SW2.
SW1#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- -----------------------------1
default
active
Fa0/3, Fa0/4, Fa0/5,
Fa0/6
Fa0/7, Fa0/8, Fa0/9,
Fa0/10
Fa0/11, Fa0/12, Fa0/13,
Fa0/14
Fa0/15, Fa0/16, Fa0/17,

Fa0/18
Fa0/19, Fa0/20, Fa0/21,
Fa0/22
Fa0/23, Fa0/24, Gi0/1,
Gi0/2
10
ccieuniversity10
active
20
ccieuniversity20
active
1002 fddi-default
act/unsup
act/unsup
act/unsup
1005 trnet-default
act/unsup
12Assign interfaces to relevant vlan on SW1 and SW2.

SW1(config-if)#switchport access vlan 10
SW1(config-if)#exit
SW1(config)#
SW1(config-if)#exit
SW2(config-if)#exit
13Ping test on PC1 PC2 and PC3.
PC1#ping 192.168.1.20
.....
PC1#
PC2#ping 192.168.2.20
.!!!!
PC2#
PC2#ping 192.168.1.10
.....
PC2#
PC3#ping 192.168.2.10
!!!!!
PC3#
PC3#ping 192.168.1.10
.....
We can see communication in the same vlan is ok, but between different vlans is not
working.
14Enable routing between vlans.
SW1(config-if)#
SW1(config-if)#exit
R1(config)#
R1(config-if)#no ip address
R1(config-if)#exit
R1(config)#
R1(config)#interface fastEthernet 0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.1.1 255.255.255.0
R1(config-subif)#exit
R1(config)#
R1(config)#interface fastEthernet 0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 192.168.2.1 255.255.255.0
R1(config-subif)#exit
R1(config)#
R1#show ip route
C
C
192.168.1.0/24 is directly connected, FastEthernet0/0.10

192.168.2.0/24 is directly connected, FastEthernet0/0.20
16Ping test again on all PCS.

PC1#ping 192.168.1.1
!!!!!
ms
PC1#
PC1#ping 192.168.2.1
!!!!!
ms
PC1#
PC1#ping 192.168.2.10
..!!!
PC1#
PC1#ping 192.168.2.20

..!!!
PC1#
PC2#ping 192.168.1.10
!!!!!
PC2#
PC3#ping 192.168.1.10
!!!!!
Configuring L2 & L3 EtherChannel with PAGP Lab

Topology
Lab Purpose:
1Master PAGP configuration.
Lab Steps:
1Connect two switches as the above topology.

2Shutdown interfaces range from Fa1/0/1 22 on SW1 and SW2.
3Check STP information on SW1.
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a8e2.9880
Cost
19
Port
25 (FastEthernet1/0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0014.a8f1.9880
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface
Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa1/0/23
Root FWD 19
128.25 P2p
Fa1/0/24
Altn BLK 19
128.26 P2p
4To maximum the bandwidth usage rates, we'd like to combine two links together.
5Enable Ethernet-Channel based on PAGE on SW1 and SW2.
SW1(config)#interface range fastEthernet 1/0/23 - 24
SW1(config-if-range)#switchport
SW1(config-if-range)#channel-protocol pagp
SW1(config-if-range)#channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
SW1(config-if-range)#exit
SW1(config)#exit
SW2(config-if-range)#sw
SW2(config-if-range)#switchport
SW2(config-if-range)#channel-group 1 mode auto
SW2(config)#exit
00:32:28: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/23,

changed state to down
changed state to down
changed state to up
changed state to up
0:37:18: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
00:37:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to up
6TIPS: Descirable is the positive mode for PAGE, auto is the negative mode for PAGE.
7Check interface based Ether-Channel information.
SW1#show interfaces fastEthernet 1/0/23 etherchannel
Port state = Up Mstr In-Bndl
Channel group = 1
Mode = Desirable-Sl Gcchange = 0
Port-channel = Po1
GC = 0x00010001 Pseudo port-channel = Po1
Port index = 0
Load = 0x00
Protocol = PAgP
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode.
P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running.
Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.
Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Fa1/0/23 SC U6/S7 H
30s 1
128
Any 5001
Partner's information:
Partner
Port Name
Fa1/0/23 SW2
Partner
Partner
Partner Group
Device ID
Port
Age Flags Cap.
0014.a8e2.9880 Fa1/0/23 20s SAC
Age of the port in the current state: 00d:00h:06m:53s
10001
8Check etherchannel port-channel information on SW1.

SW1#show etherchannel port-channel
Channel-group listing:
---------------------Group: 1
---------Port-channels in the group:
--------------------------Port-channel: Po1
-----------Age of the Port-channel = 00d:00h:15m:37s
Logical slot/port = 10/1
Number of ports = 2
GC
= 0x00010001 HotStandBy port = null
Port state
= Port-channel Ag-Inuse
Protocol
= PAgP
Ports in the Port-channel:
Index Load Port EC state
No of bits
------+------+------+------------------+----------0 00 Fa1/0/23 Desirable-Sl
0
0 00 Fa1/0/24 Desirable-Sl
0
Time since last port bundled: 00d:00h:10m:27s Fa1/0/24
9Check etherchannel summary information on SW1.
SW1#show etherchannel summary
Flags: D - down
P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators:
1
Group Port-channel Protocol Ports

------+-------------+-----------+----------------------------------------------1 Po1(SU)
PAgP Fa1/0/23(P) Fa1/0/24(P)
10Check STP information on SW1.
SW1#show spanning-tree
Interface
Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Po1
Root FWD 12
128.616 P2p
11Setup ip address for vlan1 on SW1 and SW2 to test Ethernet Channel connectivity.
SW1(config)#interface vlan 1
SW1(config-if)#ip address 192.168.1.1 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW2(config-if)#exit
12Ping test between SW1 and SW2.
SW2#ping 192.168.1.1
!!!!!
13To test the redundant feature of Ethernet Channel, we setup continues ping traffic,
meanwhile shutdown Fa0/23 on SW1 to see whether the ping traffic has been
interrupted.
SW2#ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]: 1000000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Seems well.
14Remove layer 2 Ethernet Channel configuration, and enable layer 3 Ethernet
Channel.
15Enable layer 3 Ethernet Channel on SW1 and SW2.
SW1(config)#interface port-channel 1
SW1(config-if)#no switchport
SW1(config-if)#exit
SW1(config)#
SW1(config)#
SW1(config-if-range)#no switchport
SW1(config)#exit
00:12:15: %EC-5-L3DONTBNDL1: Fa1/0/23 suspended: PAgP not enabled on the remote
port.
00:12:16: %EC-5-L3DONTBNDL1: Fa1/0/24 suspended: PAgP not enabled on the remote
port.
SW2(config-if)#exit
SW2(config)#
SW2(config)#exit
changed state to up
changed state to up
00:20:03: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
00:20:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed
state to up
16Check Ethernet Channel summary information on SW2.

Flags: D - down
P - in port-channel
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
d - default port

1
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------1 Po1(RU)
PAgP Fa1/0/23(P) Fa1/0/24(P)
17Ping test on SW2.
SW2#ping 192.168.1.1
.!!!!
Configuring L2 & L3 EtherChannel with LACP Lab

Topology
Lab Purpose:
1Master LACP configuration.
Lab Steps:
1Connect two switches as the above topology.
2Shutdown interfaces range from Fa1/0/1 22 on SW1 and SW2.
3Enable LACP on SW1 and SW2.
SW1(config-if-range)#channel-protocol lacp
SW1(config-if-range)#channel-group 1 mode active
SW2(config-if-range)#channel-group 1 mode passive
4Check etherchannel
summary information on SW1.

P - in port-channel
Flags: D - down
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
d - default port
1
Group Port-channel Protocol
Ports
------+-------------+-----------+----------------------------------------------1
Po1(SU)
LACP
Fa1/0/23(P) Fa1/0/24(P)
5Setup ip address for vlan1 on SW1 and SW2 to test Ethernet Channel connectivity.
SW1(config-if)#exit
SW1(config)#
SW2(config-if)#exit
Ping test between SW1 and SW2.

SW1#ping 192.168.1.2
.!!!!
6Remove Layer2 LACP configuration.

7Enable layer3 LACP on SW1 and SW2.
SW1(config-if)#exit
SW1(config)#
SW1(config-if-range)#channel-group 1 mode active
SW2(config-if)#exit
SW2(config)#
SW2(config-if-range)#
SW2(config-if-range)#channel-group 1 mode passive
SW2(config)#exit
8Check etherchannel summary information on SW1 and SW2.

P - in port-channel
Flags: D - down
R - Layer3
S - Layer2
U - in use
d - default port

1
Ports
------+-------------+-----------+----------------------------------------------1
Po1(RU)
LACP
Fa1/0/23(P) Fa1/0/24(P)

Flags: D - down
P - in port-channel
R - Layer3
S - Layer2
U - in use
d - default port

1
Ports
------+-------------+-----------+----------------------------------------------1
Po1(RU)
LACP
Fa1/0/23(P) Fa1/0/24(P)
9Ping test between SW1 and SW2.

SW2#ping 192.168.1.1
.!!!!
Configuring Layer 3 Redundancy with HSRP Lab

Topology
Lab Purpose:
1Master HSRP principal.
2Master HSRP configuration.
3Understanding HSRP preempt and track feature.
Lab Steps:
R1(config-if)#exit
R1(config)#
R1(config-if)#exit
R1(config)#
R2(config-if)#exit
R2(config)#
R2(config-if)#exit
R2(config)#
2PC1 basic configuration, set default gateway to the HSRP virtual ip address.
PC1(config)#
PC1(config-if)#exit
PC1(config)#
PC1(config)#ip default-gateway 192.168.1.1
PC1(config)#exit
3Ping test from PC1 to network 10.1.1.0/24
PC1#ping 10.1.1.1
.....
PC1#
4Enable HSRP on R1 and R2.
R1(config-if)#standby 1 ip 192.168.1.1
R2(config-if)#standby 1 ip 192.168.1.1
5Below output will following the HSRP configuration.
00:13:27: %STANDBY-6-STATECHANGE: FastEthernet0/0 Group 1 state Standby -> Active
6Check HSRP group information on R1 and R2.
R1#show standby
FastEthernet0/0 - Group 1
Local state is Active, priority 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.348
Virtual IP address is 192.168.1.1 configured
Active router is local
Standby router is 192.168.1.3, priority 100 expires in 7.812
Virtual mac address is 0000.0c07.ac01
5 state changes, last state change 00:00:10
IP redundancy name is "hsrp-Fa0/0-1" (default)
R2#show standby
Local state is Standby, priority 100
Active router is 192.168.1.2, priority 100 expires in 7.748
Standby router is local
7Ping and trace-route to destination 10.1.1.1 on PC1.
PC1#ping 10.1.1.1
!!!!!
PC1#
PC1#traceroute 10.1.1.1
1 192.168.1.2 68 msec 56 msec *
PC1#
8Check arp table on PC1, we can see the HSRP virtual MAC address is 0000.0c07.ac01
PC1#show arp
Protocol Address
Age (min) Hardware Addr Type Interface
Internet 192.168.1.10
- ca02.0be4.0000 ARPA FastEthernet0/0
Internet 192.168.1.1
12 0000.0c07.ac01 ARPA FastEthernet0/0
9Use continues ping to test redundant feature of HSRP.
00:39:48: %STANDBY-6-STATECHANGE: FastEthernet0/0 Group 1 state Active -> Init
PC1#ping
Protocol [ip]:
Target IP address: 10.1.1.1
Repeat count [5]: 1000000
Datagram size [100]:
Timeout in seconds [2]:

Extended commands [n]:
Sweep range of sizes [n]:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Everything will be back in 10 seconds.
10Ping and trace-route to destination 10.1.1.1 on PC1 again, we can see the real next
hop changed from 192.168.1.2 to 192.168.1.3
PC1>ping 10.1.1.1
!!!!!
PC1>
PC1>traceroute 10.1.1.1
1 192.168.1.3 32 msec 28 msec *
PC1>
11Based on the above test, we can see HSRP can provide redundant feature.
12No shutdown Fa0/0 on R1.
R1(config-if)#exit
R1(config)#
13Check HSRP group information on R1, we found the active router is still R2.
R1#show standby

14If we want R1 back to the active router when it's up again, then we need to enable
preempt feature on R1.
R1(config-if)#standby 1 priority 200
R1(config-if)#standby 1 preempt
R1(config-if)#exit
R1(config)#
R1#
15Check HSRP group information on R2.
R2#show standby
16HSRP can also track link state to provide high availability, enable track on R1, and
enable preempt on R2.
R1(config-if)#standby 1 priority 200
R1(config-if)#standby 1 track loopback 0 150
R1(config-if)#exit
R1(config)#
R2(config-if)#
17Enable HSRP debug and shutdown loopback 0 on R1, we can see the HSRP priority
of R1 down to 50.
R1#debug standby events

HSRP Events debugging is on
R1#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config-if)#
R1(config-if)#
01:09:58: SB: Fa0/0 Grp 1 Tracked interface Loopback0 Down
01:09:58: SB: Fa0/0 Grp 1 Priority 200/200 -> 50/200
01:09:58: SB1: Fa0/0 Active: j/Coup rcvd from higher pri router (100/192.168.1.3)
01:09:58: SB1: Fa0/0 Active router is 192.168.1.3, was local
01:09:58: SB: Fa0/0 Remove active hash 192.168.1.2 (vIP 192.168.1.1)
01:09:58: SB: Fa0/0 Remove passive hash 192.168.1.3 (frc 0)
01:09:58: SB: Fa0/0 Add active hash 192.168.1.3 (vIP 192.168.1.1)
01:09:58: SB1: Fa0/0 Standby router is unknown, was 192.168.1.3
01:09:58: SB1: Fa0/0 Active -> Speak
01:09:58: %STANDBY-6-STATECHANGE: FastEthernet0/0 Group 1 state Active -> Speak
01:09:58: SB1: Fa0/0 Redundancy "hsrp-Fa0/0-1" state Active -> Speak
01:09:58: SB: Fa0/0 Redirect adv start
01:09:58: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively
down
01:10:08: SB1: Fa0/0 Speak: d/Standby timer expired (unknown)
01:10:08: SB1: Fa0/0 Standby router is local
01:10:08: SB1: Fa0/0 Speak -> Standby
01:10:08: SB1: Fa0/0 Redundancy "hsrp-Fa0/0-1" state Speak -> Standby
18Check HSRP group information on R1 and R2.
R1#show standby
Local state is Standby, priority 50 (confgd 200), may preempt
Priority tracking 1 interface, 0 up:
Interface
Decrement State
Loopback0
150 Down (administratively down)
R1#
R2#show standby
Local state is Active, priority 100, may preempt
Active router is local
Standby router is 192.168.1.2, priority 50 expires in 9.128
Virtual mac address is 0000.0c07.ac01
Priority tracking 1 interface, 1 up:
Interface
Decrement State
Loopback0
10 Up
Configuring Layer 3 Redundancy with VRRP Lab

Topology
Lab Purpose:
1Master HSRP configuration.
Lab Steps:
1Finish PC configuration according to the topology.
PC1(config)#
PC1(config-if)#no cdp enable
PC1(config-if)#exit
PC1(config)#
PC1(config)#exit
PC2(config)#
PC2(config-if)#no cdp enable
PC2(config-if)#exit
PC2(config)#
PC2(config)#exit
2Ping test and track test on PC1 and PC2.

PC1#ping 10.1.1.1
!!!!!
PC1#
1 192.168.1.1 12 msec *
PC1#
96 msec
PC2#ping 10.1.1.1
!!!!!
PC2#
1 192.168.1.2 120 msec *

PC2#
72 msec
3Shutdown Fa0/0 on R1.

R1(config-if)#
4Ping test and track test on PC1 and PC2 again, we can see there is no redundant
solution although there are 2 links.
PC1#ping 10.1.1.1
.....
PC1#
1 *
2 *
3 *
*
*
*
*
*
*
PC2#ping 10.1.1.1
!!!!!
PC2#
PC2#tr
1 192.168.1.2 112 msec *
PC2#
96 msec
5Enable VRRP on R1 and R2.

R1(config)#interface
R1(config-if)#vrrp 1
R1(config-if)#
R1(config-if)#exit
fastEthernet 0/0
ip 192.168.1.1
priority 200
preempt
ip 192.168.1.2
priority 100
preempt
R1(config)#
R2(config)#interface
R2(config-if)#
R2(config-if)#exit
R2(config)#exit
R2#
fastEthernet 0/0
ip 192.168.1.1
priority 100
preempt
ip 192.168.1.2
priority 200
preempt
6Check VRRP group information on R1 and R2.

R1#show vrrp
State is Master
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 255 (cfgd 200)
Master Router is 192.168.1.1 (local), priority is 255
Master Advertisement interval is 1.000 sec
Master Down interval is 3.003 sec
State is Backup
Preemption enabled
Priority is 100
Master Router is 192.168.1.2, priority is 255
Master Down interval is 3.609 sec (expires in 3.349 sec)
R2#show vrrp
State is Backup
Preemption enabled
Priority is 100
Master Router is 192.168.1.1, priority is 255
Master Down interval is 3.609 sec (expires in 2.773 sec)
State is Master

Preemption enabled
Priority is 255 (cfgd 200)
Master Router is 192.168.1.2 (local), priority is 255
Master Down interval is 3.003 sec
7Shutdown Fa0/0 on R1 again.

R1(config-if)#
*Jul 8 21:49:59.131: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Master -> Init
*Jul 8 21:49:59.135: %VRRP-6-STATECHANGE: Fa0/0 Grp 2 state Backup -> Init
R2#
*Jul
R2#
8 21:50:03.191: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master
8Ping test and track test on PC1 and PC2 again, this time we've got redundancy.
PC1#ping 10.1.1.1
!!!!!
PC1#
1 192.168.1.2 92 msec *
PC1#
120 msec
PC2#ping 10.1.1.1
!!!!!
PC2#
1 192.168.1.2 132 msec *
PC2#
168 msec

Ccnplabguide 130323152251 Phpapp01 PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccnplabguide 130323152251 Phpapp01 PDF

Uploaded by

Copyright:

Available Formats

www.ccieuniversity.

Configuring Basic EIGRP Lab ............................................................................................................ 3

Understand BGP Synchronization Rule Lab ................................................................................. 111

1Config IP address for each router.

IP-EIGRP neighbors for process 50

5Check the routing table on R2.

6 Check EIGRP routing table on R2.

7There is a summary route 10.0.0.0/8 via 172.16.1.1 on R2 by auto summary feature,

R2#show ip route eigrp

10.1.3.0 [90/2297856] via 172.16.1.1, 00:02:31, Serial1/0

8Manually summarize network 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24

10Use wild card bits on R2's EIGRP configuration.

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

Configuring Default-network for EIGRP Lab

1Finish the basic ip address configuration on all the routers.

IP-EIGRP neighbors for process 50

Hold Uptime SRTT RTO Q Seq Type

5Add a default route on R2 to reach the external network.

Gateway of last resort is not set

172.16.0.0/30 is subnetted, 2 subnets

Gateway of last resort is not set

172.16.0.0/30 is subnetted, 2 subnets

Gateway of last resort is 172.16.1.2 to network 0.0.0.0

Gateway of last resort is 172.16.1.5 to network 0.0.0.0

172.16.0.0/30 is subnetted, 2 subnets

Gateway of last resort is not set

172.16.0.0/30 is subnetted, 2 subnets

Gateway of last resort is not set

172.16.0.0/30 is subnetted, 2 subnets

Gateway of last resort is 192.168.10.2 to network 0.0.0.0

Gateway of last resort is 172.16.1.2 to network 192.168.10.0

Gateway of last resort is 172.16.1.5 to network 192.168.10.0

Manually Summarizing EIGRP Routes Lab

1Finish basic ip configuration.

4Check the routing table of R2.

172.16.0.0/30 is subnetted, 3 subnets

5Check the EIGRP topology database of R2.

P 192.168.1.0/24, 1 successors, FD is 409600, serno 5

6The specific 10.1.X.0/24 networks on both R1 and R4 were automatically summarize

8Check the routing table of R2.

172.16.0.0/30 is subnetted, 3 subnets

192.168.2.0/24 [90/409600] via 172.16.1.6, 00:21:08, Ethernet1/1

9Ping the networks behind R1 and R4 again.

11Check the routing table of R2 and R4.

172.16.0.0/30 is subnetted, 3 subnets

172.16.1.0 [90/309760] via 172.16.1.9, 00:02:23, FastEthernet0/0

172.16.0.0/30 is subnetted, 3 subnets

12Ping the networks behind R3 from R2 and R4.

Configuring EIGRP Unequal Cost Paths Lab

1Finish basic ip configuration.

172.16.0.0/30 is subnetted, 3 subnets

P 192.168.1.0/24, 1 successors, FD is 156160

P 192.168.1.0/24, 1 successors, FD is 156160, serno 6

8According to the FS formula.

P 192.168.1.0/24, 1 successors, FD is 156160, serno 6

Seems 14 is not enough.

Configuring EIGRP Authentication Lab

1Finish basic ip configuration.

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

4Config EIGRP authentication on R1.

5"Use clear ip route *" command to speed up converge.