Saturday, July 19, 2014

Welcome to Free CCNA and CCNP Tutorials




If you wish to contact me, you will find my email address in the 'About me' section.

IOU Forbidden Fruit
Article about IOU aka IOS on Unix which is Cisco router/switch lightweight emulator.



The below topology will only work with the labs I have been re-writing currently (the ones marked 're-written' in the title).


The new revamped topology I plan to use for all labs looks like shown below.
Pic. 1 - LAN Wiring.
Pic. 2 - WAN Wiring.


Pic. 3 - The Layer 2 Topology Used for All Labs
(based on pic. 1 and pic. 2).


Pic. 4 - The Layer 3 Topology Used for All Labs
(based on pic. 1 and pic. 2).
Pic. 3 and Pic. 4 topology is the result of applying the following configuration in the topology presented in Pic.1 and Pic. 2

Pic.1/2 Configuration (link below)

Disclaimer!
This is a personal weblog. The opinions expressed here represent my own and not those of my employer.  I try to have an open mind you can expect that my opinions may and probably will change in time. You may leave some comments but I reserve the right to ignore them completely. 

The technical content of this blog is a product of weekend/sleepless-and-or-hotel night/after-work technical struggle. Despite all efforts, it may be inaccurate and reflects the author's knowledge as of the time of writing the posts. The author of the posts will not assume any liability or responsibility to any person or entity with respect to loss or damages incurred from information contained in this blog. Any resemblance to some other training materials and/or CCNA/CCNP/CCIE exams is completely coincidental.

© Jaro 2013

Wednesday, February 26, 2014

OSPF NSSA Area LSA7-to-5 Translator Election




Task 1
In the task 3 of the previous lab you configured R3 as the gateway for all inter-area prefixes. Remove this configuration making area 34 NSSA with both R3 and R4 injecting N2 default route.

Task 2
Ensure that R3 is the LSA7-to-5 Translator.

Questions
Try to answer the following questions:
  1. In case there are two or more ABRs connected to the NSSA area, which device translates LSA7 to LSA5 while injecting NSSA external routes into OSPF area 0?
Lab Solution

Solution configuration can be accessed below; solution contains task 1 and task 2 (if you want to save it, click the link, then go to File-->Download):
https://drive.google.com/file/d/0BwE5C95tpjZOSDZzZGV0czdmak0/edit?usp=sharing


Task 1
In the task 3 of the previous you configured R3 as the gateway for all inter-area prefixes. Remove this configuration making area 34 NSSA with both R3 and R4 injecting N2 default route.

R4 Config:
!
router ospf 1
 no area 34 no-summary

 area 34 nssa default-information-originate
!

Note!
Both R3 and R4 have the same 'area 34 nssa default-information-originate' configured in the OSPF router.

Pic. 2 - R3 and R4 Inject N2 Default Route.


Task 2
Ensure that R3 is the LSA7-to-5 Translator.

Note!
In order to see which device is advertising 10.0.7.7/32 prefix, check 'show ip ospf database' on R1. Look at the output below:

Pic. 3 - LSA7-to-LSA5 Current Translator (now change in the config).


R3 Config:

Pic. 4 - R3 Configuration.


Note!
For this change to take effect, clear ip ospf process on R3 as per Pic. 3, but also clear ospf process on R1 before you check the below:

Pic. 5 - LSA7-to-LSA5 Current Translator.



Study Drill

The router with the highest router-id becomes LSA7-to-LSA5 translator. 


Tuesday, February 25, 2014

OSPF Stub Network Traffic Engineering




Task 1
Remove the OSPF configuration done in the previous labs and configure network as per topology diagram (top).

Task 2
Configure mutual redistribution between OSPF and EIGRP domain. Check OSPF routing table on SW1.

Task 3
Configure OSPF area 34 such that R3 becomes the gateway for all Inter-Area prefixes and R4 for all External prefixes. Should R3 go down, R4 should become the gateway of last resort for all prefixes. Do not modify the cost of any links to accomplish the task.

Questions
Try to answer the following questions:
  1. When OSPF is presented with intra-area, external, nssa, inter-area prefixes, what is the order of choosing the best path?
Lab Solution

Solution configuration can be accessed below; solution contains task 1 and task 2 (if you want to save it, click the link, then go to File-->Download):
https://drive.google.com/file/d/0BwE5C95tpjZOdFNVUFdGbTlHaHM/edit?usp=sharing


Task 1
Remove the OSPF configuration done in the previous labs and configure network as per topology diagram (top).

Note!
I do not show how to remove all previous OSPF configuration to reduce the length of the post.

R1 Config:
!
interface Serial0/0
 ip address 172.16.0.1 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-multipoint
 clock rate 2000000
 frame-relay map ip 172.16.0.4 104 broadcast
 frame-relay map ip 172.16.0.3 103 broadcast
 frame-relay map ip 172.16.0.2 102 broadcast
 frame-relay map ip 172.16.0.1 102
 no frame-relay inverse-arp
!
router ospf 1
 log-adjacency-changes
 network 10.0.1.1 0.0.0.0 area 12
 network 172.16.0.1 0.0.0.0 area 0
 network 172.16.12.1 0.0.0.0 area 12
!

R2 Config:
!

router ospf 1

 log-adjacency-changes
 network 10.0.2.2 0.0.0.0 area 12
 network 172.16.12.2 0.0.0.0 area 12
!

R3 Config:
!
interface Serial0/0
 ip address 172.16.0.3 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-multipoint
 clock rate 2000000
 frame-relay map ip 172.16.0.4 301
 frame-relay map ip 172.16.0.3 301
 frame-relay map ip 172.16.0.2 301
 frame-relay map ip 172.16.0.1 301 broadcast
 no frame-relay inverse-arp
!
router ospf 1
 log-adjacency-changes
 area 34 nssa
 network 172.16.0.3 0.0.0.0 area 0
 network 172.16.100.3 0.0.0.0 area 34
!

R4 Config:
!
interface Serial0/0
 ip address 172.16.0.4 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-multipoint
 clock rate 2000000
 frame-relay map ip 172.16.0.4 401
 frame-relay map ip 172.16.0.3 401
 frame-relay map ip 172.16.0.2 401
 frame-relay map ip 172.16.0.1 401 broadcast
 no frame-relay inverse-arp
!
!
router ospf 1
 log-adjacency-changes
 area 34 nssa
 network 172.16.0.4 0.0.0.0 area 0
 network 172.16.100.4 0.0.0.0 area 34
!
router eigrp 1
 network 172.16.45.4 0.0.0.0
 no auto-summary
!

R5 Config:
!
router eigrp 1
 network 10.0.5.5 0.0.0.0
 network 172.16.45.5 0.0.0.0
 no auto-summary
!

SW1 Config:
!
route-map CONNECTED permit 10
 match interface Loopback0
!
router ospf 1
 log-adjacency-changes
 area 34 nssa
 redistribute connected subnets route-map CONNECTED
 network 172.16.100.7 0.0.0.0 area 34
!

Task 2
Configure mutual redistribution between OSPF and EIGRP domain. Check OSPF routing table on SW1.

R4 Config:
!
router ospf 1
 redistribute eigrp 1 subnets
!
router eigrp 1
 redistribute ospf 1 metric 1 1 1 1 1
!
Pic. 2 - OSPF Routing Table on SW1. 


Task 3
Configure OSPF area 34 such that R3 becomes the gateway for all Inter-Area prefixes and R4 for all External prefixes. Should R3 go down, R4 should become the gateway of last resort for all prefixes. Do not modify the cost of any links to accomplish the task.

R3 Config:
!
router ospf 1
 area 34 nssa default-information-originate
!

R4 Config:
!
router ospf 1
 area 34 nssa no-summary
!

Pic. 3 - OSPF Routing Table on SW1 After the Reconfiguration.



Note!
R3 still allows Inter-Area prefixes and for all unknown destination injects default route. R4 Defines the area as Not-So-Totally-Stubby Area which effectively blocks Inter-Area prefixes. For all unknown destination it inject default route. Since R3 provides the longest match for Inter-Area prefixes it becomes the gateway of last resort as long as it is available. R4 injects default route as Inter-Area prefix, whereas R3 as N2 prefix. The reason R4 is selected as preferred default gateway is due to the path selection process in OSPF which follows this sequence:

intra-area > inter-area > external > nssa-external. 


Study Drill

OSPF uses the following sequence to select the best path: intra-area > inter-area > external > nssa-external. Try to shutdown sub-interface f0/1.100. As soon as SW1 realizes that R3 injects N2 default routefor all unknown destinations.



Pic. 4 - R4 F0/1.100 Shutdown.



Wednesday, February 19, 2014

OSPF GRE Tunnel over NSSA/Stub Area





Task 1
Configure OSPF area 58 between R5 and SW2 (Vlan 58). Ensure that Vlan 58 does have connectivity to all prefixes in OSPF domain even if connection between R5 and SW2 failed. You can create two new IP addresses to accomplish the goal.

Questions
Try to answer the following questions:
  1. Can OSPF virtual-link be configured over a transit area that is stub or nssa?
  2. What is another method of extending area 0 if another area is not physically connected to the backbone area?
Lab Solution

Solution configuration can be accessed below; solution contains task 1 and task 2 (if you want to save it, click the link, then go to File-->Download):
https://drive.google.com/file/d/0BwE5C95tpjZOaGg4WE8yR3RNcWs/edit?usp=sharing


Task 1
Configure OSPF area 58 between R5 and SW2 (Vlan 58). Ensure that Vlan 58 does have connectivity to all prefixes in OSPF domain even if connection between R5 and SW2 failed. You can create two new IP addresses to accomplish the goal.

Note!
As per lab stipulation, area 58 must be also linked through area 28 to the backbone area to provide connectivity in case of R5 to SW2 link failure. However, area 28 is nssa and virtual-link cannot be used to make SW2 an ABR, GRE tunnel must be used instead.

R2 Config:
!
interface tunnel0
 ip address 192.168.28.2 255.255.255.0
 tunnel source f0/1
 tunnel destination 172.16.28.8
!
router ospf 1
 network 192.168.28.2 0.0.0.0 area 0
!

SW2 Config:
!
interface tunnel0
 ip address 192.168.28.8 255.255.255.0
 tunnel source vlan 28
 tunnel destination 172.16.28.2
!
router ospf 1
 network 192.168.28.8 0.0.0.0 area 0
 network 172.16.58.8 0.0.0.0 area 58
!

R5 Config:
!
router ospf 1
 log-adjacency-changes
 area 45 virtual-link 10.0.4.4
 area 59 virtual-link 10.0.9.9
 network 172.16.45.5 0.0.0.0 area 45
 network 172.16.58.5 0.0.0.0 area 58
 network 172.16.59.5 0.0.0.0 area 59
!

Pic. 2 - Status of GRE Tunnel.


Pic. 3 - Vlan 58 Availability.


Shut down interface Fas0/0 on R5. The ping test from R6 is still successful!

Study Drill

OSPF virtual-link cannot cross any transit area that is stub or nssa. An alternative solution is to use GRE tunnel.


Tuesday, February 18, 2014

OSPF Not-So-Totally-Stubby Area





Task 1
Change OSPF area 28 in such a way, that it does not allow external (E2) and inter-area (IA) prefixes. It must still allow redistributed prefixes on SW2 configured in previous lab. Routers in area 28 (SW2) should have connectivity to all advertised subnets.

Questions
Try to answer the following questions:
  1. In No-So-Totally-Stubby Area, what does ABR do by default which ABR in NSSA does not?
Lab Solution

Solution configuration can be accessed below; solution contains task 1 and task 2 (if you want to save it, click the link, then go to File-->Download):
https://drive.google.com/file/d/0BwE5C95tpjZOM0stVzEwcjdHNlU/edit?usp=sharing

Task 1
Change OSPF area 28 in such a way, that it does not allow external(E2) and inter-area (IA) prefixes. It must still allow redistributed prefixes on SW2 configured in previous lab. Routers in area 28 (SW2) should have connectivity to all advertised subnets.

Pic. 2 - SW2 Routing Table with NSSA Configuration (previous lab).


R2 Config:
!
router ospf 1
 no area 28 nssa
 area 28 nssa no-summary
!

Pic. 3 - SW2 Routing Table with Not-So-Totally-Stubby Area.


Default route automatically advertised by ABR (R2) allows connectivity to all other ospf prefixes. 

Study Drill

By default ABR router in Not-So-Totally-Stubby Area will inject the default route as the substitute for prefixes filtered out. This is not going to happen if ABR is connected to NSSA area. In such case, ABR must have explicit injection of the default route like shown in the previous lab.


Monday, February 17, 2014

OSPF NSSA Filtering





Task 1
On SW2 create two loopbacks and configure IP addresses as shown below.
  • Loopback1: 192.168.8.8/24
  • Loopback2: 192.168.88.8/24
Configure OSPF area 28 in such a way, that R2 does not allow external prefixes but allows SW2 redistribute two new loopbacks into OSPF as external LSAs (SW2 is becoming ASBR). Ensure that routers in area 28 do have connectivity to all external prefixes already advertised.

Questions
Try to answer the following questions:
  1. What kind of solution can solve the problem?
  2. What is a potential pitfall using this solution?
Lab Solution

Solution configuration can be accessed below; solution contains task 1 and task 2 (if you want to save it, click the link, then go to File-->Download):
https://drive.google.com/file/d/0BwE5C95tpjZOd29BZ3hqZVVSM28/edit?usp=sharing

Task 1
On SW2 create two loopbacks and configure IP addresses as shown below.
  • Loopback1: 192.168.8.8/24
  • Loopback2: 192.168.88.8/24
Configure OSPF area 28 in such a way, that R2 does not allow external prefixes but allows SW2 redistribute two new loopbacks into OSPF as external LSAs (SW2 is becoming ASBR). Ensure that routers in area 28 do have connectivity to all external prefixes already advertised.

SW2 Configuration:
!
interface Loopback1
 ip address 192.168.8.8 255.255.255.0
!
interface Loopback2
 ip address 192.168.88.8 255.255.255.0
!
!
route-map CONN_TO_OSPF permit 10
 match interface loopback1 loopback2
!
router ospf 1
 no area 28 stub
 area 28 nssa
  redistribute connected subnets route-map CONN_TO_OSPF
!

In order to match the area a quick jump to R2.

R2 Config:
!
router ospf 1
 no area 28 stub
 area 28 nssa default-information-originate
!

Note!
R2 is ABR in area 28. While configuring NSSA area, ABR does NOT inject the default route by default. This way, all routers in area 28 (SW2) would not be able to reach other prefixes that area external ones redistributed in OSPF domain outside area 28. Thus, the area 28 nssa default-information-originate command on R2.

Pic. 2 - LSA Type 7 on SW2 (NSSA).


Pic. 3 - SW2 NSSA 7 Converted to LSA5 in Area 0.



Study Drill

OSPF Not-So-Stubby Area allows filtering LSA 5 but allows a presence of ASBR. The difference is that ASBR introduces external prefixes as LSA 7 (NSSA). ABR converts them into LSA 5 while introducing them into area 0.


Friday, February 14, 2014

OSPF Totally Stubby Area Filtering





Note!
Since in our previous lab we have configured new loopbacks, R1 changes its ospf router id to the highest IP address of the loopback interface (192.168.1.49) after reload. This will affect the virtual-link created between R1 and R3. In order to correct that, we must change ospf router id on R1 manually so that it matches the VL configuration on R3. Here's quick config you should apply:

R1 Config:
!
router ospf 1
 router-id 10.0.1.1
!
And then, the 'clear ip ospf process' for this change to take effect. Do clear the ospf on both R1 and R3.

Task 1
Extend OSPF area 0 to include R6 to SW4 connection. Advertise loopback0 of SW4 into area 100 (as per pic.1 above).

Task 2
Reduce the size of the routing table in OSPF area 100 so that external and inter-area prefixes are represented by default route. Do not use any filtering tool such as ACL, prefix-list, etc. Use Cisco proprietary feature to accomplish the task.

Questions
Try to answer the following questions:
  1. What is the difference between this solution and the one used in the previous lab?
  2. Do all routers have to be Cisco devices to solve the problem presented in this lab?
Lab Solution

Solution configuration can be accessed below; solution contains task 1 and task 2 (if you want to save it, click the link, then go to File-->Download):
https://drive.google.com/file/d/0BwE5C95tpjZOdHBmTHRkc01lZG8/edit?usp=sharing

Task 1
Extend OSPF area 0 to include R6 to SW4 connection. Advertise loopback0 of SW4 into area 100 (as per pic.1 above).

R6 Config:
!
router ospf 1
 network 172.16.106.6 0.0.0.0 area 100
!

NOTE!
This lab runs on GNS3 emulator. In case you use real layer3 switch, you should start with enabling routing for IPv4 first ('ip routing' command in the global config mode).

SW4 Config:
!
router ospf 1
 network 10.0.10.10 0.0.0.0 area 100
 network 172.16.106.10 0.0.0.0 area 100
!

Pic. 2 - R6 Current OSPF Neighbors.



Pic. 3 - SW4 OSPF Routing Table.


Note!
All routers in OSPF area 100 accept all types of LSA right now.

Task 2
Reduce the size of the routing table in OSPF area 100 so that external and inter-area prefixes are represented by default route. Do not use any filtering tool such as ACL, prefix-list, etc. Use Cisco proprietary feature to accomplish the task.

R3 and R4 Config:
!
router ospf 1
 area 100 stub no-summary
!

R6, SW1, and SW4 Config:
!
router ospf 1
 area 100 stub
!

Pic. 4 - SW4 Routing Table and Connectivity.


Study Drill

Cisco implemented additional ABR filtering in IOS called totally stubby area. This feature allows to reduce the size of the routing table by filtering external (just like in stub area) as well as inter-area prefixes. An ABR is injecting the default route instead to allow connectivity to filtered prefixes. Totally stubby area is a Cisco feature, so ABR routers must be Cisco devices to use it. The routers within the totally stubby area do not have to be Cisco devices.